sidh: move p751 implementation to p751 folder

2024-11-26 00:51:22 +00:00 · 2018-07-27 00:09:12 +01:00 · 2018-07-27 00:09:12 +01:00 · 105532aa09
commit 105532aa09
parent 431c20d5ff
16 changed files with 27 additions and 31 deletions
--- a/dh/sidh/api.go
+++ b/dh/sidh/api.go
@ -2,8 +2,9 @@ package sidh

 import (
 	"errors"
-	. "github.com/henrydcase/nobs/dh/sidh/internal"
 	"io"
+
+	. "github.com/henrydcase/nobs/dh/sidh/internal/p751"
 )

 // I keep it bool in order to be able to apply logical NOT
--- a/dh/sidh/internal/p751/consts.go
+++ b/dh/sidh/internal/p751/consts.go
@ -1,4 +1,4 @@
-package p751toolbox
+package internal

 const (
 	// The secret key size, in bytes. Secret key is actually different for
--- a/dh/sidh/internal/p751/curve.go
+++ b/dh/sidh/internal/p751/curve.go
@ -1,4 +1,4 @@
-package p751toolbox
+package internal

 // A point on the projective line P^1(F_{p^2}).
 //
--- a/dh/sidh/internal/p751/curve_test.go
+++ b/dh/sidh/internal/p751/curve_test.go
@ -1,4 +1,4 @@
-package p751toolbox
+package internal

 import (
 	"bytes"
--- a/dh/sidh/internal/p751/field.go
+++ b/dh/sidh/internal/p751/field.go
@ -1,4 +1,4 @@
-package p751toolbox
+package internal

 //------------------------------------------------------------------------------
 // Extension Field
--- a/dh/sidh/internal/p751/field_amd64.s
+++ b/dh/sidh/internal/p751/field_amd64.s
--- a/dh/sidh/internal/p751/field_decl.go
+++ b/dh/sidh/internal/p751/field_decl.go
@ -1,6 +1,6 @@
 // +build amd64,!noasm

-package p751toolbox
+package internal

 // If choice = 0, leave x,y unchanged. If choice = 1, set x,y = y,x.
 // If choice is neither 0 nor 1 then behaviour is undefined.
--- a/dh/sidh/internal/p751/field_generic.go
+++ b/dh/sidh/internal/p751/field_generic.go
@ -1,6 +1,6 @@
 // +build noasm arm64 arm

-package p751toolbox
+package internal

 // helper used for uint128 representation
 type uint128 struct {
--- a/dh/sidh/internal/p751/field_test.go
+++ b/dh/sidh/internal/p751/field_test.go
@ -1,4 +1,4 @@
-package p751toolbox
+package internal

 import (
 	"math/big"
--- a/dh/sidh/internal/p751/isogeny.go
+++ b/dh/sidh/internal/p751/isogeny.go
@ -1,4 +1,4 @@
-package p751toolbox
+package internal

 // Interface for working with isogenies.
 type Isogeny interface {
--- a/dh/sidh/internal/p751/isogeny_test.go
+++ b/dh/sidh/internal/p751/isogeny_test.go
@ -1,4 +1,4 @@
-package p751toolbox
+package internal

 import (
 	"testing"
--- a/dh/sidh/internal/p751/print_test.go
+++ b/dh/sidh/internal/p751/print_test.go
@ -1,4 +1,4 @@
-package p751toolbox
+package internal

 // Tools used for testing and debugging

--- a/dh/sidh/params.go
+++ b/dh/sidh/params.go
@ -1,6 +1,6 @@
 package sidh

-import . "github.com/henrydcase/nobs/dh/sidh/internal"
+import . "github.com/henrydcase/nobs/dh/sidh/internal/p751"

 type DomainParams struct {
 	// P, Q and R=P-Q base points
--- a/dh/sidh/sidh.go
+++ b/dh/sidh/sidh.go
@ -6,7 +6,7 @@ import (

 	// TODO: This is needed by ExtensionFieldElement struct, which itself
 	// 		 depends on implementation of p751.
-	. "github.com/henrydcase/nobs/dh/sidh/internal"
+	. "github.com/henrydcase/nobs/dh/sidh/internal/p751"
 )

 // -----------------------------------------------------------------------------
--- a/kem/sike/sike.go
+++ b/kem/sike/sike.go
@ -166,13 +166,10 @@ func Encapsulate(rng io.Reader, pub *PublicKey) (ctext []byte, secret []byte, er
 	return ctext, secret, nil
 }

-// Decapsulate receives rng - cryptographically secure PRNG, keypair and ciphertext generated
-// by Encapsulate().
-// It returns shared secret in case cipertext was generated with 'pub' or random value otherwise.
-// Key generation, import and export functions ensure that if KEM decapsulation fails, always
-// same random value is returned.
-// Decapsulation may fail when wrongly formated input is provided or PRNG fails.
-func Decapsulate(rng io.Reader, prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) {
+// Decapsulate given the keypair and ciphertext as inputs, Decapsulate outputs a shared
+// secret if plaintext verifies correctly, otherwise function outputs random value.
+// Decapsulation may fail in case input is wrongly formated.
+func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) {
 	var params = pub.Params()
 	var r = make([]byte, params.SecretKeySize)
 	// Resulting shared secret
@ -194,10 +191,8 @@ func Decapsulate(rng io.Reader, prv *PrivateKey, pub *PublicKey, ctext []byte) (
 	r[len(r)-1] &= params.A.MaskBytes[0]
 	r[len(r)-2] &= params.A.MaskBytes[1] // clear high bits, so scalar < 2*732

-	err = skA.Import(r)
-	if err != nil {
-		return nil, err
-	}
+	// Never fails
+	skA.Import(r)

 	pkA, _ := GeneratePublicKey(skA) // Never fails
 	c0 := pkA.Export()
--- a/kem/sike/sike_test.go
+++ b/kem/sike/sike_test.go
@ -131,7 +131,7 @@ func testKEMRoundTrip(pkB, skB []byte) bool {
 		return false
 	}

-	ss_d, err := Decapsulate(rand.Reader, sk, pk, ct)
+	ss_d, err := Decapsulate(sk, pk, ct)
 	if err != nil {
 		return false
 	}
@ -157,7 +157,7 @@ func TestKEMKeyGeneration(t *testing.T) {
 	// calculated shared secret
 	ct, ss_e, err := Encapsulate(rand.Reader, pk)
 	checkErr(t, err, "encapsulation failed")
-	ss_d, err := Decapsulate(rand.Reader, sk, pk, ct)
+	ss_d, err := Decapsulate(sk, pk, ct)
 	checkErr(t, err, "decapsulation failed")

 	if !bytes.Equal(ss_e, ss_d) {
@ -174,7 +174,7 @@ func TestNegativeKEM(t *testing.T) {
 	checkErr(t, err, "pre-requisite for a test failed")

 	ct[0] ^= ct[0]
-	ss_d, err := Decapsulate(rand.Reader, sk, pk, ct)
+	ss_d, err := Decapsulate(sk, pk, ct)
 	checkErr(t, err, "decapsulation returns error when invalid ciphertext provided")

 	if bytes.Equal(ss_e, ss_d) {
@ -190,7 +190,7 @@ func TestNegativeKEM(t *testing.T) {
 		t.Error("encapsulation accepts SIDH public key")
 	}
 	// Try decapsulating with SIDH key
-	_, err = Decapsulate(rand.Reader, prSidh, pk, ct)
+	_, err = Decapsulate(prSidh, pk, ct)
 	if err == nil {
 		t.Error("decapsulation accepts SIDH private key key")
 	}
@ -208,7 +208,7 @@ func TestNegativeKEMSameWrongResult(t *testing.T) {

 	// make ciphertext wrong
 	ct[0] ^= ct[0]
-	decSs1, err := Decapsulate(rand.Reader, sk, pk, ct)
+	decSs1, err := Decapsulate(sk, pk, ct)
 	checkErr(t, err, "pre-requisite for a test failed")

 	// second decapsulation must be done with same, but imported private key
@ -221,7 +221,7 @@ func TestNegativeKEMSameWrongResult(t *testing.T) {

 	// try decapsulating again. ss2 must be same as ss1 and different than
 	// original plaintext
-	decSs2, err := Decapsulate(rand.Reader, sk, pk, ct)
+	decSs2, err := Decapsulate(sk, pk, ct)
 	checkErr(t, err, "pre-requisite for a test failed")

 	if !bytes.Equal(decSs1, decSs2) {
@ -272,7 +272,7 @@ func testDecapsulation(pk, sk, ct, ssExpected []byte) bool {
 		panic("sike test: can't load KAT")
 	}

-	ssGot, err := Decapsulate(rand.Reader, prvKey, pubKey, ct)
+	ssGot, err := Decapsulate(prvKey, pubKey, ct)
 	if err != nil {
 		panic("sike test: can't perform decapsulation KAT")
 	}