SLH-DSA: Update method name to match spec

Author: peterdettman

core/src/main/java/org/bouncycastle/pqc/crypto/slhdsa/ADRS.java

@@ -75,7 +75,7 @@ public int getTreeIndex()
     }
 
     // resets part of value to zero in line with 2.7.3
-    public void setType(int type)
+    public void setTypeAndClear(int type)
     {
         Pack.intToBigEndian(type, value, OFFSET_TYPE);
 

core/src/main/java/org/bouncycastle/pqc/crypto/slhdsa/Fors.java

@@ -29,7 +29,7 @@ byte[] treehash(byte[] skSeed, int s, int z, byte[] pkSeed, ADRS adrsParam)
 
         for (int idx = 0; idx < (1 << z); idx++)
         {
-            adrs.setType(ADRS.FORS_PRF);
+            adrs.setTypeAndClear(ADRS.FORS_PRF);
             adrs.setKeyPairAddress(adrsParam.getKeyPairAddress());
             adrs.setTreeHeight(0);
             adrs.setTreeIndex(s + idx);
@@ -74,7 +74,7 @@ public SIG_FORS[] sign(byte[] md, byte[] skSeed, byte[] pkSeed, ADRS paramAdrs)
 // get next index
             int idx = idxs[i];
 // pick private key element
-            adrs.setType(ADRS.FORS_PRF);
+            adrs.setTypeAndClear(ADRS.FORS_PRF);
             adrs.setKeyPairAddress(paramAdrs.getKeyPairAddress());
             adrs.setTreeHeight(0);
             adrs.setTreeIndex(i * t + idx);
@@ -135,7 +135,7 @@ public byte[] pkFromSig(SIG_FORS[] sig_fors, byte[] message, byte[] pkSeed, ADRS
             root[i] = node[0];
         }
         ADRS forspkADRS = new ADRS(adrs); // copy address to create FTS public key address
-        forspkADRS.setType(ADRS.FORS_PK);
+        forspkADRS.setTypeAndClear(ADRS.FORS_PK);
         forspkADRS.setKeyPairAddress(adrs.getKeyPairAddress());
         return engine.T_l(pkSeed, forspkADRS, Arrays.concatenate(root));
     }

core/src/main/java/org/bouncycastle/pqc/crypto/slhdsa/HT.java

@@ -87,7 +87,7 @@ byte[] xmss_pkFromSig(int idx, SIG_XMSS sig_xmss, byte[] M, byte[] pkSeed, ADRS
         ADRS adrs = new ADRS(paramAdrs);
 
         // compute WOTS+ pk from WOTS+ sig
-        adrs.setType(ADRS.WOTS_HASH);
+        adrs.setTypeAndClear(ADRS.WOTS_HASH);
         adrs.setKeyPairAddress(idx);
         byte[] sig = sig_xmss.getWOTSSig();
         byte[][] AUTH = sig_xmss.getXMSSAUTH();
@@ -96,7 +96,7 @@ byte[] xmss_pkFromSig(int idx, SIG_XMSS sig_xmss, byte[] M, byte[] pkSeed, ADRS
         byte[] node1 = null;
 
         // compute root from WOTS+ pk and AUTH
-        adrs.setType(ADRS.TREE);
+        adrs.setTypeAndClear(ADRS.TREE);
         adrs.setTreeIndex(idx);
         for (int k = 0; k < engine.H_PRIME; k++)
         {
@@ -125,7 +125,7 @@ SIG_XMSS xmss_sign(byte[] M, byte[] skSeed, int idx, byte[] pkSeed, ADRS paramAd
 
         ADRS adrs = new ADRS(paramAdrs);
 
-        adrs.setType(ADRS.TREE);
+        adrs.setTypeAndClear(ADRS.TREE);
         adrs.setLayerAddress(paramAdrs.getLayerAddress());
         adrs.setTreeAddress(paramAdrs.getTreeAddress());
 
@@ -136,7 +136,7 @@ SIG_XMSS xmss_sign(byte[] M, byte[] skSeed, int idx, byte[] pkSeed, ADRS paramAd
             AUTH[j] = treehash(skSeed, k << j, j, pkSeed, adrs);
         }
         adrs = new ADRS(paramAdrs);
-        adrs.setType(ADRS.WOTS_HASH);
+        adrs.setTypeAndClear(ADRS.WOTS_HASH);
         adrs.setKeyPairAddress(idx);
 
         byte[] sig = wots.sign(M, skSeed, pkSeed, adrs);
@@ -161,11 +161,11 @@ byte[] treehash(byte[] skSeed, int s, int z, byte[] pkSeed, ADRS adrsParam)
 
         for (int idx = 0; idx < (1 << z); idx++)
         {
-            adrs.setType(ADRS.WOTS_HASH);
+            adrs.setTypeAndClear(ADRS.WOTS_HASH);
             adrs.setKeyPairAddress(s + idx);
             byte[] node = wots.pkGen(skSeed, pkSeed, adrs);
 
-            adrs.setType(ADRS.TREE);
+            adrs.setTypeAndClear(ADRS.TREE);
             adrs.setTreeHeight(1);
             adrs.setTreeIndex(s + idx);
 

core/src/main/java/org/bouncycastle/pqc/crypto/slhdsa/HashSLHDSASigner.java

@@ -169,20 +169,20 @@ public byte[] internalGenerateSignature(byte[] message, byte[] optRand)
         int idx_leaf = idxDigest.idx_leaf;
         // FORS sign
         ADRS adrs = new ADRS();
-        adrs.setType(ADRS.FORS_TREE);
+        adrs.setTypeAndClear(ADRS.FORS_TREE);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
         SIG_FORS[] sig_fors = fors.sign(mHash, privKey.sk.seed, privKey.pk.seed, adrs);
         // get FORS public key - spec shows M?
         adrs = new ADRS();
-        adrs.setType(ADRS.FORS_TREE);
+        adrs.setTypeAndClear(ADRS.FORS_TREE);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
         byte[] PK_FORS = fors.pkFromSig(sig_fors, mHash, privKey.pk.seed, adrs);
 
         // sign FORS public key with HT
         ADRS treeAdrs = new ADRS();
-        treeAdrs.setType(ADRS.TREE);
+        treeAdrs.setTypeAndClear(ADRS.TREE);
 
         HT ht = new HT(engine, privKey.getSeed(), privKey.getPublicSeed());
         byte[] SIG_HT = ht.sign(PK_FORS, idx_tree, idx_leaf);
@@ -229,13 +229,13 @@ public boolean internalVerifySignature(byte[] message, byte[] signature)
         int idx_leaf = idxDigest.idx_leaf;
 
         // compute FORS public key
-        adrs.setType(ADRS.FORS_TREE);
+        adrs.setTypeAndClear(ADRS.FORS_TREE);
         adrs.setLayerAddress(0);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
         byte[] PK_FORS = new Fors(engine).pkFromSig(sig_fors, mHash, pubKey.getSeed(), adrs);
         // verify HT signature
-        adrs.setType(ADRS.TREE);
+        adrs.setTypeAndClear(ADRS.TREE);
         adrs.setLayerAddress(0);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);

core/src/main/java/org/bouncycastle/pqc/crypto/slhdsa/SLHDSASigner.java

@@ -140,13 +140,13 @@ public boolean internalVerifySignature(byte[] message, byte[] signature)
         int idx_leaf = idxDigest.idx_leaf;
 
         // compute FORS public key
-        adrs.setType(ADRS.FORS_TREE);
+        adrs.setTypeAndClear(ADRS.FORS_TREE);
         adrs.setLayerAddress(0);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
         byte[] PK_FORS = new Fors(engine).pkFromSig(sig_fors, mHash, pubKey.getSeed(), adrs);
         // verify HT signature
-        adrs.setType(ADRS.TREE);
+        adrs.setTypeAndClear(ADRS.TREE);
         adrs.setLayerAddress(0);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
@@ -174,20 +174,20 @@ public byte[] internalGenerateSignature(byte[] message, byte[] optRand)
         int idx_leaf = idxDigest.idx_leaf;
         // FORS sign
         ADRS adrs = new ADRS();
-        adrs.setType(ADRS.FORS_TREE);
+        adrs.setTypeAndClear(ADRS.FORS_TREE);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
         SIG_FORS[] sig_fors = fors.sign(mHash, privKey.sk.seed, privKey.pk.seed, adrs);
         // get FORS public key - spec shows M?
         adrs = new ADRS();
-        adrs.setType(ADRS.FORS_TREE);
+        adrs.setTypeAndClear(ADRS.FORS_TREE);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
         byte[] PK_FORS = fors.pkFromSig(sig_fors, mHash, privKey.pk.seed, adrs);
 
         // sign FORS public key with HT
         ADRS treeAdrs = new ADRS();
-        treeAdrs.setType(ADRS.TREE);
+        treeAdrs.setTypeAndClear(ADRS.TREE);
 
         HT ht = new HT(engine, privKey.getSeed(), privKey.getPublicSeed());
         byte[] SIG_HT = ht.sign(PK_FORS, idx_tree, idx_leaf);

core/src/main/java/org/bouncycastle/pqc/crypto/slhdsa/WotsPlus.java

@@ -22,21 +22,21 @@ byte[] pkGen(byte[] skSeed, byte[] pkSeed, ADRS paramAdrs)
         for (int i = 0; i < engine.WOTS_LEN; i++)
         {
             ADRS adrs = new ADRS(paramAdrs);
-            adrs.setType(ADRS.WOTS_PRF);
+            adrs.setTypeAndClear(ADRS.WOTS_PRF);
             adrs.setKeyPairAddress(paramAdrs.getKeyPairAddress());
             adrs.setChainAddress(i);
             adrs.setHashAddress(0);
 
             byte[] sk = engine.PRF(pkSeed, skSeed, adrs);
 
-            adrs.setType(ADRS.WOTS_HASH);
+            adrs.setTypeAndClear(ADRS.WOTS_HASH);
             adrs.setKeyPairAddress(paramAdrs.getKeyPairAddress());
             adrs.setChainAddress(i);
             adrs.setHashAddress(0);
             tmp[i] = chain(sk, 0, w - 1, pkSeed, adrs);
         }
 
-        wotspkADRS.setType(ADRS.WOTS_PK);
+        wotspkADRS.setTypeAndClear(ADRS.WOTS_PK);
         wotspkADRS.setKeyPairAddress(paramAdrs.getKeyPairAddress());
 
         return engine.T_l(pkSeed, wotspkADRS, Arrays.concatenate(tmp));
@@ -93,12 +93,12 @@ public byte[] sign(byte[] M, byte[] skSeed, byte[] pkSeed, ADRS paramAdrs)
         byte[][] sig = new byte[engine.WOTS_LEN][];
         for (int i = 0; i < engine.WOTS_LEN; i++)
         {
-            adrs.setType(ADRS.WOTS_PRF);
+            adrs.setTypeAndClear(ADRS.WOTS_PRF);
             adrs.setKeyPairAddress(paramAdrs.getKeyPairAddress());
             adrs.setChainAddress(i);
             adrs.setHashAddress(0);
             byte[] sk = engine.PRF(pkSeed, skSeed, adrs);
-            adrs.setType(ADRS.WOTS_HASH);
+            adrs.setTypeAndClear(ADRS.WOTS_HASH);
             adrs.setKeyPairAddress(paramAdrs.getKeyPairAddress());
             adrs.setChainAddress(i);
             adrs.setHashAddress(0);
@@ -158,7 +158,7 @@ public byte[] pkFromSig(byte[] sig, byte[] M, byte[] pkSeed, ADRS adrs)
             tmp[i] = chain(sigI, msg[i], w - 1 - msg[i], pkSeed, adrs);
         }
 
-        wotspkADRS.setType(ADRS.WOTS_PK);
+        wotspkADRS.setTypeAndClear(ADRS.WOTS_PK);
         wotspkADRS.setKeyPairAddress(adrs.getKeyPairAddress());
 
         return engine.T_l(pkSeed, wotspkADRS, Arrays.concatenate(tmp));

core/src/main/java/org/bouncycastle/pqc/crypto/sphincsplus/ADRS.java

@@ -75,7 +75,7 @@ public int getTreeIndex()
     }
 
     // resets part of value to zero in line with 2.7.3
-    public void setType(int type)
+    public void setTypeAndClear(int type)
     {
         Pack.intToBigEndian(type, value, OFFSET_TYPE);
 

core/src/main/java/org/bouncycastle/pqc/crypto/sphincsplus/Fors.java

@@ -28,7 +28,7 @@ byte[] treehash(byte[] skSeed, int s, int z, byte[] pkSeed, ADRS adrsParam)
 
         for (int idx = 0; idx < (1 << z); idx++)
         {
-            adrs.setType(ADRS.FORS_PRF);
+            adrs.setTypeAndClear(ADRS.FORS_PRF);
             adrs.setKeyPairAddress(adrsParam.getKeyPairAddress());
             adrs.setTreeHeight(0);
             adrs.setTreeIndex(s + idx);
@@ -72,7 +72,7 @@ public SIG_FORS[] sign(byte[] md, byte[] skSeed, byte[] pkSeed, ADRS paramAdrs)
 // get next index
             int idx = idxs[i];
 // pick private key element
-            adrs.setType(ADRS.FORS_PRF);
+            adrs.setTypeAndClear(ADRS.FORS_PRF);
             adrs.setKeyPairAddress(paramAdrs.getKeyPairAddress());
             adrs.setTreeHeight(0);
             adrs.setTreeIndex(i * t + idx);
@@ -132,7 +132,7 @@ public byte[] pkFromSig(SIG_FORS[] sig_fors, byte[] message, byte[] pkSeed, ADRS
             root[i] = node[0];
         }
         ADRS forspkADRS = new ADRS(adrs); // copy address to create FTS public key address
-        forspkADRS.setType(ADRS.FORS_PK);
+        forspkADRS.setTypeAndClear(ADRS.FORS_PK);
         forspkADRS.setKeyPairAddress(adrs.getKeyPairAddress());
         return engine.T_l(pkSeed, forspkADRS, Arrays.concatenate(root));
     }

core/src/main/java/org/bouncycastle/pqc/crypto/sphincsplus/HT.java

@@ -87,7 +87,7 @@ byte[] xmss_pkFromSig(int idx, SIG_XMSS sig_xmss, byte[] M, byte[] pkSeed, ADRS
         ADRS adrs = new ADRS(paramAdrs);
 
         // compute WOTS+ pk from WOTS+ sig
-        adrs.setType(ADRS.WOTS_HASH);
+        adrs.setTypeAndClear(ADRS.WOTS_HASH);
         adrs.setKeyPairAddress(idx);
         byte[] sig = sig_xmss.getWOTSSig();
         byte[][] AUTH = sig_xmss.getXMSSAUTH();
@@ -96,7 +96,7 @@ byte[] xmss_pkFromSig(int idx, SIG_XMSS sig_xmss, byte[] M, byte[] pkSeed, ADRS
         byte[] node1 = null;
 
         // compute root from WOTS+ pk and AUTH
-        adrs.setType(ADRS.TREE);
+        adrs.setTypeAndClear(ADRS.TREE);
         adrs.setTreeIndex(idx);
         for (int k = 0; k < engine.H_PRIME; k++)
         {
@@ -125,7 +125,7 @@ SIG_XMSS xmss_sign(byte[] M, byte[] skSeed, int idx, byte[] pkSeed, ADRS paramAd
 
         ADRS adrs = new ADRS(paramAdrs);
 
-        adrs.setType(ADRS.TREE);
+        adrs.setTypeAndClear(ADRS.TREE);
         adrs.setLayerAddress(paramAdrs.getLayerAddress());
         adrs.setTreeAddress(paramAdrs.getTreeAddress());
 
@@ -136,7 +136,7 @@ SIG_XMSS xmss_sign(byte[] M, byte[] skSeed, int idx, byte[] pkSeed, ADRS paramAd
             AUTH[j] = treehash(skSeed, k << j, j, pkSeed, adrs);
         }
         adrs = new ADRS(paramAdrs);
-        adrs.setType(ADRS.WOTS_HASH);
+        adrs.setTypeAndClear(ADRS.WOTS_HASH);
         adrs.setKeyPairAddress(idx);
 
         byte[] sig = wots.sign(M, skSeed, pkSeed, adrs);
@@ -161,11 +161,11 @@ byte[] treehash(byte[] skSeed, int s, int z, byte[] pkSeed, ADRS adrsParam)
 
         for (int idx = 0; idx < (1 << z); idx++)
         {
-            adrs.setType(ADRS.WOTS_HASH);
+            adrs.setTypeAndClear(ADRS.WOTS_HASH);
             adrs.setKeyPairAddress(s + idx);
             byte[] node = wots.pkGen(skSeed, pkSeed, adrs);
 
-            adrs.setType(ADRS.TREE);
+            adrs.setTypeAndClear(ADRS.TREE);
             adrs.setTreeHeight(1);
             adrs.setTreeIndex(s + idx);
 

core/src/main/java/org/bouncycastle/pqc/crypto/sphincsplus/SPHINCSPlusSigner.java

@@ -83,20 +83,20 @@ public byte[] generateSignature(byte[] message)
         int idx_leaf = idxDigest.idx_leaf;
         // FORS sign
         ADRS adrs = new ADRS();
-        adrs.setType(ADRS.FORS_TREE);
+        adrs.setTypeAndClear(ADRS.FORS_TREE);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
         SIG_FORS[] sig_fors = fors.sign(mHash, privKey.sk.seed, privKey.pk.seed, adrs);
         // get FORS public key - spec shows M?
         adrs = new ADRS();
-        adrs.setType(ADRS.FORS_TREE);
+        adrs.setTypeAndClear(ADRS.FORS_TREE);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
         byte[] PK_FORS = fors.pkFromSig(sig_fors, mHash, privKey.pk.seed, adrs);
 
         // sign FORS public key with HT
         ADRS treeAdrs = new ADRS();
-        treeAdrs.setType(ADRS.TREE);
+        treeAdrs.setTypeAndClear(ADRS.TREE);
 
         HT ht = new HT(engine, privKey.getSeed(), privKey.getPublicSeed());
         byte[] SIG_HT = ht.sign(PK_FORS, idx_tree, idx_leaf);
@@ -137,13 +137,13 @@ public boolean verifySignature(byte[] message, byte[] signature)
         int idx_leaf = idxDigest.idx_leaf;
 
         // compute FORS public key
-        adrs.setType(ADRS.FORS_TREE);
+        adrs.setTypeAndClear(ADRS.FORS_TREE);
         adrs.setLayerAddress(0);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);
         byte[] PK_FORS = new Fors(engine).pkFromSig(sig_fors, mHash, pubKey.getSeed(), adrs);
         // verify HT signature
-        adrs.setType(ADRS.TREE);
+        adrs.setTypeAndClear(ADRS.TREE);
         adrs.setLayerAddress(0);
         adrs.setTreeAddress(idx_tree);
         adrs.setKeyPairAddress(idx_leaf);