Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  package org.bouncycastle.pqc.crypto.mceliece;
  
  
This class implements the Fujisaki/Okamoto conversion of the McEliecePKCS. Fujisaki and Okamoto propose hybrid encryption that merges a symmetric encryption scheme which is secure in the find-guess model with an asymmetric one-way encryption scheme which is sufficiently probabilistic to obtain a public key cryptosystem which is CCA2-secure. For details, see D. Engelbert, R. Overbeck, A. Schmidt, "A summary of the development of the McEliece Cryptosystem", technical report.
 
 public class McElieceFujisakiCipher
     implements MessageEncryptor
 {


    
The OID of the algorithm.
 
     public static final String OID = "1.3.6.1.4.1.8301.3.1.3.4.2.1";
 
     private static final String DEFAULT_PRNG_NAME = "SHA1PRNG";
 
     private Digest messDigest;
 
     private SecureRandom sr;

    
The McEliece main parameters
 
     private int nkt;
 
 
 
     public void init(boolean forSigning,
                      CipherParameters param)
     {
 
         if (forSigning)
         {
             if (param instanceof ParametersWithRandom)
             {
                 ParametersWithRandom rParam = (ParametersWithRandom)param;
 
                 this. = rParam.getRandom();
                 this. = (McElieceCCA2PublicKeyParameters)rParam.getParameters();
                 this.initCipherEncrypt((McElieceCCA2PublicKeyParameters));
 
             }
             else
             {
                 this. = new SecureRandom();
                 this. = (McElieceCCA2PublicKeyParameters)param;
                 this.initCipherEncrypt((McElieceCCA2PublicKeyParameters));
             }
         }
         else
         {
             this. = (McElieceCCA2PrivateKeyParameters)param;
             this.initCipherDecrypt((McElieceCCA2PrivateKeyParameters));
         }
 
     }
 
 
     public int getKeySize(McElieceCCA2KeyParameters key)
         throws IllegalArgumentException
     {
 
         if (key instanceof McElieceCCA2PublicKeyParameters)
         {
             return ((McElieceCCA2PublicKeyParameters)key).getN();
 
         }
         if (key instanceof McElieceCCA2PrivateKeyParameters)
         {
             return ((McElieceCCA2PrivateKeyParameters)key).getN();
         }
         throw new IllegalArgumentException("unsupported type");
 
     }
 
 
     private void initCipherEncrypt(McElieceCCA2PublicKeyParameters pubKey)
     {
         this. =  != null ?  : new SecureRandom();
         this. = pubKey.getParameters().getDigest();
         = pubKey.getN();
         = pubKey.getK();
         = pubKey.getT();
    }
    {
        this. = privKey.getParameters().getDigest();
         = privKey.getN();
         = privKey.getT();
    }
    public byte[] messageEncrypt(byte[] input)
        throws Exception
    {
        // generate random vector r of length k bits
        GF2Vector r = new GF2Vector();
        // convert r to byte array
        byte[] rBytes = r.getEncoded();
        // compute (r||input)
        byte[] rm = ByteUtils.concatenate(rBytesinput);
        // compute H(r||input)
        .update(rm, 0, rm.length);
        byte[] hrm = new byte[.getDigestSize()];
        .doFinal(hrm, 0);
        // convert H(r||input) to error vector z
        GF2Vector z = Conversions.encode(hrm);
        // compute c1 = E(r, z)
        byte[] c1 = McElieceCCA2Primitives.encryptionPrimitive((McElieceCCA2PublicKeyParameters)rz)
            .getEncoded();
        // get PRNG object
        DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
        // seed PRNG with r'
        sr0.addSeedMaterial(rBytes);
        // generate random c2
        byte[] c2 = new byte[input.length];
        sr0.nextBytes(c2);
        // XOR with input
        for (int i = 0; i < input.lengthi++)
        {
            c2[i] ^= input[i];
        }
        // return (c1||c2)
        return ByteUtils.concatenate(c1c2);
    }
    public byte[] messageDecrypt(byte[] input)
        throws Exception
    {
        int c1Len = ( + 7) >> 3;
        int c2Len = input.length - c1Len;
        // split ciphertext (c1||c2)
        byte[][] c1c2 = ByteUtils.split(inputc1Len);
        byte[] c1 = c1c2[0];
        byte[] c2 = c1c2[1];
        // decrypt c1 ...
        GF2Vector hrmVec = GF2Vector.OS2VP(c1);
        GF2Vector[] decC1 = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters),
            hrmVec);
        byte[] rBytes = decC1[0].getEncoded();
        // ... and obtain error vector z
        GF2Vector z = decC1[1];
        // get PRNG object
        DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
        // seed PRNG with r'
        sr0.addSeedMaterial(rBytes);
        // generate random sequence
        byte[] mBytes = new byte[c2Len];
        sr0.nextBytes(mBytes);
        // XOR with c2 to obtain m
        for (int i = 0; i < c2Leni++)
        {
            mBytes[i] ^= c2[i];
        }
        // compute H(r||m)
        byte[] rmBytes = ByteUtils.concatenate(rBytesmBytes);
        byte[] hrm = new byte[.getDigestSize()];
        .update(rmBytes, 0, rmBytes.length);
        .doFinal(hrm, 0);
        // compute Conv(H(r||m))
        hrmVec = Conversions.encode(hrm);
        // check that Conv(H(m||r)) = z
        if (!hrmVec.equals(z))
        {
            throw new Exception("Bad Padding: invalid ciphertext");
        }
        // return plaintext m
        return mBytes;
    }
New to GrepCode? Check out our FAQ X