Botan 3.4.0
Crypto and TLS for C&
sp_hash.h
Go to the documentation of this file.
1/*
2 * SPHINCS+ Hashes
3 * (C) 2023 Jack Lloyd
4 * 2023 Fabian Albert, René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 **/
8
9#ifndef BOTAN_SP_HASH_H_
10#define BOTAN_SP_HASH_H_
11
12#include <botan/hash.h>
13#include <botan/sp_parameters.h>
14#include <botan/internal/sp_address.h>
15#include <botan/internal/sp_types.h>
16
17namespace Botan {
18
19/**
20 * A collection of pseudorandom hash functions required for SPHINCS+
21 * computations.
22 **/
23class BOTAN_TEST_API Sphincs_Hash_Functions {
24 public:
25 virtual ~Sphincs_Hash_Functions() = default;
26
27 /**
28 * Creates a Sphincs_Hash_Functions object instantiating the hash
29 * functions used for the specified @p sphincs_params. The @p pub_seed is
30 * used to seed the hash functions (possibly padded). This is pre-computed
31 * and the respective state is copied on the further calls on H(seed) with
32 * tweak_hash, i.e., T and PRF.
33 */
34 static std::unique_ptr<Sphincs_Hash_Functions> create(const Sphincs_Parameters& sphincs_params,
35 const SphincsPublicSeed& pub_seed);
36
37 public:
38 std::tuple<SphincsHashedMessage, XmssTreeIndexInLayer, TreeNodeIndex> H_msg(
39 StrongSpan<const SphincsMessageRandomness> r, const SphincsTreeNode& root, std::span<const uint8_t> message);
40
41 /**
42 * Using SK.PRF, the optional randomness, and a message, computes the message random R,
43 * and the tree and leaf indices.
44 *
45 * @param out output location for the message hash
46 * @param sk_prf SK.PRF
47 * @param opt_rand optional randomness
48 * @param msg message
49 */
50 virtual void PRF_msg(StrongSpan<SphincsMessageRandomness> out,
51 const SphincsSecretPRF& sk_prf,
52 const SphincsOptionalRandomness& opt_rand,
53 std::span<const uint8_t> msg) = 0;
54
55 template <typename... BufferTs>
56 void T(std::span<uint8_t> out, const Sphincs_Address& address, BufferTs&&... in) {
57 auto& hash = tweak_hash(address, (std::forward<BufferTs>(in).size() + ...));
58 (hash.update(std::forward<BufferTs>(in)), ...);
59 hash.final(out);
60 }
61
62 template <typename OutT = std::vector<uint8_t>, typename... BufferTs>
63 OutT T(const Sphincs_Address& address, BufferTs&&... in) {
64 OutT t(m_sphincs_params.n());
65 T(t, address, std::forward<BufferTs>(in)...);
66 return t;
67 }
68
69 void PRF(StrongSpan<ForsLeafSecret> out, const SphincsSecretSeed& sk_seed, const Sphincs_Address& address) {
70 T(out, address, sk_seed);
71 }
72
73 void PRF(StrongSpan<WotsNode> out, const SphincsSecretSeed& sk_seed, const Sphincs_Address& address) {
74 T(out, address, sk_seed);
75 }
76
77 virtual std::string msg_hash_function_name() const = 0;
78
79 protected:
80 Sphincs_Hash_Functions(const Sphincs_Parameters& sphincs_params, const SphincsPublicSeed& pub_seed);
81
82 /**
83 * Prepare the underlying hash function for hashing any given input
84 * depending on the expected input length.
85 *
86 * @param address the SPHINCS+ address of the hash to be tweaked
87 * @param input_length the input buffer length that will be processed
88 * with the tweaked hash (typically N or 2*N)
89 * @returns a reference to a Botan::HashFunction that is preconditioned
90 * with the given tweaking parameters.
91 *
92 * @note Callers are expected to finalize (i.e. reset) the returned
93 * HashFunction after use.
94 */
95 virtual HashFunction& tweak_hash(const Sphincs_Address& address, size_t input_length) = 0;
96
97 virtual std::vector<uint8_t> H_msg_digest(StrongSpan<const SphincsMessageRandomness> r,
98 const SphincsTreeNode& root,
99 std::span<const uint8_t> message) = 0;
100
101 const Sphincs_Parameters& m_sphincs_params;
102 const SphincsPublicSeed& m_pub_seed;
103};
104
105} // namespace Botan
106
107#endif
Botan::Sphincs_Address
Definition sp_address.h:34
Botan::Sphincs_Hash_Functions
Definition sp_hash.h:23
Botan::Sphincs_Hash_Functions::H_msg_digest
virtual std::vector< uint8_t > H_msg_digest(StrongSpan< const SphincsMessageRandomness > r, const SphincsTreeNode &root, std::span< const uint8_t > message)=0
Botan::Sphincs_Hash_Functions::T
void T(std::span< uint8_t > out, const Sphincs_Address &address, BufferTs &&... in)
Definition sp_hash.h:56
Botan::Sphincs_Hash_Functions::T
OutT T(const Sphincs_Address &address, BufferTs &&... in)
Definition sp_hash.h:63
Botan::Sphincs_Hash_Functions::m_pub_seed
const SphincsPublicSeed & m_pub_seed
Definition sp_hash.h:102
Botan::Sphincs_Hash_Functions::tweak_hash
virtual HashFunction & tweak_hash(const Sphincs_Address &address, size_t input_length)=0
Botan::Sphincs_Hash_Functions::m_sphincs_params
const Sphincs_Parameters & m_sphincs_params
Definition sp_hash.h:101
Botan::Sphincs_Hash_Functions::PRF_msg
virtual void PRF_msg(StrongSpan< SphincsMessageRandomness > out, const SphincsSecretPRF &sk_prf, const SphincsOptionalRandomness &opt_rand, std::span< const uint8_t > msg)=0
Botan::Sphincs_Hash_Functions::~Sphincs_Hash_Functions
virtual ~Sphincs_Hash_Functions()=default
Botan::Sphincs_Hash_Functions::PRF
void PRF(StrongSpan< WotsNode > out, const SphincsSecretSeed &sk_seed, const Sphincs_Address &address)
Definition sp_hash.h:73
Botan::Sphincs_Hash_Functions::PRF
void PRF(StrongSpan< ForsLeafSecret > out, const SphincsSecretSeed &sk_seed, const Sphincs_Address &address)
Definition sp_hash.h:69
Botan::Sphincs_Hash_Functions::msg_hash_function_name
virtual std::string msg_hash_function_name() const =0
Botan::Sphincs_Parameters
Definition sp_parameters.h:38
BOTAN_TEST_API
#define BOTAN_TEST_API
Definition compiler.h:51
T
FE_25519 T
Definition ge.cpp:34
Generated by doxygen 1.10.0