Refactor on XoodyakEngine and XoodyakDigest, refactor on ISAPDigest

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/digests/ISAPDigest.java

@@ -62,22 +62,19 @@ protected void processBytes(byte[] input, int inOff)
     protected void finish(byte[] output, int outOff)
     {
         /* absorb final input block */
-        int idx;
         p.x0 ^= 0x80L << ((7 - m_bufPos) << 3);
         while (m_bufPos > 0)
         {
             p.x0 ^= (m_buf[--m_bufPos] & 0xFFL) << ((7 - m_bufPos) << 3);
         }
-        p.p(12);
         // squeeze
         long[] out64 = new long[4];
-        for (idx = 0; idx < 3; ++idx)
+        for (int i = 0; i < 4; ++i)
         {
-            out64[idx] = U64BIG(p.x0);
             p.p(12);
+            out64[i] = U64BIG(p.x0);
         }
         /* squeeze final output block */
-        out64[idx] = U64BIG(p.x0);
         Pack.longToLittleEndian(out64, output, outOff);
     }
 

core/src/main/java/org/bouncycastle/crypto/digests/RomulusDigest.java

@@ -21,8 +21,8 @@ private Friend()
         }
     }
 
-    byte[] h = new byte[16];
-    byte[] g = new byte[16];
+    private final byte[] h = new byte[16];
+    private final byte[] g = new byte[16];
     /*
      * This file includes only the encryption function of SKINNY-128-384+ as required by Romulus-v1.3
      */

core/src/main/java/org/bouncycastle/crypto/digests/XoodyakDigest.java

@@ -1,8 +1,7 @@
 package org.bouncycastle.crypto.digests;
 
+import org.bouncycastle.crypto.engines.XoodyakEngine;
 import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Integers;
-import org.bouncycastle.util.Pack;
 
 /**
  * Xoodyak v1, https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/xoodyak-spec-final.pdf
@@ -14,20 +13,21 @@
 public class XoodyakDigest
     extends BufferBaseDigest
 {
+    public static class Friend
+    {
+        private static final Friend INSTANCE = new Friend();
+
+        private Friend()
+        {
+        }
+    }
+
     private final byte[] state;
     private int phase;
-    private MODE mode;
-    private final int f_bPrime = 48;
-    private final int PhaseUp = 2;
+    private static final int mode = 1; // set as ModeHash
+    private static final int PhaseUp = 2;
+    private static final int TAGLEN = 16;
     private int Cd;
-    private final int[] RC = {0x00000058, 0x00000038, 0x000003C0, 0x000000D0, 0x00000120, 0x00000014, 0x00000060,
-        0x0000002C, 0x00000380, 0x000000F0, 0x000001A0, 0x00000012};
-
-    enum MODE
-    {
-        ModeHash,
-        ModeKeyed
-    }
 
     public XoodyakDigest()
     {
@@ -43,9 +43,9 @@ protected void processBytes(byte[] input, int inOff)
     {
         if (phase != PhaseUp)
         {
-            Up(null, 0, 0, 0);
+            phase = XoodyakEngine.up(Friend.INSTANCE, mode, state, null, 0, 0, 0);
         }
-        Down(input, inOff, BlockSize, Cd);
+        phase = XoodyakEngine.down(Friend.INSTANCE, mode, state, input, inOff, BlockSize, Cd);
         Cd = 0;
     }
 
@@ -56,14 +56,13 @@ protected void finish(byte[] output, int outOff)
         {
             if (phase != PhaseUp)
             {
-                Up(null, 0, 0, 0);
+                phase = XoodyakEngine.up(Friend.INSTANCE, mode, state, null, 0, 0, 0);
             }
-            Down(m_buf, 0, m_bufPos, Cd);
+            phase = XoodyakEngine.down(Friend.INSTANCE, mode, state, m_buf, 0, m_bufPos, Cd);
         }
-        int TAGLEN = 16;
-        Up(output, outOff, TAGLEN, 0x40);
-        Down(null, 0, 0, 0);
-        Up(output, outOff + TAGLEN, TAGLEN, 0);
+        phase = XoodyakEngine.up(Friend.INSTANCE, mode, state, output, outOff, TAGLEN, 0x40);
+        phase = XoodyakEngine.down(Friend.INSTANCE, mode, state, null, 0, 0, 0);
+        phase = XoodyakEngine.up(Friend.INSTANCE, mode, state, output, outOff + TAGLEN, TAGLEN, 0);
     }
 
     @Override
@@ -72,135 +71,6 @@ public void reset()
         super.reset();
         Arrays.fill(state, (byte)0);
         phase = PhaseUp;
-        mode = MODE.ModeHash;
         Cd = 0x03;
     }
-
-    private void Up(byte[] Yi, int YiOff, int YiLen, int Cu)
-    {
-        if (mode != MODE.ModeHash)
-        {
-            state[f_bPrime - 1] ^= Cu;
-        }
-
-        int a0 = Pack.littleEndianToInt(state, 0);
-        int a1 = Pack.littleEndianToInt(state, 4);
-        int a2 = Pack.littleEndianToInt(state, 8);
-        int a3 = Pack.littleEndianToInt(state, 12);
-        int a4 = Pack.littleEndianToInt(state, 16);
-        int a5 = Pack.littleEndianToInt(state, 20);
-        int a6 = Pack.littleEndianToInt(state, 24);
-        int a7 = Pack.littleEndianToInt(state, 28);
-        int a8 = Pack.littleEndianToInt(state, 32);
-        int a9 = Pack.littleEndianToInt(state, 36);
-        int a10 = Pack.littleEndianToInt(state, 40);
-        int a11 = Pack.littleEndianToInt(state, 44);
-
-        int MAXROUNDS = 12;
-        for (int i = 0; i < MAXROUNDS; ++i)
-        {
-            /* Theta: Column Parity Mixer */
-            int p0 = a0 ^ a4 ^ a8;
-            int p1 = a1 ^ a5 ^ a9;
-            int p2 = a2 ^ a6 ^ a10;
-            int p3 = a3 ^ a7 ^ a11;
-
-            int e0 = Integers.rotateLeft(p3, 5) ^ Integers.rotateLeft(p3, 14);
-            int e1 = Integers.rotateLeft(p0, 5) ^ Integers.rotateLeft(p0, 14);
-            int e2 = Integers.rotateLeft(p1, 5) ^ Integers.rotateLeft(p1, 14);
-            int e3 = Integers.rotateLeft(p2, 5) ^ Integers.rotateLeft(p2, 14);
-
-            a0 ^= e0;
-            a4 ^= e0;
-            a8 ^= e0;
-
-            a1 ^= e1;
-            a5 ^= e1;
-            a9 ^= e1;
-
-            a2 ^= e2;
-            a6 ^= e2;
-            a10 ^= e2;
-
-            a3 ^= e3;
-            a7 ^= e3;
-            a11 ^= e3;
-
-            /* Rho-west: plane shift */
-            int b0 = a0;
-            int b1 = a1;
-            int b2 = a2;
-            int b3 = a3;
-
-            int b4 = a7;
-            int b5 = a4;
-            int b6 = a5;
-            int b7 = a6;
-
-            int b8 = Integers.rotateLeft(a8, 11);
-            int b9 = Integers.rotateLeft(a9, 11);
-            int b10 = Integers.rotateLeft(a10, 11);
-            int b11 = Integers.rotateLeft(a11, 11);
-
-            /* Iota: round ant */
-            b0 ^= RC[i];
-
-            /* Chi: non linear layer */
-            a0 = b0 ^ (~b4 & b8);
-            a1 = b1 ^ (~b5 & b9);
-            a2 = b2 ^ (~b6 & b10);
-            a3 = b3 ^ (~b7 & b11);
-
-            a4 = b4 ^ (~b8 & b0);
-            a5 = b5 ^ (~b9 & b1);
-            a6 = b6 ^ (~b10 & b2);
-            a7 = b7 ^ (~b11 & b3);
-
-            b8 ^= (~b0 & b4);
-            b9 ^= (~b1 & b5);
-            b10 ^= (~b2 & b6);
-            b11 ^= (~b3 & b7);
-
-            /* Rho-east: plane shift */
-            a4 = Integers.rotateLeft(a4, 1);
-            a5 = Integers.rotateLeft(a5, 1);
-            a6 = Integers.rotateLeft(a6, 1);
-            a7 = Integers.rotateLeft(a7, 1);
-
-            a8 = Integers.rotateLeft(b10, 8);
-            a9 = Integers.rotateLeft(b11, 8);
-            a10 = Integers.rotateLeft(b8, 8);
-            a11 = Integers.rotateLeft(b9, 8);
-        }
-
-        Pack.intToLittleEndian(a0, state, 0);
-        Pack.intToLittleEndian(a1, state, 4);
-        Pack.intToLittleEndian(a2, state, 8);
-        Pack.intToLittleEndian(a3, state, 12);
-        Pack.intToLittleEndian(a4, state, 16);
-        Pack.intToLittleEndian(a5, state, 20);
-        Pack.intToLittleEndian(a6, state, 24);
-        Pack.intToLittleEndian(a7, state, 28);
-        Pack.intToLittleEndian(a8, state, 32);
-        Pack.intToLittleEndian(a9, state, 36);
-        Pack.intToLittleEndian(a10, state, 40);
-        Pack.intToLittleEndian(a11, state, 44);
-
-        phase = PhaseUp;
-        if (Yi != null)
-        {
-            System.arraycopy(state, 0, Yi, YiOff, YiLen);
-        }
-    }
-
-    void Down(byte[] Xi, int XiOff, int XiLen, int Cd)
-    {
-        for (int i = 0; i < XiLen; i++)
-        {
-            state[i] ^= Xi[XiOff++];
-        }
-        state[XiLen] ^= 0x01;
-        state[f_bPrime - 1] ^= (mode == MODE.ModeHash) ? (Cd & 0x01) : Cd;
-        phase = 1;
-    }
 }

core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java

@@ -739,7 +739,6 @@ protected void init(byte[] key, byte[] iv)
     {
         npub = iv;
         k = key;
-        m_buf = new byte[BlockSize + (forEncryption ? 0 : MAC_SIZE)];
         ISAPAEAD.init();
         m_state = forEncryption ? State.EncInit : State.DecInit;
         reset();

core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java

@@ -88,7 +88,6 @@ protected void init(byte[] key, byte[] iv)
         N = iv;
         state = new byte[STATE_INBYTES];
         state_2d = new byte[D][D];
-        mac = new byte[MAC_SIZE];
         m_state = forEncryption ? State.EncInit : State.DecInit;
         reset(false);
     }