From 6f31e7e4c2949554bbbe029e66cc9f7387ec93e7 Mon Sep 17 00:00:00 2001 From: Leon Date: Fri, 7 Jun 2019 13:02:25 +0200 Subject: [PATCH] serialize error_vector before hashing instead of pointer cast --- crypto_kem/ledakemlt12/clean/kem.c | 45 +++++++++++++++++++----------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/crypto_kem/ledakemlt12/clean/kem.c b/crypto_kem/ledakemlt12/clean/kem.c index 004d3fb7..bf8413e7 100644 --- a/crypto_kem/ledakemlt12/clean/kem.c +++ b/crypto_kem/ledakemlt12/clean/kem.c @@ -8,45 +8,56 @@ /* Generates a keypair - pk is the public key and sk is the secret key. */ int PQCLEAN_LEDAKEMLT12_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { AES_XOF_struct niederreiter_keys_expander; + randombytes(((privateKeyNiederreiter_t *)sk)->prng_seed, TRNG_BYTE_LENGTH); - PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_keys_expander, - ((privateKeyNiederreiter_t *)sk)->prng_seed); - PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen((publicKeyNiederreiter_t *) pk, - (privateKeyNiederreiter_t *) sk, - &niederreiter_keys_expander); + PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_keys_expander, ((privateKeyNiederreiter_t *)sk)->prng_seed); + PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen((publicKeyNiederreiter_t *) pk, (privateKeyNiederreiter_t *) sk, &niederreiter_keys_expander); + return 0; } +static void error_tobytes(uint8_t *error_bytes, const uint64_t *error_digits) { + size_t i, j, k; + uint64_t t; + + for (i = 0; i < N0; i++) { + for (j = 0; j < NUM_DIGITS_GF2X_ELEMENT; j++) { + t = error_digits[i * NUM_DIGITS_GF2X_ELEMENT + j]; + for (k = 0; k < DIGIT_SIZE_B; k++) { + error_bytes[(i * NUM_DIGITS_GF2X_ELEMENT + j) * DIGIT_SIZE_B + k] = (uint8_t) ((t >> (8 * k)) & 0xFF); + } + } + } +} + /* Encrypt - pk is the public key, ct is a key encapsulation message (ciphertext), ss is the shared secret.*/ -int PQCLEAN_LEDAKEMLT12_CLEAN_crypto_kem_enc( unsigned char *ct, unsigned char *ss, const unsigned char *pk) { +int PQCLEAN_LEDAKEMLT12_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) { AES_XOF_struct niederreiter_encap_key_expander; unsigned char encapsulated_key_seed[TRNG_BYTE_LENGTH]; DIGIT error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT]; + uint8_t error_bytes[N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B]; randombytes(encapsulated_key_seed, TRNG_BYTE_LENGTH); PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_encap_key_expander, encapsulated_key_seed); - PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(error_vector, &niederreiter_encap_key_expander); - - HASH_FUNCTION(ss, (const uint8_t *) error_vector, (N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B)); - + error_tobytes(error_bytes, error_vector); + HASH_FUNCTION(ss, error_bytes, (N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B)); PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt((DIGIT *) ct, (publicKeyNiederreiter_t *) pk, error_vector); + return 0; } /* Decrypt - ct is a key encapsulation message (ciphertext), sk is the private key, ss is the shared secret */ -int PQCLEAN_LEDAKEMLT12_CLEAN_crypto_kem_dec(unsigned char *ss, - const unsigned char *ct, - const unsigned char *sk ) { +int PQCLEAN_LEDAKEMLT12_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) { DIGIT decoded_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT]; + uint8_t decoded_error_bytes[N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B]; - PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(decoded_error_vector, - (privateKeyNiederreiter_t *)sk, - (DIGIT *)ct); - HASH_FUNCTION(ss, (const unsigned char *) decoded_error_vector, (N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B)); + PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(decoded_error_vector, (privateKeyNiederreiter_t *)sk, (DIGIT *)ct); + error_tobytes(decoded_error_bytes, decoded_error_vector); + HASH_FUNCTION(ss, decoded_error_bytes, (N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B)); return 0; }