Leancrypto 1.6.0
Post-Quantum Cryptographic Library
Loading...
Searching...
No Matches
lc_kyber_768.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 2022 - 2025, Stephan Mueller <smueller@chronox.de>
3 *
4 * License: see LICENSE file in root directory
5 *
6 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
7 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
8 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
9 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
10 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
11 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
12 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
13 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
14 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
15 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
16 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
17 * DAMAGE.
18 */
19/*
20 * This code is derived in parts from the code distribution provided with
21 * https://github.com/pq-crystals/kyber
22 *
23 * That code is released under Public Domain
24 * (https://creativecommons.org/share-your-work/public-domain/cc0/).
25 */
26
27#ifndef LC_KYBER_768_H
28#define LC_KYBER_768_H
29
30#ifndef __ASSEMBLER__
31
32#include "ext_headers.h"
33#include "lc_rng.h"
34
35#endif /* __ASSEMBLER__ */
36
37#ifdef __cplusplus
38extern "C" {
39#endif
40
42/*
43 * Kyber 512: K == 2 - NIST security category 1
44 * Kyber 768: K == 3 - NIST security category 3
45 * Kyber 1024: K == 4 - NIST security category 5
46 */
47#define LC_KYBER_K 3
48
49#define LC_KYBER_N 256
50#define LC_KYBER_Q 3329
51
52#define LC_KYBER_SYMBYTES 32 /* size in bytes of hashes, and seeds */
53#define LC_KYBER_SSBYTES 32 /* size in bytes of shared key */
54
55#define LC_KYBER_POLYBYTES 384
56#define LC_KYBER_POLYVECBYTES (LC_KYBER_K * LC_KYBER_POLYBYTES)
57
58#if LC_KYBER_K == 2
59#define LC_KYBER_ETA1 3
60#define LC_KYBER_POLYCOMPRESSEDBYTES 128
61#define LC_KYBER_POLYVECCOMPRESSEDBYTES (LC_KYBER_K * 320)
62#elif LC_KYBER_K == 3
63#define LC_KYBER_ETA1 2
64#define LC_KYBER_POLYCOMPRESSEDBYTES 128
65#define LC_KYBER_POLYVECCOMPRESSEDBYTES (LC_KYBER_K * 320)
66#elif LC_KYBER_K == 4
67#define LC_KYBER_ETA1 2
68#define LC_KYBER_POLYCOMPRESSEDBYTES 160
69#define LC_KYBER_POLYVECCOMPRESSEDBYTES (LC_KYBER_K * 352)
70#endif
71
72#define LC_KYBER_ETA2 2
73
74#define LC_KYBER_INDCPA_MSGBYTES (LC_KYBER_SYMBYTES)
75#define LC_KYBER_INDCPA_PUBLICKEYBYTES \
76 (LC_KYBER_POLYVECBYTES + LC_KYBER_SYMBYTES)
77#define LC_KYBER_INDCPA_SECRETKEYBYTES (LC_KYBER_POLYVECBYTES)
78#define LC_KYBER_INDCPA_BYTES \
79 (LC_KYBER_POLYVECCOMPRESSEDBYTES + LC_KYBER_POLYCOMPRESSEDBYTES)
80
81/*
82 * Sizes of the different Kyber buffer types.
83 *
84 * WARNING: Do not use these defines in your code. If you need the sizes of
85 * the different variable sizes, use sizeof of the different variable structs
86 * or use the different *_size functions offered below for the particular sizes
87 * of a given parameter.
88 */
89#define LC_KYBER_PUBLICKEYBYTES (LC_KYBER_INDCPA_PUBLICKEYBYTES)
90/* 32 bytes of additional space to save H(pk) */
91#define LC_KYBER_SECRETKEYBYTES \
92 (LC_KYBER_INDCPA_SECRETKEYBYTES + LC_KYBER_INDCPA_PUBLICKEYBYTES + \
93 2 * LC_KYBER_SYMBYTES)
94#define LC_KYBER_CIPHERTEXTBYTES (LC_KYBER_INDCPA_BYTES)
95
96#define LC_CRYPTO_SECRETKEYBYTES LC_KYBER_SECRETKEYBYTES
97#define LC_CRYPTO_PUBLICKEYBYTES LC_KYBER_PUBLICKEYBYTES
98#define LC_CRYPTO_CIPHERTEXTBYTES LC_KYBER_CIPHERTEXTBYTES
99#define LC_CRYPTO_BYTES LC_KYBER_SSBYTES
101
102#ifndef __ASSEMBLER__
110
111/************************************* KEM ************************************/
115struct lc_kyber_768_sk {
116 uint8_t sk[LC_KYBER_SECRETKEYBYTES];
117};
118
122struct lc_kyber_768_pk {
123 uint8_t pk[LC_KYBER_PUBLICKEYBYTES];
124};
125
129struct lc_kyber_768_ct {
130 uint8_t ct[LC_CRYPTO_CIPHERTEXTBYTES];
131};
132
136struct lc_kyber_768_ss {
137 uint8_t ss[LC_KYBER_SSBYTES];
138};
139
143LC_PURE
144static inline unsigned int lc_kyber_768_sk_size(void)
145{
146 return lc_member_size(struct lc_kyber_768_sk, sk);
147}
148
152LC_PURE
153static inline unsigned int lc_kyber_768_pk_size(void)
154{
155 return lc_member_size(struct lc_kyber_768_pk, pk);
156}
157
161LC_PURE
162static inline unsigned int lc_kyber_768_ct_size(void)
163{
164 return lc_member_size(struct lc_kyber_768_ct, ct);
165}
166
170LC_PURE
171static inline unsigned int lc_kyber_768_ss_size(void)
172{
173 return lc_member_size(struct lc_kyber_768_ss, ss);
174}
175
186int lc_kyber_768_keypair(struct lc_kyber_768_pk *pk, struct lc_kyber_768_sk *sk,
187 struct lc_rng_ctx *rng_ctx);
188
212int lc_kyber_768_keypair_from_seed(struct lc_kyber_768_pk *pk,
213 struct lc_kyber_768_sk *sk,
214 const uint8_t *seed, size_t seedlen);
215
228int lc_kyber_768_enc(struct lc_kyber_768_ct *ct, struct lc_kyber_768_ss *ss,
229 const struct lc_kyber_768_pk *pk);
230
249int lc_kyber_768_enc_kdf(struct lc_kyber_768_ct *ct, uint8_t *ss, size_t ss_len,
250 const struct lc_kyber_768_pk *pk);
251
266int lc_kyber_768_dec(struct lc_kyber_768_ss *ss, const struct lc_kyber_768_ct *ct,
267 const struct lc_kyber_768_sk *sk);
268
289int lc_kyber_768_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_768_ct *ct,
290 const struct lc_kyber_768_sk *sk);
291
292
293int lc_kyber_768_iv_sk(const struct lc_kyber_768_sk *sk);
294
295/************************************* KEX ************************************/
296
342
359int lc_kex_768_uake_initiator_init(struct lc_kyber_768_pk *pk_e_i,
360 struct lc_kyber_768_ct *ct_e_i,
361 struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e,
362 const struct lc_kyber_768_pk *pk_r);
363
381int lc_kex_768_uake_responder_ss(struct lc_kyber_768_ct *ct_e_r, uint8_t *shared_secret,
382 size_t shared_secret_len, const uint8_t *kdf_nonce,
383 size_t kdf_nonce_len,
384 const struct lc_kyber_768_pk *pk_e_i,
385 const struct lc_kyber_768_ct *ct_e_i,
386 const struct lc_kyber_768_sk *sk_r);
387
405int lc_kex_768_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len,
406 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
407 const struct lc_kyber_768_ct *ct_e_r,
408 const struct lc_kyber_768_ss *tk,
409 const struct lc_kyber_768_sk *sk_e);
410
460
476int lc_kex_768_ake_initiator_init(struct lc_kyber_768_pk *pk_e_i,
477 struct lc_kyber_768_ct *ct_e_i,
478 struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e,
479 const struct lc_kyber_768_pk *pk_r);
480
501int lc_kex_768_ake_responder_ss(struct lc_kyber_768_ct *ct_e_r_1,
502 struct lc_kyber_768_ct *ct_e_r_2,
503 uint8_t *shared_secret, size_t shared_secret_len,
504 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
505 const struct lc_kyber_768_pk *pk_e_i,
506 const struct lc_kyber_768_ct *ct_e_i,
507 const struct lc_kyber_768_sk *sk_r,
508 const struct lc_kyber_768_pk *pk_i);
509
529int lc_kex_768_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len,
530 const uint8_t *kdf_nonce, size_t kdf_nonce_len,
531 const struct lc_kyber_768_ct *ct_e_r_1,
532 const struct lc_kyber_768_ct *ct_e_r_2,
533 const struct lc_kyber_768_ss *tk,
534 const struct lc_kyber_768_sk *sk_e,
535 const struct lc_kyber_768_sk *sk_i);
536
537/************************************* IES ************************************/
538/* Macro set during leancrypto compile time for target platform */
539#define LC_KYBER_IES
540#ifdef LC_KYBER_IES
541
542#include "lc_aead.h"
543
572int lc_kyber_768_ies_enc(const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct,
573 const uint8_t *plaintext, uint8_t *ciphertext,
574 size_t datalen, const uint8_t *aad, size_t aadlen,
575 uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead);
576
603int lc_kyber_768_ies_enc_init(struct lc_aead_ctx *aead,
604 const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct,
605 const uint8_t *aad, size_t aadlen);
606
628static inline int lc_kyber_768_ies_enc_update(struct lc_aead_ctx *aead,
629 const uint8_t *plaintext,
630 uint8_t *ciphertext, size_t datalen)
631{
632 return lc_aead_enc_update(aead, plaintext, ciphertext, datalen);
633}
634
654static inline int lc_kyber_768_ies_enc_final(struct lc_aead_ctx *aead,
655 uint8_t *tag, size_t taglen)
656{
657 return lc_aead_enc_final(aead, tag, taglen);
658}
659
687int lc_kyber_768_ies_dec(const struct lc_kyber_768_sk *sk, const struct lc_kyber_768_ct *ct,
688 const uint8_t *ciphertext, uint8_t *plaintext,
689 size_t datalen, const uint8_t *aad, size_t aadlen,
690 const uint8_t *tag, size_t taglen,
691 struct lc_aead_ctx *aead);
692
718int lc_kyber_768_ies_dec_init(struct lc_aead_ctx *aead,
719 const struct lc_kyber_768_sk *sk,
720 const struct lc_kyber_768_ct *ct,
721 const uint8_t *aad, size_t aadlen);
722
744static inline int lc_kyber_768_ies_dec_update(struct lc_aead_ctx *aead,
745 const uint8_t *ciphertext,
746 uint8_t *plaintext, size_t datalen)
747{
748 return lc_aead_dec_update(aead, ciphertext, plaintext, datalen);
749}
750
770static inline int lc_kyber_768_ies_dec_final(struct lc_aead_ctx *aead,
771 const uint8_t *tag, size_t taglen)
772{
773 return lc_aead_dec_final(aead, tag, taglen);
774}
775
776#endif /* LC_KYBER_IES */
777
778/****************************** Kyber X25519 KEM ******************************/
779
780/*
781 * The double KEM implements Kyber KEM together with the X25519 elliptic curve
782 * KEX. The use is identical as the Kyber KEM. The only difference is that
783 * the transmitted pk and ct has a different content.
784 */
785/* Macro set during leancrypto compile time for target platform */
786#define LC_KYBER_X25519_KEM
787#ifdef LC_KYBER_X25519_KEM
788
789#include "lc_x25519.h"
790
794struct lc_kyber_768_x25519_sk {
795 struct lc_kyber_768_sk sk;
796 struct lc_x25519_sk sk_x25519;
797};
798
802struct lc_kyber_768_x25519_pk {
803 struct lc_kyber_768_pk pk;
804 struct lc_x25519_pk pk_x25519;
805};
806
810struct lc_kyber_768_x25519_ct {
811 struct lc_kyber_768_ct ct;
812 struct lc_x25519_pk pk_x25519;
813};
814
818struct lc_kyber_768_x25519_ss {
819 struct lc_kyber_768_ss ss;
820 struct lc_x25519_ss ss_x25519;
821};
822
834int lc_kyber_768_x25519_keypair(struct lc_kyber_768_x25519_pk *pk,
835 struct lc_kyber_768_x25519_sk *sk,
836 struct lc_rng_ctx *rng_ctx);
837
862int lc_kyber_768_x25519_enc_kdf(struct lc_kyber_768_x25519_ct *ct, uint8_t *ss,
863 size_t ss_len, const struct lc_kyber_768_x25519_pk *pk);
864
886int lc_kyber_768_x25519_dec_kdf(uint8_t *ss, size_t ss_len,
887 const struct lc_kyber_768_x25519_ct *ct,
888 const struct lc_kyber_768_x25519_sk *sk);
889
890/****************************** Kyber X25519 KEX ******************************/
891
908int lc_kex_768_x25519_uake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i,
909 struct lc_kyber_768_x25519_ct *ct_e_i,
910 struct lc_kyber_768_x25519_ss *tk,
911 struct lc_kyber_768_x25519_sk *sk_e,
912 const struct lc_kyber_768_x25519_pk *pk_r);
913
931int lc_kex_768_x25519_uake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r,
932 uint8_t *shared_secret,
933 size_t shared_secret_len,
934 const uint8_t *kdf_nonce,
935 size_t kdf_nonce_len,
936 const struct lc_kyber_768_x25519_pk *pk_e_i,
937 const struct lc_kyber_768_x25519_ct *ct_e_i,
938 const struct lc_kyber_768_x25519_sk *sk_r);
939
957int lc_kex_768_x25519_uake_initiator_ss(uint8_t *shared_secret,
958 size_t shared_secret_len,
959 const uint8_t *kdf_nonce,
960 size_t kdf_nonce_len,
961 const struct lc_kyber_768_x25519_ct *ct_e_r,
962 const struct lc_kyber_768_x25519_ss *tk,
963 const struct lc_kyber_768_x25519_sk *sk_e);
964
981int lc_kex_768_x25519_ake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i,
982 struct lc_kyber_768_x25519_ct *ct_e_i,
983 struct lc_kyber_768_x25519_ss *tk,
984 struct lc_kyber_768_x25519_sk *sk_e,
985 const struct lc_kyber_768_x25519_pk *pk_r);
986
1007int lc_kex_768_x25519_ake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r_1,
1008 struct lc_kyber_768_x25519_ct *ct_e_r_2,
1009 uint8_t *shared_secret,
1010 size_t shared_secret_len,
1011 const uint8_t *kdf_nonce,
1012 size_t kdf_nonce_len,
1013 const struct lc_kyber_768_x25519_pk *pk_e_i,
1014 const struct lc_kyber_768_x25519_ct *ct_e_i,
1015 const struct lc_kyber_768_x25519_sk *sk_r,
1016 const struct lc_kyber_768_x25519_pk *pk_i);
1017
1037int lc_kex_768_x25519_ake_initiator_ss(uint8_t *shared_secret,
1038 size_t shared_secret_len,
1039 const uint8_t *kdf_nonce,
1040 size_t kdf_nonce_len,
1041 const struct lc_kyber_768_x25519_ct *ct_e_r_1,
1042 const struct lc_kyber_768_x25519_ct *ct_e_r_2,
1043 const struct lc_kyber_768_x25519_ss *tk,
1044 const struct lc_kyber_768_x25519_sk *sk_e,
1045 const struct lc_kyber_768_x25519_sk *sk_i);
1046
1047/****************************** Kyber X25519 IES ******************************/
1048
1049#ifdef LC_KYBER_IES
1050
1079int lc_kyber_768_x25519_ies_enc(const struct lc_kyber_768_x25519_pk *pk,
1080 struct lc_kyber_768_x25519_ct *ct,
1081 const uint8_t *plaintext, uint8_t *ciphertext,
1082 size_t datalen, const uint8_t *aad, size_t aadlen,
1083 uint8_t *tag, size_t taglen,
1084 struct lc_aead_ctx *aead);
1085
1112int lc_kyber_768_x25519_ies_enc_init(struct lc_aead_ctx *aead,
1113 const struct lc_kyber_768_x25519_pk *pk,
1114 struct lc_kyber_768_x25519_ct *ct,
1115 const uint8_t *aad, size_t aadlen);
1116
1136static inline int lc_kyber_768_x25519_ies_enc_update(struct lc_aead_ctx *aead,
1137 const uint8_t *plaintext,
1138 uint8_t *ciphertext,
1139 size_t datalen)
1140{
1141 return lc_aead_enc_update(aead, plaintext, ciphertext, datalen);
1142}
1143
1163static inline int lc_kyber_768_x25519_ies_enc_final(struct lc_aead_ctx *aead,
1164 uint8_t *tag, size_t taglen)
1165{
1166 return lc_aead_enc_final(aead, tag, taglen);
1167}
1168
1197int lc_kyber_768_x25519_ies_dec(const struct lc_kyber_768_x25519_sk *sk,
1198 const struct lc_kyber_768_x25519_ct *ct,
1199 const uint8_t *ciphertext, uint8_t *plaintext,
1200 size_t datalen, const uint8_t *aad, size_t aadlen,
1201 const uint8_t *tag, size_t taglen,
1202 struct lc_aead_ctx *aead);
1203
1230int lc_kyber_768_x25519_ies_dec_init(struct lc_aead_ctx *aead,
1231 const struct lc_kyber_768_x25519_sk *sk,
1232 const struct lc_kyber_768_x25519_ct *ct,
1233 const uint8_t *aad, size_t aadlen);
1234
1256static inline int lc_kyber_768_x25519_ies_dec_update(struct lc_aead_ctx *aead,
1257 const uint8_t *ciphertext,
1258 uint8_t *plaintext,
1259 size_t datalen)
1260{
1261 return lc_aead_dec_update(aead, ciphertext, plaintext, datalen);
1262}
1263
1283static inline int lc_kyber_768_x25519_ies_dec_final(struct lc_aead_ctx *aead,
1284 const uint8_t *tag,
1285 size_t taglen)
1286{
1287 return lc_aead_dec_final(aead, tag, taglen);
1288}
1289
1290#endif /* LC_KYBER_IES */
1291
1292#endif /* LC_KYBER_X25519_KEM */
1293
1294/****************************** Kyber X448 KEM ******************************/
1295
1296/*
1297 * The double KEM implements Kyber KEM together with the X448 elliptic curve
1298 * KEX. The use is identical as the Kyber KEM. The only difference is that
1299 * the transmitted pk and ct has a different content.
1300 */
1301/* Macro set during leancrypto compile time for target platform */
1302#define LC_KYBER_X448_KEM
1303#ifdef LC_KYBER_X448_KEM
1304
1305#include "lc_x448.h"
1306
1310struct lc_kyber_768_x448_sk {
1311 struct lc_kyber_768_sk sk;
1312 struct lc_x448_sk sk_x448;
1313};
1314
1318struct lc_kyber_768_x448_pk {
1319 struct lc_kyber_768_pk pk;
1320 struct lc_x448_pk pk_x448;
1321};
1322
1326struct lc_kyber_768_x448_ct {
1327 struct lc_kyber_768_ct ct;
1328 struct lc_x448_pk pk_x448;
1329};
1330
1334struct lc_kyber_768_x448_ss {
1335 struct lc_kyber_768_ss ss;
1336 struct lc_x448_ss ss_x448;
1337};
1338
1350int lc_kyber_768_x448_keypair(struct lc_kyber_768_x448_pk *pk,
1351 struct lc_kyber_768_x448_sk *sk,
1352 struct lc_rng_ctx *rng_ctx);
1353
1378int lc_kyber_768_x448_enc_kdf(struct lc_kyber_768_x448_ct *ct, uint8_t *ss,
1379 size_t ss_len, const struct lc_kyber_768_x448_pk *pk);
1380
1402int lc_kyber_768_x448_dec_kdf(uint8_t *ss, size_t ss_len,
1403 const struct lc_kyber_768_x448_ct *ct,
1404 const struct lc_kyber_768_x448_sk *sk);
1405
1406/****************************** Kyber X448 KEX ******************************/
1407
1424int lc_kex_768_x448_uake_initiator_init(struct lc_kyber_768_x448_pk *pk_e_i,
1425 struct lc_kyber_768_x448_ct *ct_e_i,
1426 struct lc_kyber_768_x448_ss *tk,
1427 struct lc_kyber_768_x448_sk *sk_e,
1428 const struct lc_kyber_768_x448_pk *pk_r);
1429
1447int lc_kex_768_x448_uake_responder_ss(struct lc_kyber_768_x448_ct *ct_e_r,
1448 uint8_t *shared_secret,
1449 size_t shared_secret_len,
1450 const uint8_t *kdf_nonce,
1451 size_t kdf_nonce_len,
1452 const struct lc_kyber_768_x448_pk *pk_e_i,
1453 const struct lc_kyber_768_x448_ct *ct_e_i,
1454 const struct lc_kyber_768_x448_sk *sk_r);
1455
1473int lc_kex_768_x448_uake_initiator_ss(uint8_t *shared_secret,
1474 size_t shared_secret_len,
1475 const uint8_t *kdf_nonce,
1476 size_t kdf_nonce_len,
1477 const struct lc_kyber_768_x448_ct *ct_e_r,
1478 const struct lc_kyber_768_x448_ss *tk,
1479 const struct lc_kyber_768_x448_sk *sk_e);
1480
1497int lc_kex_768_x448_ake_initiator_init(struct lc_kyber_768_x448_pk *pk_e_i,
1498 struct lc_kyber_768_x448_ct *ct_e_i,
1499 struct lc_kyber_768_x448_ss *tk,
1500 struct lc_kyber_768_x448_sk *sk_e,
1501 const struct lc_kyber_768_x448_pk *pk_r);
1502
1523int lc_kex_768_x448_ake_responder_ss(struct lc_kyber_768_x448_ct *ct_e_r_1,
1524 struct lc_kyber_768_x448_ct *ct_e_r_2,
1525 uint8_t *shared_secret,
1526 size_t shared_secret_len,
1527 const uint8_t *kdf_nonce,
1528 size_t kdf_nonce_len,
1529 const struct lc_kyber_768_x448_pk *pk_e_i,
1530 const struct lc_kyber_768_x448_ct *ct_e_i,
1531 const struct lc_kyber_768_x448_sk *sk_r,
1532 const struct lc_kyber_768_x448_pk *pk_i);
1533
1553int lc_kex_768_x448_ake_initiator_ss(uint8_t *shared_secret,
1554 size_t shared_secret_len,
1555 const uint8_t *kdf_nonce,
1556 size_t kdf_nonce_len,
1557 const struct lc_kyber_768_x448_ct *ct_e_r_1,
1558 const struct lc_kyber_768_x448_ct *ct_e_r_2,
1559 const struct lc_kyber_768_x448_ss *tk,
1560 const struct lc_kyber_768_x448_sk *sk_e,
1561 const struct lc_kyber_768_x448_sk *sk_i);
1562
1563/****************************** Kyber X448 IES ******************************/
1564
1565#ifdef LC_KYBER_IES
1566
1595int lc_kyber_768_x448_ies_enc(const struct lc_kyber_768_x448_pk *pk,
1596 struct lc_kyber_768_x448_ct *ct,
1597 const uint8_t *plaintext, uint8_t *ciphertext,
1598 size_t datalen, const uint8_t *aad, size_t aadlen,
1599 uint8_t *tag, size_t taglen,
1600 struct lc_aead_ctx *aead);
1601
1628int lc_kyber_768_x448_ies_enc_init(struct lc_aead_ctx *aead,
1629 const struct lc_kyber_768_x448_pk *pk,
1630 struct lc_kyber_768_x448_ct *ct,
1631 const uint8_t *aad, size_t aadlen);
1632
1652static inline int lc_kyber_768_x448_ies_enc_update(struct lc_aead_ctx *aead,
1653 const uint8_t *plaintext,
1654 uint8_t *ciphertext,
1655 size_t datalen)
1656{
1657 return lc_aead_enc_update(aead, plaintext, ciphertext, datalen);
1658}
1659
1679static inline int lc_kyber_768_x448_ies_enc_final(struct lc_aead_ctx *aead,
1680 uint8_t *tag, size_t taglen)
1681{
1682 return lc_aead_enc_final(aead, tag, taglen);
1683}
1684
1713int lc_kyber_768_x448_ies_dec(const struct lc_kyber_768_x448_sk *sk,
1714 const struct lc_kyber_768_x448_ct *ct,
1715 const uint8_t *ciphertext, uint8_t *plaintext,
1716 size_t datalen, const uint8_t *aad, size_t aadlen,
1717 const uint8_t *tag, size_t taglen,
1718 struct lc_aead_ctx *aead);
1719
1746int lc_kyber_768_x448_ies_dec_init(struct lc_aead_ctx *aead,
1747 const struct lc_kyber_768_x448_sk *sk,
1748 const struct lc_kyber_768_x448_ct *ct,
1749 const uint8_t *aad, size_t aadlen);
1750
1772static inline int lc_kyber_768_x448_ies_dec_update(struct lc_aead_ctx *aead,
1773 const uint8_t *ciphertext,
1774 uint8_t *plaintext,
1775 size_t datalen)
1776{
1777 return lc_aead_dec_update(aead, ciphertext, plaintext, datalen);
1778}
1779
1799static inline int lc_kyber_768_x448_ies_dec_final(struct lc_aead_ctx *aead,
1800 const uint8_t *tag,
1801 size_t taglen)
1802{
1803 return lc_aead_dec_final(aead, tag, taglen);
1804}
1805
1806#endif /* LC_KYBER_IES */
1807
1808#endif /* LC_KYBER_X448_KEM */
1809
1810#endif /* __ASSEMBLER__ */
1811
1812/*
1813 * To allow including the different lc_kyber_*.h files, these macros need to be
1814 * undefined. Only during compilation of leancrypto, these macros remain defined
1815 * as this header file is not included multiple times.
1816 */
1817#ifndef LC_KYBER_INTERNAL
1818#undef LC_KYBER_K
1819#undef LC_KYBER_N
1820#undef LC_KYBER_Q
1821#undef LC_KYBER_SYMBYTES
1822#undef LC_KYBER_SSBYTES
1823#undef LC_KYBER_POLYBYTES
1824#undef LC_KYBER_POLYVECBYTES
1825#undef LC_KYBER_ETA1
1826#undef LC_KYBER_POLYCOMPRESSEDBYTES
1827#undef LC_KYBER_POLYVECCOMPRESSEDBYTES
1828#undef LC_KYBER_ETA2
1829#undef LC_KYBER_INDCPA_MSGBYTES
1830#undef LC_KYBER_INDCPA_PUBLICKEYBYTES
1831#undef LC_KYBER_INDCPA_SECRETKEYBYTES
1832#undef LC_KYBER_INDCPA_BYTES
1833#undef LC_KYBER_PUBLICKEYBYTES
1834#undef LC_KYBER_SECRETKEYBYTES
1835#undef LC_KYBER_CIPHERTEXTBYTES
1836#undef LC_CRYPTO_SECRETKEYBYTES
1837#undef LC_CRYPTO_PUBLICKEYBYTES
1838#undef LC_CRYPTO_CIPHERTEXTBYTES
1839#undef LC_CRYPTO_BYTES
1840#endif /* LC_KYBER_INTERNAL */
1841
1842#ifdef __cplusplus
1843}
1844#endif
1845
1846#endif /* LC_KYBER_768_H */
lc_aead_dec_update
int lc_aead_dec_update(struct lc_aead_ctx *ctx, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
AEAD-decrypt data - send partial data.
lc_aead_dec_final
int lc_aead_dec_final(struct lc_aead_ctx *ctx, const uint8_t *tag, size_t taglen)
AEAD-decrypt data - Perform authentication.
lc_aead_enc_update
int lc_aead_enc_update(struct lc_aead_ctx *ctx, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
AEAD-encrypt data - send partial data.
lc_aead_enc_final
int lc_aead_enc_final(struct lc_aead_ctx *ctx, uint8_t *tag, size_t taglen)
Complete AEAD encryption - Obtain the authentication tag from the encryption operation.
lc_aead.h
lc_kyber_768_ies_enc_final
static int lc_kyber_768_ies_enc_final(struct lc_aead_ctx *aead, uint8_t *tag, size_t taglen)
lc_kyber_ies_enc_final - KyberIES encryption stream operation finalization / integrity test
Definition lc_kyber_768.h:654
lc_kyber_768_iv_sk
int lc_kyber_768_iv_sk(const struct lc_kyber_768_sk *sk)
lc_kyber_768_x448_ies_dec_update
static int lc_kyber_768_x448_ies_dec_update(struct lc_aead_ctx *aead, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
lc_kyber_x448_ies_dec_update - KyberIES decryption stream operation add more data
Definition lc_kyber_768.h:1772
lc_kyber_768_x448_sk::sk
struct lc_kyber_768_sk sk
Definition lc_kyber_768.h:1311
lc_kyber_768_x25519_keypair
int lc_kyber_768_x25519_keypair(struct lc_kyber_768_x25519_pk *pk, struct lc_kyber_768_x25519_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_x25519_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulatio...
lc_kyber_768_x448_pk::pk
struct lc_kyber_768_pk pk
Definition lc_kyber_768.h:1319
lc_kyber_768_x448_sk::sk_x448
struct lc_x448_sk sk_x448
Definition lc_kyber_768.h:1312
lc_kyber_768_x448_enc_kdf
int lc_kyber_768_x448_enc_kdf(struct lc_kyber_768_x448_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_768_x448_pk *pk)
lc_kyber_x448_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kyber_768_ies_enc_init
int lc_kyber_768_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_enc_init - KyberIES encryption stream operation initialization
lc_kyber_768_x448_ies_enc_update
static int lc_kyber_768_x448_ies_enc_update(struct lc_aead_ctx *aead, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
lc_kyber_x448_ies_enc_update - KyberIES encryption stream operation add more data
Definition lc_kyber_768.h:1652
lc_kyber_768_dec_kdf
int lc_kyber_768_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_768_ct *ct, const struct lc_kyber_768_sk *sk)
lc_kyber_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_768_ies_dec
int lc_kyber_768_ies_dec(const struct lc_kyber_768_sk *sk, const struct lc_kyber_768_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_dec - KyberIES decryption oneshot
lc_kyber_768_x25519_ies_dec_final
static int lc_kyber_768_x25519_ies_dec_final(struct lc_aead_ctx *aead, const uint8_t *tag, size_t taglen)
lc_kyber _x25519_ies_dec_final - KyberIES decryption stream operation finalization / integrity test
Definition lc_kyber_768.h:1283
lc_kyber_768_x25519_ies_dec
int lc_kyber_768_x25519_ies_dec(const struct lc_kyber_768_x25519_sk *sk, const struct lc_kyber_768_x25519_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_dec - KyberIES decryption oneshot
lc_kyber_768_keypair
int lc_kyber_768_keypair(struct lc_kyber_768_pk *pk, struct lc_kyber_768_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulation mecha...
lc_kyber_768_ss_size
static LC_PURE unsigned int lc_kyber_768_ss_size(void)
Return the size of the Kyber shared secret.
Definition lc_kyber_768.h:171
lc_kyber_768_x25519_ies_enc_final
static int lc_kyber_768_x25519_ies_enc_final(struct lc_aead_ctx *aead, uint8_t *tag, size_t taglen)
lc_kyber_x25519_ies_enc_final - KyberIES encryption stream operation finalization / integrity test
Definition lc_kyber_768.h:1163
lc_kyber_768_enc_kdf
int lc_kyber_768_enc_kdf(struct lc_kyber_768_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_768_pk *pk)
lc_kyber_768_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kyber_768_x448_ct::pk_x448
struct lc_x448_pk pk_x448
Definition lc_kyber_768.h:1328
lc_kyber_768_sk::sk
uint8_t sk[LC_KYBER_SECRETKEYBYTES]
Definition lc_kyber_768.h:116
lc_kyber_768_ct_size
static LC_PURE unsigned int lc_kyber_768_ct_size(void)
Return the size of the Kyber ciphertext.
Definition lc_kyber_768.h:162
lc_kyber_768_ies_dec_update
static int lc_kyber_768_ies_dec_update(struct lc_aead_ctx *aead, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
lc_kyber_ies_dec_update - KyberIES decryption stream operation add more data
Definition lc_kyber_768.h:744
lc_kyber_768_x25519_ies_dec_init
int lc_kyber_768_x25519_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_x25519_sk *sk, const struct lc_kyber_768_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_dec_init - KyberIES decryption stream operation initialization
lc_kyber_768_x25519_ies_enc
int lc_kyber_768_x25519_ies_enc(const struct lc_kyber_768_x25519_pk *pk, struct lc_kyber_768_x25519_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x25519_ies_enc - KyberIES encryption oneshot
lc_kyber_768_ies_enc_update
static int lc_kyber_768_ies_enc_update(struct lc_aead_ctx *aead, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
lc_kyber_ies_enc_update - KyberIES encryption stream operation add more data
Definition lc_kyber_768.h:628
lc_kex_768_x25519_ake_initiator_ss
int lc_kex_768_x25519_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_ct *ct_e_r_1, const struct lc_kyber_768_x25519_ct *ct_e_r_2, const struct lc_kyber_768_x25519_ss *tk, const struct lc_kyber_768_x25519_sk *sk_e, const struct lc_kyber_768_x25519_sk *sk_i)
lc_kex_x25519_ake_initiator_ss - Responder's shared secret generation
lc_kyber_768_x25519_ct::ct
struct lc_kyber_768_ct ct
Definition lc_kyber_768.h:811
lc_kex_768_ake_initiator_ss
int lc_kex_768_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_ct *ct_e_r_1, const struct lc_kyber_768_ct *ct_e_r_2, const struct lc_kyber_768_ss *tk, const struct lc_kyber_768_sk *sk_e, const struct lc_kyber_768_sk *sk_i)
lc_kex_ake_initiator_ss - Responder's shared secret generation
lc_kex_768_x448_ake_responder_ss
int lc_kex_768_x448_ake_responder_ss(struct lc_kyber_768_x448_ct *ct_e_r_1, struct lc_kyber_768_x448_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x448_pk *pk_e_i, const struct lc_kyber_768_x448_ct *ct_e_i, const struct lc_kyber_768_x448_sk *sk_r, const struct lc_kyber_768_x448_pk *pk_i)
lc_kex_x448_ake_responder_ss - Initiator's shared secret generation
lc_kyber_768_x448_ss::ss_x448
struct lc_x448_ss ss_x448
Definition lc_kyber_768.h:1336
lc_kyber_768_x448_dec_kdf
int lc_kyber_768_x448_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_768_x448_ct *ct, const struct lc_kyber_768_x448_sk *sk)
lc_kyber_x448_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_768_x25519_sk::sk
struct lc_kyber_768_sk sk
Definition lc_kyber_768.h:795
lc_kyber_768_x448_ies_enc
int lc_kyber_768_x448_ies_enc(const struct lc_kyber_768_x448_pk *pk, struct lc_kyber_768_x448_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x448_ies_enc - KyberIES encryption oneshot
lc_kyber_768_x448_ss::ss
struct lc_kyber_768_ss ss
Definition lc_kyber_768.h:1335
lc_kyber_768_x448_ies_enc_final
static int lc_kyber_768_x448_ies_enc_final(struct lc_aead_ctx *aead, uint8_t *tag, size_t taglen)
lc_kyber_x448_ies_enc_final - KyberIES encryption stream operation finalization / integrity test
Definition lc_kyber_768.h:1679
lc_kyber_768_x448_ies_dec
int lc_kyber_768_x448_ies_dec(const struct lc_kyber_768_x448_sk *sk, const struct lc_kyber_768_x448_ct *ct, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen, const uint8_t *aad, size_t aadlen, const uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_x448_ies_dec - KyberIES decryption oneshot
lc_kyber_768_x25519_pk::pk
struct lc_kyber_768_pk pk
Definition lc_kyber_768.h:803
lc_kex_768_x448_uake_responder_ss
int lc_kex_768_x448_uake_responder_ss(struct lc_kyber_768_x448_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x448_pk *pk_e_i, const struct lc_kyber_768_x448_ct *ct_e_i, const struct lc_kyber_768_x448_sk *sk_r)
lc_kex_x448_uake_responder_ss - Initiator's shared secret generation
lc_kyber_768_x448_keypair
int lc_kyber_768_x448_keypair(struct lc_kyber_768_x448_pk *pk, struct lc_kyber_768_x448_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_kyber_x448_keypair - Generates public and private key for IND-CCA2-secure Kyber key encapsulation ...
lc_kex_768_ake_initiator_init
int lc_kex_768_ake_initiator_init(struct lc_kyber_768_pk *pk_e_i, struct lc_kyber_768_ct *ct_e_i, struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e, const struct lc_kyber_768_pk *pk_r)
lc_kex_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_768_dec
int lc_kyber_768_dec(struct lc_kyber_768_ss *ss, const struct lc_kyber_768_ct *ct, const struct lc_kyber_768_sk *sk)
lc_kyber_dec - Key decapsulation
lc_kex_768_x25519_ake_initiator_init
int lc_kex_768_x25519_ake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i, struct lc_kyber_768_x25519_ct *ct_e_i, struct lc_kyber_768_x25519_ss *tk, struct lc_kyber_768_x25519_sk *sk_e, const struct lc_kyber_768_x25519_pk *pk_r)
lc_kex_x25519_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_768_x25519_ss::ss
struct lc_kyber_768_ss ss
Definition lc_kyber_768.h:819
lc_kyber_768_x25519_ss::ss_x25519
struct lc_x25519_ss ss_x25519
Definition lc_kyber_768.h:820
lc_kyber_768_ies_dec_init
int lc_kyber_768_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_sk *sk, const struct lc_kyber_768_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_ies_dec_init - KyberIES decryption stream operation initialization
lc_kex_768_x25519_ake_responder_ss
int lc_kex_768_x25519_ake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r_1, struct lc_kyber_768_x25519_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_pk *pk_e_i, const struct lc_kyber_768_x25519_ct *ct_e_i, const struct lc_kyber_768_x25519_sk *sk_r, const struct lc_kyber_768_x25519_pk *pk_i)
lc_kex_x25519_ake_responder_ss - Initiator's shared secret generation
lc_kyber_768_enc
int lc_kyber_768_enc(struct lc_kyber_768_ct *ct, struct lc_kyber_768_ss *ss, const struct lc_kyber_768_pk *pk)
lc_kyber_enc - Key encapsulation
lc_kyber_768_x25519_dec_kdf
int lc_kyber_768_x25519_dec_kdf(uint8_t *ss, size_t ss_len, const struct lc_kyber_768_x25519_ct *ct, const struct lc_kyber_768_x25519_sk *sk)
lc_kyber_x25519_dec_kdf - Key decapsulation with KDF applied to shared secret
lc_kyber_768_x25519_ies_enc_init
int lc_kyber_768_x25519_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_x25519_pk *pk, struct lc_kyber_768_x25519_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x25519_ies_enc_init - KyberIES encryption stream operation initialization
lc_kyber_768_pk_size
static LC_PURE unsigned int lc_kyber_768_pk_size(void)
Return the size of the Kyber public key.
Definition lc_kyber_768.h:153
lc_kex_768_x448_ake_initiator_ss
int lc_kex_768_x448_ake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x448_ct *ct_e_r_1, const struct lc_kyber_768_x448_ct *ct_e_r_2, const struct lc_kyber_768_x448_ss *tk, const struct lc_kyber_768_x448_sk *sk_e, const struct lc_kyber_768_x448_sk *sk_i)
lc_kex_x448_ake_initiator_ss - Responder's shared secret generation
lc_kex_768_uake_responder_ss
int lc_kex_768_uake_responder_ss(struct lc_kyber_768_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_pk *pk_e_i, const struct lc_kyber_768_ct *ct_e_i, const struct lc_kyber_768_sk *sk_r)
lc_kex_uake_responder_ss - Initiator's shared secret generation
lc_kyber_768_pk::pk
uint8_t pk[LC_KYBER_PUBLICKEYBYTES]
Definition lc_kyber_768.h:123
lc_kyber_768_x448_ies_dec_final
static int lc_kyber_768_x448_ies_dec_final(struct lc_aead_ctx *aead, const uint8_t *tag, size_t taglen)
lc_kyber _x448_ies_dec_final - KyberIES decryption stream operation finalization / integrity test
Definition lc_kyber_768.h:1799
lc_kyber_768_sk_size
static LC_PURE unsigned int lc_kyber_768_sk_size(void)
Return the size of the Kyber secret key.
Definition lc_kyber_768.h:144
lc_kyber_768_ss::ss
uint8_t ss[LC_KYBER_SSBYTES]
Definition lc_kyber_768.h:137
lc_kyber_768_x448_pk::pk_x448
struct lc_x448_pk pk_x448
Definition lc_kyber_768.h:1320
lc_kex_768_x448_ake_initiator_init
int lc_kex_768_x448_ake_initiator_init(struct lc_kyber_768_x448_pk *pk_e_i, struct lc_kyber_768_x448_ct *ct_e_i, struct lc_kyber_768_x448_ss *tk, struct lc_kyber_768_x448_sk *sk_e, const struct lc_kyber_768_x448_pk *pk_r)
lc_kex_x448_ake_initiator_init - Initialize authenticated key exchange
lc_kyber_768_x448_ies_enc_init
int lc_kyber_768_x448_ies_enc_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_x448_pk *pk, struct lc_kyber_768_x448_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x448_ies_enc_init - KyberIES encryption stream operation initialization
lc_kyber_768_x25519_sk::sk_x25519
struct lc_x25519_sk sk_x25519
Definition lc_kyber_768.h:796
lc_kex_768_x25519_uake_initiator_init
int lc_kex_768_x25519_uake_initiator_init(struct lc_kyber_768_x25519_pk *pk_e_i, struct lc_kyber_768_x25519_ct *ct_e_i, struct lc_kyber_768_x25519_ss *tk, struct lc_kyber_768_x25519_sk *sk_e, const struct lc_kyber_768_x25519_pk *pk_r)
lc_kex_x25519_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kyber_768_x448_ies_dec_init
int lc_kyber_768_x448_ies_dec_init(struct lc_aead_ctx *aead, const struct lc_kyber_768_x448_sk *sk, const struct lc_kyber_768_x448_ct *ct, const uint8_t *aad, size_t aadlen)
lc_kyber_x448_ies_dec_init - KyberIES decryption stream operation initialization
lc_kyber_768_ies_enc
int lc_kyber_768_ies_enc(const struct lc_kyber_768_pk *pk, struct lc_kyber_768_ct *ct, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen, const uint8_t *aad, size_t aadlen, uint8_t *tag, size_t taglen, struct lc_aead_ctx *aead)
lc_kyber_ies_enc - KyberIES encryption oneshot
lc_kyber_768_ies_dec_final
static int lc_kyber_768_ies_dec_final(struct lc_aead_ctx *aead, const uint8_t *tag, size_t taglen)
lc_kyber_ies_dec_final - KyberIES decryption stream operation finalization / integrity test
Definition lc_kyber_768.h:770
lc_kyber_768_x448_ct::ct
struct lc_kyber_768_ct ct
Definition lc_kyber_768.h:1327
lc_kex_768_uake_initiator_init
int lc_kex_768_uake_initiator_init(struct lc_kyber_768_pk *pk_e_i, struct lc_kyber_768_ct *ct_e_i, struct lc_kyber_768_ss *tk, struct lc_kyber_768_sk *sk_e, const struct lc_kyber_768_pk *pk_r)
lc_kex_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kex_768_uake_initiator_ss
int lc_kex_768_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_ct *ct_e_r, const struct lc_kyber_768_ss *tk, const struct lc_kyber_768_sk *sk_e)
lc_kex_uake_initiator_ss - Responder's shared secret generation
lc_kyber_768_ct::ct
uint8_t ct[LC_CRYPTO_CIPHERTEXTBYTES]
Definition lc_kyber_768.h:130
lc_kyber_768_x25519_ies_dec_update
static int lc_kyber_768_x25519_ies_dec_update(struct lc_aead_ctx *aead, const uint8_t *ciphertext, uint8_t *plaintext, size_t datalen)
lc_kyber_x25519_ies_dec_update - KyberIES decryption stream operation add more data
Definition lc_kyber_768.h:1256
lc_kex_768_x25519_uake_initiator_ss
int lc_kex_768_x25519_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_ct *ct_e_r, const struct lc_kyber_768_x25519_ss *tk, const struct lc_kyber_768_x25519_sk *sk_e)
lc_kex_x25519_uake_initiator_ss - Responder's shared secret generation
lc_kex_768_x25519_uake_responder_ss
int lc_kex_768_x25519_uake_responder_ss(struct lc_kyber_768_x25519_ct *ct_e_r, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x25519_pk *pk_e_i, const struct lc_kyber_768_x25519_ct *ct_e_i, const struct lc_kyber_768_x25519_sk *sk_r)
lc_kex_x25519_uake_responder_ss - Initiator's shared secret generation
lc_kex_768_ake_responder_ss
int lc_kex_768_ake_responder_ss(struct lc_kyber_768_ct *ct_e_r_1, struct lc_kyber_768_ct *ct_e_r_2, uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_pk *pk_e_i, const struct lc_kyber_768_ct *ct_e_i, const struct lc_kyber_768_sk *sk_r, const struct lc_kyber_768_pk *pk_i)
lc_kex_ake_responder_ss - Initiator's shared secret generation
lc_kex_768_x448_uake_initiator_ss
int lc_kex_768_x448_uake_initiator_ss(uint8_t *shared_secret, size_t shared_secret_len, const uint8_t *kdf_nonce, size_t kdf_nonce_len, const struct lc_kyber_768_x448_ct *ct_e_r, const struct lc_kyber_768_x448_ss *tk, const struct lc_kyber_768_x448_sk *sk_e)
lc_kex_x448_uake_initiator_ss - Responder's shared secret generation
lc_kyber_768_x25519_enc_kdf
int lc_kyber_768_x25519_enc_kdf(struct lc_kyber_768_x25519_ct *ct, uint8_t *ss, size_t ss_len, const struct lc_kyber_768_x25519_pk *pk)
lc_kyber_x25519_enc_kdf - Key encapsulation with KDF applied to shared secret
lc_kex_768_x448_uake_initiator_init
int lc_kex_768_x448_uake_initiator_init(struct lc_kyber_768_x448_pk *pk_e_i, struct lc_kyber_768_x448_ct *ct_e_i, struct lc_kyber_768_x448_ss *tk, struct lc_kyber_768_x448_sk *sk_e, const struct lc_kyber_768_x448_pk *pk_r)
lc_kex_x448_uake_initiator_init - Initialize unilaterally authenticated key exchange
lc_kyber_768_x25519_ct::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_768.h:812
lc_kyber_768_x25519_ies_enc_update
static int lc_kyber_768_x25519_ies_enc_update(struct lc_aead_ctx *aead, const uint8_t *plaintext, uint8_t *ciphertext, size_t datalen)
lc_kyber_x25519_ies_enc_update - KyberIES encryption stream operation add more data
Definition lc_kyber_768.h:1136
lc_kyber_768_x25519_pk::pk_x25519
struct lc_x25519_pk pk_x25519
Definition lc_kyber_768.h:804
lc_kyber_768_keypair_from_seed
int lc_kyber_768_keypair_from_seed(struct lc_kyber_768_pk *pk, struct lc_kyber_768_sk *sk, const uint8_t *seed, size_t seedlen)
lc_kyber__keypair_from_seed - Generates Kyber public and private key from a given seed.
lc_kyber_768_ct
Kyber ciphertext.
Definition lc_kyber_768.h:129
lc_kyber_768_pk
Kyber public key.
Definition lc_kyber_768.h:122
lc_kyber_768_sk
Kyber secret key.
Definition lc_kyber_768.h:115
lc_kyber_768_ss
Kyber shared secret.
Definition lc_kyber_768.h:136
lc_kyber_768_x25519_ct
Kyber ciphertext.
Definition lc_kyber_768.h:810
lc_kyber_768_x25519_pk
Kyber public key.
Definition lc_kyber_768.h:802
lc_kyber_768_x25519_sk
Kyber secret key.
Definition lc_kyber_768.h:794
lc_kyber_768_x25519_ss
Kyber shared secret.
Definition lc_kyber_768.h:818
lc_kyber_768_x448_ct
Kyber ciphertext.
Definition lc_kyber_768.h:1326
lc_kyber_768_x448_pk
Kyber public key.
Definition lc_kyber_768.h:1318
lc_kyber_768_x448_sk
Kyber secret key.
Definition lc_kyber_768.h:1310
lc_kyber_768_x448_ss
Kyber shared secret.
Definition lc_kyber_768.h:1334
lc_rng.h
Generated by doxygen 1.15.0