Leancrypto 0.12.0
Post-Quantum Cryptographic Library
|
Go to the source code of this file.
Macros | |
#define | LC_KH_CTX_ON_STACK(name, sym, hash) |
Allocate stack memory for the symmetric/KMAC cryptor context. | |
Functions | |
int | lc_kh_alloc (const struct lc_sym *sym, const struct lc_hash *hash, struct lc_aead_ctx **ctx) |
Allocate symmetric algorithm with KMAC cryptor context on heap. | |
#define LC_KH_CTX_ON_STACK | ( | name, | |
sym, | |||
hash ) |
Allocate stack memory for the symmetric/KMAC cryptor context.
[in] | name | Name of the stack variable |
[in] | sym | Symmetric algorithm implementation of type struct lc_sym used for the encryption / decryption operation |
[in] | hash | KMAC implementation KMAC authentication - use lc_cshake256 or lc_cshake128 (though, note: the lc_cshake256 has a lower memory footprint, and has a higher security strength, yet cSHAKE128 may be a bit faster) |
Definition at line 311 of file lc_symkmac.h.
int lc_kh_alloc | ( | const struct lc_sym * | sym, |
const struct lc_hash * | hash, | ||
struct lc_aead_ctx ** | ctx ) |
Allocate symmetric algorithm with KMAC cryptor context on heap.
This specification defines a symmetric stream cipher algorithm using the authenticated encryption with associated data (AEAD) approach. This algorithm can be used to encrypt and decrypt arbitrary user data. The cipher algorithm uses a symmetric algorithm to encrypt/decrypt data along with a KMAC to perform the data authentication. The keys for both the symmetric algorithm as well as the KMAC are derived from the caller-provided key. The result of the KMAC authentication is the message authentication tag which is used during decryption to verify the integrity of the ciphertext.
This specification defines a symmetric algorithm using the authenticated encryption with additional data (AEAD) approach. This algorithm can be used to encrypt and decrypt arbitrary user data.
The base of the algorithm is the encryption / decryption of the data using the symmetric algorithm and the authentication of the ciphertext with a KMAC.
The algorithm applies an Encrypt-Then-MAC by calculating a message authentication tag using KMAC over the ciphertext. During decryption, this calculated message authentication tag is compared with the message authentication tag obtained during the encryption operation. If both values show a mismatch, the authentication fails and the decryption operation is terminated. Only when both message authentication tags are identical the decryption operation completes successfully and returns the decrypted message.
The caller-provided key is inserted into the KMAC-hash to derive the key for the symmetric algorithm as well as the KMAC. The caller-provided IV is inserted into the symmetric algorithm.
The size of the key is defined to be 256 bits. The size of the IV is defined by the choice symmetric algorithm.
As part of the authentication, the algorithm allows the addition of additional authenticated data (AAD) of arbitrary size. This AAD is inserted into the authentication KMAC instance during calculating the message authentication tag.
The algorithm matches the specification of [SP800-38F] section 3.1.
The "Sym" algorithm denotes an arbitrary symmetric algorithm function, such as AES-CBC, AES-CTR or similar [SP800-38A]. The "Sym" algorithm has 4 arguments: the symmetric algorithm type such as AES-CBC, the main input bit string, the key and the IV. It produces an output string of equal size of the input. It may be possible that the algorithm operates on a fixed block size where the input bit string must be a multiple of the block size. The caller must ensure that the input bit string is a multiple of the block size.
The KMAC-hash denotes the KMACXOF256 function [SP800-185] instantiated with either cSHAKE 256 or cSHAKE 128 [FIPS202] depending on the use case. The KMAC-hash has 4 arguments: the key K, the main input bit string X, the requested output length L in bits, and an optional customization bit string S.
The inputs to the KMAC-hash function are specified with references to these parameters.
The common processing of data is performed as follows:
The calculation of the message authentication tag is performed as follows:
The encryption operation is performed as follows:
The decryption operation is performed as follows:
If the authentication result indicates a failure, the result of the decryption operation SHALL be discarded.
[SP800-38A] NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation, 2001 Edition
[SP800-38F] NIST Special Publication 800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, December 2012
[SP800-185] John Kelsey, Shu-jen Chang, Ray Perlne, NIST Special Publication 800-185 SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash, December 2016
[in] | sym | Symmetric algorithm implementation of type struct lc_sym used for the encryption / decryption operation |
[in] | hash | KMAC implementation KMAC authentication - use lc_cshake256 for now |
[out] | ctx | Allocated symmetric/KMAC cryptor context |