diff --git a/dh/sidh/api.go b/dh/sidh/api.go index 4e2a907..cb1679f 100644 --- a/dh/sidh/api.go +++ b/dh/sidh/api.go @@ -2,8 +2,9 @@ package sidh import ( "errors" - . "github.com/henrydcase/nobs/dh/sidh/internal" "io" + + . "github.com/henrydcase/nobs/dh/sidh/internal/p751" ) // I keep it bool in order to be able to apply logical NOT diff --git a/dh/sidh/internal/consts.go b/dh/sidh/internal/p751/consts.go similarity index 99% rename from dh/sidh/internal/consts.go rename to dh/sidh/internal/p751/consts.go index 0af8e96..5431f76 100644 --- a/dh/sidh/internal/consts.go +++ b/dh/sidh/internal/p751/consts.go @@ -1,4 +1,4 @@ -package p751toolbox +package internal const ( // The secret key size, in bytes. Secret key is actually different for diff --git a/dh/sidh/internal/curve.go b/dh/sidh/internal/p751/curve.go similarity index 99% rename from dh/sidh/internal/curve.go rename to dh/sidh/internal/p751/curve.go index 437f89d..429c6f7 100644 --- a/dh/sidh/internal/curve.go +++ b/dh/sidh/internal/p751/curve.go @@ -1,4 +1,4 @@ -package p751toolbox +package internal // A point on the projective line P^1(F_{p^2}). // diff --git a/dh/sidh/internal/curve_test.go b/dh/sidh/internal/p751/curve_test.go similarity index 99% rename from dh/sidh/internal/curve_test.go rename to dh/sidh/internal/p751/curve_test.go index 4087bc2..6d2e214 100644 --- a/dh/sidh/internal/curve_test.go +++ b/dh/sidh/internal/p751/curve_test.go @@ -1,4 +1,4 @@ -package p751toolbox +package internal import ( "bytes" diff --git a/dh/sidh/internal/field.go b/dh/sidh/internal/p751/field.go similarity index 99% rename from dh/sidh/internal/field.go rename to dh/sidh/internal/p751/field.go index cfd6cee..a0a01fc 100644 --- a/dh/sidh/internal/field.go +++ b/dh/sidh/internal/p751/field.go @@ -1,4 +1,4 @@ -package p751toolbox +package internal //------------------------------------------------------------------------------ // Extension Field diff --git a/dh/sidh/internal/field_amd64.s b/dh/sidh/internal/p751/field_amd64.s similarity index 100% rename from dh/sidh/internal/field_amd64.s rename to dh/sidh/internal/p751/field_amd64.s diff --git a/dh/sidh/internal/field_decl.go b/dh/sidh/internal/p751/field_decl.go similarity index 98% rename from dh/sidh/internal/field_decl.go rename to dh/sidh/internal/p751/field_decl.go index 37d462a..4d69dbd 100644 --- a/dh/sidh/internal/field_decl.go +++ b/dh/sidh/internal/p751/field_decl.go @@ -1,6 +1,6 @@ // +build amd64,!noasm -package p751toolbox +package internal // If choice = 0, leave x,y unchanged. If choice = 1, set x,y = y,x. // If choice is neither 0 nor 1 then behaviour is undefined. diff --git a/dh/sidh/internal/field_generic.go b/dh/sidh/internal/p751/field_generic.go similarity index 99% rename from dh/sidh/internal/field_generic.go rename to dh/sidh/internal/p751/field_generic.go index 757ed0a..1ba833d 100644 --- a/dh/sidh/internal/field_generic.go +++ b/dh/sidh/internal/p751/field_generic.go @@ -1,6 +1,6 @@ // +build noasm arm64 arm -package p751toolbox +package internal // helper used for uint128 representation type uint128 struct { diff --git a/dh/sidh/internal/field_test.go b/dh/sidh/internal/p751/field_test.go similarity index 99% rename from dh/sidh/internal/field_test.go rename to dh/sidh/internal/p751/field_test.go index f56300b..a77be39 100644 --- a/dh/sidh/internal/field_test.go +++ b/dh/sidh/internal/p751/field_test.go @@ -1,4 +1,4 @@ -package p751toolbox +package internal import ( "math/big" diff --git a/dh/sidh/internal/isogeny.go b/dh/sidh/internal/p751/isogeny.go similarity index 99% rename from dh/sidh/internal/isogeny.go rename to dh/sidh/internal/p751/isogeny.go index 6667372..3fb0bf7 100644 --- a/dh/sidh/internal/isogeny.go +++ b/dh/sidh/internal/p751/isogeny.go @@ -1,4 +1,4 @@ -package p751toolbox +package internal // Interface for working with isogenies. type Isogeny interface { diff --git a/dh/sidh/internal/isogeny_test.go b/dh/sidh/internal/p751/isogeny_test.go similarity index 99% rename from dh/sidh/internal/isogeny_test.go rename to dh/sidh/internal/p751/isogeny_test.go index e001377..acd118f 100644 --- a/dh/sidh/internal/isogeny_test.go +++ b/dh/sidh/internal/p751/isogeny_test.go @@ -1,4 +1,4 @@ -package p751toolbox +package internal import ( "testing" diff --git a/dh/sidh/internal/print_test.go b/dh/sidh/internal/p751/print_test.go similarity index 98% rename from dh/sidh/internal/print_test.go rename to dh/sidh/internal/p751/print_test.go index 9fae61d..2590f22 100644 --- a/dh/sidh/internal/print_test.go +++ b/dh/sidh/internal/p751/print_test.go @@ -1,4 +1,4 @@ -package p751toolbox +package internal // Tools used for testing and debugging diff --git a/dh/sidh/params.go b/dh/sidh/params.go index d0b4173..c6fc8e0 100644 --- a/dh/sidh/params.go +++ b/dh/sidh/params.go @@ -1,6 +1,6 @@ package sidh -import . "github.com/henrydcase/nobs/dh/sidh/internal" +import . "github.com/henrydcase/nobs/dh/sidh/internal/p751" type DomainParams struct { // P, Q and R=P-Q base points diff --git a/dh/sidh/sidh.go b/dh/sidh/sidh.go index b51c10c..2d11e64 100644 --- a/dh/sidh/sidh.go +++ b/dh/sidh/sidh.go @@ -6,7 +6,7 @@ import ( // TODO: This is needed by ExtensionFieldElement struct, which itself // depends on implementation of p751. - . "github.com/henrydcase/nobs/dh/sidh/internal" + . "github.com/henrydcase/nobs/dh/sidh/internal/p751" ) // ----------------------------------------------------------------------------- diff --git a/kem/sike/sike.go b/kem/sike/sike.go index b77a506..f7edb82 100644 --- a/kem/sike/sike.go +++ b/kem/sike/sike.go @@ -166,13 +166,10 @@ func Encapsulate(rng io.Reader, pub *PublicKey) (ctext []byte, secret []byte, er return ctext, secret, nil } -// Decapsulate receives rng - cryptographically secure PRNG, keypair and ciphertext generated -// by Encapsulate(). -// It returns shared secret in case cipertext was generated with 'pub' or random value otherwise. -// Key generation, import and export functions ensure that if KEM decapsulation fails, always -// same random value is returned. -// Decapsulation may fail when wrongly formated input is provided or PRNG fails. -func Decapsulate(rng io.Reader, prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) { +// Decapsulate given the keypair and ciphertext as inputs, Decapsulate outputs a shared +// secret if plaintext verifies correctly, otherwise function outputs random value. +// Decapsulation may fail in case input is wrongly formated. +func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) { var params = pub.Params() var r = make([]byte, params.SecretKeySize) // Resulting shared secret @@ -194,10 +191,8 @@ func Decapsulate(rng io.Reader, prv *PrivateKey, pub *PublicKey, ctext []byte) ( r[len(r)-1] &= params.A.MaskBytes[0] r[len(r)-2] &= params.A.MaskBytes[1] // clear high bits, so scalar < 2*732 - err = skA.Import(r) - if err != nil { - return nil, err - } + // Never fails + skA.Import(r) pkA, _ := GeneratePublicKey(skA) // Never fails c0 := pkA.Export() diff --git a/kem/sike/sike_test.go b/kem/sike/sike_test.go index 53a7cdf..da75970 100644 --- a/kem/sike/sike_test.go +++ b/kem/sike/sike_test.go @@ -131,7 +131,7 @@ func testKEMRoundTrip(pkB, skB []byte) bool { return false } - ss_d, err := Decapsulate(rand.Reader, sk, pk, ct) + ss_d, err := Decapsulate(sk, pk, ct) if err != nil { return false } @@ -157,7 +157,7 @@ func TestKEMKeyGeneration(t *testing.T) { // calculated shared secret ct, ss_e, err := Encapsulate(rand.Reader, pk) checkErr(t, err, "encapsulation failed") - ss_d, err := Decapsulate(rand.Reader, sk, pk, ct) + ss_d, err := Decapsulate(sk, pk, ct) checkErr(t, err, "decapsulation failed") if !bytes.Equal(ss_e, ss_d) { @@ -174,7 +174,7 @@ func TestNegativeKEM(t *testing.T) { checkErr(t, err, "pre-requisite for a test failed") ct[0] ^= ct[0] - ss_d, err := Decapsulate(rand.Reader, sk, pk, ct) + ss_d, err := Decapsulate(sk, pk, ct) checkErr(t, err, "decapsulation returns error when invalid ciphertext provided") if bytes.Equal(ss_e, ss_d) { @@ -190,7 +190,7 @@ func TestNegativeKEM(t *testing.T) { t.Error("encapsulation accepts SIDH public key") } // Try decapsulating with SIDH key - _, err = Decapsulate(rand.Reader, prSidh, pk, ct) + _, err = Decapsulate(prSidh, pk, ct) if err == nil { t.Error("decapsulation accepts SIDH private key key") } @@ -208,7 +208,7 @@ func TestNegativeKEMSameWrongResult(t *testing.T) { // make ciphertext wrong ct[0] ^= ct[0] - decSs1, err := Decapsulate(rand.Reader, sk, pk, ct) + decSs1, err := Decapsulate(sk, pk, ct) checkErr(t, err, "pre-requisite for a test failed") // second decapsulation must be done with same, but imported private key @@ -221,7 +221,7 @@ func TestNegativeKEMSameWrongResult(t *testing.T) { // try decapsulating again. ss2 must be same as ss1 and different than // original plaintext - decSs2, err := Decapsulate(rand.Reader, sk, pk, ct) + decSs2, err := Decapsulate(sk, pk, ct) checkErr(t, err, "pre-requisite for a test failed") if !bytes.Equal(decSs1, decSs2) { @@ -272,7 +272,7 @@ func testDecapsulation(pk, sk, ct, ssExpected []byte) bool { panic("sike test: can't load KAT") } - ssGot, err := Decapsulate(rand.Reader, prvKey, pubKey, ct) + ssGot, err := Decapsulate(prvKey, pubKey, ct) if err != nil { panic("sike test: can't perform decapsulation KAT") }