Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 166 insertions, 0 deletions

diff --git a/comm/third_party/botan/src/lib/pubkey/mceies/info.txt b/comm/third_party/botan/src/lib/pubkey/mceies/info.txt
new file mode 100644
index 0000000000..cf5e011540
--- /dev/null
+++ b/comm/third_party/botan/src/lib/pubkey/mceies/info.txt
@@ -0,0 +1,10 @@
+<defines>
+MCEIES -> 20150706
+</defines>
+
+<requires>
+aes
+mce
+ocb
+kdf1
+</requires>
diff --git a/comm/third_party/botan/src/lib/pubkey/mceies/mceies.cpp b/comm/third_party/botan/src/lib/pubkey/mceies/mceies.cpp
new file mode 100644
index 0000000000..4d62889fee
--- /dev/null
+++ b/comm/third_party/botan/src/lib/pubkey/mceies/mceies.cpp
@@ -0,0 +1,110 @@
+/*
+* McEliece Integrated Encryption System
+* (C) 2014,2015 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/mceies.h>
+#include <botan/aead.h>
+#include <botan/rng.h>
+#include <botan/mceliece.h>
+#include <botan/pubkey.h>
+
+namespace Botan {
+
+namespace {
+
+secure_vector<uint8_t> aead_key(const secure_vector<uint8_t>& mk,
+                             const AEAD_Mode& aead)
+   {
+   // Fold the key as required for the AEAD mode in use
+   if(aead.valid_keylength(mk.size()))
+      return mk;
+
+   secure_vector<uint8_t> r(aead.key_spec().maximum_keylength());
+   BOTAN_ASSERT_NOMSG(r.size() > 0);
+   for(size_t i = 0; i != mk.size(); ++i)
+      r[i % r.size()] ^= mk[i];
+   return r;
+   }
+
+}
+
+secure_vector<uint8_t>
+mceies_encrypt(const McEliece_PublicKey& pubkey,
+               const uint8_t pt[], size_t pt_len,
+               const uint8_t ad[], size_t ad_len,
+               RandomNumberGenerator& rng,
+               const std::string& algo)
+   {
+   PK_KEM_Encryptor kem_op(pubkey, rng, "KDF1(SHA-512)");
+
+   secure_vector<uint8_t> mce_ciphertext, mce_key;
+   kem_op.encrypt(mce_ciphertext, mce_key, 64, rng);
+
+   const size_t mce_code_bytes = (pubkey.get_code_length() + 7) / 8;
+
+   BOTAN_ASSERT(mce_ciphertext.size() == mce_code_bytes, "Unexpected size");
+
+   std::unique_ptr<AEAD_Mode> aead = AEAD_Mode::create_or_throw(algo, ENCRYPTION);
+
+   const size_t nonce_len = aead->default_nonce_length();
+
+   aead->set_key(aead_key(mce_key, *aead));
+   aead->set_associated_data(ad, ad_len);
+
+   const secure_vector<uint8_t> nonce = rng.random_vec(nonce_len);
+
+   secure_vector<uint8_t> msg(mce_ciphertext.size() + nonce.size() + pt_len);
+   copy_mem(msg.data(), mce_ciphertext.data(), mce_ciphertext.size());
+   copy_mem(msg.data() + mce_ciphertext.size(), nonce.data(), nonce.size());
+   copy_mem(msg.data() + mce_ciphertext.size() + nonce.size(), pt, pt_len);
+
+   aead->start(nonce);
+   aead->finish(msg, mce_ciphertext.size() + nonce.size());
+   return msg;
+   }
+
+secure_vector<uint8_t>
+mceies_decrypt(const McEliece_PrivateKey& privkey,
+               const uint8_t ct[], size_t ct_len,
+               const uint8_t ad[], size_t ad_len,
+               const std::string& algo)
+   {
+   try
+      {
+      Null_RNG null_rng;
+      PK_KEM_Decryptor kem_op(privkey, null_rng, "KDF1(SHA-512)");
+
+      const size_t mce_code_bytes = (privkey.get_code_length() + 7) / 8;
+
+      std::unique_ptr<AEAD_Mode> aead = AEAD_Mode::create_or_throw(algo, DECRYPTION);
+
+      const size_t nonce_len = aead->default_nonce_length();
+
+      if(ct_len < mce_code_bytes + nonce_len + aead->tag_size())
+         throw Decoding_Error("Input message too small to be valid");
+
+      const secure_vector<uint8_t> mce_key = kem_op.decrypt(ct, mce_code_bytes, 64);
+
+      aead->set_key(aead_key(mce_key, *aead));
+      aead->set_associated_data(ad, ad_len);
+
+      secure_vector<uint8_t> pt(ct + mce_code_bytes + nonce_len, ct + ct_len);
+
+      aead->start(&ct[mce_code_bytes], nonce_len);
+      aead->finish(pt, 0);
+      return pt;
+      }
+   catch(Invalid_Authentication_Tag&)
+      {
+      throw;
+      }
+   catch(std::exception& e)
+      {
+      throw Decoding_Error("mce_decrypt failed: " + std::string(e.what()));
+      }
+   }
+
+}
diff --git a/comm/third_party/botan/src/lib/pubkey/mceies/mceies.h b/comm/third_party/botan/src/lib/pubkey/mceies/mceies.h
new file mode 100644
index 0000000000..c9b3f7efd5
--- /dev/null
+++ b/comm/third_party/botan/src/lib/pubkey/mceies/mceies.h
@@ -0,0 +1,46 @@
+/*
+* McEliece Integrated Encryption System
+* (C) 2014,2015 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_MCEIES_H_
+#define BOTAN_MCEIES_H_
+
+#include <botan/secmem.h>
+#include <string>
+
+namespace Botan {
+
+class RandomNumberGenerator;
+class McEliece_PublicKey;
+class McEliece_PrivateKey;
+
+/**
+* McEliece Integrated Encryption System
+* Derive a shared key using MCE KEM and encrypt/authenticate the
+* plaintext and AD using AES-256 in OCB mode.
+*/
+secure_vector<uint8_t>
+BOTAN_PUBLIC_API(2,0) mceies_encrypt(const McEliece_PublicKey& pubkey,
+                         const uint8_t pt[], size_t pt_len,
+                         const uint8_t ad[], size_t ad_len,
+                         RandomNumberGenerator& rng,
+                         const std::string& aead = "AES-256/OCB");
+
+/**
+* McEliece Integrated Encryption System
+* Derive a shared key using MCE KEM and decrypt/authenticate the
+* ciphertext and AD using AES-256 in OCB mode.
+*/
+secure_vector<uint8_t>
+BOTAN_PUBLIC_API(2,0) mceies_decrypt(const McEliece_PrivateKey& privkey,
+                         const uint8_t ct[], size_t ct_len,
+                         const uint8_t ad[], size_t ad_len,
+                         const std::string& aead = "AES-256/OCB");
+
+
+}
+
+#endif