org.bouncycastle.pqc.crypto.sphincs.Horst Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of bcprov-ext-debug-jdk15on Show documentation

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8. Note: this package includes the NTRU encryption algorithms.

There is a newer version: 1.70

Show newest version

package org.bouncycastle.pqc.crypto.sphincs;

class Horst
{
    static final int HORST_LOGT = 16;
    static final int HORST_T = (1<>> 1; // parent node

                if ((idx & 1) == 0)
                {
                    hs.hash_2n_n_mask(buffer, 0, buffer, 0, masks, 2 * (j - 1) * SPHINCS256Config.HASH_BYTES);
                    for (k = 0; k < SPHINCS256Config.HASH_BYTES; k++)
                        buffer[SPHINCS256Config.HASH_BYTES + k] = sig[sigOffset + k];
                }
                else
                {

                    hs.hash_2n_n_mask(buffer, SPHINCS256Config.HASH_BYTES, buffer, 0, masks, 2 * (j - 1) * SPHINCS256Config.HASH_BYTES);
                    for (k = 0; k < SPHINCS256Config.HASH_BYTES; k++)
                        buffer[k] = sig[sigOffset + k];
                }
                sigOffset += SPHINCS256Config.HASH_BYTES;
            }

            idx = idx >>> 1; // parent node
            hs.hash_2n_n_mask(buffer, 0, buffer, 0, masks, 2 * (HORST_LOGT - 7) * SPHINCS256Config.HASH_BYTES);

            for (k = 0; k < SPHINCS256Config.HASH_BYTES; k++)
                if (sig[sigOff + idx * SPHINCS256Config.HASH_BYTES + k] != buffer[k])
                {
                    for (k = 0; k < SPHINCS256Config.HASH_BYTES; k++)
                        pk[k] = 0;
                    return -1;
                }
        }

        // Compute root from level10
        for (j = 0; j < 32; j++)
        {
            hs.hash_2n_n_mask(buffer, j * SPHINCS256Config.HASH_BYTES, sig, sigOff + 2 * j * SPHINCS256Config.HASH_BYTES, masks, 2 * (HORST_LOGT - 6) * SPHINCS256Config.HASH_BYTES);
        }

        // Hash from level 11 to 12
        for (j = 0; j < 16; j++)
        {
            hs.hash_2n_n_mask(buffer, j * SPHINCS256Config.HASH_BYTES, buffer, 2 * j * SPHINCS256Config.HASH_BYTES, masks, 2 * (HORST_LOGT - 5) * SPHINCS256Config.HASH_BYTES);
        }

        // Hash from level 12 to 13
        for (j = 0; j < 8; j++)
        {
            hs.hash_2n_n_mask(buffer, j * SPHINCS256Config.HASH_BYTES, buffer, 2 * j * SPHINCS256Config.HASH_BYTES, masks, 2 * (HORST_LOGT - 4) * SPHINCS256Config.HASH_BYTES);
        }

        // Hash from level 13 to 14
        for (j = 0; j < 4; j++)
        {
            hs.hash_2n_n_mask(buffer, j * SPHINCS256Config.HASH_BYTES, buffer, 2 * j * SPHINCS256Config.HASH_BYTES, masks, 2 * (HORST_LOGT - 3) * SPHINCS256Config.HASH_BYTES);
        }

        // Hash from level 14 to 15
        for (j = 0; j < 2; j++)
        {
            hs.hash_2n_n_mask(buffer, j * SPHINCS256Config.HASH_BYTES, buffer, 2 * j * SPHINCS256Config.HASH_BYTES, masks, 2 * (HORST_LOGT - 2) * SPHINCS256Config.HASH_BYTES);
        }

        // Hash from level 15 to 16
        hs.hash_2n_n_mask(pk, 0, buffer, 0, masks, 2 * (HORST_LOGT - 1) * SPHINCS256Config.HASH_BYTES);

        return 0;
    }
}