Botan 3.3.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::XMSS_Hash Class Referencefinal

#include <xmss_hash.h>

Public Member Functions

void f (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
 
void h (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
 
secure_vector< uint8_t > h_msg (std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes, std::span< const uint8_t > data)
 
secure_vector< uint8_t > h_msg_final ()
 
void h_msg_init (std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes)
 
void h_msg_update (std::span< const uint8_t > data)
 
std::string hash_function () const
 
XMSS_Hashoperator= (const XMSS_Hash &)=delete
 
XMSS_Hashoperator= (XMSS_Hash &&)=default
 
size_t output_length () const
 
void prf (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
 
void prf_keygen (secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
 
 XMSS_Hash (const XMSS_Hash &hash)
 
 XMSS_Hash (const XMSS_Parameters &params)
 
 XMSS_Hash (XMSS_Hash &&hash)=default
 
 ~XMSS_Hash ()=default
 

Detailed Description

A collection of pseudorandom hash functions required for XMSS and WOTS computations.

Definition at line 23 of file xmss_hash.h.

Constructor & Destructor Documentation

◆ XMSS_Hash() [1/3]

Botan::XMSS_Hash::XMSS_Hash ( const XMSS_Parameters & params)

Definition at line 23 of file xmss_hash.cpp.

23 :
24 m_hash(HashFunction::create(params.hash_function_name())),
25 m_msg_hash(HashFunction::create(params.hash_function_name())),
26 m_zero_padding(params.hash_id_size() - 1 /* hash IDs are a single uint8_t */) {
27 if(!m_hash || !m_msg_hash) {
28 throw Lookup_Error(fmt("XMSS cannot use hash {} because it is unavailable", params.hash_function_name()));
29 }
30
31 BOTAN_ASSERT(m_hash->output_length() > 0, "Hash output length of zero is invalid.");
32}
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
static std::unique_ptr< HashFunction > create(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:107
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References BOTAN_ASSERT, Botan::fmt(), and Botan::XMSS_Parameters::hash_function_name().

◆ XMSS_Hash() [2/3]

Botan::XMSS_Hash::XMSS_Hash ( const XMSS_Hash & hash)

Definition at line 18 of file xmss_hash.cpp.

18 :
19 m_hash(hash.m_hash->new_object()),
20 m_msg_hash(hash.m_msg_hash->new_object()),
21 m_zero_padding(hash.m_zero_padding) {}

◆ XMSS_Hash() [3/3]

Botan::XMSS_Hash::XMSS_Hash ( XMSS_Hash && hash)
default

◆ ~XMSS_Hash()

Botan::XMSS_Hash::~XMSS_Hash ( )
default

Member Function Documentation

◆ f()

void Botan::XMSS_Hash::f ( secure_vector< uint8_t > & result,
std::span< const uint8_t > key,
std::span< const uint8_t > data )
inline

F is a keyed cryptographic hash function used by the WOTS+ algorithm.

Parameters
[out]resultThe hash calculated using key and data.
[in]keykey of length n bytes.
[in]datastring of arbitrary length.

Definition at line 85 of file xmss_hash.h.

85 {
86 calculate_hash(0x00, result, key, data);
87 }

◆ h()

void Botan::XMSS_Hash::h ( secure_vector< uint8_t > & result,
std::span< const uint8_t > key,
std::span< const uint8_t > data )
inline

Cryptographic hash function h accepting n byte keys and 2n byte strings of data.

Parameters
[out]resultThe hash calculated using key and data.
[in]keykey of length n bytes.
[in]datastring of 2n bytes length.

Definition at line 97 of file xmss_hash.h.

97 {
98 calculate_hash(0x01, result, key, data);
99 }

Referenced by Botan::XMSS_Common_Ops::randomize_tree_hash().

◆ h_msg()

secure_vector< uint8_t > Botan::XMSS_Hash::h_msg ( std::span< const uint8_t > randomness,
std::span< const uint8_t > root,
std::span< const uint8_t > index_bytes,
std::span< const uint8_t > data )
inline

Cryptographic hash function h accepting 3n byte keys and data strings of arbitrary length.

Parameters
randomnessn-byte value.
rootn-byte root node.
index_bytesIndex value padded with leading zeros.
datastring of arbitrary length.
Returns
hash value of n-bytes length.

Definition at line 112 of file xmss_hash.h.

115 {
116 h_msg_init(randomness, root, index_bytes);
117 h_msg_update(data);
118 return m_msg_hash->final();
119 }
void h_msg_update(std::span< const uint8_t > data)
Definition xmss_hash.cpp:45
void h_msg_init(std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes)
Definition xmss_hash.cpp:34

References h_msg_init(), and h_msg_update().

◆ h_msg_final()

secure_vector< uint8_t > Botan::XMSS_Hash::h_msg_final ( )

Finalizes buffered h_msg computation and retrieves the result.

Returns
Hash calculated using the prefix set by h_msg_init() and message blocks provided through calls to h_msg_update().

Definition at line 49 of file xmss_hash.cpp.

49 {
50 return m_msg_hash->final();
51}

Referenced by Botan::XMSS_Signature_Operation::sign().

◆ h_msg_init()

void Botan::XMSS_Hash::h_msg_init ( std::span< const uint8_t > randomness,
std::span< const uint8_t > root,
std::span< const uint8_t > index_bytes )

Initializes buffered h_msg computation with prefix data.

Parameters
randomnessrandom n-byte value.
rootn-byte root node.
index_bytesIndex value padded with leading zeros.

Definition at line 34 of file xmss_hash.cpp.

36 {
37 m_msg_hash->clear();
38 m_msg_hash->update(m_zero_padding);
39 m_msg_hash->update(0x02);
40 m_msg_hash->update(randomness.data(), randomness.size());
41 m_msg_hash->update(root.data(), root.size());
42 m_msg_hash->update(index_bytes.data(), index_bytes.size());
43}

Referenced by h_msg().

◆ h_msg_update()

void Botan::XMSS_Hash::h_msg_update ( std::span< const uint8_t > data)

Adds a message block to buffered h_msg computation.

Parameters
dataA message block

Definition at line 45 of file xmss_hash.cpp.

45 {
46 m_msg_hash->update(data.data(), data.size());
47}

Referenced by h_msg(), and Botan::XMSS_Signature_Operation::update().

◆ hash_function()

std::string Botan::XMSS_Hash::hash_function ( ) const
inline

Definition at line 34 of file xmss_hash.h.

34{ return m_hash->name(); }

Referenced by Botan::XMSS_Signature_Operation::hash_function(), and Botan::XMSS_Verification_Operation::hash_function().

◆ operator=() [1/2]

XMSS_Hash & Botan::XMSS_Hash::operator= ( const XMSS_Hash & )
delete

◆ operator=() [2/2]

XMSS_Hash & Botan::XMSS_Hash::operator= ( XMSS_Hash && )
default

◆ output_length()

size_t Botan::XMSS_Hash::output_length ( ) const
inline

Definition at line 147 of file xmss_hash.h.

147{ return m_hash->output_length(); }

◆ prf()

void Botan::XMSS_Hash::prf ( secure_vector< uint8_t > & result,
std::span< const uint8_t > key,
std::span< const uint8_t > data )
inline

Pseudorandom function creating a hash out of a key and data using a cryptographic hash function.

Parameters
[out]resultThe hash calculated using key and data.
[in]keyAn n-byte key value.
[in]dataA 32-byte XMSS_Address data value

Definition at line 57 of file xmss_hash.h.

57 {
58 calculate_hash(0x03, result, key, data);
59 }

Referenced by Botan::XMSS_Common_Ops::randomize_tree_hash(), and Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey().

◆ prf_keygen()

void Botan::XMSS_Hash::prf_keygen ( secure_vector< uint8_t > & result,
std::span< const uint8_t > key,
std::span< const uint8_t > data )
inline

Pseudoranom function creating a hash out of a key and data using a cryptographic hash function for key derivation.

This function is described in NIST SP.800-208 Section 5 as a separate PRF to avoid a multi-target attack vector.

Parameters
[out]resultThe hash calculated using key and data.
[in]keyAn n-byte key value.
[in]dataA 32-byte XMSS_Address data value

Definition at line 72 of file xmss_hash.h.

74 {
75 calculate_hash(0x04, result, key, data);
76 }

Referenced by Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey().


The documentation for this class was generated from the following files: