Botan 3.0.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::XMSS_Hash Class Referencefinal

#include <xmss_hash.h>

Public Member Functions

void f (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
 
void h (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
 
secure_vector< uint8_t > h_msg (std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes, std::span< const uint8_t > data)
 
secure_vector< uint8_t > h_msg_final ()
 
void h_msg_init (std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes)
 
void h_msg_update (std::span< const uint8_t > data)
 
std::string hash_function () const
 
XMSS_Hashoperator= (const XMSS_Hash &)=delete
 
XMSS_Hashoperator= (XMSS_Hash &&)=default
 
size_t output_length () const
 
void prf (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
 
void prf_keygen (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
 
 XMSS_Hash (const XMSS_Hash &hash)
 
 XMSS_Hash (const XMSS_Parameters &params)
 
 XMSS_Hash (XMSS_Hash &&hash)=default
 
 ~XMSS_Hash ()=default
 

Detailed Description

A collection of pseudorandom hash functions required for XMSS and WOTS computations.

Definition at line 23 of file xmss_hash.h.

Constructor & Destructor Documentation

◆ XMSS_Hash() [1/3]

Botan::XMSS_Hash::XMSS_Hash ( const XMSS_Parameters params)

Definition at line 22 of file xmss_hash.cpp.

23 : m_hash(HashFunction::create(params.hash_function_name()))
24 , m_msg_hash(HashFunction::create(params.hash_function_name()))
25 , m_zero_padding(params.hash_id_size() - 1 /* hash IDs are a single uint8_t */)
26 {
27 if(!m_hash || !m_msg_hash)
28 {
29 throw Lookup_Error(fmt("XMSS cannot use hash {} because it is unavailable",
30 params.hash_function_name()));
31 }
32
33 BOTAN_ASSERT(m_hash->output_length() > 0, "Hash output length of zero is invalid.");
34 }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:54
static std::unique_ptr< HashFunction > create(std::string_view algo_spec, std::string_view provider="")
Definition: hash.cpp:102
std::string fmt(std::string_view format, const T &... args)
Definition: fmt.h:60

References BOTAN_ASSERT, Botan::fmt(), and Botan::XMSS_Parameters::hash_function_name().

◆ XMSS_Hash() [2/3]

Botan::XMSS_Hash::XMSS_Hash ( const XMSS_Hash hash)

Definition at line 17 of file xmss_hash.cpp.

18 : m_hash(hash.m_hash->new_object())
19 , m_msg_hash(hash.m_msg_hash->new_object())
20 , m_zero_padding(hash.m_zero_padding) {}

◆ XMSS_Hash() [3/3]

Botan::XMSS_Hash::XMSS_Hash ( XMSS_Hash &&  hash)
default

◆ ~XMSS_Hash()

Botan::XMSS_Hash::~XMSS_Hash ( )
default

Member Function Documentation

◆ f()

void Botan::XMSS_Hash::f ( secure_vector< uint8_t > &  result,
std::span< const uint8_t >  key,
std::span< const uint8_t >  data 
)
inline

F is a keyed cryptographic hash function used by the WOTS+ algorithm.

Parameters
[out]resultThe hash calculated using key and data.
[in]keykey of length n bytes.
[in]datastring of arbitrary length.

Definition at line 91 of file xmss_hash.h.

94 {
95 calculate_hash(0x00, result, key, data);
96 }

◆ h()

void Botan::XMSS_Hash::h ( secure_vector< uint8_t > &  result,
std::span< const uint8_t >  key,
std::span< const uint8_t >  data 
)
inline

Cryptographic hash function h accepting n byte keys and 2n byte strings of data.

Parameters
[out]resultThe hash calculated using key and data.
[in]keykey of length n bytes.
[in]datastring of 2n bytes length.

Definition at line 106 of file xmss_hash.h.

109 {
110 calculate_hash(0x01, result, key, data);
111 }

Referenced by Botan::XMSS_Common_Ops::randomize_tree_hash().

◆ h_msg()

secure_vector< uint8_t > Botan::XMSS_Hash::h_msg ( std::span< const uint8_t >  randomness,
std::span< const uint8_t >  root,
std::span< const uint8_t >  index_bytes,
std::span< const uint8_t >  data 
)
inline

Cryptographic hash function h accepting 3n byte keys and data strings of arbitrary length.

Parameters
randomnessn-byte value.
rootn-byte root node.
index_bytesIndex value padded with leading zeros.
datastring of arbitrary length.
Returns
hash value of n-bytes length.

Definition at line 124 of file xmss_hash.h.

128 {
129 h_msg_init(randomness, root, index_bytes);
130 h_msg_update(data);
131 return m_msg_hash->final();
132 }
void h_msg_update(std::span< const uint8_t > data)
Definition: xmss_hash.cpp:48
void h_msg_init(std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes)
Definition: xmss_hash.cpp:36

References h_msg_init(), and h_msg_update().

◆ h_msg_final()

secure_vector< uint8_t > Botan::XMSS_Hash::h_msg_final ( )

Finalizes buffered h_msg computation and retrieves the result.

Returns
Hash calculated using the prefix set by h_msg_init() and message blocks provided through calls to h_msg_update().

Definition at line 53 of file xmss_hash.cpp.

54 {
55 return m_msg_hash->final();
56 }

Referenced by Botan::XMSS_Signature_Operation::sign().

◆ h_msg_init()

void Botan::XMSS_Hash::h_msg_init ( std::span< const uint8_t >  randomness,
std::span< const uint8_t >  root,
std::span< const uint8_t >  index_bytes 
)

Initializes buffered h_msg computation with prefix data.

Parameters
randomnessrandom n-byte value.
rootn-byte root node.
index_bytesIndex value padded with leading zeros.

Definition at line 36 of file xmss_hash.cpp.

39 {
40 m_msg_hash->clear();
41 m_msg_hash->update(m_zero_padding);
42 m_msg_hash->update(0x02);
43 m_msg_hash->update(randomness.data(), randomness.size());
44 m_msg_hash->update(root.data(), root.size());
45 m_msg_hash->update(index_bytes.data(), index_bytes.size());
46 }

Referenced by h_msg().

◆ h_msg_update()

void Botan::XMSS_Hash::h_msg_update ( std::span< const uint8_t >  data)

Adds a message block to buffered h_msg computation.

Parameters
dataA message block

Definition at line 48 of file xmss_hash.cpp.

49 {
50 m_msg_hash->update(data.data(), data.size());
51 }

Referenced by h_msg(), and Botan::XMSS_Signature_Operation::update().

◆ hash_function()

std::string Botan::XMSS_Hash::hash_function ( ) const
inline

Definition at line 35 of file xmss_hash.h.

35{ return m_hash->name(); }

Referenced by Botan::XMSS_Signature_Operation::hash_function(), and Botan::XMSS_Verification_Operation::hash_function().

◆ operator=() [1/2]

XMSS_Hash & Botan::XMSS_Hash::operator= ( const XMSS_Hash )
delete

◆ operator=() [2/2]

XMSS_Hash & Botan::XMSS_Hash::operator= ( XMSS_Hash &&  )
default

◆ output_length()

size_t Botan::XMSS_Hash::output_length ( ) const
inline

Definition at line 160 of file xmss_hash.h.

160{ return m_hash->output_length(); }

◆ prf()

void Botan::XMSS_Hash::prf ( secure_vector< uint8_t > &  result,
std::span< const uint8_t >  key,
std::span< const uint8_t >  data 
)
inline

Pseudorandom function creating a hash out of a key and data using a cryptographic hash function.

Parameters
[out]resultThe hash calculated using key and data.
[in]keyAn n-byte key value.
[in]dataA 32-byte XMSS_Address data value

Definition at line 59 of file xmss_hash.h.

62 {
63 calculate_hash(0x03, result, key, data);
64 }

Referenced by Botan::XMSS_Common_Ops::randomize_tree_hash(), and Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey().

◆ prf_keygen()

void Botan::XMSS_Hash::prf_keygen ( secure_vector< uint8_t > &  result,
std::span< const uint8_t >  key,
std::span< const uint8_t >  data 
)
inline

Pseudoranom function creating a hash out of a key and data using a cryptographic hash function for key derivation.

This function is described in NIST SP.800-208 Section 5 as a separate PRF to avoid a multi-target attack vector.

Parameters
[out]resultThe hash calculated using key and data.
[in]keyAn n-byte key value.
[in]dataA 32-byte XMSS_Address data value

Definition at line 77 of file xmss_hash.h.

80 {
81 calculate_hash(0x04, result, key, data);
82 }

Referenced by Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey().


The documentation for this class was generated from the following files: