Coverage Report

Created: 2024-11-29 06:10

/src/botan/build/include/internal/botan/internal/kyber_90s.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Symmetric primitives for Kyber (90s mode)
3
 * (C) 2022-2024 Jack Lloyd
4
 * (C) 2022 Hannes Rantzsch, René Meusel, neXenio GmbH
5
 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
6
 *
7
 * Botan is released under the Simplified BSD License (see license.txt)
8
 */
9
10
#ifndef BOTAN_KYBER_90S_H_
11
#define BOTAN_KYBER_90S_H_
12
13
#include <botan/hash.h>
14
#include <botan/internal/aes_crystals_xof.h>
15
16
#include <botan/internal/kyber_symmetric_primitives.h>
17
18
#include <array>
19
#include <memory>
20
21
namespace Botan {
22
23
class Kyber_90s_Symmetric_Primitives final : public Kyber_Symmetric_Primitives {
24
   public:
25
      Kyber_90s_Symmetric_Primitives() :
26
0
            m_sha512(HashFunction::create_or_throw("SHA-512")),
27
0
            m_sha256(HashFunction::create_or_throw("SHA-256")),
28
0
            m_aes256_xof(std::make_unique<AES_256_CTR_XOF>()) {}
29
30
   protected:
31
0
      std::optional<std::array<uint8_t, 1>> seed_expansion_domain_separator(const KyberConstants&) const override {
32
0
         return {};
33
0
      }
34
35
0
      HashFunction& get_G() const override { return *m_sha512; }
36
37
0
      HashFunction& get_H() const override { return *m_sha256; }
38
39
0
      HashFunction& get_J() const override { throw Invalid_State("Kyber-R3 in 90s mode does not support J()"); }
40
41
0
      HashFunction& get_KDF() const override { return *m_sha256; }
42
43
0
      Botan::XOF& get_PRF(std::span<const uint8_t> seed, const uint8_t nonce) const override {
44
0
         m_aes256_xof->clear();
45
0
         const std::array<uint8_t, 12> nonce_buffer{nonce, 0};
46
0
         m_aes256_xof->start(nonce_buffer, seed);
47
0
         return *m_aes256_xof;
48
0
      }
49
50
0
      Botan::XOF& get_XOF(std::span<const uint8_t> seed, std::tuple<uint8_t, uint8_t> mpos) const override {
51
0
         m_aes256_xof->clear();
52
0
         const std::array<uint8_t, 12> iv{std::get<0>(mpos), std::get<1>(mpos), 0};
53
0
         m_aes256_xof->start(iv, seed);
54
0
         return *m_aes256_xof;
55
0
      }
56
57
   private:
58
      std::unique_ptr<HashFunction> m_sha512;
59
      std::unique_ptr<HashFunction> m_sha256;
60
      mutable std::unique_ptr<AES_256_CTR_XOF> m_aes256_xof;
61
};
62
63
}  // namespace Botan
64
65
#endif