Botan::XMSS_Signature_Operation Class Reference

#include <xmss_signature_operation.h>

Inheritance diagram for Botan::XMSS_Signature_Operation:

Public Member Functions
secure_vector< uint8_t >	sign (RandomNumberGenerator &) override
size_t	signature_length () const override
void	update (const uint8_t msg[], size_t msg_len) override
	XMSS_Signature_Operation (const XMSS_PrivateKey &private_key)

Protected Member Functions
void	create_l_tree (secure_vector< uint8_t > &result, wots_keysig_t pk, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash)
void	create_l_tree (secure_vector< uint8_t > &result, wots_keysig_t pk, XMSS_Address &adrs, const secure_vector< uint8_t > &seed)
void	randomize_tree_hash (secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash)
void	randomize_tree_hash (secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed)

Protected Attributes
XMSS_Hash	m_hash
XMSS_Parameters	m_xmss_params

Detailed Description

Signature generation operation for Extended Hash-Based Signatures (XMSS) as defined in:

[1] XMSS: Extended Hash-Based Signatures, Request for Comments: 8391 Release: May 2018. https://datatracker.ietf.org/doc/rfc8391/

Definition at line 34 of file xmss_signature_operation.h.

Constructor & Destructor Documentation

XMSS_Signature_Operation()

Botan::XMSS_Signature_Operation::XMSS_Signature_Operation

(

const XMSS_PrivateKey &

private_key

)

Definition at line 20 of file xmss_signature_operation.cpp.

   : XMSS_Common_Ops(private_key.xmss_oid()),
     m_priv_key(private_key),
     m_randomness(0),
     m_leaf_idx(0),
     m_is_initialized(false)
   {}

Member Function Documentation

create_l_tree() [1/2]

void Botan::XMSS_Common_Ops::create_l_tree ( secure_vector< uint8_t > &  result, wots_keysig_t  pk, XMSS_Address &  adrs, const secure_vector< uint8_t > &  seed, XMSS_Hash &  hash  )

protectedinherited

Algorithm 8: "ltree" Create an L-tree used to compute the leaves of the binary hash tree. Takes a WOTS+ public key and compresses it to a single n-byte value.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters

[out]	result	Public key compressed to a single n-byte value pk[0].
[in]	pk	Winternitz One Time Signatures+ public key.
[in]	adrs	Address encoding the address of the L-Tree
[in]	seed	The seed generated during the public key generation.
[in]	hash	Instance of XMSS_Hash, that may only be used by the thead executing create_l_tree.

Definition at line 46 of file xmss_common_ops.cpp.

References Botan::XMSS_Address::get_tree_height(), hash, Botan::XMSS_Parameters::len(), Botan::XMSS_Common_Ops::m_xmss_params, Botan::XMSS_Common_Ops::randomize_tree_hash(), Botan::XMSS_Address::set_tree_height(), and Botan::XMSS_Address::set_tree_index().

Referenced by Botan::XMSS_Common_Ops::create_l_tree().

   {
   size_t l = m_xmss_params.len();
   adrs.set_tree_height(0);

   while(l > 1)
      {
      for(size_t i = 0; i < l >> 1; i++)
         {
         adrs.set_tree_index(static_cast<uint32_t>(i));
         randomize_tree_hash(pk[i], pk[2 * i], pk[2 * i + 1], adrs, seed, hash);
         }
      if(l & 0x01)
         {
         pk[l >> 1] = pk[l - 1];
         }
      l = (l >> 1) + (l & 0x01);
      adrs.set_tree_height(adrs.get_tree_height() + 1);
      }
   result = pk[0];
   }

create_l_tree() [2/2]

void Botan::XMSS_Common_Ops::create_l_tree ( secure_vector< uint8_t > &  result, wots_keysig_t  pk, XMSS_Address &  adrs, const secure_vector< uint8_t > &  seed  )

inlineprotectedinherited

Algorithm 8: "ltree" Create an L-tree used to compute the leaves of the binary hash tree. Takes a WOTS+ public key and compresses it to a single n-byte value.

Parameters

[out]	result	Public key compressed to a single n-byte value pk[0].
[in]	pk	Winternitz One Time Signatures+ public key.
[in]	adrs	Address encoding the address of the L-Tree
[in]	seed	The seed generated during the public key generation.

Definition at line 110 of file xmss_common_ops.h.

References Botan::XMSS_Common_Ops::create_l_tree(), and Botan::XMSS_Common_Ops::m_hash.

         {
         create_l_tree(result, pk, adrs, seed, m_hash);
         }

randomize_tree_hash() [1/2]

void Botan::XMSS_Common_Ops::randomize_tree_hash ( secure_vector< uint8_t > &  result, const secure_vector< uint8_t > &  left, const secure_vector< uint8_t > &  right, XMSS_Address &  adrs, const secure_vector< uint8_t > &  seed, XMSS_Hash &  hash  )

protectedinherited

Algorithm 7: "RAND_HASH"

Generates a randomized hash.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters

[out]	result	The resulting randomized hash.
[in]	left	Left half of the hash function input.
[in]	right	Right half of the hash function input.
[in]	adrs	Adress of the hash function call.
[in]	seed	The seed for G.
[in]	hash	Instance of XMSS_Hash, that may only by the thead executing generate_public_key.

Definition at line 14 of file xmss_common_ops.cpp.

References BOTAN_ASSERT, Botan::XMSS_Address::bytes(), Botan::XMSS_Parameters::element_size(), hash, Botan::XMSS_Address::Key_Mode, Botan::XMSS_Common_Ops::m_xmss_params, Botan::XMSS_Address::Mask_LSB_Mode, Botan::XMSS_Address::Mask_MSB_Mode, and Botan::XMSS_Address::set_key_mask_mode().

Referenced by Botan::XMSS_Common_Ops::create_l_tree(), Botan::XMSS_Common_Ops::randomize_tree_hash(), and Botan::XMSS_PrivateKey::tree_hash().

   {
   adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode);
   secure_vector<uint8_t> key { hash.prf(seed, adrs.bytes()) };

   adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_MSB_Mode);
   secure_vector<uint8_t> bitmask_l { hash.prf(seed, adrs.bytes()) };

   adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_LSB_Mode);
   secure_vector<uint8_t> bitmask_r { hash.prf(seed, adrs.bytes()) };

   BOTAN_ASSERT(bitmask_l.size() == left.size() &&
                bitmask_r.size() == right.size(),
                "Bitmask size doesn't match node size.");

   secure_vector<uint8_t> concat_xor(m_xmss_params.element_size() * 2);
   for(size_t i = 0; i < left.size(); i++)
      {
      concat_xor[i] = left[i] ^ bitmask_l[i];
      concat_xor[i + left.size()] = right[i] ^ bitmask_r[i];
      }

   hash.h(result, key, concat_xor);
   }

randomize_tree_hash() [2/2]

void Botan::XMSS_Common_Ops::randomize_tree_hash ( secure_vector< uint8_t > &  result, const secure_vector< uint8_t > &  left, const secure_vector< uint8_t > &  right, XMSS_Address &  adrs, const secure_vector< uint8_t > &  seed  )

inlineprotectedinherited

Algorithm 7: "RAND_HASH"

Generates a randomized hash.

Parameters

[out]	result	The resulting randomized hash.
[in]	left	Left half of the hash function input.
[in]	right	Right half of the hash function input.
[in]	adrs	Adress of the hash function call.
[in]	seed	The seed for G.

Definition at line 67 of file xmss_common_ops.h.

References Botan::XMSS_Common_Ops::m_hash, and Botan::XMSS_Common_Ops::randomize_tree_hash().

         {
         randomize_tree_hash(result, left, right, adrs, seed, m_hash);
         }

sign()

secure_vector< uint8_t > Botan::XMSS_Signature_Operation::sign ( RandomNumberGenerator &  )

overridevirtual

Creates an XMSS signature for the message provided through call to update().

Returns

serialized XMSS signature.

Implements Botan::PK_Ops::Signature.

Definition at line 85 of file xmss_signature_operation.cpp.

References Botan::XMSS_Hash::h_msg_final(), and Botan::XMSS_Common_Ops::m_hash.

   {
   initialize();
   secure_vector<uint8_t> signature(sign(m_hash.h_msg_final(),
                                         m_priv_key).bytes());
   m_is_initialized = false;
   return signature;
   }

signature_length()

size_t Botan::XMSS_Signature_Operation::signature_length ( ) const

overridevirtual

Implements Botan::PK_Ops::Signature.

Definition at line 54 of file xmss_signature_operation.cpp.

References Botan::XMSS_Parameters::element_size(), Botan::XMSS_Parameters::len(), Botan::XMSS_Common_Ops::m_xmss_params, and Botan::XMSS_Parameters::tree_height().

   {
   return sizeof(uint64_t) + // size of leaf index
          m_xmss_params.element_size() +
          m_xmss_params.len() * m_xmss_params.element_size() +
          m_xmss_params.tree_height() * m_xmss_params.element_size();
   }

update()

void Botan::XMSS_Signature_Operation::update ( const uint8_t  msg[], size_t  msg_len  )

overridevirtual

Implements Botan::PK_Ops::Signature.

Definition at line 78 of file xmss_signature_operation.cpp.

References Botan::XMSS_Hash::h_msg_update(), and Botan::XMSS_Common_Ops::m_hash.

   {
   initialize();
   m_hash.h_msg_update(msg, msg_len);
   }

Member Data Documentation

m_hash

XMSS_Hash Botan::XMSS_Common_Ops::m_hash

protectedinherited

Definition at line 120 of file xmss_common_ops.h.

Referenced by Botan::XMSS_Common_Ops::create_l_tree(), Botan::XMSS_Common_Ops::randomize_tree_hash(), sign(), Botan::XMSS_PrivateKey::tree_hash(), and update().

m_xmss_params

XMSS_Parameters Botan::XMSS_Common_Ops::m_xmss_params

protectedinherited

Definition at line 119 of file xmss_common_ops.h.

Referenced by Botan::XMSS_Common_Ops::create_l_tree(), Botan::XMSS_Common_Ops::randomize_tree_hash(), and signature_length().

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/xmss/xmss_signature_operation.h
• src/lib/pubkey/xmss/xmss_signature_operation.cpp