Botan  2.7.0
Crypto and TLS for C++11
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
Botan::XMSS_Signature_Operation Class Referencefinal

#include <xmss_signature_operation.h>

Inheritance diagram for Botan::XMSS_Signature_Operation:
Botan::PK_Ops::Signature Botan::XMSS_Common_Ops

Public Member Functions

secure_vector< uint8_t > sign (RandomNumberGenerator &) override
 
void update (const uint8_t msg[], size_t msg_len) override
 
 XMSS_Signature_Operation (const XMSS_PrivateKey &private_key)
 

Protected Member Functions

void create_l_tree (secure_vector< uint8_t > &result, wots_keysig_t pk, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash)
 
void create_l_tree (secure_vector< uint8_t > &result, wots_keysig_t pk, XMSS_Address &adrs, const secure_vector< uint8_t > &seed)
 
void randomize_tree_hash (secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash)
 
void randomize_tree_hash (secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed)
 

Protected Attributes

XMSS_Hash m_hash
 
XMSS_Parameters m_xmss_params
 

Detailed Description

Signature generation operation for Extended Hash-Based Signatures (XMSS) as defined in:

[1] XMSS: Extended Hash-Based Signatures, draft-itrf-cfrg-xmss-hash-based-signatures-06 Release: July 2016. https://datatracker.ietf.org/doc/ draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1

Definition at line 35 of file xmss_signature_operation.h.

Constructor & Destructor Documentation

◆ XMSS_Signature_Operation()

Botan::XMSS_Signature_Operation::XMSS_Signature_Operation ( const XMSS_PrivateKey private_key)

Definition at line 21 of file xmss_signature_operation.cpp.

23  : XMSS_Common_Ops(private_key.xmss_oid()),
24  m_priv_key(private_key),
25  m_randomness(0),
26  m_leaf_idx(0),
27  m_is_initialized(false)
28  {}
XMSS_Common_Ops(XMSS_Parameters::xmss_algorithm_t oid)

Member Function Documentation

◆ create_l_tree() [1/2]

void Botan::XMSS_Common_Ops::create_l_tree ( secure_vector< uint8_t > &  result,
wots_keysig_t  pk,
XMSS_Address adrs,
const secure_vector< uint8_t > &  seed,
XMSS_Hash hash 
)
protectedinherited

Algorithm 8: "ltree" Create an L-tree used to compute the leaves of the binary hash tree. Takes a WOTS+ public key and compresses it to a single n-byte value.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters
[out]resultPublic key compressed to a single n-byte value pk[0].
[in]pkWinternitz One Time Signatures+ public key.
[in]adrsAddress encoding the address of the L-Tree
[in]seedThe seed generated during the public key generation.
[in]hashInstance of XMSS_Hash, that may only be used by the thead executing create_l_tree.

Definition at line 46 of file xmss_common_ops.cpp.

References Botan::XMSS_Address::get_tree_height(), hash, Botan::XMSS_Parameters::len(), Botan::XMSS_Common_Ops::m_xmss_params, Botan::XMSS_Common_Ops::randomize_tree_hash(), Botan::XMSS_Address::set_tree_height(), and Botan::XMSS_Address::set_tree_index().

Referenced by Botan::XMSS_Common_Ops::create_l_tree().

51  {
52  size_t l = m_xmss_params.len();
53  adrs.set_tree_height(0);
54 
55  while(l > 1)
56  {
57  for(size_t i = 0; i < l >> 1; i++)
58  {
59  adrs.set_tree_index(i);
60  randomize_tree_hash(pk[i], pk[2 * i], pk[2 * i + 1], adrs, seed, hash);
61  }
62  if(l & 0x01)
63  {
64  pk[l >> 1] = pk[l - 1];
65  }
66  l = (l >> 1) + (l & 0x01);
67  adrs.set_tree_height(adrs.get_tree_height() + 1);
68  }
69  result = pk[0];
70  }
XMSS_Parameters m_xmss_params
void randomize_tree_hash(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash)
MechanismType hash

◆ create_l_tree() [2/2]

void Botan::XMSS_Common_Ops::create_l_tree ( secure_vector< uint8_t > &  result,
wots_keysig_t  pk,
XMSS_Address adrs,
const secure_vector< uint8_t > &  seed 
)
inlineprotectedinherited

Algorithm 8: "ltree" Create an L-tree used to compute the leaves of the binary hash tree. Takes a WOTS+ public key and compresses it to a single n-byte value.

Parameters
[out]resultPublic key compressed to a single n-byte value pk[0].
[in]pkWinternitz One Time Signatures+ public key.
[in]adrsAddress encoding the address of the L-Tree
[in]seedThe seed generated during the public key generation.

Definition at line 110 of file xmss_common_ops.h.

References Botan::XMSS_Common_Ops::create_l_tree(), and Botan::XMSS_Common_Ops::m_hash.

114  {
115  create_l_tree(result, pk, adrs, seed, m_hash);
116  }
void create_l_tree(secure_vector< uint8_t > &result, wots_keysig_t pk, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash)

◆ randomize_tree_hash() [1/2]

void Botan::XMSS_Common_Ops::randomize_tree_hash ( secure_vector< uint8_t > &  result,
const secure_vector< uint8_t > &  left,
const secure_vector< uint8_t > &  right,
XMSS_Address adrs,
const secure_vector< uint8_t > &  seed,
XMSS_Hash hash 
)
protectedinherited

Algorithm 7: "RAND_HASH"

Generates a randomized hash.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters
[out]resultThe resulting randomized hash.
[in]leftLeft half of the hash function input.
[in]rightRight half of the hash function input.
[in]adrsAdress of the hash function call.
[in]seedThe seed for G.
[in]hashInstance of XMSS_Hash, that may only by the thead executing generate_public_key.

Definition at line 14 of file xmss_common_ops.cpp.

References BOTAN_ASSERT, Botan::XMSS_Address::bytes(), Botan::XMSS_Parameters::element_size(), hash, Botan::XMSS_Address::Key_Mode, Botan::XMSS_Common_Ops::m_xmss_params, Botan::XMSS_Address::Mask_LSB_Mode, Botan::XMSS_Address::Mask_MSB_Mode, and Botan::XMSS_Address::set_key_mask_mode().

Referenced by Botan::XMSS_Common_Ops::create_l_tree(), Botan::XMSS_Common_Ops::randomize_tree_hash(), and Botan::XMSS_PrivateKey::tree_hash().

20  {
21  adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode);
22  secure_vector<uint8_t> key { hash.prf(seed, adrs.bytes()) };
23 
24  adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_MSB_Mode);
25  secure_vector<uint8_t> bitmask_l { hash.prf(seed, adrs.bytes()) };
26 
27  adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_LSB_Mode);
28  secure_vector<uint8_t> bitmask_r { hash.prf(seed, adrs.bytes()) };
29 
30  BOTAN_ASSERT(bitmask_l.size() == left.size() &&
31  bitmask_r.size() == right.size(),
32  "Bitmask size doesn't match node size.");
33 
34  secure_vector<uint8_t> concat_xor(m_xmss_params.element_size() * 2);
35  for(size_t i = 0; i < left.size(); i++)
36  {
37  concat_xor[i] = left[i] ^ bitmask_l[i];
38  concat_xor[i + left.size()] = right[i] ^ bitmask_r[i];
39  }
40 
41  hash.h(result, key, concat_xor);
42  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:43
XMSS_Parameters m_xmss_params
size_t element_size() const
MechanismType hash

◆ randomize_tree_hash() [2/2]

void Botan::XMSS_Common_Ops::randomize_tree_hash ( secure_vector< uint8_t > &  result,
const secure_vector< uint8_t > &  left,
const secure_vector< uint8_t > &  right,
XMSS_Address adrs,
const secure_vector< uint8_t > &  seed 
)
inlineprotectedinherited

Algorithm 7: "RAND_HASH"

Generates a randomized hash.

Parameters
[out]resultThe resulting randomized hash.
[in]leftLeft half of the hash function input.
[in]rightRight half of the hash function input.
[in]adrsAdress of the hash function call.
[in]seedThe seed for G.

Definition at line 67 of file xmss_common_ops.h.

References Botan::XMSS_Common_Ops::m_hash, and Botan::XMSS_Common_Ops::randomize_tree_hash().

73  {
74  randomize_tree_hash(result, left, right, adrs, seed, m_hash);
75  }
void randomize_tree_hash(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash)

◆ sign()

secure_vector< uint8_t > Botan::XMSS_Signature_Operation::sign ( RandomNumberGenerator )
overridevirtual

Creates an XMSS signature for the message provided through call to update().

Returns
serialized XMSS signature.

Implements Botan::PK_Ops::Signature.

Definition at line 78 of file xmss_signature_operation.cpp.

References Botan::XMSS_Hash::h_msg_final(), and Botan::XMSS_Common_Ops::m_hash.

79  {
80  initialize();
81  secure_vector<uint8_t> signature(sign(m_hash.h_msg_final(),
82  m_priv_key).bytes());
83  m_is_initialized = false;
84  return signature;
85  }
secure_vector< uint8_t > h_msg_final()
Definition: xmss_hash.cpp:64
secure_vector< uint8_t > sign(RandomNumberGenerator &) override

◆ update()

void Botan::XMSS_Signature_Operation::update ( const uint8_t  msg[],
size_t  msg_len 
)
overridevirtual

Implements Botan::PK_Ops::Signature.

Definition at line 71 of file xmss_signature_operation.cpp.

References Botan::XMSS_Hash::h_msg_update(), and Botan::XMSS_Common_Ops::m_hash.

72  {
73  initialize();
74  m_hash.h_msg_update(msg, msg_len);
75  }
void h_msg_update(const uint8_t data[], size_t size)
Definition: xmss_hash.cpp:59

Member Data Documentation

◆ m_hash

XMSS_Hash Botan::XMSS_Common_Ops::m_hash
protectedinherited

◆ m_xmss_params

XMSS_Parameters Botan::XMSS_Common_Ops::m_xmss_params
protectedinherited

The documentation for this class was generated from the following files: