Refactor of decode (which can be re-used in Snova).

gefeili · gefeili · commit ad11e9b7b185 · 2025-03-07T16:30:38.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoKeyPairGenerator.java
@@ -94,7 +94,7 @@ public AsymmetricCipherKeyPair generateKeyPair()
         // o ← Decode_o(S[ param_pk_seed_bytes : param_pk_seed_bytes + O_bytes ])
         // Decode nibbles from S starting at offset param_pk_seed_bytes into O,
         // with expected output length = param_v * param_o.
-        Utils.decode(seed_pk, pkSeedBytes, O, O.length);
+        Utils.decode(seed_pk, pkSeedBytes, O, 0,  O.length);
 
         // Expand P1 and P2 into the array P using seed_pk.
         Utils.expandP1P2(p, P, seed_pk);
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoSigner.java b/core/src/main/java/org/bouncycastle/pqc/crypto/mayo/MayoSigner.java
@@ -135,7 +135,7 @@ public byte[] generateSignature(byte[] message)
 
             // Decode the portion of S after the first param_pk_seed_bytes into O.
             // (In C, this is: decode(S + param_pk_seed_bytes, O, param_v * param_o))
-            Utils.decode(seed_pk, pk_seed_bytes, O, v * o);
+            Utils.decode(seed_pk, pk_seed_bytes, O, 0, v * o);
 
             // Expand P1 and P2 into the long array P using seed_pk.
             Utils.expandP1P2(params, P, seed_pk);
@@ -225,7 +225,7 @@ public byte[] generateSignature(byte[] message)
 //                    A[(i + 1) * (ok + 1) - 1] = 0;
 //                }
 
-                Utils.decode(V, k * vbytes, r, ok);
+                Utils.decode(V, k * vbytes, r, 0, ok);
 
                 if (sampleSolution(A, y, r, x))
                 {
@@ -240,7 +240,7 @@ public byte[] generateSignature(byte[] message)
 
             // Compute final signature components
 
-            for (int i = 0, io = 0, in = 0, iv = 0; i < k; i++, io += o, in+= n, iv += v)
+            for (int i = 0, io = 0, in = 0, iv = 0; i < k; i++, io += o, in += n, iv += v)
             {
                 GF16Utils.matMul(O, x, io, Ox, o, v);
                 Bytes.xor(v, Vdec, iv, Ox, s, in);
@@ -274,8 +274,8 @@ public byte[] generateSignature(byte[] message)
      * Verifies a MAYO signature against the initialized public key and message.
      * Implements the verification process specified in the MAYO documentation.
      *
-     * @param message     The original message
-     * @param signature   The signature to verify
+     * @param message   The original message
+     * @param signature The signature to verify
      * @return {@code true} if the signature is valid, {@code false} otherwise
      * @see <a href="https://pqmayo.org/assets/specs/mayo.pdf">MAYO Spec Algorithm 9 and 11</a>
      */
@@ -601,10 +601,10 @@ private static void transpose16x16Nibbles(long[] M, int offset)
     /**
      * Samples a solution for the MAYO signature equation using the provided parameters.
      *
-     * @param A      Coefficient matrix
-     * @param y      Target vector
-     * @param r      Randomness vector
-     * @param x      Output solution vector
+     * @param A Coefficient matrix
+     * @param y Target vector
+     * @param r Randomness vector
+     * @param x Output solution vector
      * @return {@code true} if a valid solution was found, {@code false} otherwise
      * @see <a href="https://pqmayo.org/assets/specs/mayo.pdf">MAYO Spec Algorithm 2</a>
      */
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/mayo/Utils.java b/core/src/main/java/org/bouncycastle/pqc/crypto/mayo/Utils.java
@@ -9,7 +9,7 @@
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Pack;
 
-public class Utils
+class Utils
 {
     /**
      * Decodes an encoded byte array.
@@ -34,7 +34,7 @@ public static void decode(byte[] m, byte[] mdec, int mdecLen)
         // If there is an extra nibble (odd number of nibbles), decode only the lower nibble
         if ((mdecLen & 1) == 1)
         {
-            mdec[decIndex] = (byte)((m[i] & 0xFF) & 0x0F);
+            mdec[decIndex] = (byte)(m[i] & 0x0F);
         }
     }
 
@@ -56,28 +56,6 @@ public static void decode(byte[] m, int mOff, byte[] mdec, int decIndex, int mde
         }
     }
 
-    /**
-     * Decodes a nibble-packed byte array into an output array.
-     *
-     * @param input       the input byte array.
-     * @param inputOffset the offset in input from which to start decoding.
-     * @param output      the output byte array to hold the decoded nibbles.
-     * @param mdecLen     the total number of nibbles to decode.
-     */
-    public static void decode(byte[] input, int inputOffset, byte[] output, int mdecLen)
-    {
-        int decIndex = 0, blocks = mdecLen >> 1;
-        for (int i = 0; i < blocks; i++)
-        {
-            output[decIndex++] = (byte)(input[inputOffset] & 0x0F);
-            output[decIndex++] = (byte)((input[inputOffset++] >> 4) & 0x0F);
-        }
-        if ((mdecLen & 1) == 1)
-        {
-            output[decIndex] = (byte)(input[inputOffset] & 0x0F);
-        }
-    }
-
     /**
      * Encodes an array of 4-bit values into a byte array.
      * Two 4-bit values are packed into one byte, with the first nibble stored in the lower 4 bits
