sarkara 0.8.0

A Post-Quantum cryptography library.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

//! [newhope](https://eprint.iacr.org/2015/1092).

use std::io;
use std::convert::TryFrom;
use seckey::Key;
use rand::{ Rand, Rng, OsRng };
use newhope::{
    N, POLY_BYTES, SENDABYTES, SENDBBYTES,
    poly_frombytes, poly_tobytes,
    rec_frombytes, rec_tobytes,
    keygen, sharedb, shareda,
    sha3_256
};
use super::KeyExchange;


/// Newhope key exchange.
///
/// # Example(exchange)
/// ```
/// # extern crate rand;
/// # extern crate sarkara;
/// # fn main() {
/// use rand::ChaChaRng;
/// use sarkara::kex::{ KeyExchange, NewHope };
///
/// let (mut keya, mut keyb) = ([0; 32], [0; 32]);
/// let (sk, pk) = NewHope::keygen::<ChaChaRng>();
/// let rec = NewHope::exchange::<ChaChaRng>(&mut keyb, &pk);
/// NewHope::exchange_from(&mut keya, &sk, &rec);
///
/// assert_eq!(keya, keyb);
/// # }
/// ```
///
/// # Example(import/export)
/// ```
/// # #![feature(try_from)]
/// # extern crate rand;
/// # extern crate sarkara;
/// # fn main() {
/// # use std::convert::TryFrom;
/// # use rand::ChaChaRng;
/// # use sarkara::kex::{ KeyExchange, NewHope };
/// # let (mut keya, mut keyb) = ([0; 32], [0; 32]);
/// # let (sk, pk) = NewHope::keygen::<ChaChaRng>();
/// let sk_bytes: Vec<u8> = sk.into();
/// let sk = <NewHope as KeyExchange>::PrivateKey::try_from(&sk_bytes[..]).unwrap();
/// # let rec = NewHope::exchange::<ChaChaRng>(&mut keyb, &pk);
/// # NewHope::exchange_from(&mut keya, &sk, &rec);
/// # assert_eq!(keya, keyb);
/// # }
/// ```
pub struct NewHope;

impl KeyExchange for NewHope {
    type PrivateKey = PrivateKey;
    type PublicKey = PublicKey;
    type Reconciliation = Reconciliation;

    const SK_LENGTH: usize = POLY_BYTES;
    const PK_LENGTH: usize = SENDABYTES;
    const REC_LENGTH: usize = SENDBBYTES;

    fn keygen<R: Rand + Rng>() -> (Self::PrivateKey, Self::PublicKey) {
        let (mut sk, mut pk) = (Key::from([0; N]), [0; SENDABYTES]);

        {
            let mut pka = [0; N];
            let mut rng = OsRng::new().unwrap().gen::<R>();

            rng.fill_bytes(&mut pk[POLY_BYTES..]);
            keygen(&mut *sk, &mut pka, &pk[POLY_BYTES..], rng);

            pk[..POLY_BYTES].clone_from_slice(&poly_tobytes(&pka));
        }

        (PrivateKey(sk), PublicKey(pk))
    }

    fn exchange<R: Rand + Rng>(sharedkey: &mut [u8], &PublicKey(ref pka): &Self::PublicKey) -> Self::Reconciliation {
        let (mut key, mut pkb, mut rec) = (Key::from([0u8; 32]), [0; N], [0; N]);
        let (pk, nonce) = pka.split_at(POLY_BYTES);

        sharedb(
            &mut *key, &mut pkb, &mut rec,
            &poly_frombytes(pk), nonce, OsRng::new().unwrap().gen::<R>()
        );

        sha3_256(sharedkey, &*key);

        let mut output = [0; SENDBBYTES];
        output[..POLY_BYTES].clone_from_slice(&poly_tobytes(&pkb));
        output[POLY_BYTES..].clone_from_slice(&rec_tobytes(&rec));
        Reconciliation(output)
    }

    fn exchange_from(
        sharedkey: &mut [u8],
        &PrivateKey(ref sk): &Self::PrivateKey,
        &Reconciliation(ref pk): &Self::Reconciliation
    ) {
        let mut key = Key::from([0u8; 32]);
        let (pkb, rec) = pk.split_at(POLY_BYTES);
        shareda(
            &mut *key, &sk[..],
            &poly_frombytes(pkb),
            &rec_frombytes(rec)
        );

        sha3_256(sharedkey, &key[..]);
    }
}


new_type!(
    /// Newhope private key.
    pub struct PrivateKey(pub Key<[u16; N]>);
    from: (input) {
        if input.len() == POLY_BYTES {
            Ok(PrivateKey(Key::from(poly_frombytes(input))))
        } else {
            err!(InvalidInput, "PrivateKey: invalid input length.")
        }
    },
    into: (self) -> Vec<u8> {
        let PrivateKey(ref input) = self;
        Vec::from(&poly_tobytes(input) as &[u8])
    }
);

new_type!(
    /// Newhope public key.
    pub struct PublicKey(pub [u8; SENDABYTES]);
    from: (input) {
        if input.len() == SENDABYTES {
            let mut pk = [0; SENDABYTES];
            pk.clone_from_slice(input);
            Ok(PublicKey(pk))
        } else {
            err!(InvalidInput, "PublicKey: invalid input length.")
        }
    },
    into: (self) -> Vec<u8> {
        let PublicKey(ref input) = self;
        Vec::from(input as &[u8])
    }
);

new_type!(
    /// Newhope reconciliation data.
    pub struct Reconciliation(pub [u8; SENDBBYTES]);
    from: (input) {
        if input.len() == SENDBBYTES {
            let mut rec = [0; SENDBBYTES];
            rec.clone_from_slice(input);
            Ok(Reconciliation(rec))
        } else {
            err!(InvalidInput, "Reconciliation: invalid input length.")
        }
    },
    into: (self) -> Vec<u8> {
        let Reconciliation(ref input) = self;
        Vec::from(input as &[u8])
    }
);