Botan::Kyber_KEM_Decryptor Class Referencefinal
#include <kyber_encaps.h>
Inheritance diagram for Botan::Kyber_KEM_Decryptor:
Public Member Functions | |
| size_t | encapsulated_key_length () const override |
| void | kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key, size_t desired_shared_key_len, std::span< const uint8_t > salt) final |
| Kyber_KEM_Decryptor (std::shared_ptr< const Kyber_PrivateKeyInternal > private_key, std::shared_ptr< const Kyber_PublicKeyInternal > public_key, std::string_view kdf) | |
| void | raw_kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key) final |
| size_t | raw_kem_shared_key_length () const override |
| size_t | shared_key_length (size_t desired_shared_key_len) const final |
Protected Member Functions | |
| void | decapsulate (StrongSpan< KyberSharedSecret > out_shared_key, StrongSpan< const KyberCompressedCiphertext > encapsulated_key) override |
| const KyberConstants & | mode () const override |
Detailed Description
Definition at line 36 of file kyber_encaps.h.
Constructor & Destructor Documentation
◆ Kyber_KEM_Decryptor()
|
inline |
Definition at line 38 of file kyber_encaps.h.
40 :
41 Kyber_KEM_Decryptor_Base(kdf), m_public_key(std::move(public_key)), m_private_key(std::move(private_key)) {}
Kyber_KEM_Decryptor_Base(std::string_view kdf)
Definition kyber_encaps_base.h:55
Member Function Documentation
◆ decapsulate()
|
overrideprotectedvirtual |
Crystals Kyber (Version 3.01), Algorithm 9 (Kyber.CCAKEM.Dec())
Implements Botan::Kyber_KEM_Decryptor_Base.
Definition at line 39 of file kyber_encaps.cpp.
40 {
41 const auto& sym = m_public_key->mode().symmetric_primitives();
42
43 const auto& h = m_public_key->H_public_key_bits_raw();
44 const auto& z = m_private_key->z();
45
46 const auto m_prime = m_private_key->indcpa_decrypt(Ciphertext::from_bytes(encapsulated_key, m_private_key->mode()));
47 const auto [K_bar_prime, r_prime] = sym.G(m_prime, h);
48
49 const auto c_prime = m_public_key->indcpa_encrypt(m_prime, r_prime).to_bytes();
50
52 BOTAN_ASSERT_NOMSG(encapsulated_key.size() == c_prime.size());
54 const auto reencrypt_success = CT::is_equal(encapsulated_key.data(), c_prime.data(), encapsulated_key.size());
55 CT::conditional_copy_mem(reencrypt_success, K.data(), K_bar_prime.data(), z.data(), K_bar_prime.size());
56
57 sym.KDF(out_shared_key, K, sym.H(encapsulated_key));
58}
static Ciphertext from_bytes(StrongSpan< const KyberCompressedCiphertext > buffer, const KyberConstants &mode)
Definition kyber_structures.h:561
constexpr Mask< T > conditional_copy_mem(Mask< T > mask, T *to, const T *from0, const T *from1, size_t elems)
Definition ct_utils.h:426
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:486
Strong< secure_vector< uint8_t >, struct KyberSharedSecret_ > KyberSharedSecret
Shared secret value generated during encapsulation and recovered during decapsulation.
Definition kyber_types.h:45
References BOTAN_ASSERT_NOMSG, Botan::CT::conditional_copy_mem(), Botan::StrongSpan< T >::data(), Botan::Ciphertext::from_bytes(), Botan::CT::is_equal(), Botan::KyberConstants::kSymBytes, and Botan::StrongSpan< T >::size().
◆ encapsulated_key_length()
|
inlineoverridevirtualinherited |
Implements Botan::PK_Ops::KEM_Decryption.
Definition at line 47 of file kyber_encaps_base.h.
size_t encapsulated_key_length() const
Definition kyber_constants.h:84
virtual const KyberConstants & mode() const =0
References Botan::KyberConstants::encapsulated_key_length(), and Botan::Kyber_KEM_Decryptor_Base::mode().
◆ kem_decrypt()
|
finalvirtualinherited |
Implements Botan::PK_Ops::KEM_Decryption.
Definition at line 204 of file pk_ops.cpp.
207 {
208 BOTAN_ARG_CHECK(salt.empty() || m_kdf, "PK_KEM_Decryptor::decrypt requires a KDF to use a salt");
209
210 if(m_kdf) {
211 BOTAN_ASSERT_EQUAL(
212 out_shared_key.size(), desired_shared_key_len, "KDF output length and shared key length match");
213
215 this->raw_kem_decrypt(raw_shared, encapsulated_key);
216 m_kdf->derive_key(out_shared_key, raw_shared, salt, {});
217 } else {
218 BOTAN_ASSERT_EQUAL(out_shared_key.size(), raw_kem_shared_key_length(), "Shared key has raw KEM output length");
219 this->raw_kem_decrypt(out_shared_key, encapsulated_key);
220 }
221}
virtual void raw_kem_decrypt(std::span< uint8_t > out_raw_shared_key, std::span< const uint8_t > encapsulated_key)=0
virtual size_t raw_kem_shared_key_length() const =0
References BOTAN_ARG_CHECK, and BOTAN_ASSERT_EQUAL.
◆ mode()
|
inlineoverrideprotectedvirtual |
Implements Botan::Kyber_KEM_Decryptor_Base.
Definition at line 47 of file kyber_encaps.h.
47{ return m_private_key->mode(); }
◆ raw_kem_decrypt()
|
inlinefinalvirtualinherited |
Implements Botan::PK_Ops::KEM_Decryption_with_KDF.
Definition at line 49 of file kyber_encaps_base.h.
49 {
50 decapsulate(StrongSpan<KyberSharedSecret>(out_shared_key),
51 StrongSpan<const KyberCompressedCiphertext>(encapsulated_key));
52 }
virtual void decapsulate(StrongSpan< KyberSharedSecret > out_shared_key, StrongSpan< const KyberCompressedCiphertext > encapsulated_key)=0
References Botan::Kyber_KEM_Decryptor_Base::decapsulate().
◆ raw_kem_shared_key_length()
|
inlineoverridevirtualinherited |
Implements Botan::PK_Ops::KEM_Decryption_with_KDF.
Definition at line 45 of file kyber_encaps_base.h.
size_t shared_key_length() const
Definition kyber_constants.h:88
References Botan::Kyber_KEM_Decryptor_Base::mode(), and Botan::KyberConstants::shared_key_length().
◆ shared_key_length()
|
finalvirtualinherited |
Implements Botan::PK_Ops::KEM_Decryption.
Definition at line 196 of file pk_ops.cpp.
196 {
197 if(m_kdf) {
198 return desired_shared_key_len;
199 } else {
201 }
202}
The documentation for this class was generated from the following files:
- src/lib/pubkey/kyber/kyber_round3/kyber_encaps.h
- src/lib/pubkey/kyber/kyber_round3/kyber_encaps.cpp
Generated by
1.11.0