Botan  2.7.0
Crypto and TLS for C++11
xmss_hash.h
Go to the documentation of this file.
1 /*
2  * XMSS Hash
3  * (C) 2016,2017 Matthias Gierlings
4  *
5  * Botan is released under the Simplified BSD License (see license.txt)
6  **/
7 
8 #ifndef BOTAN_XMSS_HASH_H_
9 #define BOTAN_XMSS_HASH_H_
10 
11 #include <botan/hash.h>
12 
13 namespace Botan {
14 
15 /**
16  * A collection of pseudorandom hash functions required for XMSS and WOTS
17  * computations.
18  **/
19 class XMSS_Hash final
20  {
21  public:
22  XMSS_Hash(const std::string& h_func_name);
23  XMSS_Hash(const XMSS_Hash& hash);
24 
25  /**
26  * Pseudoranom function creating a hash out of a key and data using
27  * a cryptographic hash function.
28  *
29  * @param[out] result The hash calculated using key and data.
30  * @param[in] key An n-byte key value.
31  * @param[in] data A 32-byte XMSS_Address data value
32  **/
33  inline void prf(secure_vector<uint8_t>& result,
34  const secure_vector<uint8_t>& key,
35  const secure_vector<uint8_t>& data)
36  {
37  m_hash->update(m_zero_padding);
38  m_hash->update(m_id_prf);
39  m_hash->update(key);
40  m_hash->update(data);
41  m_hash->final(result);
42  }
43 
44  /**
45  * Pseudoranom function creating a hash out of a key and data using
46  * a cryptographic hash function.
47  *
48  * @param[in] key An n-byte key value.
49  * @param[in] data A 32-byte XMSS_Address data value
50  * @return result The hash calculated using key and data.
51  **/
53  const secure_vector<uint8_t>& data)
54  {
55  m_hash->update(m_zero_padding);
56  m_hash->update(m_id_prf);
57  m_hash->update(key);
58  m_hash->update(data);
59  return m_hash->final();
60  }
61 
62  /**
63  * F is a keyed cryptographic hash function used by the WOTS+ algorithm.
64  *
65  * @param[out] result The hash calculated using key and data.
66  * @param[in] key key of length n bytes.
67  * @param[in] data string of arbitrary length.
68  **/
69  void f(secure_vector<uint8_t>& result,
70  const secure_vector<uint8_t>& key,
71  const secure_vector<uint8_t>& data)
72  {
73  m_hash->update(m_zero_padding);
74  m_hash->update(m_id_f);
75  m_hash->update(key);
76  m_hash->update(data);
77  m_hash->final(result);
78  }
79 
80  /**
81  * Cryptographic hash function h accepting n byte keys and 2n byte
82  * strings of data.
83  *
84  * @param[out] result The hash calculated using key and data.
85  * @param[in] key key of length n bytes.
86  * @param[in] data string of 2n bytes length.
87  **/
88  void h(secure_vector<uint8_t>& result,
89  const secure_vector<uint8_t>& key,
90  const secure_vector<uint8_t>& data);
91 
92  /**
93  * Cryptographic hash function h accepting 3n byte keys and data
94  * strings of arbitrary length.
95  *
96  * @param randomness n-byte value.
97  * @param root n-byte root node.
98  * @param index_bytes Index value padded with leading zeros.
99  * @param data string of arbitrary length.
100  *
101  * @return hash value of n-bytes length.
102  **/
104  const secure_vector<uint8_t>& root,
105  const secure_vector<uint8_t>& index_bytes,
106  const secure_vector<uint8_t>& data);
107 
108  /**
109  * Initializes buffered h_msg computation with prefix data.
110  *
111  * @param randomness random n-byte value.
112  * @param root n-byte root node.
113  * @param index_bytes Index value padded with leading zeros.
114  **/
115  void h_msg_init(const secure_vector<uint8_t>& randomness,
116  const secure_vector<uint8_t>& root,
117  const secure_vector<uint8_t>& index_bytes);
118 
119  /**
120  * Adds a message block to buffered h_msg computation.
121  *
122  * @param data A message block
123  * @param size Length of the message block in bytes.
124  **/
125  void h_msg_update(const uint8_t data[], size_t size);
126 
127  /**
128  * Finalizes buffered h_msg computation and retrieves the result.
129  *
130  * @return Hash calculated using the prefix set by h_msg_init() and
131  * message blocks provided through calls to h_msg_update().
132  **/
134 
135  size_t output_length() const { return m_output_length; }
136 
137  private:
138  static const uint8_t m_id_f = 0x00;
139  static const uint8_t m_id_h = 0x01;
140  static const uint8_t m_id_hmsg = 0x02;
141  static const uint8_t m_id_prf = 0x03;
142 
143  std::unique_ptr<HashFunction> m_hash;
144  std::unique_ptr<HashFunction> m_msg_hash;
145  //32 byte id prefixes prepended to the hash input.
146  std::vector<uint8_t> m_zero_padding;
147  size_t m_output_length;
148  const std::string m_hash_func_name;
149 
150  };
151 
152 }
153 
154 #endif
secure_vector< uint8_t > h_msg_final()
Definition: xmss_hash.cpp:64
XMSS_Hash(const std::string &h_func_name)
Definition: xmss_hash.cpp:20
void h(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.cpp:36
void h_msg_update(const uint8_t data[], size_t size)
Definition: xmss_hash.cpp:59
void f(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:69
secure_vector< uint8_t > h_msg(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes, const secure_vector< uint8_t > &data)
Definition: xmss_hash.cpp:70
secure_vector< uint8_t > prf(const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:52
void prf(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:33
Definition: alg_id.cpp:13
void h_msg_init(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes)
Definition: xmss_hash.cpp:47
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
MechanismType hash
size_t output_length() const
Definition: xmss_hash.h:135