diff options
author | Pedram Fardzadeh <p.fardzadeh@protonmail.com> | 2024-03-04 01:26:31 +0100 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2024-03-06 11:23:56 +0100 |
commit | fbdeca81292cd3a00af9a336fd52079e41fe8879 (patch) | |
tree | bc0f9b580ada93189c531e0c15c96800e68439f3 /src | |
parent | ae50b256e873150251d9a621715e55809457579d (diff) | |
download | gnunet-fbdeca81292cd3a00af9a336fd52079e41fe8879.tar.gz gnunet-fbdeca81292cd3a00af9a336fd52079e41fe8879.zip |
elligator: kem encaps and decaps
Diffstat (limited to 'src')
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 36 | ||||
-rw-r--r-- | src/lib/util/crypto_elligator.c | 33 | ||||
-rw-r--r-- | src/lib/util/test_crypto_elligator.c | 34 |
3 files changed, 103 insertions, 0 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 7b7d559cc..4af95af0f 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -2747,6 +2747,42 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create ( | |||
2747 | struct GNUNET_CRYPTO_ElligatorRepresentative *repr, | 2747 | struct GNUNET_CRYPTO_ElligatorRepresentative *repr, |
2748 | struct GNUNET_CRYPTO_EcdhePrivateKey *pk); | 2748 | struct GNUNET_CRYPTO_EcdhePrivateKey *pk); |
2749 | 2749 | ||
2750 | /** | ||
2751 | * @ingroup crypto | ||
2752 | * Carries out ecdh encapsulation with given public key and a freshly created ephemeral key pair. Ephemeral public key is given as a representative. | ||
2753 | * | ||
2754 | * Following the terminology in https://eprint.iacr.org/2021/509.pdf | ||
2755 | * @param pub receivers edwards curve public key (X) | ||
2756 | * @param r representative of ephemeral public key A to use for the ECDH (direct_map(r)=A=aG) | ||
2757 | * @param key_material where to write the key material H(aX)=H(x(aG)) | ||
2758 | * @return #GNUNET_SYSERR on error, #GNUNET_OK on success | ||
2759 | */ | ||
2760 | enum GNUNET_GenericReturnValue | ||
2761 | GNUNET_CRYPTO_eddsa_elligator_kem_encaps (const struct | ||
2762 | GNUNET_CRYPTO_EddsaPublicKey *pub, | ||
2763 | struct | ||
2764 | GNUNET_CRYPTO_ElligatorRepresentative | ||
2765 | *r, | ||
2766 | struct GNUNET_HashCode *key_material); | ||
2767 | |||
2768 | /** | ||
2769 | * @ingroup crypto | ||
2770 | * Carries out ecdh decapsulation with given private key and the representative of received public key. | ||
2771 | * | ||
2772 | * Following the terminology in https://eprint.iacr.org/2021/509.pdf | ||
2773 | * @param priv own private key (x) | ||
2774 | * @param r received representative (direct_map(r)=A=aG) | ||
2775 | * @param key_material where to write the key material H(xA)=H(a(xG)) | ||
2776 | * @return #GNUNET_SYSERR on error, #GNUNET_OK on success | ||
2777 | */ | ||
2778 | enum GNUNET_GenericReturnValue | ||
2779 | GNUNET_CRYPTO_eddsa_elligator_kem_decaps (const struct | ||
2780 | GNUNET_CRYPTO_EddsaPrivateKey *priv, | ||
2781 | struct | ||
2782 | GNUNET_CRYPTO_ElligatorRepresentative | ||
2783 | *r, | ||
2784 | struct GNUNET_HashCode *key_material); | ||
2785 | |||
2750 | 2786 | ||
2751 | /** | 2787 | /** |
2752 | * Output the given MPI value to the given buffer in network | 2788 | * Output the given MPI value to the given buffer in network |
diff --git a/src/lib/util/crypto_elligator.c b/src/lib/util/crypto_elligator.c index 7ff37be46..d7f4bb1dd 100644 --- a/src/lib/util/crypto_elligator.c +++ b/src/lib/util/crypto_elligator.c | |||
@@ -620,3 +620,36 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create ( | |||
620 | repr->r[31] |= 64; | 620 | repr->r[31] |= 64; |
621 | } | 621 | } |
622 | } | 622 | } |
623 | |||
624 | |||
625 | enum GNUNET_GenericReturnValue | ||
626 | GNUNET_CRYPTO_eddsa_elligator_kem_encaps (const struct | ||
627 | GNUNET_CRYPTO_EddsaPublicKey *pub, | ||
628 | struct | ||
629 | GNUNET_CRYPTO_ElligatorRepresentative | ||
630 | *r, | ||
631 | struct GNUNET_HashCode *key_material) | ||
632 | { | ||
633 | struct GNUNET_CRYPTO_EcdhePrivateKey sk_eph; | ||
634 | struct GNUNET_CRYPTO_EcdhePublicKey pub_eph; | ||
635 | |||
636 | GNUNET_CRYPTO_ecdhe_elligator_key_create (r, &sk_eph); | ||
637 | // TODO: probably makes more sense if key_create outputs ecdhe pub instead of repr because ecdhe pub is needed for ecdh on senders side. | ||
638 | GNUNET_CRYPTO_ecdhe_elligator_decoding (&pub_eph, NULL, r); | ||
639 | |||
640 | return GNUNET_CRYPTO_ecdh_eddsa (&sk_eph, pub, key_material); | ||
641 | } | ||
642 | |||
643 | |||
644 | enum GNUNET_GenericReturnValue | ||
645 | GNUNET_CRYPTO_eddsa_elligator_kem_decaps (const struct | ||
646 | GNUNET_CRYPTO_EddsaPrivateKey *priv, | ||
647 | struct | ||
648 | GNUNET_CRYPTO_ElligatorRepresentative | ||
649 | *r, | ||
650 | struct GNUNET_HashCode *key_material) | ||
651 | { | ||
652 | struct GNUNET_CRYPTO_EcdhePublicKey pub; | ||
653 | GNUNET_CRYPTO_ecdhe_elligator_decoding (&pub, NULL, r); | ||
654 | return GNUNET_CRYPTO_eddsa_ecdh (priv, &pub, key_material); | ||
655 | } \ No newline at end of file | ||
diff --git a/src/lib/util/test_crypto_elligator.c b/src/lib/util/test_crypto_elligator.c index 463cb0a0c..c42e1de3a 100644 --- a/src/lib/util/test_crypto_elligator.c +++ b/src/lib/util/test_crypto_elligator.c | |||
@@ -223,6 +223,34 @@ testTimeDecoding (void) | |||
223 | } | 223 | } |
224 | 224 | ||
225 | 225 | ||
226 | static int | ||
227 | elligatorKEM () | ||
228 | { | ||
229 | struct GNUNET_CRYPTO_EddsaPrivateKey pk; | ||
230 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
231 | GNUNET_CRYPTO_eddsa_key_create (&pk); | ||
232 | GNUNET_CRYPTO_eddsa_key_get_public (&pk,&pub); | ||
233 | |||
234 | struct GNUNET_CRYPTO_ElligatorRepresentative r; | ||
235 | |||
236 | // Sender side | ||
237 | struct GNUNET_HashCode key_material_encaps; | ||
238 | GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&pub, &r, &key_material_encaps); | ||
239 | |||
240 | // Receiving side | ||
241 | struct GNUNET_HashCode key_material_decaps; | ||
242 | GNUNET_CRYPTO_eddsa_elligator_kem_decaps (&pk,&r,&key_material_decaps); | ||
243 | |||
244 | if (memcmp (&(key_material_encaps.bits),&(key_material_decaps.bits), | ||
245 | sizeof(key_material_encaps.bits)) != 0) | ||
246 | { | ||
247 | return GNUNET_SYSERR; | ||
248 | } | ||
249 | |||
250 | return GNUNET_OK; | ||
251 | } | ||
252 | |||
253 | |||
226 | /* | 254 | /* |
227 | *More tests to implement: | 255 | *More tests to implement: |
228 | * Adding more test vectors from different sources for inverse and direct map | 256 | * Adding more test vectors from different sources for inverse and direct map |
@@ -268,6 +296,12 @@ main (int argc, char *argv[]) | |||
268 | failure_count++; | 296 | failure_count++; |
269 | } | 297 | } |
270 | 298 | ||
299 | if (GNUNET_OK != elligatorKEM ()) | ||
300 | { | ||
301 | printf ("Elligator KEM failed!"); | ||
302 | failure_count++; | ||
303 | } | ||
304 | |||
271 | if (0 != failure_count) | 305 | if (0 != failure_count) |
272 | { | 306 | { |
273 | fprintf (stderr, | 307 | fprintf (stderr, |