|
static int | lc_kex_ake_initiator_init (struct lc_kyber_pk *pk_e_i, struct lc_kyber_ct *ct_e_i, struct lc_kyber_ss *tk, struct lc_kyber_sk *sk_e, const struct lc_kyber_pk *pk_r) |
| Initialize authenticated key exchange.
|
|
static int | lc_kex_ake_responder_ss (struct lc_kyber_ct *ct_e_r_1, struct lc_kyber_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_pk *pk_e_i, const struct lc_kyber_ct *ct_e_i, const struct lc_kyber_sk *sk_r, const struct lc_kyber_pk *pk_i) |
| Initiator's shared secret generation.
|
|
static int | lc_kex_ake_initiator_ss (uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_ct *ct_e_r_1, const struct lc_kyber_ct *ct_e_r_2, const struct lc_kyber_ss *tk, const struct lc_kyber_sk *sk_e, const struct lc_kyber_sk *sk_i) |
| Responder's shared secret generation.
|
|
The key exchange provides a shared secret between two communication parties. The initiator and responder authenticates the key exchange with their private keys.
The idea is that the pk_i/sk_i and pk_r/sk_r key pairs are static key pairs that are generated and exchanged before the KEX handshake. For the authenticated key exchange, both sides use the respective peer's public key which implies either side authenticates the other end.
Alice (initiator) Bob (responder)
Step 1 generate static keypair generate static keypair
Result: Result:
public key pk_i public key pk_r
secret key sk_i secret key sk_r
Step 2 send public key send public key
pk_r <------------------------- pk_r
pk_i -------------------------> pk_i
Step 3 initiate key exchange
Result:
Public key pk_e_i
Cipher text ct_e_i
KEM shared secret tk
Secret key sk_e
Step 4 send kex data
Public key pk_e_i ------------> Public key pk_e_i
Cipher text ct_e_i -----------> Cipher text ct_e_i
Step 5 calculate shared secret
Result:
Cipher text ct_e_r_1
Cipher text ct_e_r_2
Shared secret SS
Step 6 send kex data
Cipher text ct_e_r_1 <--------- Cipher text ct_e_r_1
Cipher text ct_e_r_2 <--------- Cipher text ct_e_r_2
Step 7 calculate shared secret
Result:
Shared secret SS
◆ lc_kex_ake_initiator_init()
Initialize authenticated key exchange.
- Parameters
-
[out] | pk_e_i | initiator's ephemeral public key to be sent to the responder |
[out] | ct_e_i | initiator's ephemeral cipher text to be sent to the responder |
[out] | tk | KEM shared secret data to be used for the initiator's shared secret generation |
[out] | sk_e | initiator's ephemeral secret key to be used for the initiator's shared secret generation |
[in] | pk_r | responder's public key |
- Returns
- 0 (success) or < 0 on error
Definition at line 1379 of file lc_kyber.h.
◆ lc_kex_ake_initiator_ss()
static int lc_kex_ake_initiator_ss |
( |
uint8_t * | shared_secret, |
|
|
size_t | shared_secret_len, |
|
|
const uint8_t * | kdf_nonce, |
|
|
size_t | kdf_nonce_len, |
|
|
const struct lc_kyber_ct * | ct_e_r_1, |
|
|
const struct lc_kyber_ct * | ct_e_r_2, |
|
|
const struct lc_kyber_ss * | tk, |
|
|
const struct lc_kyber_sk * | sk_e, |
|
|
const struct lc_kyber_sk * | sk_i ) |
|
inlinestatic |
Responder's shared secret generation.
- Parameters
-
[out] | shared_secret | Shared secret between initiator and responder |
[in] | shared_secret_len | Requested size of the shared secret |
[in] | kdf_nonce | An optional nonce that is concatenated at the end of the Kyber KEX-generated data to be inserted into the KDF. If not required, use NULL. |
[in] | kdf_nonce_len | Length of the kdf_nonce. |
[in] | ct_e_r_1 | responder's ephemeral cipher text |
[in] | ct_e_r_2 | responder's ephemeral cipher text |
[in] | tk | KEM shared secret data that was generated during the initator's initialization |
[in] | sk_e | initator's ephemeral secret that was generated during the initator's initialization |
[in] | sk_i | initator's secret key |
- Returns
- 0 (success) or < 0 on error
Definition at line 1531 of file lc_kyber.h.
◆ lc_kex_ake_responder_ss()
static int lc_kex_ake_responder_ss |
( |
struct lc_kyber_ct * | ct_e_r_1, |
|
|
struct lc_kyber_ct * | ct_e_r_2, |
|
|
uint8_t * | shared_secret, |
|
|
size_t | shared_secret_len, |
|
|
const uint8_t * | kdf_nonce, |
|
|
size_t | kdf_nonce_len, |
|
|
const struct lc_kyber_pk * | pk_e_i, |
|
|
const struct lc_kyber_ct * | ct_e_i, |
|
|
const struct lc_kyber_sk * | sk_r, |
|
|
const struct lc_kyber_pk * | pk_i ) |
|
inlinestatic |
Initiator's shared secret generation.
- Parameters
-
[out] | ct_e_r_1 | responder's ephemeral cipher text to be sent to the initator |
[out] | ct_e_r_2 | responder's ephemeral cipher text to be sent to the initator |
[out] | shared_secret | Shared secret between initiator and responder |
[in] | shared_secret_len | Requested size of the shared secret |
[in] | kdf_nonce | An optional nonce that is concatenated at the end of the Kyber KEX-generated data to be inserted into the KDF. If not required, use NULL. |
[in] | kdf_nonce_len | Length of the kdf_nonce. |
[in] | pk_e_i | initator's ephemeral public key |
[in] | ct_e_i | initator's ephemeral cipher text |
[in] | sk_r | responder's secret key |
[in] | pk_i | initator's public key |
- Returns
- 0 (success) or < 0 on error
Definition at line 1454 of file lc_kyber.h.