Botan  1.11.15
Public Member Functions | Protected Member Functions | Protected Attributes
Botan::McEliece_PrivateKey Class Reference

#include <mceliece_key.h>

Inheritance diagram for Botan::McEliece_PrivateKey:
Botan::McEliece_PublicKey Botan::Private_Key Botan::Public_Key Botan::Public_Key

List of all members.

Public Member Functions

std::string algo_name () const
AlgorithmIdentifier algorithm_identifier () const
bool check_key (RandomNumberGenerator &rng, bool strong) const
size_t estimated_strength () const
u32bit get_code_length () const
u32bit get_codimension () const
u32bit get_dimension () const
polyn_gf2m const & get_goppa_polyn () const
std::vector< u32bit > const & get_H_coeffs () const
std::vector< gf2m > const & get_Linv () const
u32bit get_message_word_bit_length () const
virtual OID get_oid () const
std::vector< byte > const & get_public_matrix () const
std::vector< polyn_gf2m > const & get_sqrtmod () const
u32bit get_t () const
size_t max_input_bits () const
 McEliece_PrivateKey (const secure_vector< byte > &key_bits)
 McEliece_PrivateKey (polyn_gf2m const &goppa_polyn, std::vector< u32bit > const &parity_check_matrix_coeffs, std::vector< polyn_gf2m > const &square_root_matrix, std::vector< gf2m > const &inverse_support, std::vector< byte > const &public_matrix)
 McEliece_PrivateKey (RandomNumberGenerator &rng, size_t code_length, size_t t)
virtual size_t message_part_size () const
virtual size_t message_parts () const
bool operator!= (const McEliece_PublicKey &other) const
bool operator!= (const McEliece_PrivateKey &other) const
bool operator== (const McEliece_PublicKey &other) const
bool operator== (const McEliece_PrivateKey &other) const
virtual AlgorithmIdentifier pkcs8_algorithm_identifier () const
secure_vector< bytepkcs8_private_key () const
std::vector< bytex509_subject_public_key () const

Protected Member Functions

void gen_check (RandomNumberGenerator &rng) const
virtual void load_check (RandomNumberGenerator &rng) const
void load_check (RandomNumberGenerator &rng) const

Protected Attributes

u32bit m_code_length
std::vector< bytem_public_matrix
u32bit m_t

Detailed Description

Definition at line 72 of file mceliece_key.h.


Constructor & Destructor Documentation

Botan::McEliece_PrivateKey::McEliece_PrivateKey ( const secure_vector< byte > &  key_bits)

Definition at line 153 of file mceliece_key.cpp.

References Botan::bit_size_to_32bit_size(), Botan::ceil_log2(), Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::polyn_gf2m::get_degree(), Botan::McEliece_PublicKey::m_code_length, Botan::McEliece_PublicKey::m_public_matrix, Botan::McEliece_PublicKey::m_t, n, Botan::OCTET_STRING, Botan::BER_Decoder::push_back(), Botan::SEQUENCE, and Botan::BER_Decoder::start_cons().

   {
   size_t n, t;
   secure_vector<byte> g_enc;
   BER_Decoder dec_base(key_bits);
   BER_Decoder dec = dec_base.start_cons(SEQUENCE)
      .start_cons(SEQUENCE)
      .decode(n)
      .decode(t)
      .end_cons()
      .decode(m_public_matrix, OCTET_STRING)
      .decode(g_enc, OCTET_STRING);

   if(t == 0 || n == 0)
      throw Decoding_Error("invalid McEliece parameters");

   u32bit ext_deg = ceil_log2(n);
   m_code_length = n;
   m_t = t;
   m_codimension = (ext_deg * t);
   m_dimension = (n - m_codimension);

   std::shared_ptr<gf2m_small_m::Gf2m_Field> sp_field(new gf2m_small_m::Gf2m_Field(ext_deg));
   m_g = polyn_gf2m(g_enc, sp_field);
   if(m_g.get_degree() != static_cast<int>(t))
      {
      throw Decoding_Error("degree of decoded Goppa polynomial is incorrect");
      }
   BER_Decoder dec2 = dec.start_cons(SEQUENCE);
   for(u32bit i = 0; i < t/2; i++)
      {
      secure_vector<byte> sqrt_enc;
      dec2.decode(sqrt_enc, OCTET_STRING);
      while(sqrt_enc.size() < (t*2))
         {
         // ensure that the length is always t
         sqrt_enc.push_back(0);
         sqrt_enc.push_back(0);
         }
      if(sqrt_enc.size() != t*2)
         {
         throw Decoding_Error("length of square root polynomial entry is too large");
         }
      m_sqrtmod.push_back(polyn_gf2m(sqrt_enc, sp_field));
      }
   secure_vector<byte> enc_support;
   BER_Decoder dec3 = dec2.end_cons()
      .decode(enc_support, OCTET_STRING);
   if(enc_support.size() % 2)
      {
      throw Decoding_Error("encoded support has odd length");
      }
   if(enc_support.size() / 2 != n)
      {
      throw Decoding_Error("encoded support has length different from code length");
      }
   for(u32bit i = 0; i < n*2; i+=2)
      {
      gf2m el = (enc_support[i] << 8) |  enc_support[i+1];
      m_Linv.push_back(el);
      }
   secure_vector<byte> enc_H;
   dec3.decode(enc_H, OCTET_STRING)
      .end_cons();
   if(enc_H.size() % 4)
      {
      throw Decoding_Error("encoded parity check matrix has length which is not a multiple of four");
      }
   if(enc_H.size()/4 != bit_size_to_32bit_size(m_codimension) * m_code_length )
      {
      throw Decoding_Error("encoded parity check matrix has wrong length");
      }

   for(u32bit i = 0; i < enc_H.size(); i+=4)
      {
      u32bit coeff = (enc_H[i] << 24) | (enc_H[i+1] << 16) | (enc_H[i+2] << 8) | enc_H[i+3];
      m_coeffs.push_back(coeff);
      }

   }
Botan::McEliece_PrivateKey::McEliece_PrivateKey ( polyn_gf2m const &  goppa_polyn,
std::vector< u32bit > const &  parity_check_matrix_coeffs,
std::vector< polyn_gf2m > const &  square_root_matrix,
std::vector< gf2m > const &  inverse_support,
std::vector< byte > const &  public_matrix 
)

Definition at line 24 of file mceliece_key.cpp.

                                                                               :
   McEliece_PublicKey(public_matrix, goppa_polyn.get_degree(), inverse_support.size()),
   m_g(goppa_polyn),
   m_sqrtmod(square_root_matrix),
   m_Linv(inverse_support),
   m_coeffs(parity_check_matrix_coeffs),
   m_codimension(ceil_log2(inverse_support.size()) * goppa_polyn.get_degree()),
   m_dimension(inverse_support.size() - m_codimension)
   {
   };
Botan::McEliece_PrivateKey::McEliece_PrivateKey ( RandomNumberGenerator rng,
size_t  code_length,
size_t  t 
)

Definition at line 39 of file mceliece_key.cpp.

References Botan::ceil_log2(), and Botan::generate_mceliece_key().

   {
   u32bit ext_deg = ceil_log2(code_length);
   *this = generate_mceliece_key(rng, ext_deg, code_length, t);
   }

Member Function Documentation

std::string Botan::McEliece_PublicKey::algo_name ( ) const [inline, virtual, inherited]

Get the name of the underlying public key scheme.

Returns:
name of the public key scheme

Implements Botan::Public_Key.

Definition at line 35 of file mceliece_key.h.

{ return "McEliece"; }
Returns:
X.509 AlgorithmIdentifier for this key

Implements Botan::Public_Key.

Definition at line 51 of file mceliece_key.cpp.

References Botan::Public_Key::get_oid().

   {
   return AlgorithmIdentifier(get_oid(), std::vector<byte>());
   }
bool Botan::McEliece_PrivateKey::check_key ( RandomNumberGenerator rng,
bool  strong 
) const [virtual]

Test the key values for consistency.

Parameters:
rngrng to use
strongwhether to perform strong and lengthy version of the test
Returns:
true if the test is passed

Reimplemented from Botan::McEliece_PublicKey.

Definition at line 136 of file mceliece_key.cpp.

References Botan::create_random_error_positions(), Botan::McEliece_Private_Operation::decrypt(), Botan::McEliece_Public_Operation::encrypt(), Botan::McEliece_PublicKey::get_code_length(), Botan::mceliece_message_parts::get_concat(), Botan::McEliece_PublicKey::get_message_word_bit_length(), Botan::McEliece_PublicKey::get_t(), and Botan::RandomNumberGenerator::randomize().

   {
   McEliece_Private_Operation priv_op(*this);
   McEliece_Public_Operation pub_op(*this, get_code_length());

   secure_vector<byte> plaintext((this->get_message_word_bit_length()+7)/8);
   rng.randomize(&plaintext[0], plaintext.size() - 1);
   const secure_vector<gf2m> err_pos = create_random_error_positions(this->get_code_length(), this->get_t(), rng);

   mceliece_message_parts parts(err_pos, plaintext, this->get_code_length());
   secure_vector<byte> message_and_error_input = parts.get_concat();
   secure_vector<byte> ciphertext = pub_op.encrypt(&message_and_error_input[0], message_and_error_input.size(), rng);
   secure_vector<byte> message_and_error_output = priv_op.decrypt(&ciphertext[0], ciphertext.size());

   return (message_and_error_input == message_and_error_output);
   }
size_t Botan::McEliece_PublicKey::estimated_strength ( ) const [virtual, inherited]

Return the estimated strength of the underlying key against the best currently known attack. Note that this ignores anything but pure attacks against the key itself and do not take into account padding schemes, usage mistakes, etc which might reduce the strength. However it does suffice to provide an upper bound.

Returns:
estimated strength in bits

Implements Botan::Public_Key.

Definition at line 77 of file mceliece_key.cpp.

References Botan::ceil_log2(), Botan::McEliece_PublicKey::m_code_length, Botan::McEliece_PublicKey::m_t, and Botan::mceliece_work_factor().

   {
   const u32bit ext_deg = ceil_log2(m_code_length);
   const size_t k = m_code_length - ext_deg * m_t;
   return mceliece_work_factor(m_code_length, k, m_t);
   }
void Botan::Private_Key::gen_check ( RandomNumberGenerator rng) const [protected, inherited]

Self-test after generating a key

Parameters:
rnga random number generator

Definition at line 49 of file pk_keys.cpp.

References Botan::Public_Key::algo_name(), and Botan::Public_Key::check_key().

Referenced by Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DSA_PrivateKey::DSA_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::NR_PrivateKey::NR_PrivateKey(), Botan::RSA_PrivateKey::RSA_PrivateKey(), and Botan::RW_PrivateKey::RW_PrivateKey().

   {
   if(!check_key(rng, BOTAN_PRIVATE_KEY_STRONG_CHECKS_ON_GENERATE))
      throw Self_Test_Failure(algo_name() + " private key generation failed");
   }
u32bit Botan::McEliece_PublicKey::get_code_length ( ) const [inline, inherited]

Definition at line 104 of file mceliece_key.h.

Referenced by Botan::mceliece_decrypt().

         { return m_codimension; };

Definition at line 101 of file mceliece_key.h.

Referenced by Botan::mceliece_decrypt().

         { return m_dimension; };

Definition at line 96 of file mceliece_key.h.

Referenced by Botan::mceliece_decrypt().

{ return m_g; };
std::vector<u32bit> const& Botan::McEliece_PrivateKey::get_H_coeffs ( ) const [inline]

Definition at line 97 of file mceliece_key.h.

Referenced by Botan::mceliece_decrypt().

{ return m_coeffs; };
std::vector<gf2m> const& Botan::McEliece_PrivateKey::get_Linv ( ) const [inline]

Definition at line 98 of file mceliece_key.h.

Referenced by Botan::mceliece_decrypt().

{ return m_Linv; };
OID Botan::Public_Key::get_oid ( ) const [virtual, inherited]

Get the OID of the underlying public key scheme.

Returns:
OID of the public key scheme

Definition at line 17 of file pk_keys.cpp.

References Botan::Public_Key::algo_name(), and Botan::OIDS::lookup().

Referenced by Botan::DL_Scheme_PublicKey::algorithm_identifier(), Botan::Curve25519_PublicKey::algorithm_identifier(), Botan::IF_Scheme_PublicKey::algorithm_identifier(), Botan::GOST_3410_PublicKey::algorithm_identifier(), Botan::EC_PublicKey::algorithm_identifier(), and Botan::McEliece_PublicKey::algorithm_identifier().

   {
   try {
      return OIDS::lookup(algo_name());
      }
   catch(Lookup_Error)
      {
      throw Lookup_Error("PK algo " + algo_name() + " has no defined OIDs");
      }
   }
std::vector<byte> const& Botan::McEliece_PublicKey::get_public_matrix ( ) const [inline, inherited]

Definition at line 59 of file mceliece_key.h.

Referenced by Botan::McEliece_Public_Operation::encrypt().

{ return m_public_matrix; }
std::vector<polyn_gf2m> const& Botan::McEliece_PrivateKey::get_sqrtmod ( ) const [inline]

Definition at line 99 of file mceliece_key.h.

Referenced by Botan::mceliece_decrypt().

{ return m_sqrtmod; };
u32bit Botan::McEliece_PublicKey::get_t ( ) const [inline, inherited]
void Botan::Public_Key::load_check ( RandomNumberGenerator rng) const [protected, virtual, inherited]

Self-test after loading a key

Parameters:
rnga random number generator

Reimplemented in Botan::Private_Key.

Definition at line 31 of file pk_keys.cpp.

References Botan::Public_Key::algo_name(), and Botan::Public_Key::check_key().

   {
   if(!check_key(rng, BOTAN_PUBLIC_KEY_STRONG_CHECKS_ON_LOAD))
      throw Invalid_Argument(algo_name() + ": Invalid public key");
   }
void Botan::Private_Key::load_check ( RandomNumberGenerator rng) const [protected, virtual, inherited]

Self-test after loading a key

Parameters:
rnga random number generator

Reimplemented from Botan::Public_Key.

Definition at line 40 of file pk_keys.cpp.

References Botan::Public_Key::algo_name(), and Botan::Public_Key::check_key().

Referenced by Botan::Curve25519_PrivateKey::Curve25519_PrivateKey(), Botan::DH_PrivateKey::DH_PrivateKey(), Botan::DSA_PrivateKey::DSA_PrivateKey(), Botan::ElGamal_PrivateKey::ElGamal_PrivateKey(), Botan::IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(), and Botan::NR_PrivateKey::NR_PrivateKey().

   {
   if(!check_key(rng, BOTAN_PRIVATE_KEY_STRONG_CHECKS_ON_LOAD))
      throw Invalid_Argument(algo_name() + ": Invalid private key");
   }
size_t Botan::McEliece_PrivateKey::max_input_bits ( ) const [inline, virtual]

Get the maximum number of bits allowed to be fed to this key. This is the bitlength of the order of the base point.

Returns:
the maximum number of input bits

Reimplemented from Botan::McEliece_PublicKey.

Definition at line 81 of file mceliece_key.h.

                                    {
      return m_Linv.size();
      };
virtual size_t Botan::Public_Key::message_part_size ( ) const [inline, virtual, inherited]

Find out the message part size supported by this scheme/key.

Returns:
size of the message parts in bits

Reimplemented in Botan::GOST_3410_PublicKey, Botan::ECDSA_PublicKey, Botan::NR_PublicKey, and Botan::DSA_PublicKey.

Definition at line 67 of file pk_keys.h.

{ return 0; }
virtual size_t Botan::Public_Key::message_parts ( ) const [inline, virtual, inherited]

Find out the number of message parts supported by this scheme.

Returns:
number of message parts

Reimplemented in Botan::GOST_3410_PublicKey, Botan::ECDSA_PublicKey, Botan::NR_PublicKey, and Botan::DSA_PublicKey.

Definition at line 61 of file pk_keys.h.

Referenced by Botan::EAC_Signed_Object::check_signature(), Botan::X509_Object::check_signature(), and Botan::choose_sig_format().

{ return 1; }
bool Botan::McEliece_PublicKey::operator!= ( const McEliece_PublicKey other) const [inline, inherited]

Definition at line 62 of file mceliece_key.h.

{ return !(*this == other); }
bool Botan::McEliece_PrivateKey::operator!= ( const McEliece_PrivateKey other) const [inline]

Definition at line 112 of file mceliece_key.h.

{ return !(*this == other); };
bool Botan::McEliece_PublicKey::operator== ( const McEliece_PublicKey other) const [inherited]

Definition at line 267 of file mceliece_key.cpp.

References Botan::McEliece_PublicKey::m_code_length, Botan::McEliece_PublicKey::m_public_matrix, and Botan::McEliece_PublicKey::m_t.

   {
   if(m_public_matrix != other.m_public_matrix)
      {
      return false;
      }
   if(m_t != other.m_t )
      {
      return false;
      }
   if( m_code_length != other.m_code_length)
      {
      return false;
      }
   return true;
   }
bool Botan::McEliece_PrivateKey::operator== ( const McEliece_PrivateKey other) const

Definition at line 235 of file mceliece_key.cpp.

   {
   if(*static_cast<const McEliece_PublicKey*>(this) != *static_cast<const McEliece_PublicKey*>(&other))
      {
      return false;
      }
   if(m_g != other.m_g)
      {
      return false;
      }

   if( m_sqrtmod != other.m_sqrtmod)
      {
      return false;
      }
   if( m_Linv != other.m_Linv)
      {
      return false;
      }
   if( m_coeffs != other.m_coeffs)
      {
      return false;
      }

   if(m_codimension != other.m_codimension || m_dimension != other.m_dimension)
      {
      return false;
      }

   return true;
   }
virtual AlgorithmIdentifier Botan::Private_Key::pkcs8_algorithm_identifier ( ) const [inline, virtual, inherited]
Returns:
PKCS #8 AlgorithmIdentifier for this key Might be different from the X.509 identifier, but normally is not

Reimplemented in Botan::GOST_3410_PrivateKey.

Definition at line 109 of file pk_keys.h.

Referenced by Botan::PKCS8::BER_encode().

         { return algorithm_identifier(); }
secure_vector< byte > Botan::McEliece_PrivateKey::pkcs8_private_key ( ) const [virtual]
Returns:
PKCS #8 private key encoding for this key object

Implements Botan::Private_Key.

Definition at line 100 of file mceliece_key.cpp.

References Botan::PEM_Code::encode(), Botan::DER_Encoder::encode(), Botan::polyn_gf2m::encode(), Botan::DER_Encoder::end_cons(), Botan::McEliece_PublicKey::get_code_length(), Botan::DER_Encoder::get_contents(), Botan::McEliece_PublicKey::get_t(), Botan::McEliece_PublicKey::m_public_matrix, Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().

   {
   DER_Encoder enc;
   enc.start_cons(SEQUENCE)
      .start_cons(SEQUENCE)
      .encode(static_cast<size_t>(get_code_length()))
      .encode(static_cast<size_t>(get_t()))
      .end_cons()
      .encode(m_public_matrix, OCTET_STRING)
      .encode(m_g.encode(), OCTET_STRING); // g as octet string
   enc.start_cons(SEQUENCE);
   for(u32bit i = 0; i < m_sqrtmod.size(); i++)
      {
      enc.encode(m_sqrtmod[i].encode(), OCTET_STRING);
      }
   enc.end_cons();
   secure_vector<byte> enc_support;
   for(u32bit i = 0; i < m_Linv.size(); i++)
      {
      enc_support.push_back(m_Linv[i] >> 8);
      enc_support.push_back(m_Linv[i]);
      }
   enc.encode(enc_support, OCTET_STRING);
   secure_vector<byte> enc_H;
   for(u32bit i = 0; i < m_coeffs.size(); i++)
      {
      enc_H.push_back(m_coeffs[i] >> 24);
      enc_H.push_back(m_coeffs[i] >> 16);
      enc_H.push_back(m_coeffs[i] >> 8);
      enc_H.push_back(m_coeffs[i]);
      }
   enc.encode(enc_H, OCTET_STRING);
   enc.end_cons();
   return enc.get_contents();
   }
std::vector< byte > Botan::McEliece_PublicKey::x509_subject_public_key ( ) const [virtual, inherited]
Returns:
X.509 subject key encoding for this key object

Implements Botan::Public_Key.

Definition at line 56 of file mceliece_key.cpp.

References Botan::PEM_Code::encode(), Botan::McEliece_PublicKey::get_code_length(), Botan::McEliece_PublicKey::get_t(), Botan::McEliece_PublicKey::m_public_matrix, Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::unlock().

   {
   // encode the public key
   return unlock(DER_Encoder()
                 .start_cons(SEQUENCE)
                 .start_cons(SEQUENCE)
                 .encode(static_cast<size_t>(get_code_length()))
                 .encode(static_cast<size_t>(get_t()))
                 .end_cons()
                 .encode(m_public_matrix, OCTET_STRING)
                 .end_cons()
                 .get_contents());
   }

Member Data Documentation

std::vector<byte> Botan::McEliece_PublicKey::m_public_matrix [protected, inherited]
u32bit Botan::McEliece_PublicKey::m_t [protected, inherited]

The documentation for this class was generated from the following files: