Botan 3.6.1
Crypto and TLS for C&
sp_hash.h
Go to the documentation of this file.
1/*
2 * SLH-DSA Hash Function Interface
3 * (C) 2023 Jack Lloyd
4 * 2023 Fabian Albert, René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 **/
8
9#ifndef BOTAN_SP_HASH_H_
10#define BOTAN_SP_HASH_H_
11
12#include <botan/hash.h>
13#include <botan/sp_parameters.h>
14#include <botan/internal/sp_address.h>
15#include <botan/internal/sp_types.h>
16
17namespace Botan {
18
19/**
20 * A collection of pseudorandom hash functions required for SLH-DSA
21 * computations. See FIPS 205, Section 11.2.1 and 11.2.2.
22 **/
23class BOTAN_TEST_API Sphincs_Hash_Functions {
24 public:
25 virtual ~Sphincs_Hash_Functions() = default;
26
27 /**
28 * Creates a Sphincs_Hash_Functions object instantiating the hash
29 * functions used for the specified @p sphincs_params. The @p pub_seed is
30 * used to seed the hash functions (possibly padded). This is pre-computed
31 * and the respective state is copied on the further calls on H(seed) with
32 * tweak_hash, i.e., T and PRF.
33 */
34 static std::unique_ptr<Sphincs_Hash_Functions> create(const Sphincs_Parameters& sphincs_params,
35 const SphincsPublicSeed& pub_seed);
36
37 std::tuple<SphincsHashedMessage, XmssTreeIndexInLayer, TreeNodeIndex> H_msg(
38 StrongSpan<const SphincsMessageRandomness> r,
39 const SphincsTreeNode& root,
40 const SphincsMessageInternal& message);
41
42 /**
43 * Using SK.PRF, the optional randomness, and a message, computes the message random R,
44 * and the tree and leaf indices.
45 *
46 * @param out output location for the message hash
47 * @param sk_prf SK.PRF
48 * @param opt_rand optional randomness
49 * @param msg message
50 */
51 virtual void PRF_msg(StrongSpan<SphincsMessageRandomness> out,
52 StrongSpan<const SphincsSecretPRF> sk_prf,
53 StrongSpan<const SphincsOptionalRandomness> opt_rand,
54 const SphincsMessageInternal& msg) = 0;
55
56 template <typename... BufferTs>
57 void T(std::span<uint8_t> out, const Sphincs_Address& address, BufferTs&&... in) {
58 auto& hash = tweak_hash(address, (std::forward<BufferTs>(in).size() + ...));
59 (hash.update(std::forward<BufferTs>(in)), ...);
60 hash.final(out);
61 }
62
63 template <typename OutT = std::vector<uint8_t>, typename... BufferTs>
64 OutT T(const Sphincs_Address& address, BufferTs&&... in) {
65 OutT t(m_sphincs_params.n());
66 T(t, address, std::forward<BufferTs>(in)...);
67 return t;
68 }
69
70 void PRF(StrongSpan<ForsLeafSecret> out, const SphincsSecretSeed& sk_seed, const Sphincs_Address& address) {
71 T(out, address, sk_seed);
72 }
73
74 void PRF(StrongSpan<WotsNode> out, const SphincsSecretSeed& sk_seed, const Sphincs_Address& address) {
75 T(out, address, sk_seed);
76 }
77
78 virtual std::string msg_hash_function_name() const = 0;
79
80 protected:
81 Sphincs_Hash_Functions(const Sphincs_Parameters& sphincs_params, const SphincsPublicSeed& pub_seed);
82
83 /**
84 * Prepare the underlying hash function for hashing any given input
85 * depending on the expected input length.
86 *
87 * @param address the SLH-DSA address of the hash to be tweaked
88 * @param input_length the input buffer length that will be processed
89 * with the tweaked hash (typically N or 2*N)
90 * @returns a reference to a Botan::HashFunction that is preconditioned
91 * with the given tweaking parameters.
92 *
93 * @note Callers are expected to finalize (i.e. reset) the returned
94 * HashFunction after use.
95 */
96 virtual HashFunction& tweak_hash(const Sphincs_Address& address, size_t input_length) = 0;
97
98 virtual std::vector<uint8_t> H_msg_digest(StrongSpan<const SphincsMessageRandomness> r,
99 const SphincsTreeNode& root,
100 const SphincsMessageInternal& message) = 0;
101
102 const Sphincs_Parameters& m_sphincs_params;
103 const SphincsPublicSeed& m_pub_seed;
104};
105
106} // namespace Botan
107
108#endif
Botan::Sphincs_Address
Definition sp_address.h:34
Botan::Sphincs_Hash_Functions
Definition sp_hash.h:23
Botan::Sphincs_Hash_Functions::T
void T(std::span< uint8_t > out, const Sphincs_Address &address, BufferTs &&... in)
Definition sp_hash.h:57
Botan::Sphincs_Hash_Functions::T
OutT T(const Sphincs_Address &address, BufferTs &&... in)
Definition sp_hash.h:64
Botan::Sphincs_Hash_Functions::m_pub_seed
const SphincsPublicSeed & m_pub_seed
Definition sp_hash.h:103
Botan::Sphincs_Hash_Functions::tweak_hash
virtual HashFunction & tweak_hash(const Sphincs_Address &address, size_t input_length)=0
Botan::Sphincs_Hash_Functions::m_sphincs_params
const Sphincs_Parameters & m_sphincs_params
Definition sp_hash.h:102
Botan::Sphincs_Hash_Functions::PRF_msg
virtual void PRF_msg(StrongSpan< SphincsMessageRandomness > out, StrongSpan< const SphincsSecretPRF > sk_prf, StrongSpan< const SphincsOptionalRandomness > opt_rand, const SphincsMessageInternal &msg)=0
Botan::Sphincs_Hash_Functions::~Sphincs_Hash_Functions
virtual ~Sphincs_Hash_Functions()=default
Botan::Sphincs_Hash_Functions::H_msg_digest
virtual std::vector< uint8_t > H_msg_digest(StrongSpan< const SphincsMessageRandomness > r, const SphincsTreeNode &root, const SphincsMessageInternal &message)=0
Botan::Sphincs_Hash_Functions::PRF
void PRF(StrongSpan< WotsNode > out, const SphincsSecretSeed &sk_seed, const Sphincs_Address &address)
Definition sp_hash.h:74
Botan::Sphincs_Hash_Functions::PRF
void PRF(StrongSpan< ForsLeafSecret > out, const SphincsSecretSeed &sk_seed, const Sphincs_Address &address)
Definition sp_hash.h:70
Botan::Sphincs_Hash_Functions::msg_hash_function_name
virtual std::string msg_hash_function_name() const =0
Botan::Sphincs_Parameters
Definition sp_parameters.h:45
BOTAN_TEST_API
#define BOTAN_TEST_API
Definition compiler.h:51
T
FE_25519 T
Definition ge.cpp:34
Botan::SphincsMessageInternal
M' representation of FIPS 205 (the input to slh_sign_internal and slh_verify_internal)
Definition sp_types.h:52
Generated by doxygen 1.12.0