Botan 2.19.1
Crypto and TLS for C&
newhope.h
Go to the documentation of this file.
1/*
2* NEWHOPE Ring-LWE scheme
3* Based on the public domain reference implementation by the
4* designers (https://github.com/tpoeppelmann/newhope)
5*
6* Further changes
7* (C) 2016 Jack Lloyd
8*
9* Botan is released under the Simplified BSD License (see license.txt)
10*/
11
12#ifndef BOTAN_NEWHOPE_H_
13#define BOTAN_NEWHOPE_H_
14
15#include <botan/types.h>
16
17namespace Botan {
18
19class RandomNumberGenerator;
20
21/*
22* WARNING: This API is preliminary and will change
23* Currently pubkey.h does not support a 2-phase KEM scheme of
24* the sort NEWHOPE exports.
25*/
26
27// TODO: change to just a secure_vector
28class BOTAN_UNSTABLE_API newhope_poly final
29 {
30 public:
31 uint16_t coeffs[1024];
32 ~newhope_poly();
33 };
34
35enum Newhope_Params
36 {
37 NEWHOPE_SENDABYTES = 1824,
38 NEWHOPE_SENDBBYTES = 2048,
39
40 NEWHOPE_OFFER_BYTES = 1824,
41 NEWHOPE_ACCEPT_BYTES = 2048,
42 NEWHOPE_SHARED_KEY_BYTES = 32,
43
44 NEWHOPE_SEED_BYTES = 32,
45 NEWHOPE_POLY_BYTES = 1792,
46
47 CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32,
48 CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32,
49 CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
50 };
51
52/**
53* This chooses the XOF + hash for NewHope
54* The official NewHope specification and reference implementation use
55* SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in
56* CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode
57*/
58enum class Newhope_Mode
59 {
60 SHA3,
61 BoringSSL
62 };
63
64// offer
65void BOTAN_PUBLIC_API(2,0) newhope_keygen(uint8_t send[NEWHOPE_SENDABYTES],
66 newhope_poly* sk,
67 RandomNumberGenerator& rng,
68 Newhope_Mode = Newhope_Mode::SHA3);
69
70// accept
71void BOTAN_PUBLIC_API(2,0) newhope_sharedb(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
72 uint8_t send[],
73 const uint8_t* received,
74 RandomNumberGenerator& rng,
75 Newhope_Mode mode = Newhope_Mode::SHA3);
76
77// finish
78void BOTAN_PUBLIC_API(2,0) newhope_shareda(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
79 const newhope_poly* ska,
80 const uint8_t* received,
81 Newhope_Mode mode = Newhope_Mode::SHA3);
82
83}
84
85#endif
Botan::newhope_poly
Definition: newhope.h:29
final
int(* final)(unsigned char *, CTX *)
Definition: commoncrypto_hash.cpp:29
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
BOTAN_UNSTABLE_API
#define BOTAN_UNSTABLE_API
Definition: compiler.h:44
Botan
Definition: alg_id.cpp:13
Botan::Newhope_Mode
Newhope_Mode
Definition: newhope.h:59
Botan::Newhope_Params
Newhope_Params
Definition: newhope.h:36
Botan::NEWHOPE_SHARED_KEY_BYTES
@ NEWHOPE_SHARED_KEY_BYTES
Definition: newhope.h:42
Botan::NEWHOPE_SENDABYTES
@ NEWHOPE_SENDABYTES
Definition: newhope.h:37
Botan::CECPQ1_ACCEPT_BYTES
@ CECPQ1_ACCEPT_BYTES
Definition: newhope.h:48
Botan::NEWHOPE_POLY_BYTES
@ NEWHOPE_POLY_BYTES
Definition: newhope.h:45
Botan::NEWHOPE_SENDBBYTES
@ NEWHOPE_SENDBBYTES
Definition: newhope.h:38
Botan::CECPQ1_SHARED_KEY_BYTES
@ CECPQ1_SHARED_KEY_BYTES
Definition: newhope.h:49
Botan::CECPQ1_OFFER_BYTES
@ CECPQ1_OFFER_BYTES
Definition: newhope.h:47
Botan::NEWHOPE_OFFER_BYTES
@ NEWHOPE_OFFER_BYTES
Definition: newhope.h:40
Botan::NEWHOPE_SEED_BYTES
@ NEWHOPE_SEED_BYTES
Definition: newhope.h:44
Botan::NEWHOPE_ACCEPT_BYTES
@ NEWHOPE_ACCEPT_BYTES
Definition: newhope.h:41
Botan::newhope_shareda
void newhope_shareda(uint8_t sharedkey[], const poly *sk, const uint8_t received[], Newhope_Mode mode)
Definition: newhope.cpp:779
Botan::newhope_sharedb
void newhope_sharedb(uint8_t *sharedkey, uint8_t *send, const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode)
Definition: newhope.cpp:742
Botan::newhope_keygen
void newhope_keygen(uint8_t *send, poly *sk, RandomNumberGenerator &rng, Newhope_Mode mode)
Definition: newhope.cpp:720
Generated by doxygen 1.9.3