Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

Author: dghgit

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/MLDSAEngine.java

@@ -2,7 +2,6 @@
 
 import java.security.SecureRandom;
 
-import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.SHAKEDigest;
 import org.bouncycastle.util.Arrays;
 
@@ -30,8 +29,6 @@ class MLDSAEngine
     private final int DilithiumPolyW1PackedBytes;
     private final int DilithiumPolyEtaPackedBytes;
 
-    private final int DilithiumMode;
-
     private final int DilithiumK;
     private final int DilithiumL;
     private final int DilithiumEta;
@@ -43,7 +40,7 @@ class MLDSAEngine
     private final int DilithiumCTilde;
 
     private final int CryptoPublicKeyBytes;
-    private final int CryptoSecretKeyBytes;
+//    private final int CryptoSecretKeyBytes;
     private final int CryptoBytes;
 
     private final int PolyUniformGamma1NBlocks;
@@ -147,7 +144,6 @@ int getPolyUniformGamma1NBlocks()
 
     MLDSAEngine(int mode, SecureRandom random)
     {
-        this.DilithiumMode = mode;
         switch (mode)
         {
         case 2:
@@ -201,14 +197,14 @@ int getPolyUniformGamma1NBlocks()
         this.random = random;
         this.DilithiumPolyVecHPackedBytes = this.DilithiumOmega + this.DilithiumK;
         this.CryptoPublicKeyBytes = SeedBytes + this.DilithiumK * DilithiumPolyT1PackedBytes;
-        this.CryptoSecretKeyBytes =
-            (
-                2 * SeedBytes
-                    + TrBytes
-                    + DilithiumL * this.DilithiumPolyEtaPackedBytes
-                    + DilithiumK * this.DilithiumPolyEtaPackedBytes
-                    + DilithiumK * DilithiumPolyT0PackedBytes
-            );
+//        this.CryptoSecretKeyBytes =
+//            (
+//                2 * SeedBytes
+//                    + TrBytes
+//                    + DilithiumL * this.DilithiumPolyEtaPackedBytes
+//                    + DilithiumK * this.DilithiumPolyEtaPackedBytes
+//                    + DilithiumK * DilithiumPolyT0PackedBytes
+//            );
         this.CryptoBytes = DilithiumCTilde + DilithiumL * this.DilithiumPolyZPackedBytes + this.DilithiumPolyVecHPackedBytes;
 
         if (this.DilithiumGamma1 == (1 << 17))

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/Poly.java

@@ -238,12 +238,7 @@ public void conditionalAddQ()
 
     public void power2Round(Poly a)
     {
-        for (int i = 0; i < DilithiumN; ++i)
-        {
-            int[] p2r = Rounding.power2Round(this.getCoeffIndex(i));
-            this.setCoeffIndex(i, p2r[0]);
-            a.setCoeffIndex(i, p2r[1]);
-        }
+        Rounding.power2RoundAll(this.coeffs, a.coeffs);
     }
 
     public byte[] polyt1Pack()

core/src/main/java/org/bouncycastle/pqc/crypto/mldsa/Rounding.java

@@ -2,15 +2,23 @@
 
 class Rounding
 {
-    public static int[] power2Round(int a)
+    static void power2RoundAll(int[] c0, int[] c1)
     {
-        int[] out = new int[2];
+        int d = MLDSAEngine.DilithiumD, n = MLDSAEngine.DilithiumN;
+        int u = (1 << (d - 1)) - 1, v = -1 << d;
 
-        out[0] = (a + (1 << (MLDSAEngine.DilithiumD - 1)) - 1) >> MLDSAEngine.DilithiumD;
-        out[1] = a - (out[0] << MLDSAEngine.DilithiumD);
-        return out;
-    }
+        for (int i = 0; i < n; ++i)
+        {
+            int a = c0[i];
+
+            int t = a + u;
+            int r1 = a - (t & v);
 
+            c0[i] = t >> d;
+            c1[i] = r1;
+        }
+    }
+    
     public static int[] decompose(int a, int gamma2)
     {
         int a1, a0;

core/src/test/java/org/bouncycastle/pqc/crypto/test/MLDSATest.java

@@ -15,6 +15,7 @@
 import junit.framework.TestCase;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
 import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.Signer;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.pqc.crypto.mldsa.HashMLDSASigner;
 import org.bouncycastle.pqc.crypto.mldsa.MLDSAKeyGenerationParameters;
@@ -41,15 +42,21 @@ public class MLDSATest
             put("ML-DSA-44", MLDSAParameters.ml_dsa_44);
             put("ML-DSA-65", MLDSAParameters.ml_dsa_65);
             put("ML-DSA-87", MLDSAParameters.ml_dsa_87);
+            put("ML-DSA-44-WITH-SHA512", MLDSAParameters.ml_dsa_44_with_sha512);
+            put("ML-DSA-65-WITH-SHA512", MLDSAParameters.ml_dsa_65_with_sha512);
+            put("ML-DSA-87-WITH-SHA512", MLDSAParameters.ml_dsa_87_with_sha512);
         }
     };
 
     private static final MLDSAParameters[] PARAMETER_SETS = new MLDSAParameters[]
-        {
-            MLDSAParameters.ml_dsa_44,
-            MLDSAParameters.ml_dsa_65,
-            MLDSAParameters.ml_dsa_87,
-        };
+    {
+        MLDSAParameters.ml_dsa_44,
+        MLDSAParameters.ml_dsa_65,
+        MLDSAParameters.ml_dsa_87,
+        MLDSAParameters.ml_dsa_44_with_sha512,
+        MLDSAParameters.ml_dsa_65_with_sha512,
+        MLDSAParameters.ml_dsa_87_with_sha512,
+    };
 
     public void testConsistency()
         throws Exception
@@ -72,7 +79,7 @@ public void testConsistency()
                 {
                     AsymmetricCipherKeyPair kp = kpg.generateKeyPair();
 
-                    MLDSASigner signer = new MLDSASigner();
+                    Signer signer = parameters.isPreHash() ? new HashMLDSASigner() : new MLDSASigner();
 
                     for (int j = 0; j < 2; ++j)
                     {