-
Notifications
You must be signed in to change notification settings - Fork 564
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ad660cc
commit 0c1a815
Showing
19 changed files
with
265 additions
and
86 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
51 changes: 51 additions & 0 deletions
51
src/lib/pubkey/frodokem/frodokem_aes/frodo_expansion_aes.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
/* | ||
* FrodoKEM seed expansion w/ AES | ||
* Based on the MIT licensed reference implementation by the designers | ||
* (https://github.com/microsoft/PQCrypto-LWEKE/tree/master/src) | ||
* | ||
* The Fellowship of the FrodoKEM: | ||
* (C) 2023 Jack Lloyd | ||
* 2023 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity | ||
* | ||
* Botan is released under the Simplified BSD License (see license.txt) | ||
*/ | ||
|
||
#include <botan/assert.h> | ||
#include <botan/block_cipher.h> | ||
#include <botan/internal/aes.h> | ||
#include <botan/internal/frodo_constants.h> | ||
#include <botan/internal/frodo_expansion_aes.h> | ||
#include <botan/internal/loadstor.h> | ||
#include <botan/internal/stl_util.h> | ||
|
||
namespace Botan { | ||
|
||
FrodoRowGenerator frodo_aes_row_generator(const FrodoKEMConstants& constants, StrongSpan<const FrodoSeedA> seed_a) { | ||
BOTAN_ASSERT_NOMSG(constants.mode().is_aes()); | ||
|
||
// precondition the block cipher for "seed a" to avoid | ||
// regenerating the AES' key schedule for each matrix row | ||
AES_128 aes; | ||
aes.set_key(seed_a); | ||
|
||
return FrodoRowGenerator([n = constants.n(), aes](std::span<uint8_t> out, uint16_t i) mutable { | ||
BufferStuffer out_bs(out); | ||
|
||
for(size_t j = 0; j < n; j += 8) { | ||
// set up the to-be-encrypted 'b' value in the out variable | ||
// for in-place encryption of the block cipher | ||
auto out_coefs = out_bs.next(aes.block_size()); | ||
|
||
// b = i || j || 0000... | ||
store_le(static_cast<uint16_t>(i), out_coefs.data()); | ||
store_le(static_cast<uint16_t>(j), out_coefs.data() + sizeof(uint16_t)); | ||
for(size_t ii = 4; ii < out_coefs.size(); ++ii) { | ||
out_coefs[ii] = 0; | ||
} | ||
|
||
aes.encrypt(out_coefs); | ||
} | ||
}); | ||
} | ||
|
||
} // namespace Botan |
28 changes: 28 additions & 0 deletions
28
src/lib/pubkey/frodokem/frodokem_aes/frodo_expansion_aes.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
/* | ||
* FrodoKEM seed expansion w/ AES | ||
* Based on the MIT licensed reference implementation by the designers | ||
* (https://github.com/microsoft/PQCrypto-LWEKE/tree/master/src) | ||
* | ||
* The Fellowship of the FrodoKEM: | ||
* (C) 2023 Jack Lloyd | ||
* 2023 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity | ||
* | ||
* Botan is released under the Simplified BSD License (see license.txt) | ||
*/ | ||
|
||
#ifndef BOTAN_FRODOKEM_EXPANSION_AES_H_ | ||
#define BOTAN_FRODOKEM_EXPANSION_AES_H_ | ||
|
||
#include <botan/internal/frodo_constants.h> | ||
#include <botan/internal/frodo_types.h> | ||
|
||
#include <tuple> | ||
#include <utility> | ||
#include <vector> | ||
|
||
namespace Botan { | ||
|
||
FrodoRowGenerator frodo_aes_row_generator(const FrodoKEMConstants& constants, StrongSpan<const FrodoSeedA> seed_a); | ||
} | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
<defines> | ||
FRODOKEM_AES -> 20231004 | ||
</defines> | ||
|
||
<module_info> | ||
name -> "FrodoKEM AES" | ||
</module_info> | ||
|
||
<requires> | ||
aes | ||
shake_xof | ||
sha3 | ||
frodokem_common | ||
</requires> | ||
|
||
<header:internal> | ||
frodo_expansion_aes.h | ||
</header:internal> |
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
7 changes: 4 additions & 3 deletions
7
src/lib/pubkey/frodokem/info.txt → .../pubkey/frodokem/frodokem_common/info.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
src/lib/pubkey/frodokem/frodokem_shake/frodo_expansion_shake.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/* | ||
* FrodoKEM seed expansion w/ SHAKE | ||
* Based on the MIT licensed reference implementation by the designers | ||
* (https://github.com/microsoft/PQCrypto-LWEKE/tree/master/src) | ||
* | ||
* The Fellowship of the FrodoKEM: | ||
* (C) 2023 Jack Lloyd | ||
* 2023 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity | ||
* | ||
* Botan is released under the Simplified BSD License (see license.txt) | ||
*/ | ||
|
||
#include <botan/assert.h> | ||
#include <botan/internal/frodo_constants.h> | ||
#include <botan/internal/frodo_expansion_shake.h> | ||
#include <botan/internal/loadstor.h> | ||
#include <botan/internal/shake_xof.h> | ||
|
||
namespace Botan { | ||
|
||
FrodoRowGenerator frodo_shake_row_generator(const FrodoKEMConstants& constants, StrongSpan<const FrodoSeedA> seed_a) { | ||
BOTAN_ASSERT_NOMSG(constants.mode().is_shake()); | ||
|
||
SHAKE_128_XOF xof; | ||
return FrodoRowGenerator([xof, a = FrodoSeedA(seed_a)](std::span<uint8_t> out, uint16_t i) mutable { | ||
xof.clear(); | ||
// TODO: update that once #3707 is merged | ||
// potentially add a new method: std::array<uint8_t, XX> as_le(uintXX_t) | ||
std::array<uint8_t, 2> le; | ||
store_le(i, le.data()); | ||
xof.update(le); | ||
xof.update(a); | ||
xof.output(out); | ||
}); | ||
} | ||
|
||
} // namespace Botan |
29 changes: 29 additions & 0 deletions
29
src/lib/pubkey/frodokem/frodokem_shake/frodo_expansion_shake.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
/* | ||
* FrodoKEM seed expansion w/ SHAKE | ||
* Based on the MIT licensed reference implementation by the designers | ||
* (https://github.com/microsoft/PQCrypto-LWEKE/tree/master/src) | ||
* | ||
* The Fellowship of the FrodoKEM: | ||
* (C) 2023 Jack Lloyd | ||
* 2023 René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity | ||
* | ||
* Botan is released under the Simplified BSD License (see license.txt) | ||
*/ | ||
|
||
#ifndef BOTAN_FRODOKEM_EXPANSION_SHAKE_H_ | ||
#define BOTAN_FRODOKEM_EXPANSION_SHAKE_H_ | ||
|
||
#include <botan/internal/frodo_constants.h> | ||
#include <botan/internal/frodo_types.h> | ||
|
||
#include <tuple> | ||
#include <utility> | ||
#include <vector> | ||
|
||
namespace Botan { | ||
|
||
FrodoRowGenerator frodo_shake_row_generator(const FrodoKEMConstants& constants, StrongSpan<const FrodoSeedA> seed_a); | ||
|
||
} // namespace Botan | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<defines> | ||
FRODOKEM_SHAKE -> 20231004 | ||
</defines> | ||
|
||
<module_info> | ||
name -> "FrodoKEM SHAKE" | ||
</module_info> | ||
|
||
<requires> | ||
shake_xof | ||
sha3 | ||
frodokem_common | ||
</requires> | ||
|
||
<header:internal> | ||
frodo_expansion_shake.h | ||
</header:internal> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.