Commit Graph

9 Commits

Author SHA1 Message Date
Matt Braithwaite
6b7436b0d2 newhope: restore statistical tests.
One of these tests the distribution of noise polynomials; the other
tests that that agreed-upon keys (prior to whitening) have roughly equal
numbers of 0s and 1s.

Along the way, expose a few more API bits.

Change-Id: I6b04708d41590de45d82ea95bae1033cfccd5d67
Reviewed-on: https://boringssl-review.googlesource.com/8130
Reviewed-by: Adam Langley <agl@google.com>
2016-06-03 21:26:18 +00:00
Matt Braithwaite
27e863e711 newhope: improve test vectors.
This commit adds coverage of the "offer" (first) step, as well as
testing all outputs of the "accept" (second) step, not just the shared
key.

Change-Id: Id11fe24029abc302442484a6c01fa496a1578b3a
Reviewed-on: https://boringssl-review.googlesource.com/8100
Reviewed-by: Adam Langley <agl@google.com>
2016-06-02 19:28:00 +00:00
Matt Braithwaite
db207264ad newhope: refactor and add test vectors.
The test vectors are taken from the reference implementation, modified
to output the results of its random-number generator, and the results of
key generation prior to SHA3.  This allows the interoperability of the
two implementations to be tested somewhat.

To accomplish the testing, this commit creates a new, lower-level API
that leaves the generation of random numbers and all wire encoding and
decoding up to the caller.

Change-Id: Ifae3517696dde4be4a0b7c1998bdefb789bac599
Reviewed-on: https://boringssl-review.googlesource.com/8070
Reviewed-by: Adam Langley <agl@google.com>
2016-05-31 21:57:45 +00:00
Matt Braithwaite
e09e579603 Rename NEWHOPE functions to offer/accept/finish.
This is consistent with the new convention in ssl_ecdh.c.

Along the way, change newhope_test.c to not iterate 1000 times over each
test.

Change-Id: I7a500f45b838eba8f6df96957891aa8e880ba089
Reviewed-on: https://boringssl-review.googlesource.com/8012
Reviewed-by: David Benjamin <davidben@google.com>
2016-05-19 18:17:48 +00:00
Matt Braithwaite
9478f32175 newhope: use less stack to compute client key
Change-Id: Idf500545317242c8855e67b897975e54969fea10
Reviewed-on: https://boringssl-review.googlesource.com/7782
Reviewed-by: Adam Langley <agl@google.com>
2016-04-27 19:25:25 +00:00
Adam Langley
e75f0530a0 More fixes for MSVC.
Change-Id: I2cde4d99974a28126452bb66c6e176b92b7f0bc9
2016-04-26 16:25:31 -07:00
Adam Langley
bc57d55c9f Corrupt the newhope secret key directly.
Rather than use an internal function in a test (which would need an
OPENSSL_EXPORT to work in a shared-library build), this change corrupts
the secret key directly.

Change-Id: Iee501910b23a0affaa0639dcc773d6ea2d0c5a82
Reviewed-on: https://boringssl-review.googlesource.com/7780
Reviewed-by: Matt Braithwaite <mab@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-04-26 23:20:47 +00:00
Matt Braithwaite
945cf9a131 newhope: MSVC can't size array using static size_t
Change-Id: I5060b1a3e800db21d2205f11951b4ad8a5986133
Reviewed-on: https://boringssl-review.googlesource.com/7770
Reviewed-by: Adam Langley <agl@google.com>
2016-04-26 23:07:16 +00:00
Matt Braithwaite
045a0ffe35 Import `newhope' (post-quantum key exchange).
This derives from the reference implementation:

Source: https://github.com/tpoeppelmann/newhope/tree/master/ref at bc06c1ac
Paper: https://eprint.iacr.org/2015/1092

However, it does not interoperate, due to the replacement of SHAKE-128
with AES-CTR (for polynomial generation) and the replacement of SHA-3
with SHA-256 (for key whitening).

Change-Id: I6a55507aea85331245e2fbd41bae5cc049fdca3c
Reviewed-on: https://boringssl-review.googlesource.com/7690
Reviewed-by: Adam Langley <agl@google.com>
2016-04-26 22:53:59 +00:00