diff options
| author | David Hook <dgh@cryptoworkshop.com> | 2022-08-21 21:04:09 +1000 |
|---|---|---|
| committer | David Hook <dgh@cryptoworkshop.com> | 2022-08-21 21:04:09 +1000 |
| commit | 37fdb4543c83dc7f4accfde993fe7b32064b8de3 (patch) | |
| tree | 501fa781b966dcccef17e3531ee9ab13c6500f5f | |
| parent | Implement NextBytes(Span<byte) (diff) | |
| download | BouncyCastle.NET-ed25519-37fdb4543c83dc7f4accfde993fe7b32064b8de3.tar.xz | |
added key size restrictions
| -rw-r--r-- | crypto/src/pqc/crypto/ntruprime/NtruLPRimeParameters.cs | 20 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/ntruprime/NtruPrimeEngine.cs | 9 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/ntruprime/SNtruPrimeParameters.cs | 22 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/saber/SABEREngine.cs | 2 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/saber/SABERKeyPairGenerator.cs | 2 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/saber/SABERParameters.cs | 17 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/saber/Utils.cs | 4 | ||||
| -rw-r--r-- | crypto/test/src/pqc/crypto/test/NtruPrimeVectorTest.cs | 20 | ||||
| -rw-r--r-- | crypto/test/src/pqc/crypto/test/SaberVectorTest.cs | 23 |
9 files changed, 61 insertions, 58 deletions
diff --git a/crypto/src/pqc/crypto/ntruprime/NtruLPRimeParameters.cs b/crypto/src/pqc/crypto/ntruprime/NtruLPRimeParameters.cs index 6b12785bd..a8601250e 100644 --- a/crypto/src/pqc/crypto/ntruprime/NtruLPRimeParameters.cs +++ b/crypto/src/pqc/crypto/ntruprime/NtruLPRimeParameters.cs @@ -23,10 +23,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.NtruPrime private int _skBytes; private int _pkBytes; private int _ctBytes; + private int _defaultKeySize; private NtruPrimeEngine _primeEngine; private NtruLPRimeParameters(String name, int p, int q, bool LPR, int w, int tau0, - int tau1, int tau2, int tau3, int skBytes, int pkBytes, int ctBytes, int roundedBytes, int rqBytes) + int tau1, int tau2, int tau3, int skBytes, int pkBytes, int ctBytes, int roundedBytes, int rqBytes, int defaultKeySize) { this.name = name; this.p = p; @@ -44,21 +45,24 @@ namespace Org.BouncyCastle.Pqc.Crypto.NtruPrime this._skBytes = skBytes; this._pkBytes = pkBytes; this._ctBytes = ctBytes; - this._primeEngine = new NtruPrimeEngine(p,q, LPR, w, tau0, tau1, tau2, tau3, skBytes, pkBytes, ctBytes, roundedBytes, rqBytes); + this._primeEngine = new NtruPrimeEngine(p,q, LPR, w, tau0, tau1, tau2, tau3, skBytes, pkBytes, ctBytes, roundedBytes, rqBytes, defaultKeySize / 8); + this._defaultKeySize = defaultKeySize; } - public static NtruLPRimeParameters ntrulpr653 = new NtruLPRimeParameters("NTRU_LPRime_653", 653, 4621, true, 252, 2175,113,2031,290,1125,897,1025, 865, -1); - public static NtruLPRimeParameters ntrulpr761 = new NtruLPRimeParameters("NTRU_LPRime_761", 761, 4591, true, 250, 2156,114,2007,287,1294,1039,1167, 1007, -1); - public static NtruLPRimeParameters ntrulpr857 = new NtruLPRimeParameters("NTRU_LPRime_857", 857, 5167, true, 281, 2433,101,2265,324,1463,1184,1312, 1152, -1); - public static NtruLPRimeParameters ntrulpr953 = new NtruLPRimeParameters("NTRU_LPRime_953", 953, 6343, true, 345, 2997,82,2798,400,1652,1349,1477, 1317, -1); - public static NtruLPRimeParameters ntrulpr1013 = new NtruLPRimeParameters("NTRU_LPRime_1013", 1013, 7177, true, 392, 3367,73,3143,449,1773,1455,1583, 1423, -1); - public static NtruLPRimeParameters ntrulpr1277 = new NtruLPRimeParameters("NTRU_LPRime_1277", 1277, 7879, true, 429, 3724,66,3469,496,2231,1847,1975, 1815, -1); + public static NtruLPRimeParameters ntrulpr653 = new NtruLPRimeParameters("NTRU_LPRime_653", 653, 4621, true, 252, 2175,113,2031,290,1125,897,1025, 865, -1, 128); + public static NtruLPRimeParameters ntrulpr761 = new NtruLPRimeParameters("NTRU_LPRime_761", 761, 4591, true, 250, 2156,114,2007,287,1294,1039,1167, 1007, -1, 128); + public static NtruLPRimeParameters ntrulpr857 = new NtruLPRimeParameters("NTRU_LPRime_857", 857, 5167, true, 281, 2433,101,2265,324,1463,1184,1312, 1152, -1, 128); + public static NtruLPRimeParameters ntrulpr953 = new NtruLPRimeParameters("NTRU_LPRime_953", 953, 6343, true, 345, 2997,82,2798,400,1652,1349,1477, 1317, -1, 192); + public static NtruLPRimeParameters ntrulpr1013 = new NtruLPRimeParameters("NTRU_LPRime_1013", 1013, 7177, true, 392, 3367,73,3143,449,1773,1455,1583, 1423, -1, 192); + public static NtruLPRimeParameters ntrulpr1277 = new NtruLPRimeParameters("NTRU_LPRime_1277", 1277, 7879, true, 429, 3724,66,3469,496,2231,1847,1975, 1815, -1, 256); public int P => p; public bool lpr => LPR; public int Q => q; + public int DefaultKeySize => _defaultKeySize; + internal NtruPrimeEngine PrimeEngine => _primeEngine; } diff --git a/crypto/src/pqc/crypto/ntruprime/NtruPrimeEngine.cs b/crypto/src/pqc/crypto/ntruprime/NtruPrimeEngine.cs index 701a53cee..2302e0c4b 100644 --- a/crypto/src/pqc/crypto/ntruprime/NtruPrimeEngine.cs +++ b/crypto/src/pqc/crypto/ntruprime/NtruPrimeEngine.cs @@ -28,7 +28,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.NtruPrime private readonly int _smallBytes; private readonly int _hashBytes; - private const int SessionKeyBytes = 32; + private readonly int SessionKeyBytes; // Parameters for NTRU private readonly int _p; @@ -54,7 +54,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.NtruPrime public int SessionKeySize => SessionKeyBytes; public NtruPrimeEngine(int p, int q, bool lpr, int w, int tau0, - int tau1, int tau2, int tau3, int skBytes, int pkBytes, int ctBytes, int roundedBytes, int rqBytes) + int tau1, int tau2, int tau3, int skBytes, int pkBytes, int ctBytes, int roundedBytes, int rqBytes, int defaultKeyLen) { this._p = p; this._q = q; @@ -73,6 +73,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.NtruPrime this._lpr = lpr; this._confirmBytes = 32; + this.SessionKeyBytes = defaultKeyLen; _smallBytes = ((p + 3) / 4); _q12 = ((q - 1) / 2); @@ -1233,7 +1234,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.NtruPrime } } - HashPrefix(ref output, b, ref x, x.Length); + byte[] hash = new byte[32]; + HashPrefix(ref hash, b, ref x, x.Length); + Array.Copy(hash, 0, output, 0, output.Length); } private int NegativeMask(short x) diff --git a/crypto/src/pqc/crypto/ntruprime/SNtruPrimeParameters.cs b/crypto/src/pqc/crypto/ntruprime/SNtruPrimeParameters.cs index 8a73d6235..95d63d1a8 100644 --- a/crypto/src/pqc/crypto/ntruprime/SNtruPrimeParameters.cs +++ b/crypto/src/pqc/crypto/ntruprime/SNtruPrimeParameters.cs @@ -19,10 +19,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.NtruPrime private int _skBytes; private int _pkBytes; private int _ctBytes; + private int _defaultKeySize; private NtruPrimeEngine _primeEngine; - private SNtruPrimeParameters(String name, int p, int q, bool LPR, int w, int tau0, - int tau1, int tau2, int tau3, int skBytes, int pkBytes, int ctBytes, int roundedBytes, int rqBytes) + int tau1, int tau2, int tau3, int skBytes, int pkBytes, int ctBytes, int roundedBytes, int rqBytes, int defaultKeySize) { this.name = name; this.p = p; @@ -33,28 +33,30 @@ namespace Org.BouncyCastle.Pqc.Crypto.NtruPrime this._tau1 = tau1; this._tau2 = tau2; this._tau3 = tau3; - + // KEM Parameters this._roundedBytes = roundedBytes; this._rqBytes = rqBytes; this._skBytes = skBytes; this._pkBytes = pkBytes; this._ctBytes = ctBytes; - this._primeEngine = new NtruPrimeEngine(p,q, LPR, w, tau0, tau1, tau2, tau3, skBytes, pkBytes, ctBytes, roundedBytes, rqBytes); + this._primeEngine = new NtruPrimeEngine(p, q, LPR, w, tau0, tau1, tau2, tau3, skBytes, pkBytes, ctBytes, roundedBytes, rqBytes, defaultKeySize / 8); + this._defaultKeySize = defaultKeySize; } - public static SNtruPrimeParameters sntrup653 = new SNtruPrimeParameters("SNTRU_Prime_653", 653, 4621, false, 288, -1,-1,-1,-1,1518,994,897, 865, 994); - public static SNtruPrimeParameters sntrup761 = new SNtruPrimeParameters("SNTRU_Prime_761", 761, 4591, false, 286, -1,-1,-1,-1,1763,1158,1039, 1007, 1158); - public static SNtruPrimeParameters sntrup857 = new SNtruPrimeParameters("SNTRU_Prime_857", 857, 5167, false, 322, -1,-1,-1,-1,1999,1322,1184, 1152, 1322); - public static SNtruPrimeParameters sntrup953 = new SNtruPrimeParameters("SNTRU_Prime_953", 953, 6343, false, 396, -1,-1,-1,-1,2254,1505,1349, 1317, 1505); - public static SNtruPrimeParameters sntrup1013 = new SNtruPrimeParameters("SNTRU_Prime_1013", 1013, 7177, false, 448, -1,-1,-1,-1,2417,1623,1455, 1423, 1623); - public static SNtruPrimeParameters sntrup1277 = new SNtruPrimeParameters("SNTRU_Prime_1277", 1277, 7879, false, 492, -1,-1,-1,-1,3059,2067,1847, 1815, 2067); + public static SNtruPrimeParameters sntrup653 = new SNtruPrimeParameters("SNTRU_Prime_653", 653, 4621, false, 288, -1,-1,-1,-1,1518,994,897, 865, 994, 128); + public static SNtruPrimeParameters sntrup761 = new SNtruPrimeParameters("SNTRU_Prime_761", 761, 4591, false, 286, -1,-1,-1,-1,1763,1158,1039, 1007, 1158, 128); + public static SNtruPrimeParameters sntrup857 = new SNtruPrimeParameters("SNTRU_Prime_857", 857, 5167, false, 322, -1,-1,-1,-1,1999,1322,1184, 1152, 1322, 128); + public static SNtruPrimeParameters sntrup953 = new SNtruPrimeParameters("SNTRU_Prime_953", 953, 6343, false, 396, -1,-1,-1,-1,2254,1505,1349, 1317, 1505, 192); + public static SNtruPrimeParameters sntrup1013 = new SNtruPrimeParameters("SNTRU_Prime_1013", 1013, 7177, false, 448, -1,-1,-1,-1,2417,1623,1455, 1423, 1623, 192); + public static SNtruPrimeParameters sntrup1277 = new SNtruPrimeParameters("SNTRU_Prime_1277", 1277, 7879, false, 492, -1,-1,-1,-1,3059,2067,1847, 1815, 2067, 256); public int P => p; public bool lpr => LPR; public int Q => q; + public int DefaultKeySize => _defaultKeySize; internal NtruPrimeEngine PrimeEngine => _primeEngine; } diff --git a/crypto/src/pqc/crypto/saber/SABEREngine.cs b/crypto/src/pqc/crypto/saber/SABEREngine.cs index 4be553957..38efdd8f3 100644 --- a/crypto/src/pqc/crypto/saber/SABEREngine.cs +++ b/crypto/src/pqc/crypto/saber/SABEREngine.cs @@ -7,7 +7,7 @@ using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Saber { - public class SABEREngine + internal class SABEREngine { // constant parameters public static int SABER_EQ = 13; diff --git a/crypto/src/pqc/crypto/saber/SABERKeyPairGenerator.cs b/crypto/src/pqc/crypto/saber/SABERKeyPairGenerator.cs index 1b74a2833..79b59ee1d 100644 --- a/crypto/src/pqc/crypto/saber/SABERKeyPairGenerator.cs +++ b/crypto/src/pqc/crypto/saber/SABERKeyPairGenerator.cs @@ -19,7 +19,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber this.saberParams = (SABERKeyGenerationParameters) param; this.random = param.Random; - this.l = this.saberParams.GetParameters().GetL(); + this.l = this.saberParams.GetParameters().L; } private AsymmetricCipherKeyPair GenKeyPair() diff --git a/crypto/src/pqc/crypto/saber/SABERParameters.cs b/crypto/src/pqc/crypto/saber/SABERParameters.cs index b53c9cf6f..50b577ab8 100644 --- a/crypto/src/pqc/crypto/saber/SABERParameters.cs +++ b/crypto/src/pqc/crypto/saber/SABERParameters.cs @@ -33,22 +33,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber this.engine = new SABEREngine(l, defaultKeySize); } - public String GetName() - { - return name; - } + public String Name => name; - public int GetL() - { - return l; - } + public int L => l; - public int GetDefaultKeySize() - { - return defaultKeySize; - } + public int DefaultKeySize => defaultKeySize; - public SABEREngine GetEngine() + internal SABEREngine GetEngine() { return engine; } diff --git a/crypto/src/pqc/crypto/saber/Utils.cs b/crypto/src/pqc/crypto/saber/Utils.cs index 32a544c1f..ff74ef1cb 100644 --- a/crypto/src/pqc/crypto/saber/Utils.cs +++ b/crypto/src/pqc/crypto/saber/Utils.cs @@ -1,6 +1,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber { - public class Utils + internal class Utils { private int SABER_N; @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber private int SABER_EP; private int SABER_KEYBYTES; - public Utils(SABEREngine engine) + internal Utils(SABEREngine engine) { this.SABER_N = engine.getSABER_N(); this.SABER_L = engine.getSABER_L(); diff --git a/crypto/test/src/pqc/crypto/test/NtruPrimeVectorTest.cs b/crypto/test/src/pqc/crypto/test/NtruPrimeVectorTest.cs index dca3a0f45..178e05fc9 100644 --- a/crypto/test/src/pqc/crypto/test/NtruPrimeVectorTest.cs +++ b/crypto/test/src/pqc/crypto/test/NtruPrimeVectorTest.cs @@ -73,7 +73,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests { // Console.WriteLine("Zero"); } - + byte[] seed = Hex.Decode(buf["seed"]); byte[] pk = Hex.Decode(buf["pk"]); byte[] ct = Hex.Decode(buf["ct"]); @@ -108,14 +108,15 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests // Check secret byte[] secret = secWenc.GetSecret(); - Assert.True(Arrays.AreEqual(ss, secret), name + " " + count + ": kem_enc secret"); - + Assert.True(Arrays.AreEqual(ss, 0, secret.Length, secret, 0, secret.Length), name + " " + count + ": kem_enc secret"); + // Decapsulation NtruLPRimeKemExtractor ntruDecCipher = new NtruLPRimeKemExtractor(privParams); byte[] dec_key = ntruDecCipher.ExtractSecret(generatedCT); - + // Check decapsulation secret - Assert.True(Arrays.AreEqual(dec_key, ss), $"{name} {count}: kem_dec ss"); + Assert.True(ntruPParameters.DefaultKeySize == dec_key.Length * 8); + Assert.True(Arrays.AreEqual(dec_key, 0, dec_key.Length, ss, 0, dec_key.Length), $"{name} {count}: kem_dec ss"); Assert.True(Arrays.AreEqual(dec_key, secret),$"{name} {count}: kem_dec key"); } buf.Clear(); @@ -171,7 +172,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests if (line.Length == 0) { - if (buf.Count > 0) + if (buf.Count > 0 && !sampler.SkipTest(buf["count"])) { String count = buf["count"]; @@ -214,15 +215,16 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests // Check secret byte[] secret = secWenc.GetSecret(); - Assert.True(Arrays.AreEqual(ss, secret), name + " " + count + ": kem_enc secret"); + Assert.True(Arrays.AreEqual(ss, 0, secret.Length, secret, 0, secret.Length), name + " " + count + ": kem_enc secret"); // Decapsulation SNtruPrimeKemExtractor ntruDecCipher = new SNtruPrimeKemExtractor(privParams); byte[] dec_key = ntruDecCipher.ExtractSecret(generatedCT); // Check decapsulation secret - Assert.True(Arrays.AreEqual(dec_key, ss), $"{name} {count}: kem_dec ss"); - Assert.True(Arrays.AreEqual(dec_key, secret), $"{name} {count}: kem_dec key"); + Assert.True(ntruPParameters.DefaultKeySize == dec_key.Length * 8); + Assert.True(Arrays.AreEqual(dec_key, 0, dec_key.Length, ss, 0, dec_key.Length), $"{name} {count}: kem_dec ss"); + Assert.True(Arrays.AreEqual(dec_key, 0, dec_key.Length, secret, 0, secret.Length), $"{name} {count}: kem_dec key"); } buf.Clear(); diff --git a/crypto/test/src/pqc/crypto/test/SaberVectorTest.cs b/crypto/test/src/pqc/crypto/test/SaberVectorTest.cs index 73ad7c47d..bc519614f 100644 --- a/crypto/test/src/pqc/crypto/test/SaberVectorTest.cs +++ b/crypto/test/src/pqc/crypto/test/SaberVectorTest.cs @@ -31,15 +31,15 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests SABERParameters.firesaberkem256r3, }; - Assert.AreEqual(128, SABERParameters.lightsaberkem128r3.GetDefaultKeySize()); - Assert.AreEqual(128, SABERParameters.saberkem128r3.GetDefaultKeySize()); - Assert.AreEqual(128, SABERParameters.firesaberkem128r3.GetDefaultKeySize()); - Assert.AreEqual(192, SABERParameters.lightsaberkem192r3.GetDefaultKeySize()); - Assert.AreEqual(192, SABERParameters.saberkem192r3.GetDefaultKeySize()); - Assert.AreEqual(192, SABERParameters.firesaberkem192r3.GetDefaultKeySize()); - Assert.AreEqual(256, SABERParameters.lightsaberkem256r3.GetDefaultKeySize()); - Assert.AreEqual(256, SABERParameters.saberkem256r3.GetDefaultKeySize()); - Assert.AreEqual(256, SABERParameters.firesaberkem256r3.GetDefaultKeySize()); + Assert.AreEqual(128, SABERParameters.lightsaberkem128r3.DefaultKeySize); + Assert.AreEqual(128, SABERParameters.saberkem128r3.DefaultKeySize); + Assert.AreEqual(128, SABERParameters.firesaberkem128r3.DefaultKeySize); + Assert.AreEqual(192, SABERParameters.lightsaberkem192r3.DefaultKeySize); + Assert.AreEqual(192, SABERParameters.saberkem192r3.DefaultKeySize); + Assert.AreEqual(192, SABERParameters.firesaberkem192r3.DefaultKeySize); + Assert.AreEqual(256, SABERParameters.lightsaberkem256r3.DefaultKeySize); + Assert.AreEqual(256, SABERParameters.saberkem256r3.DefaultKeySize); + Assert.AreEqual(256, SABERParameters.firesaberkem256r3.DefaultKeySize); } [Test] @@ -119,14 +119,15 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests byte[] generated_cipher_text = secWenc.GetEncapsulation(); Assert.True(Arrays.AreEqual(ct, generated_cipher_text), name + " " + count + ": kem_enc cipher text"); byte[] secret = secWenc.GetSecret(); - Assert.True(Arrays.AreEqual(ss, secret), name + " " + count + ": kem_enc key"); + Assert.True(Arrays.AreEqual(ss, 0, secret.Length, secret, 0, secret.Length), name + " " + count + ": kem_enc key"); // KEM Dec SABERKEMExtractor SABERDecCipher = new SABERKEMExtractor(privParams); byte[] dec_key = SABERDecCipher.ExtractSecret(generated_cipher_text); - Assert.True(Arrays.AreEqual(dec_key, ss), name + " " + count + ": kem_dec ss"); + Assert.True(parameters.DefaultKeySize == dec_key.Length * 8); + Assert.True(Arrays.AreEqual(dec_key, 0, dec_key.Length, ss, 0, dec_key.Length), name + " " + count + ": kem_dec ss"); Assert.True(Arrays.AreEqual(dec_key, secret), name + " " + count + ": kem_dec key"); } |