Botan 3.0.0
Crypto and TLS for C&
mceliece.cpp
Go to the documentation of this file.
1/*
2 * (C) Copyright Projet SECRET, INRIA, Rocquencourt
3 * (C) Bhaskar Biswas and Nicolas Sendrier
4 *
5 * (C) 2014 cryptosource GmbH
6 * (C) 2014 Falko Strenzke fstrenzke@cryptosource.de
7 *
8 * Botan is released under the Simplified BSD License (see license.txt)
9 *
10 */
11
12#include <botan/internal/mce_internal.h>
13#include <botan/mceliece.h>
14#include <botan/internal/code_based_util.h>
15#include <botan/internal/bit_ops.h>
16
17namespace Botan {
18
19namespace {
20
21secure_vector<uint8_t> concat_vectors(const secure_vector<uint8_t>& a,
22 const secure_vector<uint8_t>& b,
23 size_t dimension,
24 size_t codimension)
25 {
26 secure_vector<uint8_t> x(bit_size_to_byte_size(dimension) + bit_size_to_byte_size(codimension));
27
28 const size_t final_bits = dimension % 8;
29
30 if(final_bits == 0)
31 {
32 const size_t dim_bytes = bit_size_to_byte_size(dimension);
33 copy_mem(&x[0], a.data(), dim_bytes);
34 copy_mem(&x[dim_bytes], b.data(), bit_size_to_byte_size(codimension));
35 }
36 else
37 {
38 copy_mem(&x[0], a.data(), (dimension / 8));
39 size_t l = dimension / 8;
40 x[l] = static_cast<uint8_t>(a[l] & ((1 << final_bits) - 1));
41
42 for(size_t k = 0; k < codimension / 8; ++k)
43 {
44 x[l] ^= static_cast<uint8_t>(b[k] << final_bits);
45 ++l;
46 x[l] = static_cast<uint8_t>(b[k] >> (8 - final_bits));
47 }
48 x[l] ^= static_cast<uint8_t>(b[codimension/8] << final_bits);
49 }
50
51 return x;
52 }
53
54secure_vector<uint8_t> mult_by_pubkey(const secure_vector<uint8_t>& cleartext,
55 std::vector<uint8_t> const& public_matrix,
56 size_t code_length, size_t t)
57 {
58 const size_t ext_deg = ceil_log2(code_length);
59 const size_t codimension = ext_deg * t;
60 const size_t dimension = code_length - codimension;
61 secure_vector<uint8_t> cR(bit_size_to_32bit_size(codimension) * sizeof(uint32_t));
62
63 const uint8_t* pt = public_matrix.data();
64
65 for(size_t i = 0; i < dimension / 8; ++i)
66 {
67 for(size_t j = 0; j < 8; ++j)
68 {
69 if(cleartext[i] & (1 << j))
70 {
71 xor_buf(cR.data(), pt, cR.size());
72 }
73 pt += cR.size();
74 }
75 }
76
77 for(size_t i = 0; i < dimension % 8 ; ++i)
78 {
79 if(cleartext[dimension/8] & (1 << i))
80 {
81 xor_buf(cR.data(), pt, cR.size());
82 }
83 pt += cR.size();
84 }
85
86 secure_vector<uint8_t> ciphertext = concat_vectors(cleartext, cR, dimension, codimension);
87 ciphertext.resize((code_length+7)/8);
88 return ciphertext;
89 }
90
91secure_vector<uint8_t> create_random_error_vector(size_t code_length,
92 size_t error_weight,
93 RandomNumberGenerator& rng)
94 {
95 secure_vector<uint8_t> result((code_length+7)/8);
96
97 size_t bits_set = 0;
98
99 while(bits_set < error_weight)
100 {
101 gf2m x = random_code_element(static_cast<uint16_t>(code_length), rng);
102
103 const size_t byte_pos = x / 8;
104 const size_t bit_pos = x % 8;
105
106 const uint8_t mask = (1 << bit_pos);
107
108 if(result[byte_pos] & mask)
109 continue; // already set this bit
110
111 result[byte_pos] |= mask;
112 bits_set++;
113 }
114
115 return result;
116 }
117
118}
119
121 secure_vector<uint8_t>& error_mask_out,
122 const secure_vector<uint8_t>& plaintext,
123 const McEliece_PublicKey& key,
125 {
126 const uint16_t code_length = static_cast<uint16_t>(key.get_code_length());
127
128 secure_vector<uint8_t> error_mask = create_random_error_vector(code_length, key.get_t(), rng);
129
130 secure_vector<uint8_t> ciphertext = mult_by_pubkey(plaintext, key.get_public_matrix(),
131 key.get_code_length(), key.get_t());
132
133 ciphertext ^= error_mask;
134
135 ciphertext_out.swap(ciphertext);
136 error_mask_out.swap(error_mask);
137 }
138
139}
size_t get_t() const
Definition: mceliece.h:51
const std::vector< uint8_t > & get_public_matrix() const
Definition: mceliece.h:54
size_t get_code_length() const
Definition: mceliece.h:52
Definition: alg_id.cpp:12
void mceliece_encrypt(secure_vector< uint8_t > &ciphertext_out, secure_vector< uint8_t > &error_mask_out, const secure_vector< uint8_t > &plaintext, const McEliece_PublicKey &key, RandomNumberGenerator &rng)
Definition: mceliece.cpp:120
gf2m random_code_element(uint16_t code_length, RandomNumberGenerator &rng)
Definition: polyn_gf2m.cpp:71
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:126
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:255
size_t bit_size_to_32bit_size(size_t bit_size)
size_t bit_size_to_byte_size(size_t bit_size)
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64
constexpr uint8_t ceil_log2(T x)
Definition: bit_ops.h:125
uint16_t gf2m
Definition: gf2m_small_m.h:20