Fix step 3.

gefeili · dghgit · commit d53e3ab82d90 · 2025-03-09T08:14:28.000Z
diff --git a/core/src/main/java/org/bouncycastle/crypto/kems/SAKKEKEMSGenerator.java b/core/src/main/java/org/bouncycastle/crypto/kems/SAKKEKEMSGenerator.java
@@ -144,10 +144,10 @@ public SecretWithEncapsulation generateEncapsulated(AsymmetricKeyParameter recip
                 "C67C6D19487FB449059F26CC8AAB655A" +
                 "B58B7CC796E24E9A394095754F5F8BAE", 16)   // Py
         );
+        BigInteger z = new BigInteger("AFF429D35F84B110D094803B3595A6E2998BC99F", 16);
         // 3. Compute R_(b,S) = [r]([b]P + Z_S)
         ECPoint bP = P.multiply(b).normalize();
-        ECPoint Z_S = Z;// P.multiply(ssv).normalize();;//.multiply(new BigInteger("AFF429D35F84B110D094803B3595A6E2998BC99F", 16));          // Z_S
-        ECPoint R_bS = bP.add(Z_S).multiply(r);         // [r]([b]P + Z_S)
+        ECPoint R_bS = bP.add(Z).multiply(r).normalize();         // [r]([b]P + Z_S)
         System.out.println("R_Bs x:" + new String(Hex.encode(R_bS.getXCoord().toBigInteger().toByteArray())));
         System.out.println("R_Bs y:" + new String(Hex.encode(R_bS.getYCoord().toBigInteger().toByteArray())));
 
diff --git a/core/src/test/java/org/bouncycastle/crypto/kems/test/SAKKEKEMSTest.java b/core/src/test/java/org/bouncycastle/crypto/kems/test/SAKKEKEMSTest.java
@@ -142,10 +142,11 @@ public void performTest()
             p, // Prime p
             BigInteger.valueOf(-3).mod(p),             // a = -3
             BigInteger.ZERO, // ,
-            q,// Order of the subgroup (from RFC 6509)
+            g,// Order of the subgroup (from RFC 6509)
             BigInteger.ONE     // Cofactor = 1
         );
-
+        SAKKEKEMSGenerator generator = new SAKKEKEMSGenerator(new SecureRandom());
+        generator.generateEncapsulated(null);
         ECPoint K_bS = curve.createPoint(kbx, kby);
         System.out.println("K_bS x:" + new String(Hex.encode(K_bS.getXCoord().toBigInteger().toByteArray())));
         System.out.println("K_bS y:" + new String(Hex.encode(K_bS.getYCoord().toBigInteger().toByteArray())));
@@ -159,8 +160,8 @@ public void performTest()
         System.out.println("r:" + new String(Hex.encode(expectedR)));
 
         Assert.assertTrue(Arrays.areEqual(r.toByteArray(), expectedR));
-        SAKKEKEMSGenerator generator = new SAKKEKEMSGenerator(new SecureRandom());
-        generator.generateEncapsulated(null);
+//        SAKKEKEMSGenerator generator = new SAKKEKEMSGenerator(new SecureRandom());
+//        generator.generateEncapsulated(null);
 
     }
 }
