Botan::Sphincs_Hash_Functions_Sha2 Class Reference

#include <sp_hash_sha2.h>

Inheritance diagram for Botan::Sphincs_Hash_Functions_Sha2:

Public Member Functions
std::tuple< SphincsHashedMessage, XmssTreeIndexInLayer, TreeNodeIndex >	H_msg (StrongSpan< const SphincsMessageRandomness > r, const SphincsTreeNode &root, const SphincsMessageInternal &message)
std::string	msg_hash_function_name () const override
void	PRF (StrongSpan< ForsLeafSecret > out, const SphincsSecretSeed &sk_seed, const Sphincs_Address &address)
void	PRF (StrongSpan< WotsNode > out, const SphincsSecretSeed &sk_seed, const Sphincs_Address &address)
void	PRF_msg (StrongSpan< SphincsMessageRandomness > out, StrongSpan< const SphincsSecretPRF > sk_prf, StrongSpan< const SphincsOptionalRandomness > opt_rand, const SphincsMessageInternal &msg) override
	Sphincs_Hash_Functions_Sha2 (const Sphincs_Parameters &sphincs_params, const SphincsPublicSeed &pub_seed)
template<typename OutT = std::vector<uint8_t>, typename... BufferTs>
OutT	T (const Sphincs_Address &address, BufferTs &&... in)
template<typename... BufferTs>
void	T (std::span< uint8_t > out, const Sphincs_Address &address, BufferTs &&... in)

Static Public Member Functions
static std::unique_ptr< Sphincs_Hash_Functions >	create (const Sphincs_Parameters &sphincs_params, const SphincsPublicSeed &pub_seed)

Protected Attributes
const SphincsPublicSeed &	m_pub_seed

Detailed Description

Implementation of SLH-DSA hash function abstraction for SHA2

Definition at line 26 of file sp_hash_sha2.h.

Constructor & Destructor Documentation

Sphincs_Hash_Functions_Sha2()

Botan::Sphincs_Hash_Functions_Sha2::Sphincs_Hash_Functions_Sha2 ( const Sphincs_Parameters & sphincs_params, const SphincsPublicSeed & pub_seed )

inline

Definition at line 64 of file sp_hash_sha2.h.

                                                                                                               :
            Sphincs_Hash_Functions(sphincs_params, pub_seed), m_sphincs_params(sphincs_params) {
         m_padded_pub_seed_256 = std::vector<uint8_t>(64, '\0');
         BOTAN_ASSERT_NOMSG(pub_seed.size() <= m_padded_pub_seed_256.size());
         std::copy(pub_seed.begin(), pub_seed.end(), m_padded_pub_seed_256.begin());
 
         if(sphincs_params.n() == 16) {
            m_sha_x = std::make_unique<Truncated_Hash>(std::make_unique<SHA_256>(), sphincs_params.n() * 8);
            m_sha_x_full = std::make_unique<SHA_256>();
            m_padded_pub_seed_x = m_padded_pub_seed_256;
         } else {
            BOTAN_ASSERT_NOMSG(sphincs_params.n() <= 128);
            m_sha_x = std::make_unique<Truncated_Hash>(std::make_unique<SHA_512>(), sphincs_params.n() * 8);
            m_sha_x_full = std::make_unique<SHA_512>();
 
            m_padded_pub_seed_x = std::vector<uint8_t>(128, '\0');
            BOTAN_ASSERT_NOMSG(pub_seed.size() <= m_padded_pub_seed_x.size());
            std::copy(pub_seed.begin(), pub_seed.end(), m_padded_pub_seed_x.begin());
         }
 
         if(m_sphincs_params.n() < 32) {
            m_sha_256 = std::make_unique<Truncated_Hash>(std::make_unique<SHA_256>(), m_sphincs_params.n() * 8);
         } else {
            m_sha_256 = std::make_unique<SHA_256>();
         }
      }

References BOTAN_ASSERT_NOMSG, and Botan::Sphincs_Parameters::n().

Member Function Documentation

create()

std::unique_ptr< Sphincs_Hash_Functions > Botan::Sphincs_Hash_Functions::create ( const Sphincs_Parameters & sphincs_params, const SphincsPublicSeed & pub_seed )

staticinherited

Creates a Sphincs_Hash_Functions object instantiating the hash functions used for the specified sphincs_params. The pub_seed is used to seed the hash functions (possibly padded). This is pre-computed and the respective state is copied on the further calls on H(seed) with tweak_hash, i.e., T and PRF.

Definition at line 34 of file sp_hash.cpp.

                                                                                                          {
   switch(sphincs_params.hash_type()) {
      case Sphincs_Hash_Type::Sha256:
#if defined(BOTAN_HAS_SPHINCS_PLUS_SHA2_BASE)
         return std::make_unique<Sphincs_Hash_Functions_Sha2>(sphincs_params, pub_seed);
#else
         throw Not_Implemented("SLH-DSA (or SPHINCS+) with SHA-256 is not available in this build");
#endif
 
      case Sphincs_Hash_Type::Shake256:
#if defined(BOTAN_HAS_SPHINCS_PLUS_SHAKE_BASE)
         return std::make_unique<Sphincs_Hash_Functions_Shake>(sphincs_params, pub_seed);
#else
         throw Not_Implemented("SLH-DSA (or SPHINCS+) with SHAKE is not available in this build");
#endif
 
      case Sphincs_Hash_Type::Haraka:
         throw Not_Implemented("Haraka is not implemented");
   }
   BOTAN_ASSERT_UNREACHABLE();
}

References BOTAN_ASSERT_UNREACHABLE, Botan::Haraka, Botan::Sphincs_Parameters::hash_type(), Botan::Sha256, and Botan::Shake256.

Referenced by Botan::SphincsPlus_PrivateKey::SphincsPlus_PrivateKey().

H_msg()

std::tuple< SphincsHashedMessage, XmssTreeIndexInLayer, TreeNodeIndex > Botan::Sphincs_Hash_Functions::H_msg ( StrongSpan< const SphincsMessageRandomness > r, const SphincsTreeNode & root, const SphincsMessageInternal & message )

inherited

Definition at line 78 of file sp_hash.cpp.

                                                                                                                     {
   const auto digest = H_msg_digest(r, root, message);
 
   // The following calculates the message digest and indices from the
   // raw message digest. See FIPS 205, Algorithm 19, Line 5-10.
   const auto& p = m_sphincs_params;
   BufferSlicer s(digest);
   auto msg_hash = s.copy<SphincsHashedMessage>(p.fors_message_bytes());
   auto tree_index_bytes = s.take(p.tree_digest_bytes());
   auto leaf_index_bytes = s.take(p.leaf_digest_bytes());
   BOTAN_ASSERT_NOMSG(s.empty());
 
   auto tree_index = from_first_n_bits<XmssTreeIndexInLayer>(p.h() - p.xmss_tree_height(), tree_index_bytes);
   auto leaf_index = from_first_n_bits<TreeNodeIndex>(p.xmss_tree_height(), leaf_index_bytes);
   return {std::move(msg_hash), tree_index, leaf_index};
}

References BOTAN_ASSERT_NOMSG, Botan::BufferSlicer::copy(), Botan::BufferSlicer::empty(), Botan::Sphincs_Hash_Functions::H_msg_digest(), Botan::Sphincs_Hash_Functions::m_sphincs_params, Botan::root(), and Botan::BufferSlicer::take().

msg_hash_function_name()

std::string Botan::Sphincs_Hash_Functions_Sha2::msg_hash_function_name ( ) const

inlineoverridevirtual

Implements Botan::Sphincs_Hash_Functions.

Definition at line 105 of file sp_hash_sha2.h.

{ return m_sha_x_full->name(); }

PRF() [1/2]

void Botan::Sphincs_Hash_Functions::PRF ( StrongSpan< ForsLeafSecret > out, const SphincsSecretSeed & sk_seed, const Sphincs_Address & address )

inlineinherited

Definition at line 70 of file sp_hash.h.

                                                                                                                 {
         T(out, address, sk_seed);
      }

References T.

Referenced by Botan::fors_sign_and_pkgen(), and Botan::wots_sign_and_pkgen().

PRF() [2/2]

void Botan::Sphincs_Hash_Functions::PRF ( StrongSpan< WotsNode > out, const SphincsSecretSeed & sk_seed, const Sphincs_Address & address )

inlineinherited

Definition at line 74 of file sp_hash.h.

                                                                                                           {
         T(out, address, sk_seed);
      }

References T.

PRF_msg()

void Botan::Sphincs_Hash_Functions_Sha2::PRF_msg ( StrongSpan< SphincsMessageRandomness > out, StrongSpan< const SphincsSecretPRF > sk_prf, StrongSpan< const SphincsOptionalRandomness > opt_rand, const SphincsMessageInternal & msg )

inlineoverridevirtual

Using SK.PRF, the optional randomness, and a message, computes the message random R, and the tree and leaf indices.

Parameters

out	output location for the message hash
sk_prf	SK.PRF
opt_rand	optional randomness
msg	message

Implements Botan::Sphincs_Hash_Functions.

Definition at line 91 of file sp_hash_sha2.h.

                                                               {
         HMAC hmac_sha_x(m_sha_x_full->new_object());
         hmac_sha_x.set_key(sk_prf);
         hmac_sha_x.update(opt_rand);
         hmac_sha_x.update(msg.prefix);
         hmac_sha_x.update(msg.message);
 
         const auto prf = hmac_sha_x.final();
         std::copy(prf.begin(), prf.begin() + out.size(), out.begin());
      }

References Botan::StrongSpan< T >::begin(), Botan::Buffered_Computation::final(), Botan::SphincsMessageInternal::message, Botan::SphincsMessageInternal::prefix, Botan::SymmetricAlgorithm::set_key(), Botan::StrongSpan< T >::size(), and Botan::Buffered_Computation::update().

T() [1/2]

template<typename OutT = std::vector<uint8_t>, typename... BufferTs>

OutT Botan::Sphincs_Hash_Functions::T ( const Sphincs_Address & address, BufferTs &&... in )

inlineinherited

Definition at line 64 of file sp_hash.h.

                                                               {
         OutT t(m_sphincs_params.n());
         T(t, address, std::forward<BufferTs>(in)...);
         return t;
      }

References T.

T() [2/2]

template<typename... BufferTs>

void Botan::Sphincs_Hash_Functions::T ( std::span< uint8_t > out, const Sphincs_Address & address, BufferTs &&... in )

inlineinherited

Definition at line 57 of file sp_hash.h.

                                                                                     {
         auto& hash = tweak_hash(address, (std::forward<BufferTs>(in).size() + ...));
         (hash.update(std::forward<BufferTs>(in)), ...);
         hash.final(out);
      }

Referenced by Botan::compute_root(), Botan::fors_public_key_from_signature(), Botan::fors_sign_and_pkgen(), Botan::ht_verify(), Botan::treehash(), and Botan::wots_sign_and_pkgen().

Member Data Documentation

m_pub_seed

const SphincsPublicSeed& Botan::Sphincs_Hash_Functions::m_pub_seed

protectedinherited

Definition at line 103 of file sp_hash.h.

Referenced by Botan::Sphincs_Hash_Functions_Shake::Sphincs_Hash_Functions_Shake().

---

The documentation for this class was generated from the following file:

• src/lib/pubkey/sphincsplus/sphincsplus_common/sphincsplus_sha2_base/sp_hash_sha2.h