Refactored NTRU parameter set selection
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 7 Mar 2014 16:25:42 +0000 (17:25 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 7 Mar 2014 20:56:34 +0000 (21:56 +0100)
src/libstrongswan/plugins/ntru/ntru_ke.c
src/libstrongswan/plugins/ntru/ntru_param_set.c
src/libstrongswan/plugins/ntru/ntru_param_set.h

index a954ed1..14bd0cd 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
 #include <utils/debug.h>
 
 typedef struct private_ntru_ke_t private_ntru_ke_t;
-typedef struct param_set_t param_set_t;
-
-/**
- * Defines an NTRU parameter set by ID or OID
- */
-struct param_set_t {
-       ntru_param_set_id_t id;
-       char oid[3];
-       char *name;
-};
 
 /* Best bandwidth and speed, no X9.98 compatibility */
-static param_set_t param_sets_optimum[] = {
-       { NTRU_EES401EP2,  {0x00, 0x02, 0x10}, "ees401ep2"  },
-       { NTRU_EES439EP1,  {0x00, 0x03, 0x10}, "ees439ep1"  },
-       { NTRU_EES593EP1,  {0x00, 0x05, 0x10}, "ees593ep1"  },
-       { NTRU_EES743EP1,  {0x00, 0x06, 0x10}, "ees743ep1"  }
+static ntru_param_set_id_t param_sets_optimum[] = {
+       NTRU_EES401EP2, NTRU_EES439EP1, NTRU_EES593EP1, NTRU_EES743EP1
 };
 
 /* X9.98/IEEE 1363.1 parameter sets for best speed */
-static param_set_t param_sets_x9_98_speed[] = {
-       { NTRU_EES659EP1,  {0x00, 0x02, 0x06}, "ees659ep1"  },
-       { NTRU_EES761EP1,  {0x00, 0x03, 0x05}, "ees761ep1"  },
-       { NTRU_EES1087EP1, {0x00, 0x05, 0x05}, "ees1087ep1" },
-       { NTRU_EES1499EP1, {0x00, 0x06, 0x05}, "ees1499ep1" }
+static ntru_param_set_id_t param_sets_x9_98_speed[] = {
+       NTRU_EES659EP1, NTRU_EES761EP1, NTRU_EES1087EP1, NTRU_EES1499EP1
 };
 
 /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
-static param_set_t param_sets_x9_98_bandwidth[] = {
-       { NTRU_EES401EP1,  {0x00, 0x02, 0x04}, "ees401ep1"  },
-       { NTRU_EES449EP1,  {0x00, 0x03, 0x03}, "ees449ep1"  },
-       { NTRU_EES677EP1,  {0x00, 0x05, 0x03}, "ees677ep1"  },
-       { NTRU_EES1087EP2, {0x00, 0x06, 0x03}, "ees1087ep2" }
+static ntru_param_set_id_t param_sets_x9_98_bandwidth[] = {
+       NTRU_EES401EP1, NTRU_EES449EP1, NTRU_EES677EP1, NTRU_EES1087EP2
 };
 
 /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
-static param_set_t param_sets_x9_98_balance[] = {
-       { NTRU_EES541EP1,  {0x00, 0x02, 0x05}, "ees541ep1"  },
-       { NTRU_EES613EP1,  {0x00, 0x03, 0x04}, "ees613ep1"  },
-       { NTRU_EES887EP1,  {0x00, 0x05, 0x04}, "ees887ep1"  },
-       { NTRU_EES1171EP1, {0x00, 0x06, 0x04}, "ees1171ep1" }
+static ntru_param_set_id_t param_sets_x9_98_balance[] = {
+       NTRU_EES541EP1, NTRU_EES613EP1, NTRU_EES887EP1, NTRU_EES1171EP1
 };
 
 /**
@@ -83,7 +61,7 @@ struct private_ntru_ke_t {
        /**
         * NTRU Parameter Set
         */
-       param_set_t *param_set;
+       ntru_param_set_t *param_set;
 
        /**
         * Cryptographical strength in bits of the NTRU Parameter Set
@@ -310,7 +288,7 @@ METHOD(diffie_hellman_t, destroy, void,
 ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
 {
        private_ntru_ke_t *this;
-       param_set_t *param_sets, *param_set;
+       ntru_param_set_id_t *param_sets, param_set_id;
        rng_t *entropy;
        ntru_drbg_t *drbg;
        char *parameter_set;
@@ -340,25 +318,25 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
        {
                case NTRU_112_BIT:
                        strength = 112;
-                       param_set = &param_sets[0];
+                       param_set_id = param_sets[0];
                        break;
                case NTRU_128_BIT:
                        strength = 128;
-                       param_set = &param_sets[1];
+                       param_set_id = param_sets[1];
                        break;
                case NTRU_192_BIT:
                        strength = 192;
-                       param_set = &param_sets[2];
+                       param_set_id = param_sets[2];
                        break;
                case NTRU_256_BIT:
                        strength = 256;
-                       param_set = &param_sets[3];
+                       param_set_id = param_sets[3];
                        break;
                default:
                        return NULL;
        }
-       DBG1(DBG_LIB, "%u bit %s NTRU parameter set %s selected", strength,
-                                  parameter_set, param_set->name);
+       DBG1(DBG_LIB, "%u bit %s NTRU parameter set %N selected", strength,
+                                  parameter_set, ntru_param_set_id_names, param_set_id);
 
        entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
        if (!entropy)
@@ -386,7 +364,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
                        },
                },
                .group = group,
-               .param_set = param_set,
+               .param_set = ntru_param_set_get_by_id(param_set_id),
                .strength = strength,
                .entropy = entropy,
                .drbg = drbg,
index 0d8a774..8f25a4a 100644 (file)
 
 #include "ntru_param_set.h"
 
+ENUM(ntru_param_set_id_names, NTRU_EES401EP1, NTRU_EES743EP1,
+       "ees401ep1",
+       "ees449ep1",
+       "ees677ep1",
+       "ees1087ep2",
+       "ees541ep1",
+       "ees613ep1",
+       "ees887ep1",
+       "ees1171ep1",
+       "ees659ep1",
+       "ees761ep1",
+       "ees1087ep1",
+       "ees1499ep1",
+       "ees401ep2",
+       "ees439ep1",
+       "ees593ep1",
+       "ees743ep1"
+);
+
 /**
  * NTRU encryption parameter set definitions
  */
 static ntru_param_set_t ntru_param_sets[] = {
 
+       /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
     {
         NTRU_EES401EP1,              /* parameter-set id */
         {0x00, 0x02, 0x04},          /* OID */
@@ -94,6 +114,7 @@ static ntru_param_set_t ntru_param_sets[] = {
         1,                           /* lLen */
     },
 
+       /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
     {
         NTRU_EES541EP1,              /* parameter-set id */
         {0x00, 0x02, 0x05},          /* OID */
@@ -166,6 +187,7 @@ static ntru_param_set_t ntru_param_sets[] = {
         1,                           /* lLen */
     },
 
+       /* X9.98/IEEE 1363.1 parameter sets for best speed */
     {
         NTRU_EES659EP1,              /* parameter-set id */
         {0x00, 0x02, 0x06},          /* OID */
@@ -238,6 +260,7 @@ static ntru_param_set_t ntru_param_sets[] = {
         1,                           /* lLen */
     },
 
+       /* Best bandwidth and speed, no X9.98 compatibility */
     {
         NTRU_EES401EP2,              /* parameter-set id */
         {0x00, 0x02, 0x10},          /* OID */
index 548e866..c3ccf89 100644 (file)
@@ -32,24 +32,30 @@ typedef struct ntru_param_set_t ntru_param_set_t;
  * NTRU encryption parameter set ID list
  */
 enum ntru_param_set_id_t {
+       /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
        NTRU_EES401EP1,
        NTRU_EES449EP1,
        NTRU_EES677EP1,
        NTRU_EES1087EP2,
+       /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
        NTRU_EES541EP1,
        NTRU_EES613EP1,
        NTRU_EES887EP1,
        NTRU_EES1171EP1,
+       /* X9.98/IEEE 1363.1 parameter sets for best speed */
        NTRU_EES659EP1,
        NTRU_EES761EP1,
        NTRU_EES1087EP1,
        NTRU_EES1499EP1,
+       /* Best bandwidth and speed, no X9.98 compatibility */
        NTRU_EES401EP2,
        NTRU_EES439EP1,
        NTRU_EES593EP1,
        NTRU_EES743EP1,
 };
 
+extern enum_name_t *ntru_param_set_id_names;
+
 /**
  * NTRU encryption parameter set definitions
  */