Botan 3.7.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Classic_McEliece_Decryptor Class Referencefinal

#include <cmce_decaps.h>

Inheritance diagram for Botan::Classic_McEliece_Decryptor:
Botan::PK_Ops::KEM_Decryption_with_KDF Botan::PK_Ops::KEM_Decryption

Public Member Functions

 Classic_McEliece_Decryptor (std::shared_ptr< Classic_McEliece_PrivateKeyInternal > key, std::string_view kdf)
 Constructs a Classic_McEliece_Decryptor object with the given private key.
 
size_t encapsulated_key_length () const override
 
void kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key, size_t desired_shared_key_len, std::span< const uint8_t > salt) final
 
void raw_kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key) override
 
size_t raw_kem_shared_key_length () const override
 
size_t shared_key_length (size_t desired_shared_key_len) const final
 

Detailed Description

Classic McEliece Decapsulation Operation

Definition at line 27 of file cmce_decaps.h.

Constructor & Destructor Documentation

◆ Classic_McEliece_Decryptor()

Botan::Classic_McEliece_Decryptor::Classic_McEliece_Decryptor ( std::shared_ptr< Classic_McEliece_PrivateKeyInternal > key,
std::string_view kdf )
inline

Constructs a Classic_McEliece_Decryptor object with the given private key.

Parameters
keyThe private key used for decryption.

Definition at line 33 of file cmce_decaps.h.

33 :
34 KEM_Decryption_with_KDF(kdf), m_key(std::move(key)) {}
Botan::PK_Ops::KEM_Decryption_with_KDF::KEM_Decryption_with_KDF
KEM_Decryption_with_KDF(std::string_view kdf)
Definition pk_ops.cpp:262

Member Function Documentation

◆ encapsulated_key_length()

size_t Botan::Classic_McEliece_Decryptor::encapsulated_key_length ( ) const
inlineoverridevirtual

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 38 of file cmce_decaps.h.

38{ return m_key->params().ciphertext_size(); }

◆ kem_decrypt()

void Botan::PK_Ops::KEM_Decryption_with_KDF::kem_decrypt ( std::span< uint8_t > out_shared_key,
std::span< const uint8_t > encapsulated_key,
size_t desired_shared_key_len,
std::span< const uint8_t > salt )
finalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 243 of file pk_ops.cpp.

246 {
247 BOTAN_ARG_CHECK(salt.empty() || m_kdf, "PK_KEM_Decryptor::decrypt requires a KDF to use a salt");
248
249 if(m_kdf) {
250 BOTAN_ASSERT_EQUAL(
251 out_shared_key.size(), desired_shared_key_len, "KDF output length and shared key length match");
252
253 secure_vector<uint8_t> raw_shared(raw_kem_shared_key_length());
254 this->raw_kem_decrypt(raw_shared, encapsulated_key);
255 m_kdf->derive_key(out_shared_key, raw_shared, salt, {});
256 } else {
257 BOTAN_ASSERT_EQUAL(out_shared_key.size(), raw_kem_shared_key_length(), "Shared key has raw KEM output length");
258 this->raw_kem_decrypt(out_shared_key, encapsulated_key);
259 }
260}
BOTAN_ASSERT_EQUAL
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition assert.h:68
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Botan::PK_Ops::KEM_Decryption_with_KDF::raw_kem_decrypt
virtual void raw_kem_decrypt(std::span< uint8_t > out_raw_shared_key, std::span< const uint8_t > encapsulated_key)=0
Botan::PK_Ops::KEM_Decryption_with_KDF::raw_kem_shared_key_length
virtual size_t raw_kem_shared_key_length() const =0
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

References BOTAN_ARG_CHECK, and BOTAN_ASSERT_EQUAL.

◆ raw_kem_decrypt()

void Botan::Classic_McEliece_Decryptor::raw_kem_decrypt ( std::span< uint8_t > out_shared_key,
std::span< const uint8_t > encapsulated_key )
overridevirtual

Implements Botan::PK_Ops::KEM_Decryption_with_KDF.

Definition at line 125 of file cmce_decaps.cpp.

126 {
127 BOTAN_ARG_CHECK(out_shared_key.size() == m_key->params().hash_out_bytes(), "Invalid shared key output size");
128 BOTAN_ARG_CHECK(encapsulated_key.size() == m_key->params().ciphertext_size(), "Invalid ciphertext size");
129
130 auto scope = CT::scoped_poison(*m_key);
131
132 auto [ct, c1] = [&]() -> std::pair<CmceCodeWord, std::span<const uint8_t>> {
133 if(m_key->params().is_pc()) {
134 BufferSlicer encaps_key_slicer(encapsulated_key);
135 auto c0_ret = encaps_key_slicer.take(m_key->params().encode_out_size());
136 auto c1_ret = encaps_key_slicer.take(m_key->params().hash_out_bytes());
137 BOTAN_ASSERT_NOMSG(encaps_key_slicer.empty());
138 return {CmceCodeWord(secure_bitvector(c0_ret, m_key->params().m() * m_key->params().t())), c1_ret};
139 } else {
140 return {CmceCodeWord(secure_bitvector(encapsulated_key, m_key->params().m() * m_key->params().t())), {}};
141 }
142 }();
143
144 auto [decode_success_mask, maybe_e] = decode(ct);
145
146 secure_vector<uint8_t> e_bytes(m_key->s().size());
147 decode_success_mask.select_n(e_bytes.data(), maybe_e.get().to_bytes().data(), m_key->s().data(), m_key->s().size());
148 uint8_t b = decode_success_mask.select(1, 0);
149
150 auto hash_func = m_key->params().hash_func();
151
152 if(m_key->params().is_pc()) {
153 hash_func->update(0x02);
154 hash_func->update(e_bytes);
155 const auto c1_p = hash_func->final_stdvec();
156 const CT::Mask<uint8_t> eq_mask = CT::is_equal(c1.data(), c1_p.data(), c1.size());
157 eq_mask.select_n(e_bytes.data(), e_bytes.data(), m_key->s().data(), m_key->s().size());
158 b = eq_mask.select(b, 0);
159 }
160
161 hash_func->update(b);
162 hash_func->update(e_bytes);
163 hash_func->update(encapsulated_key);
164 hash_func->final(out_shared_key);
165 CT::unpoison(out_shared_key);
166}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
Botan::CT::scoped_poison
constexpr auto scoped_poison(const Ts &... xs)
Definition ct_utils.h:216
Botan::CT::is_equal
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:788
Botan::CT::unpoison
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:64
Botan::CmceCodeWord
Strong< secure_bitvector, struct CmceCodeWord_ > CmceCodeWord
Represents C of decapsulation.
Definition cmce_types.h:52
Botan::secure_bitvector
bitvector_base< secure_allocator > secure_bitvector
Definition bitvector.h:1297
Botan::b
const SIMD_8x32 & b
Definition simd_avx2_gfni.h:63

References Botan::b, BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, Botan::BufferSlicer::empty(), Botan::CT::is_equal(), Botan::CT::scoped_poison(), Botan::CT::Mask< T >::select(), Botan::CT::Mask< T >::select_n(), Botan::BufferSlicer::take(), and Botan::CT::unpoison().

◆ raw_kem_shared_key_length()

size_t Botan::Classic_McEliece_Decryptor::raw_kem_shared_key_length ( ) const
inlineoverridevirtual

Implements Botan::PK_Ops::KEM_Decryption_with_KDF.

Definition at line 36 of file cmce_decaps.h.

36{ return m_key->params().hash_out_bytes(); }

◆ shared_key_length()

size_t Botan::PK_Ops::KEM_Decryption_with_KDF::shared_key_length ( size_t desired_shared_key_len) const
finalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 235 of file pk_ops.cpp.

235 {
236 if(m_kdf) {
237 return desired_shared_key_len;
238 } else {
239 return this->raw_kem_shared_key_length();
240 }
241}
The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0