go-sike/sike_test.go

763 lines
25 KiB
Go
Raw Normal View History

2019-03-29 22:13:53 +00:00
package sike
import (
"bufio"
"bytes"
"crypto/rand"
"encoding/hex"
2019-05-05 11:30:32 +01:00
"io"
2019-03-29 22:13:53 +00:00
"math/big"
2019-05-05 11:30:32 +01:00
"os"
2019-03-29 22:13:53 +00:00
"strings"
"testing"
)
var tdata = struct {
name string
2019-05-05 11:30:32 +01:00
katFile string
2019-03-29 22:13:53 +00:00
PrB_sidh string
PkB_sidh string
PkB_sike string
PrB_sike string
PrA_sike string
PkA_sike string
}{
2019-06-25 18:21:00 +01:00
name: "SIKEp503",
2019-05-05 11:30:32 +01:00
katFile: "etc/PQCkemKAT_434.rsp",
2019-06-25 18:21:00 +01:00
PrB_sidh: "8626ED79D451140800E03B59B956F8210E556067407D13DC90FA9E8B872BFB0F",
PkB_sidh: "BB066F920803D8A481A09CD6398DCAE8D330AE2035245A92491228D6AC86A7E024D6318CC3FAC233A90F086EF663A74CD102D7A33BE96F726E084F3C8C630DD1CAD79289B68275962C90A29E061A8C5C266D4A9DE1D94FAA8E539A7A4FD5487905A1FAD75CBEF0B2BF298645C26D6A904EBA9B468B43B66B3CE579EF140379C4B0F06B2005B345A677590FB1A6C6B73D90D953383621EE667B9E9B3254403AF1C66D8FA8F0A9A3B06B1B6D81C661BCD0FCD09D96FF6A9AF52C4F68DB2E12DFB16319F6F24B7B206E94331F26165F501179F956AED2DC42679CAD539E32D9BF36F1764D5F3A596ADC504E0FF1F25A544FA139E0ACB516D6D5A15F0A0C4F03C0CF363086184E462035CA87BF21393DC8918E21258029A0DC7295FB7F04E363F0A63EE299AD9E638324E5A2027BF38C868AF49A591BDEA9D7C376981D015E55FBE641010C70AB08809AAE335B4B97081FB95621469F9B92F637A41BCBB7DC3D1D7242E3E5FD7CA8E3381057AAB9F948498AF438B5F8D2E157B5A318",
PrA_sike: "003271531CF27285B8721ED5CB46853043B346A66CBA6CF765F1B0EAA40BF602",
PkA_sike: "BE0CB724207D42075EC1569F43FFB8178C64E1F3EAF9D914879B3B3CAD1D12048CBB72861CA0B72C16F65FB4DA98778D9F37CF1442147AE179A8D1099D77028740BD72DFC873A8D2F293A603E5C4A13F7668E8F5C363602A490D47F4F95B269706BDC8DFDEAD77026D9842BB8B5CC4BFB99AF75ED8E4A6994DD4BD5BA606D9EF21A38E26CC35AE5C57324CFE6C16B53D61AD985B37F4B1E2F11234C52A869E184008999358EC0D2B4F2F163A09D3BA9B83D7E5647B5BE92014286D5F0BCE0CA14417226462191D3F0D8587A3ADA2C561FBA5DFE938606476882472C64C9E07D6BDB6C51D59B7978C792383C0CCC28337192A30340742C82EFCB3693FE93FBDA870554CF40F2B176C831628FF339739EC87389A2DD261EE9C6AAFF09ECEFF6C5074D7755ACA4A9D937A1F3A7C31D82E606E6CC6AC90189C17899B13EB759761EEA35AAF74D0B7F2411031AF81B9B946AE2E154FC08F3BB3E2DDE5F52DBC0E1164DCE028EFA45B1D58F4B32EF016D4F995909D3E0F3F69B8115D35",
PrB_sike: "4B622DE1350119C45A9F2E2EF3DC5DF50A759D138CDFBD64E82FCC97CA60CCB27BF6938C975658AEB8B4D37CFFBDE25D97E561F36C219A0E",
PkB_sike: "4EC46509AB1C547BDF2311B3AF82FCD25A83D154D9649C0D1A7F1E4D174BE9ED44F4B8AD2160FF43D4B94E65BE5A64DA3B8D5B63A02C3DCD376BB24122E03C3F09F4253E6F117999D0359F6BAB94F38BDB4B681EE09351483380EA4839E7808F8DF11C9A01DBC9D4C61075F3FF39B444679A8F3BEAE4BD47BE5B3A4D4B0F44F44BC8AB1B40E91852605F92860F6B4E627E8F7B00168CED2BA9D86865A5314E32E39B15E2021790CECA67A47959915E5C9717C96A055ADA061921F15306E4600751E984DA5FBC72E5F4E7B1182F60109DDD50C04A7A8D4281121AECD824730F38BE81A9D59B480DE44EB6CFC93436000C6E302B710FE3C24E6E6E0A371DF2B81CFBB37EDBD739926DBBE95A81D90DA22A7A5DF0DEE13031B7DE91504F45E20F0F15B24931A5D41EE48FA84F11D9F33B1F5BF315B355FAC0AB40C702190C190489DDA7B8715E680CE0DE4BFB50D78290C1A4C29F7C776597D9FB6C1DE65E150FAD46DF3CF38BDB22493697A2307A121B67C90B04C0809E1C8CA916",
2019-03-29 22:13:53 +00:00
}
/* -------------------------------------------------------------------------
Helpers
-------------------------------------------------------------------------*/
// Fail if err !=nil. Display msg as an error message
func checkErr(t testing.TB, err error, msg string) {
if err != nil {
t.Error(msg)
}
}
// Utility used for running same test with all registered prime fields
type MultiIdTestingFunc func(testing.TB)
// Converts string to private key
func convToPrv(s string, v KeyVariant) *PrivateKey {
key := NewPrivateKey(v)
hex, e := hex.DecodeString(s)
if e != nil {
panic("non-hex number provided")
}
e = key.Import(hex)
if e != nil {
panic("Can't import private key")
}
return key
}
// Converts string to public key
func convToPub(s string, v KeyVariant) *PublicKey {
key := NewPublicKey(v)
hex, e := hex.DecodeString(s)
if e != nil {
panic("non-hex number provided")
}
e = key.Import(hex)
if e != nil {
panic("Can't import public key")
}
return key
}
/* -------------------------------------------------------------------------
Unit tests
-------------------------------------------------------------------------*/
func TestKeygen(t *testing.T) {
2019-05-06 11:42:26 +01:00
var keyExp, keyGot [63 * 2 * 3]byte
2019-03-29 22:13:53 +00:00
alicePrivate := convToPrv(tdata.PrA_sike, KeyVariant_SIDH_A)
bobPrivate := convToPrv(tdata.PrB_sidh, KeyVariant_SIDH_B)
expPubA := convToPub(tdata.PkA_sike, KeyVariant_SIDH_A)
expPubB := convToPub(tdata.PkB_sidh, KeyVariant_SIDH_B)
2019-05-06 11:42:26 +01:00
pubA := NewPublicKey(KeyVariant_SIDH_A)
alicePrivate.GeneratePublicKey(pubA)
pubB := NewPublicKey(KeyVariant_SIDH_B)
bobPrivate.GeneratePublicKey(pubB)
2019-03-29 22:13:53 +00:00
2019-05-06 11:42:26 +01:00
pubA.Export(keyExp[:])
expPubA.Export(keyGot[:])
if !bytes.Equal(keyExp[:], keyGot[:]) {
t.Fatalf("unexpected value of public key A [\nGot: %X\nExp: %X]\n",
keyExp, keyGot)
2019-03-29 22:13:53 +00:00
}
2019-05-06 11:42:26 +01:00
for i, _ := range keyExp {
keyExp[i] = 0
keyGot[i] = 0
}
pubB.Export(keyExp[:])
expPubB.Export(keyGot[:])
if !bytes.Equal(keyExp[:], keyGot[:]) {
t.Fatalf("unexpected value of public key B [\nGot: %X\nExp: %X]\n",
keyExp, keyGot)
2019-03-29 22:13:53 +00:00
}
}
func TestImportExport(t *testing.T) {
var err error
2019-05-06 11:42:26 +01:00
var aBytes, bBytes [126 * 3]byte
2019-03-29 22:13:53 +00:00
a := NewPublicKey(KeyVariant_SIDH_A)
b := NewPublicKey(KeyVariant_SIDH_B)
// Import keys
2019-05-06 11:42:26 +01:00
aHex, err := hex.DecodeString(tdata.PkA_sike)
2019-03-29 22:13:53 +00:00
checkErr(t, err, "invalid hex-number provided")
2019-05-06 11:42:26 +01:00
err = a.Import(aHex)
2019-03-29 22:13:53 +00:00
checkErr(t, err, "import failed")
2019-05-06 11:42:26 +01:00
bHex, err := hex.DecodeString(tdata.PkB_sike)
2019-03-29 22:13:53 +00:00
checkErr(t, err, "invalid hex-number provided")
2019-05-06 11:42:26 +01:00
err = b.Import(bHex)
2019-03-29 22:13:53 +00:00
checkErr(t, err, "import failed")
2019-05-06 11:42:26 +01:00
a.Export(aBytes[:])
b.Export(bBytes[:])
2019-03-29 22:13:53 +00:00
// Export and check if same
2019-05-06 11:42:26 +01:00
if !bytes.Equal(bBytes[:], bHex) || !bytes.Equal(aBytes[:], aHex) {
2019-03-29 22:13:53 +00:00
t.Fatalf("export/import failed")
}
2019-05-06 11:42:26 +01:00
if (len(bBytes) != b.Size()) || (len(aBytes) != a.Size()) {
2019-03-29 22:13:53 +00:00
t.Fatalf("wrong size of exported keys")
}
}
func testPrivateKeyBelowMax(t testing.TB) {
for variant, keySz := range map[KeyVariant]*DomainParams{
KeyVariant_SIDH_A: &Params.A,
KeyVariant_SIDH_B: &Params.B} {
func(v KeyVariant, dp *DomainParams) {
var blen = int(dp.SecretByteLen)
var prv = NewPrivateKey(v)
2019-05-17 20:40:22 +01:00
var secretBytes = make([]byte, prv.Size())
2019-03-29 22:13:53 +00:00
// Calculate either (2^e2 - 1) or (2^s - 1); where s=ceil(log_2(3^e3)))
maxSecertVal := big.NewInt(int64(dp.SecretBitLen))
maxSecertVal.Exp(big.NewInt(int64(2)), maxSecertVal, nil)
maxSecertVal.Sub(maxSecertVal, big.NewInt(1))
// Do same test 1000 times
for i := 0; i < 1000; i++ {
err := prv.Generate(rand.Reader)
checkErr(t, err, "Private key generation")
// Convert to big-endian, as that's what expected by (*Int)SetBytes()
2019-05-17 20:40:22 +01:00
prv.Export(secretBytes)
2019-03-29 22:13:53 +00:00
for i := 0; i < int(blen/2); i++ {
tmp := secretBytes[i] ^ secretBytes[blen-i-1]
secretBytes[i] = tmp ^ secretBytes[i]
secretBytes[blen-i-1] = tmp ^ secretBytes[blen-i-1]
}
prvBig := new(big.Int).SetBytes(secretBytes)
// Check if generated key is bigger then acceptable
if prvBig.Cmp(maxSecertVal) == 1 {
t.Error("Generated private key is wrong")
}
}
}(variant, keySz)
}
}
func testKeyAgreement(t *testing.T, pkA, prA, pkB, prB string) {
var e error
2019-05-06 11:42:26 +01:00
var s1, s2 [126 * 3]byte
2019-03-29 22:13:53 +00:00
// KeyPairs
alicePublic := convToPub(pkA, KeyVariant_SIDH_A)
bobPublic := convToPub(pkB, KeyVariant_SIDH_B)
alicePrivate := convToPrv(prA, KeyVariant_SIDH_A)
bobPrivate := convToPrv(prB, KeyVariant_SIDH_B)
// Do actual test
2019-05-06 11:42:26 +01:00
e = DeriveSecret(s1[:], bobPrivate, alicePublic)
2019-03-29 22:13:53 +00:00
checkErr(t, e, "derivation s1")
2019-05-06 11:42:26 +01:00
e = DeriveSecret(s2[:], alicePrivate, bobPublic)
2019-03-29 22:13:53 +00:00
checkErr(t, e, "derivation s1")
if !bytes.Equal(s1[:], s2[:]) {
t.Fatalf("two shared keys: %d, %d do not match", s1, s2)
}
// Negative case
dec, e := hex.DecodeString(tdata.PkA_sike)
if e != nil {
t.FailNow()
}
dec[0] = ^dec[0]
e = alicePublic.Import(dec)
if e != nil {
t.FailNow()
}
2019-05-06 11:42:26 +01:00
e = DeriveSecret(s1[:], bobPrivate, alicePublic)
2019-03-29 22:13:53 +00:00
checkErr(t, e, "derivation of s1 failed")
2019-05-06 11:42:26 +01:00
e = DeriveSecret(s2[:], alicePrivate, bobPublic)
2019-03-29 22:13:53 +00:00
checkErr(t, e, "derivation of s2 failed")
if bytes.Equal(s1[:], s2[:]) {
t.Fatalf("The two shared keys: %d, %d match", s1, s2)
}
}
func TestDerivationRoundTrip(t *testing.T) {
var err error
2019-05-06 11:42:26 +01:00
var s1, s2 [126 * 3]byte
2019-03-29 22:13:53 +00:00
2019-05-06 11:42:26 +01:00
pubA := NewPublicKey(KeyVariant_SIDH_A)
2019-03-29 22:13:53 +00:00
prvA := NewPrivateKey(KeyVariant_SIDH_A)
2019-05-06 11:42:26 +01:00
pubB := NewPublicKey(KeyVariant_SIDH_B)
2019-03-29 22:13:53 +00:00
prvB := NewPrivateKey(KeyVariant_SIDH_B)
// Generate private keys
err = prvA.Generate(rand.Reader)
checkErr(t, err, "key generation failed")
err = prvB.Generate(rand.Reader)
checkErr(t, err, "key generation failed")
// Generate public keys
2019-05-06 11:42:26 +01:00
prvA.GeneratePublicKey(pubA)
prvB.GeneratePublicKey(pubB)
2019-03-29 22:13:53 +00:00
// Derive shared secret
2019-05-06 11:42:26 +01:00
err = DeriveSecret(s1[:], prvB, pubA)
2019-03-29 22:13:53 +00:00
checkErr(t, err, "")
2019-05-06 11:42:26 +01:00
err = DeriveSecret(s2[:], prvA, pubB)
2019-03-29 22:13:53 +00:00
checkErr(t, err, "")
if !bytes.Equal(s1[:], s2[:]) {
t.Fatalf("Two shared keys: \n%X, \n%X do not match", s1, s2)
}
}
2019-05-06 11:42:26 +01:00
// encrypt, decrypt, check if input/output plaintext is the same
2019-06-25 18:21:00 +01:00
func TestPKERoundTrip(t *testing.T) {
2019-03-29 22:13:53 +00:00
// Message to be encrypted
var msg = make([]byte, Params.MsgLen)
2019-05-06 11:42:26 +01:00
var ct = make([]byte, kemSikeP503.CiphertextSize())
2019-03-29 22:13:53 +00:00
for i, _ := range msg {
msg[i] = byte(i)
}
// Import keys
pkB := NewPublicKey(KeyVariant_SIKE)
skB := NewPrivateKey(KeyVariant_SIKE)
pk_hex, err := hex.DecodeString(tdata.PkB_sike)
if err != nil {
t.Fatal(err)
}
sk_hex, err := hex.DecodeString(tdata.PrB_sike)
if err != nil {
t.Fatal(err)
}
if pkB.Import(pk_hex) != nil || skB.Import(sk_hex) != nil {
t.Error("Import")
}
2019-05-06 11:42:26 +01:00
err = encrypt(ct, rand.Reader, pkB, msg[:])
2019-03-29 22:13:53 +00:00
if err != nil {
t.Fatal(err)
}
2019-05-06 11:42:26 +01:00
var pt [40]byte
pt_len, err := decrypt(pt[:], skB, ct)
2019-03-29 22:13:53 +00:00
if err != nil {
t.Fatal(err)
}
2019-05-06 11:42:26 +01:00
if !bytes.Equal(pt[:pt_len], msg[:]) {
2019-03-29 22:13:53 +00:00
t.Errorf("Decryption failed \n got : %X\n exp : %X", pt, msg)
}
}
// Generate key and check if can encrypt
func TestPKEKeyGeneration(t *testing.T) {
// Message to be encrypted
var msg = make([]byte, Params.MsgLen)
2019-05-06 11:42:26 +01:00
var ct = make([]byte, kemSikeP503.CiphertextSize())
2019-03-29 22:13:53 +00:00
var err error
for i, _ := range msg {
msg[i] = byte(i)
}
sk := NewPrivateKey(KeyVariant_SIKE)
err = sk.Generate(rand.Reader)
checkErr(t, err, "PEK key generation")
2019-05-06 11:42:26 +01:00
pk := NewPublicKey(KeyVariant_SIKE)
sk.GeneratePublicKey(pk)
2019-03-29 22:13:53 +00:00
// Try to encrypt
2019-05-06 11:42:26 +01:00
err = encrypt(ct, rand.Reader, pk, msg[:])
2019-03-29 22:13:53 +00:00
checkErr(t, err, "PEK encryption")
2019-05-06 11:42:26 +01:00
var pt [40]byte
pt_len, err := decrypt(pt[:], sk, ct)
2019-03-29 22:13:53 +00:00
checkErr(t, err, "PEK key decryption")
2019-05-06 11:42:26 +01:00
if !bytes.Equal(pt[:pt_len], msg[:]) {
2019-03-29 22:13:53 +00:00
t.Fatalf("Decryption failed \n got : %X\n exp : %X", pt, msg)
}
}
func TestNegativePKE(t *testing.T) {
var msg [40]byte
var err error
2019-05-06 11:42:26 +01:00
var ct = make([]byte, kemSikeP503.CiphertextSize())
2019-03-29 22:13:53 +00:00
// Generate key
2019-05-06 11:42:26 +01:00
pk := NewPublicKey(KeyVariant_SIKE)
2019-03-29 22:13:53 +00:00
sk := NewPrivateKey(KeyVariant_SIKE)
err = sk.Generate(rand.Reader)
checkErr(t, err, "key generation")
2019-05-06 11:42:26 +01:00
sk.GeneratePublicKey(pk)
2019-03-29 22:13:53 +00:00
// bytelen(msg) - 1
2019-05-06 11:42:26 +01:00
err = encrypt(ct, rand.Reader, pk, msg[:Params.KemSize+8-1])
2019-03-29 22:13:53 +00:00
if err == nil {
t.Fatal("Error hasn't been returned")
}
2019-05-06 11:42:26 +01:00
for _, v := range ct {
if v != 0 {
t.Fatal("Returned ciphertext must be not changed")
}
2019-03-29 22:13:53 +00:00
}
// KemSize - 1
2019-05-06 11:42:26 +01:00
var pt [40]byte
pt_len, err := decrypt(pt[:], sk, msg[:Params.KemSize+8-1])
2019-03-29 22:13:53 +00:00
if err == nil {
t.Fatal("Error hasn't been returned")
}
2019-05-06 11:42:26 +01:00
if pt_len != 0 {
2019-03-29 22:13:53 +00:00
t.Fatal("Ciphertext must be nil")
}
}
func testKEMRoundTrip(t *testing.T, pkB, skB []byte) {
2019-05-06 11:42:26 +01:00
ct := make([]byte, kemSikeP503.CiphertextSize())
ss_e := make([]byte, kemSikeP503.SharedSecretSize())
ss_d := make([]byte, kemSikeP503.SharedSecretSize())
2019-03-29 22:13:53 +00:00
// Import keys
pk := NewPublicKey(KeyVariant_SIKE)
sk := NewPrivateKey(KeyVariant_SIKE)
if pk.Import(pkB) != nil || sk.Import(skB) != nil {
t.Error("Import failed")
}
2019-05-06 11:42:26 +01:00
checkErr(t, kemSikeP503.Encapsulate(ct, ss_e, pk),
"error: Encapsulation during round-trip")
checkErr(t, kemSikeP503.Decapsulate(ss_d, sk, pk, ct),
"error: Decapsulation during round-trip")
2019-03-29 22:13:53 +00:00
if !bytes.Equal(ss_e, ss_d) {
t.Error("Shared secrets from decapsulation and encapsulation differ")
}
}
func TestKEMRoundTrip(t *testing.T) {
pk, err := hex.DecodeString(tdata.PkB_sike)
checkErr(t, err, "public key B not a number")
sk, err := hex.DecodeString(tdata.PrB_sike)
checkErr(t, err, "private key B not a number")
testKEMRoundTrip(t, pk, sk)
}
func TestKEMKeyGeneration(t *testing.T) {
2019-05-06 11:42:26 +01:00
ct := make([]byte, kemSikeP503.CiphertextSize())
ss_e := make([]byte, kemSikeP503.SharedSecretSize())
ss_d := make([]byte, kemSikeP503.SharedSecretSize())
2019-03-29 22:13:53 +00:00
// Generate key
2019-05-06 11:42:26 +01:00
pk := NewPublicKey(KeyVariant_SIKE)
2019-03-29 22:13:53 +00:00
sk := NewPrivateKey(KeyVariant_SIKE)
checkErr(t, sk.Generate(rand.Reader), "error: key generation")
2019-05-06 11:42:26 +01:00
sk.GeneratePublicKey(pk)
2019-03-29 22:13:53 +00:00
// calculated shared secret
2019-05-06 11:42:26 +01:00
checkErr(t, kemSikeP503.Encapsulate(ct, ss_e, pk),
"encapsulation failed")
checkErr(t, kemSikeP503.Decapsulate(ss_d, sk, pk, ct),
"decapsulation failed")
2019-03-29 22:13:53 +00:00
if !bytes.Equal(ss_e, ss_d) {
t.Fatalf("KEM failed \n encapsulated: %X\n decapsulated: %X", ss_d, ss_e)
}
}
func TestNegativeKEM(t *testing.T) {
2019-05-06 11:42:26 +01:00
ct := make([]byte, kemSikeP503.CiphertextSize())
ss_e := make([]byte, kemSikeP503.SharedSecretSize())
ss_d := make([]byte, kemSikeP503.SharedSecretSize())
pk := NewPublicKey(KeyVariant_SIKE)
2019-03-29 22:13:53 +00:00
sk := NewPrivateKey(KeyVariant_SIKE)
checkErr(t, sk.Generate(rand.Reader), "error: key generation")
2019-05-06 11:42:26 +01:00
sk.GeneratePublicKey(pk)
2019-03-29 22:13:53 +00:00
2019-05-06 11:42:26 +01:00
checkErr(t, kemSikeP503.Encapsulate(ct, ss_e, pk),
"pre-requisite for a test failed")
2019-03-29 22:13:53 +00:00
ct[0] = ct[0] - 1
2019-05-06 11:42:26 +01:00
checkErr(t, kemSikeP503.Decapsulate(ss_d, sk, pk, ct),
"decapsulation returns error when invalid ciphertext provided")
2019-03-29 22:13:53 +00:00
2019-05-06 11:42:26 +01:00
if bytes.Equal(ss_e[:], ss_d) {
2019-03-29 22:13:53 +00:00
// no idea how this could ever happen, but it would be very bad
t.Error("critical error")
}
// Try encapsulating with SIDH key
pkSidh := NewPublicKey(KeyVariant_SIDH_B)
prSidh := NewPrivateKey(KeyVariant_SIDH_B)
2019-05-06 11:42:26 +01:00
err := kemSikeP503.Encapsulate(ct, ss_e, pkSidh)
2019-03-29 22:13:53 +00:00
if err == nil {
t.Error("encapsulation accepts SIDH public key")
}
// Try decapsulating with SIDH key
2019-05-06 11:42:26 +01:00
err = kemSikeP503.Decapsulate(ss_e, prSidh, pk, ct)
2019-03-29 22:13:53 +00:00
if err == nil {
t.Error("decapsulation accepts SIDH private key key")
}
}
// In case invalid ciphertext is provided, SIKE's decapsulation must
// return same (but unpredictable) result for a given key.
func TestNegativeKEMSameWrongResult(t *testing.T) {
2019-05-06 11:42:26 +01:00
ct := make([]byte, kemSikeP503.CiphertextSize())
ss_e := make([]byte, kemSikeP503.SharedSecretSize())
ss_d1 := make([]byte, kemSikeP503.SharedSecretSize())
ss_d2 := make([]byte, kemSikeP503.SharedSecretSize())
2019-03-29 22:13:53 +00:00
sk := NewPrivateKey(KeyVariant_SIKE)
2019-05-06 11:42:26 +01:00
pk := NewPublicKey(KeyVariant_SIKE)
// generate keys
2019-03-29 22:13:53 +00:00
checkErr(t, sk.Generate(rand.Reader), "error: key generation")
2019-05-06 11:42:26 +01:00
sk.GeneratePublicKey(pk)
2019-03-29 22:13:53 +00:00
2019-05-06 11:42:26 +01:00
checkErr(t, kemSikeP503.Encapsulate(ct, ss_e, pk),
"pre-requisite for a test failed")
2019-03-29 22:13:53 +00:00
// make ciphertext wrong
ct[0] = ct[0] - 1
2019-05-06 11:42:26 +01:00
checkErr(t, kemSikeP503.Decapsulate(ss_d1, sk, pk, ct),
"pre-requisite for a test failed")
2019-03-29 22:13:53 +00:00
// second decapsulation must be done with same, but imported private key
2019-05-17 20:40:22 +01:00
var expSk = make([]byte, sk.Size())
sk.Export(expSk)
2019-03-29 22:13:53 +00:00
// creat new private key
sk = NewPrivateKey(KeyVariant_SIKE)
2019-05-06 11:42:26 +01:00
checkErr(t, sk.Import(expSk),
"import failed")
2019-03-29 22:13:53 +00:00
// try decapsulating again. ss2 must be same as ss1 and different than
// original plaintext
2019-05-06 11:42:26 +01:00
checkErr(t, kemSikeP503.Decapsulate(ss_d2, sk, pk, ct),
"pre-requisite for a test failed")
2019-03-29 22:13:53 +00:00
2019-05-06 11:42:26 +01:00
if !bytes.Equal(ss_d1, ss_d2) {
2019-03-29 22:13:53 +00:00
t.Error("decapsulation is insecure")
}
2019-05-06 11:42:26 +01:00
if bytes.Equal(ss_e, ss_d1) || bytes.Equal(ss_e, ss_d2) {
2019-03-29 22:13:53 +00:00
// this test requires that decapsulation returns wrong result
t.Errorf("test implementation error")
}
}
2019-05-05 11:30:32 +01:00
func testKeygen(t *testing.T, pk, sk []byte) {
2019-05-06 11:42:26 +01:00
var pubKeyBytes [126 * 3]byte
2019-03-29 22:13:53 +00:00
// Import provided private key
var prvKey = NewPrivateKey(KeyVariant_SIKE)
if prvKey.Import(sk) != nil {
panic("sike test: can't load KAT")
}
// Generate public key
2019-05-06 11:42:26 +01:00
pubKey := NewPublicKey(KeyVariant_SIKE)
prvKey.GeneratePublicKey(pubKey)
pubKey.Export(pubKeyBytes[:])
if !bytes.Equal(pubKeyBytes[:], pk) {
2019-06-25 18:21:00 +01:00
t.Fatalf("KAT keygen form private failed\nExp: %X\nGot: %X\n", pubKeyBytes[:], pk)
2019-03-29 22:13:53 +00:00
}
}
func TestKeyAgreement(t *testing.T) {
testKeyAgreement(t, tdata.PkA_sike, tdata.PrA_sike, tdata.PkB_sidh, tdata.PrB_sidh)
}
// Same values as in sike_test.cc
func TestDecapsulation(t *testing.T) {
var sk = [56]byte{
0xDB, 0xAF, 0x2C, 0x89, 0xCA, 0x5A, 0xD4, 0x9D, 0x4F, 0x13,
0x40, 0xDF, 0x2D, 0xB1, 0x5F, 0x4C, 0x91, 0xA7, 0x1F, 0x0B,
0x29, 0x15, 0x01, 0x59, 0xBC, 0x5F, 0x0B, 0x4A, 0x03, 0x27,
0x6F, 0x18}
var pk = []byte{
2019-06-25 18:21:00 +01:00
0xCA, 0x38, 0x7A, 0x45, 0xF8, 0xA7, 0xFB, 0xE5, 0x97, 0xB0,
0x5B, 0xE4, 0x95, 0xDC, 0x38, 0xFA, 0xFC, 0x9B, 0xB3, 0xD1,
0x79, 0xF8, 0x7D, 0x54, 0x0A, 0xD9, 0xE0, 0x64, 0xE3, 0xED,
0x4D, 0x23, 0xD2, 0x86, 0x0D, 0x84, 0x0C, 0x44, 0x14, 0xE4,
0x6B, 0xB9, 0x35, 0xBA, 0x70, 0x2A, 0x90, 0x92, 0xAA, 0x90,
0x34, 0x81, 0x9F, 0xC7, 0x99, 0xD5, 0xB2, 0x2D, 0xD0, 0xBE,
0xC9, 0x3B, 0x25, 0x8F, 0x49, 0x18, 0xFE, 0xDB, 0xE3, 0x60,
0x04, 0x89, 0xB3, 0xC8, 0x8D, 0x2C, 0xC3, 0x35, 0x79, 0x45,
0x56, 0x03, 0x3C, 0xA2, 0x93, 0xDC, 0xE1, 0x1E, 0x98, 0x50,
0xB1, 0x65, 0xB9, 0x71, 0x8E, 0xB2, 0xBF, 0x93, 0x06, 0xDF,
0x55, 0xE3, 0xC9, 0xF9, 0x53, 0xB4, 0x05, 0x70, 0xF3, 0x7D,
0xE1, 0xE8, 0x78, 0x46, 0x93, 0x80, 0xBD, 0xBA, 0x7A, 0xE7,
0x66, 0x67, 0x6D, 0x99, 0xAD, 0x02, 0x5E, 0xD2, 0xFE, 0x59,
0x09, 0xB5, 0xF7, 0xB1, 0x60, 0x04, 0x59, 0x74, 0x21, 0x09,
0x66, 0x6A, 0x2C, 0x94, 0xAC, 0x78, 0x7F, 0xA5, 0x4E, 0x58,
0x07, 0xC4, 0xF2, 0x3F, 0x9C, 0x3E, 0xAB, 0x68, 0x83, 0xC4,
0x8C, 0x3C, 0xBB, 0x1B, 0x41, 0xBE, 0x26, 0x7C, 0xD0, 0xB1,
0xA8, 0xED, 0x3B, 0xA5, 0xD2, 0xAE, 0x4A, 0x44, 0xF8, 0xD6,
0x31, 0xB4, 0x06, 0x78, 0x61, 0x3C, 0xBA, 0xE8, 0x1A, 0x20,
0xF7, 0xE8, 0x11, 0x7D, 0x2C, 0xBC, 0xE6, 0x29, 0xD1, 0x73,
0xCC, 0x68, 0x5A, 0x4A, 0x6F, 0x43, 0x4C, 0x6E, 0xEC, 0xB8,
0x16, 0x9A, 0xE1, 0x82, 0x37, 0xC2, 0xAE, 0xD7, 0x2A, 0xD6,
0xCC, 0x19, 0x6C, 0x9E, 0xD1, 0xBD, 0x6C, 0x74, 0x9A, 0x4C,
0xA3, 0x6C, 0x4A, 0xAA, 0xB5, 0x99, 0x5F, 0xE9, 0x68, 0x0F,
0x73, 0x2B, 0x44, 0x7D, 0x66, 0x4E, 0x63, 0x3C, 0x32, 0xEC,
0x20, 0x03, 0xFF, 0xBE, 0xF3, 0x08, 0x0F, 0x11, 0xE2, 0x4B,
0xF1, 0xD5, 0x12, 0xE2, 0x52, 0x66, 0x19, 0xE4, 0x8B, 0xA4,
0x7E, 0x7F, 0x60, 0x27, 0x3B, 0x78, 0x6C, 0xC5, 0xBF, 0x58,
0x6F, 0xFE, 0x05, 0xFC, 0x25, 0xF4, 0x12, 0x68, 0xAB, 0xA3,
0x32, 0x75, 0x6A, 0x6A, 0xA6, 0x4E, 0x36, 0x42, 0x20, 0x17,
0x2E, 0xBE, 0x7A, 0x0F, 0x78, 0x63, 0x3E, 0x5D, 0xBC, 0xB4,
0xA0, 0xAC, 0xF3, 0xFE, 0x33, 0x49, 0x08, 0x62, 0xDC, 0x39,
0xFF, 0xFD, 0x83, 0x02, 0x10, 0x8A, 0x86, 0xD7, 0x62, 0xE5,
0xF2, 0x98, 0x7F, 0x8D, 0x79, 0x6A, 0xC4, 0x88, 0xD2, 0x84,
0xC7, 0x3B, 0xEB, 0xC1, 0x6A, 0xE0, 0x7F, 0x42, 0x92, 0x25,
0x0F, 0xA0, 0x35, 0xA5, 0xEF, 0x98, 0x4D, 0x41, 0xC5, 0x25,
0x77, 0x35, 0x36, 0xA9, 0x0B, 0xAB, 0x43, 0x0C, 0x6C, 0xF1,
0x31, 0x56, 0x17, 0x82, 0xD7, 0x00, 0x62, 0x1F,
2019-03-29 22:13:53 +00:00
}
var ct = []byte{
2019-06-25 18:21:00 +01:00
0x7B, 0x1B, 0x9E, 0xFC, 0x2B, 0x63, 0x7A, 0x71, 0x19, 0x3A,
0xAE, 0xC3, 0xDB, 0xEC, 0x20, 0x18, 0x27, 0x16, 0x64, 0xBF,
0xE5, 0x5F, 0x48, 0x75, 0xA1, 0xAE, 0xF1, 0x92, 0x40, 0x77,
0xB5, 0xF0, 0x85, 0x69, 0x8E, 0x02, 0x1A, 0x64, 0x94, 0x89,
0xA0, 0xEE, 0xDA, 0xDB, 0x07, 0xE5, 0xE5, 0xFF, 0xE7, 0x01,
0x5F, 0x5E, 0xC7, 0xD3, 0x3B, 0x27, 0xE1, 0x13, 0x9C, 0x01,
0x33, 0x44, 0x35, 0x67, 0xEA, 0x14, 0xFE, 0x74, 0x03, 0x9F,
0xD5, 0xE9, 0x3E, 0x58, 0x4A, 0xE3, 0xC2, 0x32, 0x22, 0x7A,
0x80, 0xA0, 0x18, 0x3A, 0x31, 0xAB, 0xBE, 0x63, 0xD0, 0xA2,
0xAB, 0x22, 0x28, 0x93, 0x17, 0x70, 0x79, 0x37, 0x4C, 0x55,
0xC4, 0xCB, 0x0F, 0x0D, 0x21, 0xBC, 0x35, 0x6F, 0x35, 0x04,
0x03, 0x5C, 0x23, 0xF6, 0x93, 0x4C, 0x98, 0x2D, 0x28, 0xB2,
0x4D, 0x43, 0xA4, 0x27, 0xFD, 0x38, 0x70, 0x27, 0x2F, 0x46,
0xA1, 0x25, 0x07, 0x86, 0x3A, 0x85, 0x50, 0x2E, 0x6B, 0x51,
0x58, 0x8D, 0xE5, 0x52, 0xA4, 0x44, 0x1E, 0x7D, 0x3A, 0x9B,
0x64, 0x89, 0xC8, 0x4F, 0x1C, 0x18, 0x98, 0xF5, 0xFE, 0x7F,
0xCA, 0x3A, 0x84, 0x7C, 0x53, 0xA7, 0xA1, 0xF6, 0xB1, 0xB2,
0xB5, 0xBC, 0xA5, 0x58, 0x31, 0xD4, 0xB2, 0x2E, 0x1D, 0xDE,
0x3A, 0xD5, 0xB9, 0x70, 0xA3, 0xE6, 0xE9, 0x2C, 0x39, 0xF6,
0xB5, 0x89, 0xDD, 0x14, 0x91, 0x31, 0x26, 0xE0, 0xAE, 0x66,
0x30, 0x3A, 0x59, 0x57, 0xA3, 0xFF, 0xC1, 0x1F, 0x3B, 0xB8,
0xA9, 0x9A, 0xB0, 0xAE, 0x2D, 0x70, 0x43, 0x38, 0x58, 0xF1,
0xD5, 0xFC, 0x29, 0x6A, 0x49, 0xD3, 0x2E, 0x57, 0xA7, 0x16,
0x7A, 0x2A, 0x06, 0x00, 0x39, 0x67, 0xCB, 0xA8, 0xB4, 0x26,
0xC3, 0x4B, 0xD5, 0x15, 0x83, 0x95, 0xD9, 0xCC, 0x50, 0x1A,
0x23, 0x00, 0xFF, 0xFE, 0x00, 0xFC, 0x99, 0x28, 0x38, 0xE8,
0x60, 0xF0, 0xFD, 0x12, 0xD3, 0x22, 0x26, 0x8E, 0x1F, 0xED,
0x11, 0x23, 0xB3, 0x56, 0x2A, 0x94, 0xE0, 0x1A, 0xE1, 0x25,
0x6B, 0x1C, 0x5A, 0xB0, 0x15, 0xA8, 0xA5, 0xF8, 0x76, 0xA9,
0x1F, 0x4E, 0xF1, 0x01, 0xC5, 0x12, 0x25, 0x8C, 0x1C, 0x10,
0x02, 0xAF, 0x0E, 0x5E, 0xAC, 0x67, 0x84, 0x35, 0x98, 0xDD,
0x99, 0x44, 0x15, 0x3B, 0x03, 0x41, 0x37, 0x10, 0x1F, 0x3A,
0x36, 0xFF, 0x0A, 0x47, 0xCA, 0x22, 0xA4, 0x36, 0xEB, 0x4C,
0x7D, 0x9B, 0x9A, 0xBD, 0x13, 0x4C, 0x5A, 0x0E, 0xCD, 0x35,
0xB3, 0x3A, 0xA7, 0x15, 0xFD, 0xEC, 0xEE, 0x37, 0x21, 0x25,
0xB4, 0xCC, 0x20, 0x07, 0x7F, 0xA7, 0x9F, 0x0F, 0x97, 0x3C,
0x26, 0x10, 0xE1, 0xE9, 0x3A, 0xF7, 0x53, 0x43, 0xC4, 0xCA,
0x97, 0x54, 0x13, 0x59, 0x24, 0x72, 0xE3, 0x1D, 0xE7, 0x00,
0x09, 0x61, 0x29, 0x5A, 0x53, 0x14, 0x5F, 0xAA, 0xF6, 0x6A,
0xFA, 0x72, 0xCA, 0x79, 0xC6, 0xA4, 0x9B, 0xEF, 0xE5, 0x69,
0x9E, 0x66,
}
var ss_exp = [24]byte{
0x0F, 0x7E, 0x5A, 0x52, 0x19, 0x9E, 0x77, 0x87, 0x2E, 0x93,
0x3A, 0xCB, 0x13, 0xD7, 0x96, 0xD6, 0x76, 0x27, 0xA6, 0x27,
0xE9, 0x1D, 0xD4, 0x2A,
}
2019-03-29 22:13:53 +00:00
var prvObj = NewPrivateKey(KeyVariant_SIKE)
var pubObj = NewPublicKey(KeyVariant_SIKE)
if pubObj.Import(pk) != nil || prvObj.Import(sk[:]) != nil {
t.Error("Can't import one of the keys")
}
2019-05-06 11:42:26 +01:00
res := make([]byte, kemSikeP503.SharedSecretSize())
checkErr(t, kemSikeP503.Decapsulate(res, prvObj, pubObj, ct),
"error: Decapsulation failed")
2019-06-25 18:21:00 +01:00
if !bytes.Equal(ss_exp[:], res) {
2019-03-29 22:13:53 +00:00
t.Error("Wrong decapsulation result")
}
}
2019-05-05 11:30:32 +01:00
func readAndCheckLine(r *bufio.Reader) []byte {
// Read next line from buffer
line, isPrefix, err := r.ReadLine()
if err != nil || isPrefix {
panic("Wrong format of input file")
}
// Function expects that line is in format "KEY = HEX_VALUE". Get
// value, which should be a hex string
hexst := strings.Split(string(line), "=")[1]
hexst = strings.TrimSpace(hexst)
// Convert value to byte string
ret, err := hex.DecodeString(hexst)
if err != nil {
panic("Wrong format of input file")
}
return ret
}
func TestKAT(t *testing.T) {
2019-05-06 11:42:26 +01:00
ssGot := make([]byte, kemSikeP503.SharedSecretSize())
2019-06-25 18:21:00 +01:00
testDecapsulation := func(t *testing.T, pk, sk, ct, ssExpected []byte) {
var pubKey = NewPublicKey(KeyVariant_SIKE)
var prvKey = NewPrivateKey(KeyVariant_SIKE)
if pubKey.Import(pk) != nil || prvKey.Import(sk) != nil {
panic("sike test: can't load KAT")
}
2019-05-05 11:30:32 +01:00
2019-06-25 18:21:00 +01:00
err := kemSikeP503.Decapsulate(ssGot, prvKey, pubKey, ct)
if err != nil {
panic("sike test: can't perform degcapsulation KAT")
}
2019-05-05 11:30:32 +01:00
2019-06-25 18:21:00 +01:00
if (err != nil) || !bytes.Equal(ssGot, ssExpected) {
t.Fatalf("KAT decapsulation failed\n")
}
2019-05-05 11:30:32 +01:00
}
f, err := os.Open(tdata.katFile)
if err != nil {
t.Fatal(err)
}
r := bufio.NewReader(f)
for {
line, isPrefix, err := r.ReadLine()
if err != nil || isPrefix {
if err == io.EOF {
break
} else {
t.Fatal(err)
}
}
if len(strings.TrimSpace(string(line))) == 0 || line[0] == '#' {
continue
}
// count
_ = strings.Split(string(line), "=")[1]
// seed
_ = readAndCheckLine(r)
// pk
pk := readAndCheckLine(r)
// sk (secret key in test vector is concatenation of
// MSG + SECRET_BOB_KEY + PUBLIC_BOB_KEY. We use only MSG+SECRET_BOB_KEY
sk := readAndCheckLine(r)
sk = sk[:Params.MsgLen+int(Params.B.SecretByteLen)]
// ct
ct := readAndCheckLine(r)
// ss
ss := readAndCheckLine(r)
testKeygen(t, pk, sk)
testDecapsulation(t, pk, sk, ct, ss)
testKEMRoundTrip(t, pk, sk)
}
}
2019-03-29 22:13:53 +00:00
/* -------------------------------------------------------------------------
2019-05-06 11:42:26 +01:00
Benchmarking
-------------------------------------------------------------------------*/
2019-03-29 22:13:53 +00:00
func BenchmarkKeygen(b *testing.B) {
2019-05-06 11:42:26 +01:00
pk := NewPublicKey(KeyVariant_SIKE)
2019-03-29 22:13:53 +00:00
prv := NewPrivateKey(KeyVariant_SIKE)
2019-03-29 22:16:10 +00:00
prv.Generate(rand.Reader)
2019-03-29 22:13:53 +00:00
for n := 0; n < b.N; n++ {
2019-05-06 11:42:26 +01:00
prv.GeneratePublicKey(pk)
2019-03-29 22:13:53 +00:00
}
}
func BenchmarkEncaps(b *testing.B) {
2019-05-06 11:42:26 +01:00
pub := NewPublicKey(KeyVariant_SIKE)
2019-03-29 22:13:53 +00:00
prv := NewPrivateKey(KeyVariant_SIKE)
2019-05-06 11:42:26 +01:00
2019-03-29 22:13:53 +00:00
if prv.Generate(rand.Reader) != nil {
b.FailNow()
}
2019-05-06 11:42:26 +01:00
prv.GeneratePublicKey(pub)
var ct [24 + 378]byte
var ss [16]byte
2019-03-29 22:13:53 +00:00
for n := 0; n < b.N; n++ {
2019-05-06 11:42:26 +01:00
kemSikeP503.Reset()
kemSikeP503.Encapsulate(ct[:], ss[:], pub)
2019-03-29 22:13:53 +00:00
}
}
func BenchmarkDecaps(b *testing.B) {
2019-05-06 11:42:26 +01:00
var ct [24 + 378]byte
var ss [16]byte
pkA := NewPublicKey(KeyVariant_SIKE)
2019-03-29 22:13:53 +00:00
prvA := NewPrivateKey(KeyVariant_SIKE)
2019-05-06 11:42:26 +01:00
pkB := NewPublicKey(KeyVariant_SIKE)
2019-03-29 22:13:53 +00:00
prvB := NewPrivateKey(KeyVariant_SIKE)
if prvA.Generate(rand.Reader) != nil || prvB.Generate(rand.Reader) != nil {
b.FailNow()
}
2019-05-06 11:42:26 +01:00
prvA.GeneratePublicKey(pkA)
prvB.GeneratePublicKey(pkB)
2019-03-29 22:13:53 +00:00
2019-05-06 11:42:26 +01:00
err := kemSikeP503.Encapsulate(ct[:], ss[:], pkA)
2019-03-29 22:13:53 +00:00
if err != nil {
b.FailNow()
}
for n := 0; n < b.N; n++ {
2019-05-06 11:42:26 +01:00
kemSikeP503.Decapsulate(ss[:], prvA, pkB, ct[:])
2019-03-29 22:13:53 +00:00
}
}
2019-05-06 11:42:26 +01:00
var kemSikeP503 KEM
func init() {
kemSikeP503.Allocate(rand.Reader)
}