/src/botan/src/lib/pubkey/frodokem/frodokem_common/frodo_constants.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * FrodoKEM modes and constants |
3 | | * |
4 | | * The Fellowship of the FrodoKEM: |
5 | | * (C) 2023 Jack Lloyd |
6 | | * 2023 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity |
7 | | * |
8 | | * Botan is released under the Simplified BSD License (see license.txt) |
9 | | */ |
10 | | |
11 | | #include <botan/internal/frodo_constants.h> |
12 | | |
13 | | #include <botan/xof.h> |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | 0 | FrodoKEMConstants::FrodoKEMConstants(FrodoKEMMode mode) : m_mode(mode), m_len_a(128), m_n_bar(8) { |
18 | 0 | if(!mode.is_available()) { |
19 | 0 | throw Not_Implemented("FrodoKEM mode " + mode.to_string() + " is not available"); |
20 | 0 | } |
21 | | |
22 | 0 | if(mode.is_ephemeral()) { |
23 | 0 | m_len_salt = 0; |
24 | 0 | } |
25 | |
|
26 | 0 | switch(mode.mode()) { |
27 | 0 | case FrodoKEMMode::FrodoKEM640_SHAKE: |
28 | 0 | case FrodoKEMMode::FrodoKEM640_AES: |
29 | 0 | case FrodoKEMMode::eFrodoKEM640_SHAKE: |
30 | 0 | case FrodoKEMMode::eFrodoKEM640_AES: |
31 | 0 | m_nist_strength = 128; |
32 | 0 | m_d = 15; |
33 | 0 | m_n = 640; |
34 | 0 | m_b = 2; |
35 | 0 | if(mode.is_static()) { |
36 | 0 | m_len_salt = 256; |
37 | 0 | m_len_se = 256; |
38 | 0 | } else if(mode.is_ephemeral()) { |
39 | 0 | m_len_se = 128; |
40 | 0 | } else { |
41 | 0 | BOTAN_ASSERT_UNREACHABLE(); |
42 | 0 | } |
43 | |
|
44 | 0 | m_cdf_table = {4643, 13363, 20579, 25843, 29227, 31145, 32103, 32525, 32689, 32745, 32762, 32766, 32767}; |
45 | |
|
46 | 0 | m_shake = "SHAKE-128"; |
47 | 0 | break; |
48 | | |
49 | 0 | case FrodoKEMMode::FrodoKEM976_SHAKE: |
50 | 0 | case FrodoKEMMode::FrodoKEM976_AES: |
51 | 0 | case FrodoKEMMode::eFrodoKEM976_SHAKE: |
52 | 0 | case FrodoKEMMode::eFrodoKEM976_AES: |
53 | 0 | m_nist_strength = 192; |
54 | 0 | m_d = 16; |
55 | 0 | m_n = 976; |
56 | 0 | m_b = 3; |
57 | 0 | if(mode.is_static()) { |
58 | 0 | m_len_salt = 384; |
59 | 0 | m_len_se = 384; |
60 | 0 | } else if(mode.is_ephemeral()) { |
61 | 0 | m_len_se = 192; |
62 | 0 | } else { |
63 | 0 | BOTAN_ASSERT_UNREACHABLE(); |
64 | 0 | } |
65 | |
|
66 | 0 | m_cdf_table = {5638, 15915, 23689, 28571, 31116, 32217, 32613, 32731, 32760, 32766, 32767}; |
67 | |
|
68 | 0 | m_shake = "SHAKE-256"; |
69 | 0 | break; |
70 | | |
71 | 0 | case FrodoKEMMode::FrodoKEM1344_SHAKE: |
72 | 0 | case FrodoKEMMode::FrodoKEM1344_AES: |
73 | 0 | case FrodoKEMMode::eFrodoKEM1344_SHAKE: |
74 | 0 | case FrodoKEMMode::eFrodoKEM1344_AES: |
75 | 0 | m_nist_strength = 256; |
76 | 0 | m_d = 16; |
77 | 0 | m_n = 1344; |
78 | 0 | m_b = 4; |
79 | 0 | if(mode.is_static()) { |
80 | 0 | m_len_salt = 512; |
81 | 0 | m_len_se = 512; |
82 | 0 | } else if(mode.is_ephemeral()) { |
83 | 0 | m_len_se = 256; |
84 | 0 | } else { |
85 | 0 | BOTAN_ASSERT_UNREACHABLE(); |
86 | 0 | } |
87 | |
|
88 | 0 | m_cdf_table = {9142, 23462, 30338, 32361, 32725, 32765, 32767}; |
89 | |
|
90 | 0 | m_shake = "SHAKE-256"; |
91 | 0 | break; |
92 | 0 | } |
93 | | |
94 | 0 | m_shake_xof = XOF::create_or_throw(m_shake); |
95 | 0 | } |
96 | | |
97 | 0 | FrodoKEMConstants::~FrodoKEMConstants() = default; |
98 | | |
99 | 0 | XOF& FrodoKEMConstants::SHAKE_XOF() const { |
100 | 0 | m_shake_xof->clear(); |
101 | 0 | return *m_shake_xof; |
102 | 0 | } |
103 | | |
104 | | } // namespace Botan |