doxygen/sp__hash_8cpp_source.html

/*

 * SLH-DSA Hash Function Interface

 * (C) 2023 Jack Lloyd

 *     2023 Fabian Albert, René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 **/


#include <botan/internal/sp_hash.h>


#include <botan/internal/stl_util.h>


#include <botan/assert.h>

#include <botan/exceptn.h>

#include <botan/hash.h>

#include <botan/sp_parameters.h>


#if defined(BOTAN_HAS_SPHINCS_PLUS_SHAKE_BASE)

   #include <botan/internal/sp_hash_shake.h>

#endif


#if defined(BOTAN_HAS_SPHINCS_PLUS_SHA2_BASE)

   #include <botan/internal/sp_hash_sha2.h>

#endif


#include <memory>


namespace Botan {


Sphincs_Hash_Functions::Sphincs_Hash_Functions(const Sphincs_Parameters& sphincs_params,

                                               const SphincsPublicSeed& pub_seed) :

      m_sphincs_params(sphincs_params), m_pub_seed(pub_seed) {}


std::unique_ptr<Sphincs_Hash_Functions> Sphincs_Hash_Functions::create(const Sphincs_Parameters& sphincs_params,

                                                                       const SphincsPublicSeed& pub_seed) {

   switch(sphincs_params.hash_type()) {

      case Sphincs_Hash_Type::Sha256:

#if defined(BOTAN_HAS_SPHINCS_PLUS_SHA2_BASE)

         return std::make_unique<Sphincs_Hash_Functions_Sha2>(sphincs_params, pub_seed);

#else

         throw Not_Implemented("SLH-DSA (or SPHINCS+) with SHA-256 is not available in this build");

#endif


      case Sphincs_Hash_Type::Shake256:

#if defined(BOTAN_HAS_SPHINCS_PLUS_SHAKE_BASE)

         return std::make_unique<Sphincs_Hash_Functions_Shake>(sphincs_params, pub_seed);

#else

         throw Not_Implemented("SLH-DSA (or SPHINCS+) with SHAKE is not available in this build");

#endif


      case Sphincs_Hash_Type::Haraka:

         throw Not_Implemented("Haraka is not implemented");

   }

   BOTAN_ASSERT_UNREACHABLE();

}


namespace {


template <typename T>

T from_first_n_bits(const uint32_t nbits, std::span<const uint8_t> bytes) {

   using wrapped_type = typename T::wrapped_type;


   constexpr const auto outsize = sizeof(wrapped_type);

   BOTAN_ASSERT_NOMSG(nbits <= bytes.size() * 8);

   BOTAN_ASSERT_NOMSG(bytes.size() <= outsize);


   // The input buffer might shorter than the byte-length of the desired

   // integer type. This prepends \0-bytes accordingly.

   std::array<uint8_t, outsize> normalized_bytes = {};

   std::copy(bytes.rbegin(), bytes.rend(), normalized_bytes.rbegin());

   const auto bits = load_be<wrapped_type>(normalized_bytes.data(), 0);


   return T(bits & (~wrapped_type(0) >> (8 * outsize - nbits)));

}


}  // namespace


std::tuple<SphincsHashedMessage, XmssTreeIndexInLayer, TreeNodeIndex> Sphincs_Hash_Functions::H_msg(

   StrongSpan<const SphincsMessageRandomness> r, const SphincsTreeNode& root, const SphincsMessageInternal& message) {

   const auto digest = H_msg_digest(r, root, message);


   // The following calculates the message digest and indices from the

   // raw message digest. See FIPS 205, Algorithm 19, Line 5-10.

   const auto& p = m_sphincs_params;

   BufferSlicer s(digest);

   auto msg_hash = s.copy<SphincsHashedMessage>(p.fors_message_bytes());

   auto tree_index_bytes = s.take(p.tree_digest_bytes());

   auto leaf_index_bytes = s.take(p.leaf_digest_bytes());

   BOTAN_ASSERT_NOMSG(s.empty());


   auto tree_index = from_first_n_bits<XmssTreeIndexInLayer>(p.h() - p.xmss_tree_height(), tree_index_bytes);

   auto leaf_index = from_first_n_bits<TreeNodeIndex>(p.xmss_tree_height(), leaf_index_bytes);

   return {std::move(msg_hash), tree_index, leaf_index};

}


}  // namespace Botan

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59

BOTAN_ASSERT_UNREACHABLE
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:137

Botan::BufferSlicer
Definition stl_util.h:84

Botan::BufferSlicer::copy
auto copy(const size_t count)
Definition stl_util.h:89

Botan::BufferSlicer::empty
bool empty() const
Definition stl_util.h:129

Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition stl_util.h:98

Botan::Not_Implemented
Definition exceptn.h:334

Botan::Sphincs_Hash_Functions::m_sphincs_params
const Sphincs_Parameters & m_sphincs_params
Definition sp_hash.h:102

Botan::Sphincs_Hash_Functions::Sphincs_Hash_Functions
Sphincs_Hash_Functions(const Sphincs_Parameters &sphincs_params, const SphincsPublicSeed &pub_seed)
Definition sp_hash.cpp:30

Botan::Sphincs_Hash_Functions::H_msg
std::tuple< SphincsHashedMessage, XmssTreeIndexInLayer, TreeNodeIndex > H_msg(StrongSpan< const SphincsMessageRandomness > r, const SphincsTreeNode &root, const SphincsMessageInternal &message)
Definition sp_hash.cpp:78

Botan::Sphincs_Hash_Functions::create
static std::unique_ptr< Sphincs_Hash_Functions > create(const Sphincs_Parameters &sphincs_params, const SphincsPublicSeed &pub_seed)
Definition sp_hash.cpp:34

Botan::Sphincs_Hash_Functions::H_msg_digest
virtual std::vector< uint8_t > H_msg_digest(StrongSpan< const SphincsMessageRandomness > r, const SphincsTreeNode &root, const SphincsMessageInternal &message)=0

Botan::Sphincs_Parameters
Definition sp_parameters.h:45

Botan::Sphincs_Parameters::hash_type
Sphincs_Hash_Type hash_type() const
Definition sp_parameters.h:71

Botan::StrongSpan
Definition strong_type.h:614

Botan::Strong< std::vector< uint8_t >, struct SphincsPublicSeed_ >

T
FE_25519 T
Definition ge.cpp:34

Botan
Definition alg_id.cpp:13

Botan::root
Gf448Elem root(const Gf448Elem &elem)
Compute the root of elem in the field.
Definition curve448_gf.cpp:354

Botan::Sphincs_Hash_Type::Sha256
@ Sha256

Botan::Sphincs_Hash_Type::Haraka
@ Haraka
Haraka is currently not supported.

Botan::Sphincs_Hash_Type::Shake256
@ Shake256

Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:530

Botan::SphincsMessageInternal
M' representation of FIPS 205 (the input to slh_sign_internal and slh_verify_internal)
Definition sp_types.h:52