Botan  2.15.0
Crypto and TLS for C++11
xmss_hash.h
Go to the documentation of this file.
1 /*
2  * XMSS Hash
3  * (C) 2016,2017 Matthias Gierlings
4  *
5  * Botan is released under the Simplified BSD License (see license.txt)
6  **/
7 
8 #ifndef BOTAN_XMSS_HASH_H_
9 #define BOTAN_XMSS_HASH_H_
10 
11 #include <botan/hash.h>
12 
13 //BOTAN_FUTURE_INTERNAL_HEADER(xmss_hash.h)
14 
15 namespace Botan {
16 
17 /**
18  * A collection of pseudorandom hash functions required for XMSS and WOTS
19  * computations.
20  **/
22  {
23  public:
24  XMSS_Hash(const std::string& h_func_name);
25  XMSS_Hash(const XMSS_Hash& hash);
26 
27  /**
28  * Pseudoranom function creating a hash out of a key and data using
29  * a cryptographic hash function.
30  *
31  * @param[out] result The hash calculated using key and data.
32  * @param[in] key An n-byte key value.
33  * @param[in] data A 32-byte XMSS_Address data value
34  **/
35  inline void prf(secure_vector<uint8_t>& result,
36  const secure_vector<uint8_t>& key,
37  const secure_vector<uint8_t>& data)
38  {
39  m_hash->update(m_zero_padding);
40  m_hash->update(m_id_prf);
41  m_hash->update(key);
42  m_hash->update(data);
43  m_hash->final(result);
44  }
45 
46  /**
47  * Pseudoranom function creating a hash out of a key and data using
48  * a cryptographic hash function.
49  *
50  * @param[in] key An n-byte key value.
51  * @param[in] data A 32-byte XMSS_Address data value
52  * @return result The hash calculated using key and data.
53  **/
55  const secure_vector<uint8_t>& data)
56  {
57  m_hash->update(m_zero_padding);
58  m_hash->update(m_id_prf);
59  m_hash->update(key);
60  m_hash->update(data);
61  return m_hash->final();
62  }
63 
64  /**
65  * F is a keyed cryptographic hash function used by the WOTS+ algorithm.
66  *
67  * @param[out] result The hash calculated using key and data.
68  * @param[in] key key of length n bytes.
69  * @param[in] data string of arbitrary length.
70  **/
71  void f(secure_vector<uint8_t>& result,
72  const secure_vector<uint8_t>& key,
73  const secure_vector<uint8_t>& data)
74  {
75  m_hash->update(m_zero_padding);
76  m_hash->update(m_id_f);
77  m_hash->update(key);
78  m_hash->update(data);
79  m_hash->final(result);
80  }
81 
82  /**
83  * Cryptographic hash function h accepting n byte keys and 2n byte
84  * strings of data.
85  *
86  * @param[out] result The hash calculated using key and data.
87  * @param[in] key key of length n bytes.
88  * @param[in] data string of 2n bytes length.
89  **/
90  void h(secure_vector<uint8_t>& result,
91  const secure_vector<uint8_t>& key,
92  const secure_vector<uint8_t>& data);
93 
94  /**
95  * Cryptographic hash function h accepting 3n byte keys and data
96  * strings of arbitrary length.
97  *
98  * @param randomness n-byte value.
99  * @param root n-byte root node.
100  * @param index_bytes Index value padded with leading zeros.
101  * @param data string of arbitrary length.
102  *
103  * @return hash value of n-bytes length.
104  **/
106  const secure_vector<uint8_t>& root,
107  const secure_vector<uint8_t>& index_bytes,
108  const secure_vector<uint8_t>& data);
109 
110  /**
111  * Initializes buffered h_msg computation with prefix data.
112  *
113  * @param randomness random n-byte value.
114  * @param root n-byte root node.
115  * @param index_bytes Index value padded with leading zeros.
116  **/
117  void h_msg_init(const secure_vector<uint8_t>& randomness,
118  const secure_vector<uint8_t>& root,
119  const secure_vector<uint8_t>& index_bytes);
120 
121  /**
122  * Adds a message block to buffered h_msg computation.
123  *
124  * @param data A message block
125  * @param size Length of the message block in bytes.
126  **/
127  void h_msg_update(const uint8_t data[], size_t size);
128 
129  /**
130  * Finalizes buffered h_msg computation and retrieves the result.
131  *
132  * @return Hash calculated using the prefix set by h_msg_init() and
133  * message blocks provided through calls to h_msg_update().
134  **/
136 
137  size_t output_length() const { return m_output_length; }
138 
139  private:
140  static const uint8_t m_id_f = 0x00;
141  static const uint8_t m_id_h = 0x01;
142  static const uint8_t m_id_hmsg = 0x02;
143  static const uint8_t m_id_prf = 0x03;
144 
145  std::unique_ptr<HashFunction> m_hash;
146  std::unique_ptr<HashFunction> m_msg_hash;
147  //32 byte id prefixes prepended to the hash input.
148  std::vector<uint8_t> m_zero_padding;
149  size_t m_output_length;
150  const std::string m_hash_func_name;
151 
152  };
153 
154 }
155 
156 #endif
secure_vector< uint8_t > h_msg_final()
Definition: xmss_hash.cpp:64
XMSS_Hash(const std::string &h_func_name)
Definition: xmss_hash.cpp:20
void h(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.cpp:36
void h_msg_update(const uint8_t data[], size_t size)
Definition: xmss_hash.cpp:59
int(* final)(unsigned char *, CTX *)
void f(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:71
secure_vector< uint8_t > h_msg(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes, const secure_vector< uint8_t > &data)
Definition: xmss_hash.cpp:70
secure_vector< uint8_t > prf(const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:54
void prf(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:35
Definition: alg_id.cpp:13
void h_msg_init(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes)
Definition: xmss_hash.cpp:47
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
MechanismType hash
size_t output_length() const
Definition: xmss_hash.h:137