Add ring-LWE key exchange.

Create crypto/rlwekex which wraps around the core C code from dstebila/rlwekex. Add rlwekex to openssl speed. Add ring-LWE-based ciphersuites to TLS.
dstebila · Oct 16, 2014 · f80719b · f80719b
1 parent e356ac5
commit f80719b
Show file tree

Hide file tree

Showing 30 changed files with 3,381 additions and 215 deletions.
diff --git a/Makefile.org b/Makefile.org
@@ -144,7 +144,7 @@ SDIRS=  \
 	objects \
 	md2 md4 md5 sha mdc2 hmac ripemd whrlpool \
 	des aes rc2 rc4 rc5 idea bf cast camellia seed modes \
-	bn ec rsa dsa ecdsa dh ecdh dso engine \
+	bn ec rsa dsa ecdsa dh ecdh rlwekex dso engine \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
 	cms pqueue ts jpake srp store cmac

diff --git a/apps/speed.c b/apps/speed.c
@@ -79,6 +79,7 @@
 #define DSA_SECONDS	10
 #define ECDSA_SECONDS   10
 #define ECDH_SECONDS    10
+#define RLWEKEX_SECONDS    10
 
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
@@ -189,6 +190,9 @@
 #ifndef OPENSSL_NO_ECDH
 #include <openssl/ecdh.h>
 #endif
+#ifndef OPENSSL_NO_RLWEKEX
+#include <openssl/rlwekex.h>
+#endif
 #include <openssl/modes.h>
 
 #ifdef OPENSSL_FIPS
@@ -247,6 +251,9 @@ static int do_multi(int multi);
 #define EC_NUM       16
 #define MAX_ECDH_SIZE 256
 
+#define RLWEKEX_NUM	1
+#define MAX_RLWEKEX_SIZE 256
+
 static const char *names[ALGOR_NUM]={
   "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
   "des cbc","des ede3","idea cbc","seed cbc",
@@ -269,6 +276,9 @@ static double ecdsa_results[EC_NUM][2];
 #ifndef OPENSSL_NO_ECDH
 static double ecdh_results[EC_NUM][1];
 #endif
+#ifndef OPENSSL_NO_RLWEKEX
+static double rlwekex_results[RLWEKEX_NUM][3];
+#endif
 
 #if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
@@ -341,7 +351,8 @@ static double Time_F(int s)
 #endif
 
 
-#ifndef OPENSSL_NO_ECDH
+#if defined(OPENSSL_NO_ECDH) && defined(OPENSSL_NO_RLWEKEX)
+#else
 static const int KDF1_SHA1_len = 20;
 static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	{
@@ -355,7 +366,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	return NULL;
 #endif	/* OPENSSL_NO_SHA */
 	}
-#endif	/* OPENSSL_NO_ECDH */
+#endif	/* defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_RLWEKEX) */
 
 
 int MAIN(int, char **);
@@ -613,13 +624,25 @@ int MAIN(int argc, char **argv)
 	long ecdh_c[EC_NUM][2];
 #endif
 
+#ifndef OPENSSL_NO_RLWEKEX
+	RLWE_PAIR *rlwekex_a[RLWEKEX_NUM], *rlwekex_b[RLWEKEX_NUM];
+	RLWE_REC *rlwekex_rec[RLWEKEX_NUM];
+	RLWE_CTX *rlwekex_ctx;
+	unsigned char rlwekex_secret_a[MAX_RLWEKEX_SIZE], rlwekex_secret_b[MAX_RLWEKEX_SIZE];
+	int rlwekex_secret_size_a, rlwekex_secret_size_b;
+	long rlwekex_c[RLWEKEX_NUM][3];
+#endif
+
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
 #ifndef OPENSSL_NO_ECDSA
 	int ecdsa_doit[EC_NUM];
 #endif
 #ifndef OPENSSL_NO_ECDH
         int ecdh_doit[EC_NUM];
+#endif
+#ifndef OPENSSL_NO_RLWEKEX
+        int rlwekex_doit[RLWEKEX_NUM];
 #endif
 	int doit[ALGOR_NUM];
 	int pr_header=0;
@@ -649,6 +672,15 @@ int MAIN(int argc, char **argv)
 		ecdh_b[i] = NULL;
 		}
 #endif
+#ifndef OPENSSL_NO_RLWEKEX
+	rlwekex_ctx = NULL;
+	for (i=0; i<RLWEKEX_NUM; i++)
+		{
+		rlwekex_a[i] = NULL;
+		rlwekex_b[i] = NULL;
+		rlwekex_rec[i] = NULL;
+		}
+#endif
 
 
 	if (bio_err == NULL)
@@ -693,6 +725,10 @@ int MAIN(int argc, char **argv)
 	for (i=0; i<EC_NUM; i++)
 		ecdh_doit[i]=0;
 #endif
+#ifndef OPENSSL_NO_RLWEKEX
+	for (i=0; i<RLWEKEX_NUM; i++)
+		rlwekex_doit[i]=0;
+#endif
 
 
 	j=0;
@@ -1004,6 +1040,14 @@ int MAIN(int argc, char **argv)
 				ecdh_doit[i]=1;
 			}
 		else
+#endif
+#ifndef OPENSSL_NO_RLWEKEX
+		     if (strcmp(*argv,"rlwekex") == 0)
+			{
+			for (i=0; i < RLWEKEX_NUM; i++)
+				rlwekex_doit[i]=1;
+			}
+		else
 #endif
 			{
 			BIO_printf(bio_err,"Error: bad option or value\n");
@@ -1100,6 +1144,9 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
 			BIO_printf(bio_err,"ecdh\n");
 #endif
+#ifndef OPENSSL_NO_RLWEKEX
+			BIO_printf(bio_err,"rlwekex\n");
+#endif
 
 #ifndef OPENSSL_NO_IDEA
 			BIO_printf(bio_err,"idea     ");
@@ -1176,6 +1223,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ECDH
 		for (i=0; i<EC_NUM; i++)
 			ecdh_doit[i]=1;
+#endif
+#ifndef OPENSSL_NO_RLWEKEX
+		for (i=0; i<RLWEKEX_NUM; i++)
+			rlwekex_doit[i]=1;
 #endif
 		}
 	for (i=0; i<ALGOR_NUM; i++)
@@ -1484,6 +1535,12 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
+#ifndef OPENSSL_NO_RLWEKEX
+	for (i=0; i<=RLWEKEX_NUM; i++) {
+		rlwekex_c[i][0]=count/1000;
+		rlwekex_c[i][1]=count/1000;
+	}
+#endif
 
 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
@@ -2389,6 +2446,105 @@ int MAIN(int argc, char **argv)
 		}
 	if (rnd_fake) RAND_cleanup();
 #endif
+
+#ifndef OPENSSL_NO_RWLEKEX
+	if (RAND_status() != 1)
+		{
+		RAND_seed(rnd_seed, sizeof rnd_seed);
+		rnd_fake = 1;
+		}
+	rlwekex_ctx = RLWE_CTX_new();
+	if (rlwekex_ctx == NULL)
+		{
+		BIO_printf(bio_err,"RLWEKEX failure.\n");
+		ERR_print_errors(bio_err);
+		rsa_count=1;
+		}
+	else 
+		{
+		for (j=0; j<RLWEKEX_NUM; j++)
+			{
+			if (!rlwekex_doit[j]) continue;
+			rlwekex_a[j] = RLWE_PAIR_new();
+			rlwekex_b[j] = RLWE_PAIR_new();
+			rlwekex_rec[j] = RLWE_REC_new();
+			if ((rlwekex_a[j] == NULL) || (rlwekex_b[j] == NULL) || (rlwekex_rec[j] == NULL))
+				{
+				BIO_printf(bio_err,"RLWEKEX failure.\n");
+				ERR_print_errors(bio_err);
+				rsa_count=1;
+				}
+			else
+				{
+
+				/* Time RLWEKEX key generation */
+				pkey_print_message("rlwe","key generation", rlwekex_c[j][0], 1024, RLWEKEX_SECONDS);
+				Time_F(START);
+				for (count=0,run=1; COND(rlwekex_c[j][0]); count++)
+					{
+					RLWE_PAIR_generate_key(rlwekex_a[j], rlwekex_ctx);
+					}
+				d=Time_F(STOP);
+				BIO_printf(bio_err, mr ? "+R9:%ld:%d:%.2f\n" :"%ld n=%d RLWE key generations in %.2fs\n",
+					count, 1024, d);
+				rlwekex_results[j][0]=d/(double)count;
+				rsa_count=count;
+
+				rlwekex_secret_size_b = KDF1_SHA1_len;
+				rlwekex_secret_size_a = KDF1_SHA1_len;
+				/* generate two RLWE key pairs */
+				if (!RLWE_PAIR_generate_key(rlwekex_a[j], rlwekex_ctx) ||
+					!RLWE_PAIR_generate_key(rlwekex_b[j], rlwekex_ctx))
+					{
+					BIO_printf(bio_err,"RLWEKEX key generation failure.\n");
+					ERR_print_errors(bio_err);
+					rsa_count=1;		
+					}
+				else
+					{
+					/* Time RLWEKEX Bob shared secret generation */
+					pkey_print_message("rlwe","Bob shared secret", rlwekex_c[j][1], 1024, RLWEKEX_SECONDS);
+					Time_F(START);
+					for (count=0,run=1; COND(rlwekex_c[j][1]); count++)
+						{
+						RLWEKEX_compute_key_bob(rlwekex_secret_b, rlwekex_secret_size_b, rlwekex_rec[j], 
+							RLWE_PAIR_get_publickey(rlwekex_a[j]), rlwekex_b[j], KDF1_SHA1, rlwekex_ctx);
+						}
+					d=Time_F(STOP);
+					BIO_printf(bio_err, mr ? "+R10:%ld:%d:%.2f\n" :"%ld n=%d RLWE Bob shared secret in %.2fs\n",
+						count, 1024, d);
+					rlwekex_results[j][1]=d/(double)count;
+					rsa_count=count;
+
+					/* Time RLWEKEX Alice shared secret generation */
+					pkey_print_message("rlwe","Alice shared secret", rlwekex_c[j][2], 1024, RLWEKEX_SECONDS);
+					Time_F(START);
+					for (count=0,run=1; COND(rlwekex_c[j][2]); count++)
+						{
+						RLWEKEX_compute_key_alice(rlwekex_secret_a, rlwekex_secret_size_a, 
+							RLWE_PAIR_get_publickey(rlwekex_b[j]), rlwekex_rec[j], rlwekex_a[j], KDF1_SHA1, rlwekex_ctx);
+						}
+					d=Time_F(STOP);
+					BIO_printf(bio_err, mr ? "+R11:%ld:%d:%.2f\n" :"%ld n=%d RLWE Alice shared secret in %.2fs\n",
+						count, 1024, d);
+					rlwekex_results[j][2]=d/(double)count;
+					rsa_count=count;
+
+					}
+				}
+
+			if (rsa_count <= 1)
+				{
+				/* if longer than 10s, don't do any more */
+				for (j++; j<RLWEKEX_NUM; j++)
+					rlwekex_doit[j]=0;
+				}
+			}
+
+		}
+	if (rnd_fake) RAND_cleanup();
+#endif
+
 #ifndef NO_FORK
 show_res:
 #endif
@@ -2537,6 +2693,30 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 
+#ifndef OPENSSL_NO_RLWEKEX
+	j=1;
+	for (k=0; k<RLWEKEX_NUM; k++)
+		{
+		if (!rlwekex_doit[k]) continue;
+		if (j && !mr)
+			{
+			printf("%19skeygen   keygen/s   Bob shared      Bob/s   Alice shared    Alice/s\n"," ");
+			j=0;
+			}
+		if (mr)
+			fprintf(stdout,"+F6:%u:%u:%f:%f:%f\n",
+				k, 1024,
+				rlwekex_results[k][0], rlwekex_results[k][1], rlwekex_results[k][2]);
+
+		else
+			fprintf(stdout,"rlwe n=%4u     %8.4fs    %8.1f   %8.4fs   %8.1f      %8.4fs   %8.1f\n",
+				1024,
+				rlwekex_results[k][0], 1.0/rlwekex_results[k][0],
+				rlwekex_results[k][1], 1.0/rlwekex_results[k][1],
+				rlwekex_results[k][2], 1.0/rlwekex_results[k][2]);
+		}
+#endif
+
 	mret=0;
 
 end:
@@ -2568,6 +2748,17 @@ int MAIN(int argc, char **argv)
 			EC_KEY_free(ecdh_b[i]);
 	}
 #endif
+#ifndef OPENSSL_NO_RLWEKEX
+	for (i=0; i<RLWEKEX_NUM; i++)
+	{
+		if (rlwekex_a[i] != NULL)
+			RLWE_PAIR_free(rlwekex_a[i]);
+		if (rlwekex_b[i] != NULL)
+			RLWE_PAIR_free(rlwekex_b[i]);
+		if (rlwekex_rec[i] != NULL)
+			RLWE_REC_free(rlwekex_rec[i]);
+	}
+#endif
 
 	apps_shutdown();
 	OPENSSL_EXIT(mret);
@@ -2826,6 +3017,25 @@ static int do_multi(int multi)
 				}
 #endif
 
+#ifndef OPENSSL_NO_RLWEKEX
+			else if(!strncmp(buf,"+F6:",4))
+				{
+				int k;
+				double d;
+
+				p=buf+4;
+				k=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					rlwekex_results[k][0]=1/(1/rlwekex_results[k][0]+1/d);
+				else
+					rlwekex_results[k][0]=d;
+
+				}
+#endif
+
 			else if(!strncmp(buf,"+H:",3))
 				{
 				}

diff --git a/crypto/err/err.h b/crypto/err/err.h
@@ -192,6 +192,7 @@ typedef struct err_state_st
 #define ERR_LIB_COMP            41
 #define ERR_LIB_ECDSA		42
 #define ERR_LIB_ECDH		43
+#define ERR_LIB_RLWEKEX		50
 #define ERR_LIB_STORE           44
 #define ERR_LIB_FIPS		45
 #define ERR_LIB_CMS		46
@@ -228,6 +229,7 @@ typedef struct err_state_st
 #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
 #define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
 #define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
+#define RLWEKEXerr(f,r)  ERR_PUT_error(ERR_LIB_RLWEKEX,(f),(r),__FILE__,__LINE__)
 #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
 #define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
 #define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
@@ -290,6 +292,7 @@ typedef struct err_state_st
 #define ERR_R_ECDH_LIB  ERR_LIB_ECDH	 /* 43 */
 #define ERR_R_STORE_LIB ERR_LIB_STORE    /* 44 */
 #define ERR_R_TS_LIB	ERR_LIB_TS       /* 45 */
+#define ERR_R_RLWE_LIB  ERR_LIB_RLWEKEX	 /* 46 */
 
 #define ERR_R_NESTED_ASN1_ERROR			58
 #define ERR_R_BAD_ASN1_OBJECT_HEADER		59

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
@@ -30,6 +30,7 @@ L UI		crypto/ui/ui.h			crypto/ui/ui_err.c
 L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c
 L ECDSA		crypto/ecdsa/ecdsa.h		crypto/ecdsa/ecs_err.c
 L ECDH		crypto/ecdh/ecdh.h		crypto/ecdh/ech_err.c
+L RLWEKEX	crypto/rlwekex/rlwekex.h		crypto/rlwekex/rlwekex_err.c
 L STORE		crypto/store/store.h		crypto/store/str_err.c
 L TS		crypto/ts/ts.h			crypto/ts/ts_err.c
 L HMAC		crypto/hmac/hmac.h		crypto/hmac/hmac_err.c