diff options
| author | Jack Lloyd <[email protected]> | 2020-09-26 13:18:00 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2020-11-05 10:40:42 -0500 |
| commit | a5444cfce812d432bd31a1eb7c33ec1196cbc7d9 (patch) | |
| tree | d280165d1c3d0879802be54ca3dcbf44f6c4fb41 /src | |
| parent | 9ef63a29159ef10dfbabd46a020065234b339b02 (diff) | |
Remove MCEIES
Diffstat (limited to 'src')
| -rw-r--r-- | src/build-data/policy/bsi.txt | 1 | ||||
| -rw-r--r-- | src/build-data/policy/modern.txt | 1 | ||||
| -rw-r--r-- | src/build-data/policy/nist.txt | 1 | ||||
| -rw-r--r-- | src/lib/ffi/ffi.h | 11 | ||||
| -rw-r--r-- | src/lib/ffi/ffi_pkey_algs.cpp | 37 | ||||
| -rw-r--r-- | src/lib/pubkey/mceies/info.txt | 10 | ||||
| -rw-r--r-- | src/lib/pubkey/mceies/mceies.cpp | 110 | ||||
| -rw-r--r-- | src/lib/pubkey/mceies/mceies.h | 46 | ||||
| -rw-r--r-- | src/lib/utils/types.h | 2 | ||||
| -rwxr-xr-x | src/python/botan2.py | 29 | ||||
| -rw-r--r-- | src/scripts/test_python.py | 8 | ||||
| -rw-r--r-- | src/tests/test_ffi.cpp | 29 | ||||
| -rw-r--r-- | src/tests/test_mceliece.cpp | 54 |
13 files changed, 11 insertions, 328 deletions
diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt index 1c0dd31b3..c91fb1aa9 100644 --- a/src/build-data/policy/bsi.txt +++ b/src/build-data/policy/bsi.txt @@ -140,7 +140,6 @@ ed25519 elgamal gost_3410 mce -mceies rfc6979 newhope sm2 diff --git a/src/build-data/policy/modern.txt b/src/build-data/policy/modern.txt index e43b3bafe..8d4fb5837 100644 --- a/src/build-data/policy/modern.txt +++ b/src/build-data/policy/modern.txt @@ -120,7 +120,6 @@ elgamal gost_3410 emsa_x931 -pbkdf1 prf_x942 passhash9 diff --git a/src/build-data/policy/nist.txt b/src/build-data/policy/nist.txt index a3304c585..0436b28f2 100644 --- a/src/build-data/policy/nist.txt +++ b/src/build-data/policy/nist.txt @@ -138,7 +138,6 @@ eckcdsa elgamal gost_3410 mce -mceies rfc6979 newhope cecpq1 diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index cf8931acf..09a77ca1e 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -1480,11 +1480,9 @@ BOTAN_PUBLIC_API(2,0) int botan_pkcs_hash_id(const char* hash_name, uint8_t pkcs /* -* -* @param mce_key must be a McEliece key -* ct_len should be pt_len + n/8 + a few? +* Always returns BOTAN_FFI_ERROR_NOT_IMPLEMENTED */ -BOTAN_PUBLIC_API(2,0) BOTAN_DEPRECATED("Poorly specified, avoid in new code") +BOTAN_PUBLIC_API(2,0) BOTAN_DEPRECATED("No longer implemented") int botan_mceies_encrypt(botan_pubkey_t mce_key, botan_rng_t rng, const char* aead, @@ -1492,7 +1490,10 @@ int botan_mceies_encrypt(botan_pubkey_t mce_key, const uint8_t ad[], size_t ad_len, uint8_t ct[], size_t* ct_len); -BOTAN_PUBLIC_API(2,0) BOTAN_DEPRECATED("Poorly specified, avoid in new code") +/* +* Always returns BOTAN_FFI_ERROR_NOT_IMPLEMENTED +*/ +BOTAN_PUBLIC_API(2,0) BOTAN_DEPRECATED("No longer implemented") int botan_mceies_decrypt(botan_privkey_t mce_key, const char* aead, const uint8_t ct[], size_t ct_len, diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index 9f5d54310..fe9456d93 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -58,10 +58,6 @@ #include <botan/mceliece.h> #endif -#if defined(BOTAN_HAS_MCEIES) - #include <botan/mceies.h> -#endif - #if defined(BOTAN_HAS_DIFFIE_HELLMAN) #include <botan/dh.h> #endif @@ -937,20 +933,8 @@ int botan_mceies_decrypt(botan_privkey_t mce_key_obj, const uint8_t ad[], size_t ad_len, uint8_t out[], size_t* out_len) { - return ffi_guard_thunk(__func__, [=]() -> int { - Botan::Private_Key& key = safe_get(mce_key_obj); - -#if defined(BOTAN_HAS_MCELIECE) && defined(BOTAN_HAS_MCEIES) - Botan::McEliece_PrivateKey* mce = dynamic_cast<Botan::McEliece_PrivateKey*>(&key); - if(!mce) - return BOTAN_FFI_ERROR_BAD_PARAMETER; - - const Botan::secure_vector<uint8_t> pt = mceies_decrypt(*mce, ct, ct_len, ad, ad_len, aead); - return write_vec_output(out, out_len, pt); -#else - return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; -#endif - }); + BOTAN_UNUSED(mce_key_obj, aead, ct, ct_len, ad, ad_len, out, out_len); + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; } int botan_mceies_encrypt(botan_pubkey_t mce_key_obj, @@ -960,21 +944,8 @@ int botan_mceies_encrypt(botan_pubkey_t mce_key_obj, const uint8_t ad[], size_t ad_len, uint8_t out[], size_t* out_len) { - return ffi_guard_thunk(__func__, [=]() -> int { - Botan::Public_Key& key = safe_get(mce_key_obj); - Botan::RandomNumberGenerator& rng = safe_get(rng_obj); - -#if defined(BOTAN_HAS_MCELIECE) && defined(BOTAN_HAS_MCEIES) - Botan::McEliece_PublicKey* mce = dynamic_cast<Botan::McEliece_PublicKey*>(&key); - if(!mce) - return BOTAN_FFI_ERROR_BAD_PARAMETER; - - Botan::secure_vector<uint8_t> ct = mceies_encrypt(*mce, pt, pt_len, ad, ad_len, rng, aead); - return write_vec_output(out, out_len, ct); -#else - return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; -#endif - }); + BOTAN_UNUSED(mce_key_obj, rng_obj, aead, pt, pt_len, ad, ad_len, out, out_len); + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; } } diff --git a/src/lib/pubkey/mceies/info.txt b/src/lib/pubkey/mceies/info.txt deleted file mode 100644 index cf5e01154..000000000 --- a/src/lib/pubkey/mceies/info.txt +++ /dev/null @@ -1,10 +0,0 @@ -<defines> -MCEIES -> 20150706 -</defines> - -<requires> -aes -mce -ocb -kdf1 -</requires> diff --git a/src/lib/pubkey/mceies/mceies.cpp b/src/lib/pubkey/mceies/mceies.cpp deleted file mode 100644 index 4d62889fe..000000000 --- a/src/lib/pubkey/mceies/mceies.cpp +++ /dev/null @@ -1,110 +0,0 @@ -/* -* McEliece Integrated Encryption System -* (C) 2014,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/mceies.h> -#include <botan/aead.h> -#include <botan/rng.h> -#include <botan/mceliece.h> -#include <botan/pubkey.h> - -namespace Botan { - -namespace { - -secure_vector<uint8_t> aead_key(const secure_vector<uint8_t>& mk, - const AEAD_Mode& aead) - { - // Fold the key as required for the AEAD mode in use - if(aead.valid_keylength(mk.size())) - return mk; - - secure_vector<uint8_t> r(aead.key_spec().maximum_keylength()); - BOTAN_ASSERT_NOMSG(r.size() > 0); - for(size_t i = 0; i != mk.size(); ++i) - r[i % r.size()] ^= mk[i]; - return r; - } - -} - -secure_vector<uint8_t> -mceies_encrypt(const McEliece_PublicKey& pubkey, - const uint8_t pt[], size_t pt_len, - const uint8_t ad[], size_t ad_len, - RandomNumberGenerator& rng, - const std::string& algo) - { - PK_KEM_Encryptor kem_op(pubkey, rng, "KDF1(SHA-512)"); - - secure_vector<uint8_t> mce_ciphertext, mce_key; - kem_op.encrypt(mce_ciphertext, mce_key, 64, rng); - - const size_t mce_code_bytes = (pubkey.get_code_length() + 7) / 8; - - BOTAN_ASSERT(mce_ciphertext.size() == mce_code_bytes, "Unexpected size"); - - std::unique_ptr<AEAD_Mode> aead = AEAD_Mode::create_or_throw(algo, ENCRYPTION); - - const size_t nonce_len = aead->default_nonce_length(); - - aead->set_key(aead_key(mce_key, *aead)); - aead->set_associated_data(ad, ad_len); - - const secure_vector<uint8_t> nonce = rng.random_vec(nonce_len); - - secure_vector<uint8_t> msg(mce_ciphertext.size() + nonce.size() + pt_len); - copy_mem(msg.data(), mce_ciphertext.data(), mce_ciphertext.size()); - copy_mem(msg.data() + mce_ciphertext.size(), nonce.data(), nonce.size()); - copy_mem(msg.data() + mce_ciphertext.size() + nonce.size(), pt, pt_len); - - aead->start(nonce); - aead->finish(msg, mce_ciphertext.size() + nonce.size()); - return msg; - } - -secure_vector<uint8_t> -mceies_decrypt(const McEliece_PrivateKey& privkey, - const uint8_t ct[], size_t ct_len, - const uint8_t ad[], size_t ad_len, - const std::string& algo) - { - try - { - Null_RNG null_rng; - PK_KEM_Decryptor kem_op(privkey, null_rng, "KDF1(SHA-512)"); - - const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8; - - std::unique_ptr<AEAD_Mode> aead = AEAD_Mode::create_or_throw(algo, DECRYPTION); - - const size_t nonce_len = aead->default_nonce_length(); - - if(ct_len < mce_code_bytes + nonce_len + aead->tag_size()) - throw Decoding_Error("Input message too small to be valid"); - - const secure_vector<uint8_t> mce_key = kem_op.decrypt(ct, mce_code_bytes, 64); - - aead->set_key(aead_key(mce_key, *aead)); - aead->set_associated_data(ad, ad_len); - - secure_vector<uint8_t> pt(ct + mce_code_bytes + nonce_len, ct + ct_len); - - aead->start(&ct[mce_code_bytes], nonce_len); - aead->finish(pt, 0); - return pt; - } - catch(Invalid_Authentication_Tag&) - { - throw; - } - catch(std::exception& e) - { - throw Decoding_Error("mce_decrypt failed: " + std::string(e.what())); - } - } - -} diff --git a/src/lib/pubkey/mceies/mceies.h b/src/lib/pubkey/mceies/mceies.h deleted file mode 100644 index c9b3f7efd..000000000 --- a/src/lib/pubkey/mceies/mceies.h +++ /dev/null @@ -1,46 +0,0 @@ -/* -* McEliece Integrated Encryption System -* (C) 2014,2015 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_MCEIES_H_ -#define BOTAN_MCEIES_H_ - -#include <botan/secmem.h> -#include <string> - -namespace Botan { - -class RandomNumberGenerator; -class McEliece_PublicKey; -class McEliece_PrivateKey; - -/** -* McEliece Integrated Encryption System -* Derive a shared key using MCE KEM and encrypt/authenticate the -* plaintext and AD using AES-256 in OCB mode. -*/ -secure_vector<uint8_t> -BOTAN_PUBLIC_API(2,0) mceies_encrypt(const McEliece_PublicKey& pubkey, - const uint8_t pt[], size_t pt_len, - const uint8_t ad[], size_t ad_len, - RandomNumberGenerator& rng, - const std::string& aead = "AES-256/OCB"); - -/** -* McEliece Integrated Encryption System -* Derive a shared key using MCE KEM and decrypt/authenticate the -* ciphertext and AD using AES-256 in OCB mode. -*/ -secure_vector<uint8_t> -BOTAN_PUBLIC_API(2,0) mceies_decrypt(const McEliece_PrivateKey& privkey, - const uint8_t ct[], size_t ct_len, - const uint8_t ad[], size_t ad_len, - const std::string& aead = "AES-256/OCB"); - - -} - -#endif diff --git a/src/lib/utils/types.h b/src/lib/utils/types.h index 0f329c9ae..6335fd9cd 100644 --- a/src/lib/utils/types.h +++ b/src/lib/utils/types.h @@ -54,7 +54,7 @@ namespace Botan { * @ref argon2.h "Argon2", @ref scrypt.h "scrypt", @ref bcrypt.h "bcrypt", @ref passhash9.h "passhash9" * <dt>Public Key Cryptosystems<dd> * @ref dlies.h "DLIES", @ref ecies.h "ECIES", @ref elgamal.h "ElGamal" -* @ref rsa.h "RSA", @ref newhope.h "NewHope", @ref mceliece.h "McEliece" and @ref mceies.h "MCEIES", +* @ref rsa.h "RSA", @ref newhope.h "NewHope", @ref mceliece.h "McEliece" * @ref sm2.h "SM2" * <dt>Public Key Signature Schemes<dd> * @ref dsa.h "DSA", @ref ecdsa.h "ECDSA", @ref ecgdsa.h "ECGDSA", @ref eckcdsa.h "ECKCDSA", diff --git a/src/python/botan2.py b/src/python/botan2.py index 6ae1bd6da..d9f913ec4 100755 --- a/src/python/botan2.py +++ b/src/python/botan2.py @@ -1234,35 +1234,6 @@ class PKKeyAgreement(object): other, len(other), salt, len(salt))) -# -# MCEIES encryption -# Must be used with McEliece keys -# -def mceies_encrypt(mce, rng_obj, aead, pt, ad): - return _call_fn_returning_vec(len(pt) + 1024, lambda b, bl: - _DLL.botan_mceies_encrypt(mce.handle_(), - rng_obj.handle_(), - _ctype_str(aead), - _ctype_bits(pt), - len(pt), - _ctype_bits(ad), - len(ad), - b, bl)) - -def mceies_decrypt(mce, aead, ct, ad): - - #msg = cast(msg, c_char_p) - #ll = c_size_t(ll) - - return _call_fn_returning_vec(len(ct), lambda b, bl: - _DLL.botan_mceies_decrypt(mce.handle_(), - _ctype_str(aead), - _ctype_bits(ct), - len(ct), - _ctype_bits(ad), - len(ad), - b, bl)) - def _load_buf_or_file(filename, buf, file_fn, buf_fn): if filename is None and buf is None: diff --git a/src/scripts/test_python.py b/src/scripts/test_python.py index 2202c0e4b..ea470726b 100644 --- a/src/scripts/test_python.py +++ b/src/scripts/test_python.py @@ -197,14 +197,6 @@ class BotanPythonTests(unittest.TestCase): mce_pub = mce_priv.get_public_key() self.assertEqual(mce_pub.estimated_strength(), 128) - mce_plaintext = rng.get(16) - mce_ad = rng.get(48) - mce_ciphertext = botan2.mceies_encrypt(mce_pub, rng, 'ChaCha20Poly1305', mce_plaintext, mce_ad) - - mce_decrypt = botan2.mceies_decrypt(mce_priv, 'ChaCha20Poly1305', mce_ciphertext, mce_ad) - - self.assertEqual(mce_plaintext, mce_decrypt) - def test_rsa_load_store(self): rsa_priv_pem = """-----BEGIN PRIVATE KEY----- diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index eef8a39d7..60f307cd1 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -2418,35 +2418,6 @@ class FFI_Unit_Tests final : public Test // TODO test KEM -#if defined(BOTAN_HAS_MCEIES) - const uint8_t ad[8] = { 0xAD, 0xAD, 0xAD, 0xAD, 0xBE, 0xEE, 0xEE, 0xFF }; - const size_t ad_len = sizeof(ad); - - const Botan::secure_vector<uint8_t> plaintext = Test::rng().random_vec(Test::rng().next_byte()); - size_t plaintext_len = plaintext.size(); - size_t ciphertext_len = 0; - - // first calculate ciphertext length - TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_mceies_encrypt, (pub, rng, "AES-256/OCB", plaintext.data(), - plaintext.size(), ad, ad_len, nullptr, &ciphertext_len)); - std::vector<uint8_t> ciphertext(ciphertext_len); - - // now encrypt - if(TEST_FFI_OK(botan_mceies_encrypt, (pub, rng, "AES-256/OCB", plaintext.data(), plaintext.size(), ad, ad_len, - ciphertext.data(), &ciphertext_len))) - { - std::vector<uint8_t> decrypted(ciphertext.size()); - size_t decrypted_len = plaintext_len; - - TEST_FFI_OK(botan_mceies_decrypt, (priv, "AES-256/OCB", ciphertext.data(), ciphertext.size(), ad, ad_len, - decrypted.data(), &decrypted_len)); - - decrypted.resize(decrypted_len); - - result.test_eq("MCIES plaintext", decrypted, plaintext); - } -#endif - TEST_FFI_OK(botan_pubkey_destroy, (pub)); TEST_FFI_OK(botan_privkey_destroy, (priv)); } diff --git a/src/tests/test_mceliece.cpp b/src/tests/test_mceliece.cpp index d443f47d2..4b1dc050f 100644 --- a/src/tests/test_mceliece.cpp +++ b/src/tests/test_mceliece.cpp @@ -20,10 +20,6 @@ #include <botan/hmac_drbg.h> #endif - #if defined(BOTAN_HAS_MCEIES) - #include <botan/mceies.h> - #endif - #endif namespace Botan_Tests { @@ -195,9 +191,6 @@ class McEliece_Tests final : public Test results.push_back(test_kem(sk, pk)); #endif -#if defined(BOTAN_HAS_MCEIES) - results.push_back(test_mceies(sk, pk)); -#endif } } @@ -230,53 +223,6 @@ class McEliece_Tests final : public Test return result; } -#if defined(BOTAN_HAS_MCEIES) - Test::Result test_mceies(const Botan::McEliece_PrivateKey& sk, - const Botan::McEliece_PublicKey& pk) - { - Test::Result result("McEliece IES"); - result.start_timer(); - - for(size_t i = 0; i <= 10; ++i) - { - uint8_t ad[8]; - Botan::store_be(static_cast<uint64_t>(i), ad); - const size_t ad_len = sizeof(ad); - - const Botan::secure_vector<uint8_t> pt = Test::rng().random_vec(Test::rng().next_byte()); - - const Botan::secure_vector<uint8_t> ct = mceies_encrypt(pk, pt.data(), pt.size(), ad, ad_len, Test::rng()); - const Botan::secure_vector<uint8_t> dec = mceies_decrypt(sk, ct.data(), ct.size(), ad, ad_len); - - result.test_eq("decrypted ok", dec, pt); - - Botan::secure_vector<uint8_t> bad_ct = ct; - for(size_t j = 0; j != 3; ++j) - { - bad_ct = mutate_vec(ct, true); - - try - { - mceies_decrypt(sk, bad_ct.data(), bad_ct.size(), ad, ad_len); - result.test_failure("AEAD decrypted manipulated ciphertext"); - result.test_note("Manipulated text was " + Botan::hex_encode(bad_ct)); - } - catch(Botan::Integrity_Failure&) - { - result.test_note("AEAD rejected manipulated ciphertext"); - } - catch(std::exception& e) - { - result.test_failure("AEAD rejected manipulated ciphertext with unexpected error", e.what()); - } - } - } - - result.end_timer(); - return result; - } -#endif - }; BOTAN_REGISTER_TEST("pubkey", "mceliece", McEliece_Tests); |