2bc61f653f457c85c5d9aca37e8e0f2d894047fd
[strongswan.git] / src / libstrongswan / plugins / ntru / ntru_param_set.c
1 /*
2 * Copyright (C) 2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * Copyright (C) 2009-2013 Security Innovation
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include "ntru_param_set.h"
19
20 ENUM(ntru_param_set_id_names, NTRU_EES401EP1, NTRU_EES743EP1,
21 "ees401ep1",
22 "ees449ep1",
23 "ees677ep1",
24 "ees1087ep2",
25 "ees541ep1",
26 "ees613ep1",
27 "ees887ep1",
28 "ees1171ep1",
29 "ees659ep1",
30 "ees761ep1",
31 "ees1087ep1",
32 "ees1499ep1",
33 "ees401ep2",
34 "ees439ep1",
35 "ees593ep1",
36 "ees743ep1"
37 );
38
39 /**
40 * NTRU encryption parameter set definitions
41 */
42 static ntru_param_set_t ntru_param_sets[] = {
43
44 /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
45 {
46 NTRU_EES401EP1, /* parameter-set id */
47 {0x00, 0x02, 0x04}, /* OID */
48 0x22, /* DER id */
49 9, /* no. of bits in N (i.e., in an index) */
50 401, /* N */
51 14, /* security strength in octets */
52 2048, /* q */
53 11, /* no. of bits in q (i.e., in a coeff) */
54 FALSE, /* product form */
55 113, /* df, dr */
56 133, /* dg */
57 60, /* maxMsgLenBytes */
58 113, /* dm0 */
59 11, /* c */
60 1, /* lLen */
61 },
62
63 {
64 NTRU_EES449EP1, /* parameter-set id */
65 {0x00, 0x03, 0x03}, /* OID */
66 0x23, /* DER id */
67 9, /* no. of bits in N (i.e., in an index) */
68 449, /* N */
69 16, /* security strength in octets */
70 2048, /* q */
71 11, /* no. of bits in q (i.e., in a coeff) */
72 FALSE, /* product form */
73 134, /* df, dr */
74 149, /* dg */
75 67, /* maxMsgLenBytes */
76 134, /* dm0 */
77 9, /* c */
78 1, /* lLen */
79 },
80
81 {
82 NTRU_EES677EP1, /* parameter-set id */
83 {0x00, 0x05, 0x03}, /* OID */
84 0x24, /* DER id */
85 10, /* no. of bits in N (i.e., in an index) */
86 677, /* N */
87 24, /* security strength in octets */
88 2048, /* q */
89 11, /* no. of bits in q (i.e., in a coeff) */
90 FALSE, /* product form */
91 157, /* df, dr */
92 225, /* dg */
93 101, /* maxMsgLenBytes */
94 157, /* dm0 */
95 11, /* c */
96 1, /* lLen */
97 },
98
99 {
100 NTRU_EES1087EP2, /* parameter-set id */
101 {0x00, 0x06, 0x03}, /* OID */
102 0x25, /* DER id */
103 11, /* no. of bits in N (i.e., in an index) */
104 1087, /* N */
105 32, /* security strength in octets */
106 2048, /* q */
107 11, /* no. of bits in q (i.e., in a coeff) */
108 FALSE, /* product form */
109 120, /* df, dr */
110 362, /* dg */
111 170, /* maxMsgLenBytes */
112 120, /* dm0 */
113 13, /* c */
114 1, /* lLen */
115 },
116
117 /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
118 {
119 NTRU_EES541EP1, /* parameter-set id */
120 {0x00, 0x02, 0x05}, /* OID */
121 0x26, /* DER id */
122 10, /* no. of bits in N (i.e., in an index) */
123 541, /* N */
124 14, /* security strength in octets */
125 2048, /* q */
126 11, /* no. of bits in q (i.e., in a coeff) */
127 FALSE, /* product form */
128 49, /* df, dr */
129 180, /* dg */
130 86, /* maxMsgLenBytes */
131 49, /* dm0 */
132 12, /* c */
133 1, /* lLen */
134 },
135
136 {
137 NTRU_EES613EP1, /* parameter-set id */
138 {0x00, 0x03, 0x04}, /* OID */
139 0x27, /* DER id */
140 10, /* no. of bits in N (i.e., in an index) */
141 613, /* N */
142 16, /* securuity strength in octets */
143 2048, /* q */
144 11, /* no. of bits in q (i.e., in a coeff) */
145 FALSE, /* product form */
146 55, /* df, dr */
147 204, /* dg */
148 97, /* maxMsgLenBytes */
149 55, /* dm0 */
150 11, /* c */
151 1, /* lLen */
152 },
153
154 {
155 NTRU_EES887EP1, /* parameter-set id */
156 {0x00, 0x05, 0x04}, /* OID */
157 0x28, /* DER id */
158 10, /* no. of bits in N (i.e., in an index) */
159 887, /* N */
160 24, /* security strength in octets */
161 2048, /* q */
162 11, /* no. of bits in q (i.e., in a coeff) */
163 FALSE, /* product form */
164 81, /* df, dr */
165 295, /* dg */
166 141, /* maxMsgLenBytes */
167 81, /* dm0 */
168 10, /* c */
169 1, /* lLen */
170 },
171
172 {
173 NTRU_EES1171EP1, /* parameter-set id */
174 {0x00, 0x06, 0x04}, /* OID */
175 0x29, /* DER id */
176 11, /* no. of bits in N (i.e., in an index) */
177 1171, /* N */
178 32, /* security strength in octets */
179 2048, /* q */
180 11, /* no. of bits in q (i.e., in a coeff) */
181 FALSE, /* product form */
182 106, /* df, dr */
183 390, /* dg */
184 186, /* maxMsgLenBytes */
185 106, /* dm0 */
186 12, /* c */
187 1, /* lLen */
188 },
189
190 /* X9.98/IEEE 1363.1 parameter sets for best speed */
191 {
192 NTRU_EES659EP1, /* parameter-set id */
193 {0x00, 0x02, 0x06}, /* OID */
194 0x2a, /* DER id */
195 10, /* no. of bits in N (i.e., in an index) */
196 659, /* N */
197 14, /* security strength in octets */
198 2048, /* q */
199 11, /* no. of bits in q (i.e., in a coeff) */
200 FALSE, /* product form */
201 38, /* df, dr */
202 219, /* dg */
203 108, /* maxMsgLenBytes */
204 38, /* dm0 */
205 11, /* c */
206 1, /* lLen */
207 },
208
209 {
210 NTRU_EES761EP1, /* parameter-set id */
211 {0x00, 0x03, 0x05}, /* OID */
212 0x2b, /* DER id */
213 10, /* no. of bits in N (i.e., in an index) */
214 761, /* N */
215 16, /* security strength in octets */
216 2048, /* q */
217 11, /* no. of bits in q (i.e., in a coeff) */
218 FALSE, /* product form */
219 42, /* df, dr */
220 253, /* dg */
221 125, /* maxMsgLenBytes */
222 42, /* dm0 */
223 12, /* c */
224 1, /* lLen */
225 },
226
227 {
228 NTRU_EES1087EP1, /* parameter-set id */
229 {0x00, 0x05, 0x05}, /* OID */
230 0x2c, /* DER id */
231 11, /* no. of bits in N (i.e., in an index) */
232 1087, /* N */
233 24, /* security strength in octets */
234 2048, /* q */
235 11, /* no. of bits in q (i.e., in a coeff) */
236 FALSE, /* product form */
237 63, /* df, dr */
238 362, /* dg */
239 178, /* maxMsgLenBytes */
240 63, /* dm0 */
241 13, /* c */
242 1, /* lLen */
243 },
244
245 {
246 NTRU_EES1499EP1, /* parameter-set id */
247 {0x00, 0x06, 0x05}, /* OID */
248 0x2d, /* DER id */
249 11, /* no. of bits in N (i.e., in an index) */
250 1499, /* N */
251 32, /* security strength in octets */
252 2048, /* q */
253 11, /* no. of bits in q (i.e., in a coeff) */
254 FALSE, /* product form */
255 79, /* df, dr */
256 499, /* dg */
257 247, /* maxMsgLenBytes */
258 79, /* dm0 */
259 13, /* c */
260 1, /* lLen */
261 },
262
263 /* Best bandwidth and speed, no X9.98 compatibility */
264 {
265 NTRU_EES401EP2, /* parameter-set id */
266 {0x00, 0x02, 0x10}, /* OID */
267 0x2e, /* DER id */
268 9, /* no. of bits in N (i.e., in an index) */
269 401, /* N */
270 14, /* security strength in octets */
271 2048, /* q */
272 11, /* no. of bits in q (i.e., in a coeff) */
273 TRUE, /* product form */
274 8 + (8 << 8) + (6 << 16), /* df, dr */
275 133, /* dg */
276 60, /* maxMsgLenBytes */
277 136, /* m(1)_max */
278 11, /* c */
279 1, /* lLen */
280 },
281
282 {
283 NTRU_EES439EP1, /* parameter-set id */
284 {0x00, 0x03, 0x10}, /* OID */
285 0x2f, /* DER id */
286 9, /* no. of bits in N (i.e., in an index) */
287 439, /* N */
288 16, /* security strength in octets */
289 2048, /* q */
290 11, /* no. of bits in q (i.e., in a coeff) */
291 TRUE, /* product form */
292 9 + (8 << 8) + (5 << 16), /* df, dr */
293 146, /* dg */
294 65, /* maxMsgLenBytes */
295 126, /* m(1)_max */
296 9, /* c */
297 1, /* lLen */
298 },
299
300 {
301 NTRU_EES593EP1, /* parameter-set id */
302 {0x00, 0x05, 0x10}, /* OID */
303 0x30, /* DER id */
304 10, /* no. of bits in N (i.e., in an index) */
305 593, /* N */
306 24, /* security strength in octets */
307 2048, /* q */
308 11, /* no. of bits in q (i.e., in a coeff) */
309 TRUE, /* product form */
310 10 + (10 << 8) + (8 << 16), /* df, dr */
311 197, /* dg */
312 86, /* maxMsgLenBytes */
313 90, /* m(1)_max */
314 11, /* c */
315 1, /* lLen */
316 },
317
318 {
319 NTRU_EES743EP1, /* parameter-set id */
320 {0x00, 0x06, 0x10}, /* OID */
321 0x31, /* DER id */
322 10, /* no. of bits in N (i.e., in an index) */
323 743, /* N */
324 32, /* security strength in octets */
325 2048, /* q */
326 11, /* no. of bits in q (i.e., in a coeff) */
327 TRUE, /* product form */
328 11 + (11 << 8) + (15 << 16), /* df, dr */
329 247, /* dg */
330 106, /* maxMsgLenBytes */
331 60, /* m(1)_max */
332 13, /* c */
333 1, /* lLen */
334 },
335
336 };
337
338 /**
339 * See header.
340 */
341 ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id)
342 {
343 int i;
344
345 for (i = 0; i < countof(ntru_param_sets); i++)
346 {
347 if (ntru_param_sets[i].id == id)
348 {
349 return &ntru_param_sets[i];
350 }
351 }
352 return NULL;
353 }
354
355
356 /**
357 * See header.
358 */
359 ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid)
360 {
361 int i;
362
363 for (i = 0; i < countof(ntru_param_sets); i++)
364 {
365 if (memeq(ntru_param_sets[i].oid, oid, 3))
366 {
367 return &ntru_param_sets[i];
368 }
369 }
370 return NULL;
371 }
372