Skip to content

Commit 326914b

Browse files
author
royb
committed
Fixed SLH-DSA optRand not being populated by randomness
1 parent a4f40dc commit 326914b

File tree

3 files changed

+37
-20
lines changed

3 files changed

+37
-20
lines changed

core/src/main/java/org/bouncycastle/pqc/crypto/slhdsa/HashSLHDSASigner.java

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -124,6 +124,14 @@ public byte[] generateSignature() throws CryptoException, DataLengthException
124124

125125
// generate randomizer
126126
byte[] optRand = new byte[engine.N];
127+
if (random != null)
128+
{
129+
random.nextBytes(optRand);
130+
}
131+
else
132+
{
133+
System.arraycopy(privKey.pk.seed, 0, optRand, 0, optRand.length);
134+
}
127135
return internalGenerateSignature(ds_message, optRand);
128136
}
129137

@@ -154,12 +162,6 @@ public byte[] internalGenerateSignature(byte[] message, byte[] optRand)
154162
SLHDSAEngine engine = privKey.getParameters().getEngine();
155163
engine.init(privKey.pk.seed);
156164

157-
if (optRand == null)
158-
{
159-
optRand = new byte[engine.N];
160-
System.arraycopy(privKey.pk.seed, 0, optRand, 0, optRand.length);
161-
}
162-
163165
Fors fors = new Fors(engine);
164166
byte[] R = engine.PRF_msg(privKey.sk.prf, optRand, message);
165167

core/src/main/java/org/bouncycastle/pqc/crypto/slhdsa/SLHDSASigner.java

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,15 @@ public byte[] generateSignature(byte[] message)
9595

9696
// generate randomizer
9797
byte[] optRand = new byte[engine.N];
98+
if (random != null)
99+
{
100+
random.nextBytes(optRand);
101+
}
102+
else
103+
{
104+
System.arraycopy(privKey.pk.seed, 0, optRand, 0, optRand.length);
105+
}
106+
98107
return internalGenerateSignature(ds_message, optRand);
99108
}
100109

@@ -159,12 +168,6 @@ public byte[] internalGenerateSignature(byte[] message, byte[] optRand)
159168
SLHDSAEngine engine = privKey.getParameters().getEngine();
160169
engine.init(privKey.pk.seed);
161170

162-
if (optRand == null)
163-
{
164-
optRand = new byte[engine.N];
165-
System.arraycopy(privKey.pk.seed, 0, optRand, 0, optRand.length);
166-
}
167-
168171
Fors fors = new Fors(engine);
169172
byte[] R = engine.PRF_msg(privKey.sk.prf, optRand, message);
170173

core/src/test/java/org/bouncycastle/pqc/crypto/test/SLHDSATest.java

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -146,15 +146,20 @@ public void testSigGenSingleFile() throws IOException
146146
byte[] signature = Hex.decode((String) buf.get("signature"));
147147
byte[] rnd = null;
148148

149-
if (!deterministic)
150-
{
151-
rnd = Hex.decode((String) buf.get("additionalRandomness"));
152-
}
153149

154150
SLHDSAParameters parameters = parametersMap.get(buf.get("parameterSet"));
155151

156152
SLHDSAPrivateKeyParameters privParams = new SLHDSAPrivateKeyParameters(parameters, sk);
157153

154+
if (!deterministic)
155+
{
156+
rnd = Hex.decode((String) buf.get("additionalRandomness"));
157+
}
158+
else
159+
{
160+
rnd = privParams.getPublicSeed();
161+
}
162+
158163
// sign
159164
SLHDSASigner signer = new SLHDSASigner();
160165

@@ -368,15 +373,22 @@ public void testSigGen() throws IOException
368373
byte[] signature = Hex.decode((String) buf.get("signature"));
369374
byte[] rnd = null;
370375

371-
if (!deterministic)
372-
{
373-
rnd = Hex.decode((String) buf.get("additionalRandomness"));
374-
}
376+
375377

376378
SLHDSAParameters parameters = params[fileIndex];
377379

378380
SLHDSAPrivateKeyParameters privParams = new SLHDSAPrivateKeyParameters(parameters, sk);
379381

382+
383+
if (!deterministic)
384+
{
385+
rnd = Hex.decode((String) buf.get("additionalRandomness"));
386+
}
387+
else
388+
{
389+
rnd = privParams.getPublicSeed();
390+
}
391+
380392
// sign
381393
SLHDSASigner signer = new SLHDSASigner();
382394

0 commit comments

Comments
 (0)