Botan 3.8.1
Crypto and TLS for C&
kex_to_kem_adapter.h
Go to the documentation of this file.
1/**
2 * Adapter that allows using a KEX key as a KEM, using an ephemeral
3 * key in the KEM encapsulation.
4 *
5 * (C) 2023 Jack Lloyd
6 * 2023,2024 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity
7 *
8 * Botan is released under the Simplified BSD License (see license.txt)
9 */
10
11#ifndef BOTAN_TLS_13_KEX_TO_KEM_ADAPTER_H_
12#define BOTAN_TLS_13_KEX_TO_KEM_ADAPTER_H_
13
14#include <botan/pubkey.h>
15
16#include <memory>
17
18namespace Botan {
19
20/**
21 * Adapter to use a key agreement key pair (e.g. ECDH) as a key encapsulation
22 * mechanism.
23 */
25 public:
26 KEX_to_KEM_Adapter_PublicKey(std::unique_ptr<Public_Key> public_key);
27
28 std::string algo_name() const override;
29 size_t estimated_strength() const override;
30 size_t key_length() const override;
31 bool check_key(RandomNumberGenerator& rng, bool strong) const override;
33 std::vector<uint8_t> raw_public_key_bits() const override;
34 std::vector<uint8_t> public_key_bits() const override;
35 std::unique_ptr<Private_Key> generate_another(RandomNumberGenerator& rng) const final;
36
37 bool supports_operation(PublicKeyOperation op) const override;
38
39 std::unique_ptr<PK_Ops::KEM_Encryption> create_kem_encryption_op(
40 std::string_view kdf, std::string_view provider = "base") const override;
41
42 private:
43 std::unique_ptr<Public_Key> m_public_key;
44};
45
48
49/**
50 * Adapter to use a key agreement key pair (e.g. ECDH) as a key encapsulation
51 * mechanism. This works by generating an ephemeral key pair during the
52 * encapsulation. The following Botan key types are supported:
53 * ECDH, DH, X25519 and X448.
54 *
55 * The abstract interface of a key exchange mechanism (KEX) is mapped like so:
56 *
57 * * KEM-generate(rng) -> tuple[PublicKey, PrivateKey]
58 * => KEX-generate(rng) -> tuple[PublicKey, PrivateKey]
59 *
60 * * KEM-encapsulate(PublicKey, rng) -> tuple[SharedSecret, EncapsulatedSharedSecret]
61 * => eph_pk, eph_sk = KEX-generate(rng)
62 * secret = KEX-agree(eph_sk, PublicKey)
63 * [secret, eph_pk]
64 *
65 * * KEM-decapsulate(PrivateKey, EncapsulatedSharedSecret) -> SharedSecret
66 * => KEX-agree(PrivateKey, EncapsulatedSharedSecret)
67 */
69 public virtual Private_Key {
70 public:
71 KEX_to_KEM_Adapter_PrivateKey(std::unique_ptr<Private_Key> private_key);
72
74
76
77 std::unique_ptr<Public_Key> public_key() const override;
78
79 bool check_key(RandomNumberGenerator& rng, bool strong) const override;
80
81 std::unique_ptr<PK_Ops::KEM_Decryption> create_kem_decryption_op(
82 RandomNumberGenerator& rng, std::string_view kdf, std::string_view provider = "base") const override;
83
84 private:
85 std::unique_ptr<PK_Key_Agreement_Key> m_private_key;
86};
87
89
90} // namespace Botan
91
92#endif
#define BOTAN_DIAGNOSTIC_POP
Definition api.h:108
#define BOTAN_DIAGNOSTIC_PUSH
Definition api.h:105
#define BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
Definition api.h:107
#define BOTAN_TEST_API
Definition api.h:39
secure_vector< uint8_t > private_key_bits() const override
std::unique_ptr< Public_Key > public_key() const override
secure_vector< uint8_t > raw_private_key_bits() const override
KEX_to_KEM_Adapter_PrivateKey(std::unique_ptr< Private_Key > private_key)
bool check_key(RandomNumberGenerator &rng, bool strong) const override
std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, std::string_view kdf, std::string_view provider="base") const override
KEX_to_KEM_Adapter_PublicKey(std::unique_ptr< Public_Key > public_key)
std::string algo_name() const override
std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(std::string_view kdf, std::string_view provider="base") const override
bool check_key(RandomNumberGenerator &rng, bool strong) const override
std::vector< uint8_t > raw_public_key_bits() const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
AlgorithmIdentifier algorithm_identifier() const override
bool supports_operation(PublicKeyOperation op) const override
std::vector< uint8_t > public_key_bits() const override
PublicKeyOperation
Definition pk_keys.h:46
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65