diff options
author | lloyd <[email protected]> | 2015-01-08 14:10:44 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2015-01-08 14:10:44 +0000 |
commit | 832f538e603b6660644c26beb063d0ac81549746 (patch) | |
tree | 20a129f3a403e7cb763832bfb23db076e63d2019 /src/lib/pubkey/mceies/mceies.cpp | |
parent | c007494a9e934f2e84eb07d616c671e9fa1325c6 (diff) |
Add MCEIES, an integrated encryption system using McEliece and AES-256/OCB
Diffstat (limited to 'src/lib/pubkey/mceies/mceies.cpp')
-rw-r--r-- | src/lib/pubkey/mceies/mceies.cpp | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/src/lib/pubkey/mceies/mceies.cpp b/src/lib/pubkey/mceies/mceies.cpp new file mode 100644 index 000000000..0ceda2dda --- /dev/null +++ b/src/lib/pubkey/mceies/mceies.cpp @@ -0,0 +1,106 @@ +/* +* McEliece Integrated Encryption System +* (C) 2014,2015 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/mceies.h> +#include <botan/aead.h> +#include <botan/mceliece.h> +#include <botan/mce_kem.h> + +namespace Botan { + +namespace { + +secure_vector<byte> aead_key(const secure_vector<byte>& mk, + const AEAD_Mode& aead) + { + // Fold the key as required for the AEAD mode in use + if(aead.valid_keylength(mk.size())) + return mk; + + secure_vector<byte> r(aead.key_spec().maximum_keylength()); + for(size_t i = 0; i != mk.size(); ++i) + r[i % r.size()] ^= mk[i]; + return r; + } + +} + +secure_vector<byte> +mceies_encrypt(const McEliece_PublicKey& pubkey, + const secure_vector<byte>& pt, + byte ad[], size_t ad_len, + RandomNumberGenerator& rng) + { + McEliece_KEM_Encryptor kem_op(pubkey); + + const std::pair<secure_vector<byte>,secure_vector<byte>> mce_ciphertext__key = kem_op.encrypt(rng); + const secure_vector<byte>& mce_ciphertext = mce_ciphertext__key.first; + const secure_vector<byte>& mce_key = mce_ciphertext__key.second; + + const size_t mce_code_bytes = (pubkey.get_code_length() + 7) / 8; + + BOTAN_ASSERT(mce_ciphertext.size() == mce_code_bytes, "Unexpected size"); + + std::unique_ptr<AEAD_Mode> aead(get_aead("AES-256/OCB", ENCRYPTION)); + if(!aead) + throw std::runtime_error("mce_encrypt unable to create AEAD instance"); + + const size_t nonce_len = aead->default_nonce_length(); + + aead->set_key(aead_key(mce_key, *aead)); + aead->set_associated_data(ad, ad_len); + + const secure_vector<byte> nonce = rng.random_vec(nonce_len); + + secure_vector<byte> msg(mce_ciphertext.size() + nonce.size() + pt.size()); + copy_mem(&msg[0], &mce_ciphertext[0], mce_ciphertext.size()); + copy_mem(&msg[mce_ciphertext.size()], &nonce[0], nonce.size()); + copy_mem(&msg[mce_ciphertext.size() + nonce.size()], &pt[0], pt.size()); + + aead->start(nonce); + aead->finish(msg, mce_ciphertext.size() + nonce.size()); + return msg; + } + +secure_vector<byte> +mceies_decrypt(const McEliece_PrivateKey& privkey, + const secure_vector<byte>& ct, + byte ad[], size_t ad_len) + { + try + { + McEliece_KEM_Decryptor kem_op(privkey); + + const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8; + + std::unique_ptr<AEAD_Mode> aead(get_aead("AES-256/OCB", DECRYPTION)); + if(!aead) + throw std::runtime_error("Unable to create AEAD instance"); + + const size_t nonce_len = aead->default_nonce_length(); + + if(ct.size() < mce_code_bytes + nonce_len + aead->tag_size()) + throw std::runtime_error("Input message too small to be valid"); + + const secure_vector<byte> mce_key = kem_op.decrypt(&ct[0], mce_code_bytes); + + aead->set_key(aead_key(mce_key, *aead)); + aead->set_associated_data(ad, ad_len); + + secure_vector<byte> pt(&ct[mce_code_bytes + nonce_len], &ct[ct.size()]); + + aead->start(&ct[mce_code_bytes], nonce_len); + aead->finish(pt, 0); + return pt; + } + catch(std::exception& e) + { + throw std::runtime_error("mce_decrypt failed: " + std::string(e.what())); + } + } + +} |