using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Digests; using Org.BouncyCastle.Pqc.Crypto.Ntru.Owcpa; using Org.BouncyCastle.Pqc.Crypto.Ntru.ParameterSets; using Org.BouncyCastle.Pqc.Crypto.Ntru.Polynomials; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using System; namespace Org.BouncyCastle.Pqc.Crypto.Ntru { public class NtruKemGenerator : IEncapsulatedSecretGenerator { private readonly SecureRandom m_random; public NtruKemGenerator(SecureRandom random) { if (random == null) throw new ArgumentNullException("random"); m_random = random; } public ISecretWithEncapsulation GenerateEncapsulated(AsymmetricKeyParameter recipientKey) { if (recipientKey == null) throw new ArgumentNullException("recipientKey"); NtruPublicKeyParameters ntruPublicKeyParameters = recipientKey as NtruPublicKeyParameters; if (ntruPublicKeyParameters == null) throw new ArgumentException("recipientKey"); NtruParameterSet parameterSet = ntruPublicKeyParameters.Parameters.ParameterSet; NtruSampling ntruSampling = new NtruSampling(parameterSet); NtruOwcpa ntruOwcpa = new NtruOwcpa(parameterSet); byte[] array = new byte[parameterSet.OwcpaMsgBytes()]; byte[] array2 = new byte[parameterSet.SampleRmBytes()]; m_random.NextBytes(array2); PolynomialPair polynomialPair = ntruSampling.SampleRm(array2); Polynomial polynomial = polynomialPair.R(); Polynomial polynomial2 = polynomialPair.M(); polynomial.S3ToBytes(array, 0); polynomial2.S3ToBytes(array, parameterSet.PackTrinaryBytes()); Sha3Digest sha3Digest = new Sha3Digest(256); byte[] array3 = new byte[sha3Digest.GetDigestSize()]; sha3Digest.BlockUpdate(array, 0, array.Length); sha3Digest.DoFinal(array3, 0); polynomial.Z3ToZq(); byte[] ciphertext = ntruOwcpa.Encrypt(polynomial, polynomial2, ntruPublicKeyParameters.GetEncoded()); byte[] sharedKey = Arrays.CopyOfRange(array3, 0, parameterSet.SharedKeyBytes); Array.Clear(array3, 0, array3.Length); return new NtruEncapsulation(sharedKey, ciphertext); } } }