Botan
1.11.15
|
#include <mceliece_key.h>
Public Member Functions | |
std::string | algo_name () const |
AlgorithmIdentifier | algorithm_identifier () const |
bool | check_key (RandomNumberGenerator &rng, bool strong) const |
size_t | estimated_strength () const |
u32bit | get_code_length () const |
u32bit | get_codimension () const |
u32bit | get_dimension () const |
polyn_gf2m const & | get_goppa_polyn () const |
std::vector< u32bit > const & | get_H_coeffs () const |
std::vector< gf2m > const & | get_Linv () const |
u32bit | get_message_word_bit_length () const |
virtual OID | get_oid () const |
std::vector< byte > const & | get_public_matrix () const |
std::vector< polyn_gf2m > const & | get_sqrtmod () const |
u32bit | get_t () const |
size_t | max_input_bits () const |
McEliece_PrivateKey (const secure_vector< byte > &key_bits) | |
McEliece_PrivateKey (polyn_gf2m const &goppa_polyn, std::vector< u32bit > const &parity_check_matrix_coeffs, std::vector< polyn_gf2m > const &square_root_matrix, std::vector< gf2m > const &inverse_support, std::vector< byte > const &public_matrix) | |
McEliece_PrivateKey (RandomNumberGenerator &rng, size_t code_length, size_t t) | |
virtual size_t | message_part_size () const |
virtual size_t | message_parts () const |
bool | operator!= (const McEliece_PublicKey &other) const |
bool | operator!= (const McEliece_PrivateKey &other) const |
bool | operator== (const McEliece_PublicKey &other) const |
bool | operator== (const McEliece_PrivateKey &other) const |
virtual AlgorithmIdentifier | pkcs8_algorithm_identifier () const |
secure_vector< byte > | pkcs8_private_key () const |
std::vector< byte > | x509_subject_public_key () const |
Protected Member Functions | |
void | gen_check (RandomNumberGenerator &rng) const |
virtual void | load_check (RandomNumberGenerator &rng) const |
void | load_check (RandomNumberGenerator &rng) const |
Protected Attributes | |
u32bit | m_code_length |
std::vector< byte > | m_public_matrix |
u32bit | m_t |
Definition at line 72 of file mceliece_key.h.
Botan::McEliece_PrivateKey::McEliece_PrivateKey | ( | const secure_vector< byte > & | key_bits | ) |
Definition at line 153 of file mceliece_key.cpp.
References Botan::bit_size_to_32bit_size(), Botan::ceil_log2(), Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::polyn_gf2m::get_degree(), Botan::McEliece_PublicKey::m_code_length, Botan::McEliece_PublicKey::m_public_matrix, Botan::McEliece_PublicKey::m_t, n, Botan::OCTET_STRING, Botan::BER_Decoder::push_back(), Botan::SEQUENCE, and Botan::BER_Decoder::start_cons().
{ size_t n, t; secure_vector<byte> g_enc; BER_Decoder dec_base(key_bits); BER_Decoder dec = dec_base.start_cons(SEQUENCE) .start_cons(SEQUENCE) .decode(n) .decode(t) .end_cons() .decode(m_public_matrix, OCTET_STRING) .decode(g_enc, OCTET_STRING); if(t == 0 || n == 0) throw Decoding_Error("invalid McEliece parameters"); u32bit ext_deg = ceil_log2(n); m_code_length = n; m_t = t; m_codimension = (ext_deg * t); m_dimension = (n - m_codimension); std::shared_ptr<gf2m_small_m::Gf2m_Field> sp_field(new gf2m_small_m::Gf2m_Field(ext_deg)); m_g = polyn_gf2m(g_enc, sp_field); if(m_g.get_degree() != static_cast<int>(t)) { throw Decoding_Error("degree of decoded Goppa polynomial is incorrect"); } BER_Decoder dec2 = dec.start_cons(SEQUENCE); for(u32bit i = 0; i < t/2; i++) { secure_vector<byte> sqrt_enc; dec2.decode(sqrt_enc, OCTET_STRING); while(sqrt_enc.size() < (t*2)) { // ensure that the length is always t sqrt_enc.push_back(0); sqrt_enc.push_back(0); } if(sqrt_enc.size() != t*2) { throw Decoding_Error("length of square root polynomial entry is too large"); } m_sqrtmod.push_back(polyn_gf2m(sqrt_enc, sp_field)); } secure_vector<byte> enc_support; BER_Decoder dec3 = dec2.end_cons() .decode(enc_support, OCTET_STRING); if(enc_support.size() % 2) { throw Decoding_Error("encoded support has odd length"); } if(enc_support.size() / 2 != n) { throw Decoding_Error("encoded support has length different from code length"); } for(u32bit i = 0; i < n*2; i+=2) { gf2m el = (enc_support[i] << 8) | enc_support[i+1]; m_Linv.push_back(el); } secure_vector<byte> enc_H; dec3.decode(enc_H, OCTET_STRING) .end_cons(); if(enc_H.size() % 4) { throw Decoding_Error("encoded parity check matrix has length which is not a multiple of four"); } if(enc_H.size()/4 != bit_size_to_32bit_size(m_codimension) * m_code_length ) { throw Decoding_Error("encoded parity check matrix has wrong length"); } for(u32bit i = 0; i < enc_H.size(); i+=4) { u32bit coeff = (enc_H[i] << 24) | (enc_H[i+1] << 16) | (enc_H[i+2] << 8) | enc_H[i+3]; m_coeffs.push_back(coeff); } }
Botan::McEliece_PrivateKey::McEliece_PrivateKey | ( | polyn_gf2m const & | goppa_polyn, |
std::vector< u32bit > const & | parity_check_matrix_coeffs, | ||
std::vector< polyn_gf2m > const & | square_root_matrix, | ||
std::vector< gf2m > const & | inverse_support, | ||
std::vector< byte > const & | public_matrix | ||
) |
Definition at line 24 of file mceliece_key.cpp.
: McEliece_PublicKey(public_matrix, goppa_polyn.get_degree(), inverse_support.size()), m_g(goppa_polyn), m_sqrtmod(square_root_matrix), m_Linv(inverse_support), m_coeffs(parity_check_matrix_coeffs), m_codimension(ceil_log2(inverse_support.size()) * goppa_polyn.get_degree()), m_dimension(inverse_support.size() - m_codimension) { };
Botan::McEliece_PrivateKey::McEliece_PrivateKey | ( | RandomNumberGenerator & | rng, |
size_t | code_length, | ||
size_t | t | ||
) |
Definition at line 39 of file mceliece_key.cpp.
References Botan::ceil_log2(), and Botan::generate_mceliece_key().
{ u32bit ext_deg = ceil_log2(code_length); *this = generate_mceliece_key(rng, ext_deg, code_length, t); }
std::string Botan::McEliece_PublicKey::algo_name | ( | ) | const [inline, virtual, inherited] |
Get the name of the underlying public key scheme.
Implements Botan::Public_Key.
Definition at line 35 of file mceliece_key.h.
{ return "McEliece"; }
AlgorithmIdentifier Botan::McEliece_PublicKey::algorithm_identifier | ( | ) | const [virtual, inherited] |
Implements Botan::Public_Key.
Definition at line 51 of file mceliece_key.cpp.
References Botan::Public_Key::get_oid().
{ return AlgorithmIdentifier(get_oid(), std::vector<byte>()); }
bool Botan::McEliece_PrivateKey::check_key | ( | RandomNumberGenerator & | rng, |
bool | strong | ||
) | const [virtual] |
Test the key values for consistency.
rng | rng to use |
strong | whether to perform strong and lengthy version of the test |
Reimplemented from Botan::McEliece_PublicKey.
Definition at line 136 of file mceliece_key.cpp.
References Botan::create_random_error_positions(), Botan::McEliece_Private_Operation::decrypt(), Botan::McEliece_Public_Operation::encrypt(), Botan::McEliece_PublicKey::get_code_length(), Botan::mceliece_message_parts::get_concat(), Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::McEliece_PublicKey::get_t(), and Botan::RandomNumberGenerator::randomize().
{ McEliece_Private_Operation priv_op(*this); McEliece_Public_Operation pub_op(*this, get_code_length()); secure_vector<byte> plaintext((this->get_message_word_bit_length()+7)/8); rng.randomize(&plaintext[0], plaintext.size() - 1); const secure_vector<gf2m> err_pos = create_random_error_positions(this->get_code_length(), this->get_t(), rng); mceliece_message_parts parts(err_pos, plaintext, this->get_code_length()); secure_vector<byte> message_and_error_input = parts.get_concat(); secure_vector<byte> ciphertext = pub_op.encrypt(&message_and_error_input[0], message_and_error_input.size(), rng); secure_vector<byte> message_and_error_output = priv_op.decrypt(&ciphertext[0], ciphertext.size()); return (message_and_error_input == message_and_error_output); }
size_t Botan::McEliece_PublicKey::estimated_strength | ( | ) | const [virtual, inherited] |
Return the estimated strength of the underlying key against the best currently known attack. Note that this ignores anything but pure attacks against the key itself and do not take into account padding schemes, usage mistakes, etc which might reduce the strength. However it does suffice to provide an upper bound.
Implements Botan::Public_Key.
Definition at line 77 of file mceliece_key.cpp.
References Botan::ceil_log2(), Botan::McEliece_PublicKey::m_code_length, Botan::McEliece_PublicKey::m_t, and Botan::mceliece_work_factor().
{ const u32bit ext_deg = ceil_log2(m_code_length); const size_t k = m_code_length - ext_deg * m_t; return mceliece_work_factor(m_code_length, k, m_t); }
void Botan::Private_Key::gen_check | ( | RandomNumberGenerator & | rng | ) | const [protected, inherited] |
Self-test after generating a key
rng | a random number generator |
Definition at line 49 of file pk_keys.cpp.
References Botan::Public_Key::algo_name(), and Botan::Public_Key::check_key().
Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DSA_PrivateKey::DSA_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::NR_PrivateKey::NR_PrivateKey(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RW_PrivateKey::RW_PrivateKey().
u32bit Botan::McEliece_PublicKey::get_code_length | ( | ) | const [inline, inherited] |
Definition at line 57 of file mceliece_key.h.
Referenced by check_key(), Botan::McEliece_Private_Operation::decrypt(), Botan::McEliece_KEM_Encryptor::encrypt(), Botan::McEliece_Public_Operation::encrypt(), Botan::mceies_decrypt(), Botan::mceies_encrypt(), Botan::mceliece_decrypt(), pkcs8_private_key(), and Botan::McEliece_PublicKey::x509_subject_public_key().
{ return m_code_length; }
u32bit Botan::McEliece_PrivateKey::get_codimension | ( | ) | const [inline] |
Definition at line 104 of file mceliece_key.h.
Referenced by Botan::mceliece_decrypt().
{ return m_codimension; };
u32bit Botan::McEliece_PrivateKey::get_dimension | ( | ) | const [inline] |
Definition at line 101 of file mceliece_key.h.
Referenced by Botan::mceliece_decrypt().
{ return m_dimension; };
polyn_gf2m const& Botan::McEliece_PrivateKey::get_goppa_polyn | ( | ) | const [inline] |
Definition at line 96 of file mceliece_key.h.
Referenced by Botan::mceliece_decrypt().
{ return m_g; };
std::vector<u32bit> const& Botan::McEliece_PrivateKey::get_H_coeffs | ( | ) | const [inline] |
Definition at line 97 of file mceliece_key.h.
Referenced by Botan::mceliece_decrypt().
{ return m_coeffs; };
std::vector<gf2m> const& Botan::McEliece_PrivateKey::get_Linv | ( | ) | const [inline] |
Definition at line 98 of file mceliece_key.h.
Referenced by Botan::mceliece_decrypt().
{ return m_Linv; };
unsigned Botan::McEliece_PublicKey::get_message_word_bit_length | ( | ) | const [inherited] |
Definition at line 45 of file mceliece_key.cpp.
References Botan::ceil_log2(), Botan::McEliece_PublicKey::m_code_length, and Botan::McEliece_PublicKey::m_t.
Referenced by check_key(), Botan::McEliece_KEM_Encryptor::encrypt(), and Botan::mceliece_decrypt().
{ u32bit codimension = ceil_log2(m_code_length) * m_t; return m_code_length - codimension; }
OID Botan::Public_Key::get_oid | ( | ) | const [virtual, inherited] |
Get the OID of the underlying public key scheme.
Definition at line 17 of file pk_keys.cpp.
References Botan::Public_Key::algo_name(), and Botan::OIDS::lookup().
Referenced by Botan::DL_Scheme_PublicKey::algorithm_identifier(), Botan::Curve25519_PublicKey::algorithm_identifier(), Botan::IF_Scheme_PublicKey::algorithm_identifier(), Botan::GOST_3410_PublicKey::algorithm_identifier(), Botan::EC_PublicKey::algorithm_identifier(), and Botan::McEliece_PublicKey::algorithm_identifier().
{ try { return OIDS::lookup(algo_name()); } catch(Lookup_Error) { throw Lookup_Error("PK algo " + algo_name() + " has no defined OIDs"); } }
std::vector<byte> const& Botan::McEliece_PublicKey::get_public_matrix | ( | ) | const [inline, inherited] |
Definition at line 59 of file mceliece_key.h.
Referenced by Botan::McEliece_Public_Operation::encrypt().
{ return m_public_matrix; }
std::vector<polyn_gf2m> const& Botan::McEliece_PrivateKey::get_sqrtmod | ( | ) | const [inline] |
Definition at line 99 of file mceliece_key.h.
Referenced by Botan::mceliece_decrypt().
{ return m_sqrtmod; };
u32bit Botan::McEliece_PublicKey::get_t | ( | ) | const [inline, inherited] |
Definition at line 56 of file mceliece_key.h.
Referenced by check_key(), Botan::McEliece_KEM_Encryptor::encrypt(), pkcs8_private_key(), and Botan::McEliece_PublicKey::x509_subject_public_key().
{ return m_t; }
void Botan::Public_Key::load_check | ( | RandomNumberGenerator & | rng | ) | const [protected, virtual, inherited] |
Self-test after loading a key
rng | a random number generator |
Reimplemented in Botan::Private_Key.
Definition at line 31 of file pk_keys.cpp.
References Botan::Public_Key::algo_name(), and Botan::Public_Key::check_key().
{ if(!check_key(rng, BOTAN_PUBLIC_KEY_STRONG_CHECKS_ON_LOAD)) throw Invalid_Argument(algo_name() + ": Invalid public key"); }
void Botan::Private_Key::load_check | ( | RandomNumberGenerator & | rng | ) | const [protected, virtual, inherited] |
Self-test after loading a key
rng | a random number generator |
Reimplemented from Botan::Public_Key.
Definition at line 40 of file pk_keys.cpp.
References Botan::Public_Key::algo_name(), and Botan::Public_Key::check_key().
Referenced by Botan::Curve25519_PrivateKey::Curve25519_PrivateKey(), Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DSA_PrivateKey::DSA_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(), and Botan::NR_PrivateKey::NR_PrivateKey().
{ if(!check_key(rng, BOTAN_PRIVATE_KEY_STRONG_CHECKS_ON_LOAD)) throw Invalid_Argument(algo_name() + ": Invalid private key"); }
size_t Botan::McEliece_PrivateKey::max_input_bits | ( | ) | const [inline, virtual] |
Get the maximum number of bits allowed to be fed to this key. This is the bitlength of the order of the base point.
Reimplemented from Botan::McEliece_PublicKey.
Definition at line 81 of file mceliece_key.h.
{
return m_Linv.size();
};
virtual size_t Botan::Public_Key::message_part_size | ( | ) | const [inline, virtual, inherited] |
Find out the message part size supported by this scheme/key.
Reimplemented in Botan::GOST_3410_PublicKey, Botan::ECDSA_PublicKey, Botan::NR_PublicKey, and Botan::DSA_PublicKey.
Definition at line 67 of file pk_keys.h.
{ return 0; }
virtual size_t Botan::Public_Key::message_parts | ( | ) | const [inline, virtual, inherited] |
Find out the number of message parts supported by this scheme.
Reimplemented in Botan::GOST_3410_PublicKey, Botan::ECDSA_PublicKey, Botan::NR_PublicKey, and Botan::DSA_PublicKey.
Definition at line 61 of file pk_keys.h.
Referenced by Botan::EAC_Signed_Object::check_signature(), Botan::X509_Object::check_signature(), and Botan::choose_sig_format().
{ return 1; }
bool Botan::McEliece_PublicKey::operator!= | ( | const McEliece_PublicKey & | other | ) | const [inline, inherited] |
Definition at line 62 of file mceliece_key.h.
{ return !(*this == other); }
bool Botan::McEliece_PrivateKey::operator!= | ( | const McEliece_PrivateKey & | other | ) | const [inline] |
Definition at line 112 of file mceliece_key.h.
{ return !(*this == other); };
bool Botan::McEliece_PublicKey::operator== | ( | const McEliece_PublicKey & | other | ) | const [inherited] |
Definition at line 267 of file mceliece_key.cpp.
References Botan::McEliece_PublicKey::m_code_length, Botan::McEliece_PublicKey::m_public_matrix, and Botan::McEliece_PublicKey::m_t.
{ if(m_public_matrix != other.m_public_matrix) { return false; } if(m_t != other.m_t ) { return false; } if( m_code_length != other.m_code_length) { return false; } return true; }
bool Botan::McEliece_PrivateKey::operator== | ( | const McEliece_PrivateKey & | other | ) | const |
Definition at line 235 of file mceliece_key.cpp.
{ if(*static_cast<const McEliece_PublicKey*>(this) != *static_cast<const McEliece_PublicKey*>(&other)) { return false; } if(m_g != other.m_g) { return false; } if( m_sqrtmod != other.m_sqrtmod) { return false; } if( m_Linv != other.m_Linv) { return false; } if( m_coeffs != other.m_coeffs) { return false; } if(m_codimension != other.m_codimension || m_dimension != other.m_dimension) { return false; } return true; }
virtual AlgorithmIdentifier Botan::Private_Key::pkcs8_algorithm_identifier | ( | ) | const [inline, virtual, inherited] |
Reimplemented in Botan::GOST_3410_PrivateKey.
Definition at line 109 of file pk_keys.h.
Referenced by Botan::PKCS8::BER_encode().
{ return algorithm_identifier(); }
secure_vector< byte > Botan::McEliece_PrivateKey::pkcs8_private_key | ( | ) | const [virtual] |
Implements Botan::Private_Key.
Definition at line 100 of file mceliece_key.cpp.
References Botan::PEM_Code::encode(), Botan::DER_Encoder::encode(), Botan::polyn_gf2m::encode(), Botan::DER_Encoder::end_cons(), Botan::McEliece_PublicKey::get_code_length(), Botan::DER_Encoder::get_contents(), Botan::McEliece_PublicKey::get_t(), Botan::McEliece_PublicKey::m_public_matrix, Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().
{ DER_Encoder enc; enc.start_cons(SEQUENCE) .start_cons(SEQUENCE) .encode(static_cast<size_t>(get_code_length())) .encode(static_cast<size_t>(get_t())) .end_cons() .encode(m_public_matrix, OCTET_STRING) .encode(m_g.encode(), OCTET_STRING); // g as octet string enc.start_cons(SEQUENCE); for(u32bit i = 0; i < m_sqrtmod.size(); i++) { enc.encode(m_sqrtmod[i].encode(), OCTET_STRING); } enc.end_cons(); secure_vector<byte> enc_support; for(u32bit i = 0; i < m_Linv.size(); i++) { enc_support.push_back(m_Linv[i] >> 8); enc_support.push_back(m_Linv[i]); } enc.encode(enc_support, OCTET_STRING); secure_vector<byte> enc_H; for(u32bit i = 0; i < m_coeffs.size(); i++) { enc_H.push_back(m_coeffs[i] >> 24); enc_H.push_back(m_coeffs[i] >> 16); enc_H.push_back(m_coeffs[i] >> 8); enc_H.push_back(m_coeffs[i]); } enc.encode(enc_H, OCTET_STRING); enc.end_cons(); return enc.get_contents(); }
std::vector< byte > Botan::McEliece_PublicKey::x509_subject_public_key | ( | ) | const [virtual, inherited] |
Implements Botan::Public_Key.
Definition at line 56 of file mceliece_key.cpp.
References Botan::PEM_Code::encode(), Botan::McEliece_PublicKey::get_code_length(), Botan::McEliece_PublicKey::get_t(), Botan::McEliece_PublicKey::m_public_matrix, Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::unlock().
{ // encode the public key return unlock(DER_Encoder() .start_cons(SEQUENCE) .start_cons(SEQUENCE) .encode(static_cast<size_t>(get_code_length())) .encode(static_cast<size_t>(get_t())) .end_cons() .encode(m_public_matrix, OCTET_STRING) .end_cons() .get_contents()); }
u32bit Botan::McEliece_PublicKey::m_code_length [protected, inherited] |
Definition at line 69 of file mceliece_key.h.
Referenced by Botan::McEliece_PublicKey::estimated_strength(), Botan::McEliece_PublicKey::get_message_word_bit_length(), McEliece_PrivateKey(), Botan::McEliece_PublicKey::McEliece_PublicKey(), and Botan::McEliece_PublicKey::operator==().
std::vector<byte> Botan::McEliece_PublicKey::m_public_matrix [protected, inherited] |
Definition at line 67 of file mceliece_key.h.
Referenced by McEliece_PrivateKey(), Botan::McEliece_PublicKey::McEliece_PublicKey(), Botan::McEliece_PublicKey::operator==(), pkcs8_private_key(), and Botan::McEliece_PublicKey::x509_subject_public_key().
u32bit Botan::McEliece_PublicKey::m_t [protected, inherited] |
Definition at line 68 of file mceliece_key.h.
Referenced by Botan::McEliece_PublicKey::estimated_strength(), Botan::McEliece_PublicKey::get_message_word_bit_length(), McEliece_PrivateKey(), Botan::McEliece_PublicKey::McEliece_PublicKey(), and Botan::McEliece_PublicKey::operator==().