Botan  2.11.0
Crypto and TLS for C++11
newhope.h
Go to the documentation of this file.
1 /*
2 * NEWHOPE Ring-LWE scheme
3 * Based on the public domain reference implementation by the
4 * designers (https://github.com/tpoeppelmann/newhope)
5 *
6 * Further changes
7 * (C) 2016 Jack Lloyd
8 *
9 * Botan is released under the Simplified BSD License (see license.txt)
10 */
11 
12 #ifndef BOTAN_NEWHOPE_H_
13 #define BOTAN_NEWHOPE_H_
14 
15 #include <botan/mem_ops.h>
16 
17 namespace Botan {
18 
19 class RandomNumberGenerator;
20 
21 /*
22 * WARNING: This API is preliminary and will change
23 * Currently pubkey.h does not support a 2-phase KEM scheme of
24 * the sort NEWHOPE exports.
25 */
26 
27 // TODO: change to just a secure_vector
28 class newhope_poly final
29  {
30  public:
31  uint16_t coeffs[1024];
32  ~newhope_poly() { secure_scrub_memory(coeffs, sizeof(coeffs)); }
33  };
34 
35 enum Newhope_Params
36  {
37  NEWHOPE_SENDABYTES = 1824,
38  NEWHOPE_SENDBBYTES = 2048,
39 
40  NEWHOPE_OFFER_BYTES = 1824,
41  NEWHOPE_ACCEPT_BYTES = 2048,
42  NEWHOPE_SHARED_KEY_BYTES = 32,
43 
44  NEWHOPE_SEED_BYTES = 32,
45  NEWHOPE_POLY_BYTES = 1792,
46 
47  CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32,
48  CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32,
49  CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
50  };
51 
52 /**
53 * This chooses the XOF + hash for NewHope
54 * The official NewHope specification and reference implementation use
55 * SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in
56 * CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode
57 */
58 enum class Newhope_Mode
59  {
60  SHA3,
61  BoringSSL
62  };
63 
64 // offer
65 void BOTAN_PUBLIC_API(2,0) newhope_keygen(uint8_t send[NEWHOPE_SENDABYTES],
66  newhope_poly* sk,
67  RandomNumberGenerator& rng,
68  Newhope_Mode = Newhope_Mode::SHA3);
69 
70 // accept
71 void BOTAN_PUBLIC_API(2,0) newhope_sharedb(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
72  uint8_t send[],
73  const uint8_t* received,
74  RandomNumberGenerator& rng,
75  Newhope_Mode mode = Newhope_Mode::SHA3);
76 
77 // finish
78 void BOTAN_PUBLIC_API(2,0) newhope_shareda(uint8_t sharedkey[NEWHOPE_SHARED_KEY_BYTES],
79  const newhope_poly* ska,
80  const uint8_t* received,
81  Newhope_Mode mode = Newhope_Mode::SHA3);
82 
83 }
84 
85 #endif
Botan::newhope_poly::~newhope_poly
~newhope_poly()
Definition: newhope.h:32
Botan::Newhope_Mode
Newhope_Mode
Definition: newhope.h:58
Botan::newhope_keygen
void newhope_keygen(uint8_t *send, poly *sk, RandomNumberGenerator &rng, Newhope_Mode mode)
Definition: newhope.cpp:715
Botan::newhope_poly
Definition: newhope.h:28
final
int(* final)(unsigned char *, CTX *)
Definition: commoncrypto_hash.cpp:28
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Botan::newhope_sharedb
void newhope_sharedb(uint8_t *sharedkey, uint8_t *send, const uint8_t *received, RandomNumberGenerator &rng, Newhope_Mode mode)
Definition: newhope.cpp:737
Botan
Definition: alg_id.cpp:13
Botan::secure_scrub_memory
void secure_scrub_memory(void *ptr, size_t n)
Definition: os_utils.cpp:61
Botan::newhope_poly::coeffs
uint16_t coeffs[1024]
Definition: newhope.h:31
Botan::newhope_shareda
void newhope_shareda(uint8_t sharedkey[], const poly *sk, const uint8_t received[], Newhope_Mode mode)
Definition: newhope.cpp:774
Botan::Newhope_Params
Newhope_Params
Definition: newhope.h:35
Generated by   doxygen 1.8.14