Botan 3.9.0
Crypto and TLS for C&
frodo_constants.cpp
Go to the documentation of this file.
1/*
2 * FrodoKEM modes and constants
3 *
4 * The Fellowship of the FrodoKEM:
5 * (C) 2023 Jack Lloyd
6 * 2023 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
7 *
8 * Botan is released under the Simplified BSD License (see license.txt)
9 */
10
11#include <botan/internal/frodo_constants.h>
12
13#include <botan/assert.h>
14#include <botan/xof.h>
15
16namespace Botan {
17
18FrodoKEMConstants::FrodoKEMConstants(FrodoKEMMode mode) : m_mode(mode), m_len_a(128), m_n_bar(8) {
19 if(!mode.is_available()) {
20 throw Not_Implemented("FrodoKEM mode " + mode.to_string() + " is not available");
21 }
22
23 if(mode.is_ephemeral()) {
24 m_len_salt = 0;
25 }
26
27 switch(mode.mode()) {
28 case FrodoKEMMode::FrodoKEM640_SHAKE:
29 case FrodoKEMMode::FrodoKEM640_AES:
30 case FrodoKEMMode::eFrodoKEM640_SHAKE:
31 case FrodoKEMMode::eFrodoKEM640_AES:
32 m_nist_strength = 128;
33 m_d = 15;
34 m_n = 640;
35 m_b = 2;
36 if(mode.is_static()) {
37 m_len_salt = 256;
38 m_len_se = 256;
39 } else if(mode.is_ephemeral()) {
40 m_len_se = 128;
41 } else {
42 BOTAN_ASSERT_UNREACHABLE();
43 }
44
45 m_cdf_table = {4643, 13363, 20579, 25843, 29227, 31145, 32103, 32525, 32689, 32745, 32762, 32766, 32767};
46
47 m_shake = "SHAKE-128";
48 break;
49
50 case FrodoKEMMode::FrodoKEM976_SHAKE:
51 case FrodoKEMMode::FrodoKEM976_AES:
52 case FrodoKEMMode::eFrodoKEM976_SHAKE:
53 case FrodoKEMMode::eFrodoKEM976_AES:
54 m_nist_strength = 192;
55 m_d = 16;
56 m_n = 976;
57 m_b = 3;
58 if(mode.is_static()) {
59 m_len_salt = 384;
60 m_len_se = 384;
61 } else if(mode.is_ephemeral()) {
62 m_len_se = 192;
63 } else {
64 BOTAN_ASSERT_UNREACHABLE();
65 }
66
67 m_cdf_table = {5638, 15915, 23689, 28571, 31116, 32217, 32613, 32731, 32760, 32766, 32767};
68
69 m_shake = "SHAKE-256";
70 break;
71
72 case FrodoKEMMode::FrodoKEM1344_SHAKE:
73 case FrodoKEMMode::FrodoKEM1344_AES:
74 case FrodoKEMMode::eFrodoKEM1344_SHAKE:
75 case FrodoKEMMode::eFrodoKEM1344_AES:
76 m_nist_strength = 256;
77 m_d = 16;
78 m_n = 1344;
79 m_b = 4;
80 if(mode.is_static()) {
81 m_len_salt = 512;
82 m_len_se = 512;
83 } else if(mode.is_ephemeral()) {
84 m_len_se = 256;
85 } else {
86 BOTAN_ASSERT_UNREACHABLE();
87 }
88
89 m_cdf_table = {9142, 23462, 30338, 32361, 32725, 32765, 32767};
90
91 m_shake = "SHAKE-256";
92 break;
93 }
94
95 m_shake_xof = XOF::create_or_throw(m_shake);
96}
97
98FrodoKEMConstants::~FrodoKEMConstants() = default;
99
100XOF& FrodoKEMConstants::SHAKE_XOF() const {
101 m_shake_xof->clear();
102 return *m_shake_xof;
103}
104
105} // namespace Botan
Botan::FrodoKEMConstants::mode
FrodoKEMMode mode() const
Definition frodo_constants.h:37
Botan::FrodoKEMConstants::FrodoKEMConstants
FrodoKEMConstants(FrodoKEMMode mode)
Definition frodo_constants.cpp:18
Botan::XOF::create_or_throw
static std::unique_ptr< XOF > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition xof.cpp:44
Generated by doxygen 1.14.0