Functions
static int	lc_kex_uake_initiator_init (struct lc_kyber_pk pk_e_i, struct lc_kyber_ct ct_e_i, struct lc_kyber_ss tk, struct lc_kyber_sk sk_e, const struct lc_kyber_pk *pk_r)
	Initialize unilaterally authenticated key exchange.

static int	lc_kex_uake_responder_ss (struct lc_kyber_ct ct_e_r, uint8_t shared_secret, size_t shared_secret_len, const uint8_t kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_pk pk_e_i, const struct lc_kyber_ct ct_e_i, const struct lc_kyber_sk sk_r)
	Initiator's shared secret generation.

static int	lc_kex_uake_initiator_ss (uint8_t shared_secret, size_t shared_secret_len, const uint8_t kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_ct ct_e_r, const struct lc_kyber_ss tk, const struct lc_kyber_sk *sk_e)
	Responder's shared secret generation.

Detailed Description

Unilaterally authenticated key exchange

The key exchange provides a shared secret between two communication parties. Only the initiator authenticates the key exchange with his private key.

The idea is that the pk_r/sk_r key pair is a static key pair that is generated and exchanged before the KEX handshake. For the unilaterally authenticated key exchange, only the initiator uses the responder's public key which implies that the initiator authenticates the responder.

               Alice (initiator)               Bob (responder)
 
Step 1                                 generate static keypair
                                               Result:
                                                       public key pk_r
                                                       secret key sk_r
 
Step 2                                 send public key
               pk_r <------------------------- pk_r
 
Step 3 initiate key exchange
               Result:
                       Public key pk_e_i
                       Cipher text ct_e_i
                       KEM shared secret tk
                       Secret key sk_e
 
Step 4 send kex data
               Public key pk_e_i ------------> Public key pk_e_i
               Cipher text ct_e_i -----------> Cipher text ct_e_i
 
Step 5                                 calculate shared secret
                                               Result:
                                                       Cipher text ct_e_r
                                                       Shared secret SS
 
Step 6                                 send kex data
               Cipher text ct_e_r <----------- Cipher text ct_e_r
 
Step 7 calculate shared secret
               Result:
                       Shared secret SS

Function Documentation

◆ lc_kex_uake_initiator_init()

static int lc_kex_uake_initiator_init	(	struct lc_kyber_pk *	pk_e_i,
		struct lc_kyber_ct *	ct_e_i,
		struct lc_kyber_ss *	tk,
		struct lc_kyber_sk *	sk_e,
		const struct lc_kyber_pk *	pk_r )

inlinestatic

Initialize unilaterally authenticated key exchange.

Parameters

[out]	pk_e_i	initiator's ephemeral public key to be sent to the responder
[out]	ct_e_i	initiator's ephemeral cipher text to be sent to the responder
[out]	tk	KEM shared secret data to be used for the initiator's shared secret generation
[out]	sk_e	initiator's ephemeral secret key to be used for the initiator's shared secret generation
[in]	pk_r	responder's public key

Returns: 0 (success) or < 0 on error

Definition at line 1129 of file lc_kyber.h.

◆ lc_kex_uake_initiator_ss()

static int lc_kex_uake_initiator_ss	(	uint8_t *	shared_secret,
		size_t	shared_secret_len,
		const uint8_t *	kdf_nonce,
		size_t	kdf_nonce_len,
		const struct lc_kyber_ct *	ct_e_r,
		const struct lc_kyber_ss *	tk,
		const struct lc_kyber_sk *	sk_e )

inlinestatic

Responder's shared secret generation.

Parameters

[out]	shared_secret	Shared secret between initiator and responder
[in]	shared_secret_len	Requested size of the shared secret
[in]	kdf_nonce	An optional nonce that is concatenated at the end of the Kyber KEX-generated data to be inserted into the KDF. If not required, use NULL.
[in]	kdf_nonce_len	Length of the kdf_nonce.
[in]	ct_e_r	responder's ephemeral cipher text
[in]	tk	KEM shared secret data that was generated during the initiator's initialization
[in]	sk_e	initiator's ephemeral secret that was generated during the initiator's initialization

Returns: 0 (success) or < 0 on error

Definition at line 1268 of file lc_kyber.h.

◆ lc_kex_uake_responder_ss()

static int lc_kex_uake_responder_ss	(	struct lc_kyber_ct *	ct_e_r,
		uint8_t *	shared_secret,
		size_t	shared_secret_len,
		const uint8_t *	kdf_nonce,
		size_t	kdf_nonce_len,
		const struct lc_kyber_pk *	pk_e_i,
		const struct lc_kyber_ct *	ct_e_i,
		const struct lc_kyber_sk *	sk_r )

inlinestatic

Initiator's shared secret generation.

Parameters

[out]	ct_e_r	responder's ephemeral cipher text to be sent to the initiator
[out]	shared_secret	Shared secret between initiator and responder
[in]	shared_secret_len	Requested size of the shared secret
[in]	kdf_nonce	An optional nonce that is concatenated at the end of the Kyber KEX-generated data to be inserted into the KDF. If not required, use NULL.
[in]	kdf_nonce_len	Length of the kdf_nonce.
[in]	pk_e_i	initiator's ephemeral public key
[in]	ct_e_i	initiator's ephemeral cipher text
[in]	sk_r	responder's secret key

Returns: 0 (success) or < 0 on error

Definition at line 1202 of file lc_kyber.h.

Functions

Detailed Description

Function Documentation

◆ lc_kex_uake_initiator_init()

◆ lc_kex_uake_initiator_ss()

◆ lc_kex_uake_responder_ss()