Botan  2.7.0
Crypto and TLS for C++11
mceliece.cpp
Go to the documentation of this file.
1 /*
2  * (C) Copyright Projet SECRET, INRIA, Rocquencourt
3  * (C) Bhaskar Biswas and Nicolas Sendrier
4  *
5  * (C) 2014 cryptosource GmbH
6  * (C) 2014 Falko Strenzke fstrenzke@cryptosource.de
7  *
8  * Botan is released under the Simplified BSD License (see license.txt)
9  *
10  */
11 
12 #include <botan/internal/mce_internal.h>
13 #include <botan/mceliece.h>
14 #include <botan/internal/code_based_util.h>
15 #include <botan/internal/bit_ops.h>
16 
17 namespace Botan {
18 
19 namespace {
20 
21 secure_vector<uint8_t> concat_vectors(const secure_vector<uint8_t>& a, const secure_vector<uint8_t>& b,
22  uint32_t dimension, uint32_t codimension)
23  {
24  secure_vector<uint8_t> x(bit_size_to_byte_size(dimension) + bit_size_to_byte_size(codimension));
25 
26  const size_t final_bits = dimension % 8;
27 
28  if(final_bits == 0)
29  {
30  const size_t dim_bytes = bit_size_to_byte_size(dimension);
31  copy_mem(&x[0], a.data(), dim_bytes);
32  copy_mem(&x[dim_bytes], b.data(), bit_size_to_byte_size(codimension));
33  }
34  else
35  {
36  copy_mem(&x[0], a.data(), (dimension / 8));
37  uint32_t l = dimension / 8;
38  x[l] = static_cast<uint8_t>(a[l] & ((1 << final_bits) - 1));
39 
40  for(uint32_t k = 0; k < codimension / 8; ++k)
41  {
42  x[l] ^= static_cast<uint8_t>(b[k] << final_bits);
43  ++l;
44  x[l] = static_cast<uint8_t>(b[k] >> (8 - final_bits));
45  }
46  x[l] ^= static_cast<uint8_t>(b[codimension/8] << final_bits);
47  }
48 
49  return x;
50  }
51 
52 secure_vector<uint8_t> mult_by_pubkey(const secure_vector<uint8_t>& cleartext,
53  std::vector<uint8_t> const& public_matrix,
54  uint32_t code_length, uint32_t t)
55  {
56  const uint32_t ext_deg = ceil_log2(code_length);
57  const uint32_t codimension = ext_deg * t;
58  const uint32_t dimension = code_length - codimension;
59  secure_vector<uint8_t> cR(bit_size_to_32bit_size(codimension) * sizeof(uint32_t));
60 
61  const uint8_t* pt = public_matrix.data();
62 
63  for(size_t i = 0; i < dimension / 8; ++i)
64  {
65  for(size_t j = 0; j < 8; ++j)
66  {
67  if(cleartext[i] & (1 << j))
68  {
69  xor_buf(cR.data(), pt, cR.size());
70  }
71  pt += cR.size();
72  }
73  }
74 
75  for(size_t i = 0; i < dimension % 8 ; ++i)
76  {
77  if(cleartext[dimension/8] & (1 << i))
78  {
79  xor_buf(cR.data(), pt, cR.size());
80  }
81  pt += cR.size();
82  }
83 
84  secure_vector<uint8_t> ciphertext = concat_vectors(cleartext, cR, dimension, codimension);
85  ciphertext.resize((code_length+7)/8);
86  return ciphertext;
87  }
88 
89 secure_vector<uint8_t> create_random_error_vector(unsigned code_length,
90  unsigned error_weight,
91  RandomNumberGenerator& rng)
92  {
93  secure_vector<uint8_t> result((code_length+7)/8);
94 
95  size_t bits_set = 0;
96 
97  while(bits_set < error_weight)
98  {
100 
101  const size_t byte_pos = x / 8, bit_pos = x % 8;
102 
103  const uint8_t mask = (1 << bit_pos);
104 
105  if(result[byte_pos] & mask)
106  continue; // already set this bit
107 
108  result[byte_pos] |= mask;
109  bits_set++;
110  }
111 
112  return result;
113  }
114 
115 }
116 
118  secure_vector<uint8_t>& error_mask_out,
119  const secure_vector<uint8_t>& plaintext,
120  const McEliece_PublicKey& key,
122  {
123  secure_vector<uint8_t> error_mask = create_random_error_vector(key.get_code_length(), key.get_t(), rng);
124 
125  secure_vector<uint8_t> ciphertext = mult_by_pubkey(plaintext, key.get_public_matrix(),
126  key.get_code_length(), key.get_t());
127 
128  ciphertext ^= error_mask;
129 
130  ciphertext_out.swap(ciphertext);
131  error_mask_out.swap(error_mask);
132  }
133 
134 }
void mceliece_encrypt(secure_vector< uint8_t > &ciphertext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &plaintext, const McEliece_PublicKey &key, RandomNumberGenerator &rng)
Definition: mceliece.cpp:117
uint32_t bit_size_to_32bit_size(uint32_t bit_size)
uint32_t bit_size_to_byte_size(uint32_t bit_size)
const std::vector< uint8_t > & get_public_matrix() const
Definition: mceliece.h:52
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174
uint16_t gf2m
Definition: gf2m_small_m.h:20
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:108
Definition: alg_id.cpp:13
gf2m random_code_element(unsigned code_length, RandomNumberGenerator &rng)
Definition: polyn_gf2m.cpp:71
size_t ceil_log2(T x)
Definition: bit_ops.h:142
uint32_t get_code_length() const
Definition: mceliece.h:50
uint32_t code_length
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
uint32_t get_t() const
Definition: mceliece.h:49