Botan 3.8.1
Crypto and TLS for C&
Static Public Member Functions | List of all members
Botan::XMSS_Common_Ops Class Reference

#include <xmss_common_ops.h>

Static Public Member Functions

static void create_l_tree (secure_vector< uint8_t > &result, wots_keysig_t pk, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash, const XMSS_Parameters &params)
 
static void randomize_tree_hash (secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash, const XMSS_Parameters &params)
 

Detailed Description

Operations shared by XMSS signature generation and verification operations.

Definition at line 25 of file xmss_common_ops.h.

Member Function Documentation

◆ create_l_tree()

void Botan::XMSS_Common_Ops::create_l_tree ( secure_vector< uint8_t > & result,
wots_keysig_t pk,
XMSS_Address & adrs,
const secure_vector< uint8_t > & seed,
XMSS_Hash & hash,
const XMSS_Parameters & params )
static

Algorithm 8: "ltree" Create an L-tree used to compute the leaves of the binary hash tree. Takes a WOTS+ public key and compresses it to a single n-byte value.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters
[out]resultPublic key compressed to a single n-byte value pk[0].
[in]pkWinternitz One Time Signatures+ public key.
[in]adrsAddress encoding the address of the L-Tree
[in]seedThe seed generated during the public key generation.
[in]hashInstance of XMSS_Hash, that may only be used by the thread executing create_l_tree.
[in]paramsparameters

Definition at line 46 of file xmss_common_ops.cpp.

51 {
52 size_t l = params.len();
53 adrs.set_tree_height(0);
54
55 while(l > 1) {
56 for(size_t i = 0; i < l >> 1; i++) {
57 adrs.set_tree_index(static_cast<uint32_t>(i));
58 randomize_tree_hash(pk[i], pk[2 * i], pk[2 * i + 1], adrs, seed, hash, params);
59 }
60 if(l & 0x01) {
61 pk[l >> 1] = pk[l - 1];
62 }
63 l = (l >> 1) + (l & 0x01);
64 adrs.set_tree_height(adrs.get_tree_height() + 1);
65 }
66 result = pk[0];
67}
Botan::XMSS_Common_Ops::randomize_tree_hash
static void randomize_tree_hash(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash, const XMSS_Parameters &params)
Definition xmss_common_ops.cpp:15

References Botan::XMSS_Address::get_tree_height(), Botan::XMSS_Parameters::len(), randomize_tree_hash(), Botan::XMSS_Address::set_tree_height(), and Botan::XMSS_Address::set_tree_index().

◆ randomize_tree_hash()

void Botan::XMSS_Common_Ops::randomize_tree_hash ( secure_vector< uint8_t > & result,
const secure_vector< uint8_t > & left,
const secure_vector< uint8_t > & right,
XMSS_Address & adrs,
const secure_vector< uint8_t > & seed,
XMSS_Hash & hash,
const XMSS_Parameters & params )
static

Algorithm 7: "RAND_HASH"

Generates a randomized hash.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters
[out]resultThe resulting randomized hash.
[in]leftLeft half of the hash function input.
[in]rightRight half of the hash function input.
[in]adrsAdress of the hash function call.
[in]seedThe seed for G.
[in]hashInstance of XMSS_Hash, that may only by the thread executing generate_public_key.
[in]paramsparameters

Definition at line 15 of file xmss_common_ops.cpp.

21 {
22 adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode);
23 secure_vector<uint8_t> key;
24 hash.prf(key, seed, adrs.bytes());
25
26 adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_MSB_Mode);
27 secure_vector<uint8_t> bitmask_l;
28 hash.prf(bitmask_l, seed, adrs.bytes());
29
30 adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_LSB_Mode);
31 secure_vector<uint8_t> bitmask_r;
32 hash.prf(bitmask_r, seed, adrs.bytes());
33
34 BOTAN_ASSERT(bitmask_l.size() == left.size() && bitmask_r.size() == right.size(),
35 "Bitmask size doesn't match node size.");
36
37 secure_vector<uint8_t> concat_xor(params.element_size() * 2);
38 for(size_t i = 0; i < left.size(); i++) {
39 concat_xor[i] = left[i] ^ bitmask_l[i];
40 concat_xor[i + left.size()] = right[i] ^ bitmask_r[i];
41 }
42
43 hash.h(result, key, concat_xor);
44}
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:52
Botan::XMSS_Address::Key_Mask::Mask_MSB_Mode
@ Mask_MSB_Mode
Definition xmss_address.h:40
Botan::XMSS_Address::Key_Mask::Key_Mode
@ Key_Mode
Definition xmss_address.h:40
Botan::XMSS_Address::Key_Mask::Mask_LSB_Mode
@ Mask_LSB_Mode
Definition xmss_address.h:40
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65

References BOTAN_ASSERT, Botan::XMSS_Address::bytes(), Botan::XMSS_Parameters::element_size(), Botan::XMSS_Hash::h(), Botan::XMSS_Address::Key_Mode, Botan::XMSS_Address::Mask_LSB_Mode, Botan::XMSS_Address::Mask_MSB_Mode, Botan::XMSS_Hash::prf(), and Botan::XMSS_Address::set_key_mask_mode().

Referenced by create_l_tree().

The documentation for this class was generated from the following files:
Generated by doxygen 1.13.2