Home Explore Help
Register Sign In
huang_chao
/
EC600G
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 71afda5c85
Branches Tags
EC600G
/
components
/
ql-application
/
teesdk_vtrust_at demo
/
include
/
openssl
/
hrss.h

hrss.h 4.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. /* Copyright (c) 2018, Google Inc.
    2. 

  2.  *
    3. 

  3.  * Permission to use, copy, modify, and/or distribute this software for any
    4. 

  4.  * purpose with or without fee is hereby granted, provided that the above
    5. 

  5.  * copyright notice and this permission notice appear in all copies.
    6. 

  6.  *
    7. 

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    8. 

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    9. 

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
    10. 

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    11. 

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
    12. 

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
    13. 

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
    14. 

  14. 

  15. #ifndef OPENSSL_HEADER_HRSS_H
    16. 

  16. #define OPENSSL_HEADER_HRSS_H
    17. 

  17. 

  18. #include <openssl/base.h>
    19. 

  19. 

  20. #if defined(__cplusplus)
    21. 

  21. extern "C" {
    22. 

  22. #endif
    23. 

  23. 

  24. // HRSS
    25. 

  25. //
    26. 

  26. // HRSS is a structured-lattice-based post-quantum key encapsulation mechanism.
    27. 

  27. // The best exposition is https://eprint.iacr.org/2017/667.pdf although this
    28. 

  28. // implementation uses a different KEM construction based on
    29. 

  29. // https://eprint.iacr.org/2017/1005.pdf.
    30. 

  30. 

  31. struct HRSS_private_key {
    32. 

  32.   uint8_t opaque[1808];
    33. 

  33. };
    34. 

  34. 

  35. struct HRSS_public_key {
    36. 

  36.   uint8_t opaque[1424];
    37. 

  37. };
    38. 

  38. 

  39. // HRSS_SAMPLE_BYTES is the number of bytes of entropy needed to generate a
    40. 

  40. // short vector. There are 701 coefficients, but the final one is always set to
    41. 

  41. // zero when sampling. Otherwise, we need one byte of input per coefficient.
    42. 

  42. #define HRSS_SAMPLE_BYTES (701 - 1)
    43. 

  43. // HRSS_GENERATE_KEY_BYTES is the number of bytes of entropy needed to generate
    44. 

  44. // an HRSS key pair.
    45. 

  45. #define HRSS_GENERATE_KEY_BYTES (HRSS_SAMPLE_BYTES + HRSS_SAMPLE_BYTES + 32)
    46. 

  46. // HRSS_ENCAP_BYTES is the number of bytes of entropy needed to encapsulate a
    47. 

  47. // session key.
    48. 

  48. #define HRSS_ENCAP_BYTES (HRSS_SAMPLE_BYTES + HRSS_SAMPLE_BYTES)
    49. 

  49. // HRSS_PUBLIC_KEY_BYTES is the number of bytes in a public key.
    50. 

  50. #define HRSS_PUBLIC_KEY_BYTES 1138
    51. 

  51. // HRSS_CIPHERTEXT_BYTES is the number of bytes in a ciphertext.
    52. 

  52. #define HRSS_CIPHERTEXT_BYTES 1138
    53. 

  53. // HRSS_KEY_BYTES is the number of bytes in a shared key.
    54. 

  54. #define HRSS_KEY_BYTES 32
    55. 

  55. // HRSS_POLY3_BYTES is the number of bytes needed to serialise a mod 3
    56. 

  56. // polynomial.
    57. 

  57. #define HRSS_POLY3_BYTES 140
    58. 

  58. #define HRSS_PRIVATE_KEY_BYTES \
    59. 

  59.   (HRSS_POLY3_BYTES * 2 + HRSS_PUBLIC_KEY_BYTES + 2 + 32)
    60. 

  60. 

  61. // HRSS_generate_key is a deterministic function that outputs a public and
    62. 

  62. // private key based on the given entropy. It returns one on success or zero
    63. 

  63. // on malloc failure.
    64. 

  64. OPENSSL_EXPORT int HRSS_generate_key(
    65. 

  65.     struct HRSS_public_key *out_pub, struct HRSS_private_key *out_priv,
    66. 

  66.     const uint8_t input[HRSS_GENERATE_KEY_BYTES]);
    67. 

  67. 

  68. // HRSS_encap is a deterministic function the generates and encrypts a random
    69. 

  69. // session key from the given entropy, writing those values to |out_shared_key|
    70. 

  70. // and |out_ciphertext|, respectively. It returns one on success or zero on
    71. 

  71. // malloc failure.
    72. 

  72. OPENSSL_EXPORT int HRSS_encap(uint8_t out_ciphertext[HRSS_CIPHERTEXT_BYTES],
    73. 

  73.                               uint8_t out_shared_key[HRSS_KEY_BYTES],
    74. 

  74.                               const struct HRSS_public_key *in_pub,
    75. 

  75.                               const uint8_t in[HRSS_ENCAP_BYTES]);
    76. 

  76. 

  77. // HRSS_decap decrypts a session key from |ciphertext_len| bytes of
    78. 

  78. // |ciphertext|. If the ciphertext is valid, the decrypted key is written to
    79. 

  79. // |out_shared_key|. Otherwise the HMAC of |ciphertext| under a secret key (kept
    80. 

  80. // in |in_priv|) is written. If the ciphertext is the wrong length then it will
    81. 

  81. // leak which was done via side-channels. Otherwise it should perform either
    82. 

  82. // action in constant-time. It returns one on success (whether the ciphertext
    83. 

  83. // was valid or not) and zero on malloc failure.
    84. 

  84. OPENSSL_EXPORT int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
    85. 

  85.                               const struct HRSS_private_key *in_priv,
    86. 

  86.                               const uint8_t *ciphertext, size_t ciphertext_len);
    87. 

  87. 

  88. // HRSS_marshal_public_key serialises |in_pub| to |out|.
    89. 

  89. OPENSSL_EXPORT void HRSS_marshal_public_key(
    90. 

  90.     uint8_t out[HRSS_PUBLIC_KEY_BYTES], const struct HRSS_public_key *in_pub);
    91. 

  91. 

  92. // HRSS_parse_public_key sets |*out| to the public-key encoded in |in|. It
    93. 

  93. // returns true on success and zero on error.
    94. 

  94. OPENSSL_EXPORT int HRSS_parse_public_key(
    95. 

  95.     struct HRSS_public_key *out, const uint8_t in[HRSS_PUBLIC_KEY_BYTES]);
    96. 

  96. 

  97. 

  98. #if defined(__cplusplus)
    99. 

  99. }  // extern C
    100. 

  100. #endif
    101. 

  101. 

  102. #endif  // OPENSSL_HEADER_HRSS_H
    103.