Botan::Classic_McEliece_Encryptor Class Referencefinal
#include <cmce_encaps.h>
Inheritance diagram for Botan::Classic_McEliece_Encryptor:
Public Member Functions | |
| Classic_McEliece_Encryptor (std::shared_ptr< Classic_McEliece_PublicKeyInternal > key, std::string_view kdf) | |
| size_t | encapsulated_key_length () const override |
| void | kem_encrypt (std::span< uint8_t > out_encapsulated_key, std::span< uint8_t > out_shared_key, RandomNumberGenerator &rng, size_t desired_shared_key_len, std::span< const uint8_t > salt) final |
| void | raw_kem_encrypt (std::span< uint8_t > out_encapsulated_key, std::span< uint8_t > out_shared_key, RandomNumberGenerator &rng) override |
| size_t | raw_kem_shared_key_length () const override |
| size_t | shared_key_length (size_t desired_shared_key_len) const final |
Detailed Description
Classic McEliece Encapsulation Operation
Definition at line 28 of file cmce_encaps.h.
Constructor & Destructor Documentation
◆ Classic_McEliece_Encryptor()
|
inline |
Definition at line 30 of file cmce_encaps.h.
30 :
31 KEM_Encryption_with_KDF(kdf), m_key(std::move(key)) {}
KEM_Encryption_with_KDF(std::string_view kdf)
Definition pk_ops.cpp:231
References Botan::PK_Ops::KEM_Encryption_with_KDF::KEM_Encryption_with_KDF().
Member Function Documentation
◆ encapsulated_key_length()
|
inlineoverridevirtual |
Implements Botan::PK_Ops::KEM_Encryption.
Definition at line 35 of file cmce_encaps.h.
35{ return m_key->params().ciphertext_size(); }
◆ kem_encrypt()
|
finalvirtualinherited |
Implements Botan::PK_Ops::KEM_Encryption.
Definition at line 210 of file pk_ops.cpp.
214 {
215 BOTAN_ARG_CHECK(salt.empty() || m_kdf, "PK_KEM_Encryptor::encrypt requires a KDF to use a salt");
217
218 if(m_kdf) {
219 BOTAN_ASSERT_EQUAL(
220 out_shared_key.size(), desired_shared_key_len, "KDF output length and shared key length match");
221
223 this->raw_kem_encrypt(out_encapsulated_key, raw_shared, rng);
224 m_kdf->derive_key(out_shared_key, raw_shared, salt, {});
225 } else {
226 BOTAN_ASSERT_EQUAL(out_shared_key.size(), raw_kem_shared_key_length(), "Shared key has raw KEM output length");
227 this->raw_kem_encrypt(out_encapsulated_key, out_shared_key, rng);
228 }
229}
virtual size_t raw_kem_shared_key_length() const =0
virtual void raw_kem_encrypt(std::span< uint8_t > out_encapsulated_key, std::span< uint8_t > out_raw_shared_key, RandomNumberGenerator &rng)=0
virtual size_t encapsulated_key_length() const =0
References BOTAN_ARG_CHECK, BOTAN_ASSERT_EQUAL, BOTAN_ASSERT_NOMSG, Botan::PK_Ops::KEM_Encryption::encapsulated_key_length(), raw_kem_encrypt(), and raw_kem_shared_key_length().
◆ raw_kem_encrypt()
|
overridevirtual |
Implements Botan::PK_Ops::KEM_Encryption_with_KDF.
Definition at line 87 of file cmce_encaps.cpp.
89 {
90 BOTAN_ARG_CHECK(out_encapsulated_key.size() == m_key->params().ciphertext_size(),
91 "Incorrect encapsulated key output length");
92 BOTAN_ARG_CHECK(out_shared_key.size() == m_key->params().hash_out_bytes(), "Incorrect shared key output length");
93
94 const auto& params = m_key->params();
95
96 // Call fixed_weight until it is successful to
97 // create a random error vector e of weight tau
99 // Emergency abort in case unexpected logical error to prevent endless loops
100 // Success probability: >24% per attempt (25% that elements are distinct * 96% enough elements are in range)
101 // => 647 attempts for 2^(-256) fail probability
102 constexpr size_t MAX_ATTEMPTS = 647;
103 for(size_t attempt = 0; attempt < MAX_ATTEMPTS; ++attempt) {
104 if(auto maybe_e = fixed_weight_vector_gen(params, rng)) {
105 return maybe_e.value();
106 }
107 }
109 }();
110
111 auto hash_func = params.hash_func();
112
113 BufferStuffer big_c_stuf(out_encapsulated_key);
114 const auto e_bytes = e.get().to_bytes();
115 // Compute and store ciphertext C/C_0 from spec
116 const auto big_c_0 = encode(params, e, m_key->matrix());
117 big_c_0.to_bytes(big_c_stuf.next(ceil_tobytes(big_c_0.size())));
118 if(params.is_pc()) {
119 // Compute and store ciphertext C_1 from spec
120 hash_func->update(0x02);
121 hash_func->update(e_bytes);
122 hash_func->final(big_c_stuf.next(hash_func->output_length()));
123 }
124 BOTAN_ASSERT_NOMSG(big_c_stuf.full());
125
126 // Compute K = Hash(1,e,C) from spec
127 hash_func->update(0x01);
128 hash_func->update(e_bytes);
129 hash_func->update(out_encapsulated_key);
130 hash_func->final(out_shared_key);
131 CT::unpoison_all(out_encapsulated_key, out_shared_key);
132}
Strong< secure_bitvector, struct CmceErrorVector_ > CmceErrorVector
Represents e of encapsulation.
Definition cmce_types.h:49
References BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, Botan::ceil_tobytes(), Botan::BufferStuffer::full(), Botan::detail::Strong_Base< T >::get(), Botan::BufferStuffer::next(), Botan::bitvector_base< AllocatorT >::to_bytes(), and Botan::CT::unpoison_all().
◆ raw_kem_shared_key_length()
|
inlineoverridevirtual |
Implements Botan::PK_Ops::KEM_Encryption_with_KDF.
Definition at line 33 of file cmce_encaps.h.
33{ return m_key->params().hash_out_bytes(); }
◆ shared_key_length()
|
finalvirtualinherited |
Implements Botan::PK_Ops::KEM_Encryption.
Definition at line 202 of file pk_ops.cpp.
202 {
203 if(m_kdf) {
204 return desired_shared_key_len;
205 } else {
207 }
208}
References raw_kem_shared_key_length().
The documentation for this class was generated from the following files:
- src/lib/pubkey/classic_mceliece/cmce_encaps.h
- src/lib/pubkey/classic_mceliece/cmce_encaps.cpp
Generated by
1.15.0