Botan  2.1.0
Crypto and TLS for C++11
xmss_hash.h
Go to the documentation of this file.
1 /*
2  * XMSS Hash
3  * (C) 2016 Matthias Gierlings
4  *
5  * Botan is released under the Simplified BSD License (see license.txt)
6  **/
7 
8 #ifndef BOTAN_XMSS_HASH_H__
9 #define BOTAN_XMSS_HASH_H__
10 
11 #include <cstddef>
12 #include <string>
13 #include <botan/assert.h>
14 #include <botan/hash.h>
15 #include <botan/secmem.h>
16 #include <botan/types.h>
17 
18 namespace Botan {
19 
20 /**
21  * A collection of pseudorandom hash functions required for XMSS and WOTS
22  * computations.
23  **/
24 class XMSS_Hash
25  {
26  public:
27  XMSS_Hash(const std::string& h_func_name);
28  XMSS_Hash(const XMSS_Hash& hash);
29 
30  /**
31  * Pseudoranom function creating a hash out of a key and data using
32  * a cryptographic hash function.
33  *
34  * @param[out] result The hash calculated using key and data.
35  * @param[in] key An n-byte key value.
36  * @param[in] data A 32-byte XMSS_Address data value
37  **/
38  inline void prf(secure_vector<uint8_t>& result,
39  const secure_vector<uint8_t>& key,
40  const secure_vector<uint8_t>& data)
41  {
42  m_hash->update(m_zero_padding);
43  m_hash->update(m_id_prf);
44  m_hash->update(key);
45  m_hash->update(data);
46  m_hash->final(result);
47  }
48 
49  /**
50  * Pseudoranom function creating a hash out of a key and data using
51  * a cryptographic hash function.
52  *
53  * @param[in] key An n-byte key value.
54  * @param[in] data A 32-byte XMSS_Address data value
55  * @return result The hash calculated using key and data.
56  **/
58  const secure_vector<uint8_t>& data)
59  {
60  m_hash->update(m_zero_padding);
61  m_hash->update(m_id_prf);
62  m_hash->update(key);
63  m_hash->update(data);
64  return m_hash->final();
65  }
66 
67  /**
68  * F is a keyed cryptographic hash function used by the WOTS+ algorithm.
69  *
70  * @param[out] result The hash calculated using key and data.
71  * @param[in] key key of length n bytes.
72  * @param[in] data string of arbitrary length.
73  **/
74  void f(secure_vector<uint8_t>& result,
75  const secure_vector<uint8_t>& key,
76  const secure_vector<uint8_t>& data)
77  {
78  m_hash->update(m_zero_padding);
79  m_hash->update(m_id_f);
80  m_hash->update(key);
81  m_hash->update(data);
82  m_hash->final(result);
83  }
84 
85  /**
86  * Cryptographic hash function h accepting n byte keys and 2n byte
87  * strings of data.
88  *
89  * @param[out] result The hash calculated using key and data.
90  * @param[in] key key of length n bytes.
91  * @param[in] data string of 2n bytes length.
92  **/
93  void h(secure_vector<uint8_t>& result,
94  const secure_vector<uint8_t>& key,
95  const secure_vector<uint8_t>& data);
96 
97  /**
98  * Cryptographic hash function h accepting 3n byte keys and data
99  * strings of arbitrary length.
100  *
101  * @param randomness n-byte value.
102  * @param root n-byte root node.
103  * @param index_bytes Index value padded with leading zeros.
104  * @param data string of arbitrary length.
105  *
106  * @return hash value of n-bytes length.
107  **/
109  const secure_vector<uint8_t>& root,
110  const secure_vector<uint8_t>& index_bytes,
111  const secure_vector<uint8_t>& data);
112 
113  /**
114  * Initializes buffered h_msg computation with prefix data.
115  *
116  * @param randomness random n-byte value.
117  * @param root n-byte root node.
118  * @param index_bytes Index value padded with leading zeros.
119  **/
120  void h_msg_init(const secure_vector<uint8_t>& randomness,
121  const secure_vector<uint8_t>& root,
122  const secure_vector<uint8_t>& index_bytes);
123 
124  /**
125  * Adds a message block to buffered h_msg computation.
126  *
127  * @param data A message block
128  **/
129  void h_msg_update(const secure_vector<uint8_t>& data);
130 
131  /**
132  * Adds a message block to buffered h_msg computation.
133  *
134  * @param data A message block
135  * @param size Length of the message block in bytes.
136  **/
137  void h_msg_update(const uint8_t data[], size_t size);
138 
139  /**
140  * Finalizes buffered h_msg computation and retrieves the result.
141  *
142  * @return Hash calculated using the prefix set by h_msg_init() and
143  * message blocks provided through calls to h_msg_update().
144  **/
146 
147  size_t output_length() const { return m_output_length; }
148 
149  private:
150  static const uint8_t m_id_f = 0x00;
151  static const uint8_t m_id_h = 0x01;
152  static const uint8_t m_id_hmsg = 0x02;
153  static const uint8_t m_id_prf = 0x03;
154 
155  const std::string m_hash_func_name;
156  std::unique_ptr<HashFunction> m_hash;
157  std::unique_ptr<HashFunction> m_msg_hash;
158  size_t m_output_length;
159 
160  //32 byte id prefixes prepended to the hash input.
161  std::vector<uint8_t> m_zero_padding;
162  };
163 
164 }
165 
166 #endif
secure_vector< uint8_t > h_msg_final()
Definition: xmss_hash.cpp:69
XMSS_Hash(const std::string &h_func_name)
Definition: xmss_hash.cpp:20
void h_msg_update(const secure_vector< uint8_t > &data)
Definition: xmss_hash.cpp:59
void h(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.cpp:36
void f(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:74
secure_vector< uint8_t > h_msg(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes, const secure_vector< uint8_t > &data)
Definition: xmss_hash.cpp:75
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:121
secure_vector< uint8_t > prf(const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:57
void prf(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:38
Definition: alg_id.cpp:13
size_t output_length() const
Definition: xmss_hash.h:147
void h_msg_init(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes)
Definition: xmss_hash.cpp:47
MechanismType hash