src/kem/kem.h
Key encapsulation mechanisms.
The file tests/example_kem.c
contains two examples on using the OQS_KEM API.
The first example uses the individual scheme's algorithms directly and uses no dynamic memory allocation – all buffers are allocated on the stack, with sizes indicated using preprocessor macros. Since algorithms can be disabled at compile-time, the programmer should wrap the code in #ifdefs.
The second example uses an OQS_KEM object to use an algorithm specified at runtime. Therefore it uses dynamic memory allocation – all buffers must be malloc'ed by the programmer, with sizes indicated using the corresponding length member of the OQS_KEM object in question. Since algorithms can be disabled at compile-time, the programmer should check that the OQS_KEM object is not NULL
.
SPDX-License-Identifier: MIT
Includes
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <oqs/oqs.h>
Typedefs
Key encapsulation mechanism object |
Functions
OQS_API const char * | OQS_KEM_alg_identifier(size_t i) |
OQS_API int | OQS_KEM_alg_count(void) |
OQS_API int | OQS_KEM_alg_is_enabled(const char *method_name) |
OQS_API OQS_KEM * | OQS_KEM_new(const char *method_name) |
OQS_API OQS_STATUS | OQS_KEM_keypair(const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key) |
OQS_API OQS_STATUS | OQS_KEM_encaps(const OQS_KEM *kem, uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) |
OQS_API OQS_STATUS | OQS_KEM_decaps(const OQS_KEM *kem, uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) |
OQS_API void | OQS_KEM_free(OQS_KEM *kem) |
OQS_KEM_alg_identifier
OQS_API const char * OQS_KEM_alg_identifier(size_t i)
Returns identifiers for available key encapsulation mechanisms in liboqs. Used with OQS_KEM_new.
Note that algorithm identifiers are present in this list even when the algorithm is disabled at compile time.
Parameters
size_t | i | Index of the algorithm identifier to return, 0 <= i < OQS_KEM_algs_length |
Returns
Algorithm identifier as a string, or NULL.
OQS_KEM_alg_is_enabled
OQS_API int OQS_KEM_alg_is_enabled(const char *method_name)
Indicates whether the specified algorithm was enabled at compile-time or not.
Parameters
const char * | method_name | Name of the desired algorithm; one of the names in |
Returns
1 if enabled, 0 if disabled or not found
OQS_KEM_new
OQS_API OQS_KEM * OQS_KEM_new(const char *method_name)
Constructs an OQS_KEM object for a particular algorithm.
Callers should always check whether the return value is NULL
, which indicates either than an invalid algorithm name was provided, or that the requested algorithm was disabled at compile-time.
Parameters
const char * | method_name | Name of the desired algorithm; one of the names in |
Returns
An OQS_KEM for the particular algorithm, or NULL
if the algorithm has been disabled at compile-time.
OQS_KEM_keypair
OQS_API OQS_STATUS OQS_KEM_keypair(const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key)
Keypair generation algorithm.
Caller is responsible for allocating sufficient memory for public_key
and secret_key
, based on the length_*
members in this object or the per-scheme compile-time macros OQS_KEM_*_length_*
.
Parameters
const OQS_KEM * | kem | The OQS_KEM object representing the KEM. |
uint8_t * | public_key | The public key represented as a byte string. |
uint8_t * | secret_key | The secret key represented as a byte string. |
Returns
OQS_SUCCESS or OQS_ERROR
OQS_KEM_encaps
OQS_API OQS_STATUS OQS_KEM_encaps(const OQS_KEM *kem, uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key)
Encapsulation algorithm.
Caller is responsible for allocating sufficient memory for ciphertext
and shared_secret
, based on the length_*
members in this object or the per-scheme compile-time macros OQS_KEM_*_length_*
.
Parameters
const OQS_KEM * | kem | The OQS_KEM object representing the KEM. |
uint8_t * | ciphertext | The ciphertext (encapsulation) represented as a byte string. |
uint8_t * | shared_secret | The shared secret represented as a byte string. |
const uint8_t * | public_key | The public key represented as a byte string. |
Returns
OQS_SUCCESS or OQS_ERROR
OQS_KEM_decaps
OQS_API OQS_STATUS OQS_KEM_decaps(const OQS_KEM *kem, uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key)
Decapsulation algorithm.
Caller is responsible for allocating sufficient memory for shared_secret
, based on the length_*
members in this object or the per-scheme compile-time macros OQS_KEM_*_length_*
.
Parameters
const OQS_KEM * | kem | The OQS_KEM object representing the KEM. |
uint8_t * | shared_secret | The shared secret represented as a byte string. |
const uint8_t * | ciphertext | The ciphertext (encapsulation) represented as a byte string. |
const uint8_t * | secret_key | The secret key represented as a byte string. |
Returns
OQS_SUCCESS or OQS_ERROR
Macros
Algorithm identifier for BIKE-L1 KEM (Round-4). |
Algorithm identifier for BIKE-L3 KEM (Round-4). |
Algorithm identifier for BIKE-L5 KEM (Round-4). |
Algorithm identifier for Classic-McEliece-348864 KEM. |
Algorithm identifier for Classic-McEliece-348864f KEM. |
Algorithm identifier for Classic-McEliece-460896 KEM. |
Algorithm identifier for Classic-McEliece-460896f KEM. |
Algorithm identifier for Classic-McEliece-6688128 KEM. |
Algorithm identifier for Classic-McEliece-6688128f KEM. |
Algorithm identifier for Classic-McEliece-6960119 KEM. |
Algorithm identifier for Classic-McEliece-6960119f KEM. |
Algorithm identifier for Classic-McEliece-8192128 KEM. |
Algorithm identifier for Classic-McEliece-8192128f KEM. |
Algorithm identifier for HQC-128 KEM. |
Algorithm identifier for HQC-192 KEM. |
Algorithm identifier for HQC-256 KEM. |
Algorithm identifier for Kyber512 KEM. |
Algorithm identifier for Kyber768 KEM. |
Algorithm identifier for Kyber1024 KEM. |
Algorithm identifier for ML-KEM-512 KEM. |
Algorithm identifier for ML-KEM-768 KEM. |
Algorithm identifier for ML-KEM-1024 KEM. |
Algorithm identifier for sntrup761 KEM. |
Algorithm identifier for FrodoKEM-640-AES KEM. |
Algorithm identifier for FrodoKEM-640-SHAKE KEM. |
Algorithm identifier for FrodoKEM-976-AES KEM. |
Algorithm identifier for FrodoKEM-976-SHAKE KEM. |
Algorithm identifier for FrodoKEM-1344-AES KEM. |
Algorithm identifier for FrodoKEM-1344-SHAKE KEM. |
Number of algorithm identifiers above. |