Botan 3.4.0
Crypto and TLS for C&
kex_to_kem_adapter.h
Go to the documentation of this file.
1/**
2 * Adapter that allows using a KEX key as a KEM, using an ephemeral
3 * key in the KEM encapsulation.
4 *
5 * (C) 2023 Jack Lloyd
6 * 2023 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity
7 *
8 * Botan is released under the Simplified BSD License (see license.txt)
9 */
10
11#ifndef BOTAN_TLS_13_KEX_TO_KEM_ADAPTER_H_
12#define BOTAN_TLS_13_KEX_TO_KEM_ADAPTER_H_
13
14#include <botan/pubkey.h>
15
16#include <memory>
17
18namespace Botan::TLS {
19
20/**
21 * Adapter to use a key agreement key pair (e.g. ECDH) as a key encapsulation
22 * mechanism.
23 */
24class BOTAN_TEST_API KEX_to_KEM_Adapter_PublicKey : public virtual Public_Key {
25 public:
26 KEX_to_KEM_Adapter_PublicKey(std::unique_ptr<Public_Key> public_key);
27
28 std::string algo_name() const override;
29 size_t estimated_strength() const override;
30 size_t key_length() const override;
31 bool check_key(RandomNumberGenerator& rng, bool strong) const override;
32 AlgorithmIdentifier algorithm_identifier() const override;
33 std::vector<uint8_t> public_key_bits() const override;
34 std::unique_ptr<Private_Key> generate_another(RandomNumberGenerator& rng) const final;
35
36 bool supports_operation(PublicKeyOperation op) const override;
37
38 std::unique_ptr<PK_Ops::KEM_Encryption> create_kem_encryption_op(
39 std::string_view kdf, std::string_view provider = "base") const override;
40
41 private:
42 std::unique_ptr<Public_Key> m_public_key;
43};
44
45BOTAN_DIAGNOSTIC_PUSH
46BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
47
48/**
49 * Adapter to use a key agreement key pair (e.g. ECDH) as a key encapsulation
50 * mechanism. This works by generating an ephemeral key pair during the
51 * encapsulation.
52 *
53 * The abstract interface of a key exchange mechanism (KEX) is mapped like so:
54 *
55 * * KEM-generate(rng) -> tuple[PublicKey, PrivateKey]
56 * => KEX-generate(rng) -> tuple[PublicKey, PrivateKey]
57 *
58 * * KEM-encapsulate(PublicKey, rng) -> tuple[SharedSecret, EncapsulatedSharedSecret]
59 * => eph_pk, eph_sk = KEX-generate(rng)
60 * secret = KEX-agree(eph_sk, PublicKey)
61 * [secret, eph_pk]
62 *
63 * * KEM-decapsulate(PrivateKey, EncapsulatedSharedSecret) -> SharedSecret
64 * => KEX-agree(PrivateKey, EncapsulatedSharedSecret)
65 */
66class BOTAN_TEST_API KEX_to_KEM_Adapter_PrivateKey final : public KEX_to_KEM_Adapter_PublicKey,
67 public virtual Private_Key {
68 public:
69 KEX_to_KEM_Adapter_PrivateKey(std::unique_ptr<PK_Key_Agreement_Key> private_key);
70
71 secure_vector<uint8_t> private_key_bits() const override;
72
73 std::unique_ptr<Public_Key> public_key() const override;
74
75 bool check_key(RandomNumberGenerator& rng, bool strong) const override;
76
77 std::unique_ptr<PK_Ops::KEM_Decryption> create_kem_decryption_op(
78 RandomNumberGenerator& rng, std::string_view kdf, std::string_view provider = "base") const override;
79
80 private:
81 std::unique_ptr<PK_Key_Agreement_Key> m_private_key;
82};
83
84BOTAN_DIAGNOSTIC_POP
85
86} // namespace Botan::TLS
87
88#endif
Botan::Private_Key
Definition pk_keys.h:252
Botan::Public_Key
Definition pk_keys.h:119
Botan::TLS::KEX_to_KEM_Adapter_PrivateKey
Definition kex_to_kem_adapter.h:67
Botan::TLS::KEX_to_KEM_Adapter_PublicKey
Definition kex_to_kem_adapter.h:24
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
BOTAN_DIAGNOSTIC_POP
#define BOTAN_DIAGNOSTIC_POP
Definition compiler.h:191
BOTAN_DIAGNOSTIC_PUSH
#define BOTAN_DIAGNOSTIC_PUSH
Definition compiler.h:188
BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
#define BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
Definition compiler.h:190
BOTAN_TEST_API
#define BOTAN_TEST_API
Definition compiler.h:51
Botan::PublicKeyOperation
PublicKeyOperation
Definition pk_keys.h:45
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Generated by doxygen 1.10.0