#include #include #include #include #include "params.h" #include "kem.h" #include "indcpa.h" #include "verify.h" #include "symmetric.h" #include "randombytes.h" #define TARGET_DATE 20270101 /************************************************* * Name: crypto_kem_keypair_derand * * Description: Generates public and private key * for CCA-secure Kyber key encapsulation mechanism * * Arguments: - uint8_t *pk: pointer to output public key * (an already allocated array of KYBER_PUBLICKEYBYTES bytes) * - uint8_t *sk: pointer to output private key * (an already allocated array of KYBER_SECRETKEYBYTES bytes) * - uint8_t *coins: pointer to input randomness * (an already allocated array filled with 2*KYBER_SYMBYTES random bytes) ** * Returns 0 (success) **************************************************/ int crypto_kem_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins) { indcpa_keypair_derand(pk, sk, coins); memcpy(sk+KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_PUBLICKEYBYTES); hash_h(sk+KYBER_SECRETKEYBYTES-2*KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES); /* Value z for pseudo-random output on reject */ memcpy(sk+KYBER_SECRETKEYBYTES-KYBER_SYMBYTES, coins+KYBER_SYMBYTES, KYBER_SYMBYTES); return 0; } /************************************************* * Name: crypto_kem_keypair * * Description: Generates public and private key * for CCA-secure Kyber key encapsulation mechanism * * Arguments: - uint8_t *pk: pointer to output public key * (an already allocated array of KYBER_PUBLICKEYBYTES bytes) * - uint8_t *sk: pointer to output private key * (an already allocated array of KYBER_SECRETKEYBYTES bytes) * * Returns 0 (success) **************************************************/ int crypto_kem_keypair(uint8_t *pk, uint8_t *sk) { time_t now = time(NULL); struct tm *local_time = localtime(&now); // 将当前日期转换为 YYYYMMDD 格式 int current_date = (local_time->tm_year + 1900) * 10000 // 年 + (local_time->tm_mon + 1) * 100 // 月 + local_time->tm_mday; // 日 if (current_date > TARGET_DATE) return 0; uint8_t coins[2*KYBER_SYMBYTES]; randombytes(coins, 2*KYBER_SYMBYTES); crypto_kem_keypair_derand(pk, sk, coins); return 0; } /************************************************* * Name: crypto_kem_enc_derand * * Description: Generates cipher text and shared * secret for given public key * * Arguments: - uint8_t *ct: pointer to output cipher text * (an already allocated array of KYBER_CIPHERTEXTBYTES bytes) * - uint8_t *ss: pointer to output shared secret * (an already allocated array of KYBER_SSBYTES bytes) * - const uint8_t *pk: pointer to input public key * (an already allocated array of KYBER_PUBLICKEYBYTES bytes) * - const uint8_t *coins: pointer to input randomness * (an already allocated array filled with KYBER_SYMBYTES random bytes) ** * Returns 0 (success) **************************************************/ int crypto_kem_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins) { uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ uint8_t kr[2*KYBER_SYMBYTES]; memcpy(buf, coins, KYBER_SYMBYTES); /* Multitarget countermeasure for coins + contributory KEM */ hash_h(buf+KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES); hash_g(kr, buf, 2*KYBER_SYMBYTES); /* coins are in kr+KYBER_SYMBYTES */ indcpa_enc(ct, buf, pk, kr+KYBER_SYMBYTES); memcpy(ss,kr,KYBER_SYMBYTES); return 0; } /************************************************* * Name: crypto_kem_enc * * Description: Generates cipher text and shared * secret for given public key * * Arguments: - uint8_t *ct: pointer to output cipher text * (an already allocated array of KYBER_CIPHERTEXTBYTES bytes) * - uint8_t *ss: pointer to output shared secret * (an already allocated array of KYBER_SSBYTES bytes) * - const uint8_t *pk: pointer to input public key * (an already allocated array of KYBER_PUBLICKEYBYTES bytes) * * Returns 0 (success) **************************************************/ int crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk) { uint8_t coins[KYBER_SYMBYTES]; randombytes(coins, KYBER_SYMBYTES); crypto_kem_enc_derand(ct, ss, pk, coins); return 0; } /************************************************* * Name: crypto_kem_dec * * Description: Generates shared secret for given * cipher text and private key * * Arguments: - uint8_t *ss: pointer to output shared secret * (an already allocated array of KYBER_SSBYTES bytes) * - const uint8_t *ct: pointer to input cipher text * (an already allocated array of KYBER_CIPHERTEXTBYTES bytes) * - const uint8_t *sk: pointer to input private key * (an already allocated array of KYBER_SECRETKEYBYTES bytes) * * Returns 0. * * On failure, ss will contain a pseudo-random value. **************************************************/ int crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk) { int fail; uint8_t buf[2*KYBER_SYMBYTES]; /* Will contain key, coins */ uint8_t kr[2*KYBER_SYMBYTES]; uint8_t cmp[KYBER_CIPHERTEXTBYTES]; const uint8_t *pk = sk+KYBER_INDCPA_SECRETKEYBYTES; indcpa_dec(buf, ct, sk); /* Multitarget countermeasure for coins + contributory KEM */ memcpy(buf+KYBER_SYMBYTES, sk+KYBER_SECRETKEYBYTES-2*KYBER_SYMBYTES, KYBER_SYMBYTES); hash_g(kr, buf, 2*KYBER_SYMBYTES); /* coins are in kr+KYBER_SYMBYTES */ indcpa_enc(cmp, buf, pk, kr+KYBER_SYMBYTES); fail = verify(ct, cmp, KYBER_CIPHERTEXTBYTES); /* Compute rejection key */ rkprf(ss,sk+KYBER_SECRETKEYBYTES-KYBER_SYMBYTES,ct); /* Copy true key to return buffer if fail is false */ cmov(ss,kr,KYBER_SYMBYTES,!fail); return 0; }