 |
ISARA Quantum Resistant Toolkit
Version 1.1
Quantum resistant cryptographic primitives and algorithms.
|
|
ISARA Quantum Resistant Toolkit
Version 1.1
Quantum resistant cryptographic primitives and algorithms.
|
Macros | |
| #define | IQR_LUKE_SECRET_SIZE 32 |
| #define | IQR_LUKE_INITIATOR_KEY_SIZE 1824 |
| #define | IQR_LUKE_RESPONDER_KEY_SIZE 2048 |
Typedefs | |
| typedef struct iqr_LUKEParams_struct | iqr_LUKEParams |
| typedef struct iqr_LUKEPrivateKey_struct | iqr_LUKEPrivateKey |
Functions | |
| IQR_API iqr_retval | iqr_LUKECreateParams (const iqr_Context *ctx, iqr_LUKEParams **params) |
| IQR_API_UNENFORCED_RETURN iqr_retval | iqr_LUKEDestroyParams (iqr_LUKEParams **params) |
| IQR_API iqr_retval | iqr_LUKECreatePrivateKey (const iqr_LUKEParams *params, iqr_LUKEPrivateKey **private_key) |
| IQR_API_UNENFORCED_RETURN iqr_retval | iqr_LUKEDestroyPrivateKey (iqr_LUKEPrivateKey **private_key) |
| IQR_API iqr_retval | iqr_LUKEGetInitiatorPublicKey (iqr_LUKEPrivateKey *private_key, const iqr_RNG *rng, uint8_t *initiator_public_key, size_t initiator_public_key_size) |
| IQR_API iqr_retval | iqr_LUKEGetInitiatorSecret (const iqr_LUKEPrivateKey *private_key, const uint8_t *responder_public_key, size_t responder_public_key_size, uint8_t *secret, size_t secret_size) |
| IQR_API iqr_retval | iqr_LUKEGetResponderPublicKeyandSecret (const iqr_LUKEParams *params, const iqr_RNG *rng, const uint8_t *initiator_public_key, size_t initiator_public_key_size, uint8_t *responder_public_key, size_t responder_public_key_size, uint8_t *secret, size_t secret_size) |
| #define IQR_LUKE_INITIATOR_KEY_SIZE 1824 |
The size of the initiator and responder public keys in bytes.
| #define IQR_LUKE_RESPONDER_KEY_SIZE 2048 |
| #define IQR_LUKE_SECRET_SIZE 32 |
The size of the shared secret provided by LUKE in bytes (256 bits).
| typedef struct iqr_LUKEParams_struct iqr_LUKEParams |
The algorithm's domain parameters.
| typedef struct iqr_LUKEPrivateKey_struct iqr_LUKEPrivateKey |
The initiator's private key.
| IQR_API iqr_retval iqr_LUKECreateParams | ( | const iqr_Context * | ctx, |
| iqr_LUKEParams ** | params | ||
| ) |
Create a LUKE Parameters object that encapsulates the domain parameters.
It's up to the user to manage domain parameters; the parameter data is not exposed in stored keys or secrets.
| [in] | ctx | A Context object. |
| [out] | params | The iqr_LUKEParams output. |
IQR_OK on success, or a value from iqr_retval.h when an error occurs. | IQR_API iqr_retval iqr_LUKECreatePrivateKey | ( | const iqr_LUKEParams * | params, |
| iqr_LUKEPrivateKey ** | private_key | ||
| ) |
Create LUKE Initiator private key to be used during shared secret generation.
iqr_LUKEGetInitiatorPublicKey. The resulting key should only be used for generating a single shared secret. That means calling iqr_LUKEDestroyPrivateKey after iqr_LUKEGetInitiatorSecret or on iqr_LUKEGetInitiatorPublicKey failure.| [in] | params | The iqr_LUKEParams to use. |
| [out] | private_key | Used to store the initiator's private data. |
IQR_OK on success, or a value from iqr_retval.h when an error occurs. | IQR_API_UNENFORCED_RETURN iqr_retval iqr_LUKEDestroyParams | ( | iqr_LUKEParams ** | params | ) |
Clear and deallocate a LUKE Parameter object.
params will be set to NULL prior to returning.
| [in,out] | params | The iqr_LUKEParams instance to destroy. |
IQR_OK on success, or a value from iqr_retval.h when an error occurs. | IQR_API_UNENFORCED_RETURN iqr_retval iqr_LUKEDestroyPrivateKey | ( | iqr_LUKEPrivateKey ** | private_key | ) |
Clear and deallocate a LUKE initiator private key.
private_key will be set to NULL prior to returning.
| [in,out] | private_key | The initiator private key to destroy. |
IQR_OK on success, or a value from iqr_retval.h when an error occurs. | IQR_API iqr_retval iqr_LUKEGetInitiatorPublicKey | ( | iqr_LUKEPrivateKey * | private_key, |
| const iqr_RNG * | rng, | ||
| uint8_t * | initiator_public_key, | ||
| size_t | initiator_public_key_size | ||
| ) |
Create the initiator public key needed for LUKE key agreement.
The initiator is responsible for starting the key agreement protocol. Although this can be the server in the client-server model it does not have to be.
The initiator generates a public key that must be sent to the responder. The responder then uses this to generate its own public key and the shared secret. The initiator receives the responder's public key which it uses to calculate the shared secret as well.
| [in,out] | private_key | The initiator's private key. |
| [in] | rng | The iqr_RNG to use. |
| [out] | initiator_public_key | The public key generated by the initiator of LUKE. Must be IQR_LUKE_INITIATOR_KEY_SIZE bytes. |
| [in] | initiator_public_key_size | Size of initiator_public_key in bytes. |
IQR_OK on success, or a value from iqr_retval.h when an error occurs. | IQR_API iqr_retval iqr_LUKEGetInitiatorSecret | ( | const iqr_LUKEPrivateKey * | private_key, |
| const uint8_t * | responder_public_key, | ||
| size_t | responder_public_key_size, | ||
| uint8_t * | secret, | ||
| size_t | secret_size | ||
| ) |
Get the initiator shared secret.
The initiator and responder shared secrets should be the same (although there's a 2-60 chance of failure), but they are calculated differently. The initiator needs the public key generated from the responder in iqr_LUKECreateResponderPublicKey() and the private key from iqr_LUKEGetInitiatorPublicKey().
| [in] | private_key | The initiator's private key. |
| [in] | responder_public_key | The public key generated by the responder of LUKE. |
| [in] | responder_public_key_size | Size in bytes of responder_public_key. Must be exactly IQR_LUKE_RESPONDER_KEY_SIZE bytes. |
| [out] | secret | The shared secret. Must be IQR_LUKE_SECRET_SIZE bytes. |
| [in] | secret_size | Size in bytes of secret. |
IQR_OK on success, or a value from iqr_retval.h when an error occurs. | IQR_API iqr_retval iqr_LUKEGetResponderPublicKeyandSecret | ( | const iqr_LUKEParams * | params, |
| const iqr_RNG * | rng, | ||
| const uint8_t * | initiator_public_key, | ||
| size_t | initiator_public_key_size, | ||
| uint8_t * | responder_public_key, | ||
| size_t | responder_public_key_size, | ||
| uint8_t * | secret, | ||
| size_t | secret_size | ||
| ) |
Get the responder public key and shared secret.
The responder and initiator shared secrets should be the same (although there's a 2-60 chance of failure), but they are calculated differently.
| [in] | params | The iqr_LUKEParams to use. |
| [in] | rng | The iqr_RNG to use. |
| [in] | initiator_public_key | The public key from the initiator of LUKE. Must be IQR_LUKE_INITIATOR_KEY_SIZE bytes. |
| [in] | initiator_public_key_size | Size in bytes of initiator_public_key. |
| [out] | responder_public_key | The public key generated by the responder of LUKE. Must be IQR_LUKE_RESPONDER_KEY_SIZE bytes. |
| [in] | responder_public_key_size | Size in bytes of responder_public_key. |
| [out] | secret | The shared secret. Must be IQR_LUKE_SECRET_SIZE bytes. |
| [in] | secret_size | Size in bytes of secret. |
IQR_OK on success, or a value from iqr_retval.h when an error occurs. ISARA's Lattice-based Unique Key Establishment.
Lattice-based Unique Key Establishment (LUKE), an optimized variant of Ring-LWE secret agreement as defined in A NewHope. This paper does not allow for specific parameter choices. The modulus (q) is chosen to be 12289, the dimension (n) to be 1024 and the binomial distribution has a standard deviation of sqrt(16/2).
1.8.12