Coverage Report

Created: 2020-02-14 15:38

/src/botan/build/include/botan/newhope.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
* NEWHOPE Ring-LWE scheme
3
* Based on the public domain reference implementation by the
4
* designers (https://github.com/tpoeppelmann/newhope)
5
*
6
* Further changes
7
* (C) 2016 Jack Lloyd
8
*
9
* Botan is released under the Simplified BSD License (see license.txt)
10
*/
11
12
#ifndef BOTAN_NEWHOPE_H_
13
#define BOTAN_NEWHOPE_H_
14
15
#include <botan/mem_ops.h>
16
17
namespace Botan {
18
19
class RandomNumberGenerator;
20
21
/*
22
* WARNING: This API is preliminary and will change
23
* Currently pubkey.h does not support a 2-phase KEM scheme of
24
* the sort NEWHOPE exports.
25
*/
26
27
// TODO: change to just a secure_vector
28
class newhope_poly final
29
   {
30
   public:
31
      uint16_t coeffs[1024];
32
0
      ~newhope_poly() { secure_scrub_memory(coeffs, sizeof(coeffs)); }
33
   };
34
35
enum Newhope_Params
36
   {
37
   NEWHOPE_SENDABYTES = 1824,
38
   NEWHOPE_SENDBBYTES = 2048,
39
40
   NEWHOPE_OFFER_BYTES  = 1824,
41
   NEWHOPE_ACCEPT_BYTES = 2048,
42
   NEWHOPE_SHARED_KEY_BYTES = 32,
43
44
   NEWHOPE_SEED_BYTES = 32,
45
   NEWHOPE_POLY_BYTES = 1792,
46
47
   CECPQ1_OFFER_BYTES   = NEWHOPE_OFFER_BYTES + 32,
48
   CECPQ1_ACCEPT_BYTES  = NEWHOPE_ACCEPT_BYTES + 32,
49
   CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
50
   };
51
52
/**
53
* This chooses the XOF + hash for NewHope
54
* The official NewHope specification and reference implementation use
55
* SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in
56
* CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode
57
*/
58
enum class Newhope_Mode
59
   {
60
   SHA3,
61
   BoringSSL
62
   };
63
64
// offer
65
void BOTAN_PUBLIC_API(2,0) newhope_keygen(uint8_t send[NEWHOPE_SENDABYTES],
66
                              newhope_poly* sk,
67
                              RandomNumberGenerator& rng,
68
                              Newhope_Mode = Newhope_Mode::SHA3);
69
70
// accept
71
void BOTAN_PUBLIC_API(2,0) newhope_sharedb(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
72
                               uint8_t send[],
73
                               const uint8_t* received,
74
                               RandomNumberGenerator& rng,
75
                               Newhope_Mode mode = Newhope_Mode::SHA3);
76
77
// finish
78
void BOTAN_PUBLIC_API(2,0) newhope_shareda(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
79
                               const newhope_poly* ska,
80
                               const uint8_t* received,
81
                               Newhope_Mode mode = Newhope_Mode::SHA3);
82
83
}
84
85
#endif