Botan 3.6.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Kyber_Expanded_Keypair_Codec Class Referencefinal

#include <kyber_round3_impl.h>

Inheritance diagram for Botan::Kyber_Expanded_Keypair_Codec:
Botan::Kyber_Keypair_Codec

Public Member Functions

KyberInternalKeypair decode_keypair (std::span< const uint8_t > buffer, KyberConstants mode) const override
 
secure_vector< uint8_t > encode_keypair (KyberInternalKeypair private_key) const override
 

Detailed Description

Definition at line 56 of file kyber_round3_impl.h.

Member Function Documentation

◆ decode_keypair()

KyberInternalKeypair Botan::Kyber_Expanded_Keypair_Codec::decode_keypair ( std::span< const uint8_t > sk,
KyberConstants mode ) const
overridevirtual

Key decoding as specified in Crystals Kyber (Version 3.01), Algorithms 4 (CPAPKE.KeyGen()), and 7 (CCAKEM.KeyGen())

Public Key: pk := (encode(t) || rho) Secret Key: sk' := encode(s)

Expanded Secret Key: sk := (sk' || pk || H(pk) || z)

Implements Botan::Kyber_Keypair_Codec.

Definition at line 74 of file kyber_round3_impl.cpp.

75 {
76 auto scope = CT::scoped_poison(sk);
77 BufferSlicer s(sk);
78
79 auto skpv = Kyber_Algos::decode_polynomial_vector(s.take(mode.polynomial_vector_bytes()), mode);
80 auto pub_key = s.copy<KyberSerializedPublicKey>(mode.public_key_bytes());
81 auto puk_key_hash = s.take<KyberHashedPublicKey>(KyberConstants::PUBLIC_KEY_HASH_BYTES);
82 auto z = s.copy<KyberImplicitRejectionValue>(KyberConstants::SEED_BYTES);
83
84 BOTAN_ASSERT_NOMSG(s.empty());
85
86 CT::unpoison_all(pub_key, puk_key_hash, skpv, z);
87
88 KyberInternalKeypair keypair{
89 std::make_shared<Kyber_PublicKeyInternal>(mode, std::move(pub_key)),
90 std::make_shared<Kyber_PrivateKeyInternal>(
91 std::move(mode),
92 std::move(skpv),
93 KyberPrivateKeySeed{std::nullopt, // Reading from an expanded and encoded
94 // private key cannot reconstruct the
95 // original seed from key generation.
96 std::move(z)}),
97 };
98
99 BOTAN_ASSERT(keypair.first && keypair.second, "reading private key encoding");
100 BOTAN_ARG_CHECK(keypair.first->H_public_key_bits_raw().size() == puk_key_hash.size() &&
101 std::equal(keypair.first->H_public_key_bits_raw().begin(),
102 keypair.first->H_public_key_bits_raw().end(),
103 puk_key_hash.begin()),
104 "public key's hash does not match the stored hash");
105
106 return keypair;
107}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
Botan::KyberConstants::SEED_BYTES
static constexpr size_t SEED_BYTES
Definition kyber_constants.h:43
Botan::KyberConstants::PUBLIC_KEY_HASH_BYTES
static constexpr size_t PUBLIC_KEY_HASH_BYTES
Definition kyber_constants.h:44
Botan::CT::unpoison_all
constexpr void unpoison_all(Ts &&... ts)
Definition ct_utils.h:201
Botan::CT::scoped_poison
constexpr auto scoped_poison(const Ts &... xs)
Definition ct_utils.h:216
Botan::Kyber_Algos::decode_polynomial_vector
KyberPolyVecNTT decode_polynomial_vector(std::span< const uint8_t > a, const KyberConstants &mode)
Definition kyber_algos.cpp:192
Botan::KyberImplicitRejectionValue
Strong< secure_vector< uint8_t >, struct KyberImplicitRejectionValue_ > KyberImplicitRejectionValue
Secret random value (called Z in the spec), used for implicit rejection in the decapsulation.
Definition kyber_types.h:42
Botan::KyberInternalKeypair
std::pair< std::shared_ptr< Kyber_PublicKeyInternal >, std::shared_ptr< Kyber_PrivateKeyInternal > > KyberInternalKeypair
Definition kyber_types.h:73
Botan::KyberHashedPublicKey
Strong< std::vector< uint8_t >, struct KyberHashedPublicKey_ > KyberHashedPublicKey
Hash value of the serialized public key.
Definition kyber_types.h:60
Botan::KyberSerializedPublicKey
Strong< std::vector< uint8_t >, struct KyberSerializedPublicKey_ > KyberSerializedPublicKey
Public key in serialized form (t || rho)
Definition kyber_types.h:57

References BOTAN_ARG_CHECK, BOTAN_ASSERT, BOTAN_ASSERT_NOMSG, Botan::BufferSlicer::copy(), Botan::Kyber_Algos::decode_polynomial_vector(), Botan::BufferSlicer::empty(), Botan::KyberConstants::polynomial_vector_bytes(), Botan::KyberConstants::public_key_bytes(), Botan::KyberConstants::PUBLIC_KEY_HASH_BYTES, Botan::CT::scoped_poison(), Botan::KyberConstants::SEED_BYTES, Botan::BufferSlicer::take(), and Botan::CT::unpoison_all().

◆ encode_keypair()

secure_vector< uint8_t > Botan::Kyber_Expanded_Keypair_Codec::encode_keypair ( KyberInternalKeypair private_key) const
overridevirtual

Implements Botan::Kyber_Keypair_Codec.

Definition at line 109 of file kyber_round3_impl.cpp.

109 {
110 BOTAN_ASSERT_NONNULL(keypair.first);
111 BOTAN_ASSERT_NONNULL(keypair.second);
112 const auto& mode = keypair.first->mode();
113 auto scope = CT::scoped_poison(*keypair.second);
114 auto result = concat(Kyber_Algos::encode_polynomial_vector(keypair.second->s().reduce(), mode),
115 keypair.first->public_key_bits_raw(),
116 keypair.first->H_public_key_bits_raw(),
117 keypair.second->z());
118 CT::unpoison(result);
119 return result;
120}
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86
Botan::CT::unpoison
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:64
Botan::Kyber_Algos::encode_polynomial_vector
void encode_polynomial_vector(std::span< uint8_t > out, const KyberPolyVecNTT &vec)
Definition kyber_algos.cpp:184
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:263

References BOTAN_ASSERT_NONNULL, Botan::concat(), Botan::Kyber_Algos::encode_polynomial_vector(), Botan::CT::scoped_poison(), and Botan::CT::unpoison().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0