Botan 3.6.0
Crypto and TLS for C&
ml_kem_impl.h
Go to the documentation of this file.
1/*
2 * Module-Lattice Key Encapsulation Mechanism (ML-KEM)
3 *
4 * (C) 2024 Jack Lloyd
5 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9
10#ifndef BOTAN_ML_KEM_IMPL_H_
11#define BOTAN_ML_KEM_IMPL_H_
12
13#include <botan/hash.h>
14#include <botan/rng.h>
15#include <botan/xof.h>
16
17#include <botan/internal/kyber_encaps_base.h>
18#include <botan/internal/kyber_keys.h>
19#include <botan/internal/kyber_symmetric_primitives.h>
20#include <botan/internal/kyber_types.h>
21
22namespace Botan {
23
24class ML_KEM_Encryptor final : public Kyber_KEM_Encryptor_Base {
25 public:
26 ML_KEM_Encryptor(std::shared_ptr<const Kyber_PublicKeyInternal> key, std::string_view kdf) :
27 Kyber_KEM_Encryptor_Base(kdf, *key), m_public_key(std::move(key)) {}
28
29 protected:
30 void encapsulate(StrongSpan<KyberCompressedCiphertext> out_encapsulated_key,
31 StrongSpan<KyberSharedSecret> out_shared_key,
32 RandomNumberGenerator& rng) override;
33
34 const KyberConstants& mode() const override { return m_public_key->mode(); }
35
36 private:
37 std::shared_ptr<const Kyber_PublicKeyInternal> m_public_key;
38};
39
40class ML_KEM_Decryptor final : public Kyber_KEM_Decryptor_Base {
41 public:
42 ML_KEM_Decryptor(std::shared_ptr<const Kyber_PrivateKeyInternal> private_key,
43 std::shared_ptr<const Kyber_PublicKeyInternal> public_key,
44 std::string_view kdf) :
45 Kyber_KEM_Decryptor_Base(kdf, *public_key),
46 m_public_key(std::move(public_key)),
47 m_private_key(std::move(private_key)) {}
48
49 protected:
50 void decapsulate(StrongSpan<KyberSharedSecret> out_shared_key,
51 StrongSpan<const KyberCompressedCiphertext> encapsulated_key) override;
52
53 const KyberConstants& mode() const override { return m_private_key->mode(); }
54
55 private:
56 std::shared_ptr<const Kyber_PublicKeyInternal> m_public_key;
57 std::shared_ptr<const Kyber_PrivateKeyInternal> m_private_key;
58};
59
60class ML_KEM_Symmetric_Primitives final : public Kyber_Symmetric_Primitives {
61 public:
62 ML_KEM_Symmetric_Primitives() :
63 m_sha3_512(HashFunction::create_or_throw("SHA-3(512)")),
64 m_sha3_256(HashFunction::create_or_throw("SHA-3(256)")),
65 m_shake256_256(HashFunction::create_or_throw("SHAKE-256(256)")),
66 m_shake128(Botan::XOF::create_or_throw("SHAKE-128")),
67 m_shake256(Botan::XOF::create_or_throw("SHAKE-256")) {}
68
69 protected:
70 std::optional<std::array<uint8_t, 1>> seed_expansion_domain_separator(const KyberConstants& mode) const override {
71 // NIST FIPS 203, Algorithm 13 (K-PKE.KeyGen)
72 // Byte 33 of the input to G is the module dimension k from {2,3,4}.
73 // This is included to establish domain separation between the three
74 // parameter sets
75 return std::array{mode.k()};
76 }
77
78 HashFunction& get_G() const override { return *m_sha3_512; }
79
80 HashFunction& get_H() const override { return *m_sha3_256; }
81
82 HashFunction& get_J() const override { return *m_shake256_256; }
83
84 HashFunction& get_KDF() const override { throw Invalid_State("ML-KEM does not support KDF()"); }
85
86 Botan::XOF& get_PRF(std::span<const uint8_t> seed, const uint8_t nonce) const override {
87 m_shake256->clear();
88 m_shake256->update(seed);
89 m_shake256->update(store_be(nonce));
90 return *m_shake256;
91 }
92
93 Botan::XOF& get_XOF(std::span<const uint8_t> seed, std::tuple<uint8_t, uint8_t> matrix_position) const override {
94 m_shake128->clear();
95 m_shake128->update(seed);
96 m_shake128->update(store_be(make_uint16(std::get<0>(matrix_position), std::get<1>(matrix_position))));
97 return *m_shake128;
98 }
99
100 private:
101 std::unique_ptr<HashFunction> m_sha3_512;
102 std::unique_ptr<HashFunction> m_sha3_256;
103 std::unique_ptr<HashFunction> m_shake256_256;
104 std::unique_ptr<Botan::XOF> m_shake128;
105 std::unique_ptr<Botan::XOF> m_shake256;
106};
107
108class ML_KEM_Expanding_Keypair_Codec final : public Kyber_Keypair_Codec {
109 public:
110 KyberInternalKeypair decode_keypair(std::span<const uint8_t> buffer, KyberConstants mode) const override;
111 secure_vector<uint8_t> encode_keypair(KyberInternalKeypair keypair) const override;
112};
113
114} // namespace Botan
115
116#endif
Botan::Invalid_State
Definition exceptn.h:206
Botan::Kyber_KEM_Decryptor_Base
Definition kyber_encaps_base.h:59
Botan::Kyber_KEM_Encryptor_Base
Definition kyber_encaps_base.h:33
Botan::Kyber_Keypair_Codec
Definition kyber_keys.h:22
Botan::Kyber_Symmetric_Primitives
Definition kyber_symmetric_primitives.h:30
Botan::ML_KEM_Decryptor
Definition ml_kem_impl.h:40
Botan::ML_KEM_Decryptor::decapsulate
void decapsulate(StrongSpan< KyberSharedSecret > out_shared_key, StrongSpan< const KyberCompressedCiphertext > encapsulated_key) override
Definition ml_kem_impl.cpp:48
Botan::ML_KEM_Decryptor::ML_KEM_Decryptor
ML_KEM_Decryptor(std::shared_ptr< const Kyber_PrivateKeyInternal > private_key, std::shared_ptr< const Kyber_PublicKeyInternal > public_key, std::string_view kdf)
Definition ml_kem_impl.h:42
Botan::ML_KEM_Decryptor::mode
const KyberConstants & mode() const override
Definition ml_kem_impl.h:53
Botan::ML_KEM_Encryptor
Definition ml_kem_impl.h:24
Botan::ML_KEM_Encryptor::encapsulate
void encapsulate(StrongSpan< KyberCompressedCiphertext > out_encapsulated_key, StrongSpan< KyberSharedSecret > out_shared_key, RandomNumberGenerator &rng) override
Definition ml_kem_impl.cpp:25
Botan::ML_KEM_Encryptor::ML_KEM_Encryptor
ML_KEM_Encryptor(std::shared_ptr< const Kyber_PublicKeyInternal > key, std::string_view kdf)
Definition ml_kem_impl.h:26
Botan::ML_KEM_Encryptor::mode
const KyberConstants & mode() const override
Definition ml_kem_impl.h:34
Botan::ML_KEM_Expanding_Keypair_Codec
Definition ml_kem_impl.h:108
Botan::ML_KEM_Expanding_Keypair_Codec::decode_keypair
KyberInternalKeypair decode_keypair(std::span< const uint8_t > buffer, KyberConstants mode) const override
Definition ml_kem_impl.cpp:71
Botan::ML_KEM_Expanding_Keypair_Codec::encode_keypair
secure_vector< uint8_t > encode_keypair(KyberInternalKeypair keypair) const override
Definition ml_kem_impl.cpp:82
Botan::ML_KEM_Symmetric_Primitives
Definition ml_kem_impl.h:60
Botan::ML_KEM_Symmetric_Primitives::seed_expansion_domain_separator
std::optional< std::array< uint8_t, 1 > > seed_expansion_domain_separator(const KyberConstants &mode) const override
Definition ml_kem_impl.h:70
Botan::ML_KEM_Symmetric_Primitives::get_PRF
Botan::XOF & get_PRF(std::span< const uint8_t > seed, const uint8_t nonce) const override
Definition ml_kem_impl.h:86
Botan::ML_KEM_Symmetric_Primitives::ML_KEM_Symmetric_Primitives
ML_KEM_Symmetric_Primitives()
Definition ml_kem_impl.h:62
Botan::ML_KEM_Symmetric_Primitives::get_J
HashFunction & get_J() const override
Definition ml_kem_impl.h:82
Botan::ML_KEM_Symmetric_Primitives::get_H
HashFunction & get_H() const override
Definition ml_kem_impl.h:80
Botan::ML_KEM_Symmetric_Primitives::get_KDF
HashFunction & get_KDF() const override
Definition ml_kem_impl.h:84
Botan::ML_KEM_Symmetric_Primitives::get_XOF
Botan::XOF & get_XOF(std::span< const uint8_t > seed, std::tuple< uint8_t, uint8_t > matrix_position) const override
Definition ml_kem_impl.h:93
Botan::ML_KEM_Symmetric_Primitives::get_G
HashFunction & get_G() const override
Definition ml_kem_impl.h:78
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
Botan::KyberInternalKeypair
std::pair< std::shared_ptr< Kyber_PublicKeyInternal >, std::shared_ptr< Kyber_PrivateKeyInternal > > KyberInternalKeypair
Definition kyber_types.h:73
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:773
Botan::make_uint16
constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition loadstor.h:88
Generated by doxygen 1.12.0