Class: H2C::Expander::XMD

Inherits:

Object

• Object
• H2C::Expander::XMD

Defined in:

lib/h2c/expander/xmd.rb

Overview

Expander::XML produces a uniformly random byte string using a cryptographic hash function H that outputs b bits.

Instance Attribute Summary

• #digest ⇒ Object readonly

  Returns the value of attribute digest.

• #dst ⇒ Object readonly

  Returns the value of attribute dst.

Instance Method Summary

• #construct_dst_prime ⇒ String

  Construct DST prime.

• #expand(msg, len) ⇒ String

  Expand message.

• #initialize(func, dst) ⇒ XMD constructor

  Constructor.

Constructor Details

#initialize(func, dst) ⇒ XMD

Constructor

Parameters:

• func (String) —

  Hash function name. Currently supported by ‘SHA256’ and ‘SHA512’

• dst (String) —

  Domain separation tag with binary format.

Raises:

• (H2C::Error) —

  If invalid func specified.

# File 'lib/h2c/expander/xmd.rb', line 13

def initialize(func, dst)
  @dst = dst
  @digest =
    case func
    when HashFunc::SHA256
      Digest(HashFunc::SHA256).new
    when HashFunc::SHA512
      Digest(HashFunc::SHA512).new
    else
      raise H2C::Error, "func #{func} is unsupported."
    end
end

Instance Attribute Details

#digest ⇒ Object (readonly)

Returns the value of attribute digest.

# File 'lib/h2c/expander/xmd.rb', line 8

def digest
  @digest
end

#dst ⇒ Object (readonly)

Returns the value of attribute dst.

# File 'lib/h2c/expander/xmd.rb', line 8

def dst
  @dst
end

Instance Method Details

#construct_dst_prime ⇒ String

Construct DST prime.

Returns:

• (String) —

  DST prime

# File 'lib/h2c/expander/xmd.rb', line 71

def construct_dst_prime
  dst_prime =
    if dst.bytesize > MAX_DST_LENGTH
      digest.digest(LONG_DST_PREFIX + dst)
    else
      dst
    end
  dst_prime + [dst_prime.bytesize].pack("C")
end

#expand(msg, len) ⇒ String

Expand message. www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#name-expand_message_xmd

Parameters:

• msg (String) —

  The message to be expanded with binary format.

• len (Integer) —

  The length of the requested output in bytes.

Returns:

• (String) —

  Expanded message.

Raises:

• (H2C::Error)

# File 'lib/h2c/expander/xmd.rb', line 32

def expand(msg, len)
  b_len = digest.digest_length
  ell = (len + b_len - 1) / b_len
  dst_prime = construct_dst_prime

  if ell >= 0xff || len >= 0xffff || dst_prime.bytesize >= 0xff
    raise H2C::Error, "requested too many bytes"
  end
  lib_str = [(len >> 8) & 0xFF, (len & 0xff)].pack("CC")
  z_pad = Array.new(digest.block_length, 0)

  digest.reset
  digest.update(z_pad.pack("C*"))
  digest.update(msg)
  digest.update(lib_str)
  digest.update([0].pack("C"))
  digest.update(dst_prime)

  b0 = digest.digest
  digest.reset
  digest.update(b0)
  digest.update([1].pack("C"))
  digest.update(dst_prime)

  bi = digest.digest
  pseudo = bi
  (2..(ell + 1)).each do |i|
    digest.reset
    digest.update(Expander.xor(b0, bi))
    digest.update([i].pack("C"))
    digest.update(dst_prime)
    bi = digest.digest
    pseudo += bi
  end
  pseudo[0...len]
end