Botan  1.11.9
Public Member Functions | Static Public Member Functions | List of all members
Botan::RTSS_Share Class Reference

#include <tss.h>

Public Member Functions

bool initialized () const
 
 RTSS_Share ()
 
 RTSS_Share (const std::string &hex_input)
 
byte share_id () const
 
size_t size () const
 
std::string to_string () const
 

Static Public Member Functions

static secure_vector< bytereconstruct (const std::vector< RTSS_Share > &shares)
 
static std::vector< RTSS_Sharesplit (byte M, byte N, const byte secret[], u16bit secret_len, const byte identifier[16], RandomNumberGenerator &rng)
 

Detailed Description

A split secret, using the format from draft-mcgrew-tss-03

Definition at line 21 of file tss.h.

Constructor & Destructor Documentation

Botan::RTSS_Share::RTSS_Share ( )
inline

Definition at line 44 of file tss.h.

44 {}
Botan::RTSS_Share::RTSS_Share ( const std::string &  hex_input)
Parameters
hex_inputthe share encoded in hexadecimal

Definition at line 106 of file tss.cpp.

References Botan::hex_decode_locked().

107  {
108  contents = hex_decode_locked(hex_input);
109  }
secure_vector< byte > hex_decode_locked(const char input[], size_t input_length, bool ignore_ws)
Definition: hex.cpp:162

Member Function Documentation

bool Botan::RTSS_Share::initialized ( ) const
inline
Returns
if this TSS share was initialized or not

Definition at line 69 of file tss.h.

Referenced by share_id().

69 { return (contents.size() > 0); }
secure_vector< byte > Botan::RTSS_Share::reconstruct ( const std::vector< RTSS_Share > &  shares)
static
Parameters
sharesthe list of shares

Definition at line 181 of file tss.cpp.

References Botan::make_u16bit(), r, Botan::same_mem(), share_id(), and size().

182  {
183  const size_t RTSS_HEADER_SIZE = 20;
184 
185  for(size_t i = 0; i != shares.size(); ++i)
186  {
187  if(shares[i].size() != shares[0].size())
188  throw Decoding_Error("Different sized RTSS shares detected");
189  if(shares[i].share_id() == 0)
190  throw Decoding_Error("Invalid (id = 0) RTSS share detected");
191  if(shares[i].size() < RTSS_HEADER_SIZE)
192  throw Decoding_Error("Missing or malformed RTSS header");
193 
194  if(!same_mem(&shares[0].contents[0],
195  &shares[i].contents[0], RTSS_HEADER_SIZE))
196  throw Decoding_Error("Different RTSS headers detected");
197  }
198 
199  if(shares.size() < shares[0].contents[17])
200  throw Decoding_Error("Insufficient shares to do TSS reconstruction");
201 
202  u16bit secret_len = make_u16bit(shares[0].contents[18],
203  shares[0].contents[19]);
204 
205  byte hash_id = shares[0].contents[16];
206 
207  std::unique_ptr<HashFunction> hash(get_rtss_hash_by_id(hash_id));
208 
209  if(shares[0].size() != secret_len + hash->output_length() + RTSS_HEADER_SIZE + 1)
210  throw Decoding_Error("Bad RTSS length field in header");
211 
212  std::vector<byte> V(shares.size());
213  secure_vector<byte> secret;
214 
215  for(size_t i = RTSS_HEADER_SIZE + 1; i != shares[0].size(); ++i)
216  {
217  for(size_t j = 0; j != V.size(); ++j)
218  V[j] = shares[j].contents[i];
219 
220  byte r = 0;
221  for(size_t k = 0; k != shares.size(); ++k)
222  {
223  // L_i function:
224  byte r2 = 1;
225  for(size_t l = 0; l != shares.size(); ++l)
226  {
227  if(k == l)
228  continue;
229 
230  byte share_k = shares[k].share_id();
231  byte share_l = shares[l].share_id();
232 
233  if(share_k == share_l)
234  throw Decoding_Error("Duplicate shares found in RTSS recovery");
235 
236  byte div = RTSS_EXP[(255 +
237  RTSS_LOG[share_l] -
238  RTSS_LOG[share_k ^ share_l]) % 255];
239 
240  r2 = gfp_mul(r2, div);
241  }
242 
243  r ^= gfp_mul(V[k], r2);
244  }
245  secret.push_back(r);
246  }
247 
248  if(secret.size() != secret_len + hash->output_length())
249  throw Decoding_Error("Bad length in RTSS output");
250 
251  hash->update(&secret[0], secret_len);
252  secure_vector<byte> hash_check = hash->final();
253 
254  if(!same_mem(&hash_check[0],
255  &secret[secret_len], hash->output_length()))
256  throw Decoding_Error("RTSS hash check failed");
257 
258  return secure_vector<byte>(&secret[0], &secret[secret_len]);
259  }
size_t size() const
Definition: tss.h:64
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:63
uint8_t byte
Definition: types.h:30
uint16_t u16bit
Definition: types.h:31
u16bit make_u16bit(byte i0, byte i1)
Definition: loadstor.h:47
BigInt r
Definition: numthry.cpp:27
byte share_id() const
Definition: tss.cpp:111
byte Botan::RTSS_Share::share_id ( ) const
Returns
share identifier

Definition at line 111 of file tss.cpp.

References initialized().

Referenced by reconstruct().

112  {
113  if(!initialized())
114  throw Invalid_State("RTSS_Share::share_id not initialized");
115 
116  return contents[20];
117  }
bool initialized() const
Definition: tss.h:69
size_t Botan::RTSS_Share::size ( ) const
inline
Returns
size of this share in bytes

Definition at line 64 of file tss.h.

Referenced by reconstruct().

64 { return contents.size(); }
std::vector< RTSS_Share > Botan::RTSS_Share::split ( byte  M,
byte  N,
const byte  secret[],
u16bit  secret_len,
const byte  identifier[16],
RandomNumberGenerator rng 
)
static
Parameters
Mthe number of shares needed to reconstruct
Nthe number of shares generated
secretthe secret to split
secret_lenthe length of the secret
identifierthe 16 byte share identifier
rngthe random number generator to use

Definition at line 125 of file tss.cpp.

References Botan::get_byte(), Botan::SHA_256::name(), Botan::Buffered_Computation::process(), and Botan::RandomNumberGenerator::randomize().

129  {
130  if(M == 0 || N == 0 || M > N)
131  throw Encoding_Error("RTSS_Share::split: M == 0 or N == 0 or M > N");
132 
133  SHA_256 hash; // always use SHA-256 when generating shares
134 
135  std::vector<RTSS_Share> shares(N);
136 
137  // Create RTSS header in each share
138  for(byte i = 0; i != N; ++i)
139  {
140  shares[i].contents += std::make_pair(identifier, 16);
141  shares[i].contents += rtss_hash_id(hash.name());
142  shares[i].contents += M;
143  shares[i].contents += get_byte(0, S_len);
144  shares[i].contents += get_byte(1, S_len);
145  }
146 
147  // Choose sequential values for X starting from 1
148  for(byte i = 0; i != N; ++i)
149  shares[i].contents.push_back(i+1);
150 
151  // secret = S || H(S)
152  secure_vector<byte> secret(S, S + S_len);
153  secret += hash.process(S, S_len);
154 
155  for(size_t i = 0; i != secret.size(); ++i)
156  {
157  std::vector<byte> coefficients(M-1);
158  rng.randomize(&coefficients[0], coefficients.size());
159 
160  for(byte j = 0; j != N; ++j)
161  {
162  const byte X = j + 1;
163 
164  byte sum = secret[i];
165  byte X_i = X;
166 
167  for(size_t k = 0; k != coefficients.size(); ++k)
168  {
169  sum ^= gfp_mul(X_i, coefficients[k]);
170  X_i = gfp_mul(X_i, X);
171  }
172 
173  shares[j].contents.push_back(sum);
174  }
175  }
176 
177  return shares;
178  }
byte get_byte(size_t byte_num, T input)
Definition: get_byte.h:21
uint8_t byte
Definition: types.h:30
std::string Botan::RTSS_Share::to_string ( ) const
Returns
hex representation

Definition at line 119 of file tss.cpp.

References Botan::hex_encode().

120  {
121  return hex_encode(&contents[0], contents.size());
122  }
void hex_encode(char output[], const byte input[], size_t input_length, bool uppercase)
Definition: hex.cpp:14

The documentation for this class was generated from the following files: