Prototype implementation of IKE key exchange via NTRU encryption
[strongswan.git] / src / libstrongswan / plugins / ntru / ntru_crypto / ntru_crypto_ntru_encrypt_param_sets.c
1 /******************************************************************************
2 * NTRU Cryptography Reference Source Code
3 * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
4 *
5 * ntru_crypto_ntru_param_sets.c is a component of ntru-crypto.
6 *
7 * Copyright (C) 2009-2013 Security Innovation
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
22 *
23 *****************************************************************************/
24
25 /******************************************************************************
26 *
27 * File: ntru_crypto_ntru_encrypt_param_sets.c
28 *
29 * Contents: Defines the NTRUEncrypt parameter sets.
30 *
31 *****************************************************************************/
32
33 #include <stdlib.h>
34 #include <string.h>
35 #include "ntru_crypto_ntru_encrypt_param_sets.h"
36
37
38 /* parameter sets */
39
40 static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
41
42 {
43 NTRU_EES401EP1, /* parameter-set id */
44 {0x00, 0x02, 0x04}, /* OID */
45 0x22, /* DER id */
46 9, /* no. of bits in N (i.e., in an index) */
47 401, /* N */
48 14, /* security strength in octets */
49 2048, /* q */
50 11, /* no. of bits in q (i.e., in a coeff) */
51 FALSE, /* product form */
52 113, /* df, dr */
53 133, /* dg */
54 60, /* maxMsgLenBytes */
55 113, /* dm0 */
56 2005, /* 2^c - (2^c mod N) */
57 11, /* c */
58 1, /* lLen */
59 32, /* min. no. of hash calls for IGF-2 */
60 9, /* min. no. of hash calls for MGF-TP-1 */
61 },
62
63 {
64 NTRU_EES449EP1, /* parameter-set id */
65 {0x00, 0x03, 0x03}, /* OID */
66 0x23, /* DER id */
67 9, /* no. of bits in N (i.e., in an index) */
68 449, /* N */
69 16, /* security strength in octets */
70 2048, /* q */
71 11, /* no. of bits in q (i.e., in a coeff) */
72 FALSE, /* product form */
73 134, /* df, dr */
74 149, /* dg */
75 67, /* maxMsgLenBytes */
76 134, /* dm0 */
77 449, /* 2^c - (2^c mod N) */
78 9, /* c */
79 1, /* lLen */
80 31, /* min. no. of hash calls for IGF-2 */
81 9, /* min. no. of hash calls for MGF-TP-1 */
82 },
83
84 {
85 NTRU_EES677EP1, /* parameter-set id */
86 {0x00, 0x05, 0x03}, /* OID */
87 0x24, /* DER id */
88 10, /* no. of bits in N (i.e., in an index) */
89 677, /* N */
90 24, /* security strength in octets */
91 2048, /* q */
92 11, /* no. of bits in q (i.e., in a coeff) */
93 FALSE, /* product form */
94 157, /* df, dr */
95 225, /* dg */
96 101, /* maxMsgLenBytes */
97 157, /* dm0 */
98 2031, /* 2^c - (2^c mod N) */
99 11, /* c */
100 1, /* lLen */
101 27, /* min. no. of hash calls for IGF-2 */
102 9, /* min. no. of hash calls for MGF-TP-1 */
103 },
104
105 {
106 NTRU_EES1087EP2, /* parameter-set id */
107 {0x00, 0x06, 0x03}, /* OID */
108 0x25, /* DER id */
109 10, /* no. of bits in N (i.e., in an index) */
110 1087, /* N */
111 32, /* security strength in octets */
112 2048, /* q */
113 11, /* no. of bits in q (i.e., in a coeff) */
114 FALSE, /* product form */
115 120, /* df, dr */
116 362, /* dg */
117 170, /* maxMsgLenBytes */
118 120, /* dm0 */
119 7609, /* 2^c - (2^c mod N) */
120 13, /* c */
121 1, /* lLen */
122 25, /* min. no. of hash calls for IGF-2 */
123 14, /* min. no. of hash calls for MGF-TP-1 */
124 },
125
126 {
127 NTRU_EES541EP1, /* parameter-set id */
128 {0x00, 0x02, 0x05}, /* OID */
129 0x26, /* DER id */
130 10, /* no. of bits in N (i.e., in an index) */
131 541, /* N */
132 14, /* security strength in octets */
133 2048, /* q */
134 11, /* no. of bits in q (i.e., in a coeff) */
135 FALSE, /* product form */
136 49, /* df, dr */
137 180, /* dg */
138 86, /* maxMsgLenBytes */
139 49, /* dm0 */
140 3787, /* 2^c - (2^c mod N) */
141 12, /* c */
142 1, /* lLen */
143 15, /* min. no. of hash calls for IGF-2 */
144 11, /* min. no. of hash calls for MGF-TP-1 */
145 },
146
147 {
148 NTRU_EES613EP1, /* parameter-set id */
149 {0x00, 0x03, 0x04}, /* OID */
150 0x27, /* DER id */
151 10, /* no. of bits in N (i.e., in an index) */
152 613, /* N */
153 16, /* securuity strength in octets */
154 2048, /* q */
155 11, /* no. of bits in q (i.e., in a coeff) */
156 FALSE, /* product form */
157 55, /* df, dr */
158 204, /* dg */
159 97, /* maxMsgLenBytes */
160 55, /* dm0 */
161 1839, /* 2^c - (2^c mod N) */
162 11, /* c */
163 1, /* lLen */
164 16, /* min. no. of hash calls for IGF-2 */
165 13, /* min. no. of hash calls for MGF-TP-1 */
166 },
167
168 {
169 NTRU_EES887EP1, /* parameter-set id */
170 {0x00, 0x05, 0x04}, /* OID */
171 0x28, /* DER id */
172 10, /* no. of bits in N (i.e., in an index) */
173 887, /* N */
174 24, /* security strength in octets */
175 2048, /* q */
176 11, /* no. of bits in q (i.e., in a coeff) */
177 FALSE, /* product form */
178 81, /* df, dr */
179 295, /* dg */
180 141, /* maxMsgLenBytes */
181 81, /* dm0 */
182 887, /* 2^c - (2^c mod N) */
183 10, /* c */
184 1, /* lLen */
185 13, /* min. no. of hash calls for IGF-2 */
186 12, /* min. no. of hash calls for MGF-TP-1 */
187 },
188
189 {
190 NTRU_EES1171EP1, /* parameter-set id */
191 {0x00, 0x06, 0x04}, /* OID */
192 0x29, /* DER id */
193 11, /* no. of bits in N (i.e., in an index) */
194 1171, /* N */
195 32, /* security strength in octets */
196 2048, /* q */
197 11, /* no. of bits in q (i.e., in a coeff) */
198 FALSE, /* product form */
199 106, /* df, dr */
200 390, /* dg */
201 186, /* maxMsgLenBytes */
202 106, /* dm0 */
203 3513, /* 2^c - (2^c mod N) */
204 12, /* c */
205 1, /* lLen */
206 20, /* min. no. of hash calls for IGF-2 */
207 15, /* min. no. of hash calls for MGF-TP-1 */
208 },
209
210 {
211 NTRU_EES659EP1, /* parameter-set id */
212 {0x00, 0x02, 0x06}, /* OID */
213 0x2a, /* DER id */
214 10, /* no. of bits in N (i.e., in an index) */
215 659, /* N */
216 14, /* security strength in octets */
217 2048, /* q */
218 11, /* no. of bits in q (i.e., in a coeff) */
219 FALSE, /* product form */
220 38, /* df, dr */
221 219, /* dg */
222 108, /* maxMsgLenBytes */
223 38, /* dm0 */
224 1977, /* 2^c - (2^c mod N) */
225 11, /* c */
226 1, /* lLen */
227 11, /* min. no. of hash calls for IGF-2 */
228 14, /* min. no. of hash calls for MGF-TP-1 */
229 },
230
231 {
232 NTRU_EES761EP1, /* parameter-set id */
233 {0x00, 0x03, 0x05}, /* OID */
234 0x2b, /* DER id */
235 10, /* no. of bits in N (i.e., in an index) */
236 761, /* N */
237 16, /* security strength in octets */
238 2048, /* q */
239 11, /* no. of bits in q (i.e., in a coeff) */
240 FALSE, /* product form */
241 42, /* df, dr */
242 253, /* dg */
243 125, /* maxMsgLenBytes */
244 42, /* dm0 */
245 3805, /* 2^c - (2^c mod N) */
246 12, /* c */
247 1, /* lLen */
248 13, /* min. no. of hash calls for IGF-2 */
249 16, /* min. no. of hash calls for MGF-TP-1 */
250 },
251
252 {
253 NTRU_EES1087EP1, /* parameter-set id */
254 {0x00, 0x05, 0x05}, /* OID */
255 0x2c, /* DER id */
256 11, /* no. of bits in N (i.e., in an index) */
257 1087, /* N */
258 24, /* security strength in octets */
259 2048, /* q */
260 11, /* no. of bits in q (i.e., in a coeff) */
261 FALSE, /* product form */
262 63, /* df, dr */
263 362, /* dg */
264 178, /* maxMsgLenBytes */
265 63, /* dm0 */
266 7609, /* 2^c - (2^c mod N) */
267 13, /* c */
268 1, /* lLen */
269 13, /* min. no. of hash calls for IGF-2 */
270 14, /* min. no. of hash calls for MGF-TP-1 */
271 },
272
273 {
274 NTRU_EES1499EP1, /* parameter-set id */
275 {0x00, 0x06, 0x05}, /* OID */
276 0x2d, /* DER id */
277 11, /* no. of bits in N (i.e., in an index) */
278 1499, /* N */
279 32, /* security strength in octets */
280 2048, /* q */
281 11, /* no. of bits in q (i.e., in a coeff) */
282 FALSE, /* product form */
283 79, /* df, dr */
284 499, /* dg */
285 247, /* maxMsgLenBytes */
286 79, /* dm0 */
287 7495, /* 2^c - (2^c mod N) */
288 13, /* c */
289 1, /* lLen */
290 17, /* min. no. of hash calls for IGF-2 */
291 19, /* min. no. of hash calls for MGF-TP-1 */
292 },
293
294 {
295 NTRU_EES401EP2, /* parameter-set id */
296 {0x00, 0x02, 0x10}, /* OID */
297 0x2e, /* DER id */
298 9, /* no. of bits in N (i.e., in an index) */
299 401, /* N */
300 14, /* security strength in octets */
301 2048, /* q */
302 11, /* no. of bits in q (i.e., in a coeff) */
303 TRUE, /* product form */
304 8 + (8 << 8) + (6 << 16), /* df, dr */
305 133, /* dg */
306 60, /* maxMsgLenBytes */
307 136, /* m(1)_max */
308 2005, /* 2^c - (2^c mod N) */
309 11, /* c */
310 1, /* lLen */
311 10, /* min. no. of hash calls for IGF-2 */
312 6, /* min. no. of hash calls for MGF-TP-1 */
313 },
314
315 {
316 NTRU_EES439EP1, /* parameter-set id */
317 {0x00, 0x03, 0x10}, /* OID */
318 0x2f, /* DER id */
319 9, /* no. of bits in N (i.e., in an index) */
320 439, /* N */
321 16, /* security strength in octets */
322 2048, /* q */
323 11, /* no. of bits in q (i.e., in a coeff) */
324 TRUE, /* product form */
325 9 + (8 << 8) + (5 << 16), /* df, dr */
326 146, /* dg */
327 65, /* maxMsgLenBytes */
328 126, /* m(1)_max */
329 439, /* 2^c - (2^c mod N) */
330 9, /* c */
331 1, /* lLen */
332 15, /* min. no. of hash calls for IGF-2 */
333 6, /* min. no. of hash calls for MGF-TP-1 */
334 },
335
336 {
337 NTRU_EES593EP1, /* parameter-set id */
338 {0x00, 0x05, 0x10}, /* OID */
339 0x30, /* DER id */
340 10, /* no. of bits in N (i.e., in an index) */
341 593, /* N */
342 24, /* security strength in octets */
343 2048, /* q */
344 11, /* no. of bits in q (i.e., in a coeff) */
345 TRUE, /* product form */
346 10 + (10 << 8) + (8 << 16), /* df, dr */
347 197, /* dg */
348 86, /* maxMsgLenBytes */
349 90, /* m(1)_max */
350 1779, /* 2^c - (2^c mod N) */
351 11, /* c */
352 1, /* lLen */
353 12, /* min. no. of hash calls for IGF-2 */
354 5, /* min. no. of hash calls for MGF-TP-1 */
355 },
356
357 {
358 NTRU_EES743EP1, /* parameter-set id */
359 {0x00, 0x06, 0x10}, /* OID */
360 0x31, /* DER id */
361 10, /* no. of bits in N (i.e., in an index) */
362 743, /* N */
363 32, /* security strength in octets */
364 2048, /* q */
365 11, /* no. of bits in q (i.e., in a coeff) */
366 TRUE, /* product form */
367 11 + (11 << 8) + (15 << 16), /* df, dr */
368 247, /* dg */
369 106, /* maxMsgLenBytes */
370 60, /* m(1)_max */
371 8173, /* 2^c - (2^c mod N) */
372 13, /* c */
373 1, /* lLen */
374 12, /* min. no. of hash calls for IGF-2 */
375 7, /* min. no. of hash calls for MGF-TP-1 */
376 },
377
378 };
379
380 static size_t numParamSets =
381 sizeof(ntruParamSets)/sizeof(NTRU_ENCRYPT_PARAM_SET);
382
383
384 /* functions */
385
386 /* ntru_encrypt_get_params_with_id
387 *
388 * Looks up a set of NTRUEncrypt parameters based on the id of the
389 * parameter set.
390 *
391 * Returns a pointer to the parameter set parameters if successful.
392 * Returns NULL if the parameter set cannot be found.
393 */
394
395 NTRU_ENCRYPT_PARAM_SET *
396 ntru_encrypt_get_params_with_id(
397 NTRU_ENCRYPT_PARAM_SET_ID id) /* in - parameter-set id */
398 {
399 size_t i;
400
401 for (i = 0; i < numParamSets; i++) {
402 if (ntruParamSets[i].id == id) {
403 return &(ntruParamSets[i]);
404 }
405 }
406 return NULL;
407 }
408
409
410 /* ntru_encrypt_get_params_with_OID
411 *
412 * Looks up a set of NTRUEncrypt parameters based on the OID of the
413 * parameter set.
414 *
415 * Returns a pointer to the parameter set parameters if successful.
416 * Returns NULL if the parameter set cannot be found.
417 */
418
419 NTRU_ENCRYPT_PARAM_SET *
420 ntru_encrypt_get_params_with_OID(
421 uint8_t const *oid) /* in - pointer to parameter-set OID */
422 {
423 size_t i;
424
425 for (i = 0; i < numParamSets; i++) {
426 if (!memcmp(ntruParamSets[i].OID, oid, 3)) {
427 return &(ntruParamSets[i]);
428 }
429 }
430 return NULL;
431 }
432
433
434 /* ntru_encrypt_get_params_with_DER_id
435 *
436 * Looks up a set of NTRUEncrypt parameters based on the DER id of the
437 * parameter set.
438 *
439 * Returns a pointer to the parameter set parameters if successful.
440 * Returns NULL if the parameter set cannot be found.
441 */
442
443 NTRU_ENCRYPT_PARAM_SET *
444 ntru_encrypt_get_params_with_DER_id(
445 uint8_t der_id) /* in - parameter-set DER id */
446 {
447 size_t i;
448
449 for (i = 0; i < numParamSets; i++) {
450 if (ntruParamSets[i].der_id == der_id) {
451 return &(ntruParamSets[i]);
452 }
453 }
454 return NULL;
455 }
456
457