Botan::Classic_McEliece_Encryptor Class Referencefinal
#include <cmce_encaps.h>
Inheritance diagram for Botan::Classic_McEliece_Encryptor:
Public Member Functions | |
| Classic_McEliece_Encryptor (std::shared_ptr< Classic_McEliece_PublicKeyInternal > key, std::string_view kdf) | |
| size_t | encapsulated_key_length () const override |
| void | kem_encrypt (std::span< uint8_t > out_encapsulated_key, std::span< uint8_t > out_shared_key, RandomNumberGenerator &rng, size_t desired_shared_key_len, std::span< const uint8_t > salt) final |
| void | raw_kem_encrypt (std::span< uint8_t > out_encapsulated_key, std::span< uint8_t > out_shared_key, RandomNumberGenerator &rng) override |
| size_t | raw_kem_shared_key_length () const override |
| size_t | shared_key_length (size_t desired_shared_key_len) const final |
Detailed Description
Classic McEliece Encapsulation Operation
Definition at line 28 of file cmce_encaps.h.
Constructor & Destructor Documentation
◆ Classic_McEliece_Encryptor()
|
inline |
Definition at line 30 of file cmce_encaps.h.
30 :
31 KEM_Encryption_with_KDF(kdf), m_key(std::move(key)) {}
KEM_Encryption_with_KDF(std::string_view kdf)
Definition pk_ops.cpp:227
Member Function Documentation
◆ encapsulated_key_length()
|
inlineoverridevirtual |
Implements Botan::PK_Ops::KEM_Encryption.
Definition at line 35 of file cmce_encaps.h.
35{ return m_key->params().ciphertext_size(); }
◆ kem_encrypt()
|
finalvirtualinherited |
Implements Botan::PK_Ops::KEM_Encryption.
Definition at line 206 of file pk_ops.cpp.
210 {
211 BOTAN_ARG_CHECK(salt.empty() || m_kdf, "PK_KEM_Encryptor::encrypt requires a KDF to use a salt");
213
214 if(m_kdf) {
215 BOTAN_ASSERT_EQUAL(
216 out_shared_key.size(), desired_shared_key_len, "KDF output length and shared key length match");
217
219 this->raw_kem_encrypt(out_encapsulated_key, raw_shared, rng);
220 m_kdf->derive_key(out_shared_key, raw_shared, salt, {});
221 } else {
222 BOTAN_ASSERT_EQUAL(out_shared_key.size(), raw_kem_shared_key_length(), "Shared key has raw KEM output length");
223 this->raw_kem_encrypt(out_encapsulated_key, out_shared_key, rng);
224 }
225}
virtual size_t raw_kem_shared_key_length() const =0
virtual void raw_kem_encrypt(std::span< uint8_t > out_encapsulated_key, std::span< uint8_t > out_raw_shared_key, RandomNumberGenerator &rng)=0
virtual size_t encapsulated_key_length() const =0
References BOTAN_ARG_CHECK, BOTAN_ASSERT_EQUAL, and BOTAN_ASSERT_NOMSG.
◆ raw_kem_encrypt()
|
overridevirtual |
Implements Botan::PK_Ops::KEM_Encryption_with_KDF.
Definition at line 84 of file cmce_encaps.cpp.
86 {
87 BOTAN_ARG_CHECK(out_encapsulated_key.size() == m_key->params().ciphertext_size(),
88 "Incorrect encapsulated key output length");
89 BOTAN_ARG_CHECK(out_shared_key.size() == m_key->params().hash_out_bytes(), "Incorrect shared key output length");
90
91 const auto& params = m_key->params();
92
93 // Call fixed_weight until it is successful to
94 // create a random error vector e of weight tau
96 // Emergency abort in case unexpected logical error to prevent endless loops
97 // Success probability: >24% per attempt (25% that elements are distinct * 96% enough elements are in range)
98 // => 203 attempts for 2^(-80) fail probability
99 constexpr size_t MAX_ATTEMPTS = 203;
100 for(size_t attempt = 0; attempt < MAX_ATTEMPTS; ++attempt) {
101 if(auto maybe_e = fixed_weight_vector_gen(params, rng)) {
102 return maybe_e.value();
103 }
104 }
106 }();
107
108 auto hash_func = params.hash_func();
109
110 BufferStuffer big_c_stuf(out_encapsulated_key);
111 const auto e_bytes = e.get().to_bytes();
112 // Compute and store ciphertext C/C_0 from spec
113 const auto big_c_0 = encode(params, e, m_key->matrix());
114 big_c_0.to_bytes(big_c_stuf.next(ceil_tobytes(big_c_0.size())));
115 if(params.is_pc()) {
116 // Compute and store ciphertext C_1 from spec
117 hash_func->update(0x02);
118 hash_func->update(e_bytes);
119 hash_func->final(big_c_stuf.next(hash_func->output_length()));
120 }
121 BOTAN_ASSERT_NOMSG(big_c_stuf.full());
122
123 // Compute K = Hash(1,e,C) from spec
124 hash_func->update(0x01);
125 hash_func->update(e_bytes);
126 hash_func->update(out_encapsulated_key);
127 hash_func->final(out_shared_key);
128 CT::unpoison_all(out_encapsulated_key, out_shared_key);
129}
@ Internal_Error
Strong< secure_bitvector, struct CmceErrorVector_ > CmceErrorVector
Represents e of encapsulation.
Definition cmce_types.h:49
References BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, Botan::ceil_tobytes(), Botan::BufferStuffer::full(), Botan::detail::Strong_Base< T >::get(), Botan::BufferStuffer::next(), and Botan::CT::unpoison_all().
◆ raw_kem_shared_key_length()
|
inlineoverridevirtual |
Implements Botan::PK_Ops::KEM_Encryption_with_KDF.
Definition at line 33 of file cmce_encaps.h.
33{ return m_key->params().hash_out_bytes(); }
◆ shared_key_length()
|
finalvirtualinherited |
Implements Botan::PK_Ops::KEM_Encryption.
Definition at line 198 of file pk_ops.cpp.
198 {
199 if(m_kdf) {
200 return desired_shared_key_len;
201 } else {
203 }
204}
The documentation for this class was generated from the following files:
- src/lib/pubkey/classic_mceliece/cmce_encaps.h
- src/lib/pubkey/classic_mceliece/cmce_encaps.cpp
Generated by
1.12.0