6187089116

Committed 14 Sep 2023 02:42PM UTC coverage: 91.716% (-0.005%) from 91.721%

Build # 6187089116

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #3696 from randombit/raw_ops_span

rsa, raw_op using std::span view for raw_kem_decrypt to avoid

Run Details

79098 of 86242 relevant lines covered (91.72%)

8640988.08 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.36

/src/lib/pubkey/mce/mceliece_key.cpp

/*
 * (C) Copyright Projet SECRET, INRIA, Rocquencourt
 * (C) Bhaskar Biswas and  Nicolas Sendrier
 *
 * (C) 2014 cryptosource GmbH
 * (C) 2014 Falko Strenzke fstrenzke@cryptosource.de
 * (C) 2015 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 *
 */

#include <botan/mceliece.h>

#include <botan/ber_dec.h>
#include <botan/der_enc.h>
#include <botan/rng.h>
#include <botan/internal/bit_ops.h>
#include <botan/internal/code_based_util.h>
#include <botan/internal/loadstor.h>
#include <botan/internal/mce_internal.h>
#include <botan/internal/pk_ops_impl.h>
#include <botan/internal/polyn_gf2m.h>
#include <botan/internal/stl_util.h>

namespace Botan {

McEliece_PrivateKey::McEliece_PrivateKey(const McEliece_PrivateKey&) = default;
McEliece_PrivateKey::McEliece_PrivateKey(McEliece_PrivateKey&&) noexcept = default;
McEliece_PrivateKey& McEliece_PrivateKey::operator=(const McEliece_PrivateKey&) = default;
McEliece_PrivateKey& McEliece_PrivateKey::operator=(McEliece_PrivateKey&&) noexcept = default;
McEliece_PrivateKey::~McEliece_PrivateKey() = default;

McEliece_PrivateKey::McEliece_PrivateKey(const polyn_gf2m& goppa_polyn,
                                         const std::vector<uint32_t>& parity_check_matrix_coeffs,
                                         const std::vector<polyn_gf2m>& square_root_matrix,
                                         const std::vector<gf2m>& inverse_support,
                                         const std::vector<uint8_t>& public_matrix) :
      McEliece_PublicKey(public_matrix, goppa_polyn.get_degree(), inverse_support.size()),
      m_g{goppa_polyn},
      m_sqrtmod(square_root_matrix),
      m_Linv(inverse_support),
      m_coeffs(parity_check_matrix_coeffs),
      m_codimension(static_cast<size_t>(ceil_log2(inverse_support.size())) * goppa_polyn.get_degree()),
      m_dimension(inverse_support.size() - m_codimension) {}

McEliece_PrivateKey::McEliece_PrivateKey(RandomNumberGenerator& rng, size_t code_length, size_t t) {
   uint32_t ext_deg = ceil_log2(code_length);
   *this = generate_mceliece_key(rng, ext_deg, code_length, t);
}

const polyn_gf2m& McEliece_PrivateKey::get_goppa_polyn() const {
   return m_g[0];
}

size_t McEliece_PublicKey::get_message_word_bit_length() const {
   size_t codimension = ceil_log2(m_code_length) * m_t;
   return m_code_length - codimension;
}

secure_vector<uint8_t> McEliece_PublicKey::random_plaintext_element(RandomNumberGenerator& rng) const {
   const size_t bits = get_message_word_bit_length();

   secure_vector<uint8_t> plaintext((bits + 7) / 8);
   rng.randomize(plaintext.data(), plaintext.size());

   // unset unused bits in the last plaintext byte
   if(uint32_t used = bits % 8) {
      const uint8_t mask = (1 << used) - 1;
      plaintext[plaintext.size() - 1] &= mask;
   }

   return plaintext;
}

AlgorithmIdentifier McEliece_PublicKey::algorithm_identifier() const {
   return AlgorithmIdentifier(object_identifier(), AlgorithmIdentifier::USE_EMPTY_PARAM);
}

std::vector<uint8_t> McEliece_PublicKey::public_key_bits() const {
   std::vector<uint8_t> output;
   DER_Encoder(output)
      .start_sequence()
      .start_sequence()
      .encode(static_cast<size_t>(get_code_length()))
      .encode(static_cast<size_t>(get_t()))
      .end_cons()
      .encode(m_public_matrix, ASN1_Type::OctetString)
      .end_cons();
   return output;
}

size_t McEliece_PublicKey::key_length() const {
   return m_code_length;
}

size_t McEliece_PublicKey::estimated_strength() const {
   return mceliece_work_factor(m_code_length, m_t);
}

McEliece_PublicKey::McEliece_PublicKey(std::span<const uint8_t> key_bits) {
   BER_Decoder dec(key_bits);
   size_t n;
   size_t t;
   dec.start_sequence()
      .start_sequence()
      .decode(n)
      .decode(t)
      .end_cons()
      .decode(m_public_matrix, ASN1_Type::OctetString)
      .end_cons();
   m_t = t;
   m_code_length = n;
}

secure_vector<uint8_t> McEliece_PrivateKey::private_key_bits() const {
   DER_Encoder enc;
   enc.start_sequence()
      .start_sequence()
      .encode(static_cast<size_t>(get_code_length()))
      .encode(static_cast<size_t>(get_t()))
      .end_cons()
      .encode(m_public_matrix, ASN1_Type::OctetString)
      .encode(m_g[0].encode(), ASN1_Type::OctetString);  // g as octet string
   enc.start_sequence();
   for(size_t i = 0; i < m_sqrtmod.size(); i++) {
      enc.encode(m_sqrtmod[i].encode(), ASN1_Type::OctetString);
   }
   enc.end_cons();
   secure_vector<uint8_t> enc_support;

   for(uint16_t Linv : m_Linv) {
      enc_support.push_back(get_byte<0>(Linv));
      enc_support.push_back(get_byte<1>(Linv));
   }
   enc.encode(enc_support, ASN1_Type::OctetString);
   secure_vector<uint8_t> enc_H;
   for(uint32_t coef : m_coeffs) {
      enc_H.push_back(get_byte<0>(coef));
      enc_H.push_back(get_byte<1>(coef));
      enc_H.push_back(get_byte<2>(coef));
      enc_H.push_back(get_byte<3>(coef));
   }
   enc.encode(enc_H, ASN1_Type::OctetString);
   enc.end_cons();
   return enc.get_contents();
}

bool McEliece_PrivateKey::check_key(RandomNumberGenerator& rng, bool /*unused*/) const {
   const secure_vector<uint8_t> plaintext = this->random_plaintext_element(rng);

   secure_vector<uint8_t> ciphertext;
   secure_vector<uint8_t> errors;
   mceliece_encrypt(ciphertext, errors, plaintext, *this, rng);

   secure_vector<uint8_t> plaintext_out;
   secure_vector<uint8_t> errors_out;
   mceliece_decrypt(plaintext_out, errors_out, ciphertext, *this);

   if(errors != errors_out || plaintext != plaintext_out) {
      return false;
   }

   return true;
}

McEliece_PrivateKey::McEliece_PrivateKey(std::span<const uint8_t> key_bits) {
   size_t n, t;
   secure_vector<uint8_t> enc_g;
   BER_Decoder dec_base(key_bits);
   BER_Decoder dec = dec_base.start_sequence()
                        .start_sequence()
                        .decode(n)
                        .decode(t)
                        .end_cons()
                        .decode(m_public_matrix, ASN1_Type::OctetString)
                        .decode(enc_g, ASN1_Type::OctetString);

   if(t == 0 || n == 0) {
      throw Decoding_Error("invalid McEliece parameters");
   }

   uint32_t ext_deg = ceil_log2(n);
   m_code_length = n;
   m_t = t;
   m_codimension = (ext_deg * t);
   m_dimension = (n - m_codimension);

   auto sp_field = std::make_shared<GF2m_Field>(ext_deg);
   m_g = {polyn_gf2m(enc_g, sp_field)};
   if(m_g[0].get_degree() != static_cast<int>(t)) {
      throw Decoding_Error("degree of decoded Goppa polynomial is incorrect");
   }
   BER_Decoder dec2 = dec.start_sequence();
   for(uint32_t i = 0; i < t / 2; i++) {
      secure_vector<uint8_t> sqrt_enc;
      dec2.decode(sqrt_enc, ASN1_Type::OctetString);
      while(sqrt_enc.size() < (t * 2)) {
         // ensure that the length is always t
         sqrt_enc.push_back(0);
         sqrt_enc.push_back(0);
      }
      if(sqrt_enc.size() != t * 2) {
         throw Decoding_Error("length of square root polynomial entry is too large");
      }
      m_sqrtmod.push_back(polyn_gf2m(sqrt_enc, sp_field));
   }
   secure_vector<uint8_t> enc_support;
   BER_Decoder dec3 = dec2.end_cons().decode(enc_support, ASN1_Type::OctetString);
   if(enc_support.size() % 2) {
      throw Decoding_Error("encoded support has odd length");
   }
   if(enc_support.size() / 2 != n) {
      throw Decoding_Error("encoded support has length different from code length");
   }
   for(uint32_t i = 0; i < n * 2; i += 2) {
      gf2m el = (enc_support[i] << 8) | enc_support[i + 1];
      m_Linv.push_back(el);
   }
   secure_vector<uint8_t> enc_H;
   dec3.decode(enc_H, ASN1_Type::OctetString).end_cons();
   if(enc_H.size() % 4) {
      throw Decoding_Error("encoded parity check matrix has length which is not a multiple of four");
   }
   if(enc_H.size() / 4 != bit_size_to_32bit_size(m_codimension) * m_code_length) {
      throw Decoding_Error("encoded parity check matrix has wrong length");
   }

   for(uint32_t i = 0; i < enc_H.size(); i += 4) {
      uint32_t coeff = (enc_H[i] << 24) | (enc_H[i + 1] << 16) | (enc_H[i + 2] << 8) | enc_H[i + 3];
      m_coeffs.push_back(coeff);
   }
}

bool McEliece_PrivateKey::operator==(const McEliece_PrivateKey& other) const {
   if(*static_cast<const McEliece_PublicKey*>(this) != *static_cast<const McEliece_PublicKey*>(&other)) {
      return false;
   }
   if(m_g != other.m_g) {
      return false;
   }

   if(m_sqrtmod != other.m_sqrtmod) {
      return false;
   }
   if(m_Linv != other.m_Linv) {
      return false;
   }
   if(m_coeffs != other.m_coeffs) {
      return false;
   }

   if(m_codimension != other.m_codimension || m_dimension != other.m_dimension) {
      return false;
   }

   return true;
}

std::unique_ptr<Public_Key> McEliece_PrivateKey::public_key() const {
   return std::make_unique<McEliece_PublicKey>(get_public_matrix(), get_t(), get_code_length());
}

bool McEliece_PublicKey::operator==(const McEliece_PublicKey& other) const {
   if(m_public_matrix != other.m_public_matrix) {
      return false;
   }
   if(m_t != other.m_t) {
      return false;
   }
   if(m_code_length != other.m_code_length) {
      return false;
   }
   return true;
}

namespace {

class MCE_KEM_Encryptor final : public PK_Ops::KEM_Encryption_with_KDF {
   public:
      MCE_KEM_Encryptor(const McEliece_PublicKey& key, std::string_view kdf) :
            KEM_Encryption_with_KDF(kdf), m_key(key) {}

   private:
      size_t raw_kem_shared_key_length() const override {
         const size_t err_sz = (m_key.get_code_length() + 7) / 8;
         const size_t ptext_sz = (m_key.get_message_word_bit_length() + 7) / 8;
         return ptext_sz + err_sz;
      }

      size_t encapsulated_key_length() const override { return (m_key.get_code_length() + 7) / 8; }

      void raw_kem_encrypt(std::span<uint8_t> out_encapsulated_key,
                           std::span<uint8_t> raw_shared_key,
                           RandomNumberGenerator& rng) override {
         secure_vector<uint8_t> plaintext = m_key.random_plaintext_element(rng);

         secure_vector<uint8_t> ciphertext, error_mask;
         mceliece_encrypt(ciphertext, error_mask, plaintext, m_key, rng);

         // TODO: Perhaps avoid the copies below
         BOTAN_ASSERT_NOMSG(out_encapsulated_key.size() == ciphertext.size());
         std::copy(ciphertext.begin(), ciphertext.end(), out_encapsulated_key.begin());

         BOTAN_ASSERT_NOMSG(raw_shared_key.size() == plaintext.size() + error_mask.size());
         BufferStuffer bs(raw_shared_key);
         bs.append(plaintext);
         bs.append(error_mask);
      }

      const McEliece_PublicKey& m_key;
};

class MCE_KEM_Decryptor final : public PK_Ops::KEM_Decryption_with_KDF {
   public:
      MCE_KEM_Decryptor(const McEliece_PrivateKey& key, std::string_view kdf) :
            KEM_Decryption_with_KDF(kdf), m_key(key) {}

   private:
      size_t raw_kem_shared_key_length() const override {
         const size_t err_sz = (m_key.get_code_length() + 7) / 8;
         const size_t ptext_sz = (m_key.get_message_word_bit_length() + 7) / 8;
         return ptext_sz + err_sz;
      }

      size_t encapsulated_key_length() const override { return (m_key.get_code_length() + 7) / 8; }

      void raw_kem_decrypt(std::span<uint8_t> out_shared_key, std::span<const uint8_t> encapsulated_key) override {
         secure_vector<uint8_t> plaintext, error_mask;
         mceliece_decrypt(plaintext, error_mask, encapsulated_key.data(), encapsulated_key.size(), m_key);

         // TODO: perhaps avoid the copies below
         BOTAN_ASSERT_NOMSG(out_shared_key.size() == plaintext.size() + error_mask.size());
         BufferStuffer bs(out_shared_key);
         bs.append(plaintext);
         bs.append(error_mask);
      }

      const McEliece_PrivateKey& m_key;
};

}  // namespace

std::unique_ptr<PK_Ops::KEM_Encryption> McEliece_PublicKey::create_kem_encryption_op(std::string_view params,
                                                                                     std::string_view provider) const {
   if(provider == "base" || provider.empty()) {
      return std::make_unique<MCE_KEM_Encryptor>(*this, params);
   }
   throw Provider_Not_Found(algo_name(), provider);
}

std::unique_ptr<PK_Ops::KEM_Decryption> McEliece_PrivateKey::create_kem_decryption_op(RandomNumberGenerator& /*rng*/,
                                                                                      std::string_view params,
                                                                                      std::string_view provider) const {
   if(provider == "base" || provider.empty()) {
      return std::make_unique<MCE_KEM_Decryptor>(*this, params);
   }
   throw Provider_Not_Found(algo_name(), provider);
}

}  // namespace Botan

1	/*
2	* (C) Copyright Projet SECRET, INRIA, Rocquencourt
3	* (C) Bhaskar Biswas and Nicolas Sendrier
4	*
5	* (C) 2014 cryptosource GmbH
6	* (C) 2014 Falko Strenzke fstrenzke@cryptosource.de
7	* (C) 2015 Jack Lloyd
8	*
9	* Botan is released under the Simplified BSD License (see license.txt)
10	*
11	*/
12
13	#include <botan/mceliece.h>
14
15	#include <botan/ber_dec.h>
16	#include <botan/der_enc.h>
17	#include <botan/rng.h>
18	#include <botan/internal/bit_ops.h>
19	#include <botan/internal/code_based_util.h>
20	#include <botan/internal/loadstor.h>
21	#include <botan/internal/mce_internal.h>
22	#include <botan/internal/pk_ops_impl.h>
23	#include <botan/internal/polyn_gf2m.h>
24	#include <botan/internal/stl_util.h>
25
26	namespace Botan {
27
28	McEliece_PrivateKey::McEliece_PrivateKey(const McEliece_PrivateKey&) = default;	×
29	McEliece_PrivateKey::McEliece_PrivateKey(McEliece_PrivateKey&&) noexcept = default;	×
30	McEliece_PrivateKey& McEliece_PrivateKey::operator=(const McEliece_PrivateKey&) = default;	×
31	McEliece_PrivateKey& McEliece_PrivateKey::operator=(McEliece_PrivateKey&&) noexcept = default;	294✔
32	McEliece_PrivateKey::~McEliece_PrivateKey() = default;	670✔
33
34	McEliece_PrivateKey::McEliece_PrivateKey(const polyn_gf2m& goppa_polyn,	98✔
35	const std::vector<uint32_t>& parity_check_matrix_coeffs,
36	const std::vector<polyn_gf2m>& square_root_matrix,
37	const std::vector<gf2m>& inverse_support,
38	const std::vector<uint8_t>& public_matrix) :	98✔
39	McEliece_PublicKey(public_matrix, goppa_polyn.get_degree(), inverse_support.size()),	98✔
40	m_g{goppa_polyn},	196✔
41	m_sqrtmod(square_root_matrix),	98✔
42	m_Linv(inverse_support),	98✔
43	m_coeffs(parity_check_matrix_coeffs),	98✔
44	m_codimension(static_cast<size_t>(ceil_log2(inverse_support.size())) * goppa_polyn.get_degree()),	196✔
45	m_dimension(inverse_support.size() - m_codimension) {}	196✔
46
47	McEliece_PrivateKey::McEliece_PrivateKey(RandomNumberGenerator& rng, size_t code_length, size_t t) {	98✔
48	uint32_t ext_deg = ceil_log2(code_length);	98✔
49	*this = generate_mceliece_key(rng, ext_deg, code_length, t);	98✔
50	}	98✔
51
52	const polyn_gf2m& McEliece_PrivateKey::get_goppa_polyn() const {	10,584✔
53	return m_g[0];	10,584✔
54	}
55
56	size_t McEliece_PublicKey::get_message_word_bit_length() const {	10,414✔
57	size_t codimension = ceil_log2(m_code_length) * m_t;	10,414✔
58	return m_code_length - codimension;	10,414✔
59	}
60
61	secure_vector<uint8_t> McEliece_PublicKey::random_plaintext_element(RandomNumberGenerator& rng) const {	2,646✔
62	const size_t bits = get_message_word_bit_length();	2,646✔
63
64	secure_vector<uint8_t> plaintext((bits + 7) / 8);	2,646✔
65	rng.randomize(plaintext.data(), plaintext.size());	2,646✔
66
67	// unset unused bits in the last plaintext byte
68	if(uint32_t used = bits % 8) {	2,646✔
69	const uint8_t mask = (1 << used) - 1;	1,933✔
70	plaintext[plaintext.size() - 1] &= mask;	1,933✔
71	}
72
73	return plaintext;	2,646✔
74	}	×
75
76	AlgorithmIdentifier McEliece_PublicKey::algorithm_identifier() const {	13✔
77	return AlgorithmIdentifier(object_identifier(), AlgorithmIdentifier::USE_EMPTY_PARAM);	13✔
78	}
79
80	std::vector<uint8_t> McEliece_PublicKey::public_key_bits() const {	267✔
81	std::vector<uint8_t> output;	267✔
82	DER_Encoder(output)	534✔
83	.start_sequence()	267✔
84	.start_sequence()	267✔
85	.encode(static_cast<size_t>(get_code_length()))	267✔
86	.encode(static_cast<size_t>(get_t()))	267✔
87	.end_cons()	267✔
88	.encode(m_public_matrix, ASN1_Type::OctetString)	267✔
89	.end_cons();	267✔
90	return output;	267✔
91	}	×
92
93	size_t McEliece_PublicKey::key_length() const {	×
94	return m_code_length;	×
95	}
96
97	size_t McEliece_PublicKey::estimated_strength() const {	2✔
98	return mceliece_work_factor(m_code_length, m_t);	2✔
99	}
100
101	McEliece_PublicKey::McEliece_PublicKey(std::span<const uint8_t> key_bits) {	86✔
102	BER_Decoder dec(key_bits);	86✔
103	size_t n;	86✔
104	size_t t;	86✔
105	dec.start_sequence()	86✔
106	.start_sequence()	172✔
107	.decode(n)	86✔
108	.decode(t)	86✔
109	.end_cons()	86✔
110	.decode(m_public_matrix, ASN1_Type::OctetString)	86✔
111	.end_cons();	86✔
112	m_t = t;	86✔
113	m_code_length = n;	86✔
114	}	86✔
115
116	secure_vector<uint8_t> McEliece_PrivateKey::private_key_bits() const {	270✔
117	DER_Encoder enc;	270✔
118	enc.start_sequence()	270✔
119	.start_sequence()	270✔
120	.encode(static_cast<size_t>(get_code_length()))	270✔
121	.encode(static_cast<size_t>(get_t()))	270✔
122	.end_cons()	270✔
123	.encode(m_public_matrix, ASN1_Type::OctetString)	270✔
124	.encode(m_g[0].encode(), ASN1_Type::OctetString); // g as octet string	540✔
125	enc.start_sequence();	270✔
126	for(size_t i = 0; i < m_sqrtmod.size(); i++) {	4,544✔
127	enc.encode(m_sqrtmod[i].encode(), ASN1_Type::OctetString);	12,822✔
128	}
129	enc.end_cons();	270✔
130	secure_vector<uint8_t> enc_support;	270✔
131
132	for(uint16_t Linv : m_Linv) {	387,758✔
133	enc_support.push_back(get_byte<0>(Linv));	387,488✔
134	enc_support.push_back(get_byte<1>(Linv));	387,488✔
135	}
136	enc.encode(enc_support, ASN1_Type::OctetString);	270✔
137	secure_vector<uint8_t> enc_H;	270✔
138	for(uint32_t coef : m_coeffs) {	8,999,790✔
139	enc_H.push_back(get_byte<0>(coef));	8,999,520✔
140	enc_H.push_back(get_byte<1>(coef));	8,999,520✔
141	enc_H.push_back(get_byte<2>(coef));	8,999,520✔
142	enc_H.push_back(get_byte<3>(coef));	8,999,520✔
143	}
144	enc.encode(enc_H, ASN1_Type::OctetString);	270✔
145	enc.end_cons();	270✔
146	return enc.get_contents();	540✔
147	}	540✔
148
149	bool McEliece_PrivateKey::check_key(RandomNumberGenerator& rng, bool /unused/) const {	85✔
150	const secure_vector<uint8_t> plaintext = this->random_plaintext_element(rng);	85✔
151
152	secure_vector<uint8_t> ciphertext;	85✔
153	secure_vector<uint8_t> errors;	85✔
154	mceliece_encrypt(ciphertext, errors, plaintext, *this, rng);	85✔
155
156	secure_vector<uint8_t> plaintext_out;	85✔
157	secure_vector<uint8_t> errors_out;	85✔
158	mceliece_decrypt(plaintext_out, errors_out, ciphertext, *this);	85✔
159
160	if(errors != errors_out \|\| plaintext != plaintext_out) {	85✔
161	return false;	×
162	}
163
164	return true;
165	}	425✔
166
167	McEliece_PrivateKey::McEliece_PrivateKey(std::span<const uint8_t> key_bits) {	89✔
168	size_t n, t;	89✔
169	secure_vector<uint8_t> enc_g;	89✔
170	BER_Decoder dec_base(key_bits);	89✔
171	BER_Decoder dec = dec_base.start_sequence()	89✔
172	.start_sequence()	178✔
173	.decode(n)	89✔
174	.decode(t)	89✔
175	.end_cons()	89✔
176	.decode(m_public_matrix, ASN1_Type::OctetString)	89✔
177	.decode(enc_g, ASN1_Type::OctetString);	89✔
178
179	if(t == 0 \|\| n == 0) {	89✔
180	throw Decoding_Error("invalid McEliece parameters");	×
181	}
182
183	uint32_t ext_deg = ceil_log2(n);	89✔
184	m_code_length = n;	89✔
185	m_t = t;	89✔
186	m_codimension = (ext_deg * t);	89✔
187	m_dimension = (n - m_codimension);	89✔
188
189	auto sp_field = std::make_shared<GF2m_Field>(ext_deg);	89✔
190	m_g = {polyn_gf2m(enc_g, sp_field)};	267✔
191	if(m_g[0].get_degree() != static_cast<int>(t)) {	89✔
192	throw Decoding_Error("degree of decoded Goppa polynomial is incorrect");	×
193	}
194	BER_Decoder dec2 = dec.start_sequence();	89✔
195	for(uint32_t i = 0; i < t / 2; i++) {	1,471✔
196	secure_vector<uint8_t> sqrt_enc;	1,382✔
197	dec2.decode(sqrt_enc, ASN1_Type::OctetString);	1,382✔
198	while(sqrt_enc.size() < (t * 2)) {	1,382✔
199	// ensure that the length is always t
200	sqrt_enc.push_back(0);	×
201	sqrt_enc.push_back(0);	×
202	}
203	if(sqrt_enc.size() != t * 2) {	1,382✔
204	throw Decoding_Error("length of square root polynomial entry is too large");	×
205	}
206	m_sqrtmod.push_back(polyn_gf2m(sqrt_enc, sp_field));	2,764✔
207	}	1,382✔
208	secure_vector<uint8_t> enc_support;	89✔
209	BER_Decoder dec3 = dec2.end_cons().decode(enc_support, ASN1_Type::OctetString);	89✔
210	if(enc_support.size() % 2) {	89✔
211	throw Decoding_Error("encoded support has odd length");	×
212	}
213	if(enc_support.size() / 2 != n) {	89✔
214	throw Decoding_Error("encoded support has length different from code length");	×
215	}
216	for(uint32_t i = 0; i < n * 2; i += 2) {	124,057✔
217	gf2m el = (enc_support[i] << 8) \| enc_support[i + 1];	123,968✔
218	m_Linv.push_back(el);	123,968✔
219	}
220	secure_vector<uint8_t> enc_H;	89✔
221	dec3.decode(enc_H, ASN1_Type::OctetString).end_cons();	89✔
222	if(enc_H.size() % 4) {	89✔
223	throw Decoding_Error("encoded parity check matrix has length which is not a multiple of four");	×
224	}
225	if(enc_H.size() / 4 != bit_size_to_32bit_size(m_codimension) * m_code_length) {	89✔
226	throw Decoding_Error("encoded parity check matrix has wrong length");	×
227	}
228
229	for(uint32_t i = 0; i < enc_H.size(); i += 4) {	2,801,081✔
230	uint32_t coeff = (enc_H[i] << 24) \| (enc_H[i + 1] << 16) \| (enc_H[i + 2] << 8) \| enc_H[i + 3];	2,800,992✔
231	m_coeffs.push_back(coeff);	2,800,992✔
232	}
233	}	356✔
234
235	bool McEliece_PrivateKey::operator==(const McEliece_PrivateKey& other) const {	×
236	if(static_cast<const McEliece_PublicKey>(this) != static_cast<const McEliece_PublicKey>(&other)) {	×
237	return false;
238	}
239	if(m_g != other.m_g) {	×
240	return false;
241	}
242
243	if(m_sqrtmod != other.m_sqrtmod) {	×
244	return false;
245	}
246	if(m_Linv != other.m_Linv) {	×
247	return false;
248	}
249	if(m_coeffs != other.m_coeffs) {	×
250	return false;
251	}
252
253	if(m_codimension != other.m_codimension \|\| m_dimension != other.m_dimension) {	×
254	return false;	×
255	}
256
257	return true;
258	}
259
260	std::unique_ptr<Public_Key> McEliece_PrivateKey::public_key() const {	2✔
261	return std::make_unique<McEliece_PublicKey>(get_public_matrix(), get_t(), get_code_length());	2✔
262	}
263
264	bool McEliece_PublicKey::operator==(const McEliece_PublicKey& other) const {	×
265	if(m_public_matrix != other.m_public_matrix) {	×
266	return false;
267	}
268	if(m_t != other.m_t) {	×
269	return false;
270	}
271	if(m_code_length != other.m_code_length) {	×
272	return false;	×
273	}
274	return true;
275	}
276
277	namespace {
278
279	class MCE_KEM_Encryptor final : public PK_Ops::KEM_Encryption_with_KDF {
280	public:
281	MCE_KEM_Encryptor(const McEliece_PublicKey& key, std::string_view kdf) :	96✔
282	KEM_Encryption_with_KDF(kdf), m_key(key) {}	96✔
283
284	private:
285	size_t raw_kem_shared_key_length() const override {	2,561✔
286	const size_t err_sz = (m_key.get_code_length() + 7) / 8;	2,561✔
287	const size_t ptext_sz = (m_key.get_message_word_bit_length() + 7) / 8;	2,561✔
288	return ptext_sz + err_sz;	2,561✔
289	}
290
291	size_t encapsulated_key_length() const override { return (m_key.get_code_length() + 7) / 8; }	7,683✔
292
293	void raw_kem_encrypt(std::span<uint8_t> out_encapsulated_key,	2,561✔
294	std::span<uint8_t> raw_shared_key,
295	RandomNumberGenerator& rng) override {
296	secure_vector<uint8_t> plaintext = m_key.random_plaintext_element(rng);	2,561✔
297
298	secure_vector<uint8_t> ciphertext, error_mask;	2,561✔
299	mceliece_encrypt(ciphertext, error_mask, plaintext, m_key, rng);	2,561✔
300
301	// TODO: Perhaps avoid the copies below
302	BOTAN_ASSERT_NOMSG(out_encapsulated_key.size() == ciphertext.size());	2,561✔
303	std::copy(ciphertext.begin(), ciphertext.end(), out_encapsulated_key.begin());	2,561✔
304
305	BOTAN_ASSERT_NOMSG(raw_shared_key.size() == plaintext.size() + error_mask.size());	2,561✔
306	BufferStuffer bs(raw_shared_key);	2,561✔
307	bs.append(plaintext);	2,561✔
308	bs.append(error_mask);	2,561✔
309	}	7,683✔
310
311	const McEliece_PublicKey& m_key;
312	};
313
314	class MCE_KEM_Decryptor final : public PK_Ops::KEM_Decryption_with_KDF {
315	public:
316	MCE_KEM_Decryptor(const McEliece_PrivateKey& key, std::string_view kdf) :	96✔
317	KEM_Decryption_with_KDF(kdf), m_key(key) {}	96✔
318
319	private:
320	size_t raw_kem_shared_key_length() const override {	2,561✔
321	const size_t err_sz = (m_key.get_code_length() + 7) / 8;	2,561✔
322	const size_t ptext_sz = (m_key.get_message_word_bit_length() + 7) / 8;	2,561✔
323	return ptext_sz + err_sz;	2,561✔
324	}
325
326	size_t encapsulated_key_length() const override { return (m_key.get_code_length() + 7) / 8; }	×
327
328	void raw_kem_decrypt(std::span<uint8_t> out_shared_key, std::span<const uint8_t> encapsulated_key) override {	2,561✔
329	secure_vector<uint8_t> plaintext, error_mask;	2,561✔
330	mceliece_decrypt(plaintext, error_mask, encapsulated_key.data(), encapsulated_key.size(), m_key);	2,561✔
331
332	// TODO: perhaps avoid the copies below
333	BOTAN_ASSERT_NOMSG(out_shared_key.size() == plaintext.size() + error_mask.size());	2,561✔
334	BufferStuffer bs(out_shared_key);	2,561✔
335	bs.append(plaintext);	2,561✔
336	bs.append(error_mask);	2,561✔
337	}	5,122✔
338
339	const McEliece_PrivateKey& m_key;
340	};
341
342	} // namespace
343
344	std::unique_ptr<PK_Ops::KEM_Encryption> McEliece_PublicKey::create_kem_encryption_op(std::string_view params,	96✔
345	std::string_view provider) const {
346	if(provider == "base" \|\| provider.empty()) {	96✔
347	return std::make_unique<MCE_KEM_Encryptor>(*this, params);	96✔
348	}
349	throw Provider_Not_Found(algo_name(), provider);	×
350	}
351
352	std::unique_ptr<PK_Ops::KEM_Decryption> McEliece_PrivateKey::create_kem_decryption_op(RandomNumberGenerator& /rng/,	96✔
353	std::string_view params,
354	std::string_view provider) const {
355	if(provider == "base" \|\| provider.empty()) {	96✔
356	return std::make_unique<MCE_KEM_Decryptor>(*this, params);	96✔
357	}
358	throw Provider_Not_Found(algo_name(), provider);	×
359	}
360
361	} // namespace Botan

randombit / botan / 6187089116

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous