Botan 3.6.1
Crypto and TLS for C&
kyber_90s.h
Go to the documentation of this file.
1/*
2 * Symmetric primitives for Kyber (90s mode)
3 * (C) 2022-2024 Jack Lloyd
4 * (C) 2022 Hannes Rantzsch, René Meusel, neXenio GmbH
5 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9
10#ifndef BOTAN_KYBER_90S_H_
11#define BOTAN_KYBER_90S_H_
12
13#include <botan/hash.h>
14#include <botan/internal/aes_crystals_xof.h>
15
16#include <botan/internal/kyber_symmetric_primitives.h>
17
18#include <array>
19#include <memory>
20
21namespace Botan {
22
23class Kyber_90s_Symmetric_Primitives final : public Kyber_Symmetric_Primitives {
24 public:
25 Kyber_90s_Symmetric_Primitives() :
26 m_sha512(HashFunction::create_or_throw("SHA-512")),
27 m_sha256(HashFunction::create_or_throw("SHA-256")),
28 m_aes256_xof(std::make_unique<AES_256_CTR_XOF>()) {}
29
30 protected:
31 std::optional<std::array<uint8_t, 1>> seed_expansion_domain_separator(const KyberConstants&) const override {
32 return {};
33 }
34
35 HashFunction& get_G() const override { return *m_sha512; }
36
37 HashFunction& get_H() const override { return *m_sha256; }
38
39 HashFunction& get_J() const override { throw Invalid_State("Kyber-R3 in 90s mode does not support J()"); }
40
41 HashFunction& get_KDF() const override { return *m_sha256; }
42
43 Botan::XOF& get_PRF(std::span<const uint8_t> seed, const uint8_t nonce) const override {
44 m_aes256_xof->clear();
45 const std::array<uint8_t, 12> nonce_buffer{nonce, 0};
46 m_aes256_xof->start(nonce_buffer, seed);
47 return *m_aes256_xof;
48 }
49
50 Botan::XOF& get_XOF(std::span<const uint8_t> seed, std::tuple<uint8_t, uint8_t> mpos) const override {
51 m_aes256_xof->clear();
52 const std::array<uint8_t, 12> iv{std::get<0>(mpos), std::get<1>(mpos), 0};
53 m_aes256_xof->start(iv, seed);
54 return *m_aes256_xof;
55 }
56
57 private:
58 std::unique_ptr<HashFunction> m_sha512;
59 std::unique_ptr<HashFunction> m_sha256;
60 mutable std::unique_ptr<AES_256_CTR_XOF> m_aes256_xof;
61};
62
63} // namespace Botan
64
65#endif
Botan::AES_256_CTR_XOF
Definition aes_crystals_xof.h:26
Botan::Invalid_State
Definition exceptn.h:206
Botan::Kyber_90s_Symmetric_Primitives
Definition kyber_90s.h:23
Botan::Kyber_90s_Symmetric_Primitives::seed_expansion_domain_separator
std::optional< std::array< uint8_t, 1 > > seed_expansion_domain_separator(const KyberConstants &) const override
Definition kyber_90s.h:31
Botan::Kyber_90s_Symmetric_Primitives::get_G
HashFunction & get_G() const override
Definition kyber_90s.h:35
Botan::Kyber_90s_Symmetric_Primitives::get_J
HashFunction & get_J() const override
Definition kyber_90s.h:39
Botan::Kyber_90s_Symmetric_Primitives::get_XOF
Botan::XOF & get_XOF(std::span< const uint8_t > seed, std::tuple< uint8_t, uint8_t > mpos) const override
Definition kyber_90s.h:50
Botan::Kyber_90s_Symmetric_Primitives::get_KDF
HashFunction & get_KDF() const override
Definition kyber_90s.h:41
Botan::Kyber_90s_Symmetric_Primitives::Kyber_90s_Symmetric_Primitives
Kyber_90s_Symmetric_Primitives()
Definition kyber_90s.h:25
Botan::Kyber_90s_Symmetric_Primitives::get_H
HashFunction & get_H() const override
Definition kyber_90s.h:37
Botan::Kyber_90s_Symmetric_Primitives::get_PRF
Botan::XOF & get_PRF(std::span< const uint8_t > seed, const uint8_t nonce) const override
Definition kyber_90s.h:43
Botan::Kyber_Symmetric_Primitives
Definition kyber_symmetric_primitives.h:30
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
Generated by doxygen 1.12.0