-
Notifications
You must be signed in to change notification settings - Fork 0
/
strobe_config.h
183 lines (154 loc) · 5.17 KB
/
strobe_config.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
/**
* @file strobe_config.h
* @copyright
* Copyright (c) 2016 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
* @author Mike Hamburg
* @brief Configuration for STROBE code.
*/
#ifndef __STROBE_CONFIG_H__
#define __STROBE_CONFIG_H__
/****************************************************************/
/* STROBE */
/****************************************************************/
#ifndef STROBE_INTEROP_F_BITS
/** INTEROP: STROBE bit size. Default is Keccak-F800. */
#define STROBE_INTEROP_F_BITS 800
#endif
#ifndef STROBE_INTEROP_V_MAJOR
/** INTEROP: STROBE major version number. */
#define STROBE_INTEROP_V_MAJOR 1
#endif
#ifndef STROBE_INTEROP_V_MINOR
/** INTEROP: STROBE minor version number. */
#define STROBE_INTEROP_V_MINOR 0
#endif
#ifndef STROBE_INTEROP_V_PATCH
/** INTEROP: STROBE patch version number. */
#define STROBE_INTEROP_V_PATCH 2
#endif
#ifndef STROBE_INTEROP_SECURITY_BITS
/**
* INTEROP: STROBE nominal security strength, in bits.
*
* The capacity of the sponge will be 2*STROBE_INTEROP_SECURITY_BITS
* long. Therefore certain security properties will scale better
* than the 128-bit security level implies. In particular, if you
* use 256-bit keys at a 128-bit security level, the 128-bit security
* holds even if the attacker acquires enormous amounts of data.
*/
#define STROBE_INTEROP_SECURITY_BITS 128
#endif
#ifndef STROBE_INTEROP_RATCHET_BYTES
/** INTEROP: number of bytes used by default ratchet operations */
#define STROBE_INTEROP_RATCHET_BYTES (STROBE_INTEROP_SECURITY_BITS/8)
#endif
#ifndef STROBE_SINGLE_THREAD
/**
* If set, assert that STROBE functions (in particular, strobe_randomize)
* will only ever be called by a single thread, so that thread-safety is not
* required.
*/
#define STROBE_SINGLE_THREAD 0
#endif
#ifndef STROBE_IO_CTX_HAS_FD
/** IO contexts has a "file descriptor" pointer (for sockets on a non-embedded system) */
#define STROBE_IO_CTX_HAS_FD 1
#endif
#ifndef STROBE_OPT_FOR_SIZE
/** Global: optimize STROBE code for size at the expense of speed. */
#define STROBE_OPT_FOR_SIZE 0
#endif
#ifndef STROBE_OPT_FOR_SPEED
/** Global: optimize STROBE code for speed at the expense of size. */
#define STROBE_OPT_FOR_SPEED 0
#endif
#ifndef STROBE_SANITY_CHECK_FLAGS
/** On each operation, sanity-check that the flags requested are actually
* implemented, eg that the caller isn't using the MORE flag when the callee
* ifdef'd it out.
*/
#define STROBE_SANITY_CHECK_FLAGS 1
#endif
#ifndef STROBE_SUPPORT_PRNG
/** Support pseudorandom generator.
* Required by A New Hope, convenience ECDH, nondeterministic signing.
*/
#define STROBE_SUPPORT_PRNG 1
#endif
#ifndef STROBE_SUPPORT_FLAG_POST
/** Support experimental post-op flags FLAG_POST_RATCHET, FLAG_POST_MAC */
#define STROBE_SUPPORT_FLAG_POST 1
#endif
#ifndef STROBE_INTEROP_MAC_BYTES
/** The MAC length, used by MAC convenience functions */
#define STROBE_INTEROP_MAC_BYTES 16
#endif
#ifndef STROBE_CW_MAX_LENGTH_BYTES
/** Maximum number of bytes in a length field */
#define STROBE_CW_MAX_LENGTH_BYTES 4
#endif
#ifndef STROBE_CONVENIENCE_ECDH
/** Support convenient strobe_eph_ecdh function.
*
* You might not want this even if you're using ECDH, because
* it implies a particular message flow.
*/
#define STROBE_CONVENIENCE_ECDH 1
#endif
/****************************************************************/
/* X25519 */
/****************************************************************/
#ifndef X25519_SUPPORT_SIGN
/** Support creation of X25519 signatures. NB: these are different from Ed25519 signatures! */
#define X25519_SUPPORT_SIGN 1
#endif
#ifndef X25519_DETERMINISTIC_SIGS
/** Make X25519 signatures deterministic */
#define X25519_DETERMINISTIC_SIGS 1
#endif
#ifndef X25519_SUPPORT_VERIFY
/** Support verification of X25519 signatures. */
#define X25519_SUPPORT_VERIFY X25519_SUPPORT_SIGN
#endif
#ifndef STROBE_EC_SIGN_P1
/** Default sign and verify algorithms. */
#if X25519_SUPPORT_SIGN
#define STROBE_EC_SIGN_P1 x25519_base_uniform
#define STROBE_EC_SIGN_P2 x25519_sign_p2
#endif
#if X25519_SUPPORT_VERIFY
#define STROBE_EC_VERIFY x25519_verify_p2
#endif
#endif
#ifndef STROBE_SUPPORT_CERT_VERIFY
/** Support certificate verify */
#define STROBE_SUPPORT_CERT_VERIFY X25519_SUPPORT_VERIFY
#endif
#ifndef X25519_USE_POWER_CHAIN
/** Use less time and more code for inversion in X25519 */
#define X25519_USE_POWER_CHAIN (!STROBE_OPT_FOR_SIZE)
#endif
#ifndef X25519_WBITS
/** Curve25519: Internal word width for implementation. Should be
* set to the target machine's word size. Supported 16, 32, 64.
*/
#ifdef __SIZEOF_INT128__
#define X25519_WBITS 64
#else
#define X25519_WBITS 32
#endif
#endif
#ifndef X25519_MEMCPY_PARAMS
/** Copy parameters in and out instead of referencing them.
* Required on big-endian systems and those with strong alignment constraints.
*/
#if __ARMEL__ && defined(__ARM_FEATURE_UNALIGNED) && __ARM_FEATURE_UNALIGNED == 0
#define X25519_MEMCPY_PARAMS 1
#elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
#define X25519_MEMCPY_PARAMS 0
#else
#define X25519_MEMCPY_PARAMS 1
#endif
#endif
#endif // __STROBE_CONFIG_H__