/src/botan/build/include/botan/xmss_hash.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * XMSS Hash |
3 | | * (C) 2016,2017 Matthias Gierlings |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | **/ |
7 | | |
8 | | #ifndef BOTAN_XMSS_HASH_H_ |
9 | | #define BOTAN_XMSS_HASH_H_ |
10 | | |
11 | | #include <botan/hash.h> |
12 | | |
13 | | //BOTAN_FUTURE_INTERNAL_HEADER(xmss_hash.h) |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | | /** |
18 | | * A collection of pseudorandom hash functions required for XMSS and WOTS |
19 | | * computations. |
20 | | **/ |
21 | | class XMSS_Hash final |
22 | | { |
23 | | public: |
24 | | XMSS_Hash(const std::string& h_func_name); |
25 | | XMSS_Hash(const XMSS_Hash& hash); |
26 | | |
27 | | /** |
28 | | * Pseudoranom function creating a hash out of a key and data using |
29 | | * a cryptographic hash function. |
30 | | * |
31 | | * @param[out] result The hash calculated using key and data. |
32 | | * @param[in] key An n-byte key value. |
33 | | * @param[in] data A 32-byte XMSS_Address data value |
34 | | **/ |
35 | | inline void prf(secure_vector<uint8_t>& result, |
36 | | const secure_vector<uint8_t>& key, |
37 | | const secure_vector<uint8_t>& data) |
38 | 0 | { |
39 | 0 | m_hash->update(m_zero_padding); |
40 | 0 | m_hash->update(m_id_prf); |
41 | 0 | m_hash->update(key); |
42 | 0 | m_hash->update(data); |
43 | 0 | m_hash->final(result); |
44 | 0 | } |
45 | | |
46 | | /** |
47 | | * Pseudoranom function creating a hash out of a key and data using |
48 | | * a cryptographic hash function. |
49 | | * |
50 | | * @param[in] key An n-byte key value. |
51 | | * @param[in] data A 32-byte XMSS_Address data value |
52 | | * @return result The hash calculated using key and data. |
53 | | **/ |
54 | | inline secure_vector<uint8_t> prf(const secure_vector<uint8_t>& key, |
55 | | const secure_vector<uint8_t>& data) |
56 | 0 | { |
57 | 0 | m_hash->update(m_zero_padding); |
58 | 0 | m_hash->update(m_id_prf); |
59 | 0 | m_hash->update(key); |
60 | 0 | m_hash->update(data); |
61 | 0 | return m_hash->final(); |
62 | 0 | } |
63 | | |
64 | | /** |
65 | | * F is a keyed cryptographic hash function used by the WOTS+ algorithm. |
66 | | * |
67 | | * @param[out] result The hash calculated using key and data. |
68 | | * @param[in] key key of length n bytes. |
69 | | * @param[in] data string of arbitrary length. |
70 | | **/ |
71 | | void f(secure_vector<uint8_t>& result, |
72 | | const secure_vector<uint8_t>& key, |
73 | | const secure_vector<uint8_t>& data) |
74 | 0 | { |
75 | 0 | m_hash->update(m_zero_padding); |
76 | 0 | m_hash->update(m_id_f); |
77 | 0 | m_hash->update(key); |
78 | 0 | m_hash->update(data); |
79 | 0 | m_hash->final(result); |
80 | 0 | } |
81 | | |
82 | | /** |
83 | | * Cryptographic hash function h accepting n byte keys and 2n byte |
84 | | * strings of data. |
85 | | * |
86 | | * @param[out] result The hash calculated using key and data. |
87 | | * @param[in] key key of length n bytes. |
88 | | * @param[in] data string of 2n bytes length. |
89 | | **/ |
90 | | void h(secure_vector<uint8_t>& result, |
91 | | const secure_vector<uint8_t>& key, |
92 | | const secure_vector<uint8_t>& data); |
93 | | |
94 | | /** |
95 | | * Cryptographic hash function h accepting 3n byte keys and data |
96 | | * strings of arbitrary length. |
97 | | * |
98 | | * @param randomness n-byte value. |
99 | | * @param root n-byte root node. |
100 | | * @param index_bytes Index value padded with leading zeros. |
101 | | * @param data string of arbitrary length. |
102 | | * |
103 | | * @return hash value of n-bytes length. |
104 | | **/ |
105 | | secure_vector<uint8_t> h_msg(const secure_vector<uint8_t>& randomness, |
106 | | const secure_vector<uint8_t>& root, |
107 | | const secure_vector<uint8_t>& index_bytes, |
108 | | const secure_vector<uint8_t>& data); |
109 | | |
110 | | /** |
111 | | * Initializes buffered h_msg computation with prefix data. |
112 | | * |
113 | | * @param randomness random n-byte value. |
114 | | * @param root n-byte root node. |
115 | | * @param index_bytes Index value padded with leading zeros. |
116 | | **/ |
117 | | void h_msg_init(const secure_vector<uint8_t>& randomness, |
118 | | const secure_vector<uint8_t>& root, |
119 | | const secure_vector<uint8_t>& index_bytes); |
120 | | |
121 | | /** |
122 | | * Adds a message block to buffered h_msg computation. |
123 | | * |
124 | | * @param data A message block |
125 | | * @param size Length of the message block in bytes. |
126 | | **/ |
127 | | void h_msg_update(const uint8_t data[], size_t size); |
128 | | |
129 | | /** |
130 | | * Finalizes buffered h_msg computation and retrieves the result. |
131 | | * |
132 | | * @return Hash calculated using the prefix set by h_msg_init() and |
133 | | * message blocks provided through calls to h_msg_update(). |
134 | | **/ |
135 | | secure_vector<uint8_t> h_msg_final(); |
136 | | |
137 | 0 | size_t output_length() const { return m_output_length; } |
138 | | |
139 | | private: |
140 | | static const uint8_t m_id_f = 0x00; |
141 | | static const uint8_t m_id_h = 0x01; |
142 | | static const uint8_t m_id_hmsg = 0x02; |
143 | | static const uint8_t m_id_prf = 0x03; |
144 | | |
145 | | std::unique_ptr<HashFunction> m_hash; |
146 | | std::unique_ptr<HashFunction> m_msg_hash; |
147 | | //32 byte id prefixes prepended to the hash input. |
148 | | std::vector<uint8_t> m_zero_padding; |
149 | | size_t m_output_length; |
150 | | const std::string m_hash_func_name; |
151 | | |
152 | | }; |
153 | | |
154 | | } |
155 | | |
156 | | #endif |