]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libstrongswan/plugins/bliss/bliss_param_set.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright headers after acquisition by secunet
[thirdparty/strongswan.git] / src / libstrongswan / plugins / bliss / bliss_param_set.c
1 /*
2 * Copyright (C) 2014 Andreas Steffen
3 *
4 * Copyright (C) secunet Security Networks AG
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "bliss_param_set.h"
18
19 #include <asn1/oid.h>
20
21 ENUM(bliss_param_set_id_names, BLISS_I, BLISS_B_IV,
22 "BLISS-I",
23 "BLISS-II",
24 "BLISS-III",
25 "BLISS-IV",
26 "BLISS-B-I",
27 "BLISS-B-II",
28 "BLISS-B-III",
29 "BLISS-B-IV"
30 );
31
32 /**
33 * sigma = 215, k_sigma = ceiling[ sqrt(2*ln 2) * sigma ] = 254
34 *
35 * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 93'076.9
36 */
37 static const uint8_t c_bliss_i[] = {
38 255, 255, 75, 191, 247, 94, 30, 51, 147, 246, 89, 59, 99, 248, 26, 128,
39 255, 254, 151, 128, 109, 166, 88, 143, 30, 175, 149, 20, 240, 81, 138, 111,
40 255, 253, 47, 2, 214, 243, 188, 76, 236, 235, 40, 62, 54, 35, 33, 205,
41 255, 250, 94, 13, 156, 120, 121, 216, 255, 120, 90, 11, 39, 232, 120, 111,
42 255, 244, 188, 58, 242, 219, 157, 174, 6, 31, 131, 75, 88, 109, 112, 107,
43 255, 233, 120, 244, 202, 151, 25, 10, 197, 109, 113, 255, 157, 89, 182, 141,
44 255, 210, 243, 229, 18, 88, 50, 239, 130, 192, 12, 167, 62, 254, 211, 202,
45 255, 165, 239, 183, 102, 186, 123, 249, 251, 59, 116, 143, 50, 174, 125, 198,
46 255, 75, 255, 30, 65, 137, 228, 148, 14, 17, 113, 251, 81, 177, 151, 168,
47 254, 152, 124, 205, 192, 136, 102, 79, 5, 62, 214, 95, 36, 223, 7, 20,
48 253, 50, 242, 124, 187, 59, 68, 224, 90, 156, 53, 202, 9, 44, 191, 226,
49 250, 109, 189, 110, 40, 124, 88, 12, 83, 78, 176, 86, 12, 102, 13, 41,
50 244, 250, 133, 6, 3, 13, 45, 9, 120, 121, 150, 237, 69, 190, 62, 16,
51 234, 110, 130, 187, 138, 174, 82, 229, 217, 154, 88, 138, 228, 153, 230, 13,
52 214, 174, 54, 179, 117, 116, 223, 152, 97, 84, 31, 99, 68, 150, 122, 244,
53 180, 7, 186, 2, 112, 3, 68, 13, 123, 133, 244, 184, 232, 216, 133, 18,
54 126, 154, 221, 207, 32, 206, 66, 171, 94, 100, 164, 194, 117, 191, 1, 209,
55 62, 156, 208, 7, 129, 173, 200, 3, 23, 248, 140, 60, 69, 217, 195, 235,
56 15, 80, 84, 209, 213, 2, 107, 160, 1, 152, 43, 130, 93, 95, 241, 218,
57 0, 234, 131, 37, 182, 53, 201, 231, 26, 2, 151, 161, 13, 214, 150, 145,
58 0, 0, 214, 212, 4, 32, 184, 94, 84, 90, 244, 139, 48, 69, 33, 38
59 };
60
61 /**
62 * sigma = 250, k_sigma = ceiling[ sqrt(2*ln 2) * sigma ] = 295
63 *
64 * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 125'550.5
65 */
66 static const uint8_t c_bliss_iii[] = {
67 255, 255, 122, 95, 16, 128, 14, 195, 60, 90, 166, 191, 205, 26, 144, 204,
68 255, 254, 244, 190, 102, 192, 187, 141, 169, 92, 33, 30, 170, 141, 184, 56,
69 255, 253, 233, 125, 228, 131, 93, 148, 121, 92, 52, 122, 149, 96, 29, 66,
70 255, 251, 211, 0, 37, 9, 199, 244, 213, 217, 122, 205, 171, 200, 198, 5,
71 255, 247, 166, 17, 185, 251, 90, 150, 1, 28, 7, 205, 125, 46, 84, 201,
72 255, 239, 76, 105, 50, 114, 159, 235, 215, 165, 204, 182, 125, 143, 228, 222,
73 255, 222, 153, 233, 85, 187, 45, 204, 236, 229, 38, 180, 20, 161, 7, 167,
74 255, 189, 56, 46, 38, 4, 83, 8, 151, 137, 136, 1, 9, 180, 58, 204,
75 255, 122, 129, 199, 240, 52, 248, 193, 76, 26, 160, 32, 195, 250, 217, 25,
76 254, 245, 73, 44, 68, 229, 150, 74, 228, 74, 124, 249, 123, 94, 108, 127,
77 253, 235, 168, 56, 252, 93, 188, 160, 249, 137, 236, 65, 62, 182, 153, 63,
78 251, 219, 163, 110, 233, 251, 114, 216, 230, 35, 59, 210, 107, 100, 184, 16,
79 247, 200, 110, 236, 134, 237, 213, 111, 240, 149, 109, 22, 216, 213, 237, 145,
80 239, 212, 98, 249, 238, 1, 227, 248, 242, 51, 211, 134, 154, 115, 189, 83,
81 224, 174, 65, 2, 190, 158, 9, 6, 184, 13, 130, 104, 247, 102, 38, 160,
82 197, 49, 104, 97, 61, 210, 19, 115, 208, 54, 91, 27, 209, 227, 33, 26,
83 151, 229, 20, 46, 200, 238, 35, 134, 72, 183, 253, 160, 193, 155, 117, 103,
84 90, 32, 10, 204, 78, 83, 191, 230, 0, 221, 219, 6, 43, 252, 185, 95,
85 31, 186, 139, 154, 90, 155, 17, 9, 42, 139, 40, 111, 246, 175, 4, 15,
86 3, 238, 181, 190, 138, 94, 50, 234, 128, 193, 95, 36, 65, 236, 170, 208,
87 0, 15, 118, 216, 230, 142, 121, 211, 13, 168, 207, 126, 145, 176, 24, 201
88 };
89
90 /**
91 * sigma = 271, k_sigma = ceiling[ sqrt(2*ln 2) * sigma ] = 320
92 *
93 * c[i] = exp(-2^i/f), i = 0..21, with f = k_sigma^2 / ln 2 = 147'732.0
94 */
95 static const uint8_t c_bliss_iv[] = {
96 255, 255, 142, 111, 102, 2, 141, 87, 150, 42, 18, 70, 6, 224, 18, 70,
97 255, 255, 28, 222, 254, 102, 20, 78, 133, 78, 189, 107, 29, 7, 23, 193,
98 255, 254, 57, 190, 198, 79, 181, 181, 108, 75, 142, 145, 45, 238, 193, 29,
99 255, 252, 115, 128, 178, 170, 212, 166, 120, 157, 85, 96, 209, 180, 211, 83,
100 255, 248, 231, 13, 253, 108, 245, 46, 238, 155, 30, 99, 141, 228, 149, 239,
101 255, 241, 206, 78, 90, 132, 83, 172, 228, 179, 119, 115, 240, 51, 216, 6,
102 255, 227, 157, 102, 46, 28, 61, 128, 58, 114, 174, 136, 8, 224, 133, 84,
103 255, 199, 61, 242, 19, 216, 133, 241, 240, 22, 146, 43, 92, 57, 82, 248,
104 255, 142, 136, 121, 160, 225, 119, 214, 241, 44, 159, 34, 133, 118, 96, 60,
105 255, 29, 67, 61, 254, 49, 27, 152, 48, 124, 184, 87, 66, 214, 63, 133,
106 254, 59, 79, 77, 206, 26, 238, 42, 69, 81, 191, 149, 146, 76, 255, 232,
107 252, 121, 191, 28, 11, 107, 141, 223, 234, 42, 226, 50, 138, 102, 16, 97,
108 248, 255, 234, 37, 109, 169, 103, 25, 240, 109, 93, 165, 177, 22, 133, 100,
109 242, 48, 213, 124, 209, 49, 33, 48, 57, 237, 202, 62, 102, 132, 219, 48,
110 229, 32, 92, 240, 188, 88, 70, 34, 179, 94, 244, 70, 25, 123, 76, 140,
111 205, 18, 234, 94, 14, 226, 237, 76, 192, 18, 240, 50, 79, 63, 34, 96,
112 164, 71, 76, 192, 111, 161, 157, 188, 19, 189, 133, 246, 67, 127, 6, 28,
113 105, 107, 110, 50, 56, 199, 208, 174, 16, 95, 153, 106, 217, 198, 194, 179,
114 43, 105, 77, 122, 127, 254, 146, 221, 44, 235, 61, 22, 179, 9, 113, 118,
115 7, 92, 139, 87, 204, 239, 111, 200, 41, 129, 122, 49, 69, 113, 122, 239,
116 0, 54, 49, 19, 64, 40, 218, 222, 60, 82, 186, 246, 64, 155, 184, 47,
117 0, 0, 11, 120, 189, 135, 113, 62, 143, 175, 118, 239, 190, 120, 189, 250
118 };
119
120 /**
121 * BLISS signature parameter set definitions
122 */
123 static const bliss_param_set_t bliss_param_sets[] = {
124
125 /* BLISS-I scheme */
126 {
127 .id = BLISS_I,
128 .oid = OID_BLISS_I,
129 .strength = 128,
130 .q = 12289,
131 .q_bits = 14,
132 .q2_inv = 6145,
133 .n = 512,
134 .n_bits = 9,
135 .fft_params = &ntt_fft_12289_512,
136 .non_zero1 = 154,
137 .non_zero2 = 0,
138 .kappa = 23,
139 .nks_max = 46479,
140 .p_max = 0, /* not needed */
141 .sigma = 215,
142 .k_sigma = 254,
143 .k_sigma_bits = 8,
144 .c = c_bliss_i,
145 .c_cols = 16,
146 .c_rows = 21,
147 .z1_bits = 12,
148 .d = 10,
149 .p = 24,
150 .M = 46539, /* with alpha = 1.000 */
151 .B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */
152 .B_l2 = 12872 * 12872
153 },
154
155 /* BLISS-III scheme */
156 {
157 .id = BLISS_III,
158 .oid = OID_BLISS_III,
159 .strength = 160,
160 .q = 12289,
161 .q_bits = 14,
162 .q2_inv = 6145,
163 .n = 512,
164 .n_bits = 9,
165 .fft_params = &ntt_fft_12289_512,
166 .non_zero1 = 216,
167 .non_zero2 = 16,
168 .kappa = 30,
169 .nks_max = 128626,
170 .p_max = 0, /* not needed */
171 .sigma = 250,
172 .k_sigma = 295,
173 .k_sigma_bits = 9,
174 .c = c_bliss_iii,
175 .c_cols = 16,
176 .c_rows = 21,
177 .z1_bits = 12,
178 .d = 9,
179 .p = 48,
180 .M = 128113, /* with alpha = 0.700 */
181 .B_inf = 1760,
182 .B_l2 = 10206 * 10206
183 },
184
185 /* BLISS-IV scheme */
186 {
187 .id = BLISS_IV,
188 .oid = OID_BLISS_IV,
189 .strength = 192,
190 .q = 12289,
191 .q_bits = 14,
192 .q2_inv = 6145,
193 .n = 512,
194 .n_bits = 9,
195 .fft_params = &ntt_fft_12289_512,
196 .non_zero1 = 231,
197 .non_zero2 = 31,
198 .kappa = 39,
199 .nks_max = 244669,
200 .p_max = 0, /* not needed */
201 .sigma = 271,
202 .k_sigma = 320,
203 .k_sigma_bits = 9,
204 .c = c_bliss_iv,
205 .c_cols = 16,
206 .c_rows = 22,
207 .z1_bits = 12,
208 .d = 8,
209 .p = 96,
210 .M = 244186, /* with alpha = 0.550 */
211 .B_inf = 1613,
212 .B_l2 = 9901 * 9901
213 },
214
215 /* BLISS-B-I scheme */
216 {
217 .id = BLISS_B_I,
218 .oid = OID_BLISS_B_I,
219 .strength = 128,
220 .q = 12289,
221 .q_bits = 14,
222 .q2_inv = 6145,
223 .n = 512,
224 .n_bits = 9,
225 .fft_params = &ntt_fft_12289_512,
226 .non_zero1 = 154,
227 .non_zero2 = 0,
228 .kappa = 23,
229 .nks_max = 0, /* not needed */
230 .p_max = 17825,
231 .sigma = 215,
232 .k_sigma = 254,
233 .k_sigma_bits = 8,
234 .c = c_bliss_i,
235 .c_cols = 16,
236 .c_rows = 21,
237 .z1_bits = 12,
238 .d = 10,
239 .p = 24,
240 .M = 17954, /* with alpha = 1.610 */
241 .B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */
242 .B_l2 = 12872 * 12872
243 },
244
245 /* BLISS-B-III scheme */
246 {
247 .id = BLISS_B_III,
248 .oid = OID_BLISS_B_III,
249 .strength = 160,
250 .q = 12289,
251 .q_bits = 14,
252 .q2_inv = 6145,
253 .n = 512,
254 .n_bits = 9,
255 .fft_params = &ntt_fft_12289_512,
256 .non_zero1 = 216,
257 .non_zero2 = 16,
258 .kappa = 30,
259 .nks_max = 0, /* not needed */
260 .p_max = 42270,
261 .sigma = 250,
262 .k_sigma = 295,
263 .k_sigma_bits = 9,
264 .c = c_bliss_iii,
265 .c_cols = 16,
266 .c_rows = 21,
267 .z1_bits = 12,
268 .d = 9,
269 .p = 48,
270 .M = 42455, /* with alpha = 1.216 */
271 .B_inf = 1760,
272 .B_l2 = 10206 * 10206
273 },
274
275 /* BLISS-B-IV scheme */
276 {
277 .id = BLISS_B_IV,
278 .oid = OID_BLISS_B_IV,
279 .strength = 192,
280 .q = 12289,
281 .q_bits = 14,
282 .q2_inv = 6145,
283 .n = 512,
284 .n_bits = 9,
285 .fft_params = &ntt_fft_12289_512,
286 .non_zero1 = 231,
287 .non_zero2 = 31,
288 .kappa = 39,
289 .nks_max = 0, /* not needed */
290 .p_max = 69576,
291 .sigma = 271,
292 .k_sigma = 320,
293 .k_sigma_bits = 9,
294 .c = c_bliss_iv,
295 .c_cols = 16,
296 .c_rows = 22,
297 .z1_bits = 12,
298 .d = 8,
299 .p = 96,
300 .M = 70034, /* with alpha = 1.027 */
301 .B_inf = 1613,
302 .B_l2 = 9901 * 9901
303 }
304
305 };
306
307 /**
308 * See header.
309 */
310 const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id)
311 {
312 int i;
313
314 for (i = 0; i < countof(bliss_param_sets); i++)
315 {
316 if (bliss_param_sets[i].id == id)
317 {
318 return &bliss_param_sets[i];
319 }
320 }
321 return NULL;
322 }
323
324
325 /**
326 * See header.
327 */
328 const bliss_param_set_t* bliss_param_set_get_by_oid(int oid)
329 {
330 int i;
331
332 for (i = 0; i < countof(bliss_param_sets); i++)
333 {
334 if (bliss_param_sets[i].oid == oid)
335 {
336 return &bliss_param_sets[i];
337 }
338 }
339 return NULL;
340 }
Unnamed repository; edit this file 'description' to name the repository.