Botan 3.9.0
Crypto and TLS for C&
kyber_modern.h
Go to the documentation of this file.
1/*
2 * Symmetric primitives for Kyber (modern (non-90s) mode)
3 * (C) 2022-2024 Jack Lloyd
4 * (C) 2022 Hannes Rantzsch, René Meusel, neXenio GmbH
5 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9
10#ifndef BOTAN_KYBER_MODERN_H_
11#define BOTAN_KYBER_MODERN_H_
12
13#include <botan/hash.h>
14#include <botan/xof.h>
15
16#include <botan/internal/kyber_symmetric_primitives.h>
17#include <botan/internal/loadstor.h>
18
19#include <memory>
20
21namespace Botan {
22
24 public:
26 m_sha3_512(HashFunction::create_or_throw("SHA-3(512)")),
27 m_sha3_256(HashFunction::create_or_throw("SHA-3(256)")),
28 m_shake256_256(HashFunction::create_or_throw("SHAKE-256(256)")),
29 m_shake128(Botan::XOF::create_or_throw("SHAKE-128")),
30 m_shake256(Botan::XOF::create_or_throw("SHAKE-256")) {}
31
32 protected:
33 std::optional<std::array<uint8_t, 1>> seed_expansion_domain_separator(
34 const KyberConstants& /*constants*/) const override {
35 return {};
36 }
37
38 HashFunction& get_G() const override { return *m_sha3_512; }
39
40 HashFunction& get_H() const override { return *m_sha3_256; }
41
42 HashFunction& get_J() const override { throw Invalid_State("Kyber-R3 does not support J()"); }
43
44 HashFunction& get_KDF() const override { return *m_shake256_256; }
45
46 Botan::XOF& get_PRF(std::span<const uint8_t> seed, const uint8_t nonce) const override {
47 m_shake256->clear();
48 m_shake256->update(seed);
49 m_shake256->update(store_be(nonce));
50 return *m_shake256;
51 }
52
53 Botan::XOF& get_XOF(std::span<const uint8_t> seed, std::tuple<uint8_t, uint8_t> matrix_position) const override {
54 m_shake128->clear();
55 m_shake128->update(seed);
56 m_shake128->update(store_be(make_uint16(std::get<0>(matrix_position), std::get<1>(matrix_position))));
57 return *m_shake128;
58 }
59
60 private:
61 std::unique_ptr<HashFunction> m_sha3_512;
62 std::unique_ptr<HashFunction> m_sha3_256;
63 std::unique_ptr<HashFunction> m_shake256_256;
64 std::unique_ptr<Botan::XOF> m_shake128;
65 std::unique_ptr<Botan::XOF> m_shake256;
66};
67
68} // namespace Botan
69
70#endif
HashFunction & get_KDF() const override
HashFunction & get_G() const override
Botan::XOF & get_PRF(std::span< const uint8_t > seed, const uint8_t nonce) const override
HashFunction & get_H() const override
Botan::XOF & get_XOF(std::span< const uint8_t > seed, std::tuple< uint8_t, uint8_t > matrix_position) const override
std::optional< std::array< uint8_t, 1 > > seed_expansion_domain_separator(const KyberConstants &) const override
HashFunction & get_J() const override
Botan::XOF & XOF(StrongSpan< const KyberSeedRho > seed, std::tuple< uint8_t, uint8_t > matrix_position) const
void clear()
Definition xof.h:64
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745
constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition loadstor.h:92