|
typedef struct newhope_st * | newhope_t |
| Newhope algorithm instance handle. More...
|
|
This module provides Newhope algorithm implementation, which is finite state machine for secure distribution of secret between two counterparties. Distributed secret is theoretically tolerant to attacks performed by quantum computers. Entry point is newhope_initiator_prepare
General usage
Key distribution algorithms consist of sequential function calls on two sides named initiator
and responder
.
- Both sides call newhope_new
- Initiator calls newhope_initiator_prepare, gets
request
- Initiator sends
request
to responder
- Responder calls newhope_responder, gets
reply
and key
- Responder sends
reply
to initiator
- Initiator calls newhope_initiator_finalize, gets
key
- Both sides have similar cryptographically secure
key
- If no more key distribution required resources must be made free on both side by newhope_free
- Note
- In client-server applications client can represent initiator side, whereas server represents responder side, or vice versa.
In order to use any NewHope key distribution functions, add following include:
Example code is listed below:
#include <stdio.h>
#include <stdlib.h>
void print_key(const char* message, uint8_t key[32])
{
uint8_t i = 0;
printf("%s", message);
for (; i < 32; ++i) {
printf("%.2X", key[i]);
}
printf("\n");
}
int main()
{
uint8_t* request =
uint8_t server_side_key[32] = {
0,
};
uint8_t* reply =
uint8_t client_side_key[32] = {
0,
};
print_key("Server side:", server_side_key);
print_key("Client side:", client_side_key);
free(server_secret);
free(request);
free(reply);
return 0;
}
◆ newhope_t
Newhope algorithm instance handle.
- Note
- It could be casted to pqlr_t instance linked to this handle
- See also
- newhope_to_pqlr
◆ newhope_parameterset_t
Possible newhope parameters sets.
Enumerator |
---|
newhope_1024 | 1024 bytes secret length
|
newhope_last | |
◆ newhope_duplicate()
Duplicates context of newhope instance.
- Parameters
-
newhope | instance to duplicate |
- Returns
- new instance with a duplicated context
◆ newhope_free()
◆ newhope_get_encoded_reply_length()
Obtains encoded reply length for current newhope instance.
- Parameters
-
newhope | initialized newhope instance |
- See also
- newhope_t
-
newhope_new
- Returns
- encoded reply length
◆ newhope_get_encoded_request_length()
Obtains encoded request length for current newhope instance.
- Parameters
-
newhope | initialized newhope instance |
- See also
- newhope_t
-
newhope_new
- Returns
- encoded request length
◆ newhope_get_initiator_secret_length()
Obtains initiator's secret length for current newhope instance.
- Parameters
-
newhope | initialized newhope instance |
- See also
- newhope_t
-
newhope_new
- Returns
- initiator's secret length
◆ newhope_get_keybytes_num()
Obtains number of symmetric secret key bytes for current newhope instance.
- Parameters
-
newhope | initialized newhope instance |
- See also
- newhope_t
-
newhope_new
- Returns
- number of symmetric secret key bytes
◆ newhope_initiator_finalize()
Last step of key distribution. Generates symmetric secret key on initiator side.
- Note
- Called on initiator side
- Parameters
-
| newhope | Newhope algorithm context. If NULL , the fatal error occurs. |
| secret | Initiator secret buffer obtained on initial step. If NULL , the fatal error occurs. |
| encoded_reply | Encoded message from client obtained on second step. If NULL , the fatal error occurs. |
[out] | key | Distributed key, equal to key to be obtained on client side. If NULL , the fatal error occurs. |
- Note
- key should be used for data encryption.
- See also
- newhope_new
-
newhope_initiator_prepare
-
newhope_responder
◆ newhope_initiator_prepare()
Initial step of key distribution. Generates private secret for key distribution initiator.
- Note
- Called on initiator side.
- Parameters
-
| newhope | Newhope algorithm context. If NULL , the fatal error occurs. |
[out] | secret | Initiator secret buffer. Must point to array of newhope_poly_t with elements count at least newhope_get_initiator_secret_length . If NULL , the fatal error occurs. |
[out] | encoded_request | Encoded message to client. Must point to array of uint8_t with elements count at least newhope_get_encoded_request_length . If NULL , the fatal error occurs. |
- Warning
- secret should be kept in secret.
- See also
- newhope_get_encoded_request_length
-
newhope_get_initiator_secret_length
-
newhope_new
-
newhope_responder
◆ newhope_new()
◆ newhope_responder()
PQLR_API void newhope_responder |
( |
const newhope_t |
newhope, |
|
|
const uint8_t * |
encoded_request, |
|
|
uint8_t * |
encoded_reply, |
|
|
uint8_t * |
key |
|
) |
| |
Second step of key distribution. Generates symmetric secret key on responder side (opposite from initiator).
- Note
- Called on responder side.
- Parameters
-
| newhope | Newhope algorithm context. If NULL , the fatal error occurs. |
| encoded_request | Encoded request from initiator. |
[out] | encoded_reply | Encoded reply to initiator, must point to array of uint8_t , with elements count at least newhope_get_encoded_reply_length . If NULL , the fatal error occurs. |
[out] | key | Distributed key, equal to key to be obtained on initiator side. If NULL , the fatal error occurs. |
- Note
- key should be used for data encryption.
- See also
- newhope_get_encoded_reply_length
-
newhope_get_encoded_request_length
-
newhope_initiator_finalize
-
newhope_initiator_prepare
-
newhope_new
◆ newhope_to_pqlr()
Casts newhope instance to pqlr instance.
- Parameters
-
newhope | initialized newhope instance |
- Note
- this pqlr instance will be released by newhope_free
- See also
- newhope_t
-
pqlr_t
-
newhope_free
- Returns
- operable pqlr instance or
NULL
if newhope is NULL