luajitos

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs

Kyber_Lua.c (11094B)

      1 /*
      2  * Kyber_Lua.c - Lua bindings for CRYSTALS-Kyber post-quantum KEM
      3  */
      4 
      5 #include "Kyber_Lua.h"
      6 #include "Kyber.h"
      7 #include <string.h>
      8 #include <stdlib.h>
      9 
     10 /* Base64 encoding function (provided by crypto.c) */
     11 extern char* base64_encode(const uint8_t *data, size_t len, size_t *out_len);
     12 
     13 /* ============================================================================
     14  * Kyber512 Lua Bindings
     15  * ========================================================================= */
     16 
     17 /* kyber512.keypair() - Generate Kyber512 keypair */
     18 int l_kyber512_keypair(lua_State *L) {
     19     uint8_t public_key[KYBER512_PUBLIC_KEY_BYTES];
     20     uint8_t secret_key[KYBER512_SECRET_KEY_BYTES];
     21 
     22     /* Generate keypair */
     23     if (kyber512_keypair(public_key, secret_key) != 0) {
     24         memset(secret_key, 0, KYBER512_SECRET_KEY_BYTES);
     25         return luaL_error(L, "Kyber512 keypair generation failed");
     26     }
     27 
     28     /* Encode to base64 */
     29     size_t pub_b64_len, sec_b64_len;
     30     char *pub_b64 = base64_encode(public_key, KYBER512_PUBLIC_KEY_BYTES, &pub_b64_len);
     31     char *sec_b64 = base64_encode(secret_key, KYBER512_SECRET_KEY_BYTES, &sec_b64_len);
     32 
     33     /* Zero sensitive data */
     34     memset(secret_key, 0, KYBER512_SECRET_KEY_BYTES);
     35 
     36     if (!pub_b64 || !sec_b64) {
     37         free(pub_b64);
     38         free(sec_b64);
     39         return luaL_error(L, "Base64 encoding failed");
     40     }
     41 
     42     /* Return public_key, secret_key */
     43     lua_pushlstring(L, pub_b64, pub_b64_len);
     44     lua_pushlstring(L, sec_b64, sec_b64_len);
     45 
     46     free(pub_b64);
     47     free(sec_b64);
     48     return 2;
     49 }
     50 
     51 /* kyber512.encapsulate(public_key) - Generate shared secret and ciphertext */
     52 int l_kyber512_encapsulate(lua_State *L) {
     53     size_t public_len;
     54     const uint8_t *public_key = (const uint8_t*)luaL_checklstring(L, 1, &public_len);
     55 
     56     if (public_len != KYBER512_PUBLIC_KEY_BYTES) {
     57         return luaL_error(L, "Public key must be %d bytes", KYBER512_PUBLIC_KEY_BYTES);
     58     }
     59 
     60     uint8_t ciphertext[KYBER512_CIPHERTEXT_BYTES];
     61     uint8_t shared_secret[KYBER512_SHARED_SECRET_BYTES];
     62 
     63     /* Encapsulate */
     64     if (kyber512_encapsulate(ciphertext, shared_secret, public_key) != 0) {
     65         memset(shared_secret, 0, KYBER512_SHARED_SECRET_BYTES);
     66         return luaL_error(L, "Kyber512 encapsulation failed");
     67     }
     68 
     69     /* Encode to base64 */
     70     size_t ct_b64_len, ss_b64_len;
     71     char *ct_b64 = base64_encode(ciphertext, KYBER512_CIPHERTEXT_BYTES, &ct_b64_len);
     72     char *ss_b64 = base64_encode(shared_secret, KYBER512_SHARED_SECRET_BYTES, &ss_b64_len);
     73 
     74     /* Zero sensitive data */
     75     memset(shared_secret, 0, KYBER512_SHARED_SECRET_BYTES);
     76 
     77     if (!ct_b64 || !ss_b64) {
     78         free(ct_b64);
     79         free(ss_b64);
     80         return luaL_error(L, "Base64 encoding failed");
     81     }
     82 
     83     /* Return ciphertext, shared_secret */
     84     lua_pushlstring(L, ct_b64, ct_b64_len);
     85     lua_pushlstring(L, ss_b64, ss_b64_len);
     86 
     87     free(ct_b64);
     88     free(ss_b64);
     89     return 2;
     90 }
     91 
     92 /* kyber512.decapsulate(ciphertext, secret_key) - Recover shared secret */
     93 int l_kyber512_decapsulate(lua_State *L) {
     94     size_t ciphertext_len, secret_len;
     95     const uint8_t *ciphertext = (const uint8_t*)luaL_checklstring(L, 1, &ciphertext_len);
     96     const uint8_t *secret_key = (const uint8_t*)luaL_checklstring(L, 2, &secret_len);
     97 
     98     if (ciphertext_len != KYBER512_CIPHERTEXT_BYTES) {
     99         return luaL_error(L, "Ciphertext must be %d bytes", KYBER512_CIPHERTEXT_BYTES);
    100     }
    101 
    102     if (secret_len != KYBER512_SECRET_KEY_BYTES) {
    103         return luaL_error(L, "Secret key must be %d bytes", KYBER512_SECRET_KEY_BYTES);
    104     }
    105 
    106     uint8_t shared_secret[KYBER512_SHARED_SECRET_BYTES];
    107 
    108     /* Decapsulate */
    109     if (kyber512_decapsulate(shared_secret, ciphertext, secret_key) != 0) {
    110         memset(shared_secret, 0, KYBER512_SHARED_SECRET_BYTES);
    111         return luaL_error(L, "Kyber512 decapsulation failed");
    112     }
    113 
    114     /* Encode to base64 */
    115     size_t ss_b64_len;
    116     char *ss_b64 = base64_encode(shared_secret, KYBER512_SHARED_SECRET_BYTES, &ss_b64_len);
    117 
    118     /* Zero sensitive data */
    119     memset(shared_secret, 0, KYBER512_SHARED_SECRET_BYTES);
    120 
    121     if (!ss_b64) {
    122         return luaL_error(L, "Base64 encoding failed");
    123     }
    124 
    125     lua_pushlstring(L, ss_b64, ss_b64_len);
    126     free(ss_b64);
    127     return 1;
    128 }
    129 
    130 /* ============================================================================
    131  * Kyber768 Lua Bindings (RECOMMENDED)
    132  * ========================================================================= */
    133 
    134 int l_kyber768_keypair(lua_State *L) {
    135     uint8_t public_key[KYBER768_PUBLIC_KEY_BYTES];
    136     uint8_t secret_key[KYBER768_SECRET_KEY_BYTES];
    137 
    138     if (kyber768_keypair(public_key, secret_key) != 0) {
    139         memset(secret_key, 0, KYBER768_SECRET_KEY_BYTES);
    140         return luaL_error(L, "Kyber768 keypair generation failed");
    141     }
    142 
    143     size_t pub_b64_len, sec_b64_len;
    144     char *pub_b64 = base64_encode(public_key, KYBER768_PUBLIC_KEY_BYTES, &pub_b64_len);
    145     char *sec_b64 = base64_encode(secret_key, KYBER768_SECRET_KEY_BYTES, &sec_b64_len);
    146 
    147     memset(secret_key, 0, KYBER768_SECRET_KEY_BYTES);
    148 
    149     if (!pub_b64 || !sec_b64) {
    150         free(pub_b64);
    151         free(sec_b64);
    152         return luaL_error(L, "Base64 encoding failed");
    153     }
    154 
    155     lua_pushlstring(L, pub_b64, pub_b64_len);
    156     lua_pushlstring(L, sec_b64, sec_b64_len);
    157 
    158     free(pub_b64);
    159     free(sec_b64);
    160     return 2;
    161 }
    162 
    163 int l_kyber768_encapsulate(lua_State *L) {
    164     size_t public_len;
    165     const uint8_t *public_key = (const uint8_t*)luaL_checklstring(L, 1, &public_len);
    166 
    167     if (public_len != KYBER768_PUBLIC_KEY_BYTES) {
    168         return luaL_error(L, "Public key must be %d bytes", KYBER768_PUBLIC_KEY_BYTES);
    169     }
    170 
    171     uint8_t ciphertext[KYBER768_CIPHERTEXT_BYTES];
    172     uint8_t shared_secret[KYBER768_SHARED_SECRET_BYTES];
    173 
    174     if (kyber768_encapsulate(ciphertext, shared_secret, public_key) != 0) {
    175         memset(shared_secret, 0, KYBER768_SHARED_SECRET_BYTES);
    176         return luaL_error(L, "Kyber768 encapsulation failed");
    177     }
    178 
    179     size_t ct_b64_len, ss_b64_len;
    180     char *ct_b64 = base64_encode(ciphertext, KYBER768_CIPHERTEXT_BYTES, &ct_b64_len);
    181     char *ss_b64 = base64_encode(shared_secret, KYBER768_SHARED_SECRET_BYTES, &ss_b64_len);
    182 
    183     memset(shared_secret, 0, KYBER768_SHARED_SECRET_BYTES);
    184 
    185     if (!ct_b64 || !ss_b64) {
    186         free(ct_b64);
    187         free(ss_b64);
    188         return luaL_error(L, "Base64 encoding failed");
    189     }
    190 
    191     lua_pushlstring(L, ct_b64, ct_b64_len);
    192     lua_pushlstring(L, ss_b64, ss_b64_len);
    193 
    194     free(ct_b64);
    195     free(ss_b64);
    196     return 2;
    197 }
    198 
    199 int l_kyber768_decapsulate(lua_State *L) {
    200     size_t ciphertext_len, secret_len;
    201     const uint8_t *ciphertext = (const uint8_t*)luaL_checklstring(L, 1, &ciphertext_len);
    202     const uint8_t *secret_key = (const uint8_t*)luaL_checklstring(L, 2, &secret_len);
    203 
    204     if (ciphertext_len != KYBER768_CIPHERTEXT_BYTES) {
    205         return luaL_error(L, "Ciphertext must be %d bytes", KYBER768_CIPHERTEXT_BYTES);
    206     }
    207 
    208     if (secret_len != KYBER768_SECRET_KEY_BYTES) {
    209         return luaL_error(L, "Secret key must be %d bytes", KYBER768_SECRET_KEY_BYTES);
    210     }
    211 
    212     uint8_t shared_secret[KYBER768_SHARED_SECRET_BYTES];
    213 
    214     if (kyber768_decapsulate(shared_secret, ciphertext, secret_key) != 0) {
    215         memset(shared_secret, 0, KYBER768_SHARED_SECRET_BYTES);
    216         return luaL_error(L, "Kyber768 decapsulation failed");
    217     }
    218 
    219     size_t ss_b64_len;
    220     char *ss_b64 = base64_encode(shared_secret, KYBER768_SHARED_SECRET_BYTES, &ss_b64_len);
    221 
    222     memset(shared_secret, 0, KYBER768_SHARED_SECRET_BYTES);
    223 
    224     if (!ss_b64) {
    225         return luaL_error(L, "Base64 encoding failed");
    226     }
    227 
    228     lua_pushlstring(L, ss_b64, ss_b64_len);
    229     free(ss_b64);
    230     return 1;
    231 }
    232 
    233 /* ============================================================================
    234  * Kyber1024 Lua Bindings
    235  * ========================================================================= */
    236 
    237 int l_kyber1024_keypair(lua_State *L) {
    238     uint8_t public_key[KYBER1024_PUBLIC_KEY_BYTES];
    239     uint8_t secret_key[KYBER1024_SECRET_KEY_BYTES];
    240 
    241     if (kyber1024_keypair(public_key, secret_key) != 0) {
    242         memset(secret_key, 0, KYBER1024_SECRET_KEY_BYTES);
    243         return luaL_error(L, "Kyber1024 keypair generation failed");
    244     }
    245 
    246     size_t pub_b64_len, sec_b64_len;
    247     char *pub_b64 = base64_encode(public_key, KYBER1024_PUBLIC_KEY_BYTES, &pub_b64_len);
    248     char *sec_b64 = base64_encode(secret_key, KYBER1024_SECRET_KEY_BYTES, &sec_b64_len);
    249 
    250     memset(secret_key, 0, KYBER1024_SECRET_KEY_BYTES);
    251 
    252     if (!pub_b64 || !sec_b64) {
    253         free(pub_b64);
    254         free(sec_b64);
    255         return luaL_error(L, "Base64 encoding failed");
    256     }
    257 
    258     lua_pushlstring(L, pub_b64, pub_b64_len);
    259     lua_pushlstring(L, sec_b64, sec_b64_len);
    260 
    261     free(pub_b64);
    262     free(sec_b64);
    263     return 2;
    264 }
    265 
    266 int l_kyber1024_encapsulate(lua_State *L) {
    267     size_t public_len;
    268     const uint8_t *public_key = (const uint8_t*)luaL_checklstring(L, 1, &public_len);
    269 
    270     if (public_len != KYBER1024_PUBLIC_KEY_BYTES) {
    271         return luaL_error(L, "Public key must be %d bytes", KYBER1024_PUBLIC_KEY_BYTES);
    272     }
    273 
    274     uint8_t ciphertext[KYBER1024_CIPHERTEXT_BYTES];
    275     uint8_t shared_secret[KYBER1024_SHARED_SECRET_BYTES];
    276 
    277     if (kyber1024_encapsulate(ciphertext, shared_secret, public_key) != 0) {
    278         memset(shared_secret, 0, KYBER1024_SHARED_SECRET_BYTES);
    279         return luaL_error(L, "Kyber1024 encapsulation failed");
    280     }
    281 
    282     size_t ct_b64_len, ss_b64_len;
    283     char *ct_b64 = base64_encode(ciphertext, KYBER1024_CIPHERTEXT_BYTES, &ct_b64_len);
    284     char *ss_b64 = base64_encode(shared_secret, KYBER1024_SHARED_SECRET_BYTES, &ss_b64_len);
    285 
    286     memset(shared_secret, 0, KYBER1024_SHARED_SECRET_BYTES);
    287 
    288     if (!ct_b64 || !ss_b64) {
    289         free(ct_b64);
    290         free(ss_b64);
    291         return luaL_error(L, "Base64 encoding failed");
    292     }
    293 
    294     lua_pushlstring(L, ct_b64, ct_b64_len);
    295     lua_pushlstring(L, ss_b64, ss_b64_len);
    296 
    297     free(ct_b64);
    298     free(ss_b64);
    299     return 2;
    300 }
    301 
    302 int l_kyber1024_decapsulate(lua_State *L) {
    303     size_t ciphertext_len, secret_len;
    304     const uint8_t *ciphertext = (const uint8_t*)luaL_checklstring(L, 1, &ciphertext_len);
    305     const uint8_t *secret_key = (const uint8_t*)luaL_checklstring(L, 2, &secret_len);
    306 
    307     if (ciphertext_len != KYBER1024_CIPHERTEXT_BYTES) {
    308         return luaL_error(L, "Ciphertext must be %d bytes", KYBER1024_CIPHERTEXT_BYTES);
    309     }
    310 
    311     if (secret_len != KYBER1024_SECRET_KEY_BYTES) {
    312         return luaL_error(L, "Secret key must be %d bytes", KYBER1024_SECRET_KEY_BYTES);
    313     }
    314 
    315     uint8_t shared_secret[KYBER1024_SHARED_SECRET_BYTES];
    316 
    317     if (kyber1024_decapsulate(shared_secret, ciphertext, secret_key) != 0) {
    318         memset(shared_secret, 0, KYBER1024_SHARED_SECRET_BYTES);
    319         return luaL_error(L, "Kyber1024 decapsulation failed");
    320     }
    321 
    322     size_t ss_b64_len;
    323     char *ss_b64 = base64_encode(shared_secret, KYBER1024_SHARED_SECRET_BYTES, &ss_b64_len);
    324 
    325     memset(shared_secret, 0, KYBER1024_SHARED_SECRET_BYTES);
    326 
    327     if (!ss_b64) {
    328         return luaL_error(L, "Base64 encoding failed");
    329     }
    330 
    331     lua_pushlstring(L, ss_b64, ss_b64_len);
    332     free(ss_b64);
    333     return 1;
    334 }