Coverage Report

Created: 2024-11-29 06:10

/src/botan/src/lib/pubkey/frodokem/frodokem_common/frodo_constants.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * FrodoKEM modes and constants
3
 *
4
 * The Fellowship of the FrodoKEM:
5
 * (C) 2023 Jack Lloyd
6
 *     2023 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
7
 *
8
 * Botan is released under the Simplified BSD License (see license.txt)
9
 */
10
11
#include <botan/internal/frodo_constants.h>
12
13
#include <botan/xof.h>
14
15
namespace Botan {
16
17
0
FrodoKEMConstants::FrodoKEMConstants(FrodoKEMMode mode) : m_mode(mode), m_len_a(128), m_n_bar(8) {
18
0
   if(!mode.is_available()) {
19
0
      throw Not_Implemented("FrodoKEM mode " + mode.to_string() + " is not available");
20
0
   }
21
22
0
   if(mode.is_ephemeral()) {
23
0
      m_len_salt = 0;
24
0
   }
25
26
0
   switch(mode.mode()) {
27
0
      case FrodoKEMMode::FrodoKEM640_SHAKE:
28
0
      case FrodoKEMMode::FrodoKEM640_AES:
29
0
      case FrodoKEMMode::eFrodoKEM640_SHAKE:
30
0
      case FrodoKEMMode::eFrodoKEM640_AES:
31
0
         m_nist_strength = 128;
32
0
         m_d = 15;
33
0
         m_n = 640;
34
0
         m_b = 2;
35
0
         if(mode.is_static()) {
36
0
            m_len_salt = 256;
37
0
            m_len_se = 256;
38
0
         } else if(mode.is_ephemeral()) {
39
0
            m_len_se = 128;
40
0
         } else {
41
0
            BOTAN_ASSERT_UNREACHABLE();
42
0
         }
43
44
0
         m_cdf_table = {4643, 13363, 20579, 25843, 29227, 31145, 32103, 32525, 32689, 32745, 32762, 32766, 32767};
45
46
0
         m_shake = "SHAKE-128";
47
0
         break;
48
49
0
      case FrodoKEMMode::FrodoKEM976_SHAKE:
50
0
      case FrodoKEMMode::FrodoKEM976_AES:
51
0
      case FrodoKEMMode::eFrodoKEM976_SHAKE:
52
0
      case FrodoKEMMode::eFrodoKEM976_AES:
53
0
         m_nist_strength = 192;
54
0
         m_d = 16;
55
0
         m_n = 976;
56
0
         m_b = 3;
57
0
         if(mode.is_static()) {
58
0
            m_len_salt = 384;
59
0
            m_len_se = 384;
60
0
         } else if(mode.is_ephemeral()) {
61
0
            m_len_se = 192;
62
0
         } else {
63
0
            BOTAN_ASSERT_UNREACHABLE();
64
0
         }
65
66
0
         m_cdf_table = {5638, 15915, 23689, 28571, 31116, 32217, 32613, 32731, 32760, 32766, 32767};
67
68
0
         m_shake = "SHAKE-256";
69
0
         break;
70
71
0
      case FrodoKEMMode::FrodoKEM1344_SHAKE:
72
0
      case FrodoKEMMode::FrodoKEM1344_AES:
73
0
      case FrodoKEMMode::eFrodoKEM1344_SHAKE:
74
0
      case FrodoKEMMode::eFrodoKEM1344_AES:
75
0
         m_nist_strength = 256;
76
0
         m_d = 16;
77
0
         m_n = 1344;
78
0
         m_b = 4;
79
0
         if(mode.is_static()) {
80
0
            m_len_salt = 512;
81
0
            m_len_se = 512;
82
0
         } else if(mode.is_ephemeral()) {
83
0
            m_len_se = 256;
84
0
         } else {
85
0
            BOTAN_ASSERT_UNREACHABLE();
86
0
         }
87
88
0
         m_cdf_table = {9142, 23462, 30338, 32361, 32725, 32765, 32767};
89
90
0
         m_shake = "SHAKE-256";
91
0
         break;
92
0
   }
93
94
0
   m_shake_xof = XOF::create_or_throw(m_shake);
95
0
}
96
97
0
FrodoKEMConstants::~FrodoKEMConstants() = default;
98
99
0
XOF& FrodoKEMConstants::SHAKE_XOF() const {
100
0
   m_shake_xof->clear();
101
0
   return *m_shake_xof;
102
0
}
103
104
}  // namespace Botan