-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathmlkem_native.h
250 lines (218 loc) · 9.47 KB
/
mlkem_native.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
/*
* Copyright (c) 2024-2025 The mlkem-native project authors
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef MLK_H
#define MLK_H
/*
* Public API for mlkem-native
*
* This header defines the public API of a single build of mlkem-native.
*
* To use this header, make sure one of the following holds:
*
* - The config.h used for the build is available in the include paths.
* - The values of MLK_BUILD_INFO_LVL and MLK_BUILD_INFO_NAMESPACE are set,
* reflecting the security level (512/768/1024) and namespace of the build.
*
* This header specifies a build of mlkem-native for a fixed security level.
* If you need multiple builds, e.g. to build a library offering multiple
* security levels, you need multiple instances of this header. In this case,
* make sure to rename or #undefine the header guard
*/
#include <stdint.h>
/*************************** Build information ********************************/
/*
* Provide security level (MLK_BUILD_INFO_LVL) and namespacing
* (MLK_BUILD_INFO_NAMESPACE)
*
* By default, this is extracted from the configuration used for the build,
* but you can also set it manually to avoid a dependency on the build config.
*/
/* Skip this if MLK_BUILD_INFO_LVL has already been set */
#if !defined(MLK_BUILD_INFO_LVL)
/* Option 1: Extract from config */
#if defined(MLK_CONFIG_FILE)
#include MLK_CONFIG_FILE
#else
#include "config.h"
#endif
#if MLKEM_K == 2
#define MLK_BUILD_INFO_LVL 512
#elif MLKEM_K == 3
#define MLK_BUILD_INFO_LVL 768
#elif MLKEM_K == 4
#define MLK_BUILD_INFO_LVL 1024
#else
#error MLKEM_K not set by config file
#endif
#ifndef MLK_NAMESPACE_PREFIX
#error MLK_NAMESPACE_PREFIX not set by config file
#endif
#if defined(MLK_NAMESPACE_PREFIX_ADD_LEVEL)
#define MLK_BUILD_INFO_CONCAT3_(x, y, z) x##y##_##z
#define MLK_BUILD_INFO_CONCAT3(x, y, z) MLK_BUILD_INFO_CONCAT_(x, y, z)
#define MLK_BUILD_INFO_NAMESPACE(sym) \
MLK_BUILD_INFO_CONCAT3(MLK_NAMESPACE_PREFIX, MLK_BUILD_INFO_LVL, sym)
#else
#define MLK_BUILD_INFO_CONCAT2_(x, y) x##_##y
#define MLK_BUILD_INFO_CONCAT2(x, y) MLK_BUILD_INFO_CONCAT2_(x, y)
#define MLK_BUILD_INFO_NAMESPACE(sym) \
MLK_BUILD_INFO_CONCAT2(MLK_NAMESPACE_PREFIX, sym)
#endif
#endif /* MLK_BUILD_INFO_LVL */
/* Option 2: Provide MLK_BUILD_INFO_LVL and MLK_BUILD_INFO_NAMESPACE manually */
/* #define MLK_BUILD_INFO_LVL ADJUSTME */
/* #define MLK_BUILD_INFO_NAMESPACE(sym) ADJUSTME */
/******************************* Key sizes ************************************/
/* Sizes of cryptographic material, per level */
#define MLKEM512_SECRETKEYBYTES 1632
#define MLKEM512_PUBLICKEYBYTES 800
#define MLKEM512_CIPHERTEXTBYTES 768
#define MLKEM768_SECRETKEYBYTES 2400
#define MLKEM768_PUBLICKEYBYTES 1184
#define MLKEM768_CIPHERTEXTBYTES 1088
#define MLKEM1024_SECRETKEYBYTES 3168
#define MLKEM1024_PUBLICKEYBYTES 1568
#define MLKEM1024_CIPHERTEXTBYTES 1568
/* Size of randomness coins in bytes (level-independent) */
#define MLKEM_SYMBYTES 32
#define MLKEM512_SYMBYTES MLKEM_SYMBYTES
#define MLKEM768_SYMBYTES MLKEM_SYMBYTES
#define MLKEM1024_SYMBYTES MLKEM_SYMBYTES
/* Size of shared secret in bytes (level-independent) */
#define MLKEM_BYTES 32
#define MLKEM512_BYTES MLKEM_BYTES
#define MLKEM768_BYTES MLKEM_BYTES
#define MLKEM1024_BYTES MLKEM_BYTES
/* Sizes of cryptographic material, as a function of LVL=512,768,1024 */
#define MLKEM_SECRETKEYBYTES_(LVL) MLKEM##LVL##_SECRETKEYBYTES
#define MLKEM_PUBLICKEYBYTES_(LVL) MLKEM##LVL##_PUBLICKEYBYTES
#define MLKEM_CIPHERTEXTBYTES_(LVL) MLKEM##LVL##_CIPHERTEXTBYTES
#define MLKEM_SECRETKEYBYTES(LVL) MLKEM_SECRETKEYBYTES_(LVL)
#define MLKEM_PUBLICKEYBYTES(LVL) MLKEM_PUBLICKEYBYTES_(LVL)
#define MLKEM_CIPHERTEXTBYTES(LVL) MLKEM_CIPHERTEXTBYTES_(LVL)
/****************************** Function API **********************************/
/*************************************************
* Name: crypto_kem_keypair_derand
*
* Description: Generates public and private key
* for CCA-secure ML-KEM key encapsulation mechanism
*
* Arguments: - uint8_t pk[]: pointer to output public key, an array of
* length MLKEM{512,768,1024}_PUBLICKEYBYTES bytes.
* - uint8_t sk[]: pointer to output private key, an array of
* of MLKEM{512,768,1024}_SECRETKEYBYTES bytes.
* - uint8_t *coins: pointer to input randomness, an array of
* 2*MLKEM_SYMBYTES uniformly random bytes.
*
* Returns 0 (success)
**************************************************/
int MLK_BUILD_INFO_NAMESPACE(keypair_derand)(
uint8_t pk[MLKEM_PUBLICKEYBYTES(MLK_BUILD_INFO_LVL)],
uint8_t sk[MLKEM_SECRETKEYBYTES(MLK_BUILD_INFO_LVL)], const uint8_t *coins);
/*************************************************
* Name: crypto_kem_keypair
*
* Description: Generates public and private key
* for CCA-secure ML-KEM key encapsulation mechanism
*
* Arguments: - uint8_t *pk: pointer to output public key, an array of
* MLKEM{512,768,1024}_PUBLICKEYBYTES bytes.
* - uint8_t *sk: pointer to output private key, an array of
* MLKEM{512,768,1024}_SECRETKEYBYTES bytes.
*
* Returns 0 (success)
**************************************************/
int MLK_BUILD_INFO_NAMESPACE(keypair)(
uint8_t pk[MLKEM_PUBLICKEYBYTES(MLK_BUILD_INFO_LVL)],
uint8_t sk[MLKEM_SECRETKEYBYTES(MLK_BUILD_INFO_LVL)]);
/*************************************************
* Name: crypto_kem_enc_derand
*
* Description: Generates cipher text and shared
* secret for given public key
*
* Arguments: - uint8_t *ct: pointer to output cipher text, an array of
* MLKEM{512,768,1024}_CIPHERTEXTBYTES bytes.
* - uint8_t *ss: pointer to output shared secret, an array of
* MLKEM_BYTES bytes.
* - const uint8_t *pk: pointer to input public key, an array of
* MLKEM{512,768,1024}_PUBLICKEYBYTES bytes.
* - const uint8_t *coins: pointer to input randomness, an array of
* MLKEM_SYMBYTES bytes.
*
* Returns 0 on success, and -1 if the public key modulus check (see Section 7.2
* of FIPS203) fails.
**************************************************/
int MLK_BUILD_INFO_NAMESPACE(enc_derand)(
uint8_t ct[MLKEM_CIPHERTEXTBYTES(MLK_BUILD_INFO_LVL)],
uint8_t ss[MLKEM_BYTES],
const uint8_t pk[MLKEM_PUBLICKEYBYTES(MLK_BUILD_INFO_LVL)],
const uint8_t coins[MLKEM_SYMBYTES]);
/*************************************************
* Name: crypto_kem_enc
*
* Description: Generates cipher text and shared
* secret for given public key
*
* Arguments: - uint8_t *ct: pointer to output cipher text, an array of
* MLKEM{512,768,1024}_CIPHERTEXTBYTES bytes.
* - uint8_t *ss: pointer to output shared secret, an array of
* MLKEM_BYTES bytes.
* - const uint8_t *pk: pointer to input public key, an array of
* MLKEM{512,768,1024}_PUBLICKEYBYTES bytes.
*
* Returns 0 on success, and -1 if the public key modulus check (see Section 7.2
* of FIPS203) fails.
**************************************************/
int MLK_BUILD_INFO_NAMESPACE(enc)(
uint8_t ct[MLKEM_CIPHERTEXTBYTES(MLK_BUILD_INFO_LVL)],
uint8_t ss[MLKEM_BYTES],
const uint8_t pk[MLKEM_PUBLICKEYBYTES(MLK_BUILD_INFO_LVL)]);
/*************************************************
* Name: crypto_kem_dec
*
* Description: Generates shared secret for given
* cipher text and private key
*
* Arguments: - uint8_t *ss: pointer to output shared secret, an array of
* MLKEM_BYTES bytes.
* - const uint8_t *ct: pointer to input cipher text, an array of
* MLKEM{512,768,1024}_CIPHERTEXTBYTES bytes.
* - const uint8_t *sk: pointer to input private key, an array of
* MLKEM{512,768,1024}_SECRETKEYBYTES bytes.
*
* Returns 0 on success, and -1 if the secret key hash check (see Section 7.3 of
* FIPS203) fails.
*
* On failure, ss will contain a pseudo-random value.
**************************************************/
int MLK_BUILD_INFO_NAMESPACE(dec)(
uint8_t ss[MLKEM_BYTES],
const uint8_t ct[MLKEM_CIPHERTEXTBYTES(MLK_BUILD_INFO_LVL)],
const uint8_t sk[MLKEM_SECRETKEYBYTES(MLK_BUILD_INFO_LVL)]);
/****************************** Standard API *********************************/
/* If desired, export API in CRYPTO_xxx and crypto_kem_xxx format as used
* e.g. by SUPERCOP and NIST.
*
* Remove this if you don't need it, or if you need multiple instances
* of this header. */
#if !defined(MLK_BUILD_INFO_NO_STANDARD_API)
#define CRYPTO_SECRETKEYBYTES MLKEM_SECRETKEYBYTES(MLK_BUILD_INFO_LVL)
#define CRYPTO_PUBLICKEYBYTES MLKEM_PUBLICKEYBYTES(MLK_BUILD_INFO_LVL)
#define CRYPTO_CIPHERTEXTBYTES MLKEM_CIPHERTEXTBYTES(MLK_BUILD_INFO_LVL)
#define CRYPTO_SYMBYTES MLKEM_SYMBYTES
#define CRYPTO_BYTES MLKEM_BYTES
#define crypto_kem_keypair_derand MLK_BUILD_INFO_NAMESPACE(keypair_derand)
#define crypto_kem_keypair MLK_BUILD_INFO_NAMESPACE(keypair)
#define crypto_kem_enc_derand MLK_BUILD_INFO_NAMESPACE(enc_derand)
#define crypto_kem_enc MLK_BUILD_INFO_NAMESPACE(enc)
#define crypto_kem_dec MLK_BUILD_INFO_NAMESPACE(dec)
#endif /* MLK_BUILD_INFO_NO_STANDARD_API */
/********************************* Cleanup ************************************/
/* Unset build information to allow multiple instances of this header.
* Keep this commented out when using the standard API. */
/* #undef MLK_BUILD_INFO_LVL */
/* #undef MLK_BUILD_INFO_NAMESPACE */
#endif /* MLK_H */