Botan  1.11.34
Crypto and TLS for C++11
Public Member Functions | Static Public Member Functions | List of all members
Botan::RTSS_Share Class Reference

#include <tss.h>

Public Member Functions

bool initialized () const
 
 RTSS_Share ()
 
 RTSS_Share (const std::string &hex_input)
 
byte share_id () const
 
size_t size () const
 
std::string to_string () const
 

Static Public Member Functions

static secure_vector< bytereconstruct (const std::vector< RTSS_Share > &shares)
 
static std::vector< RTSS_Sharesplit (byte M, byte N, const byte secret[], u16bit secret_len, const byte identifier[16], RandomNumberGenerator &rng)
 

Detailed Description

A split secret, using the format from draft-mcgrew-tss-03

Definition at line 21 of file tss.h.

Constructor & Destructor Documentation

§ RTSS_Share() [1/2]

Botan::RTSS_Share::RTSS_Share ( )
inline

Definition at line 44 of file tss.h.

References Botan::to_string().

44 {}

§ RTSS_Share() [2/2]

Botan::RTSS_Share::RTSS_Share ( const std::string &  hex_input)
explicit
Parameters
hex_inputthe share encoded in hexadecimal

Definition at line 105 of file tss.cpp.

References Botan::hex_decode_locked().

106  {
107  m_contents = hex_decode_locked(hex_input);
108  }
secure_vector< byte > hex_decode_locked(const char input[], size_t input_length, bool ignore_ws)
Definition: hex.cpp:162

Member Function Documentation

§ initialized()

bool Botan::RTSS_Share::initialized ( ) const
inline
Returns
if this TSS share was initialized or not

Definition at line 69 of file tss.h.

Referenced by share_id().

69 { return (m_contents.size() > 0); }

§ reconstruct()

secure_vector< byte > Botan::RTSS_Share::reconstruct ( const std::vector< RTSS_Share > &  shares)
static
Parameters
sharesthe list of shares

Definition at line 180 of file tss.cpp.

References hash, Botan::make_u16bit(), Botan::same_mem(), share_id(), and size().

181  {
182  const size_t RTSS_HEADER_SIZE = 20;
183 
184  for(size_t i = 0; i != shares.size(); ++i)
185  {
186  if(shares[i].size() != shares[0].size())
187  throw Decoding_Error("Different sized RTSS shares detected");
188  if(shares[i].share_id() == 0)
189  throw Decoding_Error("Invalid (id = 0) RTSS share detected");
190  if(shares[i].size() < RTSS_HEADER_SIZE)
191  throw Decoding_Error("Missing or malformed RTSS header");
192 
193  if(!same_mem(&shares[0].m_contents[0],
194  &shares[i].m_contents[0], RTSS_HEADER_SIZE))
195  throw Decoding_Error("Different RTSS headers detected");
196  }
197 
198  if(shares.size() < shares[0].m_contents[17])
199  throw Decoding_Error("Insufficient shares to do TSS reconstruction");
200 
201  u16bit secret_len = make_u16bit(shares[0].m_contents[18],
202  shares[0].m_contents[19]);
203 
204  byte hash_id = shares[0].m_contents[16];
205 
206  std::unique_ptr<HashFunction> hash(get_rtss_hash_by_id(hash_id));
207 
208  if(shares[0].size() != secret_len + hash->output_length() + RTSS_HEADER_SIZE + 1)
209  throw Decoding_Error("Bad RTSS length field in header");
210 
211  std::vector<byte> V(shares.size());
212  secure_vector<byte> secret;
213 
214  for(size_t i = RTSS_HEADER_SIZE + 1; i != shares[0].size(); ++i)
215  {
216  for(size_t j = 0; j != V.size(); ++j)
217  V[j] = shares[j].m_contents[i];
218 
219  byte r = 0;
220  for(size_t k = 0; k != shares.size(); ++k)
221  {
222  // L_i function:
223  byte r2 = 1;
224  for(size_t l = 0; l != shares.size(); ++l)
225  {
226  if(k == l)
227  continue;
228 
229  byte share_k = shares[k].share_id();
230  byte share_l = shares[l].share_id();
231 
232  if(share_k == share_l)
233  throw Decoding_Error("Duplicate shares found in RTSS recovery");
234 
235  byte div = RTSS_EXP[(255 +
236  RTSS_LOG[share_l] -
237  RTSS_LOG[share_k ^ share_l]) % 255];
238 
239  r2 = gfp_mul(r2, div);
240  }
241 
242  r ^= gfp_mul(V[k], r2);
243  }
244  secret.push_back(r);
245  }
246 
247  if(secret.size() != secret_len + hash->output_length())
248  throw Decoding_Error("Bad length in RTSS output");
249 
250  hash->update(secret.data(), secret_len);
251  secure_vector<byte> hash_check = hash->final();
252 
253  if(!same_mem(hash_check.data(),
254  &secret[secret_len], hash->output_length()))
255  throw Decoding_Error("RTSS hash check failed");
256 
257  return secure_vector<byte>(secret.cbegin(), secret.cbegin() + secret_len);
258  }
byte share_id() const
Definition: tss.cpp:110
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:98
std::uint16_t u16bit
Definition: types.h:32
size_t size() const
Definition: tss.h:64
u16bit make_u16bit(byte i0, byte i1)
Definition: loadstor.h:60
MechanismType hash
std::uint8_t byte
Definition: types.h:31

§ share_id()

byte Botan::RTSS_Share::share_id ( ) const
Returns
share identifier

Definition at line 110 of file tss.cpp.

References initialized().

Referenced by reconstruct().

111  {
112  if(!initialized())
113  throw Invalid_State("RTSS_Share::share_id not initialized");
114 
115  return m_contents[20];
116  }
bool initialized() const
Definition: tss.h:69

§ size()

size_t Botan::RTSS_Share::size ( ) const
inline
Returns
size of this share in bytes

Definition at line 64 of file tss.h.

Referenced by reconstruct().

64 { return m_contents.size(); }

§ split()

std::vector< RTSS_Share > Botan::RTSS_Share::split ( byte  M,
byte  N,
const byte  secret[],
u16bit  secret_len,
const byte  identifier[16],
RandomNumberGenerator rng 
)
static
Parameters
Mthe number of shares needed to reconstruct
Nthe number of shares generated
secretthe secret to split
secret_lenthe length of the secret
identifierthe 16 byte share identifier
rngthe random number generator to use

Definition at line 124 of file tss.cpp.

References Botan::get_byte(), hash, Botan::SHA_256::name(), Botan::Buffered_Computation::process(), and Botan::RandomNumberGenerator::randomize().

128  {
129  if(M == 0 || N == 0 || M > N)
130  throw Encoding_Error("RTSS_Share::split: M == 0 or N == 0 or M > N");
131 
132  SHA_256 hash; // always use SHA-256 when generating shares
133 
134  std::vector<RTSS_Share> shares(N);
135 
136  // Create RTSS header in each share
137  for(byte i = 0; i != N; ++i)
138  {
139  shares[i].m_contents += std::make_pair(identifier, 16);
140  shares[i].m_contents += rtss_hash_id(hash.name());
141  shares[i].m_contents += M;
142  shares[i].m_contents += get_byte(0, S_len);
143  shares[i].m_contents += get_byte(1, S_len);
144  }
145 
146  // Choose sequential values for X starting from 1
147  for(byte i = 0; i != N; ++i)
148  shares[i].m_contents.push_back(i+1);
149 
150  // secret = S || H(S)
151  secure_vector<byte> secret(S, S + S_len);
152  secret += hash.process(S, S_len);
153 
154  for(size_t i = 0; i != secret.size(); ++i)
155  {
156  std::vector<byte> coefficients(M-1);
157  rng.randomize(coefficients.data(), coefficients.size());
158 
159  for(byte j = 0; j != N; ++j)
160  {
161  const byte X = j + 1;
162 
163  byte sum = secret[i];
164  byte X_i = X;
165 
166  for(size_t k = 0; k != coefficients.size(); ++k)
167  {
168  sum ^= gfp_mul(X_i, coefficients[k]);
169  X_i = gfp_mul(X_i, X);
170  }
171 
172  shares[j].m_contents.push_back(sum);
173  }
174  }
175 
176  return shares;
177  }
byte get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
MechanismType hash
std::uint8_t byte
Definition: types.h:31

§ to_string()

std::string Botan::RTSS_Share::to_string ( ) const
Returns
hex representation

Definition at line 118 of file tss.cpp.

References Botan::hex_encode().

119  {
120  return hex_encode(m_contents.data(), m_contents.size());
121  }
void hex_encode(char output[], const byte input[], size_t input_length, bool uppercase)
Definition: hex.cpp:14

The documentation for this class was generated from the following files: