Botan  2.1.0
Crypto and TLS for C++11
mceies.cpp
Go to the documentation of this file.
1 /*
2 * McEliece Integrated Encryption System
3 * (C) 2014,2015 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/mceies.h>
9 #include <botan/aead.h>
10 #include <botan/mceliece.h>
11 #include <botan/pubkey.h>
12 
13 namespace Botan {
14 
15 namespace {
16 
17 secure_vector<uint8_t> aead_key(const secure_vector<uint8_t>& mk,
18  const AEAD_Mode& aead)
19  {
20  // Fold the key as required for the AEAD mode in use
21  if(aead.valid_keylength(mk.size()))
22  return mk;
23 
24  secure_vector<uint8_t> r(aead.key_spec().maximum_keylength());
25  for(size_t i = 0; i != mk.size(); ++i)
26  r[i % r.size()] ^= mk[i];
27  return r;
28  }
29 
30 }
31 
32 secure_vector<uint8_t>
34  const uint8_t pt[], size_t pt_len,
35  const uint8_t ad[], size_t ad_len,
37  const std::string& algo)
38  {
39  PK_KEM_Encryptor kem_op(pubkey, rng, "KDF1(SHA-512)");
40 
41  secure_vector<uint8_t> mce_ciphertext, mce_key;
42  kem_op.encrypt(mce_ciphertext, mce_key, 64, rng);
43 
44  const size_t mce_code_bytes = (pubkey.get_code_length() + 7) / 8;
45 
46  BOTAN_ASSERT(mce_ciphertext.size() == mce_code_bytes, "Unexpected size");
47 
48  std::unique_ptr<AEAD_Mode> aead(get_aead(algo, ENCRYPTION));
49  if(!aead)
50  throw Exception("mce_encrypt unable to create AEAD instance '" + algo + "'");
51 
52  const size_t nonce_len = aead->default_nonce_length();
53 
54  aead->set_key(aead_key(mce_key, *aead));
55  aead->set_associated_data(ad, ad_len);
56 
57  const secure_vector<uint8_t> nonce = rng.random_vec(nonce_len);
58 
59  secure_vector<uint8_t> msg(mce_ciphertext.size() + nonce.size() + pt_len);
60  copy_mem(msg.data(), mce_ciphertext.data(), mce_ciphertext.size());
61  copy_mem(msg.data() + mce_ciphertext.size(), nonce.data(), nonce.size());
62  copy_mem(msg.data() + mce_ciphertext.size() + nonce.size(), pt, pt_len);
63 
64  aead->start(nonce);
65  aead->finish(msg, mce_ciphertext.size() + nonce.size());
66  return msg;
67  }
68 
69 secure_vector<uint8_t>
71  const uint8_t ct[], size_t ct_len,
72  const uint8_t ad[], size_t ad_len,
73  const std::string& algo)
74  {
75  try
76  {
77  Null_RNG null_rng;
78  PK_KEM_Decryptor kem_op(privkey, null_rng, "KDF1(SHA-512)");
79 
80  const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8;
81 
82  std::unique_ptr<AEAD_Mode> aead(get_aead(algo, DECRYPTION));
83  if(!aead)
84  throw Exception("Unable to create AEAD instance '" + algo + "'");
85 
86  const size_t nonce_len = aead->default_nonce_length();
87 
88  if(ct_len < mce_code_bytes + nonce_len + aead->tag_size())
89  throw Exception("Input message too small to be valid");
90 
91  const secure_vector<uint8_t> mce_key = kem_op.decrypt(ct, mce_code_bytes, 64);
92 
93  aead->set_key(aead_key(mce_key, *aead));
94  aead->set_associated_data(ad, ad_len);
95 
96  secure_vector<uint8_t> pt(ct + mce_code_bytes + nonce_len, ct + ct_len);
97 
98  aead->start(&ct[mce_code_bytes], nonce_len);
99  aead->finish(pt, 0);
100  return pt;
101  }
102  catch(Integrity_Failure&)
103  {
104  throw;
105  }
106  catch(std::exception& e)
107  {
108  throw Exception("mce_decrypt failed: " + std::string(e.what()));
109  }
110  }
111 
112 }
secure_vector< uint8_t > mceies_decrypt(const McEliece_PrivateKey &privkey, const uint8_t ct[], size_t ct_len, const uint8_t ad[], size_t ad_len, const std::string &algo)
Definition: mceies.cpp:70
secure_vector< uint8_t > random_vec(size_t bytes)
Definition: rng.h:133
uint32_t get_code_length() const
Definition: mceliece.h:50
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:121
secure_vector< uint8_t > decrypt(const uint8_t encap_key[], size_t encap_key_len, size_t desired_shared_key_len, const uint8_t salt[], size_t salt_len)
Definition: pubkey.cpp:166
secure_vector< uint8_t > mceies_encrypt(const McEliece_PublicKey &pubkey, const uint8_t pt[], size_t pt_len, const uint8_t ad[], size_t ad_len, RandomNumberGenerator &rng, const std::string &algo)
Definition: mceies.cpp:33
AEAD_Mode * get_aead(const std::string &algo, Cipher_Dir dir)
Definition: aead.cpp:41
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
Definition: alg_id.cpp:13
void encrypt(secure_vector< uint8_t > &out_encapsulated_key, secure_vector< uint8_t > &out_shared_key, size_t desired_shared_key_len, Botan::RandomNumberGenerator &rng, const uint8_t salt[], size_t salt_len)
Definition: pubkey.cpp:139