kris
/
SIDH_p751
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
105 Commits
14 Ramas
653 KiB
 
 
 
Rama: trials/prep_p503_trial5_context
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'trials/prep_p503_trial5_context'
${ noResults }
SIDH_p751/sidh/api.go

203 líneas
6.1 KiB
Original Enlace permanente Blame Histórico 

  1. package sidh

  2. 

  3. import (

  4. 	"errors"

  5. 	p751 "github.com/cloudflare/p751sidh/p751toolbox"

  6. //	. "github.com/cloudflare/p751sidh/internal/utils"

  7. 	"io"

  8. )

  9. 

  10. // I keep it bool in order to be able to apply logical NOT

  11. type KeyVariant uint

  12. type PrimeFieldId uint

  13. 

  14. // Id's correspond to bitlength of the prime field characteristic

  15. // Currently FP_751 is the only one supported by this implementation

  16. const (

  17. 	FP_503 PrimeFieldId = iota

  18. 	FP_751

  19. 	FP_964

  20. 	maxPrimeFieldId

  21. )

  22. 

  23. const (

  24. 	// First 2 bits identify SIDH variant third bit indicates

  25. 	// wether key is a SIKE variant (set) or SIDH (not set)

  26. 

  27. 	// 001 - SIDH: corresponds to 2-torsion group

  28. 	KeyVariant_SIDH_A KeyVariant = 1 << 0

  29. 	// 010 - SIDH: corresponds to 3-torsion group

  30. 	KeyVariant_SIDH_B = 1 << 1

  31. 	// 110 - SIKE

  32. 	KeyVariant_SIKE = 1<<2 | KeyVariant_SIDH_B

  33. )

  34. 

  35. // Base type for public and private key. Used mainly to carry domain

  36. // parameters.

  37. type key struct {

  38. 	// Domain parameters of the algorithm to be used with a key

  39. 	params *SidhParams

  40. 	// Flag indicates wether corresponds to 2-, 3-torsion group or SIKE

  41. 	keyVariant KeyVariant

  42. }

  43. 

  44. // Defines operations on public key

  45. type PublicKey struct {

  46. 	key

  47. 	affine_xP   p751.ExtensionFieldElement

  48. 	affine_xQ   p751.ExtensionFieldElement

  49. 	affine_xQmP p751.ExtensionFieldElement

  50. }

  51. 

  52. // Defines operations on private key

  53. type PrivateKey struct {

  54. 	key

  55. 	// Secret key

  56. 	Scalar []byte

  57. 	// Used only by KEM

  58. 	S []byte

  59. }

  60. 

  61. // Accessor to the domain parameters

  62. func (key *key) Params() *SidhParams {

  63. 	return key.params

  64. }

  65. 

  66. // Accessor to key variant

  67. func (key *key) Variant() KeyVariant {

  68. 	return key.keyVariant

  69. }

  70. 

  71. // NewPrivateKey initializes private key.

  72. // Usage of this function guarantees that the object is correctly initialized.

  73. func NewPrivateKey(id PrimeFieldId, v KeyVariant) *PrivateKey {

  74. 	prv := &PrivateKey{key: key{params: Params(id), keyVariant: v}}

  75. 	prv.Scalar = make([]byte, prv.params.SecretKeySize)

  76. 	if v == KeyVariant_SIKE {

  77. 		prv.S = make([]byte, prv.params.MsgLen)

  78. 	}

  79. 	return prv

  80. }

  81. 

  82. // NewPublicKey initializes public key.

  83. // Usage of this function guarantees that the object is correctly initialized.

  84. func NewPublicKey(id PrimeFieldId, v KeyVariant) *PublicKey {

  85. 	return &PublicKey{key: key{params: Params(id), keyVariant: v}}

  86. }

  87. 

  88. // Import clears content of the public key currently stored in the structure

  89. // and imports key stored in the byte string. Returns error in case byte string

  90. // size is wrong. Doesn't perform any validation.

  91. func (pub *PublicKey) Import(input []byte) error {

  92. 	if len(input) != pub.Size() {

  93. 		return errors.New("sidh: input to short")

  94. 	}

  95. 	pub.affine_xP.FromBytes(input[0:pub.params.SharedSecretSize])

  96. 	pub.affine_xQ.FromBytes(input[pub.params.SharedSecretSize : 2*pub.params.SharedSecretSize])

  97. 	pub.affine_xQmP.FromBytes(input[2*pub.params.SharedSecretSize : 3*pub.params.SharedSecretSize])

  98. 	return nil

  99. }

  100. 

  101. // Exports currently stored key. In case structure hasn't been filled with key data

  102. // returned byte string is filled with zeros.

  103. func (pub *PublicKey) Export() []byte {

  104. 	output := make([]byte, pub.params.PublicKeySize)

  105. 	pub.affine_xP.ToBytes(output[0:pub.params.SharedSecretSize])

  106. 	pub.affine_xQ.ToBytes(output[pub.params.SharedSecretSize : 2*pub.params.SharedSecretSize])

  107. 	pub.affine_xQmP.ToBytes(output[2*pub.params.SharedSecretSize : 3*pub.params.SharedSecretSize])

  108. 	return output

  109. }

  110. 

  111. // Size returns size of the public key in bytes

  112. func (pub *PublicKey) Size() int {

  113. 	return pub.params.PublicKeySize

  114. }

  115. 

  116. // Exports currently stored key. In case structure hasn't been filled with key data

  117. // returned byte string is filled with zeros.

  118. func (prv *PrivateKey) Export() []byte {

  119. 	ret := make([]byte, len(prv.Scalar)+len(prv.S))

  120. 	copy(ret, prv.S)

  121. 	copy(ret[len(prv.S):], prv.Scalar)

  122. 	return ret

  123. }

  124. 

  125. // Size returns size of the private key in bytes

  126. func (prv *PrivateKey) Size() int {

  127. 	tmp := prv.params.SecretKeySize

  128. 	if prv.Variant() == KeyVariant_SIKE {

  129. 		tmp += int(prv.params.MsgLen)

  130. 	}

  131. 	return tmp

  132. }

  133. 

  134. // Import clears content of the private key currently stored in the structure

  135. // and imports key from octet string. In case of SIKE, the random value 'S'

  136. // must be prepended to the value of actual private key (see SIKE spec for details).

  137. // Function doesn't import public key value to PrivateKey object.

  138. func (prv *PrivateKey) Import(input []byte) error {

  139. 	if len(input) != prv.Size() {

  140. 		return errors.New("sidh: input to short")

  141. 	}

  142. 	if len(prv.Scalar) != prv.params.SecretKeySize {

  143. 		return errors.New("sidh: object wrongly initialized")

  144. 	}

  145. 	copy(prv.S, input[:len(prv.S)])

  146. 	copy(prv.Scalar, input[len(prv.S):])

  147. 	return nil

  148. }

  149. 

  150. // Generates random private key for SIDH or SIKE. Returns error

  151. // in case user provided RNG or memory initialization fails.

  152. func (prv *PrivateKey) Generate(rand io.Reader) error {

  153. 	var err error

  154. 

  155. 	if (prv.keyVariant & KeyVariant_SIDH_A) == KeyVariant_SIDH_A {

  156. 		err = prv.generatePrivateKeyA(rand)

  157. 	} else {

  158. 		err = prv.generatePrivateKeyB(rand)

  159. 	}

  160. 

  161. 	if prv.keyVariant == KeyVariant_SIKE && err == nil {

  162. 		_, err = io.ReadFull(rand, prv.S)

  163. 	}

  164. 

  165. 	return err

  166. }

  167. 

  168. // Generates public key.

  169. //

  170. // Constant time.

  171. func (prv *PrivateKey) GeneratePublicKey() (*PublicKey) {

  172. 	if (prv.keyVariant & KeyVariant_SIDH_A) == KeyVariant_SIDH_A {

  173. 		return publicKeyGenA(prv)

  174. 	}

  175. 	return publicKeyGenB(prv)

  176. }

  177. 

  178. // Computes a shared secret which is a j-invariant. Function requires that pub has

  179. // different KeyVariant than prv. Length of returned output is 2*ceil(log_2 P)/8),

  180. // where P is a prime defining finite field.

  181. //

  182. // It's important to notice that each keypair must not be used more than once

  183. // to calculate shared secret.

  184. //

  185. // Function may return error. This happens only in case provided input is invalid.

  186. // Constant time for properly initialized private and public key.

  187. func DeriveSecret(prv *PrivateKey, pub *PublicKey) ([]byte, error) {

  188. 

  189. 	if (pub == nil) || (prv == nil) {

  190. 		return nil, errors.New("sidh: invalid arguments")

  191. 	}

  192. 

  193. 	if (pub.keyVariant == prv.keyVariant) || (pub.params.Id != prv.params.Id) {

  194. 		return nil, errors.New("sidh: public and private are incompatbile")

  195. 	}

  196. 

  197. 	if (prv.keyVariant & KeyVariant_SIDH_A) == KeyVariant_SIDH_A {

  198. 		return deriveSecretA(prv, pub), nil

  199. 	} else {

  200. 		return deriveSecretB(prv, pub), nil

  201. 	}

  202. }