Botan 3.3.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::XMSS_WOTS_Parameters Class Referencefinal

#include <xmss_parameters.h>

Public Types

enum  ots_algorithm_t {
  WOTSP_SHA2_256 = 0x00000001 , WOTSP_SHA2_512 = 0x00000002 , WOTSP_SHAKE_256 = 0x00000003 , WOTSP_SHAKE_512 = 0x00000004 ,
  WOTSP_SHA2_192 = 0x00000005 , WOTSP_SHAKE_256_256 = 0x00000006 , WOTSP_SHAKE_256_192 = 0x00000007
}
 

Public Member Functions

void append_checksum (secure_vector< uint8_t > &data) const
 
secure_vector< uint8_t > base_w (const secure_vector< uint8_t > &msg, size_t out_size) const
 
secure_vector< uint8_t > base_w (size_t value) const
 
size_t element_size () const
 
size_t estimated_strength () const
 
size_t len () const
 
size_t len_1 () const
 
size_t len_2 () const
 
size_t lg_w () const
 
const std::string & name () const
 
ots_algorithm_t oid () const
 
bool operator== (const XMSS_WOTS_Parameters &p) const
 
size_t wots_parameter () const
 
 XMSS_WOTS_Parameters (ots_algorithm_t ots_spec)
 
 XMSS_WOTS_Parameters (std::string_view algo_name)
 

Static Public Member Functions

static ots_algorithm_t xmss_wots_id_from_string (std::string_view param_set)
 

Detailed Description

Descibes a signature method for XMSS Winternitz One Time Signatures, as defined in: [1] XMSS: Extended Hash-Based Signatures, Request for Comments: 8391 Release: May 2018. https://datatracker.ietf.org/doc/rfc8391/ [2] Recommendation for Stateful Hash-Based Signature Schemes NIST Special Publication 800-208 Release: October 2020. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf

Definition at line 31 of file xmss_parameters.h.

Member Enumeration Documentation

◆ ots_algorithm_t

Enumerator
WOTSP_SHA2_256 
WOTSP_SHA2_512 
WOTSP_SHAKE_256 
WOTSP_SHAKE_512 
WOTSP_SHA2_192 
WOTSP_SHAKE_256_256 
WOTSP_SHAKE_256_192 

Definition at line 33 of file xmss_parameters.h.

33 {
34 // from RFC 8391
35 WOTSP_SHA2_256 = 0x00000001,
36
37 // from RFC 8391 but not approved by NIST SP.800-208
38 // (see footnote on page 16)
39 WOTSP_SHA2_512 = 0x00000002,
40 WOTSP_SHAKE_256 = 0x00000003,
41 WOTSP_SHAKE_512 = 0x00000004,
42
43 // from NIST SP.800-208
44 WOTSP_SHA2_192 = 0x00000005,
45 WOTSP_SHAKE_256_256 = 0x00000006,
46 WOTSP_SHAKE_256_192 = 0x00000007,
47 };

Constructor & Destructor Documentation

◆ XMSS_WOTS_Parameters() [1/2]

Botan::XMSS_WOTS_Parameters::XMSS_WOTS_Parameters ( std::string_view algo_name)
explicit

Definition at line 50 of file xmss_wots_parameters.cpp.

50 :
XMSS_WOTS_Parameters(std::string_view algo_name)
static ots_algorithm_t xmss_wots_id_from_string(std::string_view param_set)

◆ XMSS_WOTS_Parameters() [2/2]

Botan::XMSS_WOTS_Parameters::XMSS_WOTS_Parameters ( ots_algorithm_t ots_spec)

Definition at line 53 of file xmss_wots_parameters.cpp.

53 : m_oid(oid) {
54 switch(oid) {
55 case WOTSP_SHA2_256:
56 m_element_size = 32;
57 m_w = 16;
58 m_len = 67;
59 m_name = "WOTSP-SHA2_256";
60 m_hash_name = "SHA-256";
61 m_strength = 256;
62 break;
63 case WOTSP_SHA2_512:
64 m_element_size = 64;
65 m_w = 16;
66 m_len = 131;
67 m_name = "WOTSP-SHA2_512";
68 m_hash_name = "SHA-512";
69 m_strength = 512;
70 break;
71 case WOTSP_SHAKE_256:
72 m_element_size = 32;
73 m_w = 16;
74 m_len = 67;
75 m_name = "WOTSP-SHAKE_256";
76 m_hash_name = "SHAKE-128(256)";
77 m_strength = 256;
78 break;
79 case WOTSP_SHAKE_512:
80 m_element_size = 64;
81 m_w = 16;
82 m_len = 131;
83 m_name = "WOTSP-SHAKE_512";
84 m_hash_name = "SHAKE-256(512)";
85 m_strength = 512;
86 break;
87 case WOTSP_SHA2_192:
88 m_element_size = 24;
89 m_w = 16;
90 m_len = 51;
91 m_name = "WOTSP-SHA2_192";
92 m_hash_name = "Truncated(SHA-256,192)";
93 m_strength = 192;
94 break;
96 m_element_size = 32;
97 m_w = 16;
98 m_len = 67;
99 m_name = "WOTSP-SHAKE_256_256";
100 m_hash_name = "SHAKE-256(256)";
101 m_strength = 256;
102 break;
104 m_element_size = 24;
105 m_w = 16;
106 m_len = 51;
107 m_name = "WOTSP-SHAKE_256_192";
108 m_hash_name = "SHAKE-256(192)";
109 m_strength = 192;
110 break;
111 default:
112 throw Not_Implemented("Algorithm id does not match any known XMSS WOTS algorithm id.");
113 }
114
115 m_lg_w = (m_w == 16) ? 4 : 2;
116 m_len_1 = static_cast<size_t>(std::ceil((8 * element_size()) / m_lg_w));
117 m_len_2 = static_cast<size_t>(floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1);
118 BOTAN_ASSERT(m_len == m_len_1 + m_len_2,
119 "Invalid XMSS WOTS parameter "
120 "\"len\" detected.");
121}
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
ots_algorithm_t oid() const

References BOTAN_ASSERT, element_size(), oid(), wots_parameter(), WOTSP_SHA2_192, WOTSP_SHA2_256, WOTSP_SHA2_512, WOTSP_SHAKE_256, WOTSP_SHAKE_256_192, WOTSP_SHAKE_256_256, and WOTSP_SHAKE_512.

Member Function Documentation

◆ append_checksum()

void Botan::XMSS_WOTS_Parameters::append_checksum ( secure_vector< uint8_t > & data) const

Definition at line 151 of file xmss_wots_parameters.cpp.

151 {
152 size_t csum = 0;
153
154 for(size_t i = 0; i < data.size(); i++) {
155 csum += wots_parameter() - 1 - data[i];
156 }
157
158 secure_vector<uint8_t> csum_bytes = base_w(csum);
159 std::move(csum_bytes.begin(), csum_bytes.end(), std::back_inserter(data));
160}
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const

References base_w(), and wots_parameter().

Referenced by Botan::XMSS_WOTS_PrivateKey::sign(), and Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey().

◆ base_w() [1/2]

secure_vector< uint8_t > Botan::XMSS_WOTS_Parameters::base_w ( const secure_vector< uint8_t > & msg,
size_t out_size ) const

Algorithm 1: convert input string to base.

Parameters
msgInput string (referred to as X in [1]).
out_sizesize of message in base w.
Returns
Input string converted to the given base.

Definition at line 123 of file xmss_wots_parameters.cpp.

123 {
124 secure_vector<uint8_t> result;
125 result.reserve(out_size);
126
127 size_t in = 0;
128 size_t total = 0;
129 size_t bits = 0;
130
131 for(size_t i = 0; i < out_size; i++) {
132 if(bits == 0) {
133 total = msg[in];
134 in++;
135 bits += 8;
136 }
137 bits -= m_lg_w;
138 result.push_back(static_cast<uint8_t>((total >> bits) & (m_w - 1)));
139 }
140 return result;
141}

Referenced by append_checksum(), base_w(), Botan::XMSS_WOTS_PrivateKey::sign(), and Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey().

◆ base_w() [2/2]

secure_vector< uint8_t > Botan::XMSS_WOTS_Parameters::base_w ( size_t value) const

Definition at line 143 of file xmss_wots_parameters.cpp.

143 {
144 value <<= (8 - ((m_len_2 * m_lg_w) % 8));
145 size_t len_2_bytes = static_cast<size_t>(std::ceil(static_cast<float>(m_len_2 * m_lg_w) / 8.0));
146 secure_vector<uint8_t> result;
147 XMSS_Tools::concat(result, value, len_2_bytes);
148 return base_w(result, m_len_2);
149}
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition xmss_tools.h:54

References base_w(), and Botan::XMSS_Tools::concat().

◆ element_size()

size_t Botan::XMSS_WOTS_Parameters::element_size ( ) const
inline

Retrieves the uniform length of a message, and the size of each node. This correlates to XMSS parameter "n" defined in [1].

Returns
element length in bytes.

Definition at line 80 of file xmss_parameters.h.

80{ return m_element_size; }

Referenced by XMSS_WOTS_Parameters().

◆ estimated_strength()

size_t Botan::XMSS_WOTS_Parameters::estimated_strength ( ) const
inline

Definition at line 100 of file xmss_parameters.h.

100{ return m_strength; }

◆ len()

size_t Botan::XMSS_WOTS_Parameters::len ( ) const
inline

◆ len_1()

size_t Botan::XMSS_WOTS_Parameters::len_1 ( ) const
inline

Definition at line 92 of file xmss_parameters.h.

92{ return m_len_1; }

Referenced by Botan::XMSS_WOTS_PrivateKey::sign(), and Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey().

◆ len_2()

size_t Botan::XMSS_WOTS_Parameters::len_2 ( ) const
inline

Definition at line 94 of file xmss_parameters.h.

94{ return m_len_2; }

◆ lg_w()

size_t Botan::XMSS_WOTS_Parameters::lg_w ( ) const
inline

Definition at line 96 of file xmss_parameters.h.

96{ return m_lg_w; }

◆ name()

const std::string & Botan::XMSS_WOTS_Parameters::name ( ) const
inline
Returns
XMSS WOTS registry name for the chosen parameter set.

Definition at line 71 of file xmss_parameters.h.

71{ return m_name; }

◆ oid()

ots_algorithm_t Botan::XMSS_WOTS_Parameters::oid ( ) const
inline

Definition at line 98 of file xmss_parameters.h.

98{ return m_oid; }

Referenced by XMSS_WOTS_Parameters().

◆ operator==()

bool Botan::XMSS_WOTS_Parameters::operator== ( const XMSS_WOTS_Parameters & p) const
inline

Definition at line 102 of file xmss_parameters.h.

102{ return m_oid == p.m_oid; }

◆ wots_parameter()

size_t Botan::XMSS_WOTS_Parameters::wots_parameter ( ) const
inline

The Winternitz parameter.

Returns
numeric base used for internal representation of data.

Definition at line 88 of file xmss_parameters.h.

88{ return m_w; }

Referenced by append_checksum(), XMSS_WOTS_Parameters(), Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey(), and Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey().

◆ xmss_wots_id_from_string()

XMSS_WOTS_Parameters::ots_algorithm_t Botan::XMSS_WOTS_Parameters::xmss_wots_id_from_string ( std::string_view param_set)
static

Definition at line 24 of file xmss_wots_parameters.cpp.

24 {
25 if(param_set == "WOTSP-SHA2_256") {
26 return WOTSP_SHA2_256;
27 }
28 if(param_set == "WOTSP-SHA2_512") {
29 return WOTSP_SHA2_512;
30 }
31 if(param_set == "WOTSP-SHAKE_256") {
32 return WOTSP_SHAKE_256;
33 }
34 if(param_set == "WOTSP-SHAKE_512") {
35 return WOTSP_SHAKE_512;
36 }
37 if(param_set == "WOTSP-SHA2_192") {
38 return WOTSP_SHA2_192;
39 }
40 if(param_set == "WOTSP-SHAKE_256_256") {
42 }
43 if(param_set == "WOTSP-SHAKE_256_192") {
45 }
46
47 throw Lookup_Error(fmt("Unknown XMSS-WOTS algorithm param '{}'", param_set));
48}
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::fmt(), WOTSP_SHA2_192, WOTSP_SHA2_256, WOTSP_SHA2_512, WOTSP_SHAKE_256, WOTSP_SHAKE_256_192, WOTSP_SHAKE_256_256, and WOTSP_SHAKE_512.


The documentation for this class was generated from the following files: