aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey/mceies/mceies.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2015-01-08 14:10:44 +0000
committerlloyd <[email protected]>2015-01-08 14:10:44 +0000
commit832f538e603b6660644c26beb063d0ac81549746 (patch)
tree20a129f3a403e7cb763832bfb23db076e63d2019 /src/lib/pubkey/mceies/mceies.cpp
parentc007494a9e934f2e84eb07d616c671e9fa1325c6 (diff)
Add MCEIES, an integrated encryption system using McEliece and AES-256/OCB
Diffstat (limited to 'src/lib/pubkey/mceies/mceies.cpp')
-rw-r--r--src/lib/pubkey/mceies/mceies.cpp106
1 files changed, 106 insertions, 0 deletions
diff --git a/src/lib/pubkey/mceies/mceies.cpp b/src/lib/pubkey/mceies/mceies.cpp
new file mode 100644
index 000000000..0ceda2dda
--- /dev/null
+++ b/src/lib/pubkey/mceies/mceies.cpp
@@ -0,0 +1,106 @@
+/*
+* McEliece Integrated Encryption System
+* (C) 2014,2015 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/mceies.h>
+#include <botan/aead.h>
+#include <botan/mceliece.h>
+#include <botan/mce_kem.h>
+
+namespace Botan {
+
+namespace {
+
+secure_vector<byte> aead_key(const secure_vector<byte>& mk,
+ const AEAD_Mode& aead)
+ {
+ // Fold the key as required for the AEAD mode in use
+ if(aead.valid_keylength(mk.size()))
+ return mk;
+
+ secure_vector<byte> r(aead.key_spec().maximum_keylength());
+ for(size_t i = 0; i != mk.size(); ++i)
+ r[i % r.size()] ^= mk[i];
+ return r;
+ }
+
+}
+
+secure_vector<byte>
+mceies_encrypt(const McEliece_PublicKey& pubkey,
+ const secure_vector<byte>& pt,
+ byte ad[], size_t ad_len,
+ RandomNumberGenerator& rng)
+ {
+ McEliece_KEM_Encryptor kem_op(pubkey);
+
+ const std::pair<secure_vector<byte>,secure_vector<byte>> mce_ciphertext__key = kem_op.encrypt(rng);
+ const secure_vector<byte>& mce_ciphertext = mce_ciphertext__key.first;
+ const secure_vector<byte>& mce_key = mce_ciphertext__key.second;
+
+ const size_t mce_code_bytes = (pubkey.get_code_length() + 7) / 8;
+
+ BOTAN_ASSERT(mce_ciphertext.size() == mce_code_bytes, "Unexpected size");
+
+ std::unique_ptr<AEAD_Mode> aead(get_aead("AES-256/OCB", ENCRYPTION));
+ if(!aead)
+ throw std::runtime_error("mce_encrypt unable to create AEAD instance");
+
+ const size_t nonce_len = aead->default_nonce_length();
+
+ aead->set_key(aead_key(mce_key, *aead));
+ aead->set_associated_data(ad, ad_len);
+
+ const secure_vector<byte> nonce = rng.random_vec(nonce_len);
+
+ secure_vector<byte> msg(mce_ciphertext.size() + nonce.size() + pt.size());
+ copy_mem(&msg[0], &mce_ciphertext[0], mce_ciphertext.size());
+ copy_mem(&msg[mce_ciphertext.size()], &nonce[0], nonce.size());
+ copy_mem(&msg[mce_ciphertext.size() + nonce.size()], &pt[0], pt.size());
+
+ aead->start(nonce);
+ aead->finish(msg, mce_ciphertext.size() + nonce.size());
+ return msg;
+ }
+
+secure_vector<byte>
+mceies_decrypt(const McEliece_PrivateKey& privkey,
+ const secure_vector<byte>& ct,
+ byte ad[], size_t ad_len)
+ {
+ try
+ {
+ McEliece_KEM_Decryptor kem_op(privkey);
+
+ const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8;
+
+ std::unique_ptr<AEAD_Mode> aead(get_aead("AES-256/OCB", DECRYPTION));
+ if(!aead)
+ throw std::runtime_error("Unable to create AEAD instance");
+
+ const size_t nonce_len = aead->default_nonce_length();
+
+ if(ct.size() < mce_code_bytes + nonce_len + aead->tag_size())
+ throw std::runtime_error("Input message too small to be valid");
+
+ const secure_vector<byte> mce_key = kem_op.decrypt(&ct[0], mce_code_bytes);
+
+ aead->set_key(aead_key(mce_key, *aead));
+ aead->set_associated_data(ad, ad_len);
+
+ secure_vector<byte> pt(&ct[mce_code_bytes + nonce_len], &ct[ct.size()]);
+
+ aead->start(&ct[mce_code_bytes], nonce_len);
+ aead->finish(pt, 0);
+ return pt;
+ }
+ catch(std::exception& e)
+ {
+ throw std::runtime_error("mce_decrypt failed: " + std::string(e.what()));
+ }
+ }
+
+}