Botan 3.6.1
Crypto and TLS for C&
Botan::XMSS_WOTS_PrivateKey Class Reference

#include <xmss_wots.h>

Inheritance diagram for Botan::XMSS_WOTS_PrivateKey:
Botan::XMSS_WOTS_Base

Public Member Functions

const wots_keysig_tkey_data () const
 
wots_keysig_t sign (const secure_vector< uint8_t > &msg, std::span< const uint8_t > public_seed, XMSS_Address &adrs, XMSS_Hash &hash)
 
 XMSS_WOTS_PrivateKey (XMSS_WOTS_Parameters params, std::span< const uint8_t > private_seed, XMSS_Address adrs, XMSS_Hash &hash)
 
 XMSS_WOTS_PrivateKey (XMSS_WOTS_Parameters params, std::span< const uint8_t > public_seed, std::span< const uint8_t > private_seed, XMSS_Address adrs, XMSS_Hash &hash)
 

Protected Attributes

wots_keysig_t m_key_data
 
XMSS_WOTS_Parameters m_params
 

Detailed Description

A Winternitz One Time Signature private key for use with Extended Hash-Based Signatures.

Definition at line 98 of file xmss_wots.h.

Constructor & Destructor Documentation

◆ XMSS_WOTS_PrivateKey() [1/2]

Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey ( XMSS_WOTS_Parameters params,
std::span< const uint8_t > public_seed,
std::span< const uint8_t > private_seed,
XMSS_Address adrs,
XMSS_Hash & hash )

Algorithm 3: "Generating a WOTS+ Private Key". Generates a private key.

Note that this is implemented according to the recommendations in NIST SP.800-208 Section 6.2 to avoid a multi-target attack vulnerability. This does not influence the sign/verify interoperability with implementations that do not implement this recommendation.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters
paramsThe WOTS parameters to use
public_seedThe public seed for the private key generation
private_seedThe private seed for the private key generation
adrsThe address of the key to retrieve.
hashInstance of XMSS_Hash, that may only be used by the thread executing at.

Definition at line 131 of file xmss_wots.cpp.

135 :
136 XMSS_WOTS_Base(std::move(params)) {
137 m_key_data.resize(m_params.len());
138 for(size_t i = 0; i < m_params.len(); ++i) {
139 adrs.set_chain_address(static_cast<uint32_t>(i));
140 const auto data = concat<std::vector<uint8_t>>(public_seed, adrs.bytes());
141 hash.prf_keygen(m_key_data[i], private_seed, data);
142 }
143}
XMSS_WOTS_Base(XMSS_WOTS_Parameters params)
Definition xmss_wots.h:33
wots_keysig_t m_key_data
Definition xmss_wots.h:42
XMSS_WOTS_Parameters m_params
Definition xmss_wots.h:41
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:263

References Botan::XMSS_WOTS_Parameters::len(), Botan::XMSS_WOTS_Base::m_key_data, and Botan::XMSS_WOTS_Base::m_params.

◆ XMSS_WOTS_PrivateKey() [2/2]

Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey ( XMSS_WOTS_Parameters params,
std::span< const uint8_t > private_seed,
XMSS_Address adrs,
XMSS_Hash & hash )

Constructor for the old derivation logic. Creates a WOTS+ private key using the old key derivation logic, i.e. the logic WITHOUT the recommendations in NIST SP.800-208. It is used to support XMSS_PrivateKeys created before the derivation logic was updated.

Parameters
paramsThe WOTS parameters to use
private_seedThe private seed for the private key generation
adrsThe address of the key to retrieve.
hashInstance of XMSS_Hash, that may only be used by the thread executing it.

Definition at line 146 of file xmss_wots.cpp.

149 :
150 XMSS_WOTS_Base(std::move(params)) {
151 m_key_data.resize(m_params.len());
152
154 hash.prf(r, private_seed, adrs.bytes());
155
156 for(size_t i = 0; i < m_params.len(); ++i) {
158 hash.prf(m_key_data[i], r, m_key_data[i]);
159 }
160}
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition xmss_tools.h:54
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

References Botan::XMSS_Address::bytes(), Botan::XMSS_WOTS_Parameters::len(), Botan::XMSS_WOTS_Base::m_key_data, Botan::XMSS_WOTS_Base::m_params, and Botan::XMSS_Hash::prf().

Member Function Documentation

◆ key_data()

const wots_keysig_t & Botan::XMSS_WOTS_Base::key_data ( ) const
inlineinherited

Definition at line 38 of file xmss_wots.h.

38{ return m_key_data; }

References Botan::XMSS_WOTS_Base::m_key_data.

Referenced by sign().

◆ sign()

wots_keysig_t Botan::XMSS_WOTS_PrivateKey::sign ( const secure_vector< uint8_t > & msg,
std::span< const uint8_t > public_seed,
XMSS_Address & adrs,
XMSS_Hash & hash )

Algorithm 5: "WOTS_sign" Generates a signature from a private key and a message.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters
msgA message to sign.
public_seedThe public seed to use for the signature
adrsAn OTS hash address identifying the WOTS+ key pair used for signing.
hashInstance of XMSS_Hash, that may only be used by the thread executing sign.
Returns
signature for msg.

Definition at line 114 of file xmss_wots.cpp.

117 {
119
120 m_params.append_checksum(msg_digest);
121 auto sig = this->key_data();
122
123 for(size_t i = 0; i < m_params.len(); i++) {
124 adrs.set_chain_address(static_cast<uint32_t>(i));
125 chain(m_params, sig[i], 0, msg_digest[i], adrs, public_seed, hash);
126 }
127
128 return sig;
129}
const wots_keysig_t & key_data() const
Definition xmss_wots.h:38
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
void append_checksum(secure_vector< uint8_t > &data) const

References Botan::XMSS_WOTS_Parameters::append_checksum(), Botan::XMSS_WOTS_Parameters::base_w(), Botan::XMSS_WOTS_Base::key_data(), Botan::XMSS_WOTS_Parameters::len(), Botan::XMSS_WOTS_Parameters::len_1(), Botan::XMSS_WOTS_Base::m_params, and Botan::XMSS_Address::set_chain_address().

Member Data Documentation

◆ m_key_data

◆ m_params


The documentation for this class was generated from the following files: