From: Christoph Egger <christoph@christoph-egger.org>
Date: Sun, 12 Jan 2020 21:58:37 +0000 (+0100)
Subject: compress ciphertext slightly and add way more tests
X-Git-Url: https://git.siccegge.de//index.cgi?a=commitdiff_plain;h=aa4bf29685ec8becb6dc0c0e1b78668fd15da384;p=software%2FDIPE.git

compress ciphertext slightly and add way more tests
---

diff --git a/src/DIPE.cxx b/src/DIPE.cxx
index f278f50..e06f2f3 100644
--- a/src/DIPE.cxx
+++ b/src/DIPE.cxx
@@ -78,18 +78,14 @@ namespace {
 
 	/* Data format is iv | enc(4 byte len | ptxt | 0 padding) | tag
 	 */
-	int dipe_aes_encrypt(uint8_t* key, size_t ptxt_len, uint8_t* ptxt, size_t ctxt_len, uint8_t* ctxt) {
+	int dipe_aes_encrypt(uint8_t* key, uint8_t* iv, size_t ptxt_len, uint8_t* ptxt, size_t ctxt_len, uint8_t* ctxt) {
 		struct gcm_aes128_ctx ctx;
-		uint8_t iv[12];
 		uint8_t block[16];
 		uint32_t coded_ptxtlen;
 
-		ctxt_len -= (12 + 16); /* IV + Tag */
-		if (ctxt_len < ptxt_len) return -1;
+		ctxt_len -= 16; /* Tag */
+		if (ctxt_len < ptxt_len + 4) return 0;
 		
-		getrandom(iv, 12, 0);
-		memcpy(ctxt, iv, 12);
-		ctxt += 12;
 		memset(block, 0, 16);
 		gcm_aes128_set_key(&ctx, key);
 		gcm_aes128_set_iv(&ctx, 12, iv);
@@ -123,13 +119,12 @@ namespace {
 		return 0;
 	}
 
-	int dipe_aes_decrypt(uint8_t* key, size_t len, uint8_t* ctxt, uint8_t* ptxt) {
+	int dipe_aes_decrypt(uint8_t* key, uint8_t* iv, size_t len, uint8_t* ctxt, uint8_t* ptxt) {
 		struct gcm_aes128_ctx ctx;
 		uint8_t block[16];
 
 		gcm_aes128_set_key(&ctx, key);
-		gcm_aes128_set_iv(&ctx, 12, ctxt);
-		ctxt += 12; len -= 12;
+		gcm_aes128_set_iv(&ctx, 12, iv);
 		len -= 16; /* GCM tag */
 
 		
@@ -332,7 +327,7 @@ void dipe_encrypt(dipe_param_t param, dipe_master_publickey_t mpk, element_t* x,
 	cap_len = dipe_serialize_ctxt(param, cap, (uint8_t*)ctxt);
 	ctxt += cap_len; ctxt_len -= cap_len;
 	
-	dipe_aes_encrypt(aes, ptxt_len, (uint8_t*)ptxt, ctxt_len, (uint8_t*)ctxt);
+	dipe_aes_encrypt(aes, aes+16, ptxt_len, (uint8_t*)ptxt, ctxt_len, (uint8_t*)ctxt);
 
 	dipe_free_ctxt(cap);
 	element_clear(key);
@@ -354,7 +349,7 @@ size_t dipe_decrypt(dipe_param_t param, dipe_secretkey_t sk, char* cid, element_
 	dipe_free_ctxt(cap);
 	element_clear(key);
 
-	return dipe_aes_decrypt(aes, ctxt_len, (uint8_t*)ctxt, (uint8_t*)ptxt);
+	return dipe_aes_decrypt(aes, aes+16, ctxt_len, (uint8_t*)ctxt, (uint8_t*)ptxt);
 }
 
 /* Note: we're generating random-looking bytes here. Therefore we
@@ -408,7 +403,7 @@ size_t dipe_deserialize_ctxt(dipe_param_t param, size_t dimension, dipe_ctxt_t*
 }
 
 size_t dipe_ciphertext_overhead(dipe_param_t param, size_t dimension) {
-	size_t overhead = 12 + 16 + 4 /* IV + Tag + Size */;
+	size_t overhead = 16 + 4 /* IV + Tag + Size */;
 	element_t t;
 
 	element_init_G1(t, param->pairing);
diff --git a/tests/testDIPE.cpp b/tests/testDIPE.cpp
index 4219ba4..782409c 100644
--- a/tests/testDIPE.cpp
+++ b/tests/testDIPE.cpp
@@ -173,8 +173,8 @@ TEST(DipeTest, DipeDecapSuccess) {
 }
 
 TEST(DipeTest, DipeDecryptSuccessSmall) {
-	char ctxt[768];
-	char ptxt[768];
+	char ctxt[672];
+	char ptxt[672];
 	size_t ptxt_len;
 	size_t overhead;
 	dipe_master_publickey_t pk;
@@ -200,23 +200,135 @@ TEST(DipeTest, DipeDecryptSuccessSmall) {
 	dipe_keygen(param, msk, "1234567890abcdef", y, &sk);
 	overhead = dipe_ciphertext_overhead(param, 6);
 
-	for (size_t clen = overhead; clen < 768; ++clen) {
-		memset(ctxt, 0, 768);
-		memset(ptxt, 0, 768);
+	for (size_t clen = overhead; clen < 672; ++clen) {
+		memset(ctxt, 0, 672);
+		memset(ptxt, 0, 672);
 		memcpy(ptxt, "test", 4);
 
 		dipe_encrypt(param, pk, x, 4, ptxt, clen, ctxt);
 		ptxt_len = dipe_decrypt(param, sk, "1234567890abcdef", y, clen, ctxt, ptxt);
 
-		if (clen >= overhead) {
-			ASSERT_EQ(ptxt_len, 4);
-			ASSERT_STREQ(ptxt, "test");
+		if (clen >= overhead + 4) {
+			EXPECT_EQ(ptxt_len, 4);
+			EXPECT_STREQ(ptxt, "test");
 		}
 		else {
-			ASSERT_EQ(ptxt_len, 0);
+			EXPECT_EQ(ptxt_len, 0);
 		}
 	}
-	
+
+	for (size_t i = 0; i < 6; ++i) {
+		element_clear(y[i]);
+		element_clear(x[i]);
+	}
+
+	dipe_free_master_secretkey(msk);
+	dipe_free_master_publickey(pk);
+	dipe_free_secretkey(sk);
+}
+
+TEST(DipeTest, DipeDecryptSuccessTightSmall) {
+	size_t ptxt_len;
+	size_t overhead;
+	dipe_master_publickey_t pk;
+	dipe_master_secretkey_t msk;
+	dipe_secretkey_t sk;
+
+	element_t y[6];
+	element_t x[6];
+
+	for (size_t i = 0; i < 6; i+=2) {
+		element_init_Zr(y[i], *dipe_get_pairing(param));
+		element_init_Zr(x[i], *dipe_get_pairing(param));
+		element_init_Zr(y[i+1], *dipe_get_pairing(param));
+		element_init_Zr(x[i+1], *dipe_get_pairing(param));
+
+		element_set1(y[i]);
+		element_set1(x[i+1]);
+		element_random(y[i+1]);
+		element_neg(x[i], y[i+1]);
+	}
+
+	dipe_master_keygen(param, 6, &pk, &msk);
+	dipe_keygen(param, msk, "1234567890abcdef", y, &sk);
+	overhead = dipe_ciphertext_overhead(param, 6);
+
+	char ctxt[overhead + 4];
+	char ptxt[overhead + 4];
+
+	for (size_t clen = overhead; clen <= overhead + 4; ++clen) {
+		memset(ctxt, 0, overhead + 4);
+		memset(ptxt, 0, overhead + 4);
+		memcpy(ptxt, "test", 4);
+
+		dipe_encrypt(param, pk, x, 4, ptxt, clen, ctxt);
+		ptxt_len = dipe_decrypt(param, sk, "1234567890abcdef", y, clen, ctxt, ptxt);
+
+		if (clen >= overhead + 4) {
+			EXPECT_EQ(ptxt_len, 4);
+			EXPECT_STREQ(ptxt, "test");
+		}
+		else {
+			EXPECT_EQ(ptxt_len, 0);
+		}
+	}
+
+	for (size_t i = 0; i < 6; ++i) {
+		element_clear(y[i]);
+		element_clear(x[i]);
+	}
+
+	dipe_free_master_secretkey(msk);
+	dipe_free_master_publickey(pk);
+	dipe_free_secretkey(sk);
+}
+
+
+TEST(DipeTest, DipeDecryptSuccessLargeBlocksize) {
+	char ctxt[672];
+	char ptxt[672];
+	size_t ptxt_len;
+	size_t overhead;
+	dipe_master_publickey_t pk;
+	dipe_master_secretkey_t msk;
+	dipe_secretkey_t sk;
+
+	element_t y[6];
+	element_t x[6];
+
+	for (size_t i = 0; i < 6; i+=2) {
+		element_init_Zr(y[i], *dipe_get_pairing(param));
+		element_init_Zr(x[i], *dipe_get_pairing(param));
+		element_init_Zr(y[i+1], *dipe_get_pairing(param));
+		element_init_Zr(x[i+1], *dipe_get_pairing(param));
+
+		element_set1(y[i]);
+		element_set1(x[i+1]);
+		element_random(y[i+1]);
+		element_neg(x[i], y[i+1]);
+	}
+
+	dipe_master_keygen(param, 6, &pk, &msk);
+	dipe_keygen(param, msk, "1234567890abcdef", y, &sk);
+	overhead = dipe_ciphertext_overhead(param, 6);
+
+	for (size_t clen = overhead; clen <= 672; ++clen) {
+		memset(ctxt, 0, 672);
+		memset(ptxt, 0, 672);
+		memcpy(ptxt, "aaaaaaaaaaaaaaaabbbbbbbbbbbb", 28);
+
+		dipe_encrypt(param, pk, x, 28, ptxt, clen, ctxt);
+		ptxt_len = dipe_decrypt(param, sk, "1234567890abcdef", y, clen, ctxt, ptxt);
+
+		if (clen >= overhead + 28) {
+			EXPECT_EQ(ptxt_len, 28);
+			EXPECT_STREQ(ptxt, "aaaaaaaaaaaaaaaabbbbbbbbbbbb");
+		}
+		else {
+			EXPECT_EQ(ptxt_len, 0);
+		}
+	}
+
 	for (size_t i = 0; i < 6; ++i) {
 		element_clear(y[i]);
 		element_clear(x[i]);
@@ -227,6 +339,178 @@ TEST(DipeTest, DipeDecryptSuccessSmall) {
 	dipe_free_secretkey(sk);
 }
 
+TEST(DipeTest, DipeDecryptSuccessTightLargeBlocksize) {
+	size_t ptxt_len;
+	size_t overhead;
+	dipe_master_publickey_t pk;
+	dipe_master_secretkey_t msk;
+	dipe_secretkey_t sk;
+
+	element_t y[6];
+	element_t x[6];
+
+	for (size_t i = 0; i < 6; i+=2) {
+		element_init_Zr(y[i], *dipe_get_pairing(param));
+		element_init_Zr(x[i], *dipe_get_pairing(param));
+		element_init_Zr(y[i+1], *dipe_get_pairing(param));
+		element_init_Zr(x[i+1], *dipe_get_pairing(param));
+
+		element_set1(y[i]);
+		element_set1(x[i+1]);
+		element_random(y[i+1]);
+		element_neg(x[i], y[i+1]);
+	}
+
+	dipe_master_keygen(param, 6, &pk, &msk);
+	dipe_keygen(param, msk, "1234567890abcdef", y, &sk);
+	overhead = dipe_ciphertext_overhead(param, 6);
+
+	char ctxt[overhead + 28];
+	char ptxt[overhead + 28];
+
+
+	for (size_t clen = overhead; clen <= overhead + 28; ++clen) {
+		memset(ctxt, 0, overhead + 28);
+		memset(ptxt, 0, overhead + 28);
+		memcpy(ptxt, "aaaaaaaaaaaaaaaabbbbbbbbbbbb", 28);
+
+		dipe_encrypt(param, pk, x, 28, ptxt, clen, ctxt);
+		ptxt_len = dipe_decrypt(param, sk, "1234567890abcdef", y, clen, ctxt, ptxt);
+
+		if (clen >= overhead + 28) {
+			EXPECT_EQ(ptxt_len, 28);
+			EXPECT_STREQ(ptxt, "aaaaaaaaaaaaaaaabbbbbbbbbbbb");
+		}
+		else {
+			EXPECT_EQ(ptxt_len, 0);
+		}
+	}
+
+	for (size_t i = 0; i < 6; ++i) {
+		element_clear(y[i]);
+		element_clear(x[i]);
+	}
+
+	dipe_free_master_secretkey(msk);
+	dipe_free_master_publickey(pk);
+	dipe_free_secretkey(sk);
+}
+
+
+TEST(DipeTest, DipeDecryptSuccessLargeNonBlocksize) {
+	char ctxt[672];
+	char ptxt[672];
+	size_t ptxt_len;
+	size_t overhead;
+	dipe_master_publickey_t pk;
+	dipe_master_secretkey_t msk;
+	dipe_secretkey_t sk;
+
+	element_t y[6];
+	element_t x[6];
+
+	for (size_t i = 0; i < 6; i+=2) {
+		element_init_Zr(y[i], *dipe_get_pairing(param));
+		element_init_Zr(x[i], *dipe_get_pairing(param));
+		element_init_Zr(y[i+1], *dipe_get_pairing(param));
+		element_init_Zr(x[i+1], *dipe_get_pairing(param));
+
+		element_set1(y[i]);
+		element_set1(x[i+1]);
+		element_random(y[i+1]);
+		element_neg(x[i], y[i+1]);
+	}
+
+	dipe_master_keygen(param, 6, &pk, &msk);
+	dipe_keygen(param, msk, "1234567890abcdef", y, &sk);
+	overhead = dipe_ciphertext_overhead(param, 6);
+
+	for (size_t clen = overhead; clen <= 672; ++clen) {
+		memset(ctxt, 0, 672);
+		memset(ptxt, 0, 672);
+		memcpy(ptxt, "aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccc", 35);
+
+		dipe_encrypt(param, pk, x, 35, ptxt, clen, ctxt);
+		ptxt_len = dipe_decrypt(param, sk, "1234567890abcdef", y, clen, ctxt, ptxt);
+
+		if (clen >= overhead + 35) {
+			EXPECT_EQ(ptxt_len, 35);
+			EXPECT_STREQ(ptxt, "aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccc");
+		}
+		else {
+			EXPECT_EQ(ptxt_len, 0);
+		}
+	}
+
+	for (size_t i = 0; i < 6; ++i) {
+		element_clear(y[i]);
+		element_clear(x[i]);
+	}
+
+	dipe_free_master_secretkey(msk);
+	dipe_free_master_publickey(pk);
+	dipe_free_secretkey(sk);
+}
+
+TEST(DipeTest, DipeDecryptSuccessTightLargeNonBlocksize) {
+	size_t ptxt_len;
+	size_t overhead;
+	dipe_master_publickey_t pk;
+	dipe_master_secretkey_t msk;
+	dipe_secretkey_t sk;
+
+	element_t y[6];
+	element_t x[6];
+
+	for (size_t i = 0; i < 6; i+=2) {
+		element_init_Zr(y[i], *dipe_get_pairing(param));
+		element_init_Zr(x[i], *dipe_get_pairing(param));
+		element_init_Zr(y[i+1], *dipe_get_pairing(param));
+		element_init_Zr(x[i+1], *dipe_get_pairing(param));
+
+		element_set1(y[i]);
+		element_set1(x[i+1]);
+		element_random(y[i+1]);
+		element_neg(x[i], y[i+1]);
+	}
+
+	dipe_master_keygen(param, 6, &pk, &msk);
+	dipe_keygen(param, msk, "1234567890abcdef", y, &sk);
+	overhead = dipe_ciphertext_overhead(param, 6);
+
+	char ctxt[overhead + 35];
+	char ptxt[overhead + 35];
+
+
+	for (size_t clen = overhead; clen <= overhead + 35; ++clen) {
+		memset(ctxt, 0, overhead + 35);
+		memset(ptxt, 0, overhead + 35);
+		memcpy(ptxt, "aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccc", 35);
+
+		dipe_encrypt(param, pk, x, 35, ptxt, clen, ctxt);
+		ptxt_len = dipe_decrypt(param, sk, "1234567890abcdef", y, clen, ctxt, ptxt);
+
+		if (clen >= overhead + 35) {
+			EXPECT_EQ(ptxt_len, 35);
+			EXPECT_STREQ(ptxt, "aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccc");
+		}
+		else {
+			EXPECT_EQ(ptxt_len, 0);
+		}
+	}
+
+	for (size_t i = 0; i < 6; ++i) {
+		element_clear(y[i]);
+		element_clear(x[i]);
+	}
+
+	dipe_free_master_secretkey(msk);
+	dipe_free_master_publickey(pk);
+	dipe_free_secretkey(sk);
+}
+
+
+
 
 int main(int argc, char **argv) {
 	::testing::InitGoogleTest(&argc, argv);