I have problems with my c++ mc-eliece implementation from Botan crypto library. There seems to be virtually only one example of it in the whole internet, with a link to it.
https://www.cryptosource.de/docs/mceliece_in_botan.pdf
But this example is 6 years old, hence it is totally outdated and the Botan docs do not provide any other.
The problem is basically, that unfortunatelly function names and specs have changed over time, hence i get a couple of compiler errors while i try to use them. I managed to demystify some of them by looking into the header implementations. But now i'm, frankly said, in front of a wall.
It would be great if anybody familar with the Botan MC-Eliece implementation, could give me a hint, how the current functions are called.
This is my code with marks. I removed a lot of unnecessary code and other implementations, to make it more readable. You will also not be able to make it run without the necessary modules, but i will try to write it down in a way, that somebody with Botan library should be able to run it.
//to compile: g++ -o mc_eliece mc_eliece.cpp -Wall -I/usr/local/include/botan-2/ -I/home/pi/projects/RNG_final/ -ltss2-esys -ltss2-rc -lbotan-2
#include <iostream>
#include <botan/rng.h>
#include <botan/system_rng.h>
#include <botan/mceies.h>
#include <botan/mceliece.h>
int main() {
Botan::size_t n = 1632; // Parameters for key generation
Botan::size_t t = 33;
// initialize RNG type
Botan::System_RNG rng; // is a standard Botan RNG
// create a new MCEliece private key with code length n and error weigth t
Botan::McEliece_PrivateKey sk1(rng, n, t); // actually works!
// derive the corresponding public key
Botan::McEliece_PublicKey pk1(*dynamic_cast<Botan::McEliece_PublicKey*>(&sk1)); // actually works!
// encode the public key
std::vector<uint8_t> pk_enc = pk1.subject_public_key(); // actually works!
// encode the private key
Botan::secure_vector<uint8_t> sk_enc = sk1.private_key_bits(); // had to replace sk1.pkcs8_private_key()
// encryption side: decode a serialized public key
Botan::McEliece_PublicKey pk(pk_enc);
McEliece_KEM_Encryptor enc(pk); // does not work, can't find a working corresponding function in the header
// perform encryption -> will find out if it works after upper case had been solved
std::pair<secure_vector<Botan::byte>,secure_vector<Botan::byte> > ciphertext__sym_key = enc.encrypt(rng);
secure_vector<Botan::byte> sym_key_encr = ciphertext__sym_key.second;
secure_vector<Botan::byte> ciphertext = ciphertext__sym_key.first;
// code used at the decrypting side: -> will find out if it works after upper case had been solved
// decode a serialized private key
McEliece_PrivateKey sk(sk_enc);
McEliece_KEM_Decryptor dec(sk);
// perform decryption -> will find out if it works after upper case had been solved
secure_vector<Botan::byte> sym_key_decr = dec.decrypt(&ciphertext[0],
ciphertext.size() );
// both sides now have the same 64-byte symmetric key.
// use this key to instantiate an authenticated encryption scheme.
// in case shorter keys are needed, they can simple be cut off.
return 0;
}
Thx for any help in advance.
I have now updated the example code in https://www.cryptosource.de/docs/mceliece_in_botan.pdf to reflect these the changes to Botan's new KEM API.
Please note that it is unnecessary to provide a salt value for the KDF when used in the context of a KEM for a public key scheme such as McEliece. That the KDF can accept a salt value here is a mere artefact of the API, owing to that fact that KDFs can be used also in other contexts. Specifically, a salt value is only necessary when deriving keys of secrets that potentially lack entropy, such as passwords. Then it mitigates attacks based on precomputed tables.