github.com/cloudflare/circl@v1.5.0/kem/sike/templates/pkg.templ.go (about) 1 // +build ignore 2 // The previous line (and this one up to the warning below) is removed by the 3 // template generator. 4 5 // Code generated from pkg.templ.go. DO NOT EDIT. 6 7 // Package {{.Pkg}} is deprecated, it implements the key encapsulation mechanism {{.Name}}. 8 // 9 // # DEPRECATION NOTICE 10 // 11 // SIDH and SIKE are deprecated as were shown vulnerable to a key recovery 12 // attack by Castryck-Decru's paper (https://eprint.iacr.org/2022/975). New 13 // systems should not rely on this package. This package is frozen. 14 package {{.Pkg}} 15 16 import ( 17 "bytes" 18 cryptoRand "crypto/rand" 19 "crypto/subtle" 20 "io" 21 22 "github.com/cloudflare/circl/dh/sidh" 23 "github.com/cloudflare/circl/internal/sha3" 24 "github.com/cloudflare/circl/kem" 25 ) 26 27 28 // Deprecated: not cryptographically secure. 29 type PrivateKey struct { 30 sk *sidh.PrivateKey 31 pk *sidh.PublicKey 32 } 33 34 // Deprecated: not cryptographically secure. 35 type PublicKey sidh.PublicKey 36 37 const ( 38 SeedSize = 32 39 EncapsulationSeedSize = 32 40 ) 41 42 type scheme struct{} 43 44 var sch kem.Scheme = &scheme{} 45 46 // Scheme returns a KEM interface. 47 // 48 // Deprecated: not cryptographically secure. 49 func Scheme() kem.Scheme { return sch } 50 51 var params *sidh.KEM 52 53 func (*scheme) Name() string { return "{{.Name}}" } 54 func (*scheme) PublicKeySize() int { return params.PublicKeySize() } 55 func (*scheme) PrivateKeySize() int { return params.PrivateKeySize() } 56 func (*scheme) SeedSize() int { return SeedSize } 57 func (*scheme) SharedKeySize() int { return params.SharedSecretSize() } 58 func (*scheme) CiphertextSize() int { return params.CiphertextSize() } 59 func (*scheme) EncapsulationSeedSize() int { return EncapsulationSeedSize } 60 61 func (sk *PrivateKey) Scheme() kem.Scheme { return sch } 62 func (pk *PublicKey) Scheme() kem.Scheme { return sch } 63 64 func (sk *PrivateKey) MarshalBinary() ([]byte, error) { 65 ret := make([]byte, sk.sk.Size()) 66 sk.sk.Export(ret) 67 return ret, nil 68 } 69 70 func (sk *PrivateKey) Equal(other kem.PrivateKey) bool { 71 oth, ok := other.(*PrivateKey) 72 if !ok { 73 return false 74 } 75 a, _ := sk.MarshalBinary() 76 b, _ := oth.MarshalBinary() 77 return subtle.ConstantTimeCompare(a, b) == 1 78 } 79 80 func (sk *PrivateKey) Public() kem.PublicKey { 81 if sk.pk == nil { 82 sk.pk = sidh.NewPublicKey(sidh.{{.Field}}, sidh.KeyVariantSike) 83 sk.sk.GeneratePublicKey(sk.pk) 84 } 85 return (*PublicKey)(sk.pk) 86 } 87 88 func (pk *PublicKey) Equal(other kem.PublicKey) bool { 89 oth, ok := other.(*PublicKey) 90 if !ok { 91 return false 92 } 93 a, _ := pk.MarshalBinary() 94 b, _ := oth.MarshalBinary() 95 return bytes.Equal(a, b) 96 } 97 98 func (pk *PublicKey) MarshalBinary() ([]byte, error) { 99 cpk := (*sidh.PublicKey)(pk) 100 ret := make([]byte, cpk.Size()) 101 cpk.Export(ret) 102 return ret, nil 103 } 104 105 // Deprecated: not cryptographically secure. 106 func GenerateKeyPair(rand io.Reader) (kem.PublicKey, kem.PrivateKey, error) { 107 sk := sidh.NewPrivateKey(sidh.{{.Field}}, sidh.KeyVariantSike) 108 109 if err := sk.Generate(rand); err != nil { 110 return nil, nil, err 111 } 112 priv := &PrivateKey{sk: sk} 113 114 return priv.Public(), priv, nil 115 } 116 117 func (*scheme) GenerateKeyPair() (kem.PublicKey, kem.PrivateKey, error) { 118 return GenerateKeyPair(cryptoRand.Reader) 119 } 120 121 func (*scheme) DeriveKeyPair(seed []byte) (kem.PublicKey, kem.PrivateKey) { 122 if len(seed) != SeedSize { 123 panic(kem.ErrSeedSize) 124 } 125 h := sha3.NewShake256() 126 _, _ = h.Write(seed[:]) 127 pk, sk, err := GenerateKeyPair(&h) 128 129 if err != nil { 130 panic(err) 131 } 132 133 return pk, sk 134 } 135 136 func (sch *scheme) Encapsulate(pk kem.PublicKey) (ct []byte, ss []byte, err error) { 137 var seed [EncapsulationSeedSize]byte 138 if _, err := cryptoRand.Read(seed[:]); err != nil { 139 return nil, nil, err 140 } 141 return sch.EncapsulateDeterministically(pk, seed[:]) 142 } 143 144 func (sch *scheme) EncapsulateDeterministically(pk kem.PublicKey, seed []byte) (ct []byte, ss []byte, err error) { 145 if len(seed) != EncapsulationSeedSize { 146 return nil, nil, kem.ErrSeedSize 147 } 148 149 pub, ok := pk.(*PublicKey) 150 if !ok { 151 return nil, nil, kem.ErrTypeMismatch 152 } 153 154 ct = make([]byte, sch.CiphertextSize()) 155 ss = make([]byte, sch.SharedKeySize()) 156 157 h := sha3.NewShake256() 158 _, _ = h.Write(seed[:]) 159 ctx := sidh.NewSike{{.Bits}}(&h) 160 161 if err := ctx.Encapsulate(ct, ss, (*sidh.PublicKey)(pub)); err != nil { 162 return nil, nil, err 163 } 164 return ct, ss, nil 165 } 166 167 func (sch *scheme) Decapsulate(sk kem.PrivateKey, ct []byte) ([]byte, error) { 168 if len(ct) != sch.CiphertextSize() { 169 return nil, kem.ErrCiphertextSize 170 } 171 172 priv, ok := sk.(*PrivateKey) 173 if !ok { 174 return nil, kem.ErrTypeMismatch 175 } 176 177 sikePub := sidh.NewPublicKey(sidh.{{.Field}}, sidh.KeyVariantSike) 178 priv.sk.GeneratePublicKey(sikePub) 179 180 ss := make([]byte, sch.SharedKeySize()) 181 182 ctx := sidh.NewSike{{.Bits}}(nil) 183 if err := ctx.Decapsulate(ss, priv.sk, sikePub, ct); err != nil { 184 return nil, err 185 } 186 187 return ss, nil 188 } 189 190 func (sch *scheme) UnmarshalBinaryPublicKey(buf []byte) (kem.PublicKey, error) { 191 if len(buf) != sch.PublicKeySize() { 192 return nil, kem.ErrPubKeySize 193 } 194 pk := sidh.NewPublicKey(sidh.{{.Field}}, sidh.KeyVariantSike) 195 if err := pk.Import(buf); err != nil { 196 return nil, err 197 } 198 return (*PublicKey)(pk), nil 199 } 200 201 func (sch *scheme) UnmarshalBinaryPrivateKey(buf []byte) (kem.PrivateKey, error) { 202 if len(buf) != sch.PrivateKeySize() { 203 return nil, kem.ErrPrivKeySize 204 } 205 sk := sidh.NewPrivateKey(sidh.{{.Field}}, sidh.KeyVariantSike) 206 if err := sk.Import(buf); err != nil { 207 return nil, err 208 } 209 return &PrivateKey{sk: sk}, nil 210 } 211 212 func init() { 213 params = sidh.NewSike{{.Bits}}(nil) 214 }