|
typedef struct saber_st * | saber_t |
| Saber algorithm instance handle. More...
|
|
This module provides SABER algorithm implementation, which is finite state machine for secure distribution of secret between two counterparties. The distributed secret is theoretically tolerant to attacks performed by quantum computers. Entry point is saber_keygen
General usage
Key distribution algorithms consist of sequential function calls on two sides named initiator
and responder
.
- Both sides call saber_new, algorithm context is initialized with chosen parameterset
- Initiator calls saber_keygen, initiator's public and secret keys are generated
- Initiator sends public key to responder
- Responder calls saber_key_encap, gets encoded
request
, key
- Responder sends
request
to initiator
- Initiator calls saber_key_decap, gets
key
- Both sides have similar cryptographically secure
key
- If no more key distribution required resources must be made free on both side by newhope_free
- Note
- In client-server applications client can represent initiator side, whereas server represents responder side, or vice versa.
In order to use any SABER key distribution functions, add the following include:
Example code is listed below:
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
void print_key(const char* message, uint8_t* key, uint32_t key_size)
{
uint8_t i = 0;
printf("%s", message);
for (; i < key_size; ++i) {
printf("%.2X", key[i]);
}
printf("\n");
}
int main(int argc, char* argv[])
{
uint8_t* public_key =
uint8_t* secret_key =
uint8_t* server_side_key = (uint8_t*)calloc(
uint8_t* client_side_key = (uint8_t*)calloc(
print_key(
"Server side: ", server_side_key,
print_key(
"Client side: ", client_side_key,
free(public_key);
free(secret_key);
free(server_side_key);
free(client_side_key);
free(ciphertext);
return 0;
}
◆ saber_t
Saber algorithm instance handle.
- Note
- It could be casted to pqlr_t instance linked to this handle
- See also
- saber_to_pqlr
◆ saber_parameterset_t
Possible saber parameters sets.
Enumerator |
---|
saber_classic | |
saber_lightsaber | |
saber_firesaber | |
saber_last | |
◆ saber_duplicate()
duplicates context of saber algorithm
- Parameters
-
[in] | saber | instance to duplicate |
- See also
- saber_t
- Returns
- new instance with duplicated context
◆ saber_free()
Frees saber instance and all corresponding resources.
- Parameters
-
[in] | saber | instance to free |
- See also
- saber_t
-
saber_new
◆ saber_get_ciphertext_length()
Obtains ciphertext (request) length for the current saber instance.
- Parameters
-
[in] | saber | initialized saber instance |
- See also
- saber_t
-
saber_new
- Returns
- ciphertext length
◆ saber_get_initiator_public_length()
Obtains initiator's public key length for the current saber instance.
- Parameters
-
[in] | saber | initialized saber instance |
- See also
- saber_t
-
saber_new
- Returns
- initiator's public key length
◆ saber_get_initiator_secret_length()
Obtains initiator's secret key length for the current saber instance.
- Parameters
-
[in] | saber | initialized saber instance |
- See also
- saber_t
-
saber_new
- Returns
- initiator's secret key length
◆ saber_get_shared_secret_length()
Obtains shared secret (key) length for the current saber instance.
- Parameters
-
[in] | saber | initialized saber instance |
- See also
- saber_t
-
saber_new
- Returns
- shared secret length
◆ saber_key_decap()
PQLR_API void saber_key_decap |
( |
const saber_t |
saber, |
|
|
const uint8_t * |
secret_key, |
|
|
const uint8_t * |
ciphertext, |
|
|
uint8_t * |
session_key |
|
) |
| |
Last step of key distribution. Decapsulates key on the initiator side.
- Parameters
-
[in] | saber | Saber algorithm context. If NULL , the fatal error occurs. |
[in] | secret_key | Secret key buffer ( saber_keygen ). Must point to array of uint8_t with elements count at least saber_get_initiator_secret_length . If NULL , the fatal error occurs. |
[in] | ciphertext | Encoded request from the responder. Must point to array of uint8_t , with elements count at least saber_get_ciphertext_length . If NULL , the fatal error occurs. |
[out] | session_key | Distributed key, equal to the key to be obtained on the responder side. Must point to array of uint8_t , with elements count at least saber_get_shared_secret_length . If NULL , the fatal error occurs. |
- See also
- saber_new
-
saber_keygen
-
saber_key_encap
◆ saber_key_encap()
PQLR_API void saber_key_encap |
( |
const saber_t |
saber, |
|
|
const uint8_t * |
public_key, |
|
|
uint8_t * |
ciphertext, |
|
|
uint8_t * |
session_key |
|
) |
| |
Second step of key distribution. Encapsulates key on the responder side.
- Parameters
-
[in] | saber | Saber algorithm context. If NULL , the fatal error occurs. |
[in] | public_key | Public key buffer ( saber_keygen ). Must point to array of uint8_t with elements count at least saber_get_initiator_public_length . If NULL , the fatal error occurs. |
[out] | ciphertext | Encoded request from the responder. Must point to array of uint8_t , with elements count at least saber_get_ciphertext_length . If NULL , the fatal error occurs. |
[out] | session_key | Distributed key, equal to the key to be obtained on the initiator side. Must point to array of uint8_t , with elements count at least saber_get_shared_secret_length . If NULL , the fatal error occurs. |
- See also
- saber_new
-
saber_keygen
-
saber_get_initiator_public_length
-
saber_get_ciphertext_length
-
saber_get_shared_secret_length
-
saber_t
◆ saber_keygen()
PQLR_API void saber_keygen |
( |
const saber_t |
saber, |
|
|
uint8_t * |
public_key, |
|
|
uint8_t * |
secret_key |
|
) |
| |
Initial step of key distribution. Generates a key pair for key distribution initiator.
- Note
- Called on initiator side.
- Parameters
-
[in] | saber | Saber algorithm context. If NULL , the fatal error occurs. |
[out] | public_key | Public key buffer. Must point to array of uint8_t with elements count at least saber_get_initiator_public_length . If NULL , the fatal error occurs. |
[out] | secret_key | Secret key buffer. Must point to array of uint8_t with elements count at least saber_get_initiator_secret_length . If NULL , the fatal error occurs. |
- See also
- saber_new
-
saber_get_initiator_public_length
-
saber_get_initiator_secret_length
-
saber_t
◆ saber_new()
Creates saber instance initialized by parameterset.
- Note
- Called on both sides.
- Parameters
-
[in] | parameterset | Saber configuration parameters set (see saber_parameterset_t for availible options). |
- See also
- saber_parameterset_t
-
saber_t
-
saber_free
- Returns
- new saber instance or
NULL
if out of memory
◆ saber_to_pqlr()
Casts saber instance to pqlr instance.
- Parameters
-
[in] | saber | initialized saber instance |
- Note
- this pqlr instance will be released by saber_free
- See also
- saber_t
-
pqlr_t
-
saber_free
- Returns
- operable pqlr instance or
NULL
if saber is NULL