randombit · randombit · Mar 17, 2023 · Mar 16, 2023 · Mar 16, 2023 · Mar 16, 2023
diff --git a/src/lib/pubkey/kyber/kyber/kyber_modern.h b/src/lib/pubkey/kyber/kyber/kyber_modern.h
@@ -24,44 +24,75 @@ namespace Botan {
 class Kyber_Modern_Symmetric_Primitives : public Kyber_Symmetric_Primitives
    {
    public:
+      Kyber_Modern_Symmetric_Primitives() :
+         m_sha3_512(HashFunction::create_or_throw("SHA-3(512)")),
+         m_sha3_256(HashFunction::create_or_throw("SHA-3(256)")),
+         m_shake256_256(HashFunction::create_or_throw("SHAKE-256(256)"))
+         {}
+
       std::unique_ptr<HashFunction> G() const override
          {
-         return HashFunction::create_or_throw("SHA-3(512)");
+         return m_sha3_512->new_object();
          }
 
       std::unique_ptr<HashFunction> H() const override
          {
-         return HashFunction::create_or_throw("SHA-3(256)");
+         return m_sha3_256->new_object();
          }
 
       std::unique_ptr<HashFunction> KDF() const override
          {
-         return HashFunction::create_or_throw("SHAKE-256(256)");
+         return m_shake256_256->new_object();
          }
 
-      std::unique_ptr<StreamCipher> XOF(const std::vector<uint8_t>& seed,
-                                        const std::tuple<uint8_t, uint8_t>& matrix_position) const override
+      std::unique_ptr<Kyber_XOF> XOF(std::span<const uint8_t> seed) const override
          {
-         std::vector<uint8_t> key;
-         key.reserve(seed.size() + 2);
-         key.insert(key.end(), seed.cbegin(), seed.cend());
-         key.push_back(std::get<0>(matrix_position));
-         key.push_back(std::get<1>(matrix_position));
+         class Kyber_Modern_XOF final : public Kyber_XOF
+            {
+            public:
+               Kyber_Modern_XOF(std::span<const uint8_t> seed) :
+                  m_cipher(std::make_unique<SHAKE_128_Cipher>())
+                  {
+                  m_key.reserve(seed.size() + 2);
+                  m_key.insert(m_key.end(), seed.begin(), seed.end());
+                  m_key.push_back(0);
+                  m_key.push_back(0);
+                  }
+
+               void set_position(const std::tuple<uint8_t, uint8_t>& matrix_position) override
+                  {
+                  m_key[m_key.size() - 2] = std::get<0>(matrix_position);
+                  m_key[m_key.size() - 1] = std::get<1>(matrix_position);
+                  m_cipher->set_key(m_key);
+                  }
 
-         auto cipher = std::make_unique<SHAKE_128_Cipher>();
-         cipher->set_key(key);
+               void write_output(std::span<uint8_t> out) override
+                  {
+                  m_cipher->write_keystream(out.data(), out.size());
+                  }
 
-         return cipher;
+            private:
+               std::unique_ptr<StreamCipher> m_cipher;
+               secure_vector<uint8_t> m_key;
+            };
+
+         return std::make_unique<Kyber_Modern_XOF>(seed);
          }
 
-      secure_vector<uint8_t> PRF(const secure_vector<uint8_t>& seed, const uint8_t nonce,
+      secure_vector<uint8_t> PRF(std::span<const uint8_t> seed,
+                                 const uint8_t nonce,
                                  const size_t outlen) const override
          {
          SHAKE_256 kdf(outlen * 8);
-         kdf.update(seed);
+         kdf.update(seed.data(), seed.size());
          kdf.update(nonce);
          return kdf.final();
          }
+
+   private:
+      std::unique_ptr<HashFunction> m_sha3_512;
+      std::unique_ptr<HashFunction> m_sha3_256;
+      std::unique_ptr<HashFunction> m_shake256_256;
    };
 
 } // namespace Botan

diff --git a/src/lib/pubkey/kyber/kyber_90s/kyber_90s.h b/src/lib/pubkey/kyber/kyber_90s/kyber_90s.h
@@ -22,47 +22,76 @@ namespace Botan {
 class Kyber_90s_Symmetric_Primitives : public Kyber_Symmetric_Primitives
    {
    public:
+      Kyber_90s_Symmetric_Primitives() :
+         m_sha512(HashFunction::create_or_throw("SHA-512")),
+         m_sha256(HashFunction::create_or_throw("SHA-256")),
+         m_aes256_ctr(StreamCipher::create_or_throw("CTR-BE(AES-256)"))
+         {}
+
       std::unique_ptr<HashFunction> G() const override
          {
-         return HashFunction::create_or_throw("SHA-512");
+         return m_sha512->new_object();
          }
 
       std::unique_ptr<HashFunction> H() const override
          {
-         return HashFunction::create_or_throw("SHA-256");
+         return m_sha256->new_object();
          }
 
       std::unique_ptr<HashFunction> KDF() const override
          {
-         return HashFunction::create_or_throw("SHA-256");
+         return m_sha256->new_object();
          }
 
-      std::unique_ptr<StreamCipher> XOF(const std::vector<uint8_t>& seed,
-                                        const std::tuple<uint8_t, uint8_t>& matrix_position) const override
+      std::unique_ptr<Kyber_XOF> XOF(std::span<const uint8_t> seed) const override
          {
-         std::array<uint8_t, 12> iv = {std::get<0>(matrix_position), std::get<1>(matrix_position), 0};
-
-         auto cipher = StreamCipher::create_or_throw("CTR-BE(AES-256)");
-         cipher->set_key(seed);
-         cipher->set_iv(iv.data(), iv.size());
-
-         return cipher;
+         class Kyber_90s_XOF final : public Kyber_XOF
+            {
+            public:
+               Kyber_90s_XOF(std::unique_ptr<StreamCipher> cipher,
+                             std::span<const uint8_t> seed) :
+                  m_cipher(std::move(cipher))
+                  {
+                  m_cipher->set_key(seed);
+                  }
+
+               void set_position(const std::tuple<uint8_t, uint8_t>& matrix_position) override
+                  {
+                  std::array<uint8_t, 12> iv = {std::get<0>(matrix_position), std::get<1>(matrix_position), 0};
+                  m_cipher->set_iv(iv.data(), iv.size());
+                  }
+
+               void write_output(std::span<uint8_t> out) override
+                  {
+                  m_cipher->write_keystream(out.data(), out.size());
+                  }
+
+            private:
+               std::unique_ptr<StreamCipher> m_cipher;
+            };
+
+         return std::make_unique<Kyber_90s_XOF>(m_aes256_ctr->new_object(), seed);
          }
 
-      secure_vector<uint8_t> PRF(const secure_vector<uint8_t>& seed, const uint8_t nonce,
+      secure_vector<uint8_t> PRF(std::span<const uint8_t> seed,
+                                 const uint8_t nonce,
                                  const size_t outlen) const override
          {
-         auto cipher = StreamCipher::create_or_throw("CTR-BE(AES-256)");
-         cipher->set_key(seed);
+         m_aes256_ctr->set_key(seed);
 
          const std::array<uint8_t, 12> iv = {nonce, 0};
-         cipher->set_iv(iv.data(), iv.size());
+         m_aes256_ctr->set_iv(iv.data(), iv.size());
 
          secure_vector<uint8_t> out(outlen);
-         cipher->encrypt(out);
+         m_aes256_ctr->write_keystream(out.data(), out.size());
 
          return out;
          }
+
+   private:
+      std::unique_ptr<HashFunction> m_sha512;
+      std::unique_ptr<HashFunction> m_sha256;
+      std::unique_ptr<StreamCipher> m_aes256_ctr;
    };
 
 } // namespace Botan