/src/botan/build/include/internal/botan/internal/dilithium_round3_symmetric_primitives.h

Source (jump to first uncovered line)
/*
* Asymmetric primitives for Dilithium round 3
* (C) 2022 Jack Lloyd
*     2022 Manuel Glaser, Michael Boric, René Meusel - Rohde & Schwarz Cybersecurity
*     2024 René Meusel - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#ifndef BOTAN_DILITHIUM_ROUND3_SYM_PRIMITIVES_H_
#define BOTAN_DILITHIUM_ROUND3_SYM_PRIMITIVES_H_

#include <botan/internal/dilithium_keys.h>
#include <botan/internal/dilithium_symmetric_primitives.h>

#include <botan/rng.h>

namespace Botan {

class Dilithium_Expanded_Keypair_Codec final : public Dilithium_Keypair_Codec {
   public:
      secure_vector<uint8_t> encode_keypair(DilithiumInternalKeypair keypair) const override;
      DilithiumInternalKeypair decode_keypair(std::span<const uint8_t> private_key,
                                              DilithiumConstants mode) const override;
};

class Dilithium_Round3_Symmetric_Primitives : public Dilithium_Symmetric_Primitives_Base {
   private:
      /// Rho prime (deterministic) computation for Dilithium R3 instances
      DilithiumSeedRhoPrime H(StrongSpan<const DilithiumSigningSeedK> k,
                              StrongSpan<const DilithiumMessageRepresentative> mu) const {
         return H_256<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES, k, mu);
      }

   public:
      using Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base;

      DilithiumSeedRhoPrime H_maybe_randomized(
         StrongSpan<const DilithiumSigningSeedK> k,
         StrongSpan<const DilithiumMessageRepresentative> mu,
         std::optional<std::reference_wrapper<RandomNumberGenerator>> rng) const final {
         // Dilitihium R3, Figure 4, l. 12:
         //   p' in {0, 1}^512 := H(K || mu) (or p' <- {0, 1}^512 for randomized signing)
         return (rng.has_value())
                   ? rng->get().random_vec<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES)
                   : H(k, mu);
      }

      StrongSpan<const DilithiumCommitmentHash> truncate_commitment_hash(
         StrongSpan<const DilithiumCommitmentHash> seed) const final {
         return StrongSpan<const DilithiumCommitmentHash>(
            seed.get().first(DilithiumConstants::COMMITMENT_HASH_C1_BYTES));
      }

      std::optional<std::array<uint8_t, 2>> seed_expansion_domain_separator() const final {
         // Dilithium does not require domain separation when expanding its
         // seeds from the input randomness.
         return std::nullopt;
      }
};

}  // namespace Botan

#endif

Coverage Report

Created: 2025-04-11 06:34

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Asymmetric primitives for Dilithium round 3
3		* (C) 2022 Jack Lloyd
4		* 2022 Manuel Glaser, Michael Boric, René Meusel - Rohde & Schwarz Cybersecurity
5		* 2024 René Meusel - Rohde & Schwarz Cybersecurity
6		*
7		* Botan is released under the Simplified BSD License (see license.txt)
8		*/
9
10		#ifndef BOTAN_DILITHIUM_ROUND3_SYM_PRIMITIVES_H_
11		#define BOTAN_DILITHIUM_ROUND3_SYM_PRIMITIVES_H_
12
13		#include <botan/internal/dilithium_keys.h>
14		#include <botan/internal/dilithium_symmetric_primitives.h>
15
16		#include <botan/rng.h>
17
18		namespace Botan {
19
20		class Dilithium_Expanded_Keypair_Codec final : public Dilithium_Keypair_Codec {
21		public:
22		secure_vector<uint8_t> encode_keypair(DilithiumInternalKeypair keypair) const override;
23		DilithiumInternalKeypair decode_keypair(std::span<const uint8_t> private_key,
24		DilithiumConstants mode) const override;
25		};
26
27		class Dilithium_Round3_Symmetric_Primitives : public Dilithium_Symmetric_Primitives_Base {
28		private:
29		/// Rho prime (deterministic) computation for Dilithium R3 instances
30		DilithiumSeedRhoPrime H(StrongSpan<const DilithiumSigningSeedK> k,
31	0	StrongSpan<const DilithiumMessageRepresentative> mu) const {
32	0	return H_256<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES, k, mu);
33	0	}
34
35		public:
36		using Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base;
37
38		DilithiumSeedRhoPrime H_maybe_randomized(
39		StrongSpan<const DilithiumSigningSeedK> k,
40		StrongSpan<const DilithiumMessageRepresentative> mu,
41	0	std::optional<std::reference_wrapper<RandomNumberGenerator>> rng) const final {
42		// Dilitihium R3, Figure 4, l. 12:
43		// p' in {0, 1}^512 := H(K \|\| mu) (or p' <- {0, 1}^512 for randomized signing)
44	0	return (rng.has_value())
45	0	? rng->get().random_vec<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES)
46	0	: H(k, mu);
47	0	}
48
49		StrongSpan<const DilithiumCommitmentHash> truncate_commitment_hash(
50	0	StrongSpan<const DilithiumCommitmentHash> seed) const final {
51	0	return StrongSpan<const DilithiumCommitmentHash>(
52	0	seed.get().first(DilithiumConstants::COMMITMENT_HASH_C1_BYTES));
53	0	}
54
55	0	std::optional<std::array<uint8_t, 2>> seed_expansion_domain_separator() const final {
56		// Dilithium does not require domain separation when expanding its
57		// seeds from the input randomness.
58	0	return std::nullopt;
59	0	}
60		};
61
62		} // namespace Botan
63
64		#endif