mirror of
https://github.com/henrydcase/nobs.git
synced 2024-11-22 23:28:57 +00:00
additional comments
This commit is contained in:
parent
dc58ebcd23
commit
ddbd866ee5
@ -167,6 +167,7 @@ func (prv *PrivateKey) Generate(rand io.Reader) error {
|
|||||||
|
|
||||||
// Generates public key corresponding to prv. KeyVariant of generated public key
|
// Generates public key corresponding to prv. KeyVariant of generated public key
|
||||||
// is same as PrivateKey. Fails only if prv was wrongly initialized.
|
// is same as PrivateKey. Fails only if prv was wrongly initialized.
|
||||||
|
// Constant time for properly initialzied PrivateKey
|
||||||
func GeneratePublicKey(prv *PrivateKey) (*PublicKey, error) {
|
func GeneratePublicKey(prv *PrivateKey) (*PublicKey, error) {
|
||||||
if prv == nil {
|
if prv == nil {
|
||||||
return nil, errors.New("sidh: invalid arguments")
|
return nil, errors.New("sidh: invalid arguments")
|
||||||
@ -187,6 +188,7 @@ func GeneratePublicKey(prv *PrivateKey) (*PublicKey, error) {
|
|||||||
// shared secret.
|
// shared secret.
|
||||||
//
|
//
|
||||||
// Function may return error. This happens only in case provided input is invalid.
|
// Function may return error. This happens only in case provided input is invalid.
|
||||||
|
// Constant time for properly initialized private and public key.
|
||||||
func DeriveSecret(prv *PrivateKey, pub *PublicKey) ([]byte, error) {
|
func DeriveSecret(prv *PrivateKey, pub *PublicKey) ([]byte, error) {
|
||||||
|
|
||||||
if (pub == nil) || (prv == nil) {
|
if (pub == nil) || (prv == nil) {
|
||||||
|
@ -27,7 +27,7 @@ func cshakeSum(out, in, S []byte) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func encrypt(skA *PrivateKey, pkA, pkB *PublicKey, ptext []byte) ([]byte, error) {
|
func encrypt(skA *PrivateKey, pkA, pkB *PublicKey, ptext []byte) ([]byte, error) {
|
||||||
var tmp [40]byte
|
var n [40]byte // n can is max 320-bit (see 1.4 of [SIKE])
|
||||||
var ptextLen = len(ptext)
|
var ptextLen = len(ptext)
|
||||||
|
|
||||||
if pkB.Variant() != KeyVariant_SIKE {
|
if pkB.Variant() != KeyVariant_SIKE {
|
||||||
@ -39,14 +39,14 @@ func encrypt(skA *PrivateKey, pkA, pkB *PublicKey, ptext []byte) ([]byte, error)
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
cshakeSum(tmp[:ptextLen], j, F)
|
cshakeSum(n[:ptextLen], j, F)
|
||||||
for i, _ := range ptext {
|
for i, _ := range ptext {
|
||||||
tmp[i] ^= ptext[i]
|
n[i] ^= ptext[i]
|
||||||
}
|
}
|
||||||
|
|
||||||
ret := make([]byte, pkA.Size()+ptextLen)
|
ret := make([]byte, pkA.Size()+ptextLen)
|
||||||
copy(ret, pkA.Export())
|
copy(ret, pkA.Export())
|
||||||
copy(ret[pkA.Size():], tmp[:ptextLen])
|
copy(ret[pkA.Size():], n[:ptextLen])
|
||||||
return ret, nil
|
return ret, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -77,9 +77,10 @@ func Encrypt(rng io.Reader, pub *PublicKey, ptext []byte) ([]byte, error) {
|
|||||||
|
|
||||||
// Uses SIKE private key to decrypt ciphertext. Returns plaintext in case
|
// Uses SIKE private key to decrypt ciphertext. Returns plaintext in case
|
||||||
// decryption succeeds or error in case unexptected input was provided.
|
// decryption succeeds or error in case unexptected input was provided.
|
||||||
|
// Constant time
|
||||||
func Decrypt(prv *PrivateKey, ctext []byte) ([]byte, error) {
|
func Decrypt(prv *PrivateKey, ctext []byte) ([]byte, error) {
|
||||||
var params = prv.Params()
|
var params = prv.Params()
|
||||||
var tmp [40]byte
|
var n [40]byte // n can is max 320-bit (see 1.4 of [SIKE])
|
||||||
var c1_len int
|
var c1_len int
|
||||||
var pk_len = params.PublicKeySize
|
var pk_len = params.PublicKeySize
|
||||||
|
|
||||||
@ -104,12 +105,12 @@ func Decrypt(prv *PrivateKey, ctext []byte) ([]byte, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
cshakeSum(tmp[:c1_len], j, F)
|
cshakeSum(n[:c1_len], j, F)
|
||||||
for i, _ := range tmp[:c1_len] {
|
for i, _ := range n[:c1_len] {
|
||||||
tmp[i] ^= ctext[pk_len+i]
|
n[i] ^= ctext[pk_len+i]
|
||||||
}
|
}
|
||||||
|
|
||||||
return tmp[:c1_len], nil
|
return n[:c1_len], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// -----------------------------------------------------------------------------
|
// -----------------------------------------------------------------------------
|
||||||
@ -169,6 +170,7 @@ func Encapsulate(rng io.Reader, pub *PublicKey) (ctext []byte, secret []byte, er
|
|||||||
// Decapsulate given the keypair and ciphertext as inputs, Decapsulate outputs a shared
|
// Decapsulate given the keypair and ciphertext as inputs, Decapsulate outputs a shared
|
||||||
// secret if plaintext verifies correctly, otherwise function outputs random value.
|
// secret if plaintext verifies correctly, otherwise function outputs random value.
|
||||||
// Decapsulation may fail in case input is wrongly formated.
|
// Decapsulation may fail in case input is wrongly formated.
|
||||||
|
// Constant time for properly initialized input.
|
||||||
func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) {
|
func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error) {
|
||||||
var params = pub.Params()
|
var params = pub.Params()
|
||||||
var r = make([]byte, params.SecretKeySize)
|
var r = make([]byte, params.SecretKeySize)
|
||||||
@ -194,7 +196,8 @@ func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error)
|
|||||||
// Never fails
|
// Never fails
|
||||||
skA.Import(r)
|
skA.Import(r)
|
||||||
|
|
||||||
pkA, _ := GeneratePublicKey(skA) // Never fails
|
// Never fails
|
||||||
|
pkA, _ := GeneratePublicKey(skA)
|
||||||
c0 := pkA.Export()
|
c0 := pkA.Export()
|
||||||
|
|
||||||
h = cshake.NewCShake256(nil, H)
|
h = cshake.NewCShake256(nil, H)
|
||||||
|
Loading…
Reference in New Issue
Block a user