diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-03-07 17:25:42 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-03-07 21:56:34 +0100 |
| commit | ac17ca1ad74bb340b45ba2e894b5aa5b613e2336 (patch) | |
| tree | adb1cfac4ed39659c2b08dde9e210dd93a0b1794 /src | |
| parent | 7befce8c3f3621a556a41e862b7212425904fdbd (diff) | |
| download | strongswan-ac17ca1ad74bb340b45ba2e894b5aa5b613e2336.tar.bz2 strongswan-ac17ca1ad74bb340b45ba2e894b5aa5b613e2336.tar.xz | |
Refactored NTRU parameter set selection
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/plugins/ntru/ntru_ke.c | 58 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/ntru/ntru_param_set.c | 23 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/ntru/ntru_param_set.h | 6 |
3 files changed, 47 insertions, 40 deletions
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c index a954ed102..14bd0cd87 100644 --- a/src/libstrongswan/plugins/ntru/ntru_ke.c +++ b/src/libstrongswan/plugins/ntru/ntru_ke.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,47 +23,25 @@ #include <utils/debug.h> typedef struct private_ntru_ke_t private_ntru_ke_t; -typedef struct param_set_t param_set_t; - -/** - * Defines an NTRU parameter set by ID or OID - */ -struct param_set_t { - ntru_param_set_id_t id; - char oid[3]; - char *name; -}; /* Best bandwidth and speed, no X9.98 compatibility */ -static param_set_t param_sets_optimum[] = { - { NTRU_EES401EP2, {0x00, 0x02, 0x10}, "ees401ep2" }, - { NTRU_EES439EP1, {0x00, 0x03, 0x10}, "ees439ep1" }, - { NTRU_EES593EP1, {0x00, 0x05, 0x10}, "ees593ep1" }, - { NTRU_EES743EP1, {0x00, 0x06, 0x10}, "ees743ep1" } +static ntru_param_set_id_t param_sets_optimum[] = { + NTRU_EES401EP2, NTRU_EES439EP1, NTRU_EES593EP1, NTRU_EES743EP1 }; /* X9.98/IEEE 1363.1 parameter sets for best speed */ -static param_set_t param_sets_x9_98_speed[] = { - { NTRU_EES659EP1, {0x00, 0x02, 0x06}, "ees659ep1" }, - { NTRU_EES761EP1, {0x00, 0x03, 0x05}, "ees761ep1" }, - { NTRU_EES1087EP1, {0x00, 0x05, 0x05}, "ees1087ep1" }, - { NTRU_EES1499EP1, {0x00, 0x06, 0x05}, "ees1499ep1" } +static ntru_param_set_id_t param_sets_x9_98_speed[] = { + NTRU_EES659EP1, NTRU_EES761EP1, NTRU_EES1087EP1, NTRU_EES1499EP1 }; /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */ -static param_set_t param_sets_x9_98_bandwidth[] = { - { NTRU_EES401EP1, {0x00, 0x02, 0x04}, "ees401ep1" }, - { NTRU_EES449EP1, {0x00, 0x03, 0x03}, "ees449ep1" }, - { NTRU_EES677EP1, {0x00, 0x05, 0x03}, "ees677ep1" }, - { NTRU_EES1087EP2, {0x00, 0x06, 0x03}, "ees1087ep2" } +static ntru_param_set_id_t param_sets_x9_98_bandwidth[] = { + NTRU_EES401EP1, NTRU_EES449EP1, NTRU_EES677EP1, NTRU_EES1087EP2 }; /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */ -static param_set_t param_sets_x9_98_balance[] = { - { NTRU_EES541EP1, {0x00, 0x02, 0x05}, "ees541ep1" }, - { NTRU_EES613EP1, {0x00, 0x03, 0x04}, "ees613ep1" }, - { NTRU_EES887EP1, {0x00, 0x05, 0x04}, "ees887ep1" }, - { NTRU_EES1171EP1, {0x00, 0x06, 0x04}, "ees1171ep1" } +static ntru_param_set_id_t param_sets_x9_98_balance[] = { + NTRU_EES541EP1, NTRU_EES613EP1, NTRU_EES887EP1, NTRU_EES1171EP1 }; /** @@ -83,7 +61,7 @@ struct private_ntru_ke_t { /** * NTRU Parameter Set */ - param_set_t *param_set; + ntru_param_set_t *param_set; /** * Cryptographical strength in bits of the NTRU Parameter Set @@ -310,7 +288,7 @@ METHOD(diffie_hellman_t, destroy, void, ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) { private_ntru_ke_t *this; - param_set_t *param_sets, *param_set; + ntru_param_set_id_t *param_sets, param_set_id; rng_t *entropy; ntru_drbg_t *drbg; char *parameter_set; @@ -340,25 +318,25 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) { case NTRU_112_BIT: strength = 112; - param_set = ¶m_sets[0]; + param_set_id = param_sets[0]; break; case NTRU_128_BIT: strength = 128; - param_set = ¶m_sets[1]; + param_set_id = param_sets[1]; break; case NTRU_192_BIT: strength = 192; - param_set = ¶m_sets[2]; + param_set_id = param_sets[2]; break; case NTRU_256_BIT: strength = 256; - param_set = ¶m_sets[3]; + param_set_id = param_sets[3]; break; default: return NULL; } - DBG1(DBG_LIB, "%u bit %s NTRU parameter set %s selected", strength, - parameter_set, param_set->name); + DBG1(DBG_LIB, "%u bit %s NTRU parameter set %N selected", strength, + parameter_set, ntru_param_set_id_names, param_set_id); entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE); if (!entropy) @@ -386,7 +364,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) }, }, .group = group, - .param_set = param_set, + .param_set = ntru_param_set_get_by_id(param_set_id), .strength = strength, .entropy = entropy, .drbg = drbg, diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.c b/src/libstrongswan/plugins/ntru/ntru_param_set.c index 0d8a774e1..8f25a4af1 100644 --- a/src/libstrongswan/plugins/ntru/ntru_param_set.c +++ b/src/libstrongswan/plugins/ntru/ntru_param_set.c @@ -17,11 +17,31 @@ #include "ntru_param_set.h" +ENUM(ntru_param_set_id_names, NTRU_EES401EP1, NTRU_EES743EP1, + "ees401ep1", + "ees449ep1", + "ees677ep1", + "ees1087ep2", + "ees541ep1", + "ees613ep1", + "ees887ep1", + "ees1171ep1", + "ees659ep1", + "ees761ep1", + "ees1087ep1", + "ees1499ep1", + "ees401ep2", + "ees439ep1", + "ees593ep1", + "ees743ep1" +); + /** * NTRU encryption parameter set definitions */ static ntru_param_set_t ntru_param_sets[] = { + /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */ { NTRU_EES401EP1, /* parameter-set id */ {0x00, 0x02, 0x04}, /* OID */ @@ -94,6 +114,7 @@ static ntru_param_set_t ntru_param_sets[] = { 1, /* lLen */ }, + /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */ { NTRU_EES541EP1, /* parameter-set id */ {0x00, 0x02, 0x05}, /* OID */ @@ -166,6 +187,7 @@ static ntru_param_set_t ntru_param_sets[] = { 1, /* lLen */ }, + /* X9.98/IEEE 1363.1 parameter sets for best speed */ { NTRU_EES659EP1, /* parameter-set id */ {0x00, 0x02, 0x06}, /* OID */ @@ -238,6 +260,7 @@ static ntru_param_set_t ntru_param_sets[] = { 1, /* lLen */ }, + /* Best bandwidth and speed, no X9.98 compatibility */ { NTRU_EES401EP2, /* parameter-set id */ {0x00, 0x02, 0x10}, /* OID */ diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.h b/src/libstrongswan/plugins/ntru/ntru_param_set.h index 548e866a1..c3ccf8956 100644 --- a/src/libstrongswan/plugins/ntru/ntru_param_set.h +++ b/src/libstrongswan/plugins/ntru/ntru_param_set.h @@ -32,24 +32,30 @@ typedef struct ntru_param_set_t ntru_param_set_t; * NTRU encryption parameter set ID list */ enum ntru_param_set_id_t { + /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */ NTRU_EES401EP1, NTRU_EES449EP1, NTRU_EES677EP1, NTRU_EES1087EP2, + /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */ NTRU_EES541EP1, NTRU_EES613EP1, NTRU_EES887EP1, NTRU_EES1171EP1, + /* X9.98/IEEE 1363.1 parameter sets for best speed */ NTRU_EES659EP1, NTRU_EES761EP1, NTRU_EES1087EP1, NTRU_EES1499EP1, + /* Best bandwidth and speed, no X9.98 compatibility */ NTRU_EES401EP2, NTRU_EES439EP1, NTRU_EES593EP1, NTRU_EES743EP1, }; +extern enum_name_t *ntru_param_set_id_names; + /** * NTRU encryption parameter set definitions */ |