|
|
@@ -0,0 +1,329 @@ |
|
|
|
package main |
|
|
|
|
|
|
|
/* |
|
|
|
#cgo CFLAGS: -I../msr/include |
|
|
|
#cgo LDFLAGS: -L../msr/lib -lsidh751 |
|
|
|
#include <P751_api.h> |
|
|
|
*/ |
|
|
|
import "C" |
|
|
|
import "fmt" |
|
|
|
import rand "crypto/rand" |
|
|
|
import sidh "github.com/henrydcase/nobs/dh/sidh" |
|
|
|
import sike "github.com/henrydcase/nobs/kem/sike" |
|
|
|
import "unsafe" |
|
|
|
|
|
|
|
const ( |
|
|
|
CSKsz = 644 |
|
|
|
GSKsz = 80 // 80 because MSR concatenates public key to the secret key |
|
|
|
PKsz = 564 |
|
|
|
CTsz = 596 |
|
|
|
SSsz = 24 |
|
|
|
) |
|
|
|
|
|
|
|
// Helpers for byte convertion |
|
|
|
func convBytesGoToC(goBytes []byte, cBytes []C.uchar) { |
|
|
|
for i,v:=range(goBytes) { |
|
|
|
cBytes[i] = C.uchar(v) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
func convBytesCToGo(cBytes []C.uchar, goBytes []byte) { |
|
|
|
goBytes=C.GoBytes(unsafe.Pointer(&cBytes[0]), GSKsz) |
|
|
|
} |
|
|
|
|
|
|
|
// Helpers for key generation |
|
|
|
func keygenMsr() (*sidh.PublicKey, *sidh.PrivateKey) { |
|
|
|
var prvKey = sidh.NewPrivateKey(sidh.FP_751, sidh.KeyVariant_SIKE) |
|
|
|
var pubKey = sidh.NewPublicKey(sidh.FP_751, sidh.KeyVariant_SIKE) |
|
|
|
var msrPK [PKsz]C.uchar |
|
|
|
var msrSK [CSKsz]C.uchar |
|
|
|
|
|
|
|
if C.crypto_kem_keypair_SIKEp751(&msrPK[0], &msrSK[0]) != 0 { |
|
|
|
panic(0) |
|
|
|
} |
|
|
|
|
|
|
|
if prvKey.Import(C.GoBytes(unsafe.Pointer(&msrSK[0]), GSKsz)) != nil { |
|
|
|
panic(0) |
|
|
|
} |
|
|
|
|
|
|
|
if pubKey.Import(C.GoBytes(unsafe.Pointer(&msrPK[0]), PKsz)) != nil { |
|
|
|
panic(0) |
|
|
|
} |
|
|
|
|
|
|
|
return pubKey, prvKey |
|
|
|
} |
|
|
|
|
|
|
|
func keygenCf() (*sidh.PublicKey, *sidh.PrivateKey) { |
|
|
|
var prvKey = sidh.NewPrivateKey(sidh.FP_751, sidh.KeyVariant_SIKE) |
|
|
|
|
|
|
|
err := prvKey.Generate(rand.Reader) |
|
|
|
if err!=nil { |
|
|
|
fmt.Errorf("ERR: Generate private key for CF failed") |
|
|
|
} |
|
|
|
pubKey, _ := sidh.GeneratePublicKey(prvKey) |
|
|
|
return pubKey,prvKey |
|
|
|
} |
|
|
|
|
|
|
|
// MSR keygen |
|
|
|
// MSR Encapsulate |
|
|
|
// CF Decapsulate |
|
|
|
func test_msrK_msrE_cfD() { |
|
|
|
var msrCipherText [CTsz]C.uchar |
|
|
|
var ss2 [SSsz]C.uchar |
|
|
|
var msrSK [CSKsz]C.uchar |
|
|
|
|
|
|
|
pubKey, prvKey := keygenMsr() |
|
|
|
ctext, ss1, err := sike.Encapsulate(rand.Reader, pubKey) |
|
|
|
if err != nil { |
|
|
|
panic(0) |
|
|
|
} |
|
|
|
|
|
|
|
for i,_:=range(ctext) { |
|
|
|
msrCipherText[i] = C.uchar(ctext[i]) |
|
|
|
} |
|
|
|
|
|
|
|
convBytesGoToC(prvKey.Export(), msrSK[:]) |
|
|
|
convBytesGoToC(pubKey.Export(), msrSK[80:]) |
|
|
|
if C.crypto_kem_dec_SIKEp751(&msrSK[0], &msrCipherText[0], &ss2[0]) != 0 { |
|
|
|
panic(0) |
|
|
|
} |
|
|
|
for _,i:=range(ss2) { |
|
|
|
if byte(ss2[i]) != ss1[i] { |
|
|
|
fmt.Printf("LEN=%d %X\n", len(ss2), ss2) |
|
|
|
// fmt.Printf("LEN=%d %X\n", len(ss1), ss1) |
|
|
|
fmt.Println("ERR: shared secrets differ") |
|
|
|
break |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// CF keygen |
|
|
|
// CF Encapsulate |
|
|
|
// MSR Decapsulate |
|
|
|
func test_cfK_cfE_msrD() { |
|
|
|
// C variables |
|
|
|
var cSS [SSsz]C.uchar |
|
|
|
var cCT [CTsz]C.uchar |
|
|
|
var cPK [PKsz]C.uchar |
|
|
|
var cSK [CSKsz]C.uchar |
|
|
|
|
|
|
|
pubKey, prvKey := keygenCf() |
|
|
|
convBytesGoToC(pubKey.Export(), cPK[:]) |
|
|
|
gCT, gSS, err := sike.Encapsulate(rand.Reader, pubKey) |
|
|
|
if err != nil { |
|
|
|
panic("err: SIKE CF encapsulation") |
|
|
|
} |
|
|
|
|
|
|
|
convBytesGoToC(gCT[:], cCT[:]) |
|
|
|
convBytesGoToC(prvKey.Export(), cSK[:]) |
|
|
|
convBytesGoToC(pubKey.Export(), cSK[80:]) |
|
|
|
if C.crypto_kem_dec_SIKEp751(&cSS[0], &cCT[0], &cSK[0]) != 0 { |
|
|
|
panic("Decapsulation failed") |
|
|
|
} |
|
|
|
|
|
|
|
for i,_:=range(gSS) { |
|
|
|
if gSS[i] != byte(cSS[i]) { |
|
|
|
fmt.Printf("LEN=%d %X\n", len(gSS), gSS) |
|
|
|
fmt.Printf("LEN=%d %X\n", len(cSS), cSS) |
|
|
|
fmt.Println("ERR: shared secrets differ") |
|
|
|
break |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// CF keygen |
|
|
|
// MSR Encapsulate |
|
|
|
// CF Decapsulate |
|
|
|
func test_cfK_msrE_cfD() { |
|
|
|
// C variables |
|
|
|
var cSS [SSsz]C.uchar |
|
|
|
var cCT [CTsz]C.uchar |
|
|
|
var cPK [PKsz]C.uchar |
|
|
|
// GO variables |
|
|
|
var gCT [CTsz]byte |
|
|
|
pubKey, prvKey := keygenCf() |
|
|
|
|
|
|
|
convBytesGoToC(pubKey.Export(), cPK[:]) |
|
|
|
C.crypto_kem_enc_SIKEp751(&cCT[0], &cSS[0], &cPK[0]) |
|
|
|
|
|
|
|
convBytesCToGo(cCT[:], gCT[:]) |
|
|
|
gSS, err := sike.Decapsulate(prvKey, pubKey, gCT[:]) |
|
|
|
if err != nil { |
|
|
|
panic("Decapsulation failed") |
|
|
|
} |
|
|
|
|
|
|
|
for i,_:=range(gSS) { |
|
|
|
if gSS[i] != byte(cSS[i]) { |
|
|
|
fmt.Printf("LEN=%d %X\n", len(gSS), gSS) |
|
|
|
fmt.Printf("LEN=%d %X\n", len(cSS), cSS) |
|
|
|
fmt.Printf("LEN=%d %X\n", len(gCT), gCT) |
|
|
|
fmt.Println("ERR: shared secrets differ") |
|
|
|
break |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
func test_cfK_msrK_msrD() { |
|
|
|
// C variables |
|
|
|
var cSS [SSsz]C.uchar |
|
|
|
var cSS2 [SSsz]C.uchar |
|
|
|
var cCT [CTsz]C.uchar |
|
|
|
var cPK [PKsz]C.uchar |
|
|
|
var cSK [CSKsz]C.uchar |
|
|
|
// GO variables |
|
|
|
pubKey, prvKey := keygenCf() |
|
|
|
|
|
|
|
convBytesGoToC(pubKey.Export(), cPK[:]) |
|
|
|
C.crypto_kem_enc_SIKEp751(&cCT[0], &cSS[0], &cPK[0]) |
|
|
|
|
|
|
|
convBytesGoToC(prvKey.Export(), cSK[:]) |
|
|
|
convBytesGoToC(pubKey.Export(), cSK[80:]) |
|
|
|
C.crypto_kem_dec_SIKEp751(&cSS2[0], &cCT[0], &cSK[0]) |
|
|
|
|
|
|
|
for i,_:=range(cSS) { |
|
|
|
if cSS[i] != cSS2[i] {//gSS[i] != byte(cSS[i]) { |
|
|
|
fmt.Printf("LEN=%d %X\n", len(cSS2), cSS2) |
|
|
|
fmt.Printf("LEN=%d %X\n", len(cSS), cSS) |
|
|
|
fmt.Println("ERR: shared secrets differ") |
|
|
|
break |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// MSR keygen |
|
|
|
// CF Encapsulate |
|
|
|
// MSR Decapsulate |
|
|
|
func test_msrK_cfE_msrD() { |
|
|
|
var cCT [CTsz]C.uchar |
|
|
|
var cSS [SSsz]C.uchar |
|
|
|
var cSK [CSKsz]C.uchar |
|
|
|
|
|
|
|
pubKey, prvKey := keygenMsr() |
|
|
|
gCT, gSS, err := sike.Encapsulate(rand.Reader, pubKey) |
|
|
|
if err != nil { |
|
|
|
panic(0) |
|
|
|
} |
|
|
|
convBytesGoToC(gCT, cCT[:]) |
|
|
|
convBytesGoToC(prvKey.Export(), cSK[:]) |
|
|
|
convBytesGoToC(pubKey.Export(), cSK[80:]) |
|
|
|
if C.crypto_kem_dec_SIKEp751(&cSS[0], &cCT[0], &cSK[0]) != 0 { |
|
|
|
panic(0) |
|
|
|
} |
|
|
|
for i:=0; i<SSsz; i++ { |
|
|
|
if byte(cSS[i]) != gSS[i] { |
|
|
|
fmt.Println("ERR: shared secrets differ") |
|
|
|
break |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// MSR keygen |
|
|
|
// MSR Encapsulate |
|
|
|
// CF Decapsulate |
|
|
|
func test_msrK_msrK_cfD() { |
|
|
|
// C variables |
|
|
|
var cSS [SSsz]C.uchar |
|
|
|
var cCT [CTsz]C.uchar |
|
|
|
var cPK [PKsz]C.uchar |
|
|
|
var cSK [CSKsz]C.uchar |
|
|
|
var gCT [CTsz]byte |
|
|
|
|
|
|
|
// GO variables |
|
|
|
pubKey, prvKey := keygenMsr() |
|
|
|
convBytesGoToC(prvKey.Export(), cSK[:]) |
|
|
|
convBytesGoToC(pubKey.Export(), cSK[80:]) |
|
|
|
convBytesGoToC(pubKey.Export(), cPK[:]) |
|
|
|
C.crypto_kem_enc_SIKEp751(&cCT[0], &cSS[0], &cPK[0]) |
|
|
|
|
|
|
|
convBytesCToGo(cCT[:], gCT[:]) |
|
|
|
gSS, err := sike.Decapsulate(prvKey, pubKey, gCT[:]) |
|
|
|
if err!=nil { |
|
|
|
panic(0) |
|
|
|
} |
|
|
|
for i,_:=range(cSS) { |
|
|
|
if byte(cSS[i]) != gSS[i] { |
|
|
|
fmt.Printf("LEN=%d %X\n", len(gSS), gSS) |
|
|
|
fmt.Printf("LEN=%d %X\n", len(cSS), cSS) |
|
|
|
fmt.Println("ERR: shared secrets differ") |
|
|
|
break |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// MSR keygen |
|
|
|
// CF Encapsulate |
|
|
|
// CF Decapsulate |
|
|
|
func test_msrK_cfE_cfD() { |
|
|
|
pubKey, prvKey := keygenMsr() |
|
|
|
gCT, gSS1, err := sike.Encapsulate(rand.Reader, pubKey) |
|
|
|
if err != nil { |
|
|
|
panic("err: SIKE CF encapsulation") |
|
|
|
} |
|
|
|
|
|
|
|
gSS2, err := sike.Decapsulate(prvKey, pubKey, gCT) |
|
|
|
if err!=nil || len(gSS1) != len(gSS2) { |
|
|
|
panic("Decapsulation failed") |
|
|
|
} |
|
|
|
|
|
|
|
for i,_:=range(gSS1) { |
|
|
|
if gSS1[i] != gSS2[i] { |
|
|
|
fmt.Printf("LEN=%d %X\n", len(gSS1), gSS1) |
|
|
|
fmt.Printf("LEN=%d %X\n", len(gSS2), gSS2) |
|
|
|
fmt.Println("ERR: shared secrets differ") |
|
|
|
break |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// For CGO testing really |
|
|
|
// ---------------------- |
|
|
|
func test_msrK_msrK_msrD() { |
|
|
|
// C variables |
|
|
|
var cSS [SSsz]C.uchar |
|
|
|
var cSS2 [SSsz]C.uchar |
|
|
|
var cCT [CTsz]C.uchar |
|
|
|
var cPK [PKsz]C.uchar |
|
|
|
var cSK [CSKsz]C.uchar |
|
|
|
|
|
|
|
// GO variables |
|
|
|
pubKey, prvKey := keygenMsr() |
|
|
|
convBytesGoToC(prvKey.Export(), cSK[:]) |
|
|
|
convBytesGoToC(pubKey.Export(), cSK[80:]) |
|
|
|
convBytesGoToC(pubKey.Export(), cPK[:]) |
|
|
|
C.crypto_kem_enc_SIKEp751(&cCT[0], &cSS[0], &cPK[0]) |
|
|
|
C.crypto_kem_dec_SIKEp751(&cSS2[0], &cCT[0], &cSK[0]) |
|
|
|
|
|
|
|
for i,_:=range(cSS) { |
|
|
|
if cSS[i] != cSS2[i] { |
|
|
|
fmt.Printf("LEN=%d %X\n", len(cSS2), cSS2) |
|
|
|
fmt.Printf("LEN=%d %X\n", len(cSS), cSS) |
|
|
|
fmt.Println("ERR: shared secrets differ") |
|
|
|
break |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
func debug() { |
|
|
|
// fmt.Println("MSR+MSR+MSR") |
|
|
|
// test_msrK_msrK_msrD() |
|
|
|
// fmt.Println("CF+MSR+CF") |
|
|
|
// test_cfK_msrE_cfD() |
|
|
|
// fmt.Println("MSR+CF+MSR") |
|
|
|
// test_msrK_cfE_msrD() |
|
|
|
// fmt.Println("MSR+MSR+CF") |
|
|
|
// test_msrK_msrK_cfD() |
|
|
|
// fmt.Println("MSR+CF+CF") |
|
|
|
// test_msrK_cfE_cfD() |
|
|
|
|
|
|
|
fmt.Println("CF+CF+MSR") |
|
|
|
test_cfK_cfE_msrD() |
|
|
|
fmt.Println("CF+MSR+MSR") |
|
|
|
test_cfK_msrK_msrD() |
|
|
|
} |
|
|
|
|
|
|
|
func main() { |
|
|
|
for i:=0; i<1000; i++ { |
|
|
|
debug() |
|
|
|
} |
|
|
|
} |
|
|
|
|