1
0
mirror of https://github.com/henrydcase/nobs.git synced 2024-11-22 23:28:57 +00:00

additional comments

This commit is contained in:
Henry Case 2018-07-31 20:21:32 +01:00
parent dc58ebcd23
commit ddbd866ee5
2 changed files with 15 additions and 10 deletions

View File

@ -167,6 +167,7 @@ func (prv *PrivateKey) Generate(rand io.Reader) error {
// Generates public key corresponding to prv. KeyVariant of generated public key // Generates public key corresponding to prv. KeyVariant of generated public key
// is same as PrivateKey. Fails only if prv was wrongly initialized. // is same as PrivateKey. Fails only if prv was wrongly initialized.
// Constant time for properly initialzied PrivateKey
func GeneratePublicKey(prv *PrivateKey) (*PublicKey, error) { func GeneratePublicKey(prv *PrivateKey) (*PublicKey, error) {
if prv == nil { if prv == nil {
return nil, errors.New("sidh: invalid arguments") return nil, errors.New("sidh: invalid arguments")
@ -187,6 +188,7 @@ func GeneratePublicKey(prv *PrivateKey) (*PublicKey, error) {
// shared secret. // shared secret.
// //
// Function may return error. This happens only in case provided input is invalid. // Function may return error. This happens only in case provided input is invalid.
// Constant time for properly initialized private and public key.
func DeriveSecret(prv *PrivateKey, pub *PublicKey) ([]byte, error) { func DeriveSecret(prv *PrivateKey, pub *PublicKey) ([]byte, error) {
if (pub == nil) || (prv == nil) { if (pub == nil) || (prv == nil) {

View File

@ -27,7 +27,7 @@ func cshakeSum(out, in, S []byte) {
} }
func encrypt(skA *PrivateKey, pkA, pkB *PublicKey, ptext []byte) ([]byte, error) { func encrypt(skA *PrivateKey, pkA, pkB *PublicKey, ptext []byte) ([]byte, error) {
var tmp [40]byte var n [40]byte // n can is max 320-bit (see 1.4 of [SIKE])
var ptextLen = len(ptext) var ptextLen = len(ptext)
if pkB.Variant() != KeyVariant_SIKE { if pkB.Variant() != KeyVariant_SIKE {
@ -39,14 +39,14 @@ func encrypt(skA *PrivateKey, pkA, pkB *PublicKey, ptext []byte) ([]byte, error)
return nil, err return nil, err
} }
cshakeSum(tmp[:ptextLen], j, F) cshakeSum(n[:ptextLen], j, F)
for i, _ := range ptext { for i, _ := range ptext {
tmp[i] ^= ptext[i] n[i] ^= ptext[i]
} }
ret := make([]byte, pkA.Size()+ptextLen) ret := make([]byte, pkA.Size()+ptextLen)
copy(ret, pkA.Export()) copy(ret, pkA.Export())
copy(ret[pkA.Size():], tmp[:ptextLen]) copy(ret[pkA.Size():], n[:ptextLen])
return ret, nil return ret, nil
} }
@ -77,9 +77,10 @@ func Encrypt(rng io.Reader, pub *PublicKey, ptext []byte) ([]byte, error) {
// Uses SIKE private key to decrypt ciphertext. Returns plaintext in case // Uses SIKE private key to decrypt ciphertext. Returns plaintext in case
// decryption succeeds or error in case unexptected input was provided. // decryption succeeds or error in case unexptected input was provided.
// Constant time
func Decrypt(prv *PrivateKey, ctext []byte) ([]byte, error) { func Decrypt(prv *PrivateKey, ctext []byte) ([]byte, error) {
var params = prv.Params() var params = prv.Params()
var tmp [40]byte var n [40]byte // n can is max 320-bit (see 1.4 of [SIKE])
var c1_len int var c1_len int
var pk_len = params.PublicKeySize var pk_len = params.PublicKeySize
@ -104,12 +105,12 @@ func Decrypt(prv *PrivateKey, ctext []byte) ([]byte, error) {
return nil, err return nil, err
} }
cshakeSum(tmp[:c1_len], j, F) cshakeSum(n[:c1_len], j, F)
for i, _ := range tmp[:c1_len] { for i, _ := range n[:c1_len] {
tmp[i] ^= ctext[pk_len+i] n[i] ^= ctext[pk_len+i]
} }
return tmp[:c1_len], nil return n[:c1_len], nil
} }
// ----------------------------------------------------------------------------- // -----------------------------------------------------------------------------
@ -169,6 +170,7 @@ func Encapsulate(rng io.Reader, pub *PublicKey) (ctext []byte, secret []byte, er
// Decapsulate given the keypair and ciphertext as inputs, Decapsulate outputs a shared // Decapsulate given the keypair and ciphertext as inputs, Decapsulate outputs a shared
// secret if plaintext verifies correctly, otherwise function outputs random value. // secret if plaintext verifies correctly, otherwise function outputs random value.
// Decapsulation may fail in case input is wrongly formated. // Decapsulation may fail in case input is wrongly formated.
// Constant time for properly initialized input.
func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) { func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) {
var params = pub.Params() var params = pub.Params()
var r = make([]byte, params.SecretKeySize) var r = make([]byte, params.SecretKeySize)
@ -194,7 +196,8 @@ func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error)
// Never fails // Never fails
skA.Import(r) skA.Import(r)
pkA, _ := GeneratePublicKey(skA) // Never fails // Never fails
pkA, _ := GeneratePublicKey(skA)
c0 := pkA.Export() c0 := pkA.Export()
h = cshake.NewCShake256(nil, H) h = cshake.NewCShake256(nil, H)