doxygen/hybrid__kem__ops_8cpp_source.html

/**

* Abstraction for a combined KEM encryptors and decryptors.

*

* (C) 2024 Jack Lloyd

*     2024 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity

*

* Botan is released under the Simplified BSD License (see license.txt)

*/

#include <botan/internal/hybrid_kem_ops.h>


#include <botan/internal/stl_util.h>


namespace Botan {


KEM_Encryption_with_Combiner::KEM_Encryption_with_Combiner(const std::vector<std::unique_ptr<Public_Key>>& public_keys,

                                                           std::string_view provider) :

      m_encapsulated_key_length(0) {

   m_encryptors.reserve(public_keys.size());

   for(const auto& pk : public_keys) {

      const auto& newenc = m_encryptors.emplace_back(*pk, "Raw", provider);

      m_encapsulated_key_length += newenc.encapsulated_key_length();

   }

}


void KEM_Encryption_with_Combiner::kem_encrypt(std::span<uint8_t> out_encapsulated_key,

                                               std::span<uint8_t> out_shared_key,

                                               RandomNumberGenerator& rng,

                                               size_t desired_shared_key_len,

                                               std::span<const uint8_t> salt) {

   BOTAN_ARG_CHECK(out_encapsulated_key.size() == encapsulated_key_length(),

                   "Encapsulated key output buffer has wrong size");

   BOTAN_ARG_CHECK(out_shared_key.size() == shared_key_length(desired_shared_key_len),

                   "Shared key output buffer has wrong size");


   std::vector<secure_vector<uint8_t>> shared_secrets;

   shared_secrets.reserve(m_encryptors.size());


   std::vector<std::vector<uint8_t>> ciphertexts;

   ciphertexts.reserve(m_encryptors.size());


   for(auto& encryptor : m_encryptors) {

      auto [ct, ss] = KEM_Encapsulation::destructure(encryptor.encrypt(rng, 0 /* no KDF */));

      shared_secrets.push_back(std::move(ss));

      ciphertexts.push_back(std::move(ct));

   }

   combine_ciphertexts(out_encapsulated_key, ciphertexts, salt);

   combine_shared_secrets(out_shared_key, shared_secrets, ciphertexts, desired_shared_key_len, salt);

}


void KEM_Encryption_with_Combiner::combine_ciphertexts(std::span<uint8_t> out_ciphertext,

                                                       const std::vector<std::vector<uint8_t>>& ciphertexts,

                                                       std::span<const uint8_t> salt) {

   BOTAN_ARG_CHECK(salt.empty(), "Salt not supported by this KEM");

   BOTAN_ARG_CHECK(ciphertexts.size() == m_encryptors.size(), "Invalid number of ciphertexts");

   BOTAN_ARG_CHECK(out_ciphertext.size() == encapsulated_key_length(), "Invalid output buffer size");

   BufferStuffer ct_stuffer(out_ciphertext);

   for(size_t idx = 0; idx < ciphertexts.size(); idx++) {

      BOTAN_ARG_CHECK(ciphertexts.at(idx).size() == m_encryptors.at(idx).encapsulated_key_length(),

                      "Invalid ciphertext length");

      ct_stuffer.append(ciphertexts.at(idx));

   }

   BOTAN_ASSERT_NOMSG(ct_stuffer.full());

}


KEM_Decryption_with_Combiner::KEM_Decryption_with_Combiner(

   const std::vector<std::unique_ptr<Private_Key>>& private_keys,

   RandomNumberGenerator& rng,

   std::string_view provider) :

      m_encapsulated_key_length(0) {

   m_decryptors.reserve(private_keys.size());

   for(const auto& sk : private_keys) {

      const auto& newenc = m_decryptors.emplace_back(*sk, rng, "Raw", provider);

      m_encapsulated_key_length += newenc.encapsulated_key_length();

   }

}


void KEM_Decryption_with_Combiner::kem_decrypt(std::span<uint8_t> out_shared_key,

                                               std::span<const uint8_t> encapsulated_key,

                                               size_t desired_shared_key_len,

                                               std::span<const uint8_t> salt) {

   BOTAN_ARG_CHECK(encapsulated_key.size() == encapsulated_key_length(), "Invalid encapsulated key length");

   BOTAN_ARG_CHECK(out_shared_key.size() == shared_key_length(desired_shared_key_len), "Invalid output buffer size");


   std::vector<secure_vector<uint8_t>> shared_secrets;

   shared_secrets.reserve(m_decryptors.size());

   auto ciphertexts = split_ciphertexts(encapsulated_key);

   BOTAN_ASSERT(ciphertexts.size() == m_decryptors.size(), "Correct number of ciphertexts");


   for(size_t idx = 0; idx < m_decryptors.size(); idx++) {

      shared_secrets.push_back(m_decryptors.at(idx).decrypt(ciphertexts.at(idx), 0 /* no KDF */));

   }


   combine_shared_secrets(out_shared_key, shared_secrets, ciphertexts, desired_shared_key_len, salt);

}


std::vector<std::vector<uint8_t>> KEM_Decryption_with_Combiner::split_ciphertexts(

   std::span<const uint8_t> concat_ciphertext) {

   BOTAN_ARG_CHECK(concat_ciphertext.size() == encapsulated_key_length(), "Wrong ciphertext length");

   std::vector<std::vector<uint8_t>> ciphertexts;

   ciphertexts.reserve(m_decryptors.size());

   BufferSlicer ct_slicer(concat_ciphertext);

   for(const auto& decryptor : m_decryptors) {

      ciphertexts.push_back(ct_slicer.copy_as_vector(decryptor.encapsulated_key_length()));

   }

   BOTAN_ASSERT_NOMSG(ct_slicer.empty());

   return ciphertexts;

}


}  // namespace Botan

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:61

BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:31

BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:52

Botan::BufferSlicer
Definition stl_util.h:85

Botan::BufferSlicer::empty
bool empty() const
Definition stl_util.h:130

Botan::BufferSlicer::copy_as_vector
auto copy_as_vector(const size_t count)
Definition stl_util.h:95

Botan::BufferStuffer
Helper class to ease in-place marshalling of concatenated fixed-length values.
Definition stl_util.h:143

Botan::BufferStuffer::append
constexpr void append(std::span< const uint8_t > buffer)
Definition stl_util.h:178

Botan::BufferStuffer::full
constexpr bool full() const
Definition stl_util.h:188

Botan::KEM_Decryption_with_Combiner::kem_decrypt
void kem_decrypt(std::span< uint8_t > out_shared_key, std::span< const uint8_t > encapsulated_key, size_t desired_shared_key_len, std::span< const uint8_t > salt) final
Definition hybrid_kem_ops.cpp:77

Botan::KEM_Decryption_with_Combiner::KEM_Decryption_with_Combiner
KEM_Decryption_with_Combiner(const std::vector< std::unique_ptr< Private_Key > > &private_keys, RandomNumberGenerator &rng, std::string_view provider)
Definition hybrid_kem_ops.cpp:65

Botan::KEM_Decryption_with_Combiner::encapsulated_key_length
size_t encapsulated_key_length() const override
The default implementation returns the sum of the encapsulated key lengths of the underlying KEMs.
Definition hybrid_kem_ops.h:103

Botan::KEM_Decryption_with_Combiner::combine_shared_secrets
virtual void combine_shared_secrets(std::span< uint8_t > out_shared_secret, const std::vector< secure_vector< uint8_t > > &shared_secrets, const std::vector< std::vector< uint8_t > > &ciphertexts, size_t desired_shared_key_len, std::span< const uint8_t > salt)=0
Describes how the shared secrets are combined to derive the final shared secret.

Botan::KEM_Decryption_with_Combiner::split_ciphertexts
virtual std::vector< std::vector< uint8_t > > split_ciphertexts(std::span< const uint8_t > concat_ciphertext)
Defines how the individual ciphertexts are extracted from the combined ciphertext.
Definition hybrid_kem_ops.cpp:96

Botan::KEM_Encapsulation::destructure
static std::pair< std::vector< uint8_t >, secure_vector< uint8_t > > destructure(KEM_Encapsulation &&kem)
Definition pubkey.h:569

Botan::KEM_Encryption_with_Combiner::KEM_Encryption_with_Combiner
KEM_Encryption_with_Combiner(const std::vector< std::unique_ptr< Public_Key > > &public_keys, std::string_view provider)
Definition hybrid_kem_ops.cpp:15

Botan::KEM_Encryption_with_Combiner::combine_ciphertexts
virtual void combine_ciphertexts(std::span< uint8_t > out_ciphertext, const std::vector< std::vector< uint8_t > > &ciphertexts, std::span< const uint8_t > salt)
Defines how multiple ciphertexts are combined into a single ciphertext.
Definition hybrid_kem_ops.cpp:50

Botan::KEM_Encryption_with_Combiner::kem_encrypt
void kem_encrypt(std::span< uint8_t > out_encapsulated_key, std::span< uint8_t > out_shared_key, RandomNumberGenerator &rng, size_t desired_shared_key_len, std::span< const uint8_t > salt) final
Definition hybrid_kem_ops.cpp:25

Botan::KEM_Encryption_with_Combiner::encapsulated_key_length
size_t encapsulated_key_length() const override
The default implementation returns the sum of the encapsulated key lengths of the underlying KEMs.
Definition hybrid_kem_ops.h:43

Botan::KEM_Encryption_with_Combiner::combine_shared_secrets
virtual void combine_shared_secrets(std::span< uint8_t > out_shared_secret, const std::vector< secure_vector< uint8_t > > &shared_secrets, const std::vector< std::vector< uint8_t > > &ciphertexts, size_t desired_shared_key_len, std::span< const uint8_t > salt)=0
Describes how the shared secrets are combined to derive the final shared secret.

Botan::PK_Ops::KEM_Decryption::shared_key_length
virtual size_t shared_key_length(size_t desired_shared_key_len) const =0

Botan::PK_Ops::KEM_Encryption::shared_key_length
virtual size_t shared_key_length(size_t desired_shared_key_len) const =0

Botan::RandomNumberGenerator
Definition rng.h:30

Botan
Definition alg_id.cpp:13