Botan 3.6.1
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::Dilithium_Symmetric_Primitives_Base Class Referenceabstract

#include <dilithium_symmetric_primitives.h>

Inheritance diagram for Botan::Dilithium_Symmetric_Primitives_Base:
Botan::Dilithium_Round3_Symmetric_Primitives Botan::ML_DSA_Symmetric_Primitives Botan::Dilithium_AES_Symmetric_Primitives Botan::Dilithium_Symmetric_Primitives

Public Member Functions

 Dilithium_Symmetric_Primitives_Base (const Dilithium_Symmetric_Primitives_Base &)=delete
 
 Dilithium_Symmetric_Primitives_Base (Dilithium_Symmetric_Primitives_Base &&)=delete
 
virtual std::unique_ptr< DilithiumMessageHashget_message_hash (DilithiumHashedPublicKey tr) const
 
SHAKE_256_XOFH (StrongSpan< const DilithiumCommitmentHash > seed) const
 
DilithiumCommitmentHash H (StrongSpan< const DilithiumMessageRepresentative > mu, StrongSpan< const DilithiumSerializedCommitment > w1) const
 
std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedKH (StrongSpan< const DilithiumSeedRandomness > seed) const
 
Botan::XOFH (StrongSpan< const DilithiumSeedRho > seed, uint16_t nonce) const
 
Botan::XOFH (StrongSpan< const DilithiumSeedRhoPrime > seed, uint16_t nonce) const
 
DilithiumHashedPublicKey H (StrongSpan< const DilithiumSerializedPublicKey > pk) const
 
virtual DilithiumSeedRhoPrime H_maybe_randomized (StrongSpan< const DilithiumSigningSeedK > k, StrongSpan< const DilithiumMessageRepresentative > mu, std::optional< std::reference_wrapper< RandomNumberGenerator > > rng) const =0
 
Dilithium_Symmetric_Primitives_Baseoperator= (const Dilithium_Symmetric_Primitives_Base &)=delete
 
Dilithium_Symmetric_Primitives_Baseoperator= (Dilithium_Symmetric_Primitives_Base &&)=delete
 
virtual ~Dilithium_Symmetric_Primitives_Base ()=default
 

Static Public Member Functions

static std::unique_ptr< Dilithium_Symmetric_Primitives_Basecreate (const DilithiumConstants &mode)
 

Protected Member Functions

 Dilithium_Symmetric_Primitives_Base (const DilithiumConstants &mode, std::unique_ptr< DilithiumXOF > xof_adapter)
 
template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>
OutT H_256 (size_t outbytes, InTs &&... ins) const
 
virtual std::optional< std::array< uint8_t, 2 > > seed_expansion_domain_separator () const =0
 
virtual StrongSpan< const DilithiumCommitmentHashtruncate_commitment_hash (StrongSpan< const DilithiumCommitmentHash > seed) const =0
 

Detailed Description

Adapter class that uses polymorphy to distinguish Dilithium "common" from Dilithium "AES" modes.

Definition at line 101 of file dilithium_symmetric_primitives.h.

Constructor & Destructor Documentation

◆ Dilithium_Symmetric_Primitives_Base() [1/3]

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base ( const DilithiumConstants & mode,
std::unique_ptr< DilithiumXOF > xof_adapter )
inlineprotected

Definition at line 103 of file dilithium_symmetric_primitives.h.

103 :
104 m_commitment_hash_length_bytes(mode.commitment_hash_full_bytes()),
105 m_public_key_hash_bytes(mode.public_key_hash_bytes()),
106 m_mode(mode.mode()),
107 m_xof_adapter(std::move(xof_adapter)) {}

◆ ~Dilithium_Symmetric_Primitives_Base()

virtual Botan::Dilithium_Symmetric_Primitives_Base::~Dilithium_Symmetric_Primitives_Base ( )
virtualdefault

◆ Dilithium_Symmetric_Primitives_Base() [2/3]

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base ( const Dilithium_Symmetric_Primitives_Base & )
delete

◆ Dilithium_Symmetric_Primitives_Base() [3/3]

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base ( Dilithium_Symmetric_Primitives_Base && )
delete

Member Function Documentation

◆ create()

std::unique_ptr< Dilithium_Symmetric_Primitives_Base > Botan::Dilithium_Symmetric_Primitives_Base::create ( const DilithiumConstants & mode)
static

Definition at line 28 of file dilithium_symmetric_primitives.cpp.

29 {
30#if defined(BOTAN_HAS_DILITHIUM)
31 if(mode.is_modern() && !mode.is_ml_dsa()) {
32 return std::make_unique<Dilithium_Symmetric_Primitives>(mode);
33 }
34#endif
35
36#if defined(BOTAN_HAS_DILITHIUM_AES)
37 if(mode.is_aes()) {
38 return std::make_unique<Dilithium_AES_Symmetric_Primitives>(mode);
39 }
40#endif
41
42#if defined(BOTAN_HAS_ML_DSA)
43 if(mode.is_ml_dsa()) {
44 return std::make_unique<ML_DSA_Symmetric_Primitives>(mode);
45 }
46#endif
47
48 throw Not_Implemented("requested ML-DSA/Dilithium mode is not implemented in this build");
49}

References Botan::DilithiumConstants::is_aes(), Botan::DilithiumConstants::is_ml_dsa(), and Botan::DilithiumConstants::is_modern().

Referenced by Botan::DilithiumConstants::DilithiumConstants().

◆ get_message_hash()

virtual std::unique_ptr< DilithiumMessageHash > Botan::Dilithium_Symmetric_Primitives_Base::get_message_hash ( DilithiumHashedPublicKey tr) const
inlinevirtual

Reimplemented in Botan::ML_DSA_Symmetric_Primitives.

Definition at line 118 of file dilithium_symmetric_primitives.h.

118 {
119 return std::make_unique<DilithiumMessageHash>(std::move(tr));
120 }

◆ H() [1/6]

SHAKE_256_XOF & Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumCommitmentHash > seed) const
inline

Definition at line 156 of file dilithium_symmetric_primitives.h.

156 {
157 m_xof_external.clear();
158 m_xof_external.update(truncate_commitment_hash(seed));
159 return m_xof_external;
160 }
Botan::Dilithium_Symmetric_Primitives_Base::truncate_commitment_hash
virtual StrongSpan< const DilithiumCommitmentHash > truncate_commitment_hash(StrongSpan< const DilithiumCommitmentHash > seed) const =0
Botan::XOF::clear
void clear()
Definition xof.h:66
Botan::XOF::update
void update(std::span< const uint8_t > input)
Definition xof.h:142

References Botan::XOF::clear(), truncate_commitment_hash(), and Botan::XOF::update().

◆ H() [2/6]

DilithiumCommitmentHash Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumMessageRepresentative > mu,
StrongSpan< const DilithiumSerializedCommitment > w1 ) const
inline

Definition at line 151 of file dilithium_symmetric_primitives.h.

152 {
153 return H_256<DilithiumCommitmentHash>(m_commitment_hash_length_bytes, mu, w1);
154 }
Botan::Dilithium_Symmetric_Primitives_Base::H_256
OutT H_256(size_t outbytes, InTs &&... ins) const
Definition dilithium_symmetric_primitives.h:191

References H_256().

◆ H() [3/6]

std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedK > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRandomness > seed) const
inline

Definition at line 133 of file dilithium_symmetric_primitives.h.

134 {
135 m_xof.update(seed);
136 if(auto domsep = seed_expansion_domain_separator()) {
137 m_xof.update(domsep.value());
138 }
139
140 // Note: The order of invocations in an initializer list is not
141 // guaranteed by the C++ standard. Hence, we have to store the
142 // results in variables to ensure the correct order of execution.
143 auto rho = m_xof.output<DilithiumSeedRho>(DilithiumConstants::SEED_RHO_BYTES);
144 auto rhoprime = m_xof.output<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES);
145 auto k = m_xof.output<DilithiumSigningSeedK>(DilithiumConstants::SEED_SIGNING_KEY_BYTES);
146 m_xof.clear();
147
148 return {std::move(rho), std::move(rhoprime), std::move(k)};
149 }
Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES
static constexpr size_t SEED_SIGNING_KEY_BYTES
Definition dilithium_constants.h:56
Botan::DilithiumConstants::SEED_RHOPRIME_BYTES
static constexpr size_t SEED_RHOPRIME_BYTES
Definition dilithium_constants.h:54
Botan::DilithiumConstants::SEED_RHO_BYTES
static constexpr size_t SEED_RHO_BYTES
Definition dilithium_constants.h:53
Botan::Dilithium_Symmetric_Primitives_Base::seed_expansion_domain_separator
virtual std::optional< std::array< uint8_t, 2 > > seed_expansion_domain_separator() const =0
Botan::XOF::output
T output(size_t bytes)
Definition xof.h:155
Botan::DilithiumSeedRhoPrime
Strong< secure_vector< uint8_t >, struct DilithiumSeedRhoPrime_ > DilithiumSeedRhoPrime
Private seed to sample the polynomial vectors s1 and s2 from.
Definition dilithium_types.h:36
Botan::rho
constexpr T rho(T x)
Definition rotate.h:51
Botan::DilithiumSigningSeedK
Strong< secure_vector< uint8_t >, struct DilithiumSeedK_ > DilithiumSigningSeedK
Private seed K used during signing.
Definition dilithium_types.h:42
Botan::DilithiumSeedRho
Strong< std::vector< uint8_t >, struct DilithiumPublicSeed_ > DilithiumSeedRho
Public seed to sample the polynomial matrix A from.
Definition dilithium_types.h:33

References Botan::XOF::clear(), Botan::XOF::output(), Botan::rho(), seed_expansion_domain_separator(), Botan::DilithiumConstants::SEED_RHO_BYTES, Botan::DilithiumConstants::SEED_RHOPRIME_BYTES, Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES, and Botan::XOF::update().

◆ H() [4/6]

Botan::XOF & Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRho > seed,
uint16_t nonce ) const
inline

Definition at line 164 of file dilithium_symmetric_primitives.h.

164 {
165 return m_xof_adapter->XOF128(seed, nonce);
166 }

◆ H() [5/6]

Botan::XOF & Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRhoPrime > seed,
uint16_t nonce ) const
inline

Definition at line 170 of file dilithium_symmetric_primitives.h.

170 {
171 return m_xof_adapter->XOF256(seed, nonce);
172 }

◆ H() [6/6]

DilithiumHashedPublicKey Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSerializedPublicKey > pk) const
inline

Definition at line 129 of file dilithium_symmetric_primitives.h.

129 {
130 return H_256<DilithiumHashedPublicKey>(m_public_key_hash_bytes, pk);
131 }

References H_256().

Referenced by Botan::Dilithium_Algos::expand_mask(), and Botan::Dilithium_Algos::sample_in_ball().

◆ H_256()

template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>
OutT Botan::Dilithium_Symmetric_Primitives_Base::H_256 ( size_t outbytes,
InTs &&... ins ) const
inlineprotected

Definition at line 191 of file dilithium_symmetric_primitives.h.

191 {
192 scoped_cleanup clean([this]() { m_xof.clear(); });
193 (m_xof.update(ins), ...);
194 return m_xof.output<OutT>(outbytes);
195 }

References Botan::XOF::clear(), Botan::XOF::output(), and Botan::XOF::update().

Referenced by H(), and H().

◆ H_maybe_randomized()

virtual DilithiumSeedRhoPrime Botan::Dilithium_Symmetric_Primitives_Base::H_maybe_randomized ( StrongSpan< const DilithiumSigningSeedK > k,
StrongSpan< const DilithiumMessageRepresentative > mu,
std::optional< std::reference_wrapper< RandomNumberGenerator > > rng ) const
pure virtual

Computes the private random seed rho prime used for signing if a rng is given, the seed is randomized

Implemented in Botan::Dilithium_Round3_Symmetric_Primitives, and Botan::ML_DSA_Symmetric_Primitives.

◆ operator=() [1/2]

Dilithium_Symmetric_Primitives_Base & Botan::Dilithium_Symmetric_Primitives_Base::operator= ( const Dilithium_Symmetric_Primitives_Base & )
delete

◆ operator=() [2/2]

Dilithium_Symmetric_Primitives_Base & Botan::Dilithium_Symmetric_Primitives_Base::operator= ( Dilithium_Symmetric_Primitives_Base && )
delete

◆ seed_expansion_domain_separator()

virtual std::optional< std::array< uint8_t, 2 > > Botan::Dilithium_Symmetric_Primitives_Base::seed_expansion_domain_separator ( ) const
protectedpure virtual

Creates the domain separator for the initial seed expansion. The return value may be std::nullopt meaning that no domain separation is required (for Dilithium).

Implemented in Botan::Dilithium_Round3_Symmetric_Primitives, and Botan::ML_DSA_Symmetric_Primitives.

Referenced by H().

◆ truncate_commitment_hash()

virtual StrongSpan< const DilithiumCommitmentHash > Botan::Dilithium_Symmetric_Primitives_Base::truncate_commitment_hash ( StrongSpan< const DilithiumCommitmentHash > seed) const
protectedpure virtual

Implemented by the derived classes to truncate the commitment hash to the correct length. This is a customization point to enable support for the final ML-DSA standard.

Implemented in Botan::Dilithium_Round3_Symmetric_Primitives, and Botan::ML_DSA_Symmetric_Primitives.

Referenced by H().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0