diff --git a/cryptolib/botan/algo_dilithium/.gitignore b/cryptolib/botan/algo_dilithium/.gitignore new file mode 100644 index 0000000..1294176 --- /dev/null +++ b/cryptolib/botan/algo_dilithium/.gitignore @@ -0,0 +1,2 @@ +bin/ +results/ diff --git a/cryptolib/botan/algo_dilithium/Makefile b/cryptolib/botan/algo_dilithium/Makefile new file mode 100644 index 0000000..7b3a913 --- /dev/null +++ b/cryptolib/botan/algo_dilithium/Makefile @@ -0,0 +1,8 @@ +all: dilithium + +dilithium: dilithium.cpp + mkdir -p bin + g++-11 -std=c++20 -g -O3 -Wall -I ../botan/build/include -Wl,-rpath=../botan/ $^ -o bin/$@ -L ../botan/ -l:libbotan-3.a + +clean: + rm -rf bin/ diff --git a/cryptolib/botan/algo_dilithium/data_run.sh b/cryptolib/botan/algo_dilithium/data_run.sh new file mode 100755 index 0000000..24afe8d --- /dev/null +++ b/cryptolib/botan/algo_dilithium/data_run.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +set -e + +PINFLAGS="--phase1 --phase2 --export --parallel" +export RESULTDIR=results + + +pushd ${BASH_SOURCE%/*} + +if [[ $1 == "clean" || $2 == "clean" ]]; then + rm -rf results +fi + +./framework.sh ${PINFLAGS} 4x4_AES + +if [[ $1 == "test" || $2 == "test" ]]; then + popd + exit 0 +fi + +./framework.sh ${PINFLAGS} 4x4_AES +./framework.sh ${PINFLAGS} 6x5 +./framework.sh ${PINFLAGS} 6x5_AES +./framework.sh ${PINFLAGS} 8x7 +./framework.sh ${PINFLAGS} 8x7_AES + +popd diff --git a/cryptolib/botan/algo_dilithium/dilithium.cpp b/cryptolib/botan/algo_dilithium/dilithium.cpp new file mode 100644 index 0000000..8180bd0 --- /dev/null +++ b/cryptolib/botan/algo_dilithium/dilithium.cpp @@ -0,0 +1,117 @@ +#include +#include +#include +#include +#include +using namespace std; + +#include +#include +#include +#include +#include +#include +#include + +vector modes = { + "4x4", "4x4_AES", "6x5", "6x5_AES", "8x7", "8x7_AES", +}; + +vector operations = {"keygen", "sign"}; + +Botan::DilithiumMode name_to_mode(const std::string &algo_name) { + if (algo_name == "4x4") { + return Botan::DilithiumMode::Dilithium4x4; + } + if (algo_name == "4x4_AES") { + return Botan::DilithiumMode::Dilithium4x4_AES; + } + if (algo_name == "6x5") { + return Botan::DilithiumMode::Dilithium6x5; + } + if (algo_name == "6x5_AES") { + return Botan::DilithiumMode::Dilithium6x5_AES; + } + if (algo_name == "8x7") { + return Botan::DilithiumMode::Dilithium8x7; + } + if (algo_name == "8x7_AES") { + return Botan::DilithiumMode::Dilithium8x7_AES; + } + + assert(false); +} + +int main(int argc, char *argv[]) { + Botan::AutoSeeded_RNG rng; + + if (argc != 4) { + cout << "Usage:\n\n" + << " dilithium \n\n" + << " ..... asymmetric cipher mode\n" + << " ..... operation to execute, e.g. keygen or " + "kem\n" + << " ... kyber key file, read as text\n" + << endl; + cout << "List of available modes:" << endl; + for (vector::size_type i = 0; i != modes.size(); i++) { + cout << " " << modes[i] << endl; + } + cout << endl; + cout << "List of available operations:" << endl; + for (vector::size_type i = 0; i != operations.size(); i++) { + cout << " " << operations[i] << endl; + } + cout << endl; + return (1); + } + + string str_mode(argv[1]); + string str_operation(argv[2]); + string str_keyfile(argv[3]); + + Botan::DilithiumMode mode = name_to_mode(str_mode); + // auto encoding = Botan::DilithiumKeyEncoding::DER; + auto encoding = Botan::DilithiumKeyEncoding::Raw; + + std::string keyfile_buffer_sk(str_keyfile); + + if (str_operation == "keygen") { + const Botan::Dilithium_PrivateKey priv_key(rng, mode); + const auto priv_key_bits = priv_key.private_key_bits(); + + ofstream keyfile_sk; + keyfile_sk.open(keyfile_buffer_sk); + keyfile_sk << Botan::hex_encode(priv_key_bits); + keyfile_sk.close(); + } else if (str_operation == "sign") { + std::vector message, signature; + message.push_back(0xde); + message.push_back(0xad); + message.push_back(0xbe); + message.push_back(0xef); + + // Load key pair + string line_sk; + ifstream keyfile_sk; + keyfile_sk.open(keyfile_buffer_sk); + getline(keyfile_sk, line_sk); + keyfile_sk.close(); + Botan::secure_vector priv_key_bits = + Botan::hex_decode_locked(line_sk); + + Botan::Dilithium_PrivateKey priv_key(priv_key_bits, mode, encoding); + + Botan::PK_Signer sig(priv_key, rng, "Deterministic"); + signature = sig.sign_message(message, rng); + + Botan::PK_Verifier ver(priv_key, ""); + ver.update(message); + assert(ver.check_signature(signature)); + } else { + cout << str_operation << " is no valid operation!" << endl; + assert(false); + } + + return (0); +} diff --git a/cryptolib/botan/algo_dilithium/framework.sh b/cryptolib/botan/algo_dilithium/framework.sh new file mode 100755 index 0000000..a79134f --- /dev/null +++ b/cryptolib/botan/algo_dilithium/framework.sh @@ -0,0 +1,133 @@ +#!/bin/bash + +######################################################################### +# DO NOT CHANGE: Preparing DATA +#------------------------------------------------------------------------ +source "${DATA_COMMON}/DATA_init.sh" || { echo "source data.sh first!" && exit 1; } +######################################################################### + +#------------------------------------------------------------------------ +# Specify your framework settings used by DATA +#------------------------------------------------------------------------ + +# The name of the framework. Do not use spaces or special characters. +export FRAMEWORK=botan + +# The file containing all supported algorithms +export TARGETFILE=targets.txt + +# The number of measurements for difference detection (phase1) +export PHASE1_TRACES=3 + +# The number of constant keys for generic tests (phase2) +# Make sure that PHASE2_FIXEDKEYS <= PHASE1_TRACES +export PHASE2_FIXEDKEYS=3 + +# The number of measurements per constant key for generic tests (phase2) +export PHASE2_TRACES=100 + +# The number of measurements for specific tests (phase3) +export PHASE3_TRACES=200 + +# (Optional) Additional flags for the pintool. Supported flags are: +# -main
Start recording at function
. Note that the
+# symbol must exist, otherwise this will yield empty traces! +# -heap Trace heap allocations and replace heap addresses with +# relative offset +export PINTOOL_ARGS="-heap" + +#------------------------------------------------------------------------ +# Implement your framework-specific callbacks +#------------------------------------------------------------------------ +# +# Globally available environment variables: +# $FRAMEWORK The framework name +# $BASEDIR The absolute directory path of this script +# $DATA_COMMON The absolute directory for common DATA scripts +# $DATA_LEAKAGE_MODELS The absolute directory for DATA leakage models +# +# Available for cb_genkey, cb_pre_run, cb_run_command, cb_post_run +# $ALGO The currently tested algo +# +# Available for cb_pre_run, cb_run_command, cb_post_run +# $ENVFILE + +export BINARY=${PWD}/bin/dilithium + +# The leakage model of phase 3. +# See ${DATA_LEAKAGE_MODELS} for all options. +# export SPECIFIC_LEAKAGE_CALLBACK=${DATA_LEAKAGE_MODELS}/rsa_privkey_hw.py + +# DATA callback for setting up the framework to analyze. This callback +# is invoked once inside the current directory before analysis starts. +# Implement framework-specific tasks here like framework compilation. +function cb_prepare_framework { + : +} + +# DATA callback for generating keys. This callback is invoked every +# time a new key is needed. Implement key generation according to +# your algorithm and store the generated key inside a file named $2. +# +# $1 ... key file name +function cb_genkey { + ${BINARY} ${ALGO} keygen $1 + RES=$((RES + $?)) +} + +# DATA callback for custom commands that are executed immediately before +# the algorithm is profiled. It is executed in a temporary directory +# which contains the keyfile $1 and ${ENVFILE}. +# +# If 'cb_run_command' needs any other files, copy them to ${PWD}. +# +# $1 ... key file name +function cb_pre_run { + log_verbose "running with key $1" +} + +# DATA callback for the main invocation of the tested algorithm. +# It shall return the bash command to execute as string. It is +# executed inside a temporary directory with a clean environment. +# If you need special files or environment variables set, specify +# them in cb_pre_run. +# +# $1 ... key file name +function cb_run_command { + echo "${BINARY} ${ALGO} sign $1" +} + +# DATA callback for custom commands that are executed immediately after +# the algorithm is profiled. It is executed in a temporary directory. +# You can cleanup any custom files generated by your algorithm. +# +# $1 ... key file name +function cb_post_run { + : +} + +# DATA callback for preparing an individual algorithm. It shall: +# 1. Parse the next algorithm from the commandline string of all algorithms +# and set up anything necessary for analyzing this algorithm. +# If the algorithm needs additional parameters (like key sizes), +# increase $SHIFT accordingly. +# 2. Configure $WORKDIR, which will create a subdirectory holding all +# intermediate files generated by the algorithm and the results. +# Do not use an absolute path! +# +# $* ... algorithm string from the commandline +function cb_prepare_algo { + ALGO=$1 + # key bits + SHIFT=$((SHIFT)) + + WORKDIR="dilithium-$ALGO" +} + +######################################################################### +# DO NOT CHANGE: Running DATA's commandline parser +#------------------------------------------------------------------------ +DATA_parse "$@" +#------------------------------------------------------------------------ +# DO NOT ADD CODE AFTER THIS LINE +#########################################################################