Skip to content

Commit b6843b1

Browse files
committed
updated to reflect current data
1 parent 9592d52 commit b6843b1

2 files changed

Lines changed: 47 additions & 22 deletions

File tree

core/src/main/java/org/bouncycastle/pqc/crypto/falcon/FalconNIST.java

Lines changed: 44 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -118,7 +118,7 @@ byte[][] crypto_sign_keypair(byte[] srcpk, int pk, byte[] srcsk, int sk)
118118
/*
119119
* Encode public key.
120120
*/
121-
srcpk[pk + 0] = (byte)(0x00 + LOGN); // old python header
121+
srcpk[pk + 0] = (byte)(0x00 + LOGN);
122122
v = codec.modq_encode(srcpk, pk + 1, CRYPTO_PUBLICKEYBYTES - 1, h, 0, LOGN);
123123
if (v != CRYPTO_PUBLICKEYBYTES - 1)
124124
{
@@ -128,7 +128,7 @@ byte[][] crypto_sign_keypair(byte[] srcpk, int pk, byte[] srcsk, int sk)
128128
return new byte[][] { Arrays.copyOfRange(srcpk, 1, srcpk.length), fEnc, gEnc, FEnc };
129129
}
130130

131-
byte[] crypto_sign(byte[] srcsm,
131+
byte[] crypto_sign(boolean attached, byte[] srcsm,
132132
byte[] srcm, int m, int mlen,
133133
byte[] srcsk, int sk)
134134
{
@@ -143,7 +143,7 @@ byte[] crypto_sign(byte[] srcsm,
143143
byte[] seed = new byte[48],
144144
nonce = new byte[NONCELEN];
145145

146-
byte[] esig = new byte[CRYPTO_BYTES - 2 - NONCELEN];
146+
147147
SHAKE256 sc = new SHAKE256();
148148
int u, v, sig_len;
149149
FalconSign sign = new FalconSign();
@@ -232,19 +232,31 @@ byte[] crypto_sign(byte[] srcsm,
232232

233233
// set_fpu_cw(savcw);
234234

235-
/*
236-
* Encode the signature. Format is:
237-
* signature header 1 bytes
238-
* nonce 40 bytes
239-
* signature slen bytes
240-
*/
241-
esig[0] = (byte)(0x20 + LOGN);
242-
sig_len = codec.comp_encode(esig, 1, esig.length - 1, sig, 0, LOGN);
243-
if (sig_len == 0)
235+
byte[] esig = new byte[CRYPTO_BYTES - 2 - NONCELEN];
236+
if (attached)
244237
{
245-
throw new IllegalStateException("signature failed to generate");
238+
/*
239+
* Encode the signature. Format is:
240+
* signature header 1 bytes
241+
* nonce 40 bytes
242+
* signature slen bytes
243+
*/
244+
esig[0] = (byte)(0x20 + LOGN);
245+
sig_len = codec.comp_encode(esig, 1, esig.length - 1, sig, 0, LOGN);
246+
if (sig_len == 0)
247+
{
248+
throw new IllegalStateException("signature failed to generate");
249+
}
250+
sig_len++;
251+
}
252+
else
253+
{
254+
sig_len = codec.comp_encode(esig, 0, esig.length, sig, 0, LOGN);
255+
if (sig_len == 0)
256+
{
257+
throw new IllegalStateException("signature failed to generate");
258+
}
246259
}
247-
sig_len++;
248260

249261
// header
250262
srcsm[0] = (byte)(0x30 + LOGN);
@@ -257,7 +269,7 @@ byte[] crypto_sign(byte[] srcsm,
257269
return Arrays.copyOfRange(srcsm, 0, 1 + NONCELEN + sig_len);
258270
}
259271

260-
int crypto_sign_open(byte[] sig_encoded, byte[] nonce, byte[] msg,
272+
int crypto_sign_open(boolean attached, byte[] sig_encoded, byte[] nonce, byte[] msg,
261273
byte[] srcpk, int pk)
262274
{
263275
short[] h = new short[N],
@@ -300,14 +312,26 @@ int crypto_sign_open(byte[] sig_encoded, byte[] nonce, byte[] msg,
300312
/*
301313
* Decode signature.
302314
*/
303-
if (sig_len < 1 || sig_encoded[0] != (byte)(0x20 + LOGN))
315+
// Check only required for attached signatures - see 3.11.3 and 3.11.6 in the spec
316+
if (attached)
304317
{
305-
return -1;
318+
if (sig_len < 1 || sig_encoded[0] != (byte)(0x20 + LOGN))
319+
{
320+
return -1;
321+
}
322+
if (codec.comp_decode(sig, 0, LOGN,
323+
sig_encoded, 1, sig_len - 1) != sig_len - 1)
324+
{
325+
return -1;
326+
}
306327
}
307-
if (codec.comp_decode(sig, 0, LOGN,
308-
sig_encoded, 1, sig_len - 1) != sig_len - 1)
328+
else
309329
{
310-
return -1;
330+
if (sig_len < 1 || codec.comp_decode(sig, 0, LOGN,
331+
sig_encoded, 0, sig_len) != sig_len)
332+
{
333+
return -1;
334+
}
311335
}
312336

313337
/*

core/src/main/java/org/bouncycastle/pqc/crypto/falcon/FalconSigner.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
import org.bouncycastle.crypto.CryptoServicesRegistrar;
55
import org.bouncycastle.crypto.params.ParametersWithRandom;
66
import org.bouncycastle.pqc.crypto.MessageSigner;
7+
import org.bouncycastle.util.encoders.Hex;
78

89
public class FalconSigner
910
implements MessageSigner
@@ -46,7 +47,7 @@ public byte[] generateSignature(byte[] message)
4647
{
4748
byte[] sm = new byte[nist.CRYPTO_BYTES];
4849

49-
return nist.crypto_sign(sm, message, 0, message.length, encodedkey, 0);
50+
return nist.crypto_sign(false, sm, message, 0, message.length, encodedkey, 0);
5051
}
5152

5253
public boolean verifySignature(byte[] message, byte[] signature)
@@ -59,7 +60,7 @@ public boolean verifySignature(byte[] message, byte[] signature)
5960
byte[] sig = new byte[signature.length - nist.NONCELEN - 1];
6061
System.arraycopy(signature, 1, nonce, 0, nist.NONCELEN);
6162
System.arraycopy(signature, nist.NONCELEN + 1, sig, 0, signature.length - nist.NONCELEN - 1);
62-
boolean res = nist.crypto_sign_open(sig,nonce,message,encodedkey,0) == 0;
63+
boolean res = nist.crypto_sign_open(false, sig,nonce,message,encodedkey,0) == 0;
6364
return res;
6465
}
6566
}

0 commit comments

Comments
 (0)