Botan 3.11.0
Crypto and TLS for C&
Public Member Functions | Protected Member Functions | List of all members
Botan::ML_KEM_Decryptor Class Referencefinal

#include <ml_kem_impl.h>

Inheritance diagram for Botan::ML_KEM_Decryptor:
Botan::Kyber_KEM_Decryptor_Base Botan::PK_Ops::KEM_Decryption_with_KDF Botan::Kyber_KEM_Operation_Base Botan::PK_Ops::KEM_Decryption

Public Member Functions

size_t encapsulated_key_length () const override
void kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key, size_t desired_shared_key_len, std::span< const uint8_t > salt) final
 ML_KEM_Decryptor (std::shared_ptr< const Kyber_PrivateKeyInternal > private_key, std::shared_ptr< const Kyber_PublicKeyInternal > public_key, std::string_view kdf)
void raw_kem_decrypt (std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key) final
size_t raw_kem_shared_key_length () const override
size_t shared_key_length (size_t desired_shared_key_len) const final

Protected Member Functions

void decapsulate (StrongSpan< KyberSharedSecret > out_shared_key, StrongSpan< const KyberCompressedCiphertext > encapsulated_key) override
const KyberConstantsmode () const
const KyberPolyMatprecomputed_matrix_At () const

Detailed Description

Definition at line 39 of file ml_kem_impl.h.

Constructor & Destructor Documentation

◆ ML_KEM_Decryptor()

Botan::ML_KEM_Decryptor::ML_KEM_Decryptor ( std::shared_ptr< const Kyber_PrivateKeyInternal > private_key,
std::shared_ptr< const Kyber_PublicKeyInternal > public_key,
std::string_view kdf )
inline

Definition at line 41 of file ml_kem_impl.h.

43 :
44 Kyber_KEM_Decryptor_Base(kdf, *public_key),
45 m_public_key(std::move(public_key)),
46 m_private_key(std::move(private_key)) {}
Botan::Kyber_KEM_Decryptor_Base::Kyber_KEM_Decryptor_Base
Kyber_KEM_Decryptor_Base(std::string_view kdf, const Kyber_PublicKeyInternal &pk)
Definition kyber_encaps_base.h:73

References Botan::Kyber_KEM_Decryptor_Base::Kyber_KEM_Decryptor_Base().

Member Function Documentation

◆ decapsulate()

void Botan::ML_KEM_Decryptor::decapsulate ( StrongSpan< KyberSharedSecret > out_shared_key,
StrongSpan< const KyberCompressedCiphertext > c )
overrideprotectedvirtual

NIST FIPS 203, Algorithm 18 (ML-KEM.Decaps_internal) and 21 (ML-KEM.Decaps)

The public and private keys are readily available as member variables and don't need to be decoded. The checks stated in FIPS 203, Section 7.3 are performed before decoding the keys and the ciphertext.

Implements Botan::Kyber_KEM_Decryptor_Base.

Definition at line 47 of file ml_kem_impl.cpp.

48 {
49 auto scope = CT::scoped_poison(*m_private_key);
50
51 const auto& sym = mode().symmetric_primitives();
52
53 const auto& h = m_public_key->H_public_key_bits_raw();
54 const auto& z = m_private_key->z();
55
56 const auto m_prime = m_private_key->indcpa_decrypt(c);
57 const auto [K_prime, r_prime] = sym.G(m_prime, h);
58
59 const auto K_bar = sym.J(z, c);
60 const auto c_prime = m_public_key->indcpa_encrypt(m_prime, r_prime, precomputed_matrix_At(), mode());
61
62 BOTAN_ASSERT_NOMSG(c.size() == c_prime.size());
63 BOTAN_ASSERT_NOMSG(K_prime.size() == K_bar.size() && out_shared_key.size() == K_bar.size());
64 const auto reencrypt_success = CT::is_equal<uint8_t>(c, c_prime);
65 CT::conditional_copy_mem(reencrypt_success, out_shared_key.data(), K_prime.data(), K_bar.data(), K_prime.size());
66
67 CT::unpoison(out_shared_key);
68}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::KyberConstants::symmetric_primitives
Kyber_Symmetric_Primitives & symmetric_primitives() const
Definition kyber_constants.h:125
Botan::Kyber_KEM_Operation_Base::precomputed_matrix_At
const KyberPolyMat & precomputed_matrix_At() const
Definition kyber_encaps_base.h:25
Botan::Kyber_KEM_Operation_Base::mode
const KyberConstants & mode() const
Definition kyber_encaps_base.h:23
Botan::Kyber_Symmetric_Primitives::G
std::pair< KyberSeedRho, KyberSeedSigma > G(StrongSpan< const KyberSeedRandomness > seed, const KyberConstants &mode) const
Definition kyber_symmetric_primitives.h:44
Botan::CT::conditional_copy_mem
constexpr Mask< T > conditional_copy_mem(Mask< T > mask, T *dest, const T *if_set, const T *if_unset, size_t elems)
Definition ct_utils.h:732
Botan::CT::scoped_poison
constexpr auto scoped_poison(const Ts &... xs)
Definition ct_utils.h:222
Botan::CT::is_equal
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:798
Botan::CT::unpoison
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:67

References BOTAN_ASSERT_NOMSG, Botan::CT::conditional_copy_mem(), Botan::StrongSpan< T >::data(), Botan::Kyber_Symmetric_Primitives::G(), Botan::CT::is_equal(), Botan::Kyber_KEM_Operation_Base::mode(), Botan::Kyber_KEM_Operation_Base::precomputed_matrix_At(), Botan::CT::scoped_poison(), Botan::StrongSpan< T >::size(), Botan::KyberConstants::symmetric_primitives(), and Botan::CT::unpoison().

◆ encapsulated_key_length()

size_t Botan::Kyber_KEM_Decryptor_Base::encapsulated_key_length ( ) const
inlineoverridevirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 65 of file kyber_encaps_base.h.

65{ return mode().ciphertext_bytes(); }
Botan::KyberConstants::ciphertext_bytes
size_t ciphertext_bytes() const
byte length of an encoded ciphertext
Definition kyber_constants.h:108

References Botan::KyberConstants::ciphertext_bytes(), and Botan::Kyber_KEM_Operation_Base::mode().

◆ kem_decrypt()

void Botan::PK_Ops::KEM_Decryption_with_KDF::kem_decrypt ( std::span< uint8_t > out_shared_key,
std::span< const uint8_t > encapsulated_key,
size_t desired_shared_key_len,
std::span< const uint8_t > salt )
finalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 247 of file pk_ops.cpp.

250 {
251 BOTAN_ARG_CHECK(salt.empty() || m_kdf, "PK_KEM_Decryptor::decrypt requires a KDF to use a salt");
252
253 if(m_kdf) {
254 BOTAN_ASSERT_EQUAL(
255 out_shared_key.size(), desired_shared_key_len, "KDF output length and shared key length match");
256
257 secure_vector<uint8_t> raw_shared(raw_kem_shared_key_length());
258 this->raw_kem_decrypt(raw_shared, encapsulated_key);
259 m_kdf->derive_key(out_shared_key, raw_shared, salt, {});
260 } else {
261 BOTAN_ASSERT_EQUAL(out_shared_key.size(), raw_kem_shared_key_length(), "Shared key has raw KEM output length");
262 this->raw_kem_decrypt(out_shared_key, encapsulated_key);
263 }
264}
BOTAN_ASSERT_EQUAL
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition assert.h:88
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::PK_Ops::KEM_Decryption_with_KDF::raw_kem_decrypt
virtual void raw_kem_decrypt(std::span< uint8_t > out_raw_shared_key, std::span< const uint8_t > encapsulated_key)=0
Botan::PK_Ops::KEM_Decryption_with_KDF::raw_kem_shared_key_length
virtual size_t raw_kem_shared_key_length() const =0
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

References BOTAN_ARG_CHECK, BOTAN_ASSERT_EQUAL, raw_kem_decrypt(), and raw_kem_shared_key_length().

◆ mode()

const KyberConstants & Botan::Kyber_KEM_Operation_Base::mode ( ) const
inlineprotectedinherited

Definition at line 23 of file kyber_encaps_base.h.

23{ return m_mode; }

Referenced by Botan::Kyber_KEM_Decryptor::decapsulate(), Botan::ML_KEM_Decryptor::decapsulate(), Botan::Kyber_KEM_Encryptor::encapsulate(), Botan::ML_KEM_Encryptor::encapsulate(), Botan::Kyber_KEM_Decryptor_Base::encapsulated_key_length(), Botan::Kyber_KEM_Encryptor_Base::encapsulated_key_length(), Kyber_KEM_Operation_Base(), Botan::Kyber_KEM_Decryptor_Base::raw_kem_shared_key_length(), and Botan::Kyber_KEM_Encryptor_Base::raw_kem_shared_key_length().

◆ precomputed_matrix_At()

const KyberPolyMat & Botan::Kyber_KEM_Operation_Base::precomputed_matrix_At ( ) const
inlineprotectedinherited

Definition at line 25 of file kyber_encaps_base.h.

25{ return m_At; }

Referenced by Botan::Kyber_KEM_Decryptor::decapsulate(), Botan::ML_KEM_Decryptor::decapsulate(), Botan::Kyber_KEM_Encryptor::encapsulate(), and Botan::ML_KEM_Encryptor::encapsulate().

◆ raw_kem_decrypt()

void Botan::Kyber_KEM_Decryptor_Base::raw_kem_decrypt ( std::span< uint8_t > out_shared_key,
std::span< const uint8_t > encapsulated_key )
inlinefinalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption_with_KDF.

Definition at line 67 of file kyber_encaps_base.h.

67 {
68 decapsulate(StrongSpan<KyberSharedSecret>(out_shared_key),
69 StrongSpan<const KyberCompressedCiphertext>(encapsulated_key));
70 }
Botan::Kyber_KEM_Decryptor_Base::decapsulate
virtual void decapsulate(StrongSpan< KyberSharedSecret > out_shared_key, StrongSpan< const KyberCompressedCiphertext > encapsulated_key)=0

References decapsulate().

◆ raw_kem_shared_key_length()

size_t Botan::Kyber_KEM_Decryptor_Base::raw_kem_shared_key_length ( ) const
inlineoverridevirtualinherited

Implements Botan::PK_Ops::KEM_Decryption_with_KDF.

Definition at line 63 of file kyber_encaps_base.h.

63{ return mode().shared_key_bytes(); }
Botan::KyberConstants::shared_key_bytes
constexpr size_t shared_key_bytes() const
byte length of the shared key
Definition kyber_constants.h:111

References Botan::Kyber_KEM_Operation_Base::mode(), and Botan::KyberConstants::shared_key_bytes().

◆ shared_key_length()

size_t Botan::PK_Ops::KEM_Decryption_with_KDF::shared_key_length ( size_t desired_shared_key_len) const
finalvirtualinherited

Implements Botan::PK_Ops::KEM_Decryption.

Definition at line 239 of file pk_ops.cpp.

239 {
240 if(m_kdf) {
241 return desired_shared_key_len;
242 } else {
243 return this->raw_kem_shared_key_length();
244 }
245}

References raw_kem_shared_key_length().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0