12#include <botan/internal/kyber_keys.h>
14#include <botan/internal/kyber_symmetric_primitives.h>
15#include <botan/internal/stl_util.h>
22 if(public_key.size() != expected_length) {
53 std::make_shared<Kyber_PublicKeyInternal>(mode, std::move(pub_key)),
54 std::make_shared<Kyber_PrivateKeyInternal>(
63 BOTAN_ASSERT(keypair.first && keypair.second,
"reading private key encoding");
64 BOTAN_ARG_CHECK(keypair.first->H_public_key_bits_raw().size() == puk_key_hash.size() &&
65 std::equal(keypair.first->H_public_key_bits_raw().begin(),
66 keypair.first->H_public_key_bits_raw().end(),
67 puk_key_hash.begin()),
68 "public key's hash does not match the stored hash");
76 const auto& mode = keypair.first->mode();
79 keypair.first->public_key_bits_raw(),
80 keypair.first->H_public_key_bits_raw(),
99 const auto& seed = keypair.second->seed();
100 BOTAN_ARG_CHECK(seed.d.has_value(),
"Cannot encode keypair without the full private seed");
105 m_mode(std::move(
mode)),
106 m_public_key_bits_raw(validate_public_key_length(std::move(public_key), m_mode.public_key_bytes())),
107 m_H_public_key_bits_raw(m_mode.symmetric_primitives().H(m_public_key_bits_raw)),
109 std::span{m_public_key_bits_raw}.first(m_mode.polynomial_vector_bytes()), m_mode)),
113 m_mode(std::move(
mode)),
114 m_public_key_bits_raw(
concat(
Kyber_Algos::encode_polynomial_vector<std::vector<uint8_t>>(
t, m_mode),
rho)),
115 m_H_public_key_bits_raw(m_mode.symmetric_primitives().H(m_public_key_bits_raw)),
117 m_rho(std::move(
rho)) {}
139 auto u = inverse_ntt(At * y);
144 auto v = inverse_ntt(m_t * y);
160 v -= inverse_ntt(m_s * ntt(std::move(u)));
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_ASSERT_NONNULL(ptr)
#define BOTAN_ARG_CHECK(expr, msg)
#define BOTAN_ASSERT(expr, assertion_made)
auto copy(const size_t count)
std::span< const uint8_t > take(const size_t count)
secure_vector< uint8_t > encode_keypair(KyberInternalKeypair private_key) const override
KyberInternalKeypair decode_keypair(std::span< const uint8_t > buffer, KyberConstants mode) const override
static constexpr size_t SEED_BYTES
size_t public_key_bytes() const
byte length of an encoded public key
size_t polynomial_vector_bytes() const
byte length of an encoded polynomial vector
static constexpr size_t PUBLIC_KEY_HASH_BYTES
KyberPoly sample_polynomial_cbd_eta2()
KyberPolyVec sample_polynomial_vector_cbd_eta1()
KyberPolyVec sample_polynomial_vector_cbd_eta2()
KyberMessage indcpa_decrypt(StrongSpan< const KyberCompressedCiphertext > ct) const
const KyberPolyVecNTT & t() const
const KyberSeedRho & rho() const
void indcpa_encrypt(StrongSpan< KyberCompressedCiphertext > out_ct, StrongSpan< const KyberMessage > m, StrongSpan< const KyberEncryptionRandomness > r, const KyberPolyMat &At) const
const KyberConstants & mode() const
Kyber_PublicKeyInternal()=delete
KyberInternalKeypair decode_keypair(std::span< const uint8_t > buffer, KyberConstants mode) const override
secure_vector< uint8_t > encode_keypair(KyberInternalKeypair keypair) const override
constexpr void unpoison_all(Ts &&... ts)
constexpr auto scoped_poison(const Ts &... xs)
constexpr void unpoison(const T *p, size_t n)
void encode_polynomial_vector(std::span< uint8_t > out, const KyberPolyVecNTT &vec)
KyberMessage polynomial_to_message(const KyberPoly &p)
void compress_ciphertext(StrongSpan< KyberCompressedCiphertext > out, const KyberPolyVec &u, const KyberPoly &v, const KyberConstants &m_mode)
KyberInternalKeypair expand_keypair(KyberPrivateKeySeed seed, KyberConstants mode)
KyberPoly polynomial_from_message(StrongSpan< const KyberMessage > msg)
std::pair< KyberPolyVec, KyberPoly > decompress_ciphertext(StrongSpan< const KyberCompressedCiphertext > ct, const KyberConstants &mode)
KyberPolyVecNTT decode_polynomial_vector(std::span< const uint8_t > a, const KyberConstants &mode)
Strong< secure_vector< uint8_t >, struct KyberImplicitRejectionValue_ > KyberImplicitRejectionValue
Secret random value (called Z in the spec), used for implicit rejection in the decapsulation.
Strong< secure_vector< uint8_t >, struct KyberMessage_ > KyberMessage
Random message value to be encrypted by the CPA-secure Kyber encryption scheme.
Botan::CRYSTALS::PolynomialVector< KyberPolyTraits, Botan::CRYSTALS::Domain::NTT > KyberPolyVecNTT
Strong< secure_vector< uint8_t >, struct KyberSeedRandomness_ > KyberSeedRandomness
Principal seed used to generate Kyber key pairs.
Strong< std::vector< uint8_t >, struct KyberSeedRho_ > KyberSeedRho
Public seed value to generate the Kyber matrix A.
constexpr auto concat(Rs &&... ranges)
std::pair< std::shared_ptr< Kyber_PublicKeyInternal >, std::shared_ptr< Kyber_PrivateKeyInternal > > KyberInternalKeypair
std::vector< T, secure_allocator< T > > secure_vector
Botan::CRYSTALS::PolynomialMatrix< KyberPolyTraits > KyberPolyMat
Strong< std::vector< uint8_t >, struct KyberHashedPublicKey_ > KyberHashedPublicKey
Hash value of the serialized public key.
Strong< std::vector< uint8_t >, struct KyberSerializedPublicKey_ > KyberSerializedPublicKey
Public key in serialized form (t || rho)