forked from pq-crystals/kyber
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest_vectors.c
105 lines (92 loc) · 2.43 KB
/
test_vectors.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/* Deterministic randombytes by Daniel J. Bernstein */
/* taken from SUPERCOP (https://bench.cr.yp.to) */
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include "api.h"
#include "randombytes.h"
#define NTESTS 10000
static uint32_t seed[32] = {
3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5
};
static uint32_t in[12];
static uint32_t out[8];
static int outleft = 0;
#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b))))
#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b));
static void surf(void)
{
uint32_t t[12]; uint32_t x; uint32_t sum = 0;
int r; int i; int loop;
for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i];
for (i = 0;i < 8;++i) out[i] = seed[24 + i];
x = t[11];
for (loop = 0;loop < 2;++loop) {
for (r = 0;r < 16;++r) {
sum += 0x9e3779b9;
MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13)
MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13)
MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13)
}
for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
}
}
void randombytes(unsigned char *x,size_t xlen)
{
while (xlen > 0) {
if (!outleft) {
if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
surf();
outleft = 8;
}
*x = out[--outleft];
printf("%02x", *x);
++x;
--xlen;
}
printf("\n");
}
int main(void)
{
unsigned int i,j;
unsigned char pk[CRYPTO_PUBLICKEYBYTES];
unsigned char sk[CRYPTO_SECRETKEYBYTES];
unsigned char ct[CRYPTO_CIPHERTEXTBYTES];
unsigned char key_a[CRYPTO_BYTES];
unsigned char key_b[CRYPTO_BYTES];
for(i=0;i<NTESTS;i++) {
// Key-pair generation
crypto_kem_keypair(pk, sk);
printf("Public Key: ");
for(j=0;j<CRYPTO_PUBLICKEYBYTES;j++)
printf("%02x",pk[j]);
printf("\n");
printf("Secret Key: ");
for(j=0;j<CRYPTO_SECRETKEYBYTES;j++)
printf("%02x",sk[j]);
printf("\n");
// Encapsulation
crypto_kem_enc(ct, key_b, pk);
printf("Ciphertext: ");
for(j=0;j<CRYPTO_CIPHERTEXTBYTES;j++)
printf("%02x",ct[j]);
printf("\n");
printf("Shared Secret B: ");
for(j=0;j<CRYPTO_BYTES;j++)
printf("%02x",key_b[j]);
printf("\n");
// Decapsulation
crypto_kem_dec(key_a, ct, sk);
printf("Shared Secret A: ");
for(j=0;j<CRYPTO_BYTES;j++)
printf("%02x",key_a[j]);
printf("\n");
for(j=0;j<CRYPTO_BYTES;j++) {
if(key_a[j] != key_b[j]) {
fprintf(stderr, "ERROR\n");
return -1;
}
}
}
return 0;
}