1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
|
/******************************************************************************
* NTRU Cryptography Reference Source Code
* Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
*
* ntru_crypto.h is a component of ntru-crypto.
*
* Copyright (C) 2009-2013 Security Innovation
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*****************************************************************************/
/******************************************************************************
*
* File: ntru_crypto.h
*
* Contents: Public header file for NTRUEncrypt.
*
*****************************************************************************/
#ifndef NTRU_CRYPTO_H
#define NTRU_CRYPTO_H
#include <library.h>
#include "ntru_drbg.h"
#if !defined( NTRUCALL )
#if !defined(WIN32) || defined (NTRUCRYPTO_STATIC)
// Linux, or a Win32 static library
#define NTRUCALL extern uint32_t
#elif defined (NTRUCRYPTO_EXPORTS)
// Win32 DLL build
#define NTRUCALL extern __declspec(dllexport) uint32_t
#else
// Win32 DLL import
#define NTRUCALL extern __declspec(dllimport) uint32_t
#endif
#endif /* NTRUCALL */
/* parameter set ID list */
typedef enum _NTRU_ENCRYPT_PARAM_SET_ID {
NTRU_EES401EP1,
NTRU_EES449EP1,
NTRU_EES677EP1,
NTRU_EES1087EP2,
NTRU_EES541EP1,
NTRU_EES613EP1,
NTRU_EES887EP1,
NTRU_EES1171EP1,
NTRU_EES659EP1,
NTRU_EES761EP1,
NTRU_EES1087EP1,
NTRU_EES1499EP1,
NTRU_EES401EP2,
NTRU_EES439EP1,
NTRU_EES593EP1,
NTRU_EES743EP1,
} NTRU_ENCRYPT_PARAM_SET_ID;
/* error codes */
#define NTRU_OK 0
#define NTRU_FAIL 1
#define NTRU_BAD_PARAMETER 2
#define NTRU_BAD_LENGTH 3
#define NTRU_BUFFER_TOO_SMALL 4
#define NTRU_INVALID_PARAMETER_SET 5
#define NTRU_BAD_PUBLIC_KEY 6
#define NTRU_BAD_PRIVATE_KEY 7
#define NTRU_OUT_OF_MEMORY 8
#define NTRU_BAD_ENCODING 9
#define NTRU_OID_NOT_RECOGNIZED 10
#define NTRU_DRBG_FAIL 11
#define NTRU_MGF1_FAIL 12
/* function declarations */
/* ntru_crypto_ntru_encrypt
*
* Implements NTRU encryption (SVES) for the parameter set specified in
* the public key blob.
*
* Before invoking this function, a DRBG must be instantiated using
* ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that
* instantiation the requested security strength must be at least as large
* as the security strength of the NTRU parameter set being used.
* Failure to instantiate the DRBG with the proper security strength will
* result in this function returning DRBG_ERROR_BASE + DRBG_BAD_LENGTH.
*
* The required minimum size of the output ciphertext buffer (ct) may be
* queried by invoking this function with ct = NULL. In this case, no
* encryption is performed, NTRU_OK is returned, and the required minimum
* size for ct is returned in ct_len.
*
* When ct != NULL, at invocation *ct_len must be the size of the ct buffer.
* Upon return it is the actual size of the ciphertext.
*
* Returns NTRU_OK if successful.
* Returns NTRU_DRBG_FAIL if the DRBG handle is invalid.
* Returns NTRU_BAD_PARAMETER if an argument pointer (other than ct) is NULL.
* Returns NTRU_BAD_LENGTH if a length argument (pubkey_blob_len or pt_len) is
* zero, or if pt_len exceeds the maximum plaintext length for the parameter set.
* Returns NTRU_BAD_PUBLIC_KEY if the public-key blob is invalid
* (unknown format, corrupt, bad length).
* Returns NTRU_BUFFER_TOO_SMALL if the ciphertext buffer is too small.
* Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
*/
NTRUCALL
ntru_crypto_ntru_encrypt(
ntru_drbg_t *drbg , /* in - handle for DRBG */
uint16_t pubkey_blob_len, /* in - no. of octets in public key
blob */
uint8_t const *pubkey_blob, /* in - pointer to public key */
uint16_t pt_len, /* in - no. of octets in plaintext */
uint8_t const *pt, /* in - pointer to plaintext */
uint16_t *ct_len, /* in/out - no. of octets in ct, addr for
no. of octets in ciphertext */
uint8_t *ct); /* out - address for ciphertext */
/* ntru_crypto_ntru_decrypt
*
* Implements NTRU decryption (SVES) for the parameter set specified in
* the private key blob.
*
* The maximum size of the output plaintext may be queried by invoking
* this function with pt = NULL. In this case, no decryption is performed,
* NTRU_OK is returned, and the maximum size the plaintext could be is
* returned in pt_len.
* Note that until the decryption is performed successfully, the actual size
* of the resulting plaintext cannot be known.
*
* When pt != NULL, at invocation *pt_len must be the size of the pt buffer.
* Upon return it is the actual size of the plaintext.
*
* Returns NTRU_OK if successful.
* Returns NTRU_BAD_PARAMETER if an argument pointer (other than pt) is NULL.
* Returns NTRU_BAD_LENGTH if a length argument (privkey_blob) is zero, or if
* ct_len is invalid for the parameter set.
* Returns NTRU_BAD_PRIVATE_KEY if the private-key blob is invalid
* (unknown format, corrupt, bad length).
* Returns NTRU_BUFFER_TOO_SMALL if the plaintext buffer is too small.
* Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
* Returns NTRU_FAIL if a decryption error occurs.
*/
NTRUCALL
ntru_crypto_ntru_decrypt(
uint16_t privkey_blob_len, /* in - no. of octets in private key
blob */
uint8_t const *privkey_blob, /* in - pointer to private key */
uint16_t ct_len, /* in - no. of octets in ciphertext */
uint8_t const *ct, /* in - pointer to ciphertext */
uint16_t *pt_len, /* in/out - no. of octets in pt, addr for
no. of octets in plaintext */
uint8_t *pt); /* out - address for plaintext */
/* ntru_crypto_ntru_encrypt_keygen
*
* Implements key generation for NTRUEncrypt for the parameter set specified.
*
* Before invoking this function, a DRBG must be instantiated using
* ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that
* instantiation the requested security strength must be at least as large
* as the security strength of the NTRU parameter set being used.
* Failure to instantiate the DRBG with the proper security strength will
* result in this function returning NTRU_DRBG_FAIL.
*
* The required minimum size of the output public-key buffer (pubkey_blob)
* may be queried by invoking this function with pubkey_blob = NULL.
* In this case, no key generation is performed, NTRU_OK is returned, and
* the required minimum size for pubkey_blob is returned in pubkey_blob_len.
*
* The required minimum size of the output private-key buffer (privkey_blob)
* may be queried by invoking this function with privkey_blob = NULL.
* In this case, no key generation is performed, NTRU_OK is returned, and
* the required minimum size for privkey_blob is returned in privkey_blob_len.
*
* The required minimum sizes of both pubkey_blob and privkey_blob may be
* queried as described above, in a single invocation of this function.
*
* When pubkey_blob != NULL and privkey_blob != NULL, at invocation
* *pubkey_blob_len must be the size of the pubkey_blob buffer and
* *privkey_blob_len must be the size of the privkey_blob buffer.
* Upon return, *pubkey_blob_len is the actual size of the public-key blob
* and *privkey_blob_len is the actual size of the private-key blob.
*
* Returns NTRU_OK if successful.
* Returns NTRU_BAD_PARAMETER if an argument pointer (other than pubkey_blob
* or privkey_blob) is NULL.
* Returns NTRU_INVALID_PARAMETER_SET if the parameter-set ID is invalid.
* Returns NTRU_BAD_LENGTH if a length argument is invalid.
* Returns NTRU_BUFFER_TOO_SMALL if either the pubkey_blob buffer or the
* privkey_blob buffer is too small.
* Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
* Returns NTRU_FAIL if the polynomial generated for f is not invertible in
* (Z/qZ)[X]/(X^N - 1), which is extremely unlikely.
* Should this occur, this function should simply be invoked again.
*/
NTRUCALL
ntru_crypto_ntru_encrypt_keygen(
ntru_drbg_t *drbg, /* in - handle of DRBG */
NTRU_ENCRYPT_PARAM_SET_ID param_set_id, /* in - parameter set ID */
uint16_t *pubkey_blob_len, /* in/out - no. of octets in
pubkey_blob, addr
for no. of octets
in pubkey_blob */
uint8_t *pubkey_blob, /* out - address for
public key blob */
uint16_t *privkey_blob_len, /* in/out - no. of octets in
privkey_blob, addr
for no. of octets
in privkey_blob */
uint8_t *privkey_blob); /* out - address for
private key blob */
#endif /* NTRU_CRYPTO_H */
|
