def check_wrong_secret_key(alg_name):
kem = oqs.KeyEncapsulation(alg_name)
public_key = kem.generate_keypair()
ciphertext, shared_secret_server = kem.encap_secret(public_key)
wrong_secret_key = bytes(
random.getrandbits(8) for _ in range(kem.details['length_secret_key']))
kem2 = oqs.KeyEncapsulation(alg_name, wrong_secret_key)
shared_secret_client = kem2.decap_secret(ciphertext)
assert shared_secret_client != shared_secret_server
kem.free()
kem2.free()
def test(algorithm):
kem = oqs.KeyEncapsulation(algorithm)
startKey = time.time()
for i in range(100):
public_key = kem.generate_keypair()
endKey = time.time()
startEncap = time.time()
for x in range(100):
ciphertext, shared_secret_server = kem.encap_secret(public_key)
endEncap = time.time()
startDecap = time.time()
for j in range(100):
shared_secret_client = kem.decap_secret(ciphertext)
endDecap = time.time()
print('Total time to genKey is ', (endKey - startKey),
'and time for 1 is ', ((endKey - startKey) / 100))
print()
print('Total time to encapsulate is ', (endEncap - startEncap),
'and time for 1 is ', ((endEncap - startEncap) / 100))
print()
print('Total time to decapsulate is ', (endDecap - startDecap),
'and time for 1 is ', ((endDecap - startDecap) / 100))
print()
def check_correctness(alg_name):
kem = oqs.KeyEncapsulation(alg_name)
public_key = kem.generate_keypair()
ciphertext, shared_secret_server = kem.encap_secret(public_key)
shared_secret_client = kem.decap_secret(ciphertext)
assert shared_secret_client == shared_secret_server
kem.free()
def decapsulate(self, secret_key: bytes, ciphertext: Ciphertext) -> SharedSecret:
with oqs.KeyEncapsulation(self.system, secret_key) as client:
start = current_milli_time()
plaintext = client.decap_secret(ciphertext)
end = current_milli_time()
self.decrypt_time = end - start
return plaintext
def encapsulate(self, public_key: bytes) -> Tuple[Ciphertext, SharedSecret]:
with oqs.KeyEncapsulation(self.system) as client:
start = current_milli_time()
ciphertext, shared_secret = client.encap_secret(public_key)
end = current_milli_time()
self.encrypt_time = end - start
return ciphertext, shared_secret
def test_not_supported():
try:
kem = oqs.KeyEncapsulation('bogus')
raise AssertionError("oqs.MechanismNotSupportedError was not raised.")
except oqs.MechanismNotSupportedError:
pass
except E:
raise AssertionError("An unexpected exception was raised. " + E)
def generate_key(self) -> KeyPair:
with oqs.KeyEncapsulation(self.system) as client:
start = current_milli_time()
public_key = client.generate_keypair()
secret_key = client.export_secret_key()
end = current_milli_time()
self.keygen_time = end - start
return public_key, secret_key
def check_wrong_ciphertext(alg_name):
with oqs.KeyEncapsulation(alg_name) as kem:
public_key = kem.generate_keypair()
ciphertext, shared_secret_server = kem.encap_secret(public_key)
wrong_ciphertext = bytes(
random.getrandbits(8) for _ in range(len(ciphertext)))
shared_secret_client = kem.decap_secret(wrong_ciphertext)
assert shared_secret_client != shared_secret_server
def generate(algorithm):
kem = oqs.KeyEncapsulation(algorithm)
public_key = kem.generate_keypair()
ciphertext, shared_secret_server = kem.encap_secret(public_key)
shared_secret_client = kem.decap_secret(ciphertext)
if shared_secret_client == shared_secret_server:
print ("True")
else:
print ("FALSE!!!!!!!!!")
return False
def test_not_enabled():
# TODO: test broken as the compiled lib determines which algorithms are supported and enabled
for alg_name in oqs.get_supported_KEM_mechanisms():
if alg_name not in oqs.get_enabled_KEM_mechanisms():
# found a non-enabled but supported alg
try:
kem = oqs.KeyEncapsulation(alg_name)
raise AssertionError(
"oqs.MechanismNotEnabledError was not raised.")
except oqs.MechanismNotEnabledError:
pass
except E:
raise AssertionError("An unexpected exception was raised. " +
E)
def get_pwd(client_public_key):
kex_alg = 'NewHope-1024-CCA'
with oqs.KeyEncapsulation(kex_alg) as server:
#this generates a key and encrypts it using client's public key
ciphertext, shared_secret_server = server.encap_secret(
client_public_key)
print('Server Details')
pprint(server.details)
sleep(5)
print('Ciphertext generated by server')
print(ciphertext)
print('Secret key generated by server')
#printing this just for verification
print(shared_secret_server)
return ciphertext
def get_nist_level(kem):
with oqs.KeyEncapsulation(kem) as client:
level = client.details["claimed_nist_level"]
return level
from pprint import pprint
import oqs
#######################################################################
# KEM example
#######################################################################
kems = oqs.get_enabled_KEM_mechanisms()
print("Enabled KEM mechanisms:")
pprint(kems, compact="True")
# create client and server with default KEM mechanisms
kemalg = "DEFAULT"
with oqs.KeyEncapsulation(kemalg) as client:
with oqs.KeyEncapsulation(kemalg) as server:
print("\nKey encapsulation details:")
pprint(client.details)
# client generates its keypair
public_key = client.generate_keypair()
# optionally, the secret key can be obtained by calling export_secret_key()
# and the client can later be re-instantiated with the key pair:
# secret_key = client.export_secret_key()
# store key pair, wait... (session resumption):
# client = oqs.KeyEncapsulation(kemalg, secret_key)
# the server encapsulates its secret using the client's public key
ciphertext, shared_secret_server = server.encap_secret(public_key)
file_ver = verification.read(BLOCK_SIDE_C)
if(client_end_hash.hexdigest() == pq_hash(file_server)):
#print()
print('Quantum safe hash verified')
else:
print('File Manipulated')
def cls_scr():
if os.name == 'posix':
_ = os.system('clear')
else:
_ = os.system('cls')
key_exchange = 'NewHope-1024-CCA'
with oqs.KeyEncapsulation(key_exchange) as client:
cls_scr()
print('Client Side')
print('Client Details')
pprint(client.details)
#public key generation
public_key = client.generate_keypair()
pq_file_pwd = get_pwd(public_key)
file_pwd = client.decap_secret(pq_file_pwd)
print('Secret key recieved by client')
print(file_pwd)
sleep(8)
cls_scr()
print("next up quantum signature verification")
sleep(3)
