Functions
static int	lc_kex_ake_initiator_init (struct lc_kyber_pk pk_e_i, struct lc_kyber_ct ct_e_i, struct lc_kyber_ss tk, struct lc_kyber_sk sk_e, const struct lc_kyber_pk *pk_r)
	Initialize authenticated key exchange.

static int	lc_kex_ake_responder_ss (struct lc_kyber_ct ct_e_r_1, struct lc_kyber_ct ct_e_r_2, uint8_t shared_secret, size_t shared_secret_len, const uint8_t kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_pk pk_e_i, const struct lc_kyber_ct ct_e_i, const struct lc_kyber_sk sk_r, const struct lc_kyber_pk pk_i)
	Initiator's shared secret generation.

static int	lc_kex_ake_initiator_ss (uint8_t shared_secret, size_t shared_secret_len, const uint8_t kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_ct ct_e_r_1, const struct lc_kyber_ct ct_e_r_2, const struct lc_kyber_ss tk, const struct lc_kyber_sk sk_e, const struct lc_kyber_sk *sk_i)
	Responder's shared secret generation.

Detailed Description

The key exchange provides a shared secret between two communication parties. The initiator and responder authenticates the key exchange with their private keys.

The idea is that the pk_i/sk_i and pk_r/sk_r key pairs are static key pairs that are generated and exchanged before the KEX handshake. For the authenticated key exchange, both sides use the respective peer's public key which implies either side authenticates the other end.

               Alice (initiator)               Bob (responder)
 
Step 1 generate static keypair         generate static keypair
               Result:                         Result:
                       public key pk_i                 public key pk_r
                       secret key sk_i                 secret key sk_r
 
Step 2 send public key                 send public key
               pk_r <------------------------- pk_r
               pk_i -------------------------> pk_i
 
Step 3 initiate key exchange
               Result:
                       Public key pk_e_i
                       Cipher text ct_e_i
                       KEM shared secret tk
                       Secret key sk_e
 
Step 4 send kex data
               Public key pk_e_i ------------> Public key pk_e_i
               Cipher text ct_e_i -----------> Cipher text ct_e_i
 
Step 5                                 calculate shared secret
                                               Result:
                                                       Cipher text ct_e_r_1
                                                       Cipher text ct_e_r_2
                                                       Shared secret SS
 
Step 6                                 send kex data
               Cipher text ct_e_r_1 <--------- Cipher text ct_e_r_1
               Cipher text ct_e_r_2 <--------- Cipher text ct_e_r_2
 
Step 7 calculate shared secret
               Result:
                       Shared secret SS

Function Documentation

◆ lc_kex_ake_initiator_init()

static int lc_kex_ake_initiator_init	(	struct lc_kyber_pk *	pk_e_i,
		struct lc_kyber_ct *	ct_e_i,
		struct lc_kyber_ss *	tk,
		struct lc_kyber_sk *	sk_e,
		const struct lc_kyber_pk *	pk_r )

inlinestatic

Initialize authenticated key exchange.

Parameters

[out]	pk_e_i	initiator's ephemeral public key to be sent to the responder
[out]	ct_e_i	initiator's ephemeral cipher text to be sent to the responder
[out]	tk	KEM shared secret data to be used for the initiator's shared secret generation
[out]	sk_e	initiator's ephemeral secret key to be used for the initiator's shared secret generation
[in]	pk_r	responder's public key

Returns: 0 (success) or < 0 on error

Definition at line 1379 of file lc_kyber.h.

◆ lc_kex_ake_initiator_ss()

static int lc_kex_ake_initiator_ss	(	uint8_t *	shared_secret,
		size_t	shared_secret_len,
		const uint8_t *	kdf_nonce,
		size_t	kdf_nonce_len,
		const struct lc_kyber_ct *	ct_e_r_1,
		const struct lc_kyber_ct *	ct_e_r_2,
		const struct lc_kyber_ss *	tk,
		const struct lc_kyber_sk *	sk_e,
		const struct lc_kyber_sk *	sk_i )

inlinestatic

Responder's shared secret generation.

Parameters

[out]	shared_secret	Shared secret between initiator and responder
[in]	shared_secret_len	Requested size of the shared secret
[in]	kdf_nonce	An optional nonce that is concatenated at the end of the Kyber KEX-generated data to be inserted into the KDF. If not required, use NULL.
[in]	kdf_nonce_len	Length of the kdf_nonce.
[in]	ct_e_r_1	responder's ephemeral cipher text
[in]	ct_e_r_2	responder's ephemeral cipher text
[in]	tk	KEM shared secret data that was generated during the initator's initialization
[in]	sk_e	initator's ephemeral secret that was generated during the initator's initialization
[in]	sk_i	initator's secret key

Returns: 0 (success) or < 0 on error

Definition at line 1531 of file lc_kyber.h.

◆ lc_kex_ake_responder_ss()

static int lc_kex_ake_responder_ss	(	struct lc_kyber_ct *	ct_e_r_1,
		struct lc_kyber_ct *	ct_e_r_2,
		uint8_t *	shared_secret,
		size_t	shared_secret_len,
		const uint8_t *	kdf_nonce,
		size_t	kdf_nonce_len,
		const struct lc_kyber_pk *	pk_e_i,
		const struct lc_kyber_ct *	ct_e_i,
		const struct lc_kyber_sk *	sk_r,
		const struct lc_kyber_pk *	pk_i )

inlinestatic

Initiator's shared secret generation.

Parameters

[out]	ct_e_r_1	responder's ephemeral cipher text to be sent to the initator
[out]	ct_e_r_2	responder's ephemeral cipher text to be sent to the initator
[out]	shared_secret	Shared secret between initiator and responder
[in]	shared_secret_len	Requested size of the shared secret
[in]	kdf_nonce	An optional nonce that is concatenated at the end of the Kyber KEX-generated data to be inserted into the KDF. If not required, use NULL.
[in]	kdf_nonce_len	Length of the kdf_nonce.
[in]	pk_e_i	initator's ephemeral public key
[in]	ct_e_i	initator's ephemeral cipher text
[in]	sk_r	responder's secret key
[in]	pk_i	initator's public key

Returns: 0 (success) or < 0 on error

Definition at line 1454 of file lc_kyber.h.

Functions

Detailed Description

Function Documentation

◆ lc_kex_ake_initiator_init()

◆ lc_kex_ake_initiator_ss()

◆ lc_kex_ake_responder_ss()