kris
/
SIDH_p751
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
105 Incheckningar
14 Grenar
653 KiB
 
 
 
Träd: 40f4da2265
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från '40f4da2265'
${ noResults }
SIDH_p751/sike/sike_test.go

335 rader
9.2 KiB
Blame Historik 

  1. package sike

  2. 

  3. import (

  4. 	"testing"

  5. 

  6. 	"bufio"

  7. 	"bytes"

  8. 	"encoding/hex"

  9. 	"io"

  10. 	"os"

  11. 	"strings"

  12. 

  13. 	rand "crypto/rand"

  14. 	. "github.com/cloudflare/p751sidh/sidh"

  15. )

  16. 

  17. const (

  18. 	PkB    = "7C55E268665504B9A11A1B30B4363A4957960AD015A7B74DF39FB0141A95CC51A4BEBBB48452EF0C881220D68CB5FF904C0549F05F06BF49A520E684DD610A7E121B420C751B789BDCDB8B6EC136BA0CE74EB6904906057EA7343839EA35FAF2C3D7BE76C81DCA4DF0850CE5F111FF9FF97242EC5520310D7F90A004BACFD75408CBFE8948232A9CCF035136DE3691D9BEF110C3081AADF0D2328CE2CC94998D8AE94D6575083FAFA045F50201FCE841D01C214CC8BBEFCC701484215EA70518204C76A0DA89BEAF0B066F6FD9E78A2C908CF0AFF74E0B55477190F918397F0CF3A537B7911DA846196AD914114A15C2F3C1062D78B19D23348C3D3D4A9C2B2018B382CC44544DA2FA263EB6212D2D13F254216DE002D4AEA55C75C5349A681D7A809BCC29C4CAE1168AC790321FF7429FAAC2FC09465F93E10B9DD970901A1B1D045DDAC9D7B901E00F29AA9F2C87C8EF848E80B7B290ECF85D6BB4C7E975A939A7AFB63069F900A75C9B7B71C2E7472C21A87AB604B6372D4EBEC5974A711281A819636D8FA3E6608F2B81F35599BBB4A1EB5CBD8F743587550F8CE3A809F5C9C399DD52B2D15F217A36F3218C772FD4E67F67D526DEBE1D31FEC4634927A873A1A6CFE55FF1E35AB72EBBD22E3CDD9D2640813345015BB6BD25A6977D0391D4D78998DD178155FEBF247BED3A9F83EAF3346BA90098B908B2359B60491C94330626709D235D1CFB7C87DCA779CFBA23DA280DC06FAEA0FDB3773B0C6391F889D803B7C04AC6AB27375B440336789823176C57"

  19. 	PrB    = "00010203040506070809000102030405060708090001020304050607080901028626ED79D451140800E03B59B956F8210E556067407D13DC90FA9E8B872BFB8FAB0A7289852106E40538D3575C500201"

  20. 	KAT644 = "../etc/PQCkemKAT_644.rsp"

  21. )

  22. 

  23. var params = Params(FP_751)

  24. 

  25. // Fail if err !=nil. Display msg as an error message

  26. func checkErr(t testing.TB, err error, msg string) {

  27. 	if err != nil {

  28. 		t.Error(msg)

  29. 	}

  30. }

  31. 

  32. // Encrypt, Decrypt, check if input/output plaintext is the same

  33. func TestPKERoundTrip(t *testing.T) {

  34. 	// Message to be encrypted

  35. 	var msg [32]byte

  36. 	for i, _ := range msg {

  37. 		msg[i] = byte(i)

  38. 	}

  39. 

  40. 	// Import keys

  41. 	pkB := NewPublicKey(params.Id, KeyVariant_SIKE)

  42. 	skB := NewPrivateKey(params.Id, KeyVariant_SIKE)

  43. 	pk_hex, err := hex.DecodeString(PkB)

  44. 	if err != nil {

  45. 		t.Fatal(err)

  46. 	}

  47. 	sk_hex, err := hex.DecodeString(PrB)

  48. 	if err != nil {

  49. 		t.Fatal(err)

  50. 	}

  51. 	if pkB.Import(pk_hex) != nil || skB.Import(sk_hex) != nil {

  52. 		t.Error("Import")

  53. 	}

  54. 

  55. 	ct, err := Encrypt(rand.Reader, pkB, msg[:])

  56. 	if err != nil {

  57. 		t.Fatal(err)

  58. 	}

  59. 	pt, err := Decrypt(skB, ct)

  60. 	if err != nil {

  61. 		t.Fatal(err)

  62. 	}

  63. 	if !bytes.Equal(pt[:], msg[:]) {

  64. 		t.Errorf("Decryption failed \n got : %X\n exp : %X", pt, msg)

  65. 	}

  66. }

  67. 

  68. // Generate key and check if can encrypt

  69. func TestPKEKeyGeneration(t *testing.T) {

  70. 	// Message to be encrypted

  71. 	var msg [32]byte

  72. 	var err error

  73. 	for i, _ := range msg {

  74. 		msg[i] = byte(i)

  75. 	}

  76. 

  77. 	sk := NewPrivateKey(params.Id, KeyVariant_SIKE)

  78. 	err = sk.Generate(rand.Reader)

  79. 	checkErr(t, err, "PEK key generation")

  80. 	pk := sk.GeneratePublicKey()

  81. 

  82. 	// Try to encrypt

  83. 	ct, err := Encrypt(rand.Reader, pk, msg[:])

  84. 	checkErr(t, err, "PEK encryption")

  85. 	pt, err := Decrypt(sk, ct)

  86. 	checkErr(t, err, "PEK key decryption")

  87. 

  88. 	if !bytes.Equal(pt[:], msg[:]) {

  89. 		t.Fatalf("Decryption failed \n got : %X\n exp : %X", pt, msg)

  90. 	}

  91. }

  92. 

  93. func TestNegativePKE(t *testing.T) {

  94. 	var msg [40]byte

  95. 	var err error

  96. 

  97. 	// Generate key

  98. 	sk := NewPrivateKey(params.Id, KeyVariant_SIKE)

  99. 	err = sk.Generate(rand.Reader)

  100. 	checkErr(t, err, "key generation")

  101. 

  102. 	pk := sk.GeneratePublicKey()

  103. 

  104. 	ct, err := Encrypt(rand.Reader, pk, msg[:39])

  105. 	if err == nil {

  106. 		t.Fatal("Error hasn't been returned")

  107. 	}

  108. 	if ct != nil {

  109. 		t.Fatal("Ciphertext must be nil")

  110. 	}

  111. 

  112. 	pt, err := Decrypt(sk, msg[:23])

  113. 	if err == nil {

  114. 		t.Fatal("Error hasn't been returned")

  115. 	}

  116. 	if pt != nil {

  117. 		t.Fatal("Ciphertext must be nil")

  118. 	}

  119. }

  120. 

  121. func testKEMRoundTrip(pkB, skB []byte) bool {

  122. 	// Import keys

  123. 	pk := NewPublicKey(params.Id, KeyVariant_SIKE)

  124. 	sk := NewPrivateKey(params.Id, KeyVariant_SIKE)

  125. 	if pk.Import(pkB) != nil || sk.Import(skB) != nil {

  126. 		return false

  127. 	}

  128. 

  129. 	ct, ss_e, err := Encapsulate(rand.Reader, pk)

  130. 	if err != nil {

  131. 		return false

  132. 	}

  133. 

  134. 	ss_d, err := Decapsulate(sk, pk, ct)

  135. 	if err != nil {

  136. 		return false

  137. 	}

  138. 	return bytes.Equal(ss_e, ss_d)

  139. }

  140. 

  141. func TestKEMRoundTrip(t *testing.T) {

  142. 	pk, err := hex.DecodeString(PkB)

  143. 	checkErr(t, err, "public key B not a number")

  144. 	sk, err := hex.DecodeString(PrB)

  145. 	checkErr(t, err, "private key B not a number")

  146. 	if !testKEMRoundTrip(pk, sk) {

  147. 		t.Error("kem roundtrip failed")

  148. 	}

  149. }

  150. 

  151. func TestKEMKeyGeneration(t *testing.T) {

  152. 	// Generate key

  153. 	sk := NewPrivateKey(params.Id, KeyVariant_SIKE)

  154. 	checkErr(t, sk.Generate(rand.Reader), "error: key generation")

  155. 	pk := sk.GeneratePublicKey()

  156. 

  157. 	// calculated shared secret

  158. 	ct, ss_e, err := Encapsulate(rand.Reader, pk)

  159. 	checkErr(t, err, "encapsulation failed")

  160. 	ss_d, err := Decapsulate(sk, pk, ct)

  161. 	checkErr(t, err, "decapsulation failed")

  162. 

  163. 	if !bytes.Equal(ss_e, ss_d) {

  164. 		t.Fatalf("KEM failed \n encapsulated: %X\n decapsulated: %X", ss_d, ss_e)

  165. 	}

  166. }

  167. 

  168. func TestNegativeKEM(t *testing.T) {

  169. 	sk := NewPrivateKey(params.Id, KeyVariant_SIKE)

  170. 	checkErr(t, sk.Generate(rand.Reader), "error: key generation")

  171. 	pk := sk.GeneratePublicKey()

  172. 

  173. 	ct, ss_e, err := Encapsulate(rand.Reader, pk)

  174. 	checkErr(t, err, "pre-requisite for a test failed")

  175. 

  176. 	ct[0] = ct[0] - 1

  177. 	ss_d, err := Decapsulate(sk, pk, ct)

  178. 	checkErr(t, err, "decapsulation returns error when invalid ciphertext provided")

  179. 

  180. 	if bytes.Equal(ss_e, ss_d) {

  181. 		// no idea how this could ever happen, but it would be very bad

  182. 		t.Error("critical error")

  183. 	}

  184. 

  185. 	// Try encapsulating with SIDH key

  186. 	pkSidh := NewPublicKey(params.Id, KeyVariant_SIDH_B)

  187. 	prSidh := NewPrivateKey(params.Id, KeyVariant_SIDH_B)

  188. 	_, _, err = Encapsulate(rand.Reader, pkSidh)

  189. 	if err == nil {

  190. 		t.Error("encapsulation accepts SIDH public key")

  191. 	}

  192. 	// Try decapsulating with SIDH key

  193. 	_, err = Decapsulate(prSidh, pk, ct)

  194. 	if err == nil {

  195. 		t.Error("decapsulation accepts SIDH private key key")

  196. 	}

  197. }

  198. 

  199. // In case invalid ciphertext is provided, SIKE's decapsulation must

  200. // return same (but unpredictable) result for a given key.

  201. func TestNegativeKEMSameWrongResult(t *testing.T) {

  202. 	sk := NewPrivateKey(params.Id, KeyVariant_SIKE)

  203. 	checkErr(t, sk.Generate(rand.Reader), "error: key generation")

  204. 	pk := sk.GeneratePublicKey()

  205. 

  206. 	ct, encSs, err := Encapsulate(rand.Reader, pk)

  207. 	checkErr(t, err, "pre-requisite for a test failed")

  208. 

  209. 	// make ciphertext wrong

  210. 	ct[0] = ct[0] - 1

  211. 	decSs1, err := Decapsulate(sk, pk, ct)

  212. 	checkErr(t, err, "pre-requisite for a test failed")

  213. 

  214. 	// second decapsulation must be done with same, but imported private key

  215. 	expSk := sk.Export()

  216. 

  217. 	// creat new private key

  218. 	sk = NewPrivateKey(params.Id, KeyVariant_SIKE)

  219. 	err = sk.Import(expSk)

  220. 	checkErr(t, err, "import failed")

  221. 

  222. 	// try decapsulating again. ss2 must be same as ss1 and different than

  223. 	// original plaintext

  224. 	decSs2, err := Decapsulate(sk, pk, ct)

  225. 	checkErr(t, err, "pre-requisite for a test failed")

  226. 

  227. 	if !bytes.Equal(decSs1, decSs2) {

  228. 		t.Error("decapsulation is insecure")

  229. 	}

  230. 

  231. 	if bytes.Equal(encSs, decSs1) || bytes.Equal(encSs, decSs2) {

  232. 		// this test requires that decapsulation returns wrong result

  233. 		t.Errorf("test implementation error")

  234. 	}

  235. }

  236. 

  237. func readAndCheckLine(r *bufio.Reader) []byte {

  238. 	// Read next line from buffer

  239. 	line, isPrefix, err := r.ReadLine()

  240. 	if err != nil || isPrefix {

  241. 		panic("Wrong format of input file")

  242. 	}

  243. 

  244. 	// Function expects that line is in format "KEY = HEX_VALUE". Get

  245. 	// value, which should be a hex string

  246. 	hexst := strings.Split(string(line), "=")[1]

  247. 	hexst = strings.TrimSpace(hexst)

  248. 	// Convert value to byte string

  249. 	ret, err := hex.DecodeString(hexst)

  250. 	if err != nil {

  251. 		panic("Wrong format of input file")

  252. 	}

  253. 	return ret

  254. }

  255. 

  256. func testKeygen(pk, sk []byte) bool {

  257. 	// Import provided private key

  258. 	var prvKey = NewPrivateKey(params.Id, KeyVariant_SIKE)

  259. 	if prvKey.Import(sk) != nil {

  260. 		panic("sike test: can't load KAT")

  261. 	}

  262. 

  263. 	// Generate public key

  264. 	pubKey := prvKey.GeneratePublicKey()

  265. 	return bytes.Equal(pubKey.Export(), pk)

  266. }

  267. 

  268. func testDecapsulation(pk, sk, ct, ssExpected []byte) bool {

  269. 	var pubKey = NewPublicKey(params.Id, KeyVariant_SIKE)

  270. 	var prvKey = NewPrivateKey(params.Id, KeyVariant_SIKE)

  271. 	if pubKey.Import(pk) != nil || prvKey.Import(sk) != nil {

  272. 		panic("sike test: can't load KAT")

  273. 	}

  274. 

  275. 	ssGot, err := Decapsulate(prvKey, pubKey, ct)

  276. 	if err != nil {

  277. 		panic("sike test: can't perform decapsulation KAT")

  278. 	}

  279. 

  280. 	if err != nil {

  281. 		return false

  282. 	}

  283. 	return bytes.Equal(ssGot, ssExpected)

  284. }

  285. 

  286. func TestSIKE_KAT(t *testing.T) {

  287. 	f, err := os.Open(KAT644)

  288. 	if err != nil {

  289. 		t.Fatal(err)

  290. 	}

  291. 

  292. 	r := bufio.NewReader(f)

  293. 	for {

  294. 		line, isPrefix, err := r.ReadLine()

  295. 		if err != nil || isPrefix {

  296. 			if err == io.EOF {

  297. 				break

  298. 			} else {

  299. 				t.Fatal(err)

  300. 			}

  301. 		}

  302. 		if len(strings.TrimSpace(string(line))) == 0 || line[0] == '#' {

  303. 			continue

  304. 		}

  305. 

  306. 		// count

  307. 		count := strings.Split(string(line), "=")[1]

  308. 		// seed

  309. 		_ = readAndCheckLine(r)

  310. 		// pk

  311. 		pk := readAndCheckLine(r)

  312. 		// sk (secret key in test vector is concatenation of

  313. 		// MSG + SECRET_BOB_KEY + PUBLIC_BOB_KEY. We use only MSG+SECRET_BOB_KEY

  314. 		sk := readAndCheckLine(r)

  315. 		sk = sk[:params.MsgLen+uint(params.SecretKeySize)]

  316. 		// ct

  317. 		ct := readAndCheckLine(r)

  318. 		// ss

  319. 		ss := readAndCheckLine(r)

  320. 

  321. 		if !testKeygen(pk, sk) {

  322. 			t.Fatalf("KAT keygen form private failed at %s\n", count)

  323. 		}

  324. 

  325. 		if !testDecapsulation(pk, sk, ct, ss) {

  326. 			t.Fatalf("KAT decapsulation failed at %s\n", count)

  327. 		}

  328. 

  329. 		// aditionally test roundtrip with a keypair

  330. 		if !testKEMRoundTrip(pk, sk) {

  331. 			t.Fatalf("KAT roundtrip failed at %s\n", count)

  332. 		}

  333. 	}

  334. }