Leancrypto 0.12.0
Post-Quantum Cryptographic Library
Loading...
Searching...
No Matches
lc_kyber_768.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 2022 - 2024, Stephan Mueller <smueller@chronox.de>
3 *
4 * License: see LICENSE file in root directory
5 *
6 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
7 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
8 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
9 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
10 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
11 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
12 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
13 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
14 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
15 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
16 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
17 * DAMAGE.
18 */
19/*
20 * This code is derived in parts from the code distribution provided with
21 * https://github.com/pq-crystals/kyber
22 *
23 * That code is released under Public Domain
24 * (https://creativecommons.org/share-your-work/public-domain/cc0/).
25 */
26
27#ifndef LC_KYBER_768_H
28#define LC_KYBER_768_H
29
30#ifndef __ASSEMBLER__
31
32#include "ext_headers.h"
33#include "lc_aead.h"
34#include "lc_rng.h"
35
36#endif /* __ASSEMBLER__ */
37
38#ifdef __cplusplus
39extern "C" {
40#endif
41
43/*
44 * Kyber 512: K == 2 - NIST security category 1
45 * Kyber 768: K == 3 - NIST security category 3
46 * Kyber 1024: K == 4 - NIST security category 5
47 */
48#define LC_KYBER_K 3
49
50#define LC_KYBER_N 256
51#define LC_KYBER_Q 3329
52
53#define LC_KYBER_SYMBYTES 32 /* size in bytes of hashes, and seeds */
54#define LC_KYBER_SSBYTES 32 /* size in bytes of shared key */
55
56#define LC_KYBER_POLYBYTES 384
57#define LC_KYBER_POLYVECBYTES (LC_KYBER_K * LC_KYBER_POLYBYTES)
58
59#if LC_KYBER_K == 2
60#define LC_KYBER_ETA1 3
61#define LC_KYBER_POLYCOMPRESSEDBYTES 128
62#define LC_KYBER_POLYVECCOMPRESSEDBYTES (LC_KYBER_K * 320)
63#elif LC_KYBER_K == 3
64#define LC_KYBER_ETA1 2
65#define LC_KYBER_POLYCOMPRESSEDBYTES 128
66#define LC_KYBER_POLYVECCOMPRESSEDBYTES (LC_KYBER_K * 320)
67#elif LC_KYBER_K == 4
68#define LC_KYBER_ETA1 2
69#define LC_KYBER_POLYCOMPRESSEDBYTES 160
70#define LC_KYBER_POLYVECCOMPRESSEDBYTES (LC_KYBER_K * 352)
71#endif
72
73#define LC_KYBER_ETA2 2
74
75#define LC_KYBER_INDCPA_MSGBYTES (LC_KYBER_SYMBYTES)
76#define LC_KYBER_INDCPA_PUBLICKEYBYTES \
77 (LC_KYBER_POLYVECBYTES + LC_KYBER_SYMBYTES)
78#define LC_KYBER_INDCPA_SECRETKEYBYTES (LC_KYBER_POLYVECBYTES)
79#define LC_KYBER_INDCPA_BYTES \
80 (LC_KYBER_POLYVECCOMPRESSEDBYTES + LC_KYBER_POLYCOMPRESSEDBYTES)
81
82/*
83 * Sizes of the different Kyber buffer types.
84 *
85 * WARNING: Do not use these defines in your code. If you need the sizes of
86 * the different variable sizes, use sizeof of the different variable structs
87 * or use the different *_size functions offered below for the particular sizes
88 * of a given parameter.
89 */
90#define LC_KYBER_PUBLICKEYBYTES (LC_KYBER_INDCPA_PUBLICKEYBYTES)
91/* 32 bytes of additional space to save H(pk) */
92#define LC_KYBER_SECRETKEYBYTES \
93 (LC_KYBER_INDCPA_SECRETKEYBYTES + LC_KYBER_INDCPA_PUBLICKEYBYTES + \
94 2 * LC_KYBER_SYMBYTES)
95#define LC_KYBER_CIPHERTEXTBYTES (LC_KYBER_INDCPA_BYTES)
96
97#define LC_CRYPTO_SECRETKEYBYTES LC_KYBER_SECRETKEYBYTES
98#define LC_CRYPTO_PUBLICKEYBYTES LC_KYBER_PUBLICKEYBYTES
99#define LC_CRYPTO_CIPHERTEXTBYTES LC_KYBER_CIPHERTEXTBYTES
100#define LC_CRYPTO_BYTES LC_KYBER_SSBYTES
102
103#ifndef __ASSEMBLER__
112/************************************* KEM ************************************/
116struct lc_kyber_768_sk {
117 uint8_t sk[LC_KYBER_SECRETKEYBYTES];
118};
119
123struct lc_kyber_768_pk {
124 uint8_t pk[LC_KYBER_PUBLICKEYBYTES];
125};
126
130struct lc_kyber_768_ct {
131 uint8_t ct[LC_CRYPTO_CIPHERTEXTBYTES];
132};
133
137struct lc_kyber_768_ss {
138 uint8_t ss[LC_KYBER_SSBYTES];
139};
140
144LC_PURE
145static inline unsigned int lc_kyber_768_sk_size(void)
146{
147 return lc_member_size(struct lc_kyber_768_sk, sk);
148}
149
153LC_PURE
154static inline unsigned int lc_kyber_768_pk_size(void)
155{
156 return lc_member_size(struct lc_kyber_768_pk, pk);
157}
158
162LC_PURE
163static inline unsigned int lc_kyber_768_ct_size(void)
164{
165 return lc_member_size(struct lc_kyber_768_ct, ct);
166}
167
171LC_PURE
172static inline unsigned int lc_kyber_768_ss_size(void)
173{
174 return lc_member_size(struct lc_kyber_768_ss, ss);
175}
176
187int lc_kyber_768_keypair(struct lc_kyber_768_pk *pk, struct lc_kyber_768_sk *sk,
188 struct lc_rng_ctx *rng_ctx);
189
210int lc_kyber_768_keypair_from_seed(struct lc_kyber_768_pk *pk,
211 struct lc_kyber_768_sk *sk,
212 const uint8_t *seed, size_t seedlen);
213
226int lc_kyber_768_enc(struct lc_kyber_768_ct *ct, struct lc_kyber_768_ss *ss,
227 const struct lc_kyber_768_pk *pk);
228
247int lc_kyber_768_enc_kdf(struct lc_kyber_768_ct *ct, uint8_t *ss, size_t ss_len,
248 const struct lc_kyber_768_pk *pk);
249
264int lc_kyber_768_dec(struct lc_kyber_768_ss *ss, const struct lc_kyber_768_ct *ct,
265 const struct lc_kyber_768_sk *sk);
266
287int lc_kyber_768_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_768_ct *ct,
288 const struct lc_kyber_768_sk *sk);
289
290/************************************* KEX ************************************/
291
354int lc_kex_768_uake_initiator_init(struct lc_kyber_768_pk *pk_e_i,
355 struct lc_kyber_768_ct *ct_e_i,
356 struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e,
357 const struct lc_kyber_768_pk *pk_r);
358
376int lc_kex_768_uake_responder_ss(struct lc_kyber_768_ct *ct_e_r, uint8_t *shared_secret,
377 size_t shared_secret_len, const uint8_t *kdf_nonce,
378 size_t kdf_nonce_len,
379 const struct lc_kyber_768_pk *pk_e_i,
380 const struct lc_kyber_768_ct *ct_e_i,
381 const struct lc_kyber_768_sk *sk_r);
382
400int lc_kex_768_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len,
401 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
402 const struct lc_kyber_768_ct *ct_e_r,
403 const struct lc_kyber_768_ss *tk,
404 const struct lc_kyber_768_sk *sk_e);
405
471int lc_kex_768_ake_initiator_init(struct lc_kyber_768_pk *pk_e_i,
472 struct lc_kyber_768_ct *ct_e_i,
473 struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e,
474 const struct lc_kyber_768_pk *pk_r);
475
496int lc_kex_768_ake_responder_ss(struct lc_kyber_768_ct *ct_e_r_1,
497 struct lc_kyber_768_ct *ct_e_r_2,
498 uint8_t *shared_secret, size_t shared_secret_len,
499 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
500 const struct lc_kyber_768_pk *pk_e_i,
501 const struct lc_kyber_768_ct *ct_e_i,
502 const struct lc_kyber_768_sk *sk_r,
503 const struct lc_kyber_768_pk *pk_i);
504
524int lc_kex_768_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len,
525 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
526 const struct lc_kyber_768_ct *ct_e_r_1,
527 const struct lc_kyber_768_ct *ct_e_r_2,
528 const struct lc_kyber_768_ss *tk,
529 const struct lc_kyber_768_sk *sk_e,
530 const struct lc_kyber_768_sk *sk_i);
531
532/************************************* IES ************************************/
533
562int lc_kyber_768_ies_enc(const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct,
563 const uint8_t *plaintext, uint8_t *ciphertext,
564 size_t datalen, const uint8_t *aad, size_t aadlen,
565 uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead);
566
593int lc_kyber_768_ies_enc_init(struct lc_aead_ctx *aead,
594 const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct,
595 const uint8_t *aad, size_t aadlen);
596
618static inline int lc_kyber_768_ies_enc_update(struct lc_aead_ctx *aead,
619 const uint8_t *plaintext,
620 uint8_t *ciphertext, size_t datalen)
621{
622 return lc_aead_enc_update(aead, plaintext, ciphertext, datalen);
623}
624
644static inline int lc_kyber_768_ies_enc_final(struct lc_aead_ctx *aead,
645 uint8_t *tag, size_t taglen)
646{
647 return lc_aead_enc_final(aead, tag, taglen);
648}
649
677int lc_kyber_768_ies_dec(const struct lc_kyber_768_sk *sk, const struct lc_kyber_768_ct *ct,
678 const uint8_t *ciphertext, uint8_t *plaintext,
679 size_t datalen, const uint8_t *aad, size_t aadlen,
680 const uint8_t *tag, size_t taglen,
681 struct lc_aead_ctx *aead);
682
708int lc_kyber_768_ies_dec_init(struct lc_aead_ctx *aead,
709 const struct lc_kyber_768_sk *sk,
710 const struct lc_kyber_768_ct *ct,
711 const uint8_t *aad, size_t aadlen);
712
734static inline int lc_kyber_768_ies_dec_update(struct lc_aead_ctx *aead,
735 const uint8_t *ciphertext,
736 uint8_t *plaintext, size_t datalen)
737{
738 return lc_aead_dec_update(aead, ciphertext, plaintext, datalen);
739}
740
760static inline int lc_kyber_768_ies_dec_final(struct lc_aead_ctx *aead,
761 const uint8_t *tag, size_t taglen)
762{
763 return lc_aead_dec_final(aead, tag, taglen);
764}
765
766/****************************** Kyber X25510 KEM ******************************/
767
768/*
769 * The double KEM implements Kyber KEM together with the X25519 elliptic curve
770 * KEX. The use is identical as the Kyber KEM. The only difference is that
771 * the transmitted pk and ct has a different content.
772 */
773/* Macro set during leancrypto compile time for target platform */
774#define LC_KYBER_X25519_KEM
775#ifdef LC_KYBER_X25519_KEM
776
777#include "lc_x25519.h"
778
782struct lc_kyber_768_x25519_sk {
783 struct lc_kyber_768_sk sk;
784 struct lc_x25519_sk sk_x25519;
785};
786
790struct lc_kyber_768_x25519_pk {
791 struct lc_kyber_768_pk pk;
792 struct lc_x25519_pk pk_x25519;
793};
794
798struct lc_kyber_768_x25519_ct {
799 struct lc_kyber_768_ct ct;
800 struct lc_x25519_pk pk_x25519;
801};
802
806struct lc_kyber_768_x25519_ss {
807 struct lc_kyber_768_ss ss;
808 struct lc_x25519_ss ss_x25519;
809};
810
822int lc_kyber_768_x25519_keypair(struct lc_kyber_768_x25519_pk *pk,
823 struct lc_kyber_768_x25519_sk *sk,
824 struct lc_rng_ctx *rng_ctx);
825
850int lc_kyber_768_x25519_enc_kdf(struct lc_kyber_768_x25519_ct *ct, uint8_t *ss,
851 size_t ss_len, const struct lc_kyber_768_x25519_pk *pk);
852
874int lc_kyber_768_x25519_dec_kdf(uint8_t *ss, size_t ss_len,
875 const struct lc_kyber_768_x25519_ct *ct,
876 const struct lc_kyber_768_x25519_sk *sk);
877
878/****************************** Kyber X25510 KEX ******************************/
879
896int lc_kex_768_x25519_uake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i,
897 struct lc_kyber_768_x25519_ct *ct_e_i,
898 struct lc_kyber_768_x25519_ss *tk,
899 struct lc_kyber_768_x25519_sk *sk_e,
900 const struct lc_kyber_768_x25519_pk *pk_r);
901
919int lc_kex_768_x25519_uake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r,
920 uint8_t *shared_secret,
921 size_t shared_secret_len,
922 const uint8_t *kdf_nonce,
923 size_t kdf_nonce_len,
924 const struct lc_kyber_768_x25519_pk *pk_e_i,
925 const struct lc_kyber_768_x25519_ct *ct_e_i,
926 const struct lc_kyber_768_x25519_sk *sk_r);
927
945int lc_kex_768_x25519_uake_initiator_ss(uint8_t *shared_secret,
946 size_t shared_secret_len,
947 const uint8_t *kdf_nonce,
948 size_t kdf_nonce_len,
949 const struct lc_kyber_768_x25519_ct *ct_e_r,
950 const struct lc_kyber_768_x25519_ss *tk,
951 const struct lc_kyber_768_x25519_sk *sk_e);
952
969int lc_kex_768_x25519_ake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i,
970 struct lc_kyber_768_x25519_ct *ct_e_i,
971 struct lc_kyber_768_x25519_ss *tk,
972 struct lc_kyber_768_x25519_sk *sk_e,
973 const struct lc_kyber_768_x25519_pk *pk_r);
974
995int lc_kex_768_x25519_ake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r_1,
996 struct lc_kyber_768_x25519_ct *ct_e_r_2,
997 uint8_t *shared_secret,
998 size_t shared_secret_len,
999 const uint8_t *kdf_nonce,
1000 size_t kdf_nonce_len,
1001 const struct lc_kyber_768_x25519_pk *pk_e_i,
1002 const struct lc_kyber_768_x25519_ct *ct_e_i,
1003 const struct lc_kyber_768_x25519_sk *sk_r,
1004 const struct lc_kyber_768_x25519_pk *pk_i);
1005
1025int lc_kex_768_x25519_ake_initiator_ss(uint8_t *shared_secret,
1026 size_t shared_secret_len,
1027 const uint8_t *kdf_nonce,
1028 size_t kdf_nonce_len,
1029 const struct lc_kyber_768_x25519_ct *ct_e_r_1,
1030 const struct lc_kyber_768_x25519_ct *ct_e_r_2,
1031 const struct lc_kyber_768_x25519_ss *tk,
1032 const struct lc_kyber_768_x25519_sk *sk_e,
1033 const struct lc_kyber_768_x25519_sk *sk_i);
1034
1035/****************************** Kyber X25519 IES ******************************/
1064int lc_kyber_768_x25519_ies_enc(const struct lc_kyber_768_x25519_pk *pk,
1065 struct lc_kyber_768_x25519_ct *ct,
1066 const uint8_t *plaintext, uint8_t *ciphertext,
1067 size_t datalen, const uint8_t *aad, size_t aadlen,
1068 uint8_t *tag, size_t taglen,
1069 struct lc_aead_ctx *aead);
1070
1097int lc_kyber_768_x25519_ies_enc_init(struct lc_aead_ctx *aead,
1098 const struct lc_kyber_768_x25519_pk *pk,
1099 struct lc_kyber_768_x25519_ct *ct,
1100 const uint8_t *aad, size_t aadlen);
1101
1121static inline int lc_kyber_768_x25519_ies_enc_update(struct lc_aead_ctx *aead,
1122 const uint8_t *plaintext,
1123 uint8_t *ciphertext,
1124 size_t datalen)
1125{
1126 return lc_aead_enc_update(aead, plaintext, ciphertext, datalen);
1127}
1128
1148static inline int lc_kyber_768_x25519_ies_enc_final(struct lc_aead_ctx *aead,
1149 uint8_t *tag, size_t taglen)
1150{
1151 return lc_aead_enc_final(aead, tag, taglen);
1152}
1153
1182int lc_kyber_768_x25519_ies_dec(const struct lc_kyber_768_x25519_sk *sk,
1183 const struct lc_kyber_768_x25519_ct *ct,
1184 const uint8_t *ciphertext, uint8_t *plaintext,
1185 size_t datalen, const uint8_t *aad, size_t aadlen,
1186 const uint8_t *tag, size_t taglen,
1187 struct lc_aead_ctx *aead);
1188
1215int lc_kyber_768_x25519_ies_dec_init(struct lc_aead_ctx *aead,
1216 const struct lc_kyber_768_x25519_sk *sk,
1217 const struct lc_kyber_768_x25519_ct *ct,
1218 const uint8_t *aad, size_t aadlen);
1219
1241static inline int lc_kyber_768_x25519_ies_dec_update(struct lc_aead_ctx *aead,
1242 const uint8_t *ciphertext,
1243 uint8_t *plaintext,
1244 size_t datalen)
1245{
1246 return lc_aead_dec_update(aead, ciphertext, plaintext, datalen);
1247}
1248
1268static inline int lc_kyber_768_x25519_ies_dec_final(struct lc_aead_ctx *aead,
1269 const uint8_t *tag,
1270 size_t taglen)
1271{
1272 return lc_aead_dec_final(aead, tag, taglen);
1273}
1274
1275#endif /* LC_KYBER_X25519_KEM */
1276
1277#endif /* __ASSEMBLER__ */
1278
1279/*
1280 * To allow including the different lc_kyber_*.h files, these macros need to be
1281 * undefined. Only during compilation of leancrypto, these macros remain defined
1282 * as this header file is not included multiple times.
1283 */
1284#ifndef LC_KYBER_INTERNAL
1285#undef LC_KYBER_K
1286#undef LC_KYBER_N
1287#undef LC_KYBER_Q
1288#undef LC_KYBER_SYMBYTES
1289#undef LC_KYBER_SSBYTES
1290#undef LC_KYBER_POLYBYTES
1291#undef LC_KYBER_POLYVECBYTES
1292#undef LC_KYBER_ETA1
1293#undef LC_KYBER_POLYCOMPRESSEDBYTES
1294#undef LC_KYBER_POLYVECCOMPRESSEDBYTES
1295#undef LC_KYBER_ETA2
1296#undef LC_KYBER_INDCPA_MSGBYTES
1297#undef LC_KYBER_INDCPA_PUBLICKEYBYTES
1298#undef LC_KYBER_INDCPA_SECRETKEYBYTES
1299#undef LC_KYBER_INDCPA_BYTES
1300#undef LC_KYBER_PUBLICKEYBYTES
1301#undef LC_KYBER_SECRETKEYBYTES
1302#undef LC_KYBER_CIPHERTEXTBYTES
1303#undef LC_CRYPTO_SECRETKEYBYTES
1304#undef LC_CRYPTO_PUBLICKEYBYTES
1305#undef LC_CRYPTO_CIPHERTEXTBYTES
1306#undef LC_CRYPTO_BYTES
1307#endif /* LC_KYBER_INTERNAL */
1308
1309#ifdef __cplusplus
1310}
1311#endif
1312
1313#endif /* LC_KYBER_768_H */
lc_aead_dec_update
static int lc_aead_dec_update(struct lc_aead_ctx *ctx, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
AEAD-decrypt data - send partial data.
Definition lc_aead.h:393
lc_aead_dec_final
static int lc_aead_dec_final(struct lc_aead_ctx *ctx, const uint8_t *tag, size_t taglen)
AEAD-decrypt data - Perform authentication.
Definition lc_aead.h:426
lc_aead_enc_update
static int lc_aead_enc_update(struct lc_aead_ctx *ctx, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
AEAD-encrypt data - send partial data.
Definition lc_aead.h:246
lc_aead_enc_final
static int lc_aead_enc_final(struct lc_aead_ctx *ctx, uint8_t *tag, size_t taglen)
Complete AEAD encryption - Obtain the authentication tag from the encryption operation.
Definition lc_aead.h:280
lc_aead.h
lc_kyber_768_ies_enc_final
static int lc_kyber_768_ies_enc_final(struct lc_aead_ctx *aead, uint8_t *tag, size_t taglen)
lc_kyber_ies_enc_final - KyberIES encryption stream operation finalization / integrity test
Definition lc_kyber_768.h:644
lc_kyber_768_x25519_keypair
int lc_kyber_768_x25519_keypair(struct lc_kyber_768_x25519_pk *pk, struct lc_kyber_768_x25519_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_x25519_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulatio...
lc_kyber_768_ies_enc_init
int lc_kyber_768_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_enc_init - KyberIES encryption stream operation initialization
lc_kyber_768_dec_kdf
int lc_kyber_768_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_768_ct *ct, const struct lc_kyber_768_sk *sk)
lc_kyber_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_768_ies_dec
int lc_kyber_768_ies_dec(const struct lc_kyber_768_sk *sk, const struct lc_kyber_768_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_dec - KyberIES decryption oneshot
lc_kyber_768_x25519_ies_dec_final
static int lc_kyber_768_x25519_ies_dec_final(struct lc_aead_ctx *aead, const uint8_t *tag, size_t taglen)
lc_kyber _x25519_ies_dec_final - KyberIES decryption stream operation finalization / integrity test
Definition lc_kyber_768.h:1268
lc_kyber_768_x25519_ies_dec
int lc_kyber_768_x25519_ies_dec(const struct lc_kyber_768_x25519_sk *sk, const struct lc_kyber_768_x25519_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_dec - KyberIES decryption oneshot
lc_kyber_768_keypair
int lc_kyber_768_keypair(struct lc_kyber_768_pk *pk, struct lc_kyber_768_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulation mecha...
lc_kyber_768_ss_size
static LC_PURE unsigned int lc_kyber_768_ss_size(void)
Return the size of the Kyber shared secret.
Definition lc_kyber_768.h:172
lc_kyber_768_x25519_ies_enc_final
static int lc_kyber_768_x25519_ies_enc_final(struct lc_aead_ctx *aead, uint8_t *tag, size_t taglen)
lc_kyber_x25519_ies_enc_final - KyberIES encryption stream operation finalization / integrity test
Definition lc_kyber_768.h:1148
lc_kyber_768_enc_kdf
int lc_kyber_768_enc_kdf(struct lc_kyber_768_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_768_pk *pk)
lc_kyber_768_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kyber_768_sk::sk
uint8_t sk[LC_KYBER_SECRETKEYBYTES]
Definition lc_kyber_768.h:117
lc_kyber_768_ct_size
static LC_PURE unsigned int lc_kyber_768_ct_size(void)
Return the size of the Kyber ciphertext.
Definition lc_kyber_768.h:163
lc_kyber_768_ies_dec_update
static int lc_kyber_768_ies_dec_update(struct lc_aead_ctx *aead, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
lc_kyber_ies_dec_update - KyberIES decryption stream operation add more data
Definition lc_kyber_768.h:734
lc_kyber_768_x25519_ies_dec_init
int lc_kyber_768_x25519_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_x25519_sk *sk, const struct lc_kyber_768_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_dec_init - KyberIES decryption stream operation initialization
lc_kyber_768_x25519_ies_enc
int lc_kyber_768_x25519_ies_enc(const struct lc_kyber_768_x25519_pk *pk, struct lc_kyber_768_x25519_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_enc - KyberIES encryption oneshot
lc_kyber_768_ies_enc_update
static int lc_kyber_768_ies_enc_update(struct lc_aead_ctx *aead, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
lc_kyber_ies_enc_update - KyberIES encryption stream operation add more data
Definition lc_kyber_768.h:618
lc_kex_768_x25519_ake_initiator_ss
int lc_kex_768_x25519_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_ct *ct_e_r_1, const struct lc_kyber_768_x25519_ct *ct_e_r_2, const struct lc_kyber_768_x25519_ss *tk, const struct lc_kyber_768_x25519_sk *sk_e, const struct lc_kyber_768_x25519_sk *sk_i)
lc_kex_x25519_ake_initiator_ss - Responder's shared secret generation
lc_kyber_768_x25519_ct::ct
struct lc_kyber_768_ct ct
Definition lc_kyber_768.h:799
lc_kex_768_ake_initiator_ss
int lc_kex_768_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_ct *ct_e_r_1, const struct lc_kyber_768_ct *ct_e_r_2, const struct lc_kyber_768_ss *tk, const struct lc_kyber_768_sk *sk_e, const struct lc_kyber_768_sk *sk_i)
lc_kex_ake_initiator_ss - Responder's shared secret generation
lc_kyber_768_x25519_sk::sk
struct lc_kyber_768_sk sk
Definition lc_kyber_768.h:783
lc_kyber_768_x25519_pk::pk
struct lc_kyber_768_pk pk
Definition lc_kyber_768.h:791
lc_kex_768_ake_initiator_init
int lc_kex_768_ake_initiator_init(struct lc_kyber_768_pk *pk_e_i, struct lc_kyber_768_ct *ct_e_i, struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e, const struct lc_kyber_768_pk *pk_r)
lc_kex_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_768_dec
int lc_kyber_768_dec(struct lc_kyber_768_ss *ss, const struct lc_kyber_768_ct *ct, const struct lc_kyber_768_sk *sk)
lc_kyber_dec - Key decapsulation
lc_kex_768_x25519_ake_initiator_init
int lc_kex_768_x25519_ake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i, struct lc_kyber_768_x25519_ct *ct_e_i, struct lc_kyber_768_x25519_ss *tk, struct lc_kyber_768_x25519_sk *sk_e, const struct lc_kyber_768_x25519_pk *pk_r)
lc_kex_x25519_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_768_x25519_ss::ss
struct lc_kyber_768_ss ss
Definition lc_kyber_768.h:807
lc_kyber_768_x25519_ss::ss_x25519
struct lc_x25519_ss ss_x25519
Definition lc_kyber_768.h:808
lc_kyber_768_ies_dec_init
int lc_kyber_768_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_sk *sk, const struct lc_kyber_768_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_dec_init - KyberIES decryption stream operation initialization
lc_kex_768_x25519_ake_responder_ss
int lc_kex_768_x25519_ake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r_1, struct lc_kyber_768_x25519_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_pk *pk_e_i, const struct lc_kyber_768_x25519_ct *ct_e_i, const struct lc_kyber_768_x25519_sk *sk_r, const struct lc_kyber_768_x25519_pk *pk_i)
lc_kex_x25519_ake_responder_ss - Initiator's shared secret generation
lc_kyber_768_enc
int lc_kyber_768_enc(struct lc_kyber_768_ct *ct, struct lc_kyber_768_ss *ss, const struct lc_kyber_768_pk *pk)
lc_kyber_enc - Key encapsulation
lc_kyber_768_x25519_dec_kdf
int lc_kyber_768_x25519_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_768_x25519_ct *ct, const struct lc_kyber_768_x25519_sk *sk)
lc_kyber_x25519_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_768_x25519_ies_enc_init
int lc_kyber_768_x25519_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_x25519_pk *pk, struct lc_kyber_768_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_enc_init - KyberIES encryption stream operation initialization
lc_kyber_768_pk_size
static LC_PURE unsigned int lc_kyber_768_pk_size(void)
Return the size of the Kyber public key.
Definition lc_kyber_768.h:154
lc_kex_768_uake_responder_ss
int lc_kex_768_uake_responder_ss(struct lc_kyber_768_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_pk *pk_e_i, const struct lc_kyber_768_ct *ct_e_i, const struct lc_kyber_768_sk *sk_r)
lc_kex_uake_responder_ss - Initiator's shared secret generation
lc_kyber_768_pk::pk
uint8_t pk[LC_KYBER_PUBLICKEYBYTES]
Definition lc_kyber_768.h:124
lc_kyber_768_sk_size
static LC_PURE unsigned int lc_kyber_768_sk_size(void)
Return the size of the Kyber secret key.
Definition lc_kyber_768.h:145
lc_kyber_768_ss::ss
uint8_t ss[LC_KYBER_SSBYTES]
Definition lc_kyber_768.h:138
lc_kyber_768_x25519_sk::sk_x25519
struct lc_x25519_sk sk_x25519
Definition lc_kyber_768.h:784
lc_kex_768_x25519_uake_initiator_init
int lc_kex_768_x25519_uake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i, struct lc_kyber_768_x25519_ct *ct_e_i, struct lc_kyber_768_x25519_ss *tk, struct lc_kyber_768_x25519_sk *sk_e, const struct lc_kyber_768_x25519_pk *pk_r)
lc_kex_x25519_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kyber_768_ies_enc
int lc_kyber_768_ies_enc(const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_enc - KyberIES encryption oneshot
lc_kyber_768_ies_dec_final
static int lc_kyber_768_ies_dec_final(struct lc_aead_ctx *aead, const uint8_t *tag, size_t taglen)
lc_kyber_ies_dec_final - KyberIES decryption stream operation finalization / integrity test
Definition lc_kyber_768.h:760
lc_kex_768_uake_initiator_init
int lc_kex_768_uake_initiator_init(struct lc_kyber_768_pk *pk_e_i, struct lc_kyber_768_ct *ct_e_i, struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e, const struct lc_kyber_768_pk *pk_r)
lc_kex_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kex_768_uake_initiator_ss
int lc_kex_768_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_ct *ct_e_r, const struct lc_kyber_768_ss *tk, const struct lc_kyber_768_sk *sk_e)
lc_kex_uake_initiator_ss - Responder's shared secret generation
lc_kyber_768_ct::ct
uint8_t ct[LC_CRYPTO_CIPHERTEXTBYTES]
Definition lc_kyber_768.h:131
lc_kyber_768_x25519_ies_dec_update
static int lc_kyber_768_x25519_ies_dec_update(struct lc_aead_ctx *aead, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
lc_kyber_x25519_ies_dec_update - KyberIES decryption stream operation add more data
Definition lc_kyber_768.h:1241
lc_kex_768_x25519_uake_initiator_ss
int lc_kex_768_x25519_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_ct *ct_e_r, const struct lc_kyber_768_x25519_ss *tk, const struct lc_kyber_768_x25519_sk *sk_e)
lc_kex_x25519_uake_initiator_ss - Responder's shared secret generation
lc_kex_768_x25519_uake_responder_ss
int lc_kex_768_x25519_uake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_pk *pk_e_i, const struct lc_kyber_768_x25519_ct *ct_e_i, const struct lc_kyber_768_x25519_sk *sk_r)
lc_kex_x25519_uake_responder_ss - Initiator's shared secret generation
lc_kex_768_ake_responder_ss
int lc_kex_768_ake_responder_ss(struct lc_kyber_768_ct *ct_e_r_1, struct lc_kyber_768_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_pk *pk_e_i, const struct lc_kyber_768_ct *ct_e_i, const struct lc_kyber_768_sk *sk_r, const struct lc_kyber_768_pk *pk_i)
lc_kex_ake_responder_ss - Initiator's shared secret generation
lc_kyber_768_x25519_enc_kdf
int lc_kyber_768_x25519_enc_kdf(struct lc_kyber_768_x25519_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_768_x25519_pk *pk)
lc_kyber_x25519_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kyber_768_x25519_ct::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_768.h:800
lc_kyber_768_x25519_ies_enc_update
static int lc_kyber_768_x25519_ies_enc_update(struct lc_aead_ctx *aead, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
lc_kyber_x25519_ies_enc_update - KyberIES encryption stream operation add more data
Definition lc_kyber_768.h:1121
lc_kyber_768_x25519_pk::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_768.h:792
lc_kyber_768_keypair_from_seed
int lc_kyber_768_keypair_from_seed(struct lc_kyber_768_pk *pk, struct lc_kyber_768_sk *sk, const uint8_t *seed, size_t seedlen)
lc_kyber__keypair_from_seed - Generates Kyber public and private key from a given seed.
lc_kyber_768_ct
Kyber ciphertext.
Definition lc_kyber_768.h:130
lc_kyber_768_pk
Kyber public key.
Definition lc_kyber_768.h:123
lc_kyber_768_sk
Kyber secret key.
Definition lc_kyber_768.h:116
lc_kyber_768_ss
Kyber shared secret.
Definition lc_kyber_768.h:137
lc_kyber_768_x25519_ct
Kyber ciphertext.
Definition lc_kyber_768.h:798
lc_kyber_768_x25519_pk
Kyber public key.
Definition lc_kyber_768.h:790
lc_kyber_768_x25519_sk
Kyber secret key.
Definition lc_kyber_768.h:782
lc_kyber_768_x25519_ss
Kyber shared secret.
Definition lc_kyber_768.h:806
lc_rng.h
Generated by doxygen 1.11.0