#include <ml_kem_impl.h>

Inheritance diagram for Botan::ML_KEM_Encryptor:

Public Member Functions
size_t	encapsulated_key_length () const override

void	kem_encrypt (std::span< uint8_t > out_encapsulated_key, std::span< uint8_t > out_shared_key, RandomNumberGenerator &rng, size_t desired_shared_key_len, std::span< const uint8_t > salt) final

	ML_KEM_Encryptor (std::shared_ptr< const Kyber_PublicKeyInternal > key, std::string_view kdf)

void	raw_kem_encrypt (std::span< uint8_t > out_encapsulated_key, std::span< uint8_t > out_shared_key, RandomNumberGenerator &rng) final

size_t	raw_kem_shared_key_length () const override

size_t	shared_key_length (size_t desired_shared_key_len) const final

Protected Member Functions
void	encapsulate (StrongSpan< KyberCompressedCiphertext > out_encapsulated_key, StrongSpan< KyberSharedSecret > out_shared_key, RandomNumberGenerator &rng) override

const KyberConstants &	mode () const override

const KyberPolyMat &	precomputed_matrix_At () const

Detailed Description

Definition at line 24 of file ml_kem_impl.h.

Constructor & Destructor Documentation

◆ ML_KEM_Encryptor()

Botan::ML_KEM_Encryptor::ML_KEM_Encryptor	(	std::shared_ptr< const Kyber_PublicKeyInternal >	key,
		std::string_view	kdf )

inline

Definition at line 26 of file ml_kem_impl.h.

26 :

27 Kyber_KEM_Encryptor_Base(kdf, *key), m_public_key(std::move(key)) {}

Botan::Kyber_KEM_Encryptor_Base::Kyber_KEM_Encryptor_Base

Kyber_KEM_Encryptor_Base(std::string_view kdf, const Kyber_PublicKeyInternal &pk)

Definition kyber_encaps_base.h:48

Member Function Documentation

◆ encapsulate()

void Botan::ML_KEM_Encryptor::encapsulate	(	StrongSpan< KyberCompressedCiphertext >	out_encapsulated_key,
		StrongSpan< KyberSharedSecret >	out_shared_key,
		RandomNumberGenerator &	rng )

overrideprotectedvirtual

NIST FIPS 203, Algorithm 17 (ML-KEM.Encaps_internal), and 20 (ML-KEM.Encaps)

Generation of the random value is inlined with its usage. The public matrix A^T as well as H(pk) are precomputed and readily available.

Implements Botan::Kyber_KEM_Encryptor_Base.

Definition at line 25 of file ml_kem_impl.cpp.

                                                               {
   const auto& sym = m_public_key->mode().symmetric_primitives();
 
   const auto m = rng.random_vec<KyberMessage>(KyberConstants::SEED_BYTES);
   auto scope = CT::scoped_poison(m);
 
   const auto [K, r] = sym.G(m, m_public_key->H_public_key_bits_raw());
   m_public_key->indcpa_encrypt(out_encapsulated_key, m, r, precomputed_matrix_At());
 
   // TODO: avoid this copy by letting sym.G() directly write to the span.
   copy_mem(out_shared_key, K);
   CT::unpoison_all(out_shared_key, out_encapsulated_key);
}

References Botan::copy_mem(), Botan::Kyber_KEM_Operation_Base::precomputed_matrix_At(), Botan::RandomNumberGenerator::random_vec(), Botan::CT::scoped_poison(), Botan::KyberConstants::SEED_BYTES, and Botan::CT::unpoison_all().

◆ encapsulated_key_length()

size_t Botan::Kyber_KEM_Encryptor_Base::encapsulated_key_length ( ) const

inlineoverridevirtualinherited

Implements Botan::PK_Ops::KEM_Encryption.

Definition at line 37 of file kyber_encaps_base.h.

37{ return mode().ciphertext_bytes(); }

Botan::KyberConstants::ciphertext_bytes

size_t ciphertext_bytes() const

byte length of an encoded ciphertext

Definition kyber_constants.h:105

Botan::Kyber_KEM_Encryptor_Base::mode

virtual const KyberConstants & mode() const =0

References Botan::KyberConstants::ciphertext_bytes(), and Botan::Kyber_KEM_Encryptor_Base::mode().

◆ kem_encrypt()

void Botan::PK_Ops::KEM_Encryption_with_KDF::kem_encrypt	(	std::span< uint8_t >	out_encapsulated_key,
		std::span< uint8_t >	out_shared_key,
		RandomNumberGenerator &	rng,
		size_t	desired_shared_key_len,
		std::span< const uint8_t >	salt )

finalvirtualinherited

Implements Botan::PK_Ops::KEM_Encryption.

Definition at line 184 of file pk_ops.cpp.

                                                                               {
   BOTAN_ARG_CHECK(salt.empty() || m_kdf, "PK_KEM_Encryptor::encrypt requires a KDF to use a salt");
   BOTAN_ASSERT_NOMSG(out_encapsulated_key.size() == encapsulated_key_length());
 
   if(m_kdf) {
      BOTAN_ASSERT_EQUAL(
         out_shared_key.size(), desired_shared_key_len, "KDF output length and shared key length match");
 
      secure_vector<uint8_t> raw_shared(raw_kem_shared_key_length());
      this->raw_kem_encrypt(out_encapsulated_key, raw_shared, rng);
      m_kdf->derive_key(out_shared_key, raw_shared, salt, {});
   } else {
      BOTAN_ASSERT_EQUAL(out_shared_key.size(), raw_kem_shared_key_length(), "Shared key has raw KEM output length");
      this->raw_kem_encrypt(out_encapsulated_key, out_shared_key, rng);
   }
}

References BOTAN_ARG_CHECK, BOTAN_ASSERT_EQUAL, and BOTAN_ASSERT_NOMSG.

◆ mode()

const KyberConstants & Botan::ML_KEM_Encryptor::mode ( ) const

inlineoverrideprotectedvirtual

Implements Botan::Kyber_KEM_Encryptor_Base.

Definition at line 34 of file ml_kem_impl.h.

34{ return m_public_key->mode(); }

◆ precomputed_matrix_At()

const KyberPolyMat & Botan::Kyber_KEM_Operation_Base::precomputed_matrix_At ( ) const

inlineprotectedinherited

Definition at line 23 of file kyber_encaps_base.h.

23{ return m_At; }

Referenced by Botan::Kyber_KEM_Decryptor::decapsulate(), Botan::ML_KEM_Decryptor::decapsulate(), Botan::Kyber_KEM_Encryptor::encapsulate(), and encapsulate().

◆ raw_kem_encrypt()

void Botan::Kyber_KEM_Encryptor_Base::raw_kem_encrypt	(	std::span< uint8_t >	out_encapsulated_key,
		std::span< uint8_t >	out_shared_key,
		RandomNumberGenerator &	rng )

inlinefinalvirtualinherited

Implements Botan::PK_Ops::KEM_Encryption_with_KDF.

Definition at line 39 of file kyber_encaps_base.h.

                                                             {
         encapsulate(StrongSpan<KyberCompressedCiphertext>(out_encapsulated_key),
                     StrongSpan<KyberSharedSecret>(out_shared_key),
                     rng);
      }

References Botan::Kyber_KEM_Encryptor_Base::encapsulate().

◆ raw_kem_shared_key_length()

size_t Botan::Kyber_KEM_Encryptor_Base::raw_kem_shared_key_length ( ) const

inlineoverridevirtualinherited

Implements Botan::PK_Ops::KEM_Encryption_with_KDF.

Definition at line 35 of file kyber_encaps_base.h.

35{ return mode().shared_key_bytes(); }

Botan::KyberConstants::shared_key_bytes

constexpr size_t shared_key_bytes() const

byte length of the shared key

Definition kyber_constants.h:108

References Botan::Kyber_KEM_Encryptor_Base::mode(), and Botan::KyberConstants::shared_key_bytes().

◆ shared_key_length()

size_t Botan::PK_Ops::KEM_Encryption_with_KDF::shared_key_length ( size_t desired_shared_key_len ) const

finalvirtualinherited

Implements Botan::PK_Ops::KEM_Encryption.

Definition at line 176 of file pk_ops.cpp.

                                                                                           {
   if(m_kdf) {
      return desired_shared_key_len;
   } else {
      return this->raw_kem_shared_key_length();
   }
}

The documentation for this class was generated from the following files:

src/lib/pubkey/kyber/ml_kem/ml_kem_impl.h
src/lib/pubkey/kyber/ml_kem/ml_kem_impl.cpp

Public Member Functions

Protected Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ ML_KEM_Encryptor()

Member Function Documentation

◆ encapsulate()

◆ encapsulated_key_length()

◆ kem_encrypt()

◆ mode()

◆ precomputed_matrix_At()

◆ raw_kem_encrypt()

◆ raw_kem_shared_key_length()

◆ shared_key_length()