Leancrypto 0.12.0
Post-Quantum Cryptographic Library
Loading...
Searching...
No Matches
lc_kyber.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 2024, Stephan Mueller <smueller@chronox.de>
3 *
4 * License: see LICENSE file in root directory
5 *
6 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
7 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
8 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
9 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
10 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
11 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
12 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
13 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
14 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
15 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
16 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
17 * DAMAGE.
18 */
19
20#ifndef LC_KYBER_H
21#define LC_KYBER_H
22
23#include "ext_headers.h"
24
25#if defined __has_include
26#if __has_include("lc_kyber_1024.h")
27#include "lc_kyber_1024.h"
28#define LC_KYBER_1024_ENABLED
29#endif
30#if __has_include("lc_kyber_768.h")
31#include "lc_kyber_768.h"
32#define LC_KYBER_768_ENABLED
33#endif
34#if __has_include("lc_kyber_512.h")
35#include "lc_kyber_512.h"
36#define LC_KYBER_512_ENABLED
37#endif
38#else
39#error "Compiler misses __has_include"
40#endif
41
42#ifdef __cplusplus
43extern "C" {
44#endif
45
52
77/************************************* KEM ************************************/
81struct lc_kyber_sk {
82 enum lc_kyber_type kyber_type;
83 union {
84#ifdef LC_KYBER_1024_ENABLED
85 struct lc_kyber_1024_sk sk_1024;
86#endif
87#ifdef LC_KYBER_768_ENABLED
88 struct lc_kyber_768_sk sk_768;
89#endif
90#ifdef LC_KYBER_512_ENABLED
91 struct lc_kyber_512_sk sk_512;
92#endif
93 } key;
94};
95
99struct lc_kyber_pk {
100 enum lc_kyber_type kyber_type;
101 union {
102#ifdef LC_KYBER_1024_ENABLED
103 struct lc_kyber_1024_pk pk_1024;
104#endif
105#ifdef LC_KYBER_768_ENABLED
106 struct lc_kyber_768_pk pk_768;
107#endif
108#ifdef LC_KYBER_512_ENABLED
109 struct lc_kyber_512_pk pk_512;
110#endif
111 } key;
112};
113
117struct lc_kyber_ct {
118 enum lc_kyber_type kyber_type;
119 union {
120#ifdef LC_KYBER_1024_ENABLED
121 struct lc_kyber_1024_ct ct_1024;
122#endif
123#ifdef LC_KYBER_768_ENABLED
124 struct lc_kyber_768_ct ct_768;
125#endif
126#ifdef LC_KYBER_512_ENABLED
127 struct lc_kyber_512_ct ct_512;
128#endif
129 } key;
130};
131
135struct lc_kyber_ss {
136 enum lc_kyber_type kyber_type;
137 union {
138#ifdef LC_KYBER_1024_ENABLED
139 struct lc_kyber_1024_ss ss_1024;
140#endif
141#ifdef LC_KYBER_768_ENABLED
142 struct lc_kyber_768_ss ss_768;
143#endif
144#ifdef LC_KYBER_512_ENABLED
145 struct lc_kyber_512_ss ss_512;
146#endif
147 } key;
148};
149
158static inline enum lc_kyber_type lc_kyber_sk_type(const struct lc_kyber_sk *sk)
159{
160 if (!sk)
161 return LC_KYBER_UNKNOWN;
162 return sk->kyber_type;
163}
164
173static inline enum lc_kyber_type lc_kyber_pk_type(const struct lc_kyber_pk *pk)
174{
175 if (!pk)
176 return LC_KYBER_UNKNOWN;
177 return pk->kyber_type;
178}
179
188static inline enum lc_kyber_type lc_kyber_ct_type(const struct lc_kyber_ct *ct)
189{
190 if (!ct)
191 return LC_KYBER_UNKNOWN;
192 return ct->kyber_type;
193}
194
203static inline enum lc_kyber_type lc_kyber_ss_type(const struct lc_kyber_ss *ss)
204{
205 if (!ss)
206 return LC_KYBER_UNKNOWN;
207 return ss->kyber_type;
208}
209
218LC_PURE
219static inline unsigned int lc_kyber_sk_size(enum lc_kyber_type kyber_type)
220{
221 switch (kyber_type) {
222 case LC_KYBER_1024:
223#ifdef LC_KYBER_1024_ENABLED
224 return lc_member_size(struct lc_kyber_sk, key.sk_1024);
225#else
226 return 0;
227#endif
228 case LC_KYBER_768:
229#ifdef LC_KYBER_768_ENABLED
230 return lc_member_size(struct lc_kyber_sk, key.sk_768);
231#else
232 return 0;
233#endif
234 case LC_KYBER_512:
235#ifdef LC_KYBER_512_ENABLED
236 return lc_member_size(struct lc_kyber_sk, key.sk_512);
237#else
238 return 0;
239#endif
240 case LC_KYBER_UNKNOWN:
241 default:
242 return 0;
243 }
244}
245
254LC_PURE
255static inline unsigned int lc_kyber_pk_size(enum lc_kyber_type kyber_type)
256{
257 switch (kyber_type) {
258 case LC_KYBER_1024:
259#ifdef LC_KYBER_1024_ENABLED
260 return lc_member_size(struct lc_kyber_pk, key.pk_1024);
261#else
262 return 0;
263#endif
264 case LC_KYBER_768:
265#ifdef LC_KYBER_768_ENABLED
266 return lc_member_size(struct lc_kyber_pk, key.pk_768);
267#else
268 return 0;
269#endif
270 case LC_KYBER_512:
271#ifdef LC_KYBER_512_ENABLED
272 return lc_member_size(struct lc_kyber_pk, key.pk_512);
273#else
274 return 0;
275#endif
276 case LC_KYBER_UNKNOWN:
277 default:
278 return 0;
279 }
280}
281
290LC_PURE
291static inline unsigned int lc_kyber_ct_size(enum lc_kyber_type kyber_type)
292{
293 switch (kyber_type) {
294 case LC_KYBER_1024:
295#ifdef LC_KYBER_1024_ENABLED
296 return lc_member_size(struct lc_kyber_ct, key.ct_1024);
297#else
298 return 0;
299#endif
300 case LC_KYBER_768:
301#ifdef LC_KYBER_768_ENABLED
302 return lc_member_size(struct lc_kyber_ct, key.ct_768);
303#else
304 return 0;
305#endif
306 case LC_KYBER_512:
307#ifdef LC_KYBER_512_ENABLED
308 return lc_member_size(struct lc_kyber_ct, key.ct_512);
309#else
310 return 0;
311#endif
312 case LC_KYBER_UNKNOWN:
313 default:
314 return 0;
315 }
316}
317
326LC_PURE
327static inline unsigned int lc_kyber_ss_size(enum lc_kyber_type kyber_type)
328{
329 switch (kyber_type) {
330 case LC_KYBER_1024:
331#ifdef LC_KYBER_1024_ENABLED
332 return lc_member_size(struct lc_kyber_ss, key.ss_1024);
333#else
334 return 0;
335#endif
336 case LC_KYBER_768:
337#ifdef LC_KYBER_768_ENABLED
338 return lc_member_size(struct lc_kyber_ss, key.ss_768);
339#else
340 return 0;
341#endif
342 case LC_KYBER_512:
343#ifdef LC_KYBER_512_ENABLED
344 return lc_member_size(struct lc_kyber_ss, key.ss_512);
345#else
346 return 0;
347#endif
348 case LC_KYBER_UNKNOWN:
349 default:
350 return 0;
351 }
352}
353
365static inline int lc_kyber_sk_load(struct lc_kyber_sk *sk,
366 const uint8_t *src_key, size_t src_key_len)
367{
368 if (!sk || !src_key || src_key_len == 0) {
369 return -EINVAL;
370#ifdef LC_KYBER_1024_ENABLED
371 } else if (src_key_len == lc_kyber_sk_size(LC_KYBER_1024)) {
372 struct lc_kyber_1024_sk *_sk = &sk->key.sk_1024;
373
374 memcpy(_sk->sk, src_key, src_key_len);
375 sk->kyber_type = LC_KYBER_1024;
376 return 0;
377#endif
378#ifdef LC_KYBER_768_ENABLED
379 } else if (src_key_len == lc_kyber_sk_size(LC_KYBER_768)) {
380 struct lc_kyber_768_sk *_sk = &sk->key.sk_768;
381
382 memcpy(_sk->sk, src_key, src_key_len);
383 sk->kyber_type = LC_KYBER_768;
384 return 0;
385#endif
386#ifdef LC_KYBER_512_ENABLED
387 } else if (src_key_len == lc_kyber_sk_size(LC_KYBER_512)) {
388 struct lc_kyber_512_sk *_sk = &sk->key.sk_512;
389
390 memcpy(_sk->sk, src_key, src_key_len);
391 sk->kyber_type = LC_KYBER_512;
392 return 0;
393#endif
394 } else {
395 return -EINVAL;
396 }
397}
398
410static inline int lc_kyber_pk_load(struct lc_kyber_pk *pk,
411 const uint8_t *src_key, size_t src_key_len)
412{
413 if (!pk || !src_key || src_key_len == 0) {
414 return -EINVAL;
415#ifdef LC_KYBER_1024_ENABLED
416 } else if (src_key_len == lc_kyber_pk_size(LC_KYBER_1024)) {
417 struct lc_kyber_1024_pk *_pk = &pk->key.pk_1024;
418
419 memcpy(_pk->pk, src_key, src_key_len);
420 pk->kyber_type = LC_KYBER_1024;
421 return 0;
422#endif
423#ifdef LC_KYBER_768_ENABLED
424 } else if (src_key_len == lc_kyber_pk_size(LC_KYBER_768)) {
425 struct lc_kyber_768_pk *_pk = &pk->key.pk_768;
426
427 memcpy(_pk->pk, src_key, src_key_len);
428 pk->kyber_type = LC_KYBER_768;
429 return 0;
430#endif
431#ifdef LC_KYBER_512_ENABLED
432 } else if (src_key_len == lc_kyber_pk_size(LC_KYBER_512)) {
433 struct lc_kyber_512_pk *_pk = &pk->key.pk_512;
434
435 memcpy(_pk->pk, src_key, src_key_len);
436 pk->kyber_type = LC_KYBER_512;
437 return 0;
438#endif
439 } else {
440 return -EINVAL;
441 }
442}
443
457static inline int lc_kyber_ct_load(struct lc_kyber_ct *ct,
458 const uint8_t *src_key, size_t src_key_len)
459{
460 if (!ct || !src_key || src_key_len == 0) {
461 return -EINVAL;
462#ifdef LC_KYBER_1024_ENABLED
463 } else if (src_key_len == lc_kyber_ct_size(LC_KYBER_1024)) {
464 struct lc_kyber_1024_ct *_ct = &ct->key.ct_1024;
465
466 memcpy(_ct->ct, src_key, src_key_len);
467 ct->kyber_type = LC_KYBER_1024;
468 return 0;
469#endif
470#ifdef LC_KYBER_768_ENABLED
471 } else if (src_key_len == lc_kyber_ct_size(LC_KYBER_768)) {
472 struct lc_kyber_768_ct *_ct = &ct->key.ct_768;
473
474 memcpy(_ct->ct, src_key, src_key_len);
475 ct->kyber_type = LC_KYBER_768;
476 return 0;
477#endif
478#ifdef LC_KYBER_512_ENABLED
479 } else if (src_key_len == lc_kyber_ct_size(LC_KYBER_512)) {
480 struct lc_kyber_512_ct *_ct = &ct->key.ct_512;
481
482 memcpy(_ct->ct, src_key, src_key_len);
483 ct->kyber_type = LC_KYBER_512;
484 return 0;
485#endif
486 } else {
487 return -EINVAL;
488 }
489}
490
504static inline int lc_kyber_ss_load(struct lc_kyber_ss *ss,
505 const uint8_t *src_key, size_t src_key_len)
506{
507 if (!ss || !src_key || src_key_len == 0) {
508 return -EINVAL;
509#ifdef LC_KYBER_1024_ENABLED
510 } else if (src_key_len == lc_kyber_ss_size(LC_KYBER_1024)) {
511 struct lc_kyber_1024_ss *_ss = &ss->key.ss_1024;
512
513 memcpy(_ss->ss, src_key, src_key_len);
514 ss->kyber_type = LC_KYBER_1024;
515 return 0;
516#endif
517#ifdef LC_KYBER_768_ENABLED
518 } else if (src_key_len == lc_kyber_ss_size(LC_KYBER_768)) {
519 struct lc_kyber_768_ss *_ss = &ss->key.ss_768;
520
521 memcpy(_ss->ss, src_key, src_key_len);
522 ss->kyber_type = LC_KYBER_768;
523 return 0;
524#endif
525#ifdef LC_KYBER_512_ENABLED
526 } else if (src_key_len == lc_kyber_ss_size(LC_KYBER_512)) {
527 struct lc_kyber_512_ss *_ss = &ss->key.ss_512;
528
529 memcpy(_ss->ss, src_key, src_key_len);
530 ss->kyber_type = LC_KYBER_512;
531 return 0;
532#endif
533 } else {
534 return -EINVAL;
535 }
536}
537
551static inline int lc_kyber_sk_ptr(uint8_t **kyber_key, size_t *kyber_key_len,
552 struct lc_kyber_sk *sk)
553{
554 if (!sk || !kyber_key || !kyber_key_len) {
555 return -EINVAL;
556#ifdef LC_KYBER_1024_ENABLED
557 } else if (sk->kyber_type == LC_KYBER_1024) {
558 struct lc_kyber_1024_sk *_sk = &sk->key.sk_1024;
559
560 *kyber_key = _sk->sk;
561 *kyber_key_len = lc_kyber_sk_size(sk->kyber_type);
562 return 0;
563#endif
564#ifdef LC_KYBER_768_ENABLED
565 } else if (sk->kyber_type == LC_KYBER_768) {
566 struct lc_kyber_768_sk *_sk = &sk->key.sk_768;
567
568 *kyber_key = _sk->sk;
569 *kyber_key_len = lc_kyber_sk_size(sk->kyber_type);
570 return 0;
571#endif
572#ifdef LC_KYBER_512_ENABLED
573 } else if (sk->kyber_type == LC_KYBER_512) {
574 struct lc_kyber_512_sk *_sk = &sk->key.sk_512;
575
576 *kyber_key = _sk->sk;
577 *kyber_key_len = lc_kyber_sk_size(sk->kyber_type);
578 return 0;
579#endif
580 } else {
581 return -EINVAL;
582 }
583}
584
598static inline int lc_kyber_pk_ptr(uint8_t **kyber_key, size_t *kyber_key_len,
599 struct lc_kyber_pk *pk)
600{
601 if (!pk || !kyber_key || !kyber_key_len) {
602 return -EINVAL;
603#ifdef LC_KYBER_1024_ENABLED
604 } else if (pk->kyber_type == LC_KYBER_1024) {
605 struct lc_kyber_1024_pk *_pk = &pk->key.pk_1024;
606
607 *kyber_key = _pk->pk;
608 *kyber_key_len = lc_kyber_pk_size(pk->kyber_type);
609 return 0;
610#endif
611#ifdef LC_KYBER_768_ENABLED
612 } else if (pk->kyber_type == LC_KYBER_768) {
613 struct lc_kyber_768_pk *_pk = &pk->key.pk_768;
614
615 *kyber_key = _pk->pk;
616 *kyber_key_len = lc_kyber_pk_size(pk->kyber_type);
617 return 0;
618#endif
619#ifdef LC_KYBER_512_ENABLED
620 } else if (pk->kyber_type == LC_KYBER_512) {
621 struct lc_kyber_512_pk *_pk = &pk->key.pk_512;
622
623 *kyber_key = _pk->pk;
624 *kyber_key_len = lc_kyber_pk_size(pk->kyber_type);
625 return 0;
626#endif
627 } else {
628 return -EINVAL;
629 }
630}
631
646static inline int lc_kyber_ct_ptr(uint8_t **kyber_ct, size_t *kyber_ct_len,
647 struct lc_kyber_ct *ct)
648{
649 if (!ct || !kyber_ct || !kyber_ct_len) {
650 return -EINVAL;
651#ifdef LC_KYBER_1024_ENABLED
652 } else if (ct->kyber_type == LC_KYBER_1024) {
653 struct lc_kyber_1024_ct *_ct = &ct->key.ct_1024;
654
655 *kyber_ct = _ct->ct;
656 *kyber_ct_len = lc_kyber_ct_size(ct->kyber_type);
657 return 0;
658#endif
659#ifdef LC_KYBER_768_ENABLED
660 } else if (ct->kyber_type == LC_KYBER_768) {
661 struct lc_kyber_768_ct *_ct = &ct->key.ct_768;
662
663 *kyber_ct = _ct->ct;
664 *kyber_ct_len = lc_kyber_ct_size(ct->kyber_type);
665 return 0;
666#endif
667#ifdef LC_KYBER_512_ENABLED
668 } else if (ct->kyber_type == LC_KYBER_512) {
669 struct lc_kyber_512_ct *_ct = &ct->key.ct_512;
670
671 *kyber_ct = _ct->ct;
672 *kyber_ct_len = lc_kyber_ct_size(ct->kyber_type);
673 return 0;
674#endif
675 } else {
676 return -EINVAL;
677 }
678}
679
694static inline int lc_kyber_ss_ptr(uint8_t **kyber_ss, size_t *kyber_ss_len,
695 struct lc_kyber_ss *ss)
696{
697 if (!ss || !kyber_ss || !kyber_ss_len) {
698 return -EINVAL;
699#ifdef LC_KYBER_1024_ENABLED
700 } else if (ss->kyber_type == LC_KYBER_1024) {
701 struct lc_kyber_1024_ss *_ss = &ss->key.ss_1024;
702
703 *kyber_ss = _ss->ss;
704 *kyber_ss_len = lc_kyber_ss_size(ss->kyber_type);
705 return 0;
706#endif
707#ifdef LC_KYBER_768_ENABLED
708 } else if (ss->kyber_type == LC_KYBER_768) {
709 struct lc_kyber_768_ss *_ss = &ss->key.ss_768;
710
711 *kyber_ss = _ss->ss;
712 *kyber_ss_len = lc_kyber_ss_size(ss->kyber_type);
713 return 0;
714#endif
715#ifdef LC_KYBER_512_ENABLED
716 } else if (ss->kyber_type == LC_KYBER_512) {
717 struct lc_kyber_512_ss *_ss = &ss->key.ss_512;
718
719 *kyber_ss = _ss->ss;
720 *kyber_ss_len = lc_kyber_ss_size(ss->kyber_type);
721 return 0;
722#endif
723 } else {
724 return -EINVAL;
725 }
726}
727
740static inline int lc_kyber_keypair(struct lc_kyber_pk *pk,
741 struct lc_kyber_sk *sk,
742 struct lc_rng_ctx *rng_ctx,
743 enum lc_kyber_type kyber_type)
744{
745 if (!pk || !sk)
746 return -EINVAL;
747
748 switch (kyber_type) {
749 case LC_KYBER_1024:
750#ifdef LC_KYBER_1024_ENABLED
751 pk->kyber_type = kyber_type;
752 sk->kyber_type = kyber_type;
753 return lc_kyber_1024_keypair(&pk->key.pk_1024, &sk->key.sk_1024,
754 rng_ctx);
755#else
756 return -EOPNOTSUPP;
757#endif
758 case LC_KYBER_768:
759#ifdef LC_KYBER_768_ENABLED
760 pk->kyber_type = kyber_type;
761 sk->kyber_type = kyber_type;
762 return lc_kyber_768_keypair(&pk->key.pk_768, &sk->key.sk_768,
763 rng_ctx);
764#else
765 return -EOPNOTSUPP;
766#endif
767 case LC_KYBER_512:
768#ifdef LC_KYBER_512_ENABLED
769 pk->kyber_type = kyber_type;
770 sk->kyber_type = kyber_type;
771 return lc_kyber_512_keypair(&pk->key.pk_512, &sk->key.sk_512,
772 rng_ctx);
773#else
774 return -EOPNOTSUPP;
775#endif
776 case LC_KYBER_UNKNOWN:
777 default:
778 return -EOPNOTSUPP;
779 }
780}
781
803static inline int lc_kyber_keypair_from_seed(struct lc_kyber_pk *pk,
804 struct lc_kyber_sk *sk,
805 const uint8_t *seed,
806 size_t seedlen,
807 enum lc_kyber_type kyber_type)
808{
809 if (!pk || !sk)
810 return -EINVAL;
811
812 switch (kyber_type) {
813 case LC_KYBER_1024:
814#ifdef LC_KYBER_1024_ENABLED
815 pk->kyber_type = kyber_type;
816 sk->kyber_type = kyber_type;
817 return lc_kyber_1024_keypair_from_seed(
818 &pk->key.pk_1024, &sk->key.sk_1024, seed, seedlen);
819#else
820 return -EOPNOTSUPP;
821#endif
822 case LC_KYBER_768:
823#ifdef LC_KYBER_768_ENABLED
824 pk->kyber_type = kyber_type;
825 sk->kyber_type = kyber_type;
826 return lc_kyber_768_keypair_from_seed(
827 &pk->key.pk_768, &sk->key.sk_768, seed, seedlen);
828#else
829 return -EOPNOTSUPP;
830#endif
831 case LC_KYBER_512:
832#ifdef LC_KYBER_512_ENABLED
833 pk->kyber_type = kyber_type;
834 sk->kyber_type = kyber_type;
835 return lc_kyber_512_keypair_from_seed(
836 &pk->key.pk_512, &sk->key.sk_512, seed, seedlen);
837#else
838 return -EOPNOTSUPP;
839#endif
840 case LC_KYBER_UNKNOWN:
841 default:
842 return -EOPNOTSUPP;
843 }
844}
845
859static inline int lc_kyber_enc(struct lc_kyber_ct *ct, struct lc_kyber_ss *ss,
860 const struct lc_kyber_pk *pk)
861{
862 if (!ct || !ss || !pk)
863 return -EINVAL;
864
865 switch (pk->kyber_type) {
866 case LC_KYBER_1024:
867#ifdef LC_KYBER_1024_ENABLED
868 ct->kyber_type = LC_KYBER_1024;
869 ss->kyber_type = LC_KYBER_1024;
870 return lc_kyber_1024_enc(&ct->key.ct_1024, &ss->key.ss_1024,
871 &pk->key.pk_1024);
872#else
873 return -EOPNOTSUPP;
874#endif
875 case LC_KYBER_768:
876#ifdef LC_KYBER_768_ENABLED
877 ct->kyber_type = LC_KYBER_768;
878 ss->kyber_type = LC_KYBER_768;
879 return lc_kyber_768_enc(&ct->key.ct_768, &ss->key.ss_768,
880 &pk->key.pk_768);
881#else
882 return -EOPNOTSUPP;
883#endif
884 case LC_KYBER_512:
885#ifdef LC_KYBER_512_ENABLED
886 ct->kyber_type = LC_KYBER_512;
887 ss->kyber_type = LC_KYBER_512;
888 return lc_kyber_512_enc(&ct->key.ct_512, &ss->key.ss_512,
889 &pk->key.pk_512);
890#else
891 return -EOPNOTSUPP;
892#endif
893 case LC_KYBER_UNKNOWN:
894 default:
895 return -EOPNOTSUPP;
896 }
897}
898
918static inline int lc_kyber_enc_kdf(struct lc_kyber_ct *ct, uint8_t *ss,
919 size_t ss_len, const struct lc_kyber_pk *pk)
920{
921 if (!ct || !pk)
922 return -EINVAL;
923
924 switch (pk->kyber_type) {
925 case LC_KYBER_1024:
926#ifdef LC_KYBER_1024_ENABLED
927 ct->kyber_type = LC_KYBER_1024;
928 return lc_kyber_1024_enc_kdf(&ct->key.ct_1024, ss, ss_len,
929 &pk->key.pk_1024);
930#else
931 return -EOPNOTSUPP;
932#endif
933 case LC_KYBER_768:
934#ifdef LC_KYBER_768_ENABLED
935 ct->kyber_type = LC_KYBER_768;
936 return lc_kyber_768_enc_kdf(&ct->key.ct_768, ss, ss_len,
937 &pk->key.pk_768);
938#else
939 return -EOPNOTSUPP;
940#endif
941 case LC_KYBER_512:
942#ifdef LC_KYBER_512_ENABLED
943 ct->kyber_type = LC_KYBER_512;
944 return lc_kyber_512_enc_kdf(&ct->key.ct_512, ss, ss_len,
945 &pk->key.pk_512);
946#else
947 return -EOPNOTSUPP;
948#endif
949 case LC_KYBER_UNKNOWN:
950 default:
951 return -EOPNOTSUPP;
952 }
953}
954
970static inline int lc_kyber_dec(struct lc_kyber_ss *ss,
971 const struct lc_kyber_ct *ct,
972 const struct lc_kyber_sk *sk)
973{
974 if (!ss || !ct || !sk || ct->kyber_type != sk->kyber_type)
975 return -EINVAL;
976
977 switch (sk->kyber_type) {
978 case LC_KYBER_1024:
979#ifdef LC_KYBER_1024_ENABLED
980 ss->kyber_type = LC_KYBER_1024;
981 return lc_kyber_1024_dec(&ss->key.ss_1024, &ct->key.ct_1024,
982 &sk->key.sk_1024);
983#else
984 return -EOPNOTSUPP;
985#endif
986 case LC_KYBER_768:
987#ifdef LC_KYBER_768_ENABLED
988 ss->kyber_type = LC_KYBER_768;
989 return lc_kyber_768_dec(&ss->key.ss_768, &ct->key.ct_768,
990 &sk->key.sk_768);
991#else
992 return -EOPNOTSUPP;
993#endif
994 case LC_KYBER_512:
995#ifdef LC_KYBER_512_ENABLED
996 ss->kyber_type = LC_KYBER_512;
997 return lc_kyber_512_dec(&ss->key.ss_512, &ct->key.ct_512,
998 &sk->key.sk_512);
999#else
1000 return -EOPNOTSUPP;
1001#endif
1002 case LC_KYBER_UNKNOWN:
1003 default:
1004 return -EOPNOTSUPP;
1005 }
1006}
1007
1029static inline int lc_kyber_dec_kdf(uint8_t *ss, size_t ss_len,
1030 const struct lc_kyber_ct *ct,
1031 const struct lc_kyber_sk *sk)
1032{
1033 if (!ct || !sk || ct->kyber_type != sk->kyber_type)
1034 return -EINVAL;
1035
1036 switch (sk->kyber_type) {
1037 case LC_KYBER_1024:
1038#ifdef LC_KYBER_1024_ENABLED
1039 return lc_kyber_1024_dec_kdf(ss, ss_len, &ct->key.ct_1024,
1040 &sk->key.sk_1024);
1041#else
1042 return -EOPNOTSUPP;
1043#endif
1044 case LC_KYBER_768:
1045#ifdef LC_KYBER_768_ENABLED
1046 return lc_kyber_768_dec_kdf(ss, ss_len, &ct->key.ct_768,
1047 &sk->key.sk_768);
1048#else
1049 return -EOPNOTSUPP;
1050#endif
1051 case LC_KYBER_512:
1052#ifdef LC_KYBER_512_ENABLED
1053 return lc_kyber_512_dec_kdf(ss, ss_len, &ct->key.ct_512,
1054 &sk->key.sk_512);
1055#else
1056 return -EOPNOTSUPP;
1057#endif
1058 case LC_KYBER_UNKNOWN:
1059 default:
1060 return -EOPNOTSUPP;
1061 }
1062}
1063
1064/************************************* KEX ************************************/
1065
1129static inline int lc_kex_uake_initiator_init(struct lc_kyber_pk *pk_e_i,
1130 struct lc_kyber_ct *ct_e_i,
1131 struct lc_kyber_ss *tk,
1132 struct lc_kyber_sk *sk_e,
1133 const struct lc_kyber_pk *pk_r)
1134{
1135 if (!pk_e_i || !ct_e_i || !tk || !sk_e || !pk_r)
1136 return -EINVAL;
1137
1138 switch (pk_r->kyber_type) {
1139 case LC_KYBER_1024:
1140#ifdef LC_KYBER_1024_ENABLED
1141 pk_e_i->kyber_type = LC_KYBER_1024;
1142 ct_e_i->kyber_type = LC_KYBER_1024;
1143 tk->kyber_type = LC_KYBER_1024;
1144 sk_e->kyber_type = LC_KYBER_1024;
1145 return lc_kex_1024_uake_initiator_init(&pk_e_i->key.pk_1024,
1146 &ct_e_i->key.ct_1024,
1147 &tk->key.ss_1024,
1148 &sk_e->key.sk_1024,
1149 &pk_r->key.pk_1024);
1150#else
1151 return -EOPNOTSUPP;
1152#endif
1153 case LC_KYBER_768:
1154#ifdef LC_KYBER_768_ENABLED
1155 pk_e_i->kyber_type = LC_KYBER_768;
1156 ct_e_i->kyber_type = LC_KYBER_768;
1157 tk->kyber_type = LC_KYBER_768;
1158 sk_e->kyber_type = LC_KYBER_768;
1159 return lc_kex_768_uake_initiator_init(
1160 &pk_e_i->key.pk_768, &ct_e_i->key.ct_768,
1161 &tk->key.ss_768, &sk_e->key.sk_768, &pk_r->key.pk_768);
1162#else
1163 return -EOPNOTSUPP;
1164#endif
1165 case LC_KYBER_512:
1166#ifdef LC_KYBER_512_ENABLED
1167 pk_e_i->kyber_type = LC_KYBER_512;
1168 ct_e_i->kyber_type = LC_KYBER_512;
1169 tk->kyber_type = LC_KYBER_512;
1170 sk_e->kyber_type = LC_KYBER_512;
1171 return lc_kex_512_uake_initiator_init(
1172 &pk_e_i->key.pk_512, &ct_e_i->key.ct_512,
1173 &tk->key.ss_512, &sk_e->key.sk_512, &pk_r->key.pk_512);
1174#else
1175 return -EOPNOTSUPP;
1176#endif
1177 case LC_KYBER_UNKNOWN:
1178 default:
1179 return -EOPNOTSUPP;
1180 }
1181}
1182
1201static inline int
1202lc_kex_uake_responder_ss(struct lc_kyber_ct *ct_e_r, uint8_t *shared_secret,
1203 size_t shared_secret_len, const uint8_t *kdf_nonce,
1204 size_t kdf_nonce_len, const struct lc_kyber_pk *pk_e_i,
1205 const struct lc_kyber_ct *ct_e_i,
1206 const struct lc_kyber_sk *sk_r)
1207{
1208 if (!ct_e_r || !pk_e_i || !ct_e_i || !sk_r ||
1209 pk_e_i->kyber_type != ct_e_i->kyber_type ||
1210 pk_e_i->kyber_type != sk_r->kyber_type)
1211 return -EINVAL;
1212
1213 switch (pk_e_i->kyber_type) {
1214 case LC_KYBER_1024:
1215#ifdef LC_KYBER_1024_ENABLED
1216 ct_e_r->kyber_type = LC_KYBER_1024;
1217 return lc_kex_1024_uake_responder_ss(
1218 &ct_e_r->key.ct_1024, shared_secret, shared_secret_len,
1219 kdf_nonce, kdf_nonce_len, &pk_e_i->key.pk_1024,
1220 &ct_e_i->key.ct_1024, &sk_r->key.sk_1024);
1221#else
1222 return -EOPNOTSUPP;
1223#endif
1224 case LC_KYBER_768:
1225#ifdef LC_KYBER_768_ENABLED
1226 ct_e_r->kyber_type = LC_KYBER_768;
1227 return lc_kex_768_uake_responder_ss(
1228 &ct_e_r->key.ct_768, shared_secret, shared_secret_len,
1229 kdf_nonce, kdf_nonce_len, &pk_e_i->key.pk_768,
1230 &ct_e_i->key.ct_768, &sk_r->key.sk_768);
1231#else
1232 return -EOPNOTSUPP;
1233#endif
1234 case LC_KYBER_512:
1235#ifdef LC_KYBER_512_ENABLED
1236 ct_e_r->kyber_type = LC_KYBER_512;
1237 return lc_kex_512_uake_responder_ss(
1238 &ct_e_r->key.ct_512, shared_secret, shared_secret_len,
1239 kdf_nonce, kdf_nonce_len, &pk_e_i->key.pk_512,
1240 &ct_e_i->key.ct_512, &sk_r->key.sk_512);
1241#else
1242 return -EOPNOTSUPP;
1243#endif
1244 case LC_KYBER_UNKNOWN:
1245 default:
1246 return -EOPNOTSUPP;
1247 }
1248}
1249
1268static inline int lc_kex_uake_initiator_ss(uint8_t *shared_secret,
1269 size_t shared_secret_len,
1270 const uint8_t *kdf_nonce,
1271 size_t kdf_nonce_len,
1272 const struct lc_kyber_ct *ct_e_r,
1273 const struct lc_kyber_ss *tk,
1274 const struct lc_kyber_sk *sk_e)
1275{
1276 if (!ct_e_r || !tk || !sk_e || ct_e_r->kyber_type != tk->kyber_type ||
1277 ct_e_r->kyber_type != sk_e->kyber_type)
1278 return -EINVAL;
1279
1280 switch (ct_e_r->kyber_type) {
1281 case LC_KYBER_1024:
1282#ifdef LC_KYBER_1024_ENABLED
1283 return lc_kex_1024_uake_initiator_ss(
1284 shared_secret, shared_secret_len, kdf_nonce,
1285 kdf_nonce_len, &ct_e_r->key.ct_1024, &tk->key.ss_1024,
1286 &sk_e->key.sk_1024);
1287#else
1288 return -EOPNOTSUPP;
1289#endif
1290 case LC_KYBER_768:
1291#ifdef LC_KYBER_768_ENABLED
1292 return lc_kex_768_uake_initiator_ss(
1293 shared_secret, shared_secret_len, kdf_nonce,
1294 kdf_nonce_len, &ct_e_r->key.ct_768, &tk->key.ss_768,
1295 &sk_e->key.sk_768);
1296#else
1297 return -EOPNOTSUPP;
1298#endif
1299 case LC_KYBER_512:
1300#ifdef LC_KYBER_512_ENABLED
1301 return lc_kex_512_uake_initiator_ss(
1302 shared_secret, shared_secret_len, kdf_nonce,
1303 kdf_nonce_len, &ct_e_r->key.ct_512, &tk->key.ss_512,
1304 &sk_e->key.sk_512);
1305#else
1306 return -EOPNOTSUPP;
1307#endif
1308 case LC_KYBER_UNKNOWN:
1309 default:
1310 return -EOPNOTSUPP;
1311 }
1312}
1313
1379static inline int lc_kex_ake_initiator_init(struct lc_kyber_pk *pk_e_i,
1380 struct lc_kyber_ct *ct_e_i,
1381 struct lc_kyber_ss *tk,
1382 struct lc_kyber_sk *sk_e,
1383 const struct lc_kyber_pk *pk_r)
1384{
1385 if (!pk_e_i || !ct_e_i || !tk || !sk_e || !pk_r)
1386 return -EINVAL;
1387
1388 switch (pk_r->kyber_type) {
1389 case LC_KYBER_1024:
1390#ifdef LC_KYBER_1024_ENABLED
1391 pk_e_i->kyber_type = LC_KYBER_1024;
1392 ct_e_i->kyber_type = LC_KYBER_1024;
1393 tk->kyber_type = LC_KYBER_1024;
1394 sk_e->kyber_type = LC_KYBER_1024;
1395 return lc_kex_1024_ake_initiator_init(&pk_e_i->key.pk_1024,
1396 &ct_e_i->key.ct_1024,
1397 &tk->key.ss_1024,
1398 &sk_e->key.sk_1024,
1399 &pk_r->key.pk_1024);
1400#else
1401 return -EOPNOTSUPP;
1402#endif
1403 case LC_KYBER_768:
1404#ifdef LC_KYBER_768_ENABLED
1405 pk_e_i->kyber_type = LC_KYBER_768;
1406 ct_e_i->kyber_type = LC_KYBER_768;
1407 tk->kyber_type = LC_KYBER_768;
1408 sk_e->kyber_type = LC_KYBER_768;
1409 return lc_kex_768_ake_initiator_init(
1410 &pk_e_i->key.pk_768, &ct_e_i->key.ct_768,
1411 &tk->key.ss_768, &sk_e->key.sk_768, &pk_r->key.pk_768);
1412#else
1413 return -EOPNOTSUPP;
1414#endif
1415 case LC_KYBER_512:
1416#ifdef LC_KYBER_512_ENABLED
1417 pk_e_i->kyber_type = LC_KYBER_512;
1418 ct_e_i->kyber_type = LC_KYBER_512;
1419 tk->kyber_type = LC_KYBER_512;
1420 sk_e->kyber_type = LC_KYBER_512;
1421 return lc_kex_512_ake_initiator_init(
1422 &pk_e_i->key.pk_512, &ct_e_i->key.ct_512,
1423 &tk->key.ss_512, &sk_e->key.sk_512, &pk_r->key.pk_512);
1424#else
1425 return -EOPNOTSUPP;
1426#endif
1427 case LC_KYBER_UNKNOWN:
1428 default:
1429 return -EOPNOTSUPP;
1430 }
1431}
1432
1454static inline int lc_kex_ake_responder_ss(
1455 struct lc_kyber_ct *ct_e_r_1, struct lc_kyber_ct *ct_e_r_2,
1456 uint8_t *shared_secret, size_t shared_secret_len,
1457 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
1458 const struct lc_kyber_pk *pk_e_i, const struct lc_kyber_ct *ct_e_i,
1459 const struct lc_kyber_sk *sk_r, const struct lc_kyber_pk *pk_i)
1460{
1461 if (!ct_e_r_1 || !ct_e_r_2 || !pk_e_i || !ct_e_i || !sk_r || !pk_i ||
1462 pk_e_i->kyber_type != ct_e_i->kyber_type ||
1463 pk_e_i->kyber_type != sk_r->kyber_type ||
1464 pk_e_i->kyber_type != pk_i->kyber_type)
1465 return -EINVAL;
1466
1467 switch (pk_e_i->kyber_type) {
1468 case LC_KYBER_1024:
1469#ifdef LC_KYBER_1024_ENABLED
1470 ct_e_r_1->kyber_type = LC_KYBER_1024;
1471 ct_e_r_2->kyber_type = LC_KYBER_1024;
1472 return lc_kex_1024_ake_responder_ss(
1473 &ct_e_r_1->key.ct_1024, &ct_e_r_2->key.ct_1024,
1474 shared_secret, shared_secret_len, kdf_nonce,
1475 kdf_nonce_len, &pk_e_i->key.pk_1024,
1476 &ct_e_i->key.ct_1024, &sk_r->key.sk_1024,
1477 &pk_i->key.pk_1024);
1478#else
1479 return -EOPNOTSUPP;
1480#endif
1481 case LC_KYBER_768:
1482#ifdef LC_KYBER_768_ENABLED
1483 ct_e_r_1->kyber_type = LC_KYBER_768;
1484 ct_e_r_2->kyber_type = LC_KYBER_768;
1485 return lc_kex_768_ake_responder_ss(
1486 &ct_e_r_1->key.ct_768, &ct_e_r_2->key.ct_768,
1487 shared_secret, shared_secret_len, kdf_nonce,
1488 kdf_nonce_len, &pk_e_i->key.pk_768, &ct_e_i->key.ct_768,
1489 &sk_r->key.sk_768, &pk_i->key.pk_768);
1490#else
1491 return -EOPNOTSUPP;
1492#endif
1493 case LC_KYBER_512:
1494#ifdef LC_KYBER_512_ENABLED
1495 ct_e_r_1->kyber_type = LC_KYBER_512;
1496 ct_e_r_2->kyber_type = LC_KYBER_512;
1497 return lc_kex_512_ake_responder_ss(
1498 &ct_e_r_1->key.ct_512, &ct_e_r_2->key.ct_512,
1499 shared_secret, shared_secret_len, kdf_nonce,
1500 kdf_nonce_len, &pk_e_i->key.pk_512, &ct_e_i->key.ct_512,
1501 &sk_r->key.sk_512, &pk_i->key.pk_512);
1502#else
1503 return -EOPNOTSUPP;
1504#endif
1505 case LC_KYBER_UNKNOWN:
1506 default:
1507 return -EOPNOTSUPP;
1508 }
1509}
1510
1531static inline int lc_kex_ake_initiator_ss(
1532 uint8_t *shared_secret, size_t shared_secret_len,
1533 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
1534 const struct lc_kyber_ct *ct_e_r_1, const struct lc_kyber_ct *ct_e_r_2,
1535 const struct lc_kyber_ss *tk, const struct lc_kyber_sk *sk_e,
1536 const struct lc_kyber_sk *sk_i)
1537{
1538 if (!ct_e_r_1 || !ct_e_r_2 || !tk || !sk_e || !sk_i ||
1539 ct_e_r_1->kyber_type != ct_e_r_2->kyber_type ||
1540 ct_e_r_1->kyber_type != tk->kyber_type ||
1541 ct_e_r_1->kyber_type != sk_e->kyber_type ||
1542 ct_e_r_1->kyber_type != sk_i->kyber_type)
1543 return -EINVAL;
1544
1545 switch (ct_e_r_1->kyber_type) {
1546 case LC_KYBER_1024:
1547#ifdef LC_KYBER_1024_ENABLED
1548 return lc_kex_1024_ake_initiator_ss(
1549 shared_secret, shared_secret_len, kdf_nonce,
1550 kdf_nonce_len, &ct_e_r_1->key.ct_1024,
1551 &ct_e_r_2->key.ct_1024, &tk->key.ss_1024,
1552 &sk_e->key.sk_1024, &sk_i->key.sk_1024);
1553#else
1554 return -EOPNOTSUPP;
1555#endif
1556 case LC_KYBER_768:
1557#ifdef LC_KYBER_768_ENABLED
1558 return lc_kex_768_ake_initiator_ss(
1559 shared_secret, shared_secret_len, kdf_nonce,
1560 kdf_nonce_len, &ct_e_r_1->key.ct_768,
1561 &ct_e_r_2->key.ct_768, &tk->key.ss_768,
1562 &sk_e->key.sk_768, &sk_i->key.sk_768);
1563#else
1564 return -EOPNOTSUPP;
1565#endif
1566 case LC_KYBER_512:
1567#ifdef LC_KYBER_512_ENABLED
1568 return lc_kex_512_ake_initiator_ss(
1569 shared_secret, shared_secret_len, kdf_nonce,
1570 kdf_nonce_len, &ct_e_r_1->key.ct_512,
1571 &ct_e_r_2->key.ct_512, &tk->key.ss_512,
1572 &sk_e->key.sk_512, &sk_i->key.sk_512);
1573#else
1574 return -EOPNOTSUPP;
1575#endif
1576 case LC_KYBER_UNKNOWN:
1577 default:
1578 return -EOPNOTSUPP;
1579 }
1580}
1581
1582/************************************* IES ************************************/
1583
1622static inline int
1623lc_kyber_ies_enc(const struct lc_kyber_pk *pk, struct lc_kyber_ct *ct,
1624 const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen,
1625 const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen,
1626 struct lc_aead_ctx *aead)
1627{
1628 if (!pk || !ct)
1629 return -EINVAL;
1630
1631 switch (pk->kyber_type) {
1632 case LC_KYBER_1024:
1633#ifdef LC_KYBER_1024_ENABLED
1634 ct->kyber_type = LC_KYBER_1024;
1635 return lc_kyber_1024_ies_enc(&pk->key.pk_1024, &ct->key.ct_1024,
1636 plaintext, ciphertext, datalen,
1637 aad, aadlen, tag, taglen, aead);
1638#else
1639 return -EOPNOTSUPP;
1640#endif
1641 case LC_KYBER_768:
1642#ifdef LC_KYBER_768_ENABLED
1643 ct->kyber_type = LC_KYBER_768;
1644 return lc_kyber_768_ies_enc(&pk->key.pk_768, &ct->key.ct_768,
1645 plaintext, ciphertext, datalen, aad,
1646 aadlen, tag, taglen, aead);
1647#else
1648 return -EOPNOTSUPP;
1649#endif
1650 case LC_KYBER_512:
1651#ifdef LC_KYBER_512_ENABLED
1652 ct->kyber_type = LC_KYBER_512;
1653 return lc_kyber_512_ies_enc(&pk->key.pk_512, &ct->key.ct_512,
1654 plaintext, ciphertext, datalen, aad,
1655 aadlen, tag, taglen, aead);
1656#else
1657 return -EOPNOTSUPP;
1658#endif
1659 case LC_KYBER_UNKNOWN:
1660 default:
1661 return -EOPNOTSUPP;
1662 }
1663}
1664
1691static inline int lc_kyber_ies_enc_init(struct lc_aead_ctx *aead,
1692 const struct lc_kyber_pk *pk,
1693 struct lc_kyber_ct *ct,
1694 const uint8_t *aad, size_t aadlen)
1695{
1696 if (!pk || !ct)
1697 return -EINVAL;
1698
1699 switch (pk->kyber_type) {
1700 case LC_KYBER_1024:
1701#ifdef LC_KYBER_1024_ENABLED
1702 ct->kyber_type = LC_KYBER_1024;
1703 return lc_kyber_1024_ies_enc_init(
1704 aead, &pk->key.pk_1024, &ct->key.ct_1024, aad, aadlen);
1705#else
1706 return -EOPNOTSUPP;
1707#endif
1708 case LC_KYBER_768:
1709#ifdef LC_KYBER_768_ENABLED
1710 ct->kyber_type = LC_KYBER_768;
1711 return lc_kyber_768_ies_enc_init(aead, &pk->key.pk_768,
1712 &ct->key.ct_768, aad, aadlen);
1713#else
1714 return -EOPNOTSUPP;
1715#endif
1716 case LC_KYBER_512:
1717#ifdef LC_KYBER_512_ENABLED
1718 ct->kyber_type = LC_KYBER_512;
1719 return lc_kyber_512_ies_enc_init(aead, &pk->key.pk_512,
1720 &ct->key.ct_512, aad, aadlen);
1721#else
1722 return -EOPNOTSUPP;
1723#endif
1724 case LC_KYBER_UNKNOWN:
1725 default:
1726 return -EOPNOTSUPP;
1727 }
1728}
1729
1751static inline int lc_kyber_ies_enc_update(struct lc_aead_ctx *aead,
1752 const uint8_t *plaintext,
1753 uint8_t *ciphertext, size_t datalen)
1754{
1755 return lc_aead_enc_update(aead, plaintext, ciphertext, datalen);
1756}
1757
1777static inline int lc_kyber_ies_enc_final(struct lc_aead_ctx *aead, uint8_t *tag,
1778 size_t taglen)
1779{
1780 return lc_aead_enc_final(aead, tag, taglen);
1781}
1782
1811static inline int
1812lc_kyber_ies_dec(const struct lc_kyber_sk *sk, const struct lc_kyber_ct *ct,
1813 const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen,
1814 const uint8_t *aad, size_t aadlen, const uint8_t *tag,
1815 size_t taglen, struct lc_aead_ctx *aead)
1816{
1817 if (!sk || !ct || sk->kyber_type != ct->kyber_type)
1818 return -EINVAL;
1819
1820 switch (sk->kyber_type) {
1821 case LC_KYBER_1024:
1822#ifdef LC_KYBER_1024_ENABLED
1823 return lc_kyber_1024_ies_dec(&sk->key.sk_1024, &ct->key.ct_1024,
1824 ciphertext, plaintext, datalen,
1825 aad, aadlen, tag, taglen, aead);
1826#else
1827 return -EOPNOTSUPP;
1828#endif
1829 case LC_KYBER_768:
1830#ifdef LC_KYBER_768_ENABLED
1831 return lc_kyber_768_ies_dec(&sk->key.sk_768, &ct->key.ct_768,
1832 ciphertext, plaintext, datalen, aad,
1833 aadlen, tag, taglen, aead);
1834#else
1835 return -EOPNOTSUPP;
1836#endif
1837 case LC_KYBER_512:
1838#ifdef LC_KYBER_512_ENABLED
1839 return lc_kyber_512_ies_dec(&sk->key.sk_512, &ct->key.ct_512,
1840 ciphertext, plaintext, datalen, aad,
1841 aadlen, tag, taglen, aead);
1842#else
1843 return -EOPNOTSUPP;
1844#endif
1845 case LC_KYBER_UNKNOWN:
1846 default:
1847 return -EOPNOTSUPP;
1848 }
1849}
1850
1876static inline int lc_kyber_ies_dec_init(struct lc_aead_ctx *aead,
1877 const struct lc_kyber_sk *sk,
1878 const struct lc_kyber_ct *ct,
1879 const uint8_t *aad, size_t aadlen)
1880{
1881 if (!sk || !ct || sk->kyber_type != ct->kyber_type)
1882 return -EINVAL;
1883
1884 switch (sk->kyber_type) {
1885 case LC_KYBER_1024:
1886#ifdef LC_KYBER_1024_ENABLED
1887 return lc_kyber_1024_ies_dec_init(
1888 aead, &sk->key.sk_1024, &ct->key.ct_1024, aad, aadlen);
1889#else
1890 return -EOPNOTSUPP;
1891#endif
1892 case LC_KYBER_768:
1893#ifdef LC_KYBER_768_ENABLED
1894 return lc_kyber_768_ies_dec_init(aead, &sk->key.sk_768,
1895 &ct->key.ct_768, aad, aadlen);
1896#else
1897 return -EOPNOTSUPP;
1898#endif
1899 case LC_KYBER_512:
1900#ifdef LC_KYBER_512_ENABLED
1901 return lc_kyber_512_ies_dec_init(aead, &sk->key.sk_512,
1902 &ct->key.ct_512, aad, aadlen);
1903#else
1904 return -EOPNOTSUPP;
1905#endif
1906 case LC_KYBER_UNKNOWN:
1907 default:
1908 return -EOPNOTSUPP;
1909 }
1910}
1911
1933static inline int lc_kyber_ies_dec_update(struct lc_aead_ctx *aead,
1934 const uint8_t *ciphertext,
1935 uint8_t *plaintext, size_t datalen)
1936{
1937 return lc_aead_dec_update(aead, ciphertext, plaintext, datalen);
1938}
1939
1959static inline int lc_kyber_ies_dec_final(struct lc_aead_ctx *aead,
1960 const uint8_t *tag, size_t taglen)
1961{
1962 return lc_aead_dec_final(aead, tag, taglen);
1963}
1964
1965/****************************** Kyber X25510 KEM ******************************/
1966
1967#ifdef LC_KYBER_X25519_KEM
1968
1986struct lc_kyber_x25519_sk {
1987 enum lc_kyber_type kyber_type;
1988 union {
1989#ifdef LC_KYBER_1024_ENABLED
1990 struct lc_kyber_1024_x25519_sk sk_1024;
1991#endif
1992#ifdef LC_KYBER_768_ENABLED
1993 struct lc_kyber_768_x25519_sk sk_768;
1994#endif
1995#ifdef LC_KYBER_512_ENABLED
1996 struct lc_kyber_512_x25519_sk sk_512;
1997#endif
1998 } key;
1999};
2000
2004struct lc_kyber_x25519_pk {
2005 enum lc_kyber_type kyber_type;
2006 union {
2007#ifdef LC_KYBER_1024_ENABLED
2008 struct lc_kyber_1024_x25519_pk pk_1024;
2009#endif
2010#ifdef LC_KYBER_768_ENABLED
2011 struct lc_kyber_768_x25519_pk pk_768;
2012#endif
2013#ifdef LC_KYBER_512_ENABLED
2014 struct lc_kyber_512_x25519_pk pk_512;
2015#endif
2016 } key;
2017};
2018
2022struct lc_kyber_x25519_ct {
2023 enum lc_kyber_type kyber_type;
2024 union {
2025#ifdef LC_KYBER_1024_ENABLED
2026 struct lc_kyber_1024_x25519_ct ct_1024;
2027#endif
2028#ifdef LC_KYBER_768_ENABLED
2029 struct lc_kyber_768_x25519_ct ct_768;
2030#endif
2031#ifdef LC_KYBER_512_ENABLED
2032 struct lc_kyber_512_x25519_ct ct_512;
2033#endif
2034 } key;
2035};
2036
2040struct lc_kyber_x25519_ss {
2041 enum lc_kyber_type kyber_type;
2042 union {
2043#ifdef LC_KYBER_1024_ENABLED
2044 struct lc_kyber_1024_x25519_ss ss_1024;
2045#endif
2046#ifdef LC_KYBER_768_ENABLED
2047 struct lc_kyber_768_x25519_ss ss_768;
2048#endif
2049#ifdef LC_KYBER_512_ENABLED
2050 struct lc_kyber_512_x25519_ss ss_512;
2051#endif
2052 } key;
2053};
2054
2063static inline enum lc_kyber_type
2064lc_kyber_x25519_sk_type(const struct lc_kyber_x25519_sk *sk)
2065{
2066 if (!sk)
2067 return LC_KYBER_UNKNOWN;
2068 return sk->kyber_type;
2069}
2070
2079static inline enum lc_kyber_type
2080lc_kyber_x25519_pk_type(const struct lc_kyber_x25519_pk *pk)
2081{
2082 if (!pk)
2083 return LC_KYBER_UNKNOWN;
2084 return pk->kyber_type;
2085}
2086
2095static inline enum lc_kyber_type
2096lc_kyber_x25519_ct_type(const struct lc_kyber_x25519_ct *ct)
2097{
2098 if (!ct)
2099 return LC_KYBER_UNKNOWN;
2100 return ct->kyber_type;
2101}
2102
2111static inline enum lc_kyber_type
2112lc_kyber_x25519_ss_type(const struct lc_kyber_x25519_ss *ss)
2113{
2114 if (!ss)
2115 return LC_KYBER_UNKNOWN;
2116 return ss->kyber_type;
2117}
2118
2127LC_PURE
2128static inline unsigned int
2129lc_kyber_x25519_sk_size(enum lc_kyber_type kyber_type)
2130{
2131 switch (kyber_type) {
2132 case LC_KYBER_1024:
2133#ifdef LC_KYBER_1024_ENABLED
2134 return lc_member_size(struct lc_kyber_x25519_sk, key.sk_1024);
2135#else
2136 return 0;
2137#endif
2138 case LC_KYBER_768:
2139#ifdef LC_KYBER_768_ENABLED
2140 return lc_member_size(struct lc_kyber_x25519_sk, key.sk_768);
2141#else
2142 return 0;
2143#endif
2144 case LC_KYBER_512:
2145#ifdef LC_KYBER_512_ENABLED
2146 return lc_member_size(struct lc_kyber_x25519_sk, key.sk_512);
2147#else
2148 return 0;
2149#endif
2150 case LC_KYBER_UNKNOWN:
2151 default:
2152 return 0;
2153 }
2154}
2155
2164LC_PURE
2165static inline unsigned int
2166lc_kyber_x25519_pk_size(enum lc_kyber_type kyber_type)
2167{
2168 switch (kyber_type) {
2169 case LC_KYBER_1024:
2170#ifdef LC_KYBER_1024_ENABLED
2171 return lc_member_size(struct lc_kyber_x25519_pk, key.pk_1024);
2172#else
2173 return 0;
2174#endif
2175 case LC_KYBER_768:
2176#ifdef LC_KYBER_768_ENABLED
2177 return lc_member_size(struct lc_kyber_x25519_pk, key.pk_768);
2178#else
2179 return 0;
2180#endif
2181 case LC_KYBER_512:
2182#ifdef LC_KYBER_512_ENABLED
2183 return lc_member_size(struct lc_kyber_x25519_pk, key.pk_512);
2184#else
2185 return 0;
2186#endif
2187 case LC_KYBER_UNKNOWN:
2188 default:
2189 return 0;
2190 }
2191}
2192
2201LC_PURE
2202static inline unsigned int
2203lc_kyber_x25519_ct_size(enum lc_kyber_type kyber_type)
2204{
2205 switch (kyber_type) {
2206 case LC_KYBER_1024:
2207#ifdef LC_KYBER_1024_ENABLED
2208 return lc_member_size(struct lc_kyber_x25519_ct, key.ct_1024);
2209#else
2210 return 0;
2211#endif
2212 case LC_KYBER_768:
2213#ifdef LC_KYBER_768_ENABLED
2214 return lc_member_size(struct lc_kyber_x25519_ct, key.ct_768);
2215#else
2216 return 0;
2217#endif
2218 case LC_KYBER_512:
2219#ifdef LC_KYBER_512_ENABLED
2220 return lc_member_size(struct lc_kyber_x25519_ct, key.ct_512);
2221#else
2222 return 0;
2223#endif
2224 case LC_KYBER_UNKNOWN:
2225 default:
2226 return 0;
2227 }
2228}
2229
2238LC_PURE
2239static inline unsigned int
2240lc_kyber_x25519_ss_size(enum lc_kyber_type kyber_type)
2241{
2242 switch (kyber_type) {
2243 case LC_KYBER_1024:
2244#ifdef LC_KYBER_1024_ENABLED
2245 return lc_member_size(struct lc_kyber_x25519_ss, key.ss_1024);
2246#else
2247 return 0;
2248#endif
2249 case LC_KYBER_768:
2250#ifdef LC_KYBER_768_ENABLED
2251 return lc_member_size(struct lc_kyber_x25519_ss, key.ss_768);
2252#else
2253 return 0;
2254#endif
2255 case LC_KYBER_512:
2256#ifdef LC_KYBER_512_ENABLED
2257 return lc_member_size(struct lc_kyber_x25519_ss, key.ss_512);
2258#else
2259 return 0;
2260#endif
2261 case LC_KYBER_UNKNOWN:
2262 default:
2263 return 0;
2264 }
2265}
2266
2267static inline int lc_kyber_x25519_sk_load(struct lc_kyber_x25519_sk *sk,
2268 const uint8_t *kyber_src_key,
2269 size_t kyber_src_key_len,
2270 const uint8_t *x25519_src_key,
2271 size_t x25519_src_key_len)
2272{
2273 if (!sk || !kyber_src_key_len || !x25519_src_key_len ||
2274 kyber_src_key_len == 0 ||
2275 x25519_src_key_len != LC_X25519_SECRETKEYBYTES) {
2276 return -EINVAL;
2277#ifdef LC_KYBER_1024_ENABLED
2278 } else if (kyber_src_key_len == lc_kyber_sk_size(LC_KYBER_1024)) {
2279 struct lc_kyber_1024_x25519_sk *_sk = &sk->key.sk_1024;
2280
2281 memcpy(_sk->sk.sk, kyber_src_key, kyber_src_key_len);
2282 memcpy(_sk->sk_x25519.sk, x25519_src_key, x25519_src_key_len);
2283 sk->kyber_type = LC_KYBER_1024;
2284 return 0;
2285#endif
2286#ifdef LC_KYBER_768_ENABLED
2287 } else if (kyber_src_key_len == lc_kyber_sk_size(LC_KYBER_768)) {
2288 struct lc_kyber_768_x25519_sk *_sk = &sk->key.sk_768;
2289
2290 memcpy(_sk->sk.sk, kyber_src_key, kyber_src_key_len);
2291 memcpy(_sk->sk_x25519.sk, x25519_src_key, x25519_src_key_len);
2292 sk->kyber_type = LC_KYBER_768;
2293 return 0;
2294#endif
2295#ifdef LC_KYBER_512_ENABLED
2296 } else if (kyber_src_key_len == lc_kyber_sk_size(LC_KYBER_512)) {
2297 struct lc_kyber_512_x25519_sk *_sk = &sk->key.sk_512;
2298
2299 memcpy(_sk->sk.sk, kyber_src_key, kyber_src_key_len);
2300 memcpy(_sk->sk_x25519.sk, x25519_src_key, x25519_src_key_len);
2301 sk->kyber_type = LC_KYBER_512;
2302 return 0;
2303#endif
2304 } else {
2305 return -EINVAL;
2306 }
2307}
2308
2309static inline int lc_kyber_x25519_pk_load(struct lc_kyber_x25519_pk *pk,
2310 const uint8_t *kyber_src_key,
2311 size_t kyber_src_key_len,
2312 const uint8_t *x25519_src_key,
2313 size_t x25519_src_key_len)
2314{
2315 if (!pk || !kyber_src_key_len || !x25519_src_key_len ||
2316 kyber_src_key_len == 0 ||
2317 x25519_src_key_len != LC_X25519_PUBLICKEYBYTES) {
2318 return -EINVAL;
2319#ifdef LC_KYBER_1024_ENABLED
2320 } else if (kyber_src_key_len == lc_kyber_pk_size(LC_KYBER_1024)) {
2321 struct lc_kyber_1024_x25519_pk *_pk = &pk->key.pk_1024;
2322
2323 memcpy(_pk->pk.pk, kyber_src_key, kyber_src_key_len);
2324 memcpy(_pk->pk_x25519.pk, x25519_src_key, x25519_src_key_len);
2325 pk->kyber_type = LC_KYBER_1024;
2326 return 0;
2327#endif
2328#ifdef LC_KYBER_768_ENABLED
2329 } else if (kyber_src_key_len == lc_kyber_pk_size(LC_KYBER_768)) {
2330 struct lc_kyber_768_x25519_pk *_pk = &pk->key.pk_768;
2331
2332 memcpy(_pk->pk.pk, kyber_src_key, kyber_src_key_len);
2333 memcpy(_pk->pk_x25519.pk, x25519_src_key, x25519_src_key_len);
2334 pk->kyber_type = LC_KYBER_768;
2335 return 0;
2336#endif
2337#ifdef LC_KYBER_512_ENABLED
2338 } else if (kyber_src_key_len == lc_kyber_pk_size(LC_KYBER_512)) {
2339 struct lc_kyber_512_x25519_pk *_pk = &pk->key.pk_512;
2340
2341 memcpy(_pk->pk.pk, kyber_src_key, kyber_src_key_len);
2342 memcpy(_pk->pk_x25519.pk, x25519_src_key, x25519_src_key_len);
2343 pk->kyber_type = LC_KYBER_512;
2344 return 0;
2345#endif
2346 } else {
2347 return -EINVAL;
2348 }
2349}
2350
2351static inline int lc_kyber_x25519_ct_load(struct lc_kyber_x25519_ct *ct,
2352 const uint8_t *kyber_src_ct,
2353 size_t kyber_src_ct_len,
2354 const uint8_t *x25519_rem_pub_key,
2355 size_t x25519_rem_pub_len)
2356{
2357 if (!ct || !kyber_src_ct_len || !x25519_rem_pub_len ||
2358 kyber_src_ct_len == 0 ||
2359 x25519_rem_pub_len != LC_X25519_PUBLICKEYBYTES) {
2360 return -EINVAL;
2361#ifdef LC_KYBER_1024_ENABLED
2362 } else if (kyber_src_ct_len == lc_kyber_ct_size(LC_KYBER_1024)) {
2363 struct lc_kyber_1024_x25519_ct *_ct = &ct->key.ct_1024;
2364
2365 memcpy(_ct->ct.ct, kyber_src_ct, kyber_src_ct_len);
2366 memcpy(_ct->pk_x25519.pk, x25519_rem_pub_key,
2367 x25519_rem_pub_len);
2368 ct->kyber_type = LC_KYBER_1024;
2369 return 0;
2370#endif
2371#ifdef LC_KYBER_768_ENABLED
2372 } else if (kyber_src_ct_len == lc_kyber_ct_size(LC_KYBER_768)) {
2373 struct lc_kyber_768_x25519_ct *_ct = &ct->key.ct_768;
2374
2375 memcpy(_ct->ct.ct, kyber_src_ct, kyber_src_ct_len);
2376 memcpy(_ct->pk_x25519.pk, x25519_rem_pub_key,
2377 x25519_rem_pub_len);
2378 ct->kyber_type = LC_KYBER_768;
2379 return 0;
2380#endif
2381#ifdef LC_KYBER_512_ENABLED
2382 } else if (kyber_src_ct_len == lc_kyber_ct_size(LC_KYBER_512)) {
2383 struct lc_kyber_512_x25519_ct *_ct = &ct->key.ct_512;
2384
2385 memcpy(_ct->ct.ct, kyber_src_ct, kyber_src_ct_len);
2386 memcpy(_ct->pk_x25519.pk, x25519_rem_pub_key,
2387 x25519_rem_pub_len);
2388 ct->kyber_type = LC_KYBER_512;
2389 return 0;
2390#endif
2391 } else {
2392 return -EINVAL;
2393 }
2394}
2395
2396static inline int lc_kyber_x25519_ss_load(struct lc_kyber_x25519_ss *ss,
2397 const uint8_t *kyber_src_ss,
2398 size_t kyber_src_ss_len,
2399 const uint8_t *x25519_ss,
2400 size_t x25519_ss_len)
2401{
2402 if (!ss || !kyber_src_ss_len || !x25519_ss_len ||
2403 kyber_src_ss_len == 0 || x25519_ss_len != LC_X25519_SSBYTES) {
2404 return -EINVAL;
2405#ifdef LC_KYBER_1024_ENABLED
2406 } else if (kyber_src_ss_len == lc_kyber_ss_size(LC_KYBER_1024)) {
2407 struct lc_kyber_1024_x25519_ss *_ss = &ss->key.ss_1024;
2408
2409 memcpy(_ss->ss.ss, kyber_src_ss, kyber_src_ss_len);
2410 memcpy(_ss->ss_x25519.ss, x25519_ss, x25519_ss_len);
2411 ss->kyber_type = LC_KYBER_1024;
2412 return 0;
2413#endif
2414#ifdef LC_KYBER_768_ENABLED
2415 } else if (kyber_src_ss_len == lc_kyber_ss_size(LC_KYBER_768)) {
2416 struct lc_kyber_768_x25519_ss *_ss = &ss->key.ss_768;
2417
2418 memcpy(_ss->ss.ss, kyber_src_ss, kyber_src_ss_len);
2419 memcpy(_ss->ss_x25519.ss, x25519_ss, x25519_ss_len);
2420 ss->kyber_type = LC_KYBER_768;
2421 return 0;
2422#endif
2423#ifdef LC_KYBER_512_ENABLED
2424 } else if (kyber_src_ss_len == lc_kyber_ss_size(LC_KYBER_512)) {
2425 struct lc_kyber_512_x25519_ss *_ss = &ss->key.ss_512;
2426
2427 memcpy(_ss->ss.ss, kyber_src_ss, kyber_src_ss_len);
2428 memcpy(_ss->ss_x25519.ss, x25519_ss, x25519_ss_len);
2429 ss->kyber_type = LC_KYBER_512;
2430 return 0;
2431#endif
2432 } else {
2433 return -EINVAL;
2434 }
2435}
2436
2452static inline int lc_kyber_x25519_sk_ptr(uint8_t **kyber_key,
2453 size_t *kyber_key_len,
2454 uint8_t **x25519_key,
2455 size_t *x25519_key_len,
2456 struct lc_kyber_x25519_sk *sk)
2457{
2458 if (!sk || !kyber_key || !kyber_key_len || !x25519_key ||
2459 !x25519_key_len) {
2460 return -EINVAL;
2461#ifdef LC_KYBER_1024_ENABLED
2462 } else if (sk->kyber_type == LC_KYBER_1024) {
2463 struct lc_kyber_1024_x25519_sk *_sk = &sk->key.sk_1024;
2464
2465 *kyber_key = _sk->sk.sk;
2466 *kyber_key_len = lc_kyber_sk_size(sk->kyber_type);
2467 *x25519_key = _sk->sk_x25519.sk;
2468 *x25519_key_len = LC_X25519_SECRETKEYBYTES;
2469 return 0;
2470#endif
2471#ifdef LC_KYBER_768_ENABLED
2472 } else if (sk->kyber_type == LC_KYBER_768) {
2473 struct lc_kyber_768_x25519_sk *_sk = &sk->key.sk_768;
2474
2475 *kyber_key = _sk->sk.sk;
2476 *kyber_key_len = lc_kyber_sk_size(sk->kyber_type);
2477 *x25519_key = _sk->sk_x25519.sk;
2478 *x25519_key_len = LC_X25519_SECRETKEYBYTES;
2479 return 0;
2480#endif
2481#ifdef LC_KYBER_512_ENABLED
2482 } else if (sk->kyber_type == LC_KYBER_512) {
2483 struct lc_kyber_512_x25519_sk *_sk = &sk->key.sk_512;
2484
2485 *kyber_key = _sk->sk.sk;
2486 *kyber_key_len = lc_kyber_sk_size(sk->kyber_type);
2487 *x25519_key = _sk->sk_x25519.sk;
2488 *x25519_key_len = LC_X25519_SECRETKEYBYTES;
2489 return 0;
2490#endif
2491 } else {
2492 return -EINVAL;
2493 }
2494}
2495
2511static inline int lc_kyber_x25519_pk_ptr(uint8_t **kyber_key,
2512 size_t *kyber_key_len,
2513 uint8_t **x25519_key,
2514 size_t *x25519_key_len,
2515 struct lc_kyber_x25519_pk *pk)
2516{
2517 if (!pk || !kyber_key || !kyber_key_len || !x25519_key ||
2518 !x25519_key_len) {
2519 return -EINVAL;
2520#ifdef LC_KYBER_1024_ENABLED
2521 } else if (pk->kyber_type == LC_KYBER_1024) {
2522 struct lc_kyber_1024_x25519_pk *_pk = &pk->key.pk_1024;
2523
2524 *kyber_key = _pk->pk.pk;
2525 *kyber_key_len = lc_kyber_pk_size(pk->kyber_type);
2526 *x25519_key = _pk->pk_x25519.pk;
2527 *x25519_key_len = LC_X25519_PUBLICKEYBYTES;
2528 return 0;
2529#endif
2530#ifdef LC_KYBER_768_ENABLED
2531 } else if (pk->kyber_type == LC_KYBER_768) {
2532 struct lc_kyber_768_x25519_pk *_pk = &pk->key.pk_768;
2533
2534 *kyber_key = _pk->pk.pk;
2535 *kyber_key_len = lc_kyber_pk_size(pk->kyber_type);
2536 *x25519_key = _pk->pk_x25519.pk;
2537 *x25519_key_len = LC_X25519_PUBLICKEYBYTES;
2538 return 0;
2539#endif
2540#ifdef LC_KYBER_512_ENABLED
2541 } else if (pk->kyber_type == LC_KYBER_512) {
2542 struct lc_kyber_512_x25519_pk *_pk = &pk->key.pk_512;
2543
2544 *kyber_key = _pk->pk.pk;
2545 *kyber_key_len = lc_kyber_pk_size(pk->kyber_type);
2546 *x25519_key = _pk->pk_x25519.pk;
2547 *x25519_key_len = LC_X25519_PUBLICKEYBYTES;
2548 return 0;
2549#endif
2550 } else {
2551 return -EINVAL;
2552 }
2553}
2554
2571static inline int lc_kyber_x25519_ct_ptr(uint8_t **kyber_ct,
2572 size_t *kyber_ct_len,
2573 uint8_t **x25519_key,
2574 size_t *x25519_key_len,
2575 struct lc_kyber_x25519_ct *ct)
2576{
2577 if (!ct || !kyber_ct || !kyber_ct_len || !x25519_key ||
2578 !x25519_key_len) {
2579 return -EINVAL;
2580#ifdef LC_KYBER_1024_ENABLED
2581 } else if (ct->kyber_type == LC_KYBER_1024) {
2582 struct lc_kyber_1024_x25519_ct *_ct = &ct->key.ct_1024;
2583
2584 *kyber_ct = _ct->ct.ct;
2585 *kyber_ct_len = lc_kyber_ct_size(ct->kyber_type);
2586 *x25519_key = _ct->pk_x25519.pk;
2587 *x25519_key_len = LC_X25519_PUBLICKEYBYTES;
2588 return 0;
2589#endif
2590#ifdef LC_KYBER_768_ENABLED
2591 } else if (ct->kyber_type == LC_KYBER_768) {
2592 struct lc_kyber_768_x25519_ct *_ct = &ct->key.ct_768;
2593
2594 *kyber_ct = _ct->ct.ct;
2595 *kyber_ct_len = lc_kyber_ct_size(ct->kyber_type);
2596 *x25519_key = _ct->pk_x25519.pk;
2597 *x25519_key_len = LC_X25519_PUBLICKEYBYTES;
2598 return 0;
2599#endif
2600#ifdef LC_KYBER_512_ENABLED
2601 } else if (ct->kyber_type == LC_KYBER_512) {
2602 struct lc_kyber_512_x25519_ct *_ct = &ct->key.ct_512;
2603
2604 *kyber_ct = _ct->ct.ct;
2605 *kyber_ct_len = lc_kyber_ct_size(ct->kyber_type);
2606 *x25519_key = _ct->pk_x25519.pk;
2607 *x25519_key_len = LC_X25519_PUBLICKEYBYTES;
2608 return 0;
2609#endif
2610 } else {
2611 return -EINVAL;
2612 }
2613}
2614
2631static inline int lc_kyber_x25519_ss_ptr(uint8_t **kyber_ss,
2632 size_t *kyber_ss_len,
2633 uint8_t **x25519_ss,
2634 size_t *x25519_ss_len,
2635 struct lc_kyber_x25519_ss *ss)
2636{
2637 if (!ss || !kyber_ss || !kyber_ss_len || !x25519_ss || !x25519_ss_len) {
2638 return -EINVAL;
2639#ifdef LC_KYBER_1024_ENABLED
2640 } else if (ss->kyber_type == LC_KYBER_1024) {
2641 struct lc_kyber_1024_x25519_ss *_ss = &ss->key.ss_1024;
2642
2643 *kyber_ss = _ss->ss.ss;
2644 *kyber_ss_len = lc_kyber_ss_size(ss->kyber_type);
2645 *x25519_ss = _ss->ss_x25519.ss;
2646 *x25519_ss_len = LC_X25519_SSBYTES;
2647 return 0;
2648#endif
2649#ifdef LC_KYBER_768_ENABLED
2650 } else if (ss->kyber_type == LC_KYBER_768) {
2651 struct lc_kyber_768_x25519_ss *_ss = &ss->key.ss_768;
2652
2653 *kyber_ss = _ss->ss.ss;
2654 *kyber_ss_len = lc_kyber_ss_size(ss->kyber_type);
2655 *x25519_ss = _ss->ss_x25519.ss;
2656 *x25519_ss_len = LC_X25519_SSBYTES;
2657 return 0;
2658#endif
2659#ifdef LC_KYBER_512_ENABLED
2660 } else if (ss->kyber_type == LC_KYBER_512) {
2661 struct lc_kyber_512_x25519_ss *_ss = &ss->key.ss_512;
2662
2663 *kyber_ss = _ss->ss.ss;
2664 *kyber_ss_len = lc_kyber_ss_size(ss->kyber_type);
2665 *x25519_ss = _ss->ss_x25519.ss;
2666 *x25519_ss_len = LC_X25519_SSBYTES;
2667 return 0;
2668#endif
2669 } else {
2670 return -EINVAL;
2671 }
2672}
2673
2686static inline int lc_kyber_x25519_keypair(struct lc_kyber_x25519_pk *pk,
2687 struct lc_kyber_x25519_sk *sk,
2688 struct lc_rng_ctx *rng_ctx,
2689 enum lc_kyber_type kyber_type)
2690{
2691 if (!pk || !sk)
2692 return -EINVAL;
2693
2694 switch (kyber_type) {
2695 case LC_KYBER_1024:
2696#ifdef LC_KYBER_1024_ENABLED
2697 pk->kyber_type = kyber_type;
2698 sk->kyber_type = kyber_type;
2699 return lc_kyber_1024_x25519_keypair(&pk->key.pk_1024,
2700 &sk->key.sk_1024, rng_ctx);
2701#else
2702 return -EOPNOTSUPP;
2703#endif
2704 case LC_KYBER_768:
2705#ifdef LC_KYBER_768_ENABLED
2706 pk->kyber_type = kyber_type;
2707 sk->kyber_type = kyber_type;
2708 return lc_kyber_768_x25519_keypair(&pk->key.pk_768,
2709 &sk->key.sk_768, rng_ctx);
2710#else
2711 return -EOPNOTSUPP;
2712#endif
2713 case LC_KYBER_512:
2714#ifdef LC_KYBER_512_ENABLED
2715 pk->kyber_type = kyber_type;
2716 sk->kyber_type = kyber_type;
2717 return lc_kyber_512_x25519_keypair(&pk->key.pk_512,
2718 &sk->key.sk_512, rng_ctx);
2719#else
2720 return -EOPNOTSUPP;
2721#endif
2722 case LC_KYBER_UNKNOWN:
2723 default:
2724 return -EOPNOTSUPP;
2725 }
2726}
2727
2752static inline int lc_kyber_x25519_enc_kdf(struct lc_kyber_x25519_ct *ct,
2753 uint8_t *ss, size_t ss_len,
2754 const struct lc_kyber_x25519_pk *pk)
2755{
2756 if (!ct || !pk)
2757 return -EINVAL;
2758
2759 switch (pk->kyber_type) {
2760 case LC_KYBER_1024:
2761#ifdef LC_KYBER_1024_ENABLED
2762 ct->kyber_type = LC_KYBER_1024;
2763 return lc_kyber_1024_x25519_enc_kdf(&ct->key.ct_1024, ss,
2764 ss_len, &pk->key.pk_1024);
2765#else
2766 return -EOPNOTSUPP;
2767#endif
2768 case LC_KYBER_768:
2769#ifdef LC_KYBER_768_ENABLED
2770 ct->kyber_type = LC_KYBER_768;
2771 return lc_kyber_768_x25519_enc_kdf(&ct->key.ct_768, ss, ss_len,
2772 &pk->key.pk_768);
2773#else
2774 return -EOPNOTSUPP;
2775#endif
2776 case LC_KYBER_512:
2777#ifdef LC_KYBER_512_ENABLED
2778 ct->kyber_type = LC_KYBER_512;
2779 return lc_kyber_512_x25519_enc_kdf(&ct->key.ct_512, ss, ss_len,
2780 &pk->key.pk_512);
2781#else
2782 return -EOPNOTSUPP;
2783#endif
2784 case LC_KYBER_UNKNOWN:
2785 default:
2786 return -EOPNOTSUPP;
2787 }
2788}
2789
2811static inline int lc_kyber_x25519_dec_kdf(uint8_t *ss, size_t ss_len,
2812 const struct lc_kyber_x25519_ct *ct,
2813 const struct lc_kyber_x25519_sk *sk)
2814{
2815 if (!ct || !sk || ct->kyber_type != sk->kyber_type)
2816 return -EINVAL;
2817
2818 switch (sk->kyber_type) {
2819 case LC_KYBER_1024:
2820#ifdef LC_KYBER_1024_ENABLED
2821 return lc_kyber_1024_x25519_dec_kdf(
2822 ss, ss_len, &ct->key.ct_1024, &sk->key.sk_1024);
2823#else
2824 return -EOPNOTSUPP;
2825#endif
2826 case LC_KYBER_768:
2827#ifdef LC_KYBER_768_ENABLED
2828 return lc_kyber_768_x25519_dec_kdf(ss, ss_len, &ct->key.ct_768,
2829 &sk->key.sk_768);
2830#else
2831 return -EOPNOTSUPP;
2832#endif
2833 case LC_KYBER_512:
2834#ifdef LC_KYBER_512_ENABLED
2835 return lc_kyber_512_x25519_dec_kdf(ss, ss_len, &ct->key.ct_512,
2836 &sk->key.sk_512);
2837#else
2838 return -EOPNOTSUPP;
2839#endif
2840 case LC_KYBER_UNKNOWN:
2841 default:
2842 return -EOPNOTSUPP;
2843 }
2844}
2845
2846/****************************** Kyber X25510 KEX ******************************/
2847
2864static inline int lc_kex_x25519_uake_initiator_init(
2865 struct lc_kyber_x25519_pk *pk_e_i, struct lc_kyber_x25519_ct *ct_e_i,
2866 struct lc_kyber_x25519_ss *tk, struct lc_kyber_x25519_sk *sk_e,
2867 const struct lc_kyber_x25519_pk *pk_r)
2868{
2869 if (!pk_e_i || !ct_e_i || !tk || !sk_e || !pk_r)
2870 return -EINVAL;
2871
2872 switch (pk_r->kyber_type) {
2873 case LC_KYBER_1024:
2874#ifdef LC_KYBER_1024_ENABLED
2875 pk_e_i->kyber_type = LC_KYBER_1024;
2876 ct_e_i->kyber_type = LC_KYBER_1024;
2877 tk->kyber_type = LC_KYBER_1024;
2878 sk_e->kyber_type = LC_KYBER_1024;
2879 return lc_kex_1024_x25519_uake_initiator_init(
2880 &pk_e_i->key.pk_1024, &ct_e_i->key.ct_1024,
2881 &tk->key.ss_1024, &sk_e->key.sk_1024,
2882 &pk_r->key.pk_1024);
2883#else
2884 return -EOPNOTSUPP;
2885#endif
2886 case LC_KYBER_768:
2887#ifdef LC_KYBER_768_ENABLED
2888 pk_e_i->kyber_type = LC_KYBER_768;
2889 ct_e_i->kyber_type = LC_KYBER_768;
2890 tk->kyber_type = LC_KYBER_768;
2891 sk_e->kyber_type = LC_KYBER_768;
2892 return lc_kex_768_x25519_uake_initiator_init(
2893 &pk_e_i->key.pk_768, &ct_e_i->key.ct_768,
2894 &tk->key.ss_768, &sk_e->key.sk_768, &pk_r->key.pk_768);
2895#else
2896 return -EOPNOTSUPP;
2897#endif
2898 case LC_KYBER_512:
2899#ifdef LC_KYBER_512_ENABLED
2900 pk_e_i->kyber_type = LC_KYBER_512;
2901 ct_e_i->kyber_type = LC_KYBER_512;
2902 tk->kyber_type = LC_KYBER_512;
2903 sk_e->kyber_type = LC_KYBER_512;
2904 return lc_kex_512_x25519_uake_initiator_init(
2905 &pk_e_i->key.pk_512, &ct_e_i->key.ct_512,
2906 &tk->key.ss_512, &sk_e->key.sk_512, &pk_r->key.pk_512);
2907#else
2908 return -EOPNOTSUPP;
2909#endif
2910 case LC_KYBER_UNKNOWN:
2911 default:
2912 return -EOPNOTSUPP;
2913 }
2914}
2915
2934static inline int lc_kex_x25519_uake_responder_ss(
2935 struct lc_kyber_x25519_ct *ct_e_r, uint8_t *shared_secret,
2936 size_t shared_secret_len, const uint8_t *kdf_nonce,
2937 size_t kdf_nonce_len, const struct lc_kyber_x25519_pk *pk_e_i,
2938 const struct lc_kyber_x25519_ct *ct_e_i,
2939 const struct lc_kyber_x25519_sk *sk_r)
2940{
2941 if (!ct_e_r || !pk_e_i || !ct_e_i || !sk_r ||
2942 pk_e_i->kyber_type != ct_e_i->kyber_type ||
2943 pk_e_i->kyber_type != sk_r->kyber_type)
2944 return -EINVAL;
2945
2946 switch (pk_e_i->kyber_type) {
2947 case LC_KYBER_1024:
2948#ifdef LC_KYBER_1024_ENABLED
2949 ct_e_r->kyber_type = LC_KYBER_1024;
2950 return lc_kex_1024_x25519_uake_responder_ss(
2951 &ct_e_r->key.ct_1024, shared_secret, shared_secret_len,
2952 kdf_nonce, kdf_nonce_len, &pk_e_i->key.pk_1024,
2953 &ct_e_i->key.ct_1024, &sk_r->key.sk_1024);
2954#else
2955 return -EOPNOTSUPP;
2956#endif
2957 case LC_KYBER_768:
2958#ifdef LC_KYBER_768_ENABLED
2959 ct_e_r->kyber_type = LC_KYBER_768;
2960 return lc_kex_768_x25519_uake_responder_ss(
2961 &ct_e_r->key.ct_768, shared_secret, shared_secret_len,
2962 kdf_nonce, kdf_nonce_len, &pk_e_i->key.pk_768,
2963 &ct_e_i->key.ct_768, &sk_r->key.sk_768);
2964#else
2965 return -EOPNOTSUPP;
2966#endif
2967 case LC_KYBER_512:
2968#ifdef LC_KYBER_512_ENABLED
2969 ct_e_r->kyber_type = LC_KYBER_512;
2970 return lc_kex_512_x25519_uake_responder_ss(
2971 &ct_e_r->key.ct_512, shared_secret, shared_secret_len,
2972 kdf_nonce, kdf_nonce_len, &pk_e_i->key.pk_512,
2973 &ct_e_i->key.ct_512, &sk_r->key.sk_512);
2974#else
2975 return -EOPNOTSUPP;
2976#endif
2977 case LC_KYBER_UNKNOWN:
2978 default:
2979 return -EOPNOTSUPP;
2980 }
2981}
2982
3001static inline int
3002lc_kex_x25519_uake_initiator_ss(uint8_t *shared_secret,
3003 size_t shared_secret_len,
3004 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
3005 const struct lc_kyber_x25519_ct *ct_e_r,
3006 const struct lc_kyber_x25519_ss *tk,
3007 const struct lc_kyber_x25519_sk *sk_e)
3008{
3009 if (!ct_e_r || !tk || !sk_e || ct_e_r->kyber_type != tk->kyber_type ||
3010 ct_e_r->kyber_type != sk_e->kyber_type)
3011 return -EINVAL;
3012
3013 switch (ct_e_r->kyber_type) {
3014 case LC_KYBER_1024:
3015#ifdef LC_KYBER_1024_ENABLED
3016 return lc_kex_1024_x25519_uake_initiator_ss(
3017 shared_secret, shared_secret_len, kdf_nonce,
3018 kdf_nonce_len, &ct_e_r->key.ct_1024, &tk->key.ss_1024,
3019 &sk_e->key.sk_1024);
3020#else
3021 return -EOPNOTSUPP;
3022#endif
3023 case LC_KYBER_768:
3024#ifdef LC_KYBER_768_ENABLED
3025 return lc_kex_768_x25519_uake_initiator_ss(
3026 shared_secret, shared_secret_len, kdf_nonce,
3027 kdf_nonce_len, &ct_e_r->key.ct_768, &tk->key.ss_768,
3028 &sk_e->key.sk_768);
3029#else
3030 return -EOPNOTSUPP;
3031#endif
3032 case LC_KYBER_512:
3033#ifdef LC_KYBER_512_ENABLED
3034 return lc_kex_512_x25519_uake_initiator_ss(
3035 shared_secret, shared_secret_len, kdf_nonce,
3036 kdf_nonce_len, &ct_e_r->key.ct_512, &tk->key.ss_512,
3037 &sk_e->key.sk_512);
3038#else
3039 return -EOPNOTSUPP;
3040#endif
3041 case LC_KYBER_UNKNOWN:
3042 default:
3043 return -EOPNOTSUPP;
3044 }
3045}
3046
3063static inline int lc_kex_x25519_ake_initiator_init(
3064 struct lc_kyber_x25519_pk *pk_e_i, struct lc_kyber_x25519_ct *ct_e_i,
3065 struct lc_kyber_x25519_ss *tk, struct lc_kyber_x25519_sk *sk_e,
3066 const struct lc_kyber_x25519_pk *pk_r)
3067{
3068 if (!pk_e_i || !ct_e_i || !tk || !sk_e || !pk_r)
3069 return -EINVAL;
3070
3071 switch (pk_r->kyber_type) {
3072 case LC_KYBER_1024:
3073#ifdef LC_KYBER_1024_ENABLED
3074 pk_e_i->kyber_type = LC_KYBER_1024;
3075 ct_e_i->kyber_type = LC_KYBER_1024;
3076 tk->kyber_type = LC_KYBER_1024;
3077 sk_e->kyber_type = LC_KYBER_1024;
3078 return lc_kex_1024_x25519_ake_initiator_init(
3079 &pk_e_i->key.pk_1024, &ct_e_i->key.ct_1024,
3080 &tk->key.ss_1024, &sk_e->key.sk_1024,
3081 &pk_r->key.pk_1024);
3082#else
3083 return -EOPNOTSUPP;
3084#endif
3085 case LC_KYBER_768:
3086#ifdef LC_KYBER_768_ENABLED
3087 pk_e_i->kyber_type = LC_KYBER_768;
3088 ct_e_i->kyber_type = LC_KYBER_768;
3089 tk->kyber_type = LC_KYBER_768;
3090 sk_e->kyber_type = LC_KYBER_768;
3091 return lc_kex_768_x25519_ake_initiator_init(
3092 &pk_e_i->key.pk_768, &ct_e_i->key.ct_768,
3093 &tk->key.ss_768, &sk_e->key.sk_768, &pk_r->key.pk_768);
3094#else
3095 return -EOPNOTSUPP;
3096#endif
3097 case LC_KYBER_512:
3098#ifdef LC_KYBER_512_ENABLED
3099 pk_e_i->kyber_type = LC_KYBER_512;
3100 ct_e_i->kyber_type = LC_KYBER_512;
3101 tk->kyber_type = LC_KYBER_512;
3102 sk_e->kyber_type = LC_KYBER_512;
3103 return lc_kex_512_x25519_ake_initiator_init(
3104 &pk_e_i->key.pk_512, &ct_e_i->key.ct_512,
3105 &tk->key.ss_512, &sk_e->key.sk_512, &pk_r->key.pk_512);
3106#else
3107 return -EOPNOTSUPP;
3108#endif
3109 case LC_KYBER_UNKNOWN:
3110 default:
3111 return -EOPNOTSUPP;
3112 }
3113}
3114
3136static inline int
3137lc_kex_x25519_ake_responder_ss(struct lc_kyber_x25519_ct *ct_e_r_1,
3138 struct lc_kyber_x25519_ct *ct_e_r_2,
3139 uint8_t *shared_secret, size_t shared_secret_len,
3140 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
3141 const struct lc_kyber_x25519_pk *pk_e_i,
3142 const struct lc_kyber_x25519_ct *ct_e_i,
3143 const struct lc_kyber_x25519_sk *sk_r,
3144 const struct lc_kyber_x25519_pk *pk_i)
3145{
3146 if (!ct_e_r_1 || !ct_e_r_2 || !pk_e_i || !ct_e_i || !sk_r || !pk_i ||
3147 pk_e_i->kyber_type != ct_e_i->kyber_type ||
3148 pk_e_i->kyber_type != sk_r->kyber_type ||
3149 pk_e_i->kyber_type != pk_i->kyber_type)
3150 return -EINVAL;
3151
3152 switch (pk_e_i->kyber_type) {
3153 case LC_KYBER_1024:
3154#ifdef LC_KYBER_1024_ENABLED
3155 ct_e_r_1->kyber_type = LC_KYBER_1024;
3156 ct_e_r_2->kyber_type = LC_KYBER_1024;
3157 return lc_kex_1024_x25519_ake_responder_ss(
3158 &ct_e_r_1->key.ct_1024, &ct_e_r_2->key.ct_1024,
3159 shared_secret, shared_secret_len, kdf_nonce,
3160 kdf_nonce_len, &pk_e_i->key.pk_1024,
3161 &ct_e_i->key.ct_1024, &sk_r->key.sk_1024,
3162 &pk_i->key.pk_1024);
3163#else
3164 return -EOPNOTSUPP;
3165#endif
3166 case LC_KYBER_768:
3167#ifdef LC_KYBER_768_ENABLED
3168 ct_e_r_1->kyber_type = LC_KYBER_768;
3169 ct_e_r_2->kyber_type = LC_KYBER_768;
3170 return lc_kex_768_x25519_ake_responder_ss(
3171 &ct_e_r_1->key.ct_768, &ct_e_r_2->key.ct_768,
3172 shared_secret, shared_secret_len, kdf_nonce,
3173 kdf_nonce_len, &pk_e_i->key.pk_768, &ct_e_i->key.ct_768,
3174 &sk_r->key.sk_768, &pk_i->key.pk_768);
3175#else
3176 return -EOPNOTSUPP;
3177#endif
3178 case LC_KYBER_512:
3179#ifdef LC_KYBER_512_ENABLED
3180 ct_e_r_1->kyber_type = LC_KYBER_512;
3181 ct_e_r_2->kyber_type = LC_KYBER_512;
3182 return lc_kex_512_x25519_ake_responder_ss(
3183 &ct_e_r_1->key.ct_512, &ct_e_r_2->key.ct_512,
3184 shared_secret, shared_secret_len, kdf_nonce,
3185 kdf_nonce_len, &pk_e_i->key.pk_512, &ct_e_i->key.ct_512,
3186 &sk_r->key.sk_512, &pk_i->key.pk_512);
3187#else
3188 return -EOPNOTSUPP;
3189#endif
3190 case LC_KYBER_UNKNOWN:
3191 default:
3192 return -EOPNOTSUPP;
3193 }
3194}
3195
3216static inline int
3217lc_kex_x25519_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len,
3218 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
3219 const struct lc_kyber_x25519_ct *ct_e_r_1,
3220 const struct lc_kyber_x25519_ct *ct_e_r_2,
3221 const struct lc_kyber_x25519_ss *tk,
3222 const struct lc_kyber_x25519_sk *sk_e,
3223 const struct lc_kyber_x25519_sk *sk_i)
3224{
3225 if (!ct_e_r_1 || !ct_e_r_2 || !tk || !sk_e || !sk_i ||
3226 ct_e_r_1->kyber_type != ct_e_r_2->kyber_type ||
3227 ct_e_r_1->kyber_type != tk->kyber_type ||
3228 ct_e_r_1->kyber_type != sk_e->kyber_type ||
3229 ct_e_r_1->kyber_type != sk_i->kyber_type)
3230 return -EINVAL;
3231
3232 switch (ct_e_r_1->kyber_type) {
3233 case LC_KYBER_1024:
3234#ifdef LC_KYBER_1024_ENABLED
3235 return lc_kex_1024_x25519_ake_initiator_ss(
3236 shared_secret, shared_secret_len, kdf_nonce,
3237 kdf_nonce_len, &ct_e_r_1->key.ct_1024,
3238 &ct_e_r_2->key.ct_1024, &tk->key.ss_1024,
3239 &sk_e->key.sk_1024, &sk_i->key.sk_1024);
3240#else
3241 return -EOPNOTSUPP;
3242#endif
3243 case LC_KYBER_768:
3244#ifdef LC_KYBER_768_ENABLED
3245 return lc_kex_768_x25519_ake_initiator_ss(
3246 shared_secret, shared_secret_len, kdf_nonce,
3247 kdf_nonce_len, &ct_e_r_1->key.ct_768,
3248 &ct_e_r_2->key.ct_768, &tk->key.ss_768,
3249 &sk_e->key.sk_768, &sk_i->key.sk_768);
3250#else
3251 return -EOPNOTSUPP;
3252#endif
3253 case LC_KYBER_512:
3254#ifdef LC_KYBER_512_ENABLED
3255 return lc_kex_512_x25519_ake_initiator_ss(
3256 shared_secret, shared_secret_len, kdf_nonce,
3257 kdf_nonce_len, &ct_e_r_1->key.ct_512,
3258 &ct_e_r_2->key.ct_512, &tk->key.ss_512,
3259 &sk_e->key.sk_512, &sk_i->key.sk_512);
3260#else
3261 return -EOPNOTSUPP;
3262#endif
3263 case LC_KYBER_UNKNOWN:
3264 default:
3265 return -EOPNOTSUPP;
3266 }
3267}
3268
3269/****************************** Kyber X25519 IES ******************************/
3299static inline int lc_kyber_x25519_ies_enc(const struct lc_kyber_x25519_pk *pk,
3300 struct lc_kyber_x25519_ct *ct,
3301 const uint8_t *plaintext,
3302 uint8_t *ciphertext, size_t datalen,
3303 const uint8_t *aad, size_t aadlen,
3304 uint8_t *tag, size_t taglen,
3305 struct lc_aead_ctx *aead)
3306{
3307 if (!pk || !ct)
3308 return -EINVAL;
3309
3310 switch (pk->kyber_type) {
3311 case LC_KYBER_1024:
3312#ifdef LC_KYBER_1024_ENABLED
3313 ct->kyber_type = LC_KYBER_1024;
3314 return lc_kyber_1024_x25519_ies_enc(&pk->key.pk_1024,
3315 &ct->key.ct_1024, plaintext,
3316 ciphertext, datalen, aad,
3317 aadlen, tag, taglen, aead);
3318#else
3319 return -EOPNOTSUPP;
3320#endif
3321 case LC_KYBER_768:
3322#ifdef LC_KYBER_768_ENABLED
3323 ct->kyber_type = LC_KYBER_768;
3324 return lc_kyber_768_x25519_ies_enc(&pk->key.pk_768,
3325 &ct->key.ct_768, plaintext,
3326 ciphertext, datalen, aad,
3327 aadlen, tag, taglen, aead);
3328#else
3329 return -EOPNOTSUPP;
3330#endif
3331 case LC_KYBER_512:
3332#ifdef LC_KYBER_512_ENABLED
3333 ct->kyber_type = LC_KYBER_512;
3334 return lc_kyber_512_x25519_ies_enc(&pk->key.pk_512,
3335 &ct->key.ct_512, plaintext,
3336 ciphertext, datalen, aad,
3337 aadlen, tag, taglen, aead);
3338#else
3339 return -EOPNOTSUPP;
3340#endif
3341 case LC_KYBER_UNKNOWN:
3342 default:
3343 return -EOPNOTSUPP;
3344 }
3345}
3346
3373static inline int lc_kyber_x25519_ies_enc_init(
3374 struct lc_aead_ctx *aead, const struct lc_kyber_x25519_pk *pk,
3375 struct lc_kyber_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
3376{
3377 if (!pk || !ct)
3378 return -EINVAL;
3379
3380 switch (pk->kyber_type) {
3381 case LC_KYBER_1024:
3382#ifdef LC_KYBER_1024_ENABLED
3383 ct->kyber_type = LC_KYBER_1024;
3384 return lc_kyber_1024_x25519_ies_enc_init(
3385 aead, &pk->key.pk_1024, &ct->key.ct_1024, aad, aadlen);
3386#else
3387 return -EOPNOTSUPP;
3388#endif
3389 case LC_KYBER_768:
3390#ifdef LC_KYBER_768_ENABLED
3391 ct->kyber_type = LC_KYBER_768;
3392 return lc_kyber_768_x25519_ies_enc_init(
3393 aead, &pk->key.pk_768, &ct->key.ct_768, aad, aadlen);
3394#else
3395 return -EOPNOTSUPP;
3396#endif
3397 case LC_KYBER_512:
3398#ifdef LC_KYBER_512_ENABLED
3399 ct->kyber_type = LC_KYBER_512;
3400 return lc_kyber_512_x25519_ies_enc_init(
3401 aead, &pk->key.pk_512, &ct->key.ct_512, aad, aadlen);
3402#else
3403 return -EOPNOTSUPP;
3404#endif
3405 case LC_KYBER_UNKNOWN:
3406 default:
3407 return -EOPNOTSUPP;
3408 }
3409}
3410
3430static inline int lc_kyber_x25519_ies_enc_update(struct lc_aead_ctx *aead,
3431 const uint8_t *plaintext,
3432 uint8_t *ciphertext,
3433 size_t datalen)
3434{
3435 return lc_aead_enc_update(aead, plaintext, ciphertext, datalen);
3436}
3437
3457static inline int lc_kyber_x25519_ies_enc_final(struct lc_aead_ctx *aead,
3458 uint8_t *tag, size_t taglen)
3459{
3460 return lc_aead_enc_final(aead, tag, taglen);
3461}
3462
3492static inline int lc_kyber_x25519_ies_dec(const struct lc_kyber_x25519_sk *sk,
3493 const struct lc_kyber_x25519_ct *ct,
3494 const uint8_t *ciphertext,
3495 uint8_t *plaintext, size_t datalen,
3496 const uint8_t *aad, size_t aadlen,
3497 const uint8_t *tag, size_t taglen,
3498 struct lc_aead_ctx *aead)
3499{
3500 if (!sk || !ct || sk->kyber_type != ct->kyber_type)
3501 return -EINVAL;
3502
3503 switch (sk->kyber_type) {
3504 case LC_KYBER_1024:
3505#ifdef LC_KYBER_1024_ENABLED
3506 return lc_kyber_1024_x25519_ies_dec(
3507 &sk->key.sk_1024, &ct->key.ct_1024, ciphertext,
3508 plaintext, datalen, aad, aadlen, tag, taglen, aead);
3509#else
3510 return -EOPNOTSUPP;
3511#endif
3512 case LC_KYBER_768:
3513#ifdef LC_KYBER_768_ENABLED
3514 return lc_kyber_768_x25519_ies_dec(&sk->key.sk_768,
3515 &ct->key.ct_768, ciphertext,
3516 plaintext, datalen, aad,
3517 aadlen, tag, taglen, aead);
3518#else
3519 return -EOPNOTSUPP;
3520#endif
3521 case LC_KYBER_512:
3522#ifdef LC_KYBER_512_ENABLED
3523 return lc_kyber_512_x25519_ies_dec(&sk->key.sk_512,
3524 &ct->key.ct_512, ciphertext,
3525 plaintext, datalen, aad,
3526 aadlen, tag, taglen, aead);
3527#else
3528 return -EOPNOTSUPP;
3529#endif
3530 case LC_KYBER_UNKNOWN:
3531 default:
3532 return -EOPNOTSUPP;
3533 }
3534}
3535
3562static inline int lc_kyber_x25519_ies_dec_init(
3563 struct lc_aead_ctx *aead, const struct lc_kyber_x25519_sk *sk,
3564 const struct lc_kyber_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
3565{
3566 if (!sk || !ct || sk->kyber_type != ct->kyber_type)
3567 return -EINVAL;
3568
3569 switch (sk->kyber_type) {
3570 case LC_KYBER_1024:
3571#ifdef LC_KYBER_1024_ENABLED
3572 return lc_kyber_1024_x25519_ies_dec_init(
3573 aead, &sk->key.sk_1024, &ct->key.ct_1024, aad, aadlen);
3574#else
3575 return -EOPNOTSUPP;
3576#endif
3577 case LC_KYBER_768:
3578#ifdef LC_KYBER_768_ENABLED
3579 return lc_kyber_768_x25519_ies_dec_init(
3580 aead, &sk->key.sk_768, &ct->key.ct_768, aad, aadlen);
3581#else
3582 return -EOPNOTSUPP;
3583#endif
3584 case LC_KYBER_512:
3585#ifdef LC_KYBER_512_ENABLED
3586 return lc_kyber_512_x25519_ies_dec_init(
3587 aead, &sk->key.sk_512, &ct->key.ct_512, aad, aadlen);
3588#else
3589 return -EOPNOTSUPP;
3590#endif
3591 case LC_KYBER_UNKNOWN:
3592 default:
3593 return -EOPNOTSUPP;
3594 }
3595}
3596
3618static inline int lc_kyber_x25519_ies_dec_update(struct lc_aead_ctx *aead,
3619 const uint8_t *ciphertext,
3620 uint8_t *plaintext,
3621 size_t datalen)
3622{
3623 return lc_aead_dec_update(aead, ciphertext, plaintext, datalen);
3624}
3625
3645static inline int lc_kyber_x25519_ies_dec_final(struct lc_aead_ctx *aead,
3646 const uint8_t *tag,
3647 size_t taglen)
3648{
3649 return lc_aead_dec_final(aead, tag, taglen);
3650}
3651#endif
3652
3653#ifdef __cplusplus
3654}
3655#endif
3656
3657#endif /* LC_KYBER_H */
lc_aead_dec_update
static int lc_aead_dec_update(struct lc_aead_ctx *ctx, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
AEAD-decrypt data - send partial data.
Definition lc_aead.h:393
lc_aead_dec_final
static int lc_aead_dec_final(struct lc_aead_ctx *ctx, const uint8_t *tag, size_t taglen)
AEAD-decrypt data - Perform authentication.
Definition lc_aead.h:426
lc_aead_enc_update
static int lc_aead_enc_update(struct lc_aead_ctx *ctx, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
AEAD-encrypt data - send partial data.
Definition lc_aead.h:246
lc_aead_enc_final
static int lc_aead_enc_final(struct lc_aead_ctx *ctx, uint8_t *tag, size_t taglen)
Complete AEAD encryption - Obtain the authentication tag from the encryption operation.
Definition lc_aead.h:280
lc_kex_x25519_uake_responder_ss
static int lc_kex_x25519_uake_responder_ss(struct lc_kyber_x25519_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_x25519_pk *pk_e_i, const struct lc_kyber_x25519_ct *ct_e_i, const struct lc_kyber_x25519_sk *sk_r)
Initiator's shared secret generation.
Definition lc_kyber.h:2934
lc_kyber_x25519_pk_type
static enum lc_kyber_type lc_kyber_x25519_pk_type(const struct lc_kyber_x25519_pk *pk)
Obtain Kyber type from public key.
Definition lc_kyber.h:2080
lc_kyber_x25519_enc_kdf
static int lc_kyber_x25519_enc_kdf(struct lc_kyber_x25519_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_x25519_pk *pk)
Key encapsulation with KDF applied to shared secret.
Definition lc_kyber.h:2752
lc_kyber_x25519_pk_size
static LC_PURE unsigned int lc_kyber_x25519_pk_size(enum lc_kyber_type kyber_type)
Return the size of the Kyber public key.
Definition lc_kyber.h:2166
lc_kyber_x25519_sk_size
static LC_PURE unsigned int lc_kyber_x25519_sk_size(enum lc_kyber_type kyber_type)
Return the size of the Kyber secret key.
Definition lc_kyber.h:2129
lc_kyber_x25519_ct_size
static LC_PURE unsigned int lc_kyber_x25519_ct_size(enum lc_kyber_type kyber_type)
Return the size of the Kyber ciphertext.
Definition lc_kyber.h:2203
lc_kyber_x25519_ct_ptr
static int lc_kyber_x25519_ct_ptr(uint8_t **kyber_ct, size_t *kyber_ct_len, uint8_t **x25519_key, size_t *x25519_key_len, struct lc_kyber_x25519_ct *ct)
Obtain the reference to the Kyber ciphertext and its length.
Definition lc_kyber.h:2571
lc_kyber_x25519_ies_dec
static int lc_kyber_x25519_ies_dec(const struct lc_kyber_x25519_sk *sk, const struct lc_kyber_x25519_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
KyberIES decryption oneshot.
Definition lc_kyber.h:3492
lc_kyber_x25519_ies_enc_update
static int lc_kyber_x25519_ies_enc_update(struct lc_aead_ctx *aead, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
KyberIES encryption stream operation add more data.
Definition lc_kyber.h:3430
lc_kex_x25519_ake_initiator_init
static int lc_kex_x25519_ake_initiator_init(struct lc_kyber_x25519_pk *pk_e_i, struct lc_kyber_x25519_ct *ct_e_i, struct lc_kyber_x25519_ss *tk, struct lc_kyber_x25519_sk *sk_e, const struct lc_kyber_x25519_pk *pk_r)
Initialize authenticated key exchange.
Definition lc_kyber.h:3063
lc_kyber_x25519_dec_kdf
static int lc_kyber_x25519_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_x25519_ct *ct, const struct lc_kyber_x25519_sk *sk)
Key decapsulation with KDF applied to shared secret.
Definition lc_kyber.h:2811
lc_kex_x25519_ake_initiator_ss
static int lc_kex_x25519_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_x25519_ct *ct_e_r_1, const struct lc_kyber_x25519_ct *ct_e_r_2, const struct lc_kyber_x25519_ss *tk, const struct lc_kyber_x25519_sk *sk_e, const struct lc_kyber_x25519_sk *sk_i)
Responder's shared secret generation.
Definition lc_kyber.h:3217
lc_kyber_x25519_ies_dec_update
static int lc_kyber_x25519_ies_dec_update(struct lc_aead_ctx *aead, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
KyberIES decryption stream operation add more data.
Definition lc_kyber.h:3618
lc_kyber_x25519_pk_ptr
static int lc_kyber_x25519_pk_ptr(uint8_t **kyber_key, size_t *kyber_key_len, uint8_t **x25519_key, size_t *x25519_key_len, struct lc_kyber_x25519_pk *pk)
Obtain the reference to the Kyber key and its length.
Definition lc_kyber.h:2511
lc_kyber_x25519_ies_dec_final
static int lc_kyber_x25519_ies_dec_final(struct lc_aead_ctx *aead, const uint8_t *tag, size_t taglen)
KyberIES decryption stream operation finalization / integrity test.
Definition lc_kyber.h:3645
lc_kyber_x25519_ies_enc_final
static int lc_kyber_x25519_ies_enc_final(struct lc_aead_ctx *aead, uint8_t *tag, size_t taglen)
KyberIES encryption stream operation finalization / integrity test.
Definition lc_kyber.h:3457
lc_kyber_x25519_ies_dec_init
static int lc_kyber_x25519_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_x25519_sk *sk, const struct lc_kyber_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
KyberIES decryption stream operation initialization.
Definition lc_kyber.h:3562
lc_kyber_x25519_ss_type
static enum lc_kyber_type lc_kyber_x25519_ss_type(const struct lc_kyber_x25519_ss *ss)
Obtain Kyber type from shared secret.
Definition lc_kyber.h:2112
lc_kyber_x25519_keypair
static int lc_kyber_x25519_keypair(struct lc_kyber_x25519_pk *pk, struct lc_kyber_x25519_sk *sk, struct lc_rng_ctx *rng_ctx, enum lc_kyber_type kyber_type)
Generates public and private key for IND-CCA2-secure Kyber key encapsulation mechanism.
Definition lc_kyber.h:2686
lc_kyber_x25519_sk_type
static enum lc_kyber_type lc_kyber_x25519_sk_type(const struct lc_kyber_x25519_sk *sk)
Obtain Kyber type from secret key.
Definition lc_kyber.h:2064
lc_kyber_x25519_ies_enc_init
static int lc_kyber_x25519_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_x25519_pk *pk, struct lc_kyber_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
KyberIES encryption stream operation initialization.
Definition lc_kyber.h:3373
lc_kex_x25519_ake_responder_ss
static int lc_kex_x25519_ake_responder_ss(struct lc_kyber_x25519_ct *ct_e_r_1, struct lc_kyber_x25519_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_x25519_pk *pk_e_i, const struct lc_kyber_x25519_ct *ct_e_i, const struct lc_kyber_x25519_sk *sk_r, const struct lc_kyber_x25519_pk *pk_i)
Initiator's shared secret generation.
Definition lc_kyber.h:3137
lc_kyber_x25519_ct_type
static enum lc_kyber_type lc_kyber_x25519_ct_type(const struct lc_kyber_x25519_ct *ct)
Obtain Kyber type from Kyber ciphertext.
Definition lc_kyber.h:2096
lc_kex_x25519_uake_initiator_init
static int lc_kex_x25519_uake_initiator_init(struct lc_kyber_x25519_pk *pk_e_i, struct lc_kyber_x25519_ct *ct_e_i, struct lc_kyber_x25519_ss *tk, struct lc_kyber_x25519_sk *sk_e, const struct lc_kyber_x25519_pk *pk_r)
Initialize unilaterally authenticated key exchange.
Definition lc_kyber.h:2864
lc_kyber_x25519_ies_enc
static int lc_kyber_x25519_ies_enc(const struct lc_kyber_x25519_pk *pk, struct lc_kyber_x25519_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
KyberIES encryption oneshot.
Definition lc_kyber.h:3299
lc_kyber_x25519_ss_ptr
static int lc_kyber_x25519_ss_ptr(uint8_t **kyber_ss, size_t *kyber_ss_len, uint8_t **x25519_ss, size_t *x25519_ss_len, struct lc_kyber_x25519_ss *ss)
Obtain the reference to the Kyber shared secret and its length.
Definition lc_kyber.h:2631
lc_kex_x25519_uake_initiator_ss
static int lc_kex_x25519_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_x25519_ct *ct_e_r, const struct lc_kyber_x25519_ss *tk, const struct lc_kyber_x25519_sk *sk_e)
Responder's shared secret generation.
Definition lc_kyber.h:3002
lc_kyber_x25519_ss_size
static LC_PURE unsigned int lc_kyber_x25519_ss_size(enum lc_kyber_type kyber_type)
Return the size of the Kyber shared secret.
Definition lc_kyber.h:2240
lc_kyber_x25519_sk_ptr
static int lc_kyber_x25519_sk_ptr(uint8_t **kyber_key, size_t *kyber_key_len, uint8_t **x25519_key, size_t *x25519_key_len, struct lc_kyber_x25519_sk *sk)
Obtain the reference to the Kyber key and its length.
Definition lc_kyber.h:2452
lc_kyber_ies_enc
static int lc_kyber_ies_enc(const struct lc_kyber_pk *pk, struct lc_kyber_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
KyberIES encryption oneshot.
Definition lc_kyber.h:1623
lc_kyber_ies_enc_update
static int lc_kyber_ies_enc_update(struct lc_aead_ctx *aead, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
KyberIES encryption stream operation add more data.
Definition lc_kyber.h:1751
lc_kyber_ies_enc_init
static int lc_kyber_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_pk *pk, struct lc_kyber_ct *ct, const uint8_t *aad, size_t aadlen)
KyberIES encryption stream operation initialization.
Definition lc_kyber.h:1691
lc_kyber_ies_dec_init
static int lc_kyber_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_sk *sk, const struct lc_kyber_ct *ct, const uint8_t *aad, size_t aadlen)
KyberIES decryption stream operation initialization.
Definition lc_kyber.h:1876
lc_kyber_ies_enc_final
static int lc_kyber_ies_enc_final(struct lc_aead_ctx *aead, uint8_t *tag, size_t taglen)
KyberIES encryption stream operation finalization / integrity test.
Definition lc_kyber.h:1777
lc_kyber_ies_dec_update
static int lc_kyber_ies_dec_update(struct lc_aead_ctx *aead, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
KyberIES decryption stream operation add more data.
Definition lc_kyber.h:1933
lc_kyber_ies_dec
static int lc_kyber_ies_dec(const struct lc_kyber_sk *sk, const struct lc_kyber_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
KyberIES decryption oneshot.
Definition lc_kyber.h:1812
lc_kyber_ies_dec_final
static int lc_kyber_ies_dec_final(struct lc_aead_ctx *aead, const uint8_t *tag, size_t taglen)
KyberIES decryption stream operation finalization / integrity test.
Definition lc_kyber.h:1959
lc_kex_ake_initiator_init
static int lc_kex_ake_initiator_init(struct lc_kyber_pk *pk_e_i, struct lc_kyber_ct *ct_e_i, struct lc_kyber_ss *tk, struct lc_kyber_sk *sk_e, const struct lc_kyber_pk *pk_r)
Initialize authenticated key exchange.
Definition lc_kyber.h:1379
lc_kex_ake_responder_ss
static int lc_kex_ake_responder_ss(struct lc_kyber_ct *ct_e_r_1, struct lc_kyber_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_pk *pk_e_i, const struct lc_kyber_ct *ct_e_i, const struct lc_kyber_sk *sk_r, const struct lc_kyber_pk *pk_i)
Initiator's shared secret generation.
Definition lc_kyber.h:1454
lc_kex_ake_initiator_ss
static int lc_kex_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_ct *ct_e_r_1, const struct lc_kyber_ct *ct_e_r_2, const struct lc_kyber_ss *tk, const struct lc_kyber_sk *sk_e, const struct lc_kyber_sk *sk_i)
Responder's shared secret generation.
Definition lc_kyber.h:1531
lc_kex_uake_initiator_ss
static int lc_kex_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_ct *ct_e_r, const struct lc_kyber_ss *tk, const struct lc_kyber_sk *sk_e)
Responder's shared secret generation.
Definition lc_kyber.h:1268
lc_kex_uake_responder_ss
static int lc_kex_uake_responder_ss(struct lc_kyber_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_pk *pk_e_i, const struct lc_kyber_ct *ct_e_i, const struct lc_kyber_sk *sk_r)
Initiator's shared secret generation.
Definition lc_kyber.h:1202
lc_kex_uake_initiator_init
static int lc_kex_uake_initiator_init(struct lc_kyber_pk *pk_e_i, struct lc_kyber_ct *ct_e_i, struct lc_kyber_ss *tk, struct lc_kyber_sk *sk_e, const struct lc_kyber_pk *pk_r)
Initialize unilaterally authenticated key exchange.
Definition lc_kyber.h:1129
lc_kyber_sk_size
static LC_PURE unsigned int lc_kyber_sk_size(enum lc_kyber_type kyber_type)
Return the size of the Kyber secret key.
Definition lc_kyber.h:219
lc_kyber_pk_load
static int lc_kyber_pk_load(struct lc_kyber_pk *pk, const uint8_t *src_key, size_t src_key_len)
Load a Kyber public key provided with a buffer into the leancrypto data structure.
Definition lc_kyber.h:410
lc_kyber_sk_ptr
static int lc_kyber_sk_ptr(uint8_t **kyber_key, size_t *kyber_key_len, struct lc_kyber_sk *sk)
Obtain the reference to the Kyber key and its length.
Definition lc_kyber.h:551
lc_kyber_keypair
static int lc_kyber_keypair(struct lc_kyber_pk *pk, struct lc_kyber_sk *sk, struct lc_rng_ctx *rng_ctx, enum lc_kyber_type kyber_type)
Generates public and private key for IND-CCA2-secure Kyber key encapsulation mechanism.
Definition lc_kyber.h:740
lc_kyber_sk_type
static enum lc_kyber_type lc_kyber_sk_type(const struct lc_kyber_sk *sk)
Obtain Kyber type from secret key.
Definition lc_kyber.h:158
lc_kyber_keypair_from_seed
static int lc_kyber_keypair_from_seed(struct lc_kyber_pk *pk, struct lc_kyber_sk *sk, const uint8_t *seed, size_t seedlen, enum lc_kyber_type kyber_type)
Generates Kyber public and private key from a given seed.
Definition lc_kyber.h:803
lc_kyber_sk_load
static int lc_kyber_sk_load(struct lc_kyber_sk *sk, const uint8_t *src_key, size_t src_key_len)
Load a Kyber secret key provided with a buffer into the leancrypto data structure.
Definition lc_kyber.h:365
lc_kyber_ct_ptr
static int lc_kyber_ct_ptr(uint8_t **kyber_ct, size_t *kyber_ct_len, struct lc_kyber_ct *ct)
Obtain the reference to the Kyber ciphertext and its length.
Definition lc_kyber.h:646
lc_kyber_dec
static int lc_kyber_dec(struct lc_kyber_ss *ss, const struct lc_kyber_ct *ct, const struct lc_kyber_sk *sk)
Key decapsulation.
Definition lc_kyber.h:970
lc_kyber_enc
static int lc_kyber_enc(struct lc_kyber_ct *ct, struct lc_kyber_ss *ss, const struct lc_kyber_pk *pk)
Key encapsulation.
Definition lc_kyber.h:859
lc_kyber_ct_type
static enum lc_kyber_type lc_kyber_ct_type(const struct lc_kyber_ct *ct)
Obtain Kyber type from Kyber ciphertext.
Definition lc_kyber.h:188
lc_kyber_ct_size
static LC_PURE unsigned int lc_kyber_ct_size(enum lc_kyber_type kyber_type)
Return the size of the Kyber ciphertext.
Definition lc_kyber.h:291
lc_kyber_ss_load
static int lc_kyber_ss_load(struct lc_kyber_ss *ss, const uint8_t *src_key, size_t src_key_len)
Load a Kyber shared secret provided with a buffer into the leancrypto data structure.
Definition lc_kyber.h:504
lc_kyber_pk_type
static enum lc_kyber_type lc_kyber_pk_type(const struct lc_kyber_pk *pk)
Obtain Kyber type from public key.
Definition lc_kyber.h:173
lc_kyber_pk_ptr
static int lc_kyber_pk_ptr(uint8_t **kyber_key, size_t *kyber_key_len, struct lc_kyber_pk *pk)
Obtain the reference to the Kyber key and its length.
Definition lc_kyber.h:598
lc_kyber_ss_size
static LC_PURE unsigned int lc_kyber_ss_size(enum lc_kyber_type kyber_type)
Return the size of the Kyber shared secret.
Definition lc_kyber.h:327
lc_kyber_ss_ptr
static int lc_kyber_ss_ptr(uint8_t **kyber_ss, size_t *kyber_ss_len, struct lc_kyber_ss *ss)
Obtain the reference to the Kyber shared secret and its length.
Definition lc_kyber.h:694
lc_kyber_pk_size
static LC_PURE unsigned int lc_kyber_pk_size(enum lc_kyber_type kyber_type)
Return the size of the Kyber public key.
Definition lc_kyber.h:255
lc_kyber_ct_load
static int lc_kyber_ct_load(struct lc_kyber_ct *ct, const uint8_t *src_key, size_t src_key_len)
Load a Kyber ciphertext key provided with a buffer into the leancrypto data structure.
Definition lc_kyber.h:457
lc_kyber_enc_kdf
static int lc_kyber_enc_kdf(struct lc_kyber_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_pk *pk)
Key encapsulation with KDF applied to shared secret.
Definition lc_kyber.h:918
lc_kyber_ss_type
static enum lc_kyber_type lc_kyber_ss_type(const struct lc_kyber_ss *ss)
Obtain Kyber type from shared secret.
Definition lc_kyber.h:203
lc_kyber_dec_kdf
static int lc_kyber_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_ct *ct, const struct lc_kyber_sk *sk)
Key decapsulation with KDF applied to shared secret.
Definition lc_kyber.h:1029
lc_kyber_ss::key
union lc_kyber_ss::@3 key
lc_kyber_x25519_sk_load
static int lc_kyber_x25519_sk_load(struct lc_kyber_x25519_sk *sk, const uint8_t *kyber_src_key, size_t kyber_src_key_len, const uint8_t *x25519_src_key, size_t x25519_src_key_len)
Definition lc_kyber.h:2267
lc_kyber_x25519_pk::key
union lc_kyber_x25519_pk::@5 key
lc_kyber_ct::kyber_type
enum lc_kyber_type kyber_type
Definition lc_kyber.h:118
lc_kyber_pk::kyber_type
enum lc_kyber_type kyber_type
Definition lc_kyber.h:100
lc_kyber_sk::key
union lc_kyber_sk::@0 key
lc_kyber_x25519_ss::kyber_type
enum lc_kyber_type kyber_type
Definition lc_kyber.h:2041
lc_kyber_x25519_ss::key
union lc_kyber_x25519_ss::@7 key
lc_kyber_ct::key
union lc_kyber_ct::@2 key
lc_kyber_x25519_ct_load
static int lc_kyber_x25519_ct_load(struct lc_kyber_x25519_ct *ct, const uint8_t *kyber_src_ct, size_t kyber_src_ct_len, const uint8_t *x25519_rem_pub_key, size_t x25519_rem_pub_len)
Definition lc_kyber.h:2351
lc_kyber_x25519_ct::kyber_type
enum lc_kyber_type kyber_type
Definition lc_kyber.h:2023
lc_kyber_pk::key
union lc_kyber_pk::@1 key
lc_kyber_x25519_sk::key
union lc_kyber_x25519_sk::@4 key
lc_kyber_sk::kyber_type
enum lc_kyber_type kyber_type
Definition lc_kyber.h:82
lc_kyber_x25519_ct::key
union lc_kyber_x25519_ct::@6 key
lc_kyber_x25519_ss_load
static int lc_kyber_x25519_ss_load(struct lc_kyber_x25519_ss *ss, const uint8_t *kyber_src_ss, size_t kyber_src_ss_len, const uint8_t *x25519_ss, size_t x25519_ss_len)
Definition lc_kyber.h:2396
lc_kyber_x25519_pk_load
static int lc_kyber_x25519_pk_load(struct lc_kyber_x25519_pk *pk, const uint8_t *kyber_src_key, size_t kyber_src_key_len, const uint8_t *x25519_src_key, size_t x25519_src_key_len)
Definition lc_kyber.h:2309
lc_kyber_x25519_pk::kyber_type
enum lc_kyber_type kyber_type
Definition lc_kyber.h:2005
lc_kyber_ss::kyber_type
enum lc_kyber_type kyber_type
Definition lc_kyber.h:136
lc_kyber_x25519_sk::kyber_type
enum lc_kyber_type kyber_type
Definition lc_kyber.h:1987
lc_kyber_type
lc_kyber_type
Definition lc_kyber.h:46
LC_KYBER_1024
@ LC_KYBER_1024
Definition lc_kyber.h:48
LC_KYBER_768
@ LC_KYBER_768
Definition lc_kyber.h:49
LC_KYBER_UNKNOWN
@ LC_KYBER_UNKNOWN
Definition lc_kyber.h:47
LC_KYBER_512
@ LC_KYBER_512
Definition lc_kyber.h:50
lc_kyber_ct
Kyber ciphertext.
Definition lc_kyber.h:117
lc_kyber_pk
Kyber public key.
Definition lc_kyber.h:99
lc_kyber_sk
Kyber secret key.
Definition lc_kyber.h:81
lc_kyber_ss
Kyber shared secret.
Definition lc_kyber.h:135
lc_kyber_x25519_ct
Kyber ciphertext.
Definition lc_kyber.h:2022
lc_kyber_x25519_pk
Kyber public key.
Definition lc_kyber.h:2004
lc_kyber_x25519_sk
Kyber secret key.
Definition lc_kyber.h:1986
lc_kyber_x25519_ss
Kyber shared secret.
Definition lc_kyber.h:2040
lc_kyber_1024.h
lc_kyber_1024_x25519_ct::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_1024.h:800
lc_kex_1024_uake_initiator_ss
int lc_kex_1024_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_1024_ct *ct_e_r, const struct lc_kyber_1024_ss *tk, const struct lc_kyber_1024_sk *sk_e)
lc_kex_uake_initiator_ss - Responder's shared secret generation
lc_kyber_1024_keypair_from_seed
int lc_kyber_1024_keypair_from_seed(struct lc_kyber_1024_pk *pk, struct lc_kyber_1024_sk *sk, const uint8_t *seed, size_t seedlen)
lc_kyber__keypair_from_seed - Generates Kyber public and private key from a given seed.
lc_kyber_1024_enc
int lc_kyber_1024_enc(struct lc_kyber_1024_ct *ct, struct lc_kyber_1024_ss *ss, const struct lc_kyber_1024_pk *pk)
lc_kyber_enc - Key encapsulation
lc_kyber_1024_x25519_dec_kdf
int lc_kyber_1024_x25519_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_1024_x25519_ct *ct, const struct lc_kyber_1024_x25519_sk *sk)
lc_kyber_x25519_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_1024_x25519_keypair
int lc_kyber_1024_x25519_keypair(struct lc_kyber_1024_x25519_pk *pk, struct lc_kyber_1024_x25519_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_x25519_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulatio...
lc_kyber_1024_x25519_ss::ss_x25519
struct lc_x25519_ss ss_x25519
Definition lc_kyber_1024.h:808
lc_kyber_1024_x25519_sk::sk_x25519
struct lc_x25519_sk sk_x25519
Definition lc_kyber_1024.h:784
lc_kex_1024_uake_initiator_init
int lc_kex_1024_uake_initiator_init(struct lc_kyber_1024_pk *pk_e_i, struct lc_kyber_1024_ct *ct_e_i, struct lc_kyber_1024_ss *tk, struct lc_kyber_1024_sk *sk_e, const struct lc_kyber_1024_pk *pk_r)
lc_kex_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kyber_1024_ies_enc_init
int lc_kyber_1024_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_1024_pk *pk, struct lc_kyber_1024_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_enc_init - KyberIES encryption stream operation initialization
lc_kyber_1024_dec_kdf
int lc_kyber_1024_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_1024_ct *ct, const struct lc_kyber_1024_sk *sk)
lc_kyber_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_1024_enc_kdf
int lc_kyber_1024_enc_kdf(struct lc_kyber_1024_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_1024_pk *pk)
lc_kyber_1024_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kex_1024_x25519_ake_initiator_init
int lc_kex_1024_x25519_ake_initiator_init(struct lc_kyber_1024_x25519_pk *pk_e_i, struct lc_kyber_1024_x25519_ct *ct_e_i, struct lc_kyber_1024_x25519_ss *tk, struct lc_kyber_1024_x25519_sk *sk_e, const struct lc_kyber_1024_x25519_pk *pk_r)
lc_kex_x25519_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_1024_x25519_ss::ss
struct lc_kyber_1024_ss ss
Definition lc_kyber_1024.h:807
lc_kyber_1024_ies_enc
int lc_kyber_1024_ies_enc(const struct lc_kyber_1024_pk *pk, struct lc_kyber_1024_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_enc - KyberIES encryption oneshot
lc_kyber_1024_ies_dec
int lc_kyber_1024_ies_dec(const struct lc_kyber_1024_sk *sk, const struct lc_kyber_1024_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_dec - KyberIES decryption oneshot
lc_kex_1024_x25519_uake_responder_ss
int lc_kex_1024_x25519_uake_responder_ss(struct lc_kyber_1024_x25519_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_1024_x25519_pk *pk_e_i, const struct lc_kyber_1024_x25519_ct *ct_e_i, const struct lc_kyber_1024_x25519_sk *sk_r)
lc_kex_x25519_uake_responder_ss - Initiator's shared secret generation
lc_kex_1024_uake_responder_ss
int lc_kex_1024_uake_responder_ss(struct lc_kyber_1024_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_1024_pk *pk_e_i, const struct lc_kyber_1024_ct *ct_e_i, const struct lc_kyber_1024_sk *sk_r)
lc_kex_uake_responder_ss - Initiator's shared secret generation
lc_kyber_1024_pk::pk
uint8_t pk[LC_KYBER_PUBLICKEYBYTES]
Definition lc_kyber_1024.h:124
lc_kex_1024_x25519_ake_initiator_ss
int lc_kex_1024_x25519_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_1024_x25519_ct *ct_e_r_1, const struct lc_kyber_1024_x25519_ct *ct_e_r_2, const struct lc_kyber_1024_x25519_ss *tk, const struct lc_kyber_1024_x25519_sk *sk_e, const struct lc_kyber_1024_x25519_sk *sk_i)
lc_kex_x25519_ake_initiator_ss - Responder's shared secret generation
lc_kyber_1024_keypair
int lc_kyber_1024_keypair(struct lc_kyber_1024_pk *pk, struct lc_kyber_1024_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulation mecha...
lc_kex_1024_x25519_ake_responder_ss
int lc_kex_1024_x25519_ake_responder_ss(struct lc_kyber_1024_x25519_ct *ct_e_r_1, struct lc_kyber_1024_x25519_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_1024_x25519_pk *pk_e_i, const struct lc_kyber_1024_x25519_ct *ct_e_i, const struct lc_kyber_1024_x25519_sk *sk_r, const struct lc_kyber_1024_x25519_pk *pk_i)
lc_kex_x25519_ake_responder_ss - Initiator's shared secret generation
lc_kyber_1024_x25519_ies_dec_init
int lc_kyber_1024_x25519_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_1024_x25519_sk *sk, const struct lc_kyber_1024_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_dec_init - KyberIES decryption stream operation initialization
lc_kex_1024_ake_initiator_init
int lc_kex_1024_ake_initiator_init(struct lc_kyber_1024_pk *pk_e_i, struct lc_kyber_1024_ct *ct_e_i, struct lc_kyber_1024_ss *tk, struct lc_kyber_1024_sk *sk_e, const struct lc_kyber_1024_pk *pk_r)
lc_kex_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_1024_x25519_ct::ct
struct lc_kyber_1024_ct ct
Definition lc_kyber_1024.h:799
lc_kyber_1024_dec
int lc_kyber_1024_dec(struct lc_kyber_1024_ss *ss, const struct lc_kyber_1024_ct *ct, const struct lc_kyber_1024_sk *sk)
lc_kyber_dec - Key decapsulation
lc_kyber_1024_x25519_ies_dec
int lc_kyber_1024_x25519_ies_dec(const struct lc_kyber_1024_x25519_sk *sk, const struct lc_kyber_1024_x25519_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_dec - KyberIES decryption oneshot
lc_kyber_1024_ies_dec_init
int lc_kyber_1024_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_1024_sk *sk, const struct lc_kyber_1024_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_dec_init - KyberIES decryption stream operation initialization
lc_kyber_1024_ct::ct
uint8_t ct[LC_CRYPTO_CIPHERTEXTBYTES]
Definition lc_kyber_1024.h:131
lc_kyber_1024_x25519_ies_enc_init
int lc_kyber_1024_x25519_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_1024_x25519_pk *pk, struct lc_kyber_1024_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_enc_init - KyberIES encryption stream operation initialization
lc_kex_1024_x25519_uake_initiator_init
int lc_kex_1024_x25519_uake_initiator_init(struct lc_kyber_1024_x25519_pk *pk_e_i, struct lc_kyber_1024_x25519_ct *ct_e_i, struct lc_kyber_1024_x25519_ss *tk, struct lc_kyber_1024_x25519_sk *sk_e, const struct lc_kyber_1024_x25519_pk *pk_r)
lc_kex_x25519_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kyber_1024_x25519_sk::sk
struct lc_kyber_1024_sk sk
Definition lc_kyber_1024.h:783
lc_kyber_1024_x25519_ies_enc
int lc_kyber_1024_x25519_ies_enc(const struct lc_kyber_1024_x25519_pk *pk, struct lc_kyber_1024_x25519_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_enc - KyberIES encryption oneshot
lc_kyber_1024_sk::sk
uint8_t sk[LC_KYBER_SECRETKEYBYTES]
Definition lc_kyber_1024.h:117
lc_kyber_1024_ss::ss
uint8_t ss[LC_KYBER_SSBYTES]
Definition lc_kyber_1024.h:138
lc_kyber_1024_x25519_pk::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_1024.h:792
lc_kex_1024_ake_responder_ss
int lc_kex_1024_ake_responder_ss(struct lc_kyber_1024_ct *ct_e_r_1, struct lc_kyber_1024_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_1024_pk *pk_e_i, const struct lc_kyber_1024_ct *ct_e_i, const struct lc_kyber_1024_sk *sk_r, const struct lc_kyber_1024_pk *pk_i)
lc_kex_ake_responder_ss - Initiator's shared secret generation
lc_kyber_1024_x25519_pk::pk
struct lc_kyber_1024_pk pk
Definition lc_kyber_1024.h:791
lc_kex_1024_ake_initiator_ss
int lc_kex_1024_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_1024_ct *ct_e_r_1, const struct lc_kyber_1024_ct *ct_e_r_2, const struct lc_kyber_1024_ss *tk, const struct lc_kyber_1024_sk *sk_e, const struct lc_kyber_1024_sk *sk_i)
lc_kex_ake_initiator_ss - Responder's shared secret generation
lc_kex_1024_x25519_uake_initiator_ss
int lc_kex_1024_x25519_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_1024_x25519_ct *ct_e_r, const struct lc_kyber_1024_x25519_ss *tk, const struct lc_kyber_1024_x25519_sk *sk_e)
lc_kex_x25519_uake_initiator_ss - Responder's shared secret generation
lc_kyber_1024_x25519_enc_kdf
int lc_kyber_1024_x25519_enc_kdf(struct lc_kyber_1024_x25519_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_1024_x25519_pk *pk)
lc_kyber_x25519_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kyber_1024_ct
Kyber ciphertext.
Definition lc_kyber_1024.h:130
lc_kyber_1024_pk
Kyber public key.
Definition lc_kyber_1024.h:123
lc_kyber_1024_sk
Kyber secret key.
Definition lc_kyber_1024.h:116
lc_kyber_1024_ss
Kyber shared secret.
Definition lc_kyber_1024.h:137
lc_kyber_1024_x25519_ct
Kyber ciphertext.
Definition lc_kyber_1024.h:798
lc_kyber_1024_x25519_pk
Kyber public key.
Definition lc_kyber_1024.h:790
lc_kyber_1024_x25519_sk
Kyber secret key.
Definition lc_kyber_1024.h:782
lc_kyber_1024_x25519_ss
Kyber shared secret.
Definition lc_kyber_1024.h:806
lc_kyber_512.h
lc_kyber_512_x25519_ies_enc
int lc_kyber_512_x25519_ies_enc(const struct lc_kyber_512_x25519_pk *pk, struct lc_kyber_512_x25519_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_enc - KyberIES encryption oneshot
lc_kyber_512_x25519_ies_dec_init
int lc_kyber_512_x25519_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_512_x25519_sk *sk, const struct lc_kyber_512_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_dec_init - KyberIES decryption stream operation initialization
lc_kyber_512_enc_kdf
int lc_kyber_512_enc_kdf(struct lc_kyber_512_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_512_pk *pk)
lc_kyber_512_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kyber_512_x25519_enc_kdf
int lc_kyber_512_x25519_enc_kdf(struct lc_kyber_512_x25519_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_512_x25519_pk *pk)
lc_kyber_x25519_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kyber_512_x25519_dec_kdf
int lc_kyber_512_x25519_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_512_x25519_ct *ct, const struct lc_kyber_512_x25519_sk *sk)
lc_kyber_x25519_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_512_x25519_ss::ss_x25519
struct lc_x25519_ss ss_x25519
Definition lc_kyber_512.h:808
lc_kex_512_x25519_ake_initiator_init
int lc_kex_512_x25519_ake_initiator_init(struct lc_kyber_512_x25519_pk *pk_e_i, struct lc_kyber_512_x25519_ct *ct_e_i, struct lc_kyber_512_x25519_ss *tk, struct lc_kyber_512_x25519_sk *sk_e, const struct lc_kyber_512_x25519_pk *pk_r)
lc_kex_x25519_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_512_x25519_pk::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_512.h:792
lc_kex_512_uake_initiator_ss
int lc_kex_512_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_512_ct *ct_e_r, const struct lc_kyber_512_ss *tk, const struct lc_kyber_512_sk *sk_e)
lc_kex_uake_initiator_ss - Responder's shared secret generation
lc_kyber_512_ies_dec_init
int lc_kyber_512_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_512_sk *sk, const struct lc_kyber_512_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_dec_init - KyberIES decryption stream operation initialization
lc_kex_512_x25519_uake_initiator_init
int lc_kex_512_x25519_uake_initiator_init(struct lc_kyber_512_x25519_pk *pk_e_i, struct lc_kyber_512_x25519_ct *ct_e_i, struct lc_kyber_512_x25519_ss *tk, struct lc_kyber_512_x25519_sk *sk_e, const struct lc_kyber_512_x25519_pk *pk_r)
lc_kex_x25519_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kyber_512_sk::sk
uint8_t sk[LC_KYBER_SECRETKEYBYTES]
Definition lc_kyber_512.h:117
lc_kex_512_uake_responder_ss
int lc_kex_512_uake_responder_ss(struct lc_kyber_512_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_512_pk *pk_e_i, const struct lc_kyber_512_ct *ct_e_i, const struct lc_kyber_512_sk *sk_r)
lc_kex_uake_responder_ss - Initiator's shared secret generation
lc_kyber_512_enc
int lc_kyber_512_enc(struct lc_kyber_512_ct *ct, struct lc_kyber_512_ss *ss, const struct lc_kyber_512_pk *pk)
lc_kyber_enc - Key encapsulation
lc_kyber_512_keypair_from_seed
int lc_kyber_512_keypair_from_seed(struct lc_kyber_512_pk *pk, struct lc_kyber_512_sk *sk, const uint8_t *seed, size_t seedlen)
lc_kyber__keypair_from_seed - Generates Kyber public and private key from a given seed.
lc_kyber_512_x25519_ss::ss
struct lc_kyber_512_ss ss
Definition lc_kyber_512.h:807
lc_kyber_512_x25519_pk::pk
struct lc_kyber_512_pk pk
Definition lc_kyber_512.h:791
lc_kex_512_ake_initiator_init
int lc_kex_512_ake_initiator_init(struct lc_kyber_512_pk *pk_e_i, struct lc_kyber_512_ct *ct_e_i, struct lc_kyber_512_ss *tk, struct lc_kyber_512_sk *sk_e, const struct lc_kyber_512_pk *pk_r)
lc_kex_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_512_x25519_sk::sk
struct lc_kyber_512_sk sk
Definition lc_kyber_512.h:783
lc_kex_512_ake_responder_ss
int lc_kex_512_ake_responder_ss(struct lc_kyber_512_ct *ct_e_r_1, struct lc_kyber_512_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_512_pk *pk_e_i, const struct lc_kyber_512_ct *ct_e_i, const struct lc_kyber_512_sk *sk_r, const struct lc_kyber_512_pk *pk_i)
lc_kex_ake_responder_ss - Initiator's shared secret generation
lc_kex_512_x25519_uake_initiator_ss
int lc_kex_512_x25519_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_512_x25519_ct *ct_e_r, const struct lc_kyber_512_x25519_ss *tk, const struct lc_kyber_512_x25519_sk *sk_e)
lc_kex_x25519_uake_initiator_ss - Responder's shared secret generation
lc_kyber_512_x25519_ct::ct
struct lc_kyber_512_ct ct
Definition lc_kyber_512.h:799
lc_kex_512_uake_initiator_init
int lc_kex_512_uake_initiator_init(struct lc_kyber_512_pk *pk_e_i, struct lc_kyber_512_ct *ct_e_i, struct lc_kyber_512_ss *tk, struct lc_kyber_512_sk *sk_e, const struct lc_kyber_512_pk *pk_r)
lc_kex_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kex_512_x25519_uake_responder_ss
int lc_kex_512_x25519_uake_responder_ss(struct lc_kyber_512_x25519_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_512_x25519_pk *pk_e_i, const struct lc_kyber_512_x25519_ct *ct_e_i, const struct lc_kyber_512_x25519_sk *sk_r)
lc_kex_x25519_uake_responder_ss - Initiator's shared secret generation
lc_kyber_512_keypair
int lc_kyber_512_keypair(struct lc_kyber_512_pk *pk, struct lc_kyber_512_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulation mecha...
lc_kyber_512_x25519_ies_dec
int lc_kyber_512_x25519_ies_dec(const struct lc_kyber_512_x25519_sk *sk, const struct lc_kyber_512_x25519_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_dec - KyberIES decryption oneshot
lc_kyber_512_x25519_sk::sk_x25519
struct lc_x25519_sk sk_x25519
Definition lc_kyber_512.h:784
lc_kex_512_x25519_ake_responder_ss
int lc_kex_512_x25519_ake_responder_ss(struct lc_kyber_512_x25519_ct *ct_e_r_1, struct lc_kyber_512_x25519_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_512_x25519_pk *pk_e_i, const struct lc_kyber_512_x25519_ct *ct_e_i, const struct lc_kyber_512_x25519_sk *sk_r, const struct lc_kyber_512_x25519_pk *pk_i)
lc_kex_x25519_ake_responder_ss - Initiator's shared secret generation
lc_kyber_512_ss::ss
uint8_t ss[LC_KYBER_SSBYTES]
Definition lc_kyber_512.h:138
lc_kyber_512_x25519_keypair
int lc_kyber_512_x25519_keypair(struct lc_kyber_512_x25519_pk *pk, struct lc_kyber_512_x25519_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_x25519_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulatio...
lc_kyber_512_dec
int lc_kyber_512_dec(struct lc_kyber_512_ss *ss, const struct lc_kyber_512_ct *ct, const struct lc_kyber_512_sk *sk)
lc_kyber_dec - Key decapsulation
lc_kex_512_x25519_ake_initiator_ss
int lc_kex_512_x25519_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_512_x25519_ct *ct_e_r_1, const struct lc_kyber_512_x25519_ct *ct_e_r_2, const struct lc_kyber_512_x25519_ss *tk, const struct lc_kyber_512_x25519_sk *sk_e, const struct lc_kyber_512_x25519_sk *sk_i)
lc_kex_x25519_ake_initiator_ss - Responder's shared secret generation
lc_kyber_512_ies_dec
int lc_kyber_512_ies_dec(const struct lc_kyber_512_sk *sk, const struct lc_kyber_512_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_dec - KyberIES decryption oneshot
lc_kyber_512_pk::pk
uint8_t pk[LC_KYBER_PUBLICKEYBYTES]
Definition lc_kyber_512.h:124
lc_kex_512_ake_initiator_ss
int lc_kex_512_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_512_ct *ct_e_r_1, const struct lc_kyber_512_ct *ct_e_r_2, const struct lc_kyber_512_ss *tk, const struct lc_kyber_512_sk *sk_e, const struct lc_kyber_512_sk *sk_i)
lc_kex_ake_initiator_ss - Responder's shared secret generation
lc_kyber_512_ies_enc_init
int lc_kyber_512_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_512_pk *pk, struct lc_kyber_512_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_enc_init - KyberIES encryption stream operation initialization
lc_kyber_512_x25519_ct::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_512.h:800
lc_kyber_512_ies_enc
int lc_kyber_512_ies_enc(const struct lc_kyber_512_pk *pk, struct lc_kyber_512_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_enc - KyberIES encryption oneshot
lc_kyber_512_ct::ct
uint8_t ct[LC_CRYPTO_CIPHERTEXTBYTES]
Definition lc_kyber_512.h:131
lc_kyber_512_x25519_ies_enc_init
int lc_kyber_512_x25519_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_512_x25519_pk *pk, struct lc_kyber_512_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_enc_init - KyberIES encryption stream operation initialization
lc_kyber_512_dec_kdf
int lc_kyber_512_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_512_ct *ct, const struct lc_kyber_512_sk *sk)
lc_kyber_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_512_ct
Kyber ciphertext.
Definition lc_kyber_512.h:130
lc_kyber_512_pk
Kyber public key.
Definition lc_kyber_512.h:123
lc_kyber_512_sk
Kyber secret key.
Definition lc_kyber_512.h:116
lc_kyber_512_ss
Kyber shared secret.
Definition lc_kyber_512.h:137
lc_kyber_512_x25519_ct
Kyber ciphertext.
Definition lc_kyber_512.h:798
lc_kyber_512_x25519_pk
Kyber public key.
Definition lc_kyber_512.h:790
lc_kyber_512_x25519_sk
Kyber secret key.
Definition lc_kyber_512.h:782
lc_kyber_512_x25519_ss
Kyber shared secret.
Definition lc_kyber_512.h:806
lc_kyber_768.h
lc_kyber_768_x25519_keypair
int lc_kyber_768_x25519_keypair(struct lc_kyber_768_x25519_pk *pk, struct lc_kyber_768_x25519_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_x25519_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulatio...
lc_kyber_768_ies_enc_init
int lc_kyber_768_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_enc_init - KyberIES encryption stream operation initialization
lc_kyber_768_dec_kdf
int lc_kyber_768_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_768_ct *ct, const struct lc_kyber_768_sk *sk)
lc_kyber_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_768_ies_dec
int lc_kyber_768_ies_dec(const struct lc_kyber_768_sk *sk, const struct lc_kyber_768_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_dec - KyberIES decryption oneshot
lc_kyber_768_x25519_ies_dec
int lc_kyber_768_x25519_ies_dec(const struct lc_kyber_768_x25519_sk *sk, const struct lc_kyber_768_x25519_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_dec - KyberIES decryption oneshot
lc_kyber_768_keypair
int lc_kyber_768_keypair(struct lc_kyber_768_pk *pk, struct lc_kyber_768_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulation mecha...
lc_kyber_768_enc_kdf
int lc_kyber_768_enc_kdf(struct lc_kyber_768_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_768_pk *pk)
lc_kyber_768_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kyber_768_sk::sk
uint8_t sk[LC_KYBER_SECRETKEYBYTES]
Definition lc_kyber_768.h:117
lc_kyber_768_x25519_ies_dec_init
int lc_kyber_768_x25519_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_x25519_sk *sk, const struct lc_kyber_768_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_dec_init - KyberIES decryption stream operation initialization
lc_kyber_768_x25519_ies_enc
int lc_kyber_768_x25519_ies_enc(const struct lc_kyber_768_x25519_pk *pk, struct lc_kyber_768_x25519_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_enc - KyberIES encryption oneshot
lc_kex_768_x25519_ake_initiator_ss
int lc_kex_768_x25519_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_ct *ct_e_r_1, const struct lc_kyber_768_x25519_ct *ct_e_r_2, const struct lc_kyber_768_x25519_ss *tk, const struct lc_kyber_768_x25519_sk *sk_e, const struct lc_kyber_768_x25519_sk *sk_i)
lc_kex_x25519_ake_initiator_ss - Responder's shared secret generation
lc_kyber_768_x25519_ct::ct
struct lc_kyber_768_ct ct
Definition lc_kyber_768.h:799
lc_kex_768_ake_initiator_ss
int lc_kex_768_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_ct *ct_e_r_1, const struct lc_kyber_768_ct *ct_e_r_2, const struct lc_kyber_768_ss *tk, const struct lc_kyber_768_sk *sk_e, const struct lc_kyber_768_sk *sk_i)
lc_kex_ake_initiator_ss - Responder's shared secret generation
lc_kyber_768_x25519_sk::sk
struct lc_kyber_768_sk sk
Definition lc_kyber_768.h:783
lc_kyber_768_x25519_pk::pk
struct lc_kyber_768_pk pk
Definition lc_kyber_768.h:791
lc_kex_768_ake_initiator_init
int lc_kex_768_ake_initiator_init(struct lc_kyber_768_pk *pk_e_i, struct lc_kyber_768_ct *ct_e_i, struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e, const struct lc_kyber_768_pk *pk_r)
lc_kex_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_768_dec
int lc_kyber_768_dec(struct lc_kyber_768_ss *ss, const struct lc_kyber_768_ct *ct, const struct lc_kyber_768_sk *sk)
lc_kyber_dec - Key decapsulation
lc_kex_768_x25519_ake_initiator_init
int lc_kex_768_x25519_ake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i, struct lc_kyber_768_x25519_ct *ct_e_i, struct lc_kyber_768_x25519_ss *tk, struct lc_kyber_768_x25519_sk *sk_e, const struct lc_kyber_768_x25519_pk *pk_r)
lc_kex_x25519_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_768_x25519_ss::ss
struct lc_kyber_768_ss ss
Definition lc_kyber_768.h:807
lc_kyber_768_x25519_ss::ss_x25519
struct lc_x25519_ss ss_x25519
Definition lc_kyber_768.h:808
lc_kyber_768_ies_dec_init
int lc_kyber_768_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_sk *sk, const struct lc_kyber_768_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_dec_init - KyberIES decryption stream operation initialization
lc_kex_768_x25519_ake_responder_ss
int lc_kex_768_x25519_ake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r_1, struct lc_kyber_768_x25519_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_pk *pk_e_i, const struct lc_kyber_768_x25519_ct *ct_e_i, const struct lc_kyber_768_x25519_sk *sk_r, const struct lc_kyber_768_x25519_pk *pk_i)
lc_kex_x25519_ake_responder_ss - Initiator's shared secret generation
lc_kyber_768_enc
int lc_kyber_768_enc(struct lc_kyber_768_ct *ct, struct lc_kyber_768_ss *ss, const struct lc_kyber_768_pk *pk)
lc_kyber_enc - Key encapsulation
lc_kyber_768_x25519_dec_kdf
int lc_kyber_768_x25519_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_768_x25519_ct *ct, const struct lc_kyber_768_x25519_sk *sk)
lc_kyber_x25519_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_768_x25519_ies_enc_init
int lc_kyber_768_x25519_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_x25519_pk *pk, struct lc_kyber_768_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_enc_init - KyberIES encryption stream operation initialization
lc_kex_768_uake_responder_ss
int lc_kex_768_uake_responder_ss(struct lc_kyber_768_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_pk *pk_e_i, const struct lc_kyber_768_ct *ct_e_i, const struct lc_kyber_768_sk *sk_r)
lc_kex_uake_responder_ss - Initiator's shared secret generation
lc_kyber_768_pk::pk
uint8_t pk[LC_KYBER_PUBLICKEYBYTES]
Definition lc_kyber_768.h:124
lc_kyber_768_ss::ss
uint8_t ss[LC_KYBER_SSBYTES]
Definition lc_kyber_768.h:138
lc_kyber_768_x25519_sk::sk_x25519
struct lc_x25519_sk sk_x25519
Definition lc_kyber_768.h:784
lc_kex_768_x25519_uake_initiator_init
int lc_kex_768_x25519_uake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i, struct lc_kyber_768_x25519_ct *ct_e_i, struct lc_kyber_768_x25519_ss *tk, struct lc_kyber_768_x25519_sk *sk_e, const struct lc_kyber_768_x25519_pk *pk_r)
lc_kex_x25519_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kyber_768_ies_enc
int lc_kyber_768_ies_enc(const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_enc - KyberIES encryption oneshot
lc_kex_768_uake_initiator_init
int lc_kex_768_uake_initiator_init(struct lc_kyber_768_pk *pk_e_i, struct lc_kyber_768_ct *ct_e_i, struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e, const struct lc_kyber_768_pk *pk_r)
lc_kex_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kex_768_uake_initiator_ss
int lc_kex_768_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_ct *ct_e_r, const struct lc_kyber_768_ss *tk, const struct lc_kyber_768_sk *sk_e)
lc_kex_uake_initiator_ss - Responder's shared secret generation
lc_kyber_768_ct::ct
uint8_t ct[LC_CRYPTO_CIPHERTEXTBYTES]
Definition lc_kyber_768.h:131
lc_kex_768_x25519_uake_initiator_ss
int lc_kex_768_x25519_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_ct *ct_e_r, const struct lc_kyber_768_x25519_ss *tk, const struct lc_kyber_768_x25519_sk *sk_e)
lc_kex_x25519_uake_initiator_ss - Responder's shared secret generation
lc_kex_768_x25519_uake_responder_ss
int lc_kex_768_x25519_uake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_pk *pk_e_i, const struct lc_kyber_768_x25519_ct *ct_e_i, const struct lc_kyber_768_x25519_sk *sk_r)
lc_kex_x25519_uake_responder_ss - Initiator's shared secret generation
lc_kex_768_ake_responder_ss
int lc_kex_768_ake_responder_ss(struct lc_kyber_768_ct *ct_e_r_1, struct lc_kyber_768_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_pk *pk_e_i, const struct lc_kyber_768_ct *ct_e_i, const struct lc_kyber_768_sk *sk_r, const struct lc_kyber_768_pk *pk_i)
lc_kex_ake_responder_ss - Initiator's shared secret generation
lc_kyber_768_x25519_enc_kdf
int lc_kyber_768_x25519_enc_kdf(struct lc_kyber_768_x25519_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_768_x25519_pk *pk)
lc_kyber_x25519_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kyber_768_x25519_ct::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_768.h:800
lc_kyber_768_x25519_pk::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_768.h:792
lc_kyber_768_keypair_from_seed
int lc_kyber_768_keypair_from_seed(struct lc_kyber_768_pk *pk, struct lc_kyber_768_sk *sk, const uint8_t *seed, size_t seedlen)
lc_kyber__keypair_from_seed - Generates Kyber public and private key from a given seed.
lc_kyber_768_ct
Kyber ciphertext.
Definition lc_kyber_768.h:130
lc_kyber_768_pk
Kyber public key.
Definition lc_kyber_768.h:123
lc_kyber_768_sk
Kyber secret key.
Definition lc_kyber_768.h:116
lc_kyber_768_ss
Kyber shared secret.
Definition lc_kyber_768.h:137
lc_kyber_768_x25519_ct
Kyber ciphertext.
Definition lc_kyber_768.h:798
lc_kyber_768_x25519_pk
Kyber public key.
Definition lc_kyber_768.h:790
lc_kyber_768_x25519_sk
Kyber secret key.
Definition lc_kyber_768.h:782
lc_kyber_768_x25519_ss
Kyber shared secret.
Definition lc_kyber_768.h:806
Generated by doxygen 1.11.0