mirror of
https://github.com/henrydcase/nobs.git
synced 2024-11-26 00:51:22 +00:00
sidh: move p751 implementation to p751 folder
This commit is contained in:
parent
431c20d5ff
commit
105532aa09
@ -2,8 +2,9 @@ package sidh
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
. "github.com/henrydcase/nobs/dh/sidh/internal"
|
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
|
. "github.com/henrydcase/nobs/dh/sidh/internal/p751"
|
||||||
)
|
)
|
||||||
|
|
||||||
// I keep it bool in order to be able to apply logical NOT
|
// I keep it bool in order to be able to apply logical NOT
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// The secret key size, in bytes. Secret key is actually different for
|
// The secret key size, in bytes. Secret key is actually different for
|
||||||
@ -1,4 +1,4 @@
|
|||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
// A point on the projective line P^1(F_{p^2}).
|
// A point on the projective line P^1(F_{p^2}).
|
||||||
//
|
//
|
||||||
@ -1,4 +1,4 @@
|
|||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
@ -1,4 +1,4 @@
|
|||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
//------------------------------------------------------------------------------
|
//------------------------------------------------------------------------------
|
||||||
// Extension Field
|
// Extension Field
|
||||||
@ -1,6 +1,6 @@
|
|||||||
// +build amd64,!noasm
|
// +build amd64,!noasm
|
||||||
|
|
||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
// If choice = 0, leave x,y unchanged. If choice = 1, set x,y = y,x.
|
// If choice = 0, leave x,y unchanged. If choice = 1, set x,y = y,x.
|
||||||
// If choice is neither 0 nor 1 then behaviour is undefined.
|
// If choice is neither 0 nor 1 then behaviour is undefined.
|
||||||
@ -1,6 +1,6 @@
|
|||||||
// +build noasm arm64 arm
|
// +build noasm arm64 arm
|
||||||
|
|
||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
// helper used for uint128 representation
|
// helper used for uint128 representation
|
||||||
type uint128 struct {
|
type uint128 struct {
|
||||||
@ -1,4 +1,4 @@
|
|||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"math/big"
|
"math/big"
|
||||||
@ -1,4 +1,4 @@
|
|||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
// Interface for working with isogenies.
|
// Interface for working with isogenies.
|
||||||
type Isogeny interface {
|
type Isogeny interface {
|
||||||
@ -1,4 +1,4 @@
|
|||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
@ -1,4 +1,4 @@
|
|||||||
package p751toolbox
|
package internal
|
||||||
|
|
||||||
// Tools used for testing and debugging
|
// Tools used for testing and debugging
|
||||||
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
package sidh
|
package sidh
|
||||||
|
|
||||||
import . "github.com/henrydcase/nobs/dh/sidh/internal"
|
import . "github.com/henrydcase/nobs/dh/sidh/internal/p751"
|
||||||
|
|
||||||
type DomainParams struct {
|
type DomainParams struct {
|
||||||
// P, Q and R=P-Q base points
|
// P, Q and R=P-Q base points
|
||||||
|
|||||||
@ -6,7 +6,7 @@ import (
|
|||||||
|
|
||||||
// TODO: This is needed by ExtensionFieldElement struct, which itself
|
// TODO: This is needed by ExtensionFieldElement struct, which itself
|
||||||
// depends on implementation of p751.
|
// depends on implementation of p751.
|
||||||
. "github.com/henrydcase/nobs/dh/sidh/internal"
|
. "github.com/henrydcase/nobs/dh/sidh/internal/p751"
|
||||||
)
|
)
|
||||||
|
|
||||||
// -----------------------------------------------------------------------------
|
// -----------------------------------------------------------------------------
|
||||||
|
|||||||
@ -166,13 +166,10 @@ func Encapsulate(rng io.Reader, pub *PublicKey) (ctext []byte, secret []byte, er
|
|||||||
return ctext, secret, nil
|
return ctext, secret, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decapsulate receives rng - cryptographically secure PRNG, keypair and ciphertext generated
|
// Decapsulate given the keypair and ciphertext as inputs, Decapsulate outputs a shared
|
||||||
// by Encapsulate().
|
// secret if plaintext verifies correctly, otherwise function outputs random value.
|
||||||
// It returns shared secret in case cipertext was generated with 'pub' or random value otherwise.
|
// Decapsulation may fail in case input is wrongly formated.
|
||||||
// Key generation, import and export functions ensure that if KEM decapsulation fails, always
|
func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) {
|
||||||
// same random value is returned.
|
|
||||||
// Decapsulation may fail when wrongly formated input is provided or PRNG fails.
|
|
||||||
func Decapsulate(rng io.Reader, prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) {
|
|
||||||
var params = pub.Params()
|
var params = pub.Params()
|
||||||
var r = make([]byte, params.SecretKeySize)
|
var r = make([]byte, params.SecretKeySize)
|
||||||
// Resulting shared secret
|
// Resulting shared secret
|
||||||
@ -194,10 +191,8 @@ func Decapsulate(rng io.Reader, prv *PrivateKey, pub *PublicKey, ctext []byte) (
|
|||||||
r[len(r)-1] &= params.A.MaskBytes[0]
|
r[len(r)-1] &= params.A.MaskBytes[0]
|
||||||
r[len(r)-2] &= params.A.MaskBytes[1] // clear high bits, so scalar < 2*732
|
r[len(r)-2] &= params.A.MaskBytes[1] // clear high bits, so scalar < 2*732
|
||||||
|
|
||||||
err = skA.Import(r)
|
// Never fails
|
||||||
if err != nil {
|
skA.Import(r)
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
pkA, _ := GeneratePublicKey(skA) // Never fails
|
pkA, _ := GeneratePublicKey(skA) // Never fails
|
||||||
c0 := pkA.Export()
|
c0 := pkA.Export()
|
||||||
|
|||||||
@ -131,7 +131,7 @@ func testKEMRoundTrip(pkB, skB []byte) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
ss_d, err := Decapsulate(rand.Reader, sk, pk, ct)
|
ss_d, err := Decapsulate(sk, pk, ct)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
@ -157,7 +157,7 @@ func TestKEMKeyGeneration(t *testing.T) {
|
|||||||
// calculated shared secret
|
// calculated shared secret
|
||||||
ct, ss_e, err := Encapsulate(rand.Reader, pk)
|
ct, ss_e, err := Encapsulate(rand.Reader, pk)
|
||||||
checkErr(t, err, "encapsulation failed")
|
checkErr(t, err, "encapsulation failed")
|
||||||
ss_d, err := Decapsulate(rand.Reader, sk, pk, ct)
|
ss_d, err := Decapsulate(sk, pk, ct)
|
||||||
checkErr(t, err, "decapsulation failed")
|
checkErr(t, err, "decapsulation failed")
|
||||||
|
|
||||||
if !bytes.Equal(ss_e, ss_d) {
|
if !bytes.Equal(ss_e, ss_d) {
|
||||||
@ -174,7 +174,7 @@ func TestNegativeKEM(t *testing.T) {
|
|||||||
checkErr(t, err, "pre-requisite for a test failed")
|
checkErr(t, err, "pre-requisite for a test failed")
|
||||||
|
|
||||||
ct[0] ^= ct[0]
|
ct[0] ^= ct[0]
|
||||||
ss_d, err := Decapsulate(rand.Reader, sk, pk, ct)
|
ss_d, err := Decapsulate(sk, pk, ct)
|
||||||
checkErr(t, err, "decapsulation returns error when invalid ciphertext provided")
|
checkErr(t, err, "decapsulation returns error when invalid ciphertext provided")
|
||||||
|
|
||||||
if bytes.Equal(ss_e, ss_d) {
|
if bytes.Equal(ss_e, ss_d) {
|
||||||
@ -190,7 +190,7 @@ func TestNegativeKEM(t *testing.T) {
|
|||||||
t.Error("encapsulation accepts SIDH public key")
|
t.Error("encapsulation accepts SIDH public key")
|
||||||
}
|
}
|
||||||
// Try decapsulating with SIDH key
|
// Try decapsulating with SIDH key
|
||||||
_, err = Decapsulate(rand.Reader, prSidh, pk, ct)
|
_, err = Decapsulate(prSidh, pk, ct)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
t.Error("decapsulation accepts SIDH private key key")
|
t.Error("decapsulation accepts SIDH private key key")
|
||||||
}
|
}
|
||||||
@ -208,7 +208,7 @@ func TestNegativeKEMSameWrongResult(t *testing.T) {
|
|||||||
|
|
||||||
// make ciphertext wrong
|
// make ciphertext wrong
|
||||||
ct[0] ^= ct[0]
|
ct[0] ^= ct[0]
|
||||||
decSs1, err := Decapsulate(rand.Reader, sk, pk, ct)
|
decSs1, err := Decapsulate(sk, pk, ct)
|
||||||
checkErr(t, err, "pre-requisite for a test failed")
|
checkErr(t, err, "pre-requisite for a test failed")
|
||||||
|
|
||||||
// second decapsulation must be done with same, but imported private key
|
// second decapsulation must be done with same, but imported private key
|
||||||
@ -221,7 +221,7 @@ func TestNegativeKEMSameWrongResult(t *testing.T) {
|
|||||||
|
|
||||||
// try decapsulating again. ss2 must be same as ss1 and different than
|
// try decapsulating again. ss2 must be same as ss1 and different than
|
||||||
// original plaintext
|
// original plaintext
|
||||||
decSs2, err := Decapsulate(rand.Reader, sk, pk, ct)
|
decSs2, err := Decapsulate(sk, pk, ct)
|
||||||
checkErr(t, err, "pre-requisite for a test failed")
|
checkErr(t, err, "pre-requisite for a test failed")
|
||||||
|
|
||||||
if !bytes.Equal(decSs1, decSs2) {
|
if !bytes.Equal(decSs1, decSs2) {
|
||||||
@ -272,7 +272,7 @@ func testDecapsulation(pk, sk, ct, ssExpected []byte) bool {
|
|||||||
panic("sike test: can't load KAT")
|
panic("sike test: can't load KAT")
|
||||||
}
|
}
|
||||||
|
|
||||||
ssGot, err := Decapsulate(rand.Reader, prvKey, pubKey, ct)
|
ssGot, err := Decapsulate(prvKey, pubKey, ct)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic("sike test: can't perform decapsulation KAT")
|
panic("sike test: can't perform decapsulation KAT")
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user