2019-05-24 17:38:54 +01:00
|
|
|
#include "api.h"
|
|
|
|
#include "niederreiter.h"
|
|
|
|
#include "randombytes.h"
|
2019-05-19 18:14:46 +01:00
|
|
|
#include "rng.h"
|
2019-05-24 17:38:54 +01:00
|
|
|
|
2019-05-19 18:14:46 +01:00
|
|
|
#include <string.h>
|
|
|
|
|
2019-05-24 17:38:54 +01:00
|
|
|
/* Generates a keypair - pk is the public key and sk is the secret key. */
|
|
|
|
int PQCLEAN_LEDAKEMLT12_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
2019-05-19 18:14:46 +01:00
|
|
|
AES_XOF_struct niederreiter_keys_expander;
|
2019-06-07 12:02:25 +01:00
|
|
|
|
2019-05-24 17:38:54 +01:00
|
|
|
randombytes(((privateKeyNiederreiter_t *)sk)->prng_seed, TRNG_BYTE_LENGTH);
|
2019-06-07 12:02:25 +01:00
|
|
|
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_keys_expander, ((privateKeyNiederreiter_t *)sk)->prng_seed);
|
|
|
|
PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen((publicKeyNiederreiter_t *) pk, (privateKeyNiederreiter_t *) sk, &niederreiter_keys_expander);
|
|
|
|
|
2019-05-19 18:14:46 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-06-07 12:02:25 +01:00
|
|
|
static void error_tobytes(uint8_t *error_bytes, const uint64_t *error_digits) {
|
|
|
|
size_t i, j, k;
|
|
|
|
uint64_t t;
|
|
|
|
|
|
|
|
for (i = 0; i < N0; i++) {
|
|
|
|
for (j = 0; j < NUM_DIGITS_GF2X_ELEMENT; j++) {
|
|
|
|
t = error_digits[i * NUM_DIGITS_GF2X_ELEMENT + j];
|
|
|
|
for (k = 0; k < DIGIT_SIZE_B; k++) {
|
|
|
|
error_bytes[(i * NUM_DIGITS_GF2X_ELEMENT + j) * DIGIT_SIZE_B + k] = (uint8_t) ((t >> (8 * k)) & 0xFF);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-19 18:14:46 +01:00
|
|
|
/* Encrypt - pk is the public key, ct is a key encapsulation message
|
|
|
|
(ciphertext), ss is the shared secret.*/
|
2019-06-07 12:02:25 +01:00
|
|
|
int PQCLEAN_LEDAKEMLT12_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
|
2019-05-19 18:14:46 +01:00
|
|
|
AES_XOF_struct niederreiter_encap_key_expander;
|
|
|
|
unsigned char encapsulated_key_seed[TRNG_BYTE_LENGTH];
|
2019-05-24 17:38:54 +01:00
|
|
|
DIGIT error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
|
2019-06-07 12:02:25 +01:00
|
|
|
uint8_t error_bytes[N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B];
|
2019-05-24 17:38:54 +01:00
|
|
|
|
2019-05-19 18:14:46 +01:00
|
|
|
randombytes(encapsulated_key_seed, TRNG_BYTE_LENGTH);
|
2019-05-24 17:38:54 +01:00
|
|
|
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_encap_key_expander, encapsulated_key_seed);
|
2019-05-27 19:17:53 +01:00
|
|
|
PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(error_vector, &niederreiter_encap_key_expander);
|
2019-06-07 12:02:25 +01:00
|
|
|
error_tobytes(error_bytes, error_vector);
|
|
|
|
HASH_FUNCTION(ss, error_bytes, (N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B));
|
2019-05-24 17:38:54 +01:00
|
|
|
PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt((DIGIT *) ct, (publicKeyNiederreiter_t *) pk, error_vector);
|
2019-06-07 12:02:25 +01:00
|
|
|
|
2019-05-19 18:14:46 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Decrypt - ct is a key encapsulation message (ciphertext), sk is the private
|
|
|
|
key, ss is the shared secret */
|
2019-06-07 12:02:25 +01:00
|
|
|
int PQCLEAN_LEDAKEMLT12_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
2019-05-19 18:14:46 +01:00
|
|
|
DIGIT decoded_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
|
2019-06-07 12:02:25 +01:00
|
|
|
uint8_t decoded_error_bytes[N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B];
|
2019-05-19 18:14:46 +01:00
|
|
|
|
2019-06-07 12:02:25 +01:00
|
|
|
PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(decoded_error_vector, (privateKeyNiederreiter_t *)sk, (DIGIT *)ct);
|
|
|
|
error_tobytes(decoded_error_bytes, decoded_error_vector);
|
|
|
|
HASH_FUNCTION(ss, decoded_error_bytes, (N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B));
|
2019-05-27 19:17:53 +01:00
|
|
|
|
|
|
|
return 0;
|
2019-05-19 18:14:46 +01:00
|
|
|
}
|