/src/botan/build/include/internal/botan/internal/kyber_90s.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Symmetric primitives for Kyber (90s mode) |
3 | | * (C) 2022-2024 Jack Lloyd |
4 | | * (C) 2022 Hannes Rantzsch, René Meusel, neXenio GmbH |
5 | | * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity |
6 | | * |
7 | | * Botan is released under the Simplified BSD License (see license.txt) |
8 | | */ |
9 | | |
10 | | #ifndef BOTAN_KYBER_90S_H_ |
11 | | #define BOTAN_KYBER_90S_H_ |
12 | | |
13 | | #include <botan/hash.h> |
14 | | #include <botan/internal/aes_crystals_xof.h> |
15 | | |
16 | | #include <botan/internal/kyber_symmetric_primitives.h> |
17 | | |
18 | | #include <array> |
19 | | #include <memory> |
20 | | |
21 | | namespace Botan { |
22 | | |
23 | | class Kyber_90s_Symmetric_Primitives final : public Kyber_Symmetric_Primitives { |
24 | | public: |
25 | | Kyber_90s_Symmetric_Primitives() : |
26 | 0 | m_sha512(HashFunction::create_or_throw("SHA-512")), |
27 | 0 | m_sha256(HashFunction::create_or_throw("SHA-256")), |
28 | 0 | m_aes256_xof(std::make_unique<AES_256_CTR_XOF>()) {} |
29 | | |
30 | | protected: |
31 | 0 | std::optional<std::array<uint8_t, 1>> seed_expansion_domain_separator(const KyberConstants&) const override { |
32 | 0 | return {}; |
33 | 0 | } |
34 | | |
35 | 0 | HashFunction& get_G() const override { return *m_sha512; } |
36 | | |
37 | 0 | HashFunction& get_H() const override { return *m_sha256; } |
38 | | |
39 | 0 | HashFunction& get_J() const override { throw Invalid_State("Kyber-R3 in 90s mode does not support J()"); } |
40 | | |
41 | 0 | HashFunction& get_KDF() const override { return *m_sha256; } |
42 | | |
43 | 0 | Botan::XOF& get_PRF(std::span<const uint8_t> seed, const uint8_t nonce) const override { |
44 | 0 | m_aes256_xof->clear(); |
45 | 0 | const std::array<uint8_t, 12> nonce_buffer{nonce, 0}; |
46 | 0 | m_aes256_xof->start(nonce_buffer, seed); |
47 | 0 | return *m_aes256_xof; |
48 | 0 | } |
49 | | |
50 | 0 | Botan::XOF& get_XOF(std::span<const uint8_t> seed, std::tuple<uint8_t, uint8_t> mpos) const override { |
51 | 0 | m_aes256_xof->clear(); |
52 | 0 | const std::array<uint8_t, 12> iv{std::get<0>(mpos), std::get<1>(mpos), 0}; |
53 | 0 | m_aes256_xof->start(iv, seed); |
54 | 0 | return *m_aes256_xof; |
55 | 0 | } |
56 | | |
57 | | private: |
58 | | std::unique_ptr<HashFunction> m_sha512; |
59 | | std::unique_ptr<HashFunction> m_sha256; |
60 | | mutable std::unique_ptr<AES_256_CTR_XOF> m_aes256_xof; |
61 | | }; |
62 | | |
63 | | } // namespace Botan |
64 | | |
65 | | #endif |