/src/botan/build/include/botan/newhope.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * NEWHOPE Ring-LWE scheme |
3 | | * Based on the public domain reference implementation by the |
4 | | * designers (https://github.com/tpoeppelmann/newhope) |
5 | | * |
6 | | * Further changes |
7 | | * (C) 2016 Jack Lloyd |
8 | | * |
9 | | * Botan is released under the Simplified BSD License (see license.txt) |
10 | | */ |
11 | | |
12 | | #ifndef BOTAN_NEWHOPE_H_ |
13 | | #define BOTAN_NEWHOPE_H_ |
14 | | |
15 | | #include <botan/mem_ops.h> |
16 | | |
17 | | namespace Botan { |
18 | | |
19 | | class RandomNumberGenerator; |
20 | | |
21 | | /* |
22 | | * WARNING: This API is preliminary and will change |
23 | | * Currently pubkey.h does not support a 2-phase KEM scheme of |
24 | | * the sort NEWHOPE exports. |
25 | | */ |
26 | | |
27 | | // TODO: change to just a secure_vector |
28 | | class newhope_poly final |
29 | | { |
30 | | public: |
31 | | uint16_t coeffs[1024]; |
32 | 0 | ~newhope_poly() { secure_scrub_memory(coeffs, sizeof(coeffs)); } |
33 | | }; |
34 | | |
35 | | enum Newhope_Params |
36 | | { |
37 | | NEWHOPE_SENDABYTES = 1824, |
38 | | NEWHOPE_SENDBBYTES = 2048, |
39 | | |
40 | | NEWHOPE_OFFER_BYTES = 1824, |
41 | | NEWHOPE_ACCEPT_BYTES = 2048, |
42 | | NEWHOPE_SHARED_KEY_BYTES = 32, |
43 | | |
44 | | NEWHOPE_SEED_BYTES = 32, |
45 | | NEWHOPE_POLY_BYTES = 1792, |
46 | | |
47 | | CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32, |
48 | | CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32, |
49 | | CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32 |
50 | | }; |
51 | | |
52 | | /** |
53 | | * This chooses the XOF + hash for NewHope |
54 | | * The official NewHope specification and reference implementation use |
55 | | * SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in |
56 | | * CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode |
57 | | */ |
58 | | enum class Newhope_Mode |
59 | | { |
60 | | SHA3, |
61 | | BoringSSL |
62 | | }; |
63 | | |
64 | | // offer |
65 | | void BOTAN_PUBLIC_API(2,0) newhope_keygen(uint8_t send[NEWHOPE_SENDABYTES], |
66 | | newhope_poly* sk, |
67 | | RandomNumberGenerator& rng, |
68 | | Newhope_Mode = Newhope_Mode::SHA3); |
69 | | |
70 | | // accept |
71 | | void BOTAN_PUBLIC_API(2,0) newhope_sharedb(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], |
72 | | uint8_t send[], |
73 | | const uint8_t* received, |
74 | | RandomNumberGenerator& rng, |
75 | | Newhope_Mode mode = Newhope_Mode::SHA3); |
76 | | |
77 | | // finish |
78 | | void BOTAN_PUBLIC_API(2,0) newhope_shareda(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES], |
79 | | const newhope_poly* ska, |
80 | | const uint8_t* received, |
81 | | Newhope_Mode mode = Newhope_Mode::SHA3); |
82 | | |
83 | | } |
84 | | |
85 | | #endif |