kris
/
nobs
miroir de https://github.com/henrydcase/nobs.git
1
0
Bifurcation 0
Code Tickets 0 Versions 1 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
33 Révisions
11 Branches
11 MiB
 
 
 
 
Aborescence: 9d0050cbee
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '9d0050cbee'
${ noResults }
nobs/kem/sike/sike_test.go

379 lignes
13 KiB
Brut Annotations Historique 

  1. package sike

  2. 

  3. import (

  4. 	"testing"

  5. 

  6. 	"bufio"

  7. 	"bytes"

  8. 	"encoding/hex"

  9. 	"io"

  10. 	"os"

  11. 	"strings"

  12. 

  13. 	"fmt"

  14. 

  15. 	rand "crypto/rand"

  16. 	. "github.com/henrydcase/nobs/dh/sidh"

  17. )

  18. 

  19. const (

  20. 	PkB = "7C55E268665504B9A11A1B30B4363A4957960AD015A7B74DF39FB0141A95CC51A4BEBBB48452EF0C881220D68CB5FF904C0549F05F06BF49A520E684DD610A7E121B420C751B789BDCDB8B6EC136BA0CE74EB6904906057EA7343839EA35FAF2C3D7BE76C81DCA4DF0850CE5F111FF9FF97242EC5520310D7F90A004BACFD75408CBFE8948232A9CCF035136DE3691D9BEF110C3081AADF0D2328CE2CC94998D8AE94D6575083FAFA045F50201FCE841D01C214CC8BBEFCC701484215EA70518204C76A0DA89BEAF0B066F6FD9E78A2C908CF0AFF74E0B55477190F918397F0CF3A537B7911DA846196AD914114A15C2F3C1062D78B19D23348C3D3D4A9C2B2018B382CC44544DA2FA263EB6212D2D13F254216DE002D4AEA55C75C5349A681D7A809BCC29C4CAE1168AC790321FF7429FAAC2FC09465F93E10B9DD970901A1B1D045DDAC9D7B901E00F29AA9F2C87C8EF848E80B7B290ECF85D6BB4C7E975A939A7AFB63069F900A75C9B7B71C2E7472C21A87AB604B6372D4EBEC5974A711281A819636D8FA3E6608F2B81F35599BBB4A1EB5CBD8F743587550F8CE3A809F5C9C399DD52B2D15F217A36F3218C772FD4E67F67D526DEBE1D31FEC4634927A873A1A6CFE55FF1E35AB72EBBD22E3CDD9D2640813345015BB6BD25A6977D0391D4D78998DD178155FEBF247BED3A9F83EAF3346BA90098B908B2359B60491C94330626709D235D1CFB7C87DCA779CFBA23DA280DC06FAEA0FDB3773B0C6391F889D803B7C04AC6AB27375B440336789823176C57"

  21. 	PrB = "00010203040506070809000102030405060708090001020304050607080901028626ED79D451140800E03B59B956F8210E556067407D13DC90FA9E8B872BFB8FAB0A7289852106E40538D3575C500201"

  22. )

  23. 

  24. var params = Params(FP_751)

  25. 

  26. type MultiIdTestingFunc func(*testing.T, uint8)

  27. 

  28. func Do(f MultiIdTestingFunc, t *testing.T) {

  29. 	for id, val := range tdata {

  30. 		params = Params(id)

  31. 		fmt.Printf("\tTesting: %s\n", val.name)

  32. 		f(t, id)

  33. 	}

  34. }

  35. 

  36. var tdata = map[uint8]struct {

  37. 	name    string

  38. 	KatFile string

  39. 	PkB     string

  40. 	PrB     string

  41. }{

  42. 	FP_503: {

  43. 		"P-503",

  44. 		"../../etc/PQCkemKAT_434.rsp",

  45. 		"F11CF893CE4F794216B11A75B0B2981F8DB3FC8550A75C86DB2279FD4CB445E2F4D21F7380570832963F1445AB898267EC1B84196CAC1A84566D7C4D334505C5AB98D638B2E1A5766F5F716FDF1177AB864D2E2CE10BF8DC3D0A3CAFA05B587D746F5CC78E32F283C035886A96698BDCF0F2CAE0B5D4B9C725A3EB2EA13AA43AEC99488962F8B9A5038DD655C0237023CF21002E3E19B1A993C9118DDC74A07B4F9585C0BCEA6E401A384C4F411A5A6E97DA4E53DA6C8F39F62304F201EC93EDFA76FDA6CE557C4389D5ACE744ED5578A391B6AF01F00F93F4EC7CE41F5C5D1FB11D367C0F2CEB4DD9A92BD8948D777F4285EEBB0870C9C39BD0523804A9FDDFCDE61810D8B958E172702EB97D10A98E9FDDFBE1FC2146230AA26B7FFF48B70ECFDBEF9E7CBBCC12308992FDEF8CA0CD9F0A387F1B68D661A46C37D7FAB9A4ECDE63BEF0A3D7732CA7A8E18C88EBEDF546E842E27CC04FA78A8C03DF22A747E2D627FC9EB3FD8A57337BE759D1957C1D31FCA3FEE6D171192B0C",

  46. 		"9BC5315580207C6C16DCF3A30C48DAF278DE12E8C27DF6735A4D0A8A41C4F666854E9B13673071CEB2FD61DEF9A850C211E7C50071B1DD0D"},

  47. 	FP_751: {

  48. 		"P-751",

  49. 		"../../etc/PQCkemKAT_644.rsp",

  50. 		"7C55E268665504B9A11A1B30B4363A4957960AD015A7B74DF39FB0141A95CC51A4BEBBB48452EF0C881220D68CB5FF904C0549F05F06BF49A520E684DD610A7E121B420C751B789BDCDB8B6EC136BA0CE74EB6904906057EA7343839EA35FAF2C3D7BE76C81DCA4DF0850CE5F111FF9FF97242EC5520310D7F90A004BACFD75408CBFE8948232A9CCF035136DE3691D9BEF110C3081AADF0D2328CE2CC94998D8AE94D6575083FAFA045F50201FCE841D01C214CC8BBEFCC701484215EA70518204C76A0DA89BEAF0B066F6FD9E78A2C908CF0AFF74E0B55477190F918397F0CF3A537B7911DA846196AD914114A15C2F3C1062D78B19D23348C3D3D4A9C2B2018B382CC44544DA2FA263EB6212D2D13F254216DE002D4AEA55C75C5349A681D7A809BCC29C4CAE1168AC790321FF7429FAAC2FC09465F93E10B9DD970901A1B1D045DDAC9D7B901E00F29AA9F2C87C8EF848E80B7B290ECF85D6BB4C7E975A939A7AFB63069F900A75C9B7B71C2E7472C21A87AB604B6372D4EBEC5974A711281A819636D8FA3E6608F2B81F35599BBB4A1EB5CBD8F743587550F8CE3A809F5C9C399DD52B2D15F217A36F3218C772FD4E67F67D526DEBE1D31FEC4634927A873A1A6CFE55FF1E35AB72EBBD22E3CDD9D2640813345015BB6BD25A6977D0391D4D78998DD178155FEBF247BED3A9F83EAF3346BA90098B908B2359B60491C94330626709D235D1CFB7C87DCA779CFBA23DA280DC06FAEA0FDB3773B0C6391F889D803B7C04AC6AB27375B440336789823176C57",

  51. 		"00010203040506070809000102030405060708090001020304050607080901028626ED79D451140800E03B59B956F8210E556067407D13DC90FA9E8B872BFB8FAB0A7289852106E40538D3575C500201"},

  52. }

  53. 

  54. // Fail if err !=nil. Display msg as an error message

  55. func checkErr(t testing.TB, err error, msg string) {

  56. 	if err != nil {

  57. 		t.Errorf("%s [%s]", msg, err)

  58. 	}

  59. }

  60. 

  61. // Encrypt, Decrypt, check if input/output plaintext is the same

  62. func testPKERoundTrip(t *testing.T, id uint8) {

  63. 	// Message to be encrypted

  64. 	var params = Params(id)

  65. 	var msg = make([]byte, params.MsgLen)

  66. 	for i, _ := range msg {

  67. 		msg[i] = byte(i)

  68. 	}

  69. 

  70. 	// Import keys

  71. 	pkB := NewPublicKey(params.Id, KeyVariant_SIKE)

  72. 	skB := NewPrivateKey(params.Id, KeyVariant_SIKE)

  73. 	pk_hex, err := hex.DecodeString(tdata[id].PkB)

  74. 	if err != nil {

  75. 		t.Fatal(err)

  76. 	}

  77. 	sk_hex, err := hex.DecodeString(tdata[id].PrB)

  78. 	if err != nil {

  79. 		t.Fatal(err)

  80. 	}

  81. 	if pkB.Import(pk_hex) != nil || skB.Import(sk_hex) != nil {

  82. 		t.Error("Import")

  83. 	}

  84. 

  85. 	ct, err := Encrypt(rand.Reader, pkB, msg[:])

  86. 	if err != nil {

  87. 		t.Fatal(err)

  88. 	}

  89. 	pt, err := Decrypt(skB, ct)

  90. 	if err != nil {

  91. 		t.Fatal(err)

  92. 	}

  93. 	if !bytes.Equal(pt[:], msg[:]) {

  94. 		t.Errorf("Decryption failed \n got : %X\n exp : %X", pt, msg)

  95. 	}

  96. }

  97. 

  98. // Generate key and check if can encrypt

  99. func testPKEKeyGeneration(t *testing.T, id uint8) {

  100. 	// Message to be encrypted

  101. 	var params = Params(id)

  102. 	var msg = make([]byte, params.MsgLen)

  103. 	var err error

  104. 	for i, _ := range msg {

  105. 		msg[i] = byte(i)

  106. 	}

  107. 

  108. 	sk := NewPrivateKey(id, KeyVariant_SIKE)

  109. 	err = sk.Generate(rand.Reader)

  110. 	checkErr(t, err, "PEK key generation")

  111. 	pk := sk.GeneratePublicKey()

  112. 

  113. 	// Try to encrypt

  114. 	ct, err := Encrypt(rand.Reader, pk, msg[:])

  115. 	checkErr(t, err, "PEK encryption")

  116. 	pt, err := Decrypt(sk, ct)

  117. 	checkErr(t, err, "PEK key decryption")

  118. 

  119. 	if !bytes.Equal(pt[:], msg[:]) {

  120. 		t.Fatalf("Decryption failed \n got : %X\n exp : %X", pt, msg)

  121. 	}

  122. }

  123. 

  124. func testNegativePKE(t *testing.T, id uint8) {

  125. 	var msg [40]byte

  126. 	var err error

  127. 	var params = Params(id)

  128. 

  129. 	// Generate key

  130. 	sk := NewPrivateKey(params.Id, KeyVariant_SIKE)

  131. 	err = sk.Generate(rand.Reader)

  132. 	checkErr(t, err, "key generation")

  133. 

  134. 	pk := sk.GeneratePublicKey()

  135. 

  136. 	// bytelen(msg) - 1

  137. 	ct, err := Encrypt(rand.Reader, pk, msg[:params.KemSize+8-1])

  138. 	if err == nil {

  139. 		t.Fatal("Error hasn't been returned")

  140. 	}

  141. 	if ct != nil {

  142. 		t.Fatal("Ciphertext must be nil")

  143. 	}

  144. 

  145. 	// KemSize - 1

  146. 	pt, err := Decrypt(sk, msg[:params.KemSize+8-1])

  147. 	if err == nil {

  148. 		t.Fatal("Error hasn't been returned")

  149. 	}

  150. 	if pt != nil {

  151. 		t.Fatal("Ciphertext must be nil")

  152. 	}

  153. }

  154. 

  155. func testKEMRoundTrip(t *testing.T, pkB, skB []byte, id uint8) {

  156. 	// Import keys

  157. 	pk := NewPublicKey(id, KeyVariant_SIKE)

  158. 	sk := NewPrivateKey(id, KeyVariant_SIKE)

  159. 	if pk.Import(pkB) != nil || sk.Import(skB) != nil {

  160. 		t.Error("Import failed")

  161. 	}

  162. 

  163. 	ct, ss_e, err := Encapsulate(rand.Reader, pk)

  164. 	if err != nil {

  165. 		t.Error("Encapsulate failed")

  166. 	}

  167. 

  168. 	ss_d, err := Decapsulate(sk, pk, ct)

  169. 	if err != nil {

  170. 		t.Error("Decapsulate failed")

  171. 	}

  172. 	if !bytes.Equal(ss_e, ss_d) {

  173. 		t.Error("Shared secrets from decapsulation and encapsulation differ")

  174. 	}

  175. }

  176. 

  177. func TestKEMRoundTrip(t *testing.T) {

  178. 	for id, val := range tdata {

  179. 		fmt.Printf("\tTesting: %s\n", val.name)

  180. 		pk, err := hex.DecodeString(tdata[id].PkB)

  181. 		checkErr(t, err, "public key B not a number")

  182. 		sk, err := hex.DecodeString(tdata[id].PrB)

  183. 		checkErr(t, err, "private key B not a number")

  184. 		testKEMRoundTrip(t, pk, sk, id)

  185. 	}

  186. }

  187. 

  188. func testKEMKeyGeneration(t *testing.T, id uint8) {

  189. 	// Generate key

  190. 	sk := NewPrivateKey(id, KeyVariant_SIKE)

  191. 	checkErr(t, sk.Generate(rand.Reader), "error: key generation")

  192. 	pk := sk.GeneratePublicKey()

  193. 

  194. 	// calculated shared secret

  195. 	ct, ss_e, err := Encapsulate(rand.Reader, pk)

  196. 	checkErr(t, err, "encapsulation failed")

  197. 	ss_d, err := Decapsulate(sk, pk, ct)

  198. 	checkErr(t, err, "decapsulation failed")

  199. 

  200. 	if !bytes.Equal(ss_e, ss_d) {

  201. 		t.Fatalf("KEM failed \n encapsulated: %X\n decapsulated: %X", ss_d, ss_e)

  202. 	}

  203. }

  204. 

  205. func testNegativeKEM(t *testing.T, id uint8) {

  206. 	sk := NewPrivateKey(id, KeyVariant_SIKE)

  207. 	checkErr(t, sk.Generate(rand.Reader), "error: key generation")

  208. 	pk := sk.GeneratePublicKey()

  209. 

  210. 	ct, ss_e, err := Encapsulate(rand.Reader, pk)

  211. 	checkErr(t, err, "pre-requisite for a test failed")

  212. 

  213. 	ct[0] = ct[0] - 1

  214. 	ss_d, err := Decapsulate(sk, pk, ct)

  215. 	checkErr(t, err, "decapsulation returns error when invalid ciphertext provided")

  216. 

  217. 	if bytes.Equal(ss_e, ss_d) {

  218. 		// no idea how this could ever happen, but it would be very bad

  219. 		t.Error("critical error")

  220. 	}

  221. 

  222. 	// Try encapsulating with SIDH key

  223. 	pkSidh := NewPublicKey(params.Id, KeyVariant_SIDH_B)

  224. 	prSidh := NewPrivateKey(params.Id, KeyVariant_SIDH_B)

  225. 	_, _, err = Encapsulate(rand.Reader, pkSidh)

  226. 	if err == nil {

  227. 		t.Error("encapsulation accepts SIDH public key")

  228. 	}

  229. 	// Try decapsulating with SIDH key

  230. 	_, err = Decapsulate(prSidh, pk, ct)

  231. 	if err == nil {

  232. 		t.Error("decapsulation accepts SIDH private key key")

  233. 	}

  234. }

  235. 

  236. // In case invalid ciphertext is provided, SIKE's decapsulation must

  237. // return same (but unpredictable) result for a given key.

  238. func testNegativeKEMSameWrongResult(t *testing.T, id uint8) {

  239. 	sk := NewPrivateKey(id, KeyVariant_SIKE)

  240. 	checkErr(t, sk.Generate(rand.Reader), "error: key generation")

  241. 	pk := sk.GeneratePublicKey()

  242. 

  243. 	ct, encSs, err := Encapsulate(rand.Reader, pk)

  244. 	checkErr(t, err, "pre-requisite for a test failed")

  245. 

  246. 	// make ciphertext wrong

  247. 	ct[0] = ct[0] - 1

  248. 	decSs1, err := Decapsulate(sk, pk, ct)

  249. 	checkErr(t, err, "pre-requisite for a test failed")

  250. 

  251. 	// second decapsulation must be done with same, but imported private key

  252. 	expSk := sk.Export()

  253. 

  254. 	// creat new private key

  255. 	sk = NewPrivateKey(params.Id, KeyVariant_SIKE)

  256. 	err = sk.Import(expSk)

  257. 	checkErr(t, err, "import failed")

  258. 

  259. 	// try decapsulating again. ss2 must be same as ss1 and different than

  260. 	// original plaintext

  261. 	decSs2, err := Decapsulate(sk, pk, ct)

  262. 	checkErr(t, err, "pre-requisite for a test failed")

  263. 

  264. 	if !bytes.Equal(decSs1, decSs2) {

  265. 		t.Error("decapsulation is insecure")

  266. 	}

  267. 

  268. 	if bytes.Equal(encSs, decSs1) || bytes.Equal(encSs, decSs2) {

  269. 		// this test requires that decapsulation returns wrong result

  270. 		t.Errorf("test implementation error")

  271. 	}

  272. }

  273. 

  274. func readAndCheckLine(r *bufio.Reader) []byte {

  275. 	// Read next line from buffer

  276. 	line, isPrefix, err := r.ReadLine()

  277. 	if err != nil || isPrefix {

  278. 		panic("Wrong format of input file")

  279. 	}

  280. 

  281. 	// Function expects that line is in format "KEY = HEX_VALUE". Get

  282. 	// value, which should be a hex string

  283. 	hexst := strings.Split(string(line), "=")[1]

  284. 	hexst = strings.TrimSpace(hexst)

  285. 	// Convert value to byte string

  286. 	ret, err := hex.DecodeString(hexst)

  287. 	if err != nil {

  288. 		panic("Wrong format of input file")

  289. 	}

  290. 	return ret

  291. }

  292. 

  293. func testKeygen(pk, sk []byte) bool {

  294. 	// Import provided private key

  295. 	var prvKey = NewPrivateKey(params.Id, KeyVariant_SIKE)

  296. 	if prvKey.Import(sk) != nil {

  297. 		panic("sike test: can't load KAT")

  298. 	}

  299. 

  300. 	// Generate public key

  301. 	pubKey := prvKey.GeneratePublicKey()

  302. 	return bytes.Equal(pubKey.Export(), pk)

  303. }

  304. 

  305. func testDecapsulation(pk, sk, ct, ssExpected []byte) bool {

  306. 	var pubKey = NewPublicKey(params.Id, KeyVariant_SIKE)

  307. 	var prvKey = NewPrivateKey(params.Id, KeyVariant_SIKE)

  308. 	if pubKey.Import(pk) != nil || prvKey.Import(sk) != nil {

  309. 		panic("sike test: can't load KAT")

  310. 	}

  311. 

  312. 	ssGot, err := Decapsulate(prvKey, pubKey, ct)

  313. 	if err != nil {

  314. 		panic("sike test: can't perform decapsulation KAT")

  315. 	}

  316. 

  317. 	if err != nil {

  318. 		return false

  319. 	}

  320. 	return bytes.Equal(ssGot, ssExpected)

  321. }

  322. 

  323. func testSIKE_KAT(t *testing.T, id uint8) {

  324. 	f, err := os.Open(tdata[id].KatFile)

  325. 	if err != nil {

  326. 		t.Fatal(err)

  327. 	}

  328. 

  329. 	r := bufio.NewReader(f)

  330. 	for {

  331. 		line, isPrefix, err := r.ReadLine()

  332. 		if err != nil || isPrefix {

  333. 			if err == io.EOF {

  334. 				break

  335. 			} else {

  336. 				t.Fatal(err)

  337. 			}

  338. 		}

  339. 		if len(strings.TrimSpace(string(line))) == 0 || line[0] == '#' {

  340. 			continue

  341. 		}

  342. 

  343. 		// count

  344. 		count := strings.Split(string(line), "=")[1]

  345. 		// seed

  346. 		_ = readAndCheckLine(r)

  347. 		// pk

  348. 		pk := readAndCheckLine(r)

  349. 		// sk (secret key in test vector is concatenation of

  350. 		// MSG + SECRET_BOB_KEY + PUBLIC_BOB_KEY. We use only MSG+SECRET_BOB_KEY

  351. 		sk := readAndCheckLine(r)

  352. 		sk = sk[:params.MsgLen+uint(params.B.SecretByteLen)]

  353. 		// ct

  354. 		ct := readAndCheckLine(r)

  355. 		// ss

  356. 		ss := readAndCheckLine(r)

  357. 

  358. 		if !testKeygen(pk, sk) {

  359. 			t.Fatalf("KAT keygen form private failed at %s\n", count)

  360. 		}

  361. 

  362. 		if !testDecapsulation(pk, sk, ct, ss) {

  363. 			t.Fatalf("KAT decapsulation failed at %s\n", count)

  364. 		}

  365. 

  366. 		// aditionally test roundtrip with a keypair

  367. 		testKEMRoundTrip(t, pk, sk, id)

  368. 	}

  369. }

  370. 

  371. // Interface to "testing"

  372. func TestPKEKeyGeneration(t *testing.T)           { Do(testPKEKeyGeneration, t) }

  373. func TestPKERoundTrip(t *testing.T)               { Do(testPKERoundTrip, t) }

  374. func TestNegativePKE(t *testing.T)                { Do(testNegativePKE, t) }

  375. func TestKEMKeyGeneration(t *testing.T)           { Do(testKEMKeyGeneration, t) }

  376. func TestNegativeKEM(t *testing.T)                { Do(testNegativeKEM, t) }

  377. func TestSIKE_KAT(t *testing.T)                   { Do(testSIKE_KAT, t) }

  378. func TestNegativeKEMSameWrongResult(t *testing.T) { Do(testNegativeKEMSameWrongResult, t) }