-rw-r--r-- 1710 mceliece-sage-20221023/test-padding.sage raw
import parameters import keygen import encap import decap def randombytes(r): return os.urandom(r) systems = parameters.alltests if len(sys.argv) > 1: systems = sys.argv[1:] for system in systems: print(system) sys.stdout.flush() params = parameters.parameters(system,allowtestparams=True) pk,sk = keygen.keygen(randombytes,params) C,sessionkey = encap.encap(pk,randombytes,params) assert decap.decap(C,sk,params) == sessionkey k = params.k mt = params.m*params.t if k < 8*ceil(k/8): for row in range(mt): rowpos = row*8*ceil(k/8) for j in range(rowpos+k,rowpos+8*ceil(k/8)): print('pk padding bit',j) sys.stdout.flush() pk2 = bytearray(pk) pk2[j//8] |= 1<<(j%8) pk2 = bytes(pk2) assert pk2 != pk assert encap.encap(pk2,randombytes,params) == False for loop in range(100): row = randrange(mt) rowpos = row*8*ceil(k/8) j = randrange(rowpos,rowpos+k) print('pk real bit',j) sys.stdout.flush() pk2 = bytearray(pk) pk2[j//8] = ZZ(pk2[j//8]).__xor__(1<<(j%8)) pk2 = bytes(pk2) assert pk2 != pk assert encap.encap(pk2,randombytes,params) != False if mt < 8*ceil(mt/8): for j in range(mt,8*ceil(mt/8)): print('C padding bit',j) sys.stdout.flush() C2 = bytearray(C) C2[j//8] |= 1<<(j%8) C2 = bytes(C2) assert C2 != C assert decap.decap(C2,sk,params) == False for loop in range(10): j = randrange(mt) print('C real bit',j) sys.stdout.flush() C2 = bytearray(C) C2[j//8] = ZZ(C2[j//8]).__xor__(1<<(j%8)) C2 = bytes(C2) assert C2 != C assert decap.decap(C2,sk,params) not in (False,sessionkey)