/src/botan/build/include/botan/newhope.h

Source (jump to first uncovered line)
/*
* NEWHOPE Ring-LWE scheme
* Based on the public domain reference implementation by the
* designers (https://github.com/tpoeppelmann/newhope)
*
* Further changes
* (C) 2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#ifndef BOTAN_NEWHOPE_H_
#define BOTAN_NEWHOPE_H_

#include <botan/mem_ops.h>

namespace Botan {

class RandomNumberGenerator;

/*
* WARNING: This API is preliminary and will change
* Currently pubkey.h does not support a 2-phase KEM scheme of
* the sort NEWHOPE exports.
*/

// TODO: change to just a secure_vector
class newhope_poly final
   {
   public:
      uint16_t coeffs[1024];
      ~newhope_poly() { secure_scrub_memory(coeffs, sizeof(coeffs)); }
   };

enum Newhope_Params
   {
   NEWHOPE_SENDABYTES = 1824,
   NEWHOPE_SENDBBYTES = 2048,

   NEWHOPE_OFFER_BYTES  = 1824,
   NEWHOPE_ACCEPT_BYTES = 2048,
   NEWHOPE_SHARED_KEY_BYTES = 32,

   NEWHOPE_SEED_BYTES = 32,
   NEWHOPE_POLY_BYTES = 1792,

   CECPQ1_OFFER_BYTES   = NEWHOPE_OFFER_BYTES + 32,
   CECPQ1_ACCEPT_BYTES  = NEWHOPE_ACCEPT_BYTES + 32,
   CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
   };

/**
* This chooses the XOF + hash for NewHope
* The official NewHope specification and reference implementation use
* SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in
* CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode
*/
enum class Newhope_Mode
   {
   SHA3,
   BoringSSL
   };

// offer
void BOTAN_PUBLIC_API(2,0) newhope_keygen(uint8_t send[NEWHOPE_SENDABYTES],
                              newhope_poly* sk,
                              RandomNumberGenerator& rng,
                              Newhope_Mode = Newhope_Mode::SHA3);

// accept
void BOTAN_PUBLIC_API(2,0) newhope_sharedb(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
                               uint8_t send[],
                               const uint8_t* received,
                               RandomNumberGenerator& rng,
                               Newhope_Mode mode = Newhope_Mode::SHA3);

// finish
void BOTAN_PUBLIC_API(2,0) newhope_shareda(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
                               const newhope_poly* ska,
                               const uint8_t* received,
                               Newhope_Mode mode = Newhope_Mode::SHA3);

}

#endif

Coverage Report

Created: 2020-02-14 15:38

Line	Count	Source (jump to first uncovered line)
1		/*
2		* NEWHOPE Ring-LWE scheme
3		* Based on the public domain reference implementation by the
4		* designers (https://github.com/tpoeppelmann/newhope)
5		*
6		* Further changes
7		* (C) 2016 Jack Lloyd
8		*
9		* Botan is released under the Simplified BSD License (see license.txt)
10		*/
11
12		#ifndef BOTAN_NEWHOPE_H_
13		#define BOTAN_NEWHOPE_H_
14
15		#include <botan/mem_ops.h>
16
17		namespace Botan {
18
19		class RandomNumberGenerator;
20
21		/*
22		* WARNING: This API is preliminary and will change
23		* Currently pubkey.h does not support a 2-phase KEM scheme of
24		* the sort NEWHOPE exports.
25		*/
26
27		// TODO: change to just a secure_vector
28		class newhope_poly final
29		{
30		public:
31		uint16_t coeffs[1024];
32	0	~newhope_poly() { secure_scrub_memory(coeffs, sizeof(coeffs)); }
33		};
34
35		enum Newhope_Params
36		{
37		NEWHOPE_SENDABYTES = 1824,
38		NEWHOPE_SENDBBYTES = 2048,
39
40		NEWHOPE_OFFER_BYTES = 1824,
41		NEWHOPE_ACCEPT_BYTES = 2048,
42		NEWHOPE_SHARED_KEY_BYTES = 32,
43
44		NEWHOPE_SEED_BYTES = 32,
45		NEWHOPE_POLY_BYTES = 1792,
46
47		CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32,
48		CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32,
49		CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
50		};
51
52		/**
53		* This chooses the XOF + hash for NewHope
54		* The official NewHope specification and reference implementation use
55		* SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in
56		* CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode
57		*/
58		enum class Newhope_Mode
59		{
60		SHA3,
61		BoringSSL
62		};
63
64		// offer
65		void BOTAN_PUBLIC_API(2,0) newhope_keygen(uint8_t send[NEWHOPE_SENDABYTES],
66		newhope_poly* sk,
67		RandomNumberGenerator& rng,
68		Newhope_Mode = Newhope_Mode::SHA3);
69
70		// accept
71		void BOTAN_PUBLIC_API(2,0) newhope_sharedb(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
72		uint8_t send[],
73		const uint8_t* received,
74		RandomNumberGenerator& rng,
75		Newhope_Mode mode = Newhope_Mode::SHA3);
76
77		// finish
78		void BOTAN_PUBLIC_API(2,0) newhope_shareda(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
79		const newhope_poly* ska,
80		const uint8_t* received,
81		Newhope_Mode mode = Newhope_Mode::SHA3);
82
83		}
84
85		#endif