SIKE: added warning, keysize test

author: David Hook <dgh@cryptoworkshop.com> 2022-08-21 21:46:52 +1000
committer: David Hook <dgh@cryptoworkshop.com> 2022-08-21 21:46:52 +1000
commit: 1b88e8476e6823671766ad5c7e30aaff24fd13b6 (patch)
tree: 5f691199d9c63b8071e892320f3aa954318e6420
parent: added key size restrictions (diff)
download: BouncyCastle.NET-ed25519-1b88e8476e6823671766ad5c7e30aaff24fd13b6.tar.xz
17 files changed, 26 insertions, 20 deletions
diff --git a/crypto/src/pqc/crypto/sike/Fpx.cs b/crypto/src/pqc/crypto/sike/Fpx.cs
index d2ec32f89..2ba6ab2f5 100644
--- a/crypto/src/pqc/crypto/sike/Fpx.cs
+++ b/crypto/src/pqc/crypto/sike/Fpx.cs
@@ -8,7 +8,7 @@ using Org.BouncyCastle.Crypto.Utilities;
 
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-    public class Fpx
+    internal class Fpx
     {
         private SIKEEngine engine;
 
diff --git a/crypto/src/pqc/crypto/sike/Internal.cs b/crypto/src/pqc/crypto/sike/Internal.cs
index edd551a2b..6835185f0 100644
--- a/crypto/src/pqc/crypto/sike/Internal.cs
+++ b/crypto/src/pqc/crypto/sike/Internal.cs
@@ -5,8 +5,8 @@ using Org.BouncyCastle.Utilities.Encoders;
 
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-                
-        public abstract class Internal
+
+    internal abstract class Internal
         {
                 protected static Dictionary<string, string> _props;
                 
diff --git a/crypto/src/pqc/crypto/sike/Isogeny.cs b/crypto/src/pqc/crypto/sike/Isogeny.cs
index ace6e20b9..fc2b3e5ca 100644
--- a/crypto/src/pqc/crypto/sike/Isogeny.cs
+++ b/crypto/src/pqc/crypto/sike/Isogeny.cs
@@ -1,6 +1,6 @@
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-public class Isogeny
+    internal class Isogeny
 {
      SIKEEngine engine;
 
diff --git a/crypto/src/pqc/crypto/sike/P434.cs b/crypto/src/pqc/crypto/sike/P434.cs
index 2d4139927..98c77aa85 100644
--- a/crypto/src/pqc/crypto/sike/P434.cs
+++ b/crypto/src/pqc/crypto/sike/P434.cs
@@ -3,7 +3,7 @@ using System.IO;
 
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-public class P434 
+internal class P434 
     : Internal
 {
     // Encoding of field elementsL, elements over Z_orderL, elements over GF(p^2) and elliptic curve points:
diff --git a/crypto/src/pqc/crypto/sike/P503.cs b/crypto/src/pqc/crypto/sike/P503.cs
index 31b735873..fb0cb27c8 100644
--- a/crypto/src/pqc/crypto/sike/P503.cs
+++ b/crypto/src/pqc/crypto/sike/P503.cs
@@ -3,8 +3,8 @@ using System.IO;
 
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-    
-public class P503
+
+    internal class P503
     : Internal
 {
     // Encoding of field elements, elements over Z_order, elements over GF(p^2) and elliptic curve points:
diff --git a/crypto/src/pqc/crypto/sike/P610.cs b/crypto/src/pqc/crypto/sike/P610.cs
index 33f9956c7..ac3f0deec 100644
--- a/crypto/src/pqc/crypto/sike/P610.cs
+++ b/crypto/src/pqc/crypto/sike/P610.cs
@@ -3,7 +3,7 @@ using System.IO;
 
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-public class P610
+    internal class P610
     : Internal
 {
         internal P610(bool isCompressed)
diff --git a/crypto/src/pqc/crypto/sike/P751.cs b/crypto/src/pqc/crypto/sike/P751.cs
index b8d48d3aa..ab281c3a6 100644
--- a/crypto/src/pqc/crypto/sike/P751.cs
+++ b/crypto/src/pqc/crypto/sike/P751.cs
@@ -3,7 +3,7 @@ using System.IO;
 
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-public class P751
+    internal class P751
     : Internal
 {
     // Encoding of field elements, elements over Z_order, elements over GF(p^2) and elliptic curve points:
diff --git a/crypto/src/pqc/crypto/sike/PointProj.cs b/crypto/src/pqc/crypto/sike/PointProj.cs
index 92b982d4f..4f6e8b882 100644
--- a/crypto/src/pqc/crypto/sike/PointProj.cs
+++ b/crypto/src/pqc/crypto/sike/PointProj.cs
@@ -1,6 +1,6 @@
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-public class PointProj
+internal class PointProj
 {
     internal PointProj(uint nwords_field)
     {
diff --git a/crypto/src/pqc/crypto/sike/PointProjFull.cs b/crypto/src/pqc/crypto/sike/PointProjFull.cs
index f5d4598a8..4e717f31a 100644
--- a/crypto/src/pqc/crypto/sike/PointProjFull.cs
+++ b/crypto/src/pqc/crypto/sike/PointProjFull.cs
@@ -1,6 +1,6 @@
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-public class PointProjFull
+internal class PointProjFull
 {
     internal PointProjFull(uint nwords_field)
     {
diff --git a/crypto/src/pqc/crypto/sike/SIDH.cs b/crypto/src/pqc/crypto/sike/SIDH.cs
index d2e4b4929..d5a86d6b1 100644
--- a/crypto/src/pqc/crypto/sike/SIDH.cs
+++ b/crypto/src/pqc/crypto/sike/SIDH.cs
@@ -1,6 +1,6 @@
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-public class SIDH
+internal class SIDH
 {
     private SIKEEngine engine;
 
diff --git a/crypto/src/pqc/crypto/sike/SIDH_Compressed.cs b/crypto/src/pqc/crypto/sike/SIDH_Compressed.cs
index f701aea60..46a289c97 100644
--- a/crypto/src/pqc/crypto/sike/SIDH_Compressed.cs
+++ b/crypto/src/pqc/crypto/sike/SIDH_Compressed.cs
@@ -4,7 +4,7 @@ using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-public class SIDH_Compressed
+internal class SIDH_Compressed
 {
     private SIKEEngine engine;
 
diff --git a/crypto/src/pqc/crypto/sike/SIKEEngine.cs b/crypto/src/pqc/crypto/sike/SIKEEngine.cs
index 58c04b459..638087688 100644
--- a/crypto/src/pqc/crypto/sike/SIKEEngine.cs
+++ b/crypto/src/pqc/crypto/sike/SIKEEngine.cs
@@ -5,7 +5,7 @@ using Org.BouncyCastle.Security;
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
     
-public class SIKEEngine
+internal class SIKEEngine
 {
     private SecureRandom random;
     
diff --git a/crypto/src/pqc/crypto/sike/SIKEKEMExtractor.cs b/crypto/src/pqc/crypto/sike/SIKEKEMExtractor.cs
index 1d2bab871..3915e8890 100644
--- a/crypto/src/pqc/crypto/sike/SIKEKEMExtractor.cs
+++ b/crypto/src/pqc/crypto/sike/SIKEKEMExtractor.cs
@@ -1,4 +1,5 @@
 using Org.BouncyCastle.Crypto;
+using System;
 
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
@@ -29,6 +30,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike
 
     public byte[] ExtractSecret(byte[] encapsulation, uint sessionKeySizeInBits)
     {
+            Console.Error.WriteLine("WARNING: the SIKE algorithm is only for research purposes, insecure");
         byte[] session_key = new byte[sessionKeySizeInBits / 8];
         engine.crypto_kem_dec(session_key, encapsulation, ((SIKEPrivateKeyParameters)key).GetPrivateKey());
         return session_key;
diff --git a/crypto/src/pqc/crypto/sike/SIKEKEMGenerator.cs b/crypto/src/pqc/crypto/sike/SIKEKEMGenerator.cs
index 83c08ef56..cf98a0696 100644
--- a/crypto/src/pqc/crypto/sike/SIKEKEMGenerator.cs
+++ b/crypto/src/pqc/crypto/sike/SIKEKEMGenerator.cs
@@ -1,6 +1,7 @@
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Pqc.Crypto.Utilities;
 using Org.BouncyCastle.Security;
+using System;
 
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
@@ -26,6 +27,7 @@ public class SIKEKEMGenerator
 
     public ISecretWithEncapsulation GenerateEncapsulated(AsymmetricKeyParameter recipientKey, uint sessionKeySizeInBits)
     {
+            Console.Error.WriteLine("WARNING: the SIKE algorithm is only for research purposes, insecure");
         SIKEPublicKeyParameters key = (SIKEPublicKeyParameters)recipientKey;
         SIKEEngine engine = key.GetParameters().GetEngine();
         byte[] cipher_text = new byte[engine.GetCipherTextSize()];
diff --git a/crypto/src/pqc/crypto/sike/SIKEParameters.cs b/crypto/src/pqc/crypto/sike/SIKEParameters.cs
index 5c1b162f8..d687871ec 100644
--- a/crypto/src/pqc/crypto/sike/SIKEParameters.cs
+++ b/crypto/src/pqc/crypto/sike/SIKEParameters.cs
@@ -21,12 +21,13 @@ public class SIKEParameters
         this.engine = new SIKEEngine(ver, isCompressed, null);
     }
 
-    public SIKEEngine GetEngine()
+    internal SIKEEngine GetEngine()
     {
         return engine;
     }
 
-
-}
+        public string Name => name;
+        public int DefaultKeySize => (int)this.engine.GetDefaultSessionKeySize();
+    }
 
 }
\ No newline at end of file
diff --git a/crypto/src/pqc/crypto/sike/Utils.cs b/crypto/src/pqc/crypto/sike/Utils.cs
index 33f1f8696..013e39316 100644
--- a/crypto/src/pqc/crypto/sike/Utils.cs
+++ b/crypto/src/pqc/crypto/sike/Utils.cs
@@ -1,6 +1,6 @@
 namespace Org.BouncyCastle.Pqc.Crypto.Sike
 {
-    public class Utils
+    internal class Utils
     {
         public static ulong[][] InitArray(uint size1, uint size2)
         {
diff --git a/crypto/test/src/pqc/crypto/test/SikeVectorTest.cs b/crypto/test/src/pqc/crypto/test/SikeVectorTest.cs
index 951b3349b..8b7707bd4 100644
--- a/crypto/test/src/pqc/crypto/test/SikeVectorTest.cs
+++ b/crypto/test/src/pqc/crypto/test/SikeVectorTest.cs
@@ -113,9 +113,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
 
             byte[] dec_key = sikeDecCipher.ExtractSecret(generated_cipher_text);
 
-//                        System.out.println(Hex.toHexString(dec_key).toUpperCase());
-//                        System.out.println(Hex.toHexString(ss).toUpperCase());
+            //                        System.out.println(Hex.toHexString(dec_key).toUpperCase());
+            //                        System.out.println(Hex.toHexString(ss).toUpperCase());
 
+            Assert.True(SIKEParameters.DefaultKeySize == dec_key.Length * 8);
             Assert.True(Arrays.AreEqual(dec_key, ss), name + " " + count + ": kem_dec ss" );
             Assert.True(Arrays.AreEqual(dec_key, secret), name + " " + count + ": kem_dec key" );
author	David Hook <dgh@cryptoworkshop.com>	2022-08-21 21:46:52 +1000
committer	David Hook <dgh@cryptoworkshop.com>	2022-08-21 21:46:52 +1000
commit	1b88e8476e6823671766ad5c7e30aaff24fd13b6 (patch)
tree	5f691199d9c63b8071e892320f3aa954318e6420
parent	added key size restrictions (diff)
download	BouncyCastle.NET-ed25519-1b88e8476e6823671766ad5c7e30aaff24fd13b6.tar.xz