Botan 3.9.0
Crypto and TLS for C&
Botan::XMSS_Hash Class Referencefinal

#include <xmss_hash.h>

Public Member Functions

void f (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
void h (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
secure_vector< uint8_t > h_msg (std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes, std::span< const uint8_t > data)
secure_vector< uint8_t > h_msg_final ()
void h_msg_init (std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes)
void h_msg_update (std::span< const uint8_t > data)
std::string hash_function () const
XMSS_Hashoperator= (const XMSS_Hash &)=delete
XMSS_Hashoperator= (XMSS_Hash &&)=default
size_t output_length () const
void prf (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
void prf_keygen (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
 XMSS_Hash (const XMSS_Hash &hash)
 XMSS_Hash (const XMSS_Parameters &params)
 XMSS_Hash (XMSS_Hash &&hash)=default
 ~XMSS_Hash ()=default

Detailed Description

A collection of pseudorandom hash functions required for XMSS and WOTS computations.

Definition at line 23 of file xmss_hash.h.

Constructor & Destructor Documentation

◆ XMSS_Hash() [1/3]

Botan::XMSS_Hash::XMSS_Hash ( const XMSS_Parameters & params)
explicit

Definition at line 24 of file xmss_hash.cpp.

24 :
25 m_hash(HashFunction::create(params.hash_function_name())),
26 m_msg_hash(HashFunction::create(params.hash_function_name())),
27 m_zero_padding(params.hash_id_size() - 1 /* hash IDs are a single uint8_t */) {
28 if(!m_hash || !m_msg_hash) {
29 throw Lookup_Error(fmt("XMSS cannot use hash {} because it is unavailable", params.hash_function_name()));
30 }
31
32 BOTAN_ASSERT(m_hash->output_length() > 0, "Hash output length of zero is invalid.");
33}
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62
static std::unique_ptr< HashFunction > create(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:107
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References BOTAN_ASSERT, Botan::fmt(), and Botan::XMSS_Parameters::hash_function_name().

Referenced by operator=(), operator=(), XMSS_Hash(), and XMSS_Hash().

◆ XMSS_Hash() [2/3]

Botan::XMSS_Hash::XMSS_Hash ( const XMSS_Hash & hash)

Definition at line 19 of file xmss_hash.cpp.

19 :
20 m_hash(hash.m_hash->new_object()),
21 m_msg_hash(hash.m_msg_hash->new_object()),
22 m_zero_padding(hash.m_zero_padding) {}

References XMSS_Hash().

◆ XMSS_Hash() [3/3]

Botan::XMSS_Hash::XMSS_Hash ( XMSS_Hash && hash)
default

References XMSS_Hash().

◆ ~XMSS_Hash()

Botan::XMSS_Hash::~XMSS_Hash ( )
default

Member Function Documentation

◆ f()

void Botan::XMSS_Hash::f ( secure_vector< uint8_t > & result,
std::span< const uint8_t > key,
std::span< const uint8_t > data )
inline

F is a keyed cryptographic hash function used by the WOTS+ algorithm.

Parameters
[out]resultThe hash calculated using key and data.
[in]keykey of length n bytes.
[in]datastring of arbitrary length.

Definition at line 85 of file xmss_hash.h.

85 {
86 calculate_hash(0x00, result, key, data);
87 }

◆ h()

void Botan::XMSS_Hash::h ( secure_vector< uint8_t > & result,
std::span< const uint8_t > key,
std::span< const uint8_t > data )
inline

Cryptographic hash function h accepting n byte keys and 2n byte strings of data.

Parameters
[out]resultThe hash calculated using key and data.
[in]keykey of length n bytes.
[in]datastring of 2n bytes length.

Definition at line 97 of file xmss_hash.h.

97 {
98 calculate_hash(0x01, result, key, data);
99 }

Referenced by Botan::XMSS_Common_Ops::randomize_tree_hash().

◆ h_msg()

secure_vector< uint8_t > Botan::XMSS_Hash::h_msg ( std::span< const uint8_t > randomness,
std::span< const uint8_t > root,
std::span< const uint8_t > index_bytes,
std::span< const uint8_t > data )
inline

Cryptographic hash function h accepting 3n byte keys and data strings of arbitrary length.

Parameters
randomnessn-byte value.
rootn-byte root node.
index_bytesIndex value padded with leading zeros.
datastring of arbitrary length.
Returns
hash value of n-bytes length.

Definition at line 112 of file xmss_hash.h.

115 {
116 h_msg_init(randomness, root, index_bytes);
117 h_msg_update(data);
118 return m_msg_hash->final();
119 }
void h_msg_update(std::span< const uint8_t > data)
Definition xmss_hash.cpp:46
void h_msg_init(std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes)
Definition xmss_hash.cpp:35
Gf448Elem root(const Gf448Elem &elem)
Compute the root of elem in the field.

References h_msg_init(), h_msg_update(), and Botan::root().

◆ h_msg_final()

secure_vector< uint8_t > Botan::XMSS_Hash::h_msg_final ( )

Finalizes buffered h_msg computation and retrieves the result.

Returns
Hash calculated using the prefix set by h_msg_init() and message blocks provided through calls to h_msg_update().

Definition at line 50 of file xmss_hash.cpp.

50 {
51 return m_msg_hash->final();
52}

◆ h_msg_init()

void Botan::XMSS_Hash::h_msg_init ( std::span< const uint8_t > randomness,
std::span< const uint8_t > root,
std::span< const uint8_t > index_bytes )

Initializes buffered h_msg computation with prefix data.

Parameters
randomnessrandom n-byte value.
rootn-byte root node.
index_bytesIndex value padded with leading zeros.

Definition at line 35 of file xmss_hash.cpp.

37 {
38 m_msg_hash->clear();
39 m_msg_hash->update(m_zero_padding);
40 m_msg_hash->update(0x02);
41 m_msg_hash->update(randomness.data(), randomness.size());
42 m_msg_hash->update(root.data(), root.size());
43 m_msg_hash->update(index_bytes.data(), index_bytes.size());
44}

References Botan::root().

Referenced by h_msg().

◆ h_msg_update()

void Botan::XMSS_Hash::h_msg_update ( std::span< const uint8_t > data)

Adds a message block to buffered h_msg computation.

Parameters
dataA message block

Definition at line 46 of file xmss_hash.cpp.

46 {
47 m_msg_hash->update(data.data(), data.size());
48}

Referenced by h_msg().

◆ hash_function()

std::string Botan::XMSS_Hash::hash_function ( ) const
inline

Definition at line 34 of file xmss_hash.h.

34{ return m_hash->name(); }

◆ operator=() [1/2]

XMSS_Hash & Botan::XMSS_Hash::operator= ( const XMSS_Hash & )
delete

References XMSS_Hash().

◆ operator=() [2/2]

XMSS_Hash & Botan::XMSS_Hash::operator= ( XMSS_Hash && )
default

References XMSS_Hash().

◆ output_length()

size_t Botan::XMSS_Hash::output_length ( ) const
inline

Definition at line 147 of file xmss_hash.h.

147{ return m_hash->output_length(); }

◆ prf()

void Botan::XMSS_Hash::prf ( secure_vector< uint8_t > & result,
std::span< const uint8_t > key,
std::span< const uint8_t > data )
inline

Pseudorandom function creating a hash out of a key and data using a cryptographic hash function.

Parameters
[out]resultThe hash calculated using key and data.
[in]keyAn n-byte key value.
[in]dataA 32-byte XMSS_Address data value

Definition at line 57 of file xmss_hash.h.

57 {
58 calculate_hash(0x03, result, key, data);
59 }

Referenced by Botan::XMSS_Common_Ops::randomize_tree_hash(), and Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey().

◆ prf_keygen()

void Botan::XMSS_Hash::prf_keygen ( secure_vector< uint8_t > & result,
std::span< const uint8_t > key,
std::span< const uint8_t > data )
inline

Pseudoranom function creating a hash out of a key and data using a cryptographic hash function for key derivation.

This function is described in NIST SP.800-208 Section 5 as a separate PRF to avoid a multi-target attack vector.

Parameters
[out]resultThe hash calculated using key and data.
[in]keyAn n-byte key value.
[in]dataA 32-byte XMSS_Address data value

Definition at line 72 of file xmss_hash.h.

74 {
75 calculate_hash(0x04, result, key, data);
76 }

The documentation for this class was generated from the following files: