Botan 3.9.0
Crypto and TLS for C&
Botan::XMSS_WOTS_Parameters Class Referencefinal

#include <xmss_parameters.h>

Public Types

enum  ots_algorithm_t : uint32_t {
  WOTSP_SHA2_256 = 0x00000001 , WOTSP_SHA2_512 = 0x00000002 , WOTSP_SHAKE_256 = 0x00000003 , WOTSP_SHAKE_512 = 0x00000004 ,
  WOTSP_SHA2_192 = 0x00000005 , WOTSP_SHAKE_256_256 = 0x00000006 , WOTSP_SHAKE_256_192 = 0x00000007
}

Public Member Functions

void append_checksum (secure_vector< uint8_t > &data) const
secure_vector< uint8_t > base_w (const secure_vector< uint8_t > &msg, size_t out_size) const
secure_vector< uint8_t > base_w (size_t value) const
size_t element_size () const
size_t estimated_strength () const
size_t len () const
size_t len_1 () const
size_t len_2 () const
size_t lg_w () const
const std::string & name () const
ots_algorithm_t oid () const
bool operator== (const XMSS_WOTS_Parameters &p) const
size_t wots_parameter () const
BOTAN_FUTURE_EXPLICIT XMSS_WOTS_Parameters (ots_algorithm_t ots_spec)
 XMSS_WOTS_Parameters (std::string_view algo_name)

Static Public Member Functions

static ots_algorithm_t xmss_wots_id_from_string (std::string_view param_set)

Detailed Description

Descibes a signature method for XMSS Winternitz One Time Signatures, as defined in: [1] XMSS: Extended Hash-Based Signatures, Request for Comments: 8391 Release: May 2018. https://datatracker.ietf.org/doc/rfc8391/ [2] Recommendation for Stateful Hash-Based Signature Schemes NIST Special Publication 800-208 Release: October 2020. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf

Definition at line 31 of file xmss_parameters.h.

Member Enumeration Documentation

◆ ots_algorithm_t

Enumerator
WOTSP_SHA2_256 
WOTSP_SHA2_512 
WOTSP_SHAKE_256 
WOTSP_SHAKE_512 
WOTSP_SHA2_192 
WOTSP_SHAKE_256_256 
WOTSP_SHAKE_256_192 

Definition at line 33 of file xmss_parameters.h.

33 : uint32_t /* NOLINT(*-enum-size) */ {
34 // from RFC 8391
35 WOTSP_SHA2_256 = 0x00000001,
36
37 // from RFC 8391 but not approved by NIST SP.800-208
38 // (see footnote on page 16)
39 WOTSP_SHA2_512 = 0x00000002,
40 WOTSP_SHAKE_256 = 0x00000003,
41 WOTSP_SHAKE_512 = 0x00000004,
42
43 // from NIST SP.800-208
44 WOTSP_SHA2_192 = 0x00000005,
45 WOTSP_SHAKE_256_256 = 0x00000006,
46 WOTSP_SHAKE_256_192 = 0x00000007,
47 };

Constructor & Destructor Documentation

◆ XMSS_WOTS_Parameters() [1/2]

Botan::XMSS_WOTS_Parameters::XMSS_WOTS_Parameters ( std::string_view algo_name)
explicit

Definition at line 51 of file xmss_wots_parameters.cpp.

51 :
XMSS_WOTS_Parameters(std::string_view algo_name)
static ots_algorithm_t xmss_wots_id_from_string(std::string_view param_set)

References xmss_wots_id_from_string(), and XMSS_WOTS_Parameters().

Referenced by operator==(), and XMSS_WOTS_Parameters().

◆ XMSS_WOTS_Parameters() [2/2]

Botan::XMSS_WOTS_Parameters::XMSS_WOTS_Parameters ( ots_algorithm_t ots_spec)

Definition at line 54 of file xmss_wots_parameters.cpp.

54 : m_oid(oid) {
55 switch(oid) {
56 case WOTSP_SHA2_256:
57 m_element_size = 32;
58 m_w = 16;
59 m_len = 67;
60 m_name = "WOTSP-SHA2_256";
61 m_hash_name = "SHA-256";
62 m_strength = 256;
63 break;
64 case WOTSP_SHA2_512:
65 m_element_size = 64;
66 m_w = 16;
67 m_len = 131;
68 m_name = "WOTSP-SHA2_512";
69 m_hash_name = "SHA-512";
70 m_strength = 512;
71 break;
72 case WOTSP_SHAKE_256:
73 m_element_size = 32;
74 m_w = 16;
75 m_len = 67;
76 m_name = "WOTSP-SHAKE_256";
77 m_hash_name = "SHAKE-128(256)";
78 m_strength = 256;
79 break;
80 case WOTSP_SHAKE_512:
81 m_element_size = 64;
82 m_w = 16;
83 m_len = 131;
84 m_name = "WOTSP-SHAKE_512";
85 m_hash_name = "SHAKE-256(512)";
86 m_strength = 512;
87 break;
88 case WOTSP_SHA2_192:
89 m_element_size = 24;
90 m_w = 16;
91 m_len = 51;
92 m_name = "WOTSP-SHA2_192";
93 m_hash_name = "Truncated(SHA-256,192)";
94 m_strength = 192;
95 break;
97 m_element_size = 32;
98 m_w = 16;
99 m_len = 67;
100 m_name = "WOTSP-SHAKE_256_256";
101 m_hash_name = "SHAKE-256(256)";
102 m_strength = 256;
103 break;
105 m_element_size = 24;
106 m_w = 16;
107 m_len = 51;
108 m_name = "WOTSP-SHAKE_256_192";
109 m_hash_name = "SHAKE-256(192)";
110 m_strength = 192;
111 break;
112 default:
113 throw Not_Implemented("Algorithm id does not match any known XMSS WOTS algorithm id.");
114 }
115
116 m_lg_w = (m_w == 16) ? 4 : 2;
117 m_len_1 = static_cast<size_t>(std::ceil((8 * element_size()) / m_lg_w));
118 m_len_2 = static_cast<size_t>(floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1);
119 BOTAN_ASSERT(m_len == m_len_1 + m_len_2,
120 "Invalid XMSS WOTS parameter "
121 "\"len\" detected.");
122}
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62
ots_algorithm_t oid() const

References BOTAN_ASSERT, element_size(), oid(), wots_parameter(), WOTSP_SHA2_192, WOTSP_SHA2_256, WOTSP_SHA2_512, WOTSP_SHAKE_256, WOTSP_SHAKE_256_192, WOTSP_SHAKE_256_256, and WOTSP_SHAKE_512.

Member Function Documentation

◆ append_checksum()

void Botan::XMSS_WOTS_Parameters::append_checksum ( secure_vector< uint8_t > & data) const

Definition at line 152 of file xmss_wots_parameters.cpp.

152 {
153 size_t csum = 0;
154
155 for(uint8_t b : data) {
156 csum += wots_parameter() - 1 - b;
157 }
158
159 secure_vector<uint8_t> csum_bytes = base_w(csum);
160 std::move(csum_bytes.begin(), csum_bytes.end(), std::back_inserter(data));
161}
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69

References base_w(), and wots_parameter().

◆ base_w() [1/2]

secure_vector< uint8_t > Botan::XMSS_WOTS_Parameters::base_w ( const secure_vector< uint8_t > & msg,
size_t out_size ) const

Algorithm 1: convert input string to base.

Parameters
msgInput string (referred to as X in [1]).
out_sizesize of message in base w.
Returns
Input string converted to the given base.

Definition at line 124 of file xmss_wots_parameters.cpp.

124 {
126 result.reserve(out_size);
127
128 size_t in = 0;
129 size_t total = 0;
130 size_t bits = 0;
131
132 for(size_t i = 0; i < out_size; i++) {
133 if(bits == 0) {
134 total = msg[in];
135 in++;
136 bits += 8;
137 }
138 bits -= m_lg_w;
139 result.push_back(static_cast<uint8_t>((total >> bits) & (m_w - 1)));
140 }
141 return result;
142}

Referenced by append_checksum(), and base_w().

◆ base_w() [2/2]

secure_vector< uint8_t > Botan::XMSS_WOTS_Parameters::base_w ( size_t value) const

Definition at line 144 of file xmss_wots_parameters.cpp.

144 {
145 value <<= (8 - ((m_len_2 * m_lg_w) % 8));
146 size_t len_2_bytes = static_cast<size_t>(std::ceil(static_cast<float>(m_len_2 * m_lg_w) / 8.0));
148 xmss_concat(result, value, len_2_bytes);
149 return base_w(result, m_len_2);
150}
void xmss_concat(secure_vector< uint8_t > &target, const T &src)
Definition xmss_tools.h:28

References base_w(), and Botan::xmss_concat().

◆ element_size()

size_t Botan::XMSS_WOTS_Parameters::element_size ( ) const
inline

Retrieves the uniform length of a message, and the size of each node. This correlates to XMSS parameter "n" defined in [1].

Returns
element length in bytes.

Definition at line 81 of file xmss_parameters.h.

81{ return m_element_size; }

Referenced by XMSS_WOTS_Parameters().

◆ estimated_strength()

size_t Botan::XMSS_WOTS_Parameters::estimated_strength ( ) const
inline

Definition at line 101 of file xmss_parameters.h.

101{ return m_strength; }

◆ len()

size_t Botan::XMSS_WOTS_Parameters::len ( ) const
inline

Definition at line 91 of file xmss_parameters.h.

91{ return m_len; }

◆ len_1()

size_t Botan::XMSS_WOTS_Parameters::len_1 ( ) const
inline

Definition at line 93 of file xmss_parameters.h.

93{ return m_len_1; }

◆ len_2()

size_t Botan::XMSS_WOTS_Parameters::len_2 ( ) const
inline

Definition at line 95 of file xmss_parameters.h.

95{ return m_len_2; }

◆ lg_w()

size_t Botan::XMSS_WOTS_Parameters::lg_w ( ) const
inline

Definition at line 97 of file xmss_parameters.h.

97{ return m_lg_w; }

◆ name()

const std::string & Botan::XMSS_WOTS_Parameters::name ( ) const
inline
Returns
XMSS WOTS registry name for the chosen parameter set.

Definition at line 72 of file xmss_parameters.h.

72{ return m_name; }

◆ oid()

ots_algorithm_t Botan::XMSS_WOTS_Parameters::oid ( ) const
inline

Definition at line 99 of file xmss_parameters.h.

99{ return m_oid; }

Referenced by XMSS_WOTS_Parameters().

◆ operator==()

bool Botan::XMSS_WOTS_Parameters::operator== ( const XMSS_WOTS_Parameters & p) const
inline

Definition at line 103 of file xmss_parameters.h.

103{ return m_oid == p.m_oid; }

References XMSS_WOTS_Parameters().

◆ wots_parameter()

size_t Botan::XMSS_WOTS_Parameters::wots_parameter ( ) const
inline

The Winternitz parameter.

Returns
numeric base used for internal representation of data.

Definition at line 89 of file xmss_parameters.h.

89{ return m_w; }

Referenced by append_checksum(), and XMSS_WOTS_Parameters().

◆ xmss_wots_id_from_string()

XMSS_WOTS_Parameters::ots_algorithm_t Botan::XMSS_WOTS_Parameters::xmss_wots_id_from_string ( std::string_view param_set)
static

Definition at line 25 of file xmss_wots_parameters.cpp.

25 {
26 if(param_set == "WOTSP-SHA2_256") {
27 return WOTSP_SHA2_256;
28 }
29 if(param_set == "WOTSP-SHA2_512") {
30 return WOTSP_SHA2_512;
31 }
32 if(param_set == "WOTSP-SHAKE_256") {
33 return WOTSP_SHAKE_256;
34 }
35 if(param_set == "WOTSP-SHAKE_512") {
36 return WOTSP_SHAKE_512;
37 }
38 if(param_set == "WOTSP-SHA2_192") {
39 return WOTSP_SHA2_192;
40 }
41 if(param_set == "WOTSP-SHAKE_256_256") {
43 }
44 if(param_set == "WOTSP-SHAKE_256_192") {
46 }
47
48 throw Lookup_Error(fmt("Unknown XMSS-WOTS algorithm param '{}'", param_set));
49}
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::fmt(), WOTSP_SHA2_192, WOTSP_SHA2_256, WOTSP_SHA2_512, WOTSP_SHAKE_256, WOTSP_SHAKE_256_192, WOTSP_SHAKE_256_256, and WOTSP_SHAKE_512.

Referenced by XMSS_WOTS_Parameters().


The documentation for this class was generated from the following files: