Botan 3.11.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::Dilithium_Symmetric_Primitives_Base Class Referenceabstract

#include <dilithium_symmetric_primitives.h>

Inheritance diagram for Botan::Dilithium_Symmetric_Primitives_Base:
Botan::Dilithium_Round3_Symmetric_Primitives Botan::ML_DSA_Symmetric_Primitives Botan::Dilithium_AES_Symmetric_Primitives Botan::Dilithium_Symmetric_Primitives

Public Member Functions

 Dilithium_Symmetric_Primitives_Base (const Dilithium_Symmetric_Primitives_Base &)=delete
 Dilithium_Symmetric_Primitives_Base (Dilithium_Symmetric_Primitives_Base &&)=delete
virtual std::unique_ptr< DilithiumMessageHashget_message_hash (DilithiumHashedPublicKey tr) const
std::unique_ptr< XOFH (StrongSpan< const DilithiumCommitmentHash > seed) const
DilithiumCommitmentHash H (StrongSpan< const DilithiumMessageRepresentative > mu, StrongSpan< const DilithiumSerializedCommitment > w1) const
std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedKH (StrongSpan< const DilithiumSeedRandomness > seed) const
std::unique_ptr< XOFH (StrongSpan< const DilithiumSeedRho > seed, uint16_t nonce) const
std::unique_ptr< XOFH (StrongSpan< const DilithiumSeedRhoPrime > seed, uint16_t nonce) const
DilithiumHashedPublicKey H (StrongSpan< const DilithiumSerializedPublicKey > pk) const
virtual DilithiumSeedRhoPrime H_maybe_randomized (StrongSpan< const DilithiumSigningSeedK > k, StrongSpan< const DilithiumMessageRepresentative > mu, std::optional< std::reference_wrapper< RandomNumberGenerator > > rng) const =0
Dilithium_Symmetric_Primitives_Baseoperator= (const Dilithium_Symmetric_Primitives_Base &)=delete
Dilithium_Symmetric_Primitives_Baseoperator= (Dilithium_Symmetric_Primitives_Base &&)=delete
virtual ~Dilithium_Symmetric_Primitives_Base ()=default

Static Public Member Functions

static std::unique_ptr< Dilithium_Symmetric_Primitives_Basecreate (const DilithiumConstants &mode)

Protected Member Functions

 Dilithium_Symmetric_Primitives_Base (const DilithiumConstants &mode, std::unique_ptr< DilithiumXOF > xof_adapter)
template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>
OutT H_256 (size_t outbytes, const InTs &... ins) const
virtual std::optional< std::array< uint8_t, 2 > > seed_expansion_domain_separator () const =0
virtual StrongSpan< const DilithiumCommitmentHashtruncate_commitment_hash (StrongSpan< const DilithiumCommitmentHash > seed) const =0

Detailed Description

Adapter class that uses polymorphy to distinguish Dilithium "common" from Dilithium "AES" modes.

Definition at line 96 of file dilithium_symmetric_primitives.h.

Constructor & Destructor Documentation

◆ Dilithium_Symmetric_Primitives_Base() [1/3]

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base ( const DilithiumConstants & mode,
std::unique_ptr< DilithiumXOF > xof_adapter )
protected

Definition at line 39 of file dilithium_symmetric_primitives.cpp.

40 :
41 m_commitment_hash_length_bytes(mode.commitment_hash_full_bytes()),
42 m_public_key_hash_bytes(mode.public_key_hash_bytes()),
43 m_mode(mode.mode()),
44 m_xof_adapter(std::move(xof_adapter)) {}

Referenced by Dilithium_Symmetric_Primitives_Base(), Dilithium_Symmetric_Primitives_Base(), Botan::ML_DSA_Symmetric_Primitives::ML_DSA_Symmetric_Primitives(), operator=(), and operator=().

◆ ~Dilithium_Symmetric_Primitives_Base()

virtual Botan::Dilithium_Symmetric_Primitives_Base::~Dilithium_Symmetric_Primitives_Base ( )
virtualdefault

◆ Dilithium_Symmetric_Primitives_Base() [2/3]

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base ( const Dilithium_Symmetric_Primitives_Base & )
delete

References Dilithium_Symmetric_Primitives_Base().

◆ Dilithium_Symmetric_Primitives_Base() [3/3]

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base ( Dilithium_Symmetric_Primitives_Base && )
delete

References Dilithium_Symmetric_Primitives_Base().

Member Function Documentation

◆ create()

std::unique_ptr< Dilithium_Symmetric_Primitives_Base > Botan::Dilithium_Symmetric_Primitives_Base::create ( const DilithiumConstants & mode)
static

Definition at line 46 of file dilithium_symmetric_primitives.cpp.

47 {
48#if defined(BOTAN_HAS_DILITHIUM)
49 if(mode.is_modern() && !mode.is_ml_dsa()) {
50 return std::make_unique<Dilithium_Symmetric_Primitives>(mode);
51 }
52#endif
53
54#if defined(BOTAN_HAS_DILITHIUM_AES)
55 if(mode.is_aes()) {
56 return std::make_unique<Dilithium_AES_Symmetric_Primitives>(mode);
57 }
58#endif
59
60#if defined(BOTAN_HAS_ML_DSA)
61 if(mode.is_ml_dsa()) {
62 return std::make_unique<ML_DSA_Symmetric_Primitives>(mode);
63 }
64#endif
65
66 throw Not_Implemented("requested ML-DSA/Dilithium mode is not implemented in this build");
67}

References Botan::DilithiumConstants::is_aes(), Botan::DilithiumConstants::is_ml_dsa(), and Botan::DilithiumConstants::is_modern().

Referenced by Botan::DilithiumConstants::DilithiumConstants().

◆ get_message_hash()

virtual std::unique_ptr< DilithiumMessageHash > Botan::Dilithium_Symmetric_Primitives_Base::get_message_hash ( DilithiumHashedPublicKey tr) const
inlinevirtual

Reimplemented in Botan::ML_DSA_Symmetric_Primitives.

Definition at line 109 of file dilithium_symmetric_primitives.h.

109 {
110 return std::make_unique<DilithiumMessageHash>(std::move(tr));
111 }

◆ H() [1/6]

std::unique_ptr< XOF > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumCommitmentHash > seed) const
inline

Definition at line 147 of file dilithium_symmetric_primitives.h.

147 {
148 auto xof = XOF::create_or_throw("SHAKE-256");
149 xof->update(truncate_commitment_hash(seed));
150 return xof;
151 }
Botan::Dilithium_Symmetric_Primitives_Base::truncate_commitment_hash
virtual StrongSpan< const DilithiumCommitmentHash > truncate_commitment_hash(StrongSpan< const DilithiumCommitmentHash > seed) const =0
Botan::XOF::create_or_throw
static std::unique_ptr< XOF > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition xof.cpp:54

References Botan::XOF::create_or_throw(), and truncate_commitment_hash().

◆ H() [2/6]

DilithiumCommitmentHash Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumMessageRepresentative > mu,
StrongSpan< const DilithiumSerializedCommitment > w1 ) const
inline

Definition at line 142 of file dilithium_symmetric_primitives.h.

143 {
144 return H_256<DilithiumCommitmentHash>(m_commitment_hash_length_bytes, mu, w1);
145 }
Botan::Dilithium_Symmetric_Primitives_Base::H_256
OutT H_256(size_t outbytes, const InTs &... ins) const
Definition dilithium_symmetric_primitives.h:178

References H_256().

◆ H() [3/6]

std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedK > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRandomness > seed) const
inline

Definition at line 124 of file dilithium_symmetric_primitives.h.

125 {
126 auto xof = XOF::create_or_throw("SHAKE-256");
127 xof->update(seed);
128 if(auto domsep = seed_expansion_domain_separator()) {
129 xof->update(domsep.value());
130 }
131
132 // Note: The order of invocations in an initializer list is not
133 // guaranteed by the C++ standard. Hence, we have to store the
134 // results in variables to ensure the correct order of execution.
135 auto rho = xof->output<DilithiumSeedRho>(DilithiumConstants::SEED_RHO_BYTES);
136 auto rhoprime = xof->output<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES);
137 auto k = xof->output<DilithiumSigningSeedK>(DilithiumConstants::SEED_SIGNING_KEY_BYTES);
138
139 return {std::move(rho), std::move(rhoprime), std::move(k)};
140 }
Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES
static constexpr size_t SEED_SIGNING_KEY_BYTES
Definition dilithium_constants.h:56
Botan::DilithiumConstants::SEED_RHOPRIME_BYTES
static constexpr size_t SEED_RHOPRIME_BYTES
Definition dilithium_constants.h:54
Botan::DilithiumConstants::SEED_RHO_BYTES
static constexpr size_t SEED_RHO_BYTES
Definition dilithium_constants.h:53
Botan::Dilithium_Symmetric_Primitives_Base::seed_expansion_domain_separator
virtual std::optional< std::array< uint8_t, 2 > > seed_expansion_domain_separator() const =0
Botan::DilithiumSeedRhoPrime
Strong< secure_vector< uint8_t >, struct DilithiumSeedRhoPrime_ > DilithiumSeedRhoPrime
Private seed to sample the polynomial vectors s1 and s2 from.
Definition dilithium_types.h:36
Botan::DilithiumSigningSeedK
Strong< secure_vector< uint8_t >, struct DilithiumSeedK_ > DilithiumSigningSeedK
Private seed K used during signing.
Definition dilithium_types.h:42
Botan::DilithiumSeedRho
Strong< std::vector< uint8_t >, struct DilithiumPublicSeed_ > DilithiumSeedRho
Public seed to sample the polynomial matrix A from.
Definition dilithium_types.h:33
Botan::rho
BOTAN_FORCE_INLINE constexpr T rho(T x)
Definition rotate.h:53

References Botan::XOF::create_or_throw(), Botan::rho(), seed_expansion_domain_separator(), Botan::DilithiumConstants::SEED_RHO_BYTES, Botan::DilithiumConstants::SEED_RHOPRIME_BYTES, and Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES.

◆ H() [4/6]

std::unique_ptr< XOF > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRho > seed,
uint16_t nonce ) const
inline

Definition at line 153 of file dilithium_symmetric_primitives.h.

153 {
154 return m_xof_adapter->XOF128(seed, nonce);
155 }

◆ H() [5/6]

std::unique_ptr< XOF > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRhoPrime > seed,
uint16_t nonce ) const
inline

Definition at line 157 of file dilithium_symmetric_primitives.h.

157 {
158 return m_xof_adapter->XOF256(seed, nonce);
159 }

◆ H() [6/6]

DilithiumHashedPublicKey Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSerializedPublicKey > pk) const
inline

Definition at line 120 of file dilithium_symmetric_primitives.h.

120 {
121 return H_256<DilithiumHashedPublicKey>(m_public_key_hash_bytes, pk);
122 }

References H_256().

Referenced by Botan::Dilithium_Algos::expand_mask(), and Botan::Dilithium_Algos::sample_in_ball().

◆ H_256()

template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>
OutT Botan::Dilithium_Symmetric_Primitives_Base::H_256 ( size_t outbytes,
const InTs &... ins ) const
inlineprotected

Definition at line 178 of file dilithium_symmetric_primitives.h.

178 {
179 auto xof = XOF::create_or_throw("SHAKE-256");
180 (xof->update(ins), ...);
181 return xof->output<OutT>(outbytes);
182 }

References Botan::XOF::create_or_throw().

Referenced by H(), and H().

◆ H_maybe_randomized()

virtual DilithiumSeedRhoPrime Botan::Dilithium_Symmetric_Primitives_Base::H_maybe_randomized ( StrongSpan< const DilithiumSigningSeedK > k,
StrongSpan< const DilithiumMessageRepresentative > mu,
std::optional< std::reference_wrapper< RandomNumberGenerator > > rng ) const
pure virtual

Computes the private random seed rho prime used for signing if a rng is given, the seed is randomized

Implemented in Botan::Dilithium_Round3_Symmetric_Primitives, and Botan::ML_DSA_Symmetric_Primitives.

◆ operator=() [1/2]

Dilithium_Symmetric_Primitives_Base & Botan::Dilithium_Symmetric_Primitives_Base::operator= ( const Dilithium_Symmetric_Primitives_Base & )
delete

References Dilithium_Symmetric_Primitives_Base().

◆ operator=() [2/2]

Dilithium_Symmetric_Primitives_Base & Botan::Dilithium_Symmetric_Primitives_Base::operator= ( Dilithium_Symmetric_Primitives_Base && )
delete

References Dilithium_Symmetric_Primitives_Base().

◆ seed_expansion_domain_separator()

virtual std::optional< std::array< uint8_t, 2 > > Botan::Dilithium_Symmetric_Primitives_Base::seed_expansion_domain_separator ( ) const
protectedpure virtual

Creates the domain separator for the initial seed expansion. The return value may be std::nullopt meaning that no domain separation is required (for Dilithium).

Implemented in Botan::Dilithium_Round3_Symmetric_Primitives, and Botan::ML_DSA_Symmetric_Primitives.

Referenced by H().

◆ truncate_commitment_hash()

virtual StrongSpan< const DilithiumCommitmentHash > Botan::Dilithium_Symmetric_Primitives_Base::truncate_commitment_hash ( StrongSpan< const DilithiumCommitmentHash > seed) const
protectedpure virtual

Implemented by the derived classes to truncate the commitment hash to the correct length. This is a customization point to enable support for the final ML-DSA standard.

Implemented in Botan::Dilithium_Round3_Symmetric_Primitives, and Botan::ML_DSA_Symmetric_Primitives.

Referenced by H().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0