Botan 3.4.0
Crypto and TLS for C&
frodo_constants.cpp
Go to the documentation of this file.
1/*
2 * FrodoKEM modes and constants
3 *
4 * The Fellowship of the FrodoKEM:
5 * (C) 2023 Jack Lloyd
6 * 2023 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
7 *
8 * Botan is released under the Simplified BSD License (see license.txt)
9 */
10
11#include <botan/internal/frodo_constants.h>
12
13#include <botan/xof.h>
14
15namespace Botan {
16
17FrodoKEMConstants::FrodoKEMConstants(FrodoKEMMode mode) : m_mode(mode), m_len_a(128), m_n_bar(8) {
18 BOTAN_ASSERT(m_mode.is_available(), "Mode is not available.");
19
20 if(mode.is_ephemeral()) {
21 m_len_salt = 0;
22 }
23
24 switch(mode.mode()) {
25 case FrodoKEMMode::FrodoKEM640_SHAKE:
26 case FrodoKEMMode::FrodoKEM640_AES:
27 case FrodoKEMMode::eFrodoKEM640_SHAKE:
28 case FrodoKEMMode::eFrodoKEM640_AES:
29 m_nist_strength = 128;
30 m_d = 15;
31 m_n = 640;
32 m_b = 2;
33 if(mode.is_static()) {
34 m_len_salt = 256;
35 m_len_se = 256;
36 } else if(mode.is_ephemeral()) {
37 m_len_se = 128;
38 } else {
39 BOTAN_ASSERT_UNREACHABLE();
40 }
41
42 m_cdf_table = {4643, 13363, 20579, 25843, 29227, 31145, 32103, 32525, 32689, 32745, 32762, 32766, 32767};
43
44 m_shake = "SHAKE-128";
45 break;
46
47 case FrodoKEMMode::FrodoKEM976_SHAKE:
48 case FrodoKEMMode::FrodoKEM976_AES:
49 case FrodoKEMMode::eFrodoKEM976_SHAKE:
50 case FrodoKEMMode::eFrodoKEM976_AES:
51 m_nist_strength = 192;
52 m_d = 16;
53 m_n = 976;
54 m_b = 3;
55 if(mode.is_static()) {
56 m_len_salt = 384;
57 m_len_se = 384;
58 } else if(mode.is_ephemeral()) {
59 m_len_se = 192;
60 } else {
61 BOTAN_ASSERT_UNREACHABLE();
62 }
63
64 m_cdf_table = {5638, 15915, 23689, 28571, 31116, 32217, 32613, 32731, 32760, 32766, 32767};
65
66 m_shake = "SHAKE-256";
67 break;
68
69 case FrodoKEMMode::FrodoKEM1344_SHAKE:
70 case FrodoKEMMode::FrodoKEM1344_AES:
71 case FrodoKEMMode::eFrodoKEM1344_SHAKE:
72 case FrodoKEMMode::eFrodoKEM1344_AES:
73 m_nist_strength = 256;
74 m_d = 16;
75 m_n = 1344;
76 m_b = 4;
77 if(mode.is_static()) {
78 m_len_salt = 512;
79 m_len_se = 512;
80 } else if(mode.is_ephemeral()) {
81 m_len_se = 256;
82 } else {
83 BOTAN_ASSERT_UNREACHABLE();
84 }
85
86 m_cdf_table = {9142, 23462, 30338, 32361, 32725, 32765, 32767};
87
88 m_shake = "SHAKE-256";
89 break;
90 }
91
92 m_shake_xof = XOF::create_or_throw(m_shake);
93}
94
95FrodoKEMConstants::~FrodoKEMConstants() = default;
96
97XOF& FrodoKEMConstants::SHAKE_XOF() const {
98 m_shake_xof->clear();
99 return *m_shake_xof;
100}
101
102} // namespace Botan
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
BOTAN_ASSERT_UNREACHABLE
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:137
Botan::FrodoKEMConstants::mode
FrodoKEMMode mode() const
Definition frodo_constants.h:37
Botan::FrodoKEMConstants::FrodoKEMConstants
FrodoKEMConstants(FrodoKEMMode mode)
Definition frodo_constants.cpp:17
Botan::FrodoKEMMode::is_static
bool is_static() const
Definition frodo_mode.h:51
Botan::FrodoKEMMode::is_available
bool is_available() const
Definition frodo_mode.h:66
Botan::FrodoKEMMode::mode
Mode mode() const
Definition frodo_mode.h:44
Botan::FrodoKEMMode::is_ephemeral
bool is_ephemeral() const
Definition frodo_mode.h:46
Botan::XOF::create_or_throw
static std::unique_ptr< XOF > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition xof.cpp:42
Generated by doxygen 1.10.0