Add AsconPermutation.set

gefeili · gefeili · commit 9dbad2d21377 · 2025-01-28T16:48:53.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconBaseDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconBaseDigest.java
@@ -9,7 +9,10 @@ abstract class AsconBaseDigest
     public static class Friend
     {
         private static final Friend INSTANCE = new Friend();
-        private Friend() {}
+
+        private Friend()
+        {
+        }
     }
 
 
@@ -49,8 +52,7 @@ protected void finish(byte[] output, int outOff)
 
     protected void padAndAbsorb()
     {
-        p.x0 ^= loadBytes(m_buf, 0, m_bufPos);
-        p.x0 ^= pad(m_bufPos);
+        p.x0 ^= loadBytes(m_buf, 0, m_bufPos) ^ pad(m_bufPos);
         p.p(12);
     }
 
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconCXof128.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconCXof128.java
@@ -131,20 +131,12 @@ public void reset()
         super.reset();
         m_squeezing = false;
         /* initialize */
-        p.x0 = z0;
-        p.x1 = z1;
-        p.x2 = z2;
-        p.x3 = z3;
-        p.x4 = z4;
+        p.set(z0, z1, z2, z3, z4);
     }
 
     private void initState(byte[] z, int zOff, int zLen)
     {
-        p.x0 = 7445901275803737603L;
-        p.x1 = 4886737088792722364L;
-        p.x2 = -1616759365661982283L;
-        p.x3 = 3076320316797452470L;
-        p.x4 = -8124743304765850554L;
+        p.set(7445901275803737603L, 4886737088792722364L, -1616759365661982283L, 3076320316797452470L, -8124743304765850554L);
         long bitLength = ((long)zLen) << 3;
         Pack.longToLittleEndian(bitLength, m_buf, 0);
         p.p(12);
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconDigest.java
@@ -74,18 +74,10 @@ public void reset()
         switch (asconParameters)
         {
         case AsconHashA:
-            p.x0 = 92044056785660070L;
-            p.x1 = 8326807761760157607L;
-            p.x2 = 3371194088139667532L;
-            p.x3 = -2956994353054992515L;
-            p.x4 = -6828509670848688761L;
+            p.set(92044056785660070L, 8326807761760157607L, 3371194088139667532L, -2956994353054992515L, -6828509670848688761L);
             break;
         case AsconHash:
-            p.x0 = -1255492011513352131L;
-            p.x1 = -8380609354527731710L;
-            p.x2 = -5437372128236807582L;
-            p.x3 = 4834782570098516968L;
-            p.x4 = 3787428097924915520L;
+            p.set(-1255492011513352131L, -8380609354527731710L, -5437372128236807582L, 4834782570098516968L, 3787428097924915520L);
             break;
         }
     }
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconHash256.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconHash256.java
@@ -10,7 +10,7 @@
  * <a href="https://csrc.nist.gov/pubs/sp/800/232/ipd">NIST SP 800-232 (Initial Public Draft)</a>.
  * For reference source code and implementation details, please see:
  * <a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
- *  ASM implementations of Ascon (NIST SP 800-232)</a>.
+ * ASM implementations of Ascon (NIST SP 800-232)</a>.
  * </p>
  */
 public class AsconHash256
@@ -52,10 +52,6 @@ public void reset()
     {
         super.reset();
         /* initialize */
-        p.x0 = -7269279749984954751L;
-        p.x1 = 5459383224871899602L;
-        p.x2 = -5880230600644446182L;
-        p.x3 = 4359436768738168243L;
-        p.x4 = 1899470422303676269L;
+        p.set(-7269279749984954751L, 5459383224871899602L, -5880230600644446182L, 4359436768738168243L, 1899470422303676269L);
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconXof.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconXof.java
@@ -26,6 +26,7 @@ public enum AsconParameters
 
     public AsconXof(AsconXof.AsconParameters parameters)
     {
+        BlockSize = 8;
         this.asconParameters = parameters;
         switch (parameters)
         {
@@ -42,6 +43,7 @@ public AsconXof(AsconXof.AsconParameters parameters)
         }
         reset();
     }
+
     private boolean m_squeezing = false;
 
     @Override
@@ -109,12 +111,6 @@ public int doFinal(byte[] output, int outOff, int outLen)
         return rlt;
     }
 
-    @Override
-    public int getByteLength()
-    {
-        return 8;
-    }
-
     @Override
     public void reset()
     {
@@ -124,18 +120,10 @@ public void reset()
         switch (asconParameters)
         {
         case AsconXof:
-            p.x0 = -5368810569253202922L;
-            p.x1 = 3121280575360345120L;
-            p.x2 = 7395939140700676632L;
-            p.x3 = 6533890155656471820L;
-            p.x4 = 5710016986865767350L;
+            p.set(-5368810569253202922L, 3121280575360345120L, 7395939140700676632L, 6533890155656471820L, 5710016986865767350L);
             break;
         case AsconXofA:
-            p.x0 = 4940560291654768690L;
-            p.x1 = -3635129828240960206L;
-            p.x2 = -597534922722107095L;
-            p.x3 = 2623493988082852443L;
-            p.x4 = -6283826724160825537L;
+            p.set(4940560291654768690L, -3635129828240960206L, -597534922722107095L, 2623493988082852443L, -6283826724160825537L);
             break;
         }
     }
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconXof128.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconXof128.java
@@ -97,11 +97,7 @@ public void reset()
         m_squeezing = false;
         super.reset();
         /* initialize */
-        p.x0 = -2701369817892108309L;
-        p.x1 = -3711838248891385495L;
-        p.x2 = -1778763697082575311L;
-        p.x3 = 1072114354614917324L;
-        p.x4 = -2282070310009238562L;
+        p.set(-2701369817892108309L, -3711838248891385495L, -1778763697082575311L, 1072114354614917324L, -2282070310009238562L);
     }
 }
 
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/ISAPDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/ISAPDigest.java
@@ -83,10 +83,6 @@ public void reset()
     {
         super.reset();
         /* init state */
-        p.x0 = -1255492011513352131L;
-        p.x1 = -8380609354527731710L;
-        p.x2 = -5437372128236807582L;
-        p.x3 = 4834782570098516968L;
-        p.x4 = 3787428097924915520L;
+        p.set(-1255492011513352131L, -8380609354527731710L, -5437372128236807582L, 4834782570098516968L, 3787428097924915520L);
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AsconAEAD128.java b/core/src/main/java/org/bouncycastle/crypto/engines/AsconAEAD128.java
@@ -49,11 +49,7 @@ protected void setBytes(long n, byte[] bs, int off)
     protected void ascon_aeadinit()
     {
         /* initialize */
-        p.x0 = ASCON_IV;
-        p.x1 = K0;
-        p.x2 = K1;
-        p.x3 = N0;
-        p.x4 = N1;
+        p.set(ASCON_IV, K0, K1, N0, N1);
         p.p(12);
         p.x3 ^= K0;
         p.x4 ^= K1;
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AsconBaseEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/AsconBaseEngine.java
@@ -9,7 +9,7 @@ abstract class AsconBaseEngine
     protected long N0;
     protected long N1;
     protected long ASCON_IV;
-    AsconPermutationFriend.AsconPermutation p;
+    AsconPermutationFriend.AsconPermutation p = new AsconPermutationFriend.AsconPermutation();
     protected long dsep; //domain separation
 
     protected abstract long pad(int i);
@@ -98,7 +98,6 @@ protected void processBufferEncrypt(byte[] buffer, int bufOff, byte[] output, in
 
     protected void reset(boolean clearMac)
     {
-        p = new AsconPermutationFriend.AsconPermutation();
         bufferReset();
         ascon_aeadinit();
         super.reset(clearMac);
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AsconEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/AsconEngine.java
@@ -87,15 +87,11 @@ protected void setBytes(long n, byte[] bs, int off)
     protected void ascon_aeadinit()
     {
         /* initialize */
-        p.x0 = ASCON_IV;
+        p.set(ASCON_IV, K1, K2, N0, N1);
         if (KEY_SIZE == 20)
         {
             p.x0 ^= K0;
         }
-        p.x1 = K1;
-        p.x2 = K2;
-        p.x3 = N0;
-        p.x4 = N1;
         p.p(12);
         if (KEY_SIZE == 20)
         {
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AsconPermutationFriend.java b/core/src/main/java/org/bouncycastle/crypto/engines/AsconPermutationFriend.java
@@ -61,5 +61,14 @@ public void p(int nr)
             round(0x5aL);
             round(0x4bL);
         }
+
+        public void set(long x0, long x1, long x2, long x3, long x4)
+        {
+            this.x0 = x0;
+            this.x1 = x1;
+            this.x2 = x2;
+            this.x3 = x3;
+            this.x4 = x4;
+        }
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java
@@ -148,10 +148,7 @@ public void processMACFinal(byte[] input, int inOff, int len, byte[] tag)
         private void isap_rk(AsconPermutationFriend.AsconPermutation p, long iv64, byte[] y, int ylen)
         {
             // Init state
-            p.x0 = k64[0];
-            p.x1 = k64[1];
-            p.x2 = iv64;
-            p.x3 = p.x4 = 0;
+            p.set(k64[0], k64[1], iv64, 0L, 0L);
             p.p(12);
             // Absorb Y
             for (int i = 0; i < (ylen << 3) - 1; i++)
@@ -187,10 +184,7 @@ public void reset()
             p.x4 = npub64[1];
             PX1(p);
             // Init State for mac
-            mac.x0 = npub64[0];
-            mac.x1 = npub64[1];
-            mac.x2 = ISAP_IV1_64;
-            mac.x3 = mac.x4 = 0;
+            mac.set(npub64[0], npub64[1], ISAP_IV1_64, 0L, 0L);
             mac.p(12);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,10 @@ abstract class AsconBaseDigest`
`9`	`9`	`public static class Friend`
`10`	`10`	`{`
`11`	`11`	`private static final Friend INSTANCE = new Friend();`
`12`		`- private Friend() {}`
	`12`	`+`
	`13`	`+ private Friend()`
	`14`	`+ {`
	`15`	`+ }`
`13`	`16`	`}`
`14`	`17`
`15`	`18`
`@@ -49,8 +52,7 @@ protected void finish(byte[] output, int outOff)`
`49`	`52`
`50`	`53`	`protected void padAndAbsorb()`
`51`	`54`	`{`
`52`		`- p.x0 ^= loadBytes(m_buf, 0, m_bufPos);`
`53`		`- p.x0 ^= pad(m_bufPos);`
	`55`	`+ p.x0 ^= loadBytes(m_buf, 0, m_bufPos) ^ pad(m_bufPos);`
`54`	`56`	`p.p(12);`
`55`	`57`	`}`
`56`	`58`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ public enum AsconParameters`
`26`	`26`
`27`	`27`	`public AsconXof(AsconXof.AsconParameters parameters)`
`28`	`28`	`{`
	`29`	`+ BlockSize = 8;`
`29`	`30`	`this.asconParameters = parameters;`
`30`	`31`	`switch (parameters)`
`31`	`32`	`{`
`@@ -42,6 +43,7 @@ public AsconXof(AsconXof.AsconParameters parameters)`
`42`	`43`	`}`
`43`	`44`	`reset();`
`44`	`45`	`}`
	`46`	`+`
`45`	`47`	`private boolean m_squeezing = false;`
`46`	`48`
`47`	`49`	`@Override`
`@@ -109,12 +111,6 @@ public int doFinal(byte[] output, int outOff, int outLen)`
`109`	`111`	`return rlt;`
`110`	`112`	`}`
`111`	`113`
`112`		`- @Override`
`113`		`- public int getByteLength()`
`114`		`- {`
`115`		`- return 8;`
`116`		`- }`
`117`		`-`
`118`	`114`	`@Override`
`119`	`115`	`public void reset()`
`120`	`116`	`{`
`@@ -124,18 +120,10 @@ public void reset()`
`124`	`120`	`switch (asconParameters)`
`125`	`121`	`{`
`126`	`122`	`case AsconXof:`
`127`		`- p.x0 = -5368810569253202922L;`
`128`		`- p.x1 = 3121280575360345120L;`
`129`		`- p.x2 = 7395939140700676632L;`
`130`		`- p.x3 = 6533890155656471820L;`
`131`		`- p.x4 = 5710016986865767350L;`
	`123`	`+ p.set(-5368810569253202922L, 3121280575360345120L, 7395939140700676632L, 6533890155656471820L, 5710016986865767350L);`
`132`	`124`	`break;`
`133`	`125`	`case AsconXofA:`
`134`		`- p.x0 = 4940560291654768690L;`
`135`		`- p.x1 = -3635129828240960206L;`
`136`		`- p.x2 = -597534922722107095L;`
`137`		`- p.x3 = 2623493988082852443L;`
`138`		`- p.x4 = -6283826724160825537L;`
	`126`	`+ p.set(4940560291654768690L, -3635129828240960206L, -597534922722107095L, 2623493988082852443L, -6283826724160825537L);`
`139`	`127`	`break;`
`140`	`128`	`}`
`141`	`129`	`}`
Original file line number	Diff line number	Diff line change
`@@ -97,11 +97,7 @@ public void reset()`
`97`	`97`	`m_squeezing = false;`
`98`	`98`	`super.reset();`
`99`	`99`	`/* initialize */`
`100`		`- p.x0 = -2701369817892108309L;`
`101`		`- p.x1 = -3711838248891385495L;`
`102`		`- p.x2 = -1778763697082575311L;`
`103`		`- p.x3 = 1072114354614917324L;`
`104`		`- p.x4 = -2282070310009238562L;`
	`100`	`+ p.set(-2701369817892108309L, -3711838248891385495L, -1778763697082575311L, 1072114354614917324L, -2282070310009238562L);`
`105`	`101`	`}`
`106`	`102`	`}`
`107`	`103`
Original file line number	Diff line number	Diff line change
`@@ -83,10 +83,6 @@ public void reset()`
`83`	`83`	`{`
`84`	`84`	`super.reset();`
`85`	`85`	`/* init state */`
`86`		`- p.x0 = -1255492011513352131L;`
`87`		`- p.x1 = -8380609354527731710L;`
`88`		`- p.x2 = -5437372128236807582L;`
`89`		`- p.x3 = 4834782570098516968L;`
`90`		`- p.x4 = 3787428097924915520L;`
	`86`	`+ p.set(-1255492011513352131L, -8380609354527731710L, -5437372128236807582L, 4834782570098516968L, 3787428097924915520L);`
`91`	`87`	`}`
`92`	`88`	`}`
Original file line number	Diff line number	Diff line change
`@@ -87,15 +87,11 @@ protected void setBytes(long n, byte[] bs, int off)`
`87`	`87`	`protected void ascon_aeadinit()`
`88`	`88`	`{`
`89`	`89`	`/* initialize */`
`90`		`- p.x0 = ASCON_IV;`
	`90`	`+ p.set(ASCON_IV, K1, K2, N0, N1);`
`91`	`91`	`if (KEY_SIZE == 20)`
`92`	`92`	`{`
`93`	`93`	`p.x0 ^= K0;`
`94`	`94`	`}`
`95`		`- p.x1 = K1;`
`96`		`- p.x2 = K2;`
`97`		`- p.x3 = N0;`
`98`		`- p.x4 = N1;`
`99`	`95`	`p.p(12);`
`100`	`96`	`if (KEY_SIZE == 20)`
`101`	`97`	`{`