doxygen/sp__xmss_8cpp_source.html

/*

* SLH-DSA's XMSS - eXtended Merkle Signature Scheme (FIPS 205, Section 6)

* (C) 2023 Jack Lloyd

*     2023 Fabian Albert, René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/internal/sp_xmss.h>


#include <botan/internal/sp_address.h>

#include <botan/internal/sp_treehash.h>

#include <botan/internal/sp_wots.h>

#include <botan/internal/stl_util.h>

#include <optional>


namespace Botan {


SphincsTreeNode xmss_sign_and_pkgen(StrongSpan<SphincsXmssSignature> out_sig,

                                    const SphincsTreeNode& message,

                                    const SphincsSecretSeed& secret_seed,

                                    Sphincs_Address& wots_addr,

                                    Sphincs_Address& tree_addr,

                                    std::optional<TreeNodeIndex> idx_leaf,

                                    const Sphincs_Parameters& params,

                                    Sphincs_Hash_Functions& hashes) {

   BufferStuffer sig(out_sig);

   auto wots_bytes_s = sig.next<WotsSignature>(params.wots_bytes());

   auto auth_path_s = sig.next<SphincsAuthenticationPath>(sig.remaining_capacity());


   const auto steps = [&]() -> std::vector<WotsHashIndex> {

      // if `idx_leaf` is not set, we don't want to calculate a signature and

      // therefore won't need to bother preparing the chain lengths either.

      if(idx_leaf.has_value()) {

         return chain_lengths(message, params);

      } else {

         return {};

      };

   }();


   Sphincs_Address leaf_addr = Sphincs_Address::as_subtree_from(wots_addr);

   Sphincs_Address pk_addr = Sphincs_Address::as_subtree_from(wots_addr);


   pk_addr.set_type(Sphincs_Address_Type::WotsPublicKeyCompression);


   GenerateLeafFunction xmss_gen_leaf = [&](StrongSpan<SphincsTreeNode> out_root, TreeNodeIndex address_index) {

      wots_sign_and_pkgen(

         wots_bytes_s, out_root, secret_seed, address_index, idx_leaf, steps, leaf_addr, pk_addr, params, hashes);

   };


   SphincsTreeNode next_root(params.n());

   BOTAN_ASSERT_NOMSG(tree_addr.get_type() == Sphincs_Address_Type::HashTree);

   treehash(next_root, auth_path_s, params, hashes, idx_leaf, 0, params.xmss_tree_height(), xmss_gen_leaf, tree_addr);


   return next_root;

}


SphincsTreeNode xmss_gen_root(const Sphincs_Parameters& params,

                              const SphincsSecretSeed& secret_seed,

                              Sphincs_Hash_Functions& hashes) {

   // We do not need the a sig/auth path in key generation, but it simplifies the

   // code to have just one treehash routine that computes both root and path

   // in one function.

   SphincsXmssSignature dummy_sig(params.xmss_tree_height() * params.n() + params.wots_bytes());

   SphincsTreeNode dummy_root(params.n());


   Sphincs_Address top_tree_addr(Sphincs_Address_Type::HashTree);

   Sphincs_Address wots_addr(Sphincs_Address_Type::WotsPublicKeyCompression);


   top_tree_addr.set_layer_address(HypertreeLayerIndex(params.d() - 1));

   wots_addr.set_layer_address(HypertreeLayerIndex(params.d() - 1));


   SphincsTreeNode root =

      xmss_sign_and_pkgen(dummy_sig, dummy_root, secret_seed, wots_addr, top_tree_addr, std::nullopt, params, hashes);


   return root;

}


}  // namespace Botan

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59

Botan::BufferStuffer
Helper class to ease in-place marshalling of concatenated fixed-length values.
Definition stl_util.h:142

Botan::BufferStuffer::remaining_capacity
constexpr size_t remaining_capacity() const
Definition stl_util.h:189

Botan::BufferStuffer::next
constexpr std::span< uint8_t > next(size_t bytes)
Definition stl_util.h:150

Botan::Sphincs_Address
Definition sp_address.h:34

Botan::Sphincs_Address::get_type
Sphincs_Address_Type get_type() const
Definition sp_address.h:137

Botan::Sphincs_Address::set_layer_address
Sphincs_Address & set_layer_address(HypertreeLayerIndex layer)
Definition sp_address.h:58

Botan::Sphincs_Address::as_subtree_from
static Sphincs_Address as_subtree_from(const Sphincs_Address &other)
Definition sp_address.h:115

Botan::Sphincs_Address::set_type
Sphincs_Address & set_type(Sphincs_Address_Type type)
Definition sp_address.h:74

Botan::Sphincs_Hash_Functions
Definition sp_hash.h:23

Botan::Sphincs_Parameters
Definition sp_parameters.h:45

Botan::Sphincs_Parameters::wots_bytes
uint32_t wots_bytes() const
Definition sp_parameters.h:170

Botan::Sphincs_Parameters::n
size_t n() const
Definition sp_parameters.h:96

Botan::Sphincs_Parameters::xmss_tree_height
uint32_t xmss_tree_height() const
Definition sp_parameters.h:135

Botan::Sphincs_Parameters::d
uint32_t d() const
Definition sp_parameters.h:106

Botan::StrongSpan
Definition strong_type.h:614

Botan::Strong< std::vector< uint8_t >, struct SphincsTreeNode_ >

Botan
Definition alg_id.cpp:13

Botan::root
Gf448Elem root(const Gf448Elem &elem)
Compute the root of elem in the field.
Definition curve448_gf.cpp:354

Botan::Sphincs_Address_Type::HashTree
@ HashTree

Botan::Sphincs_Address_Type::WotsPublicKeyCompression
@ WotsPublicKeyCompression

Botan::xmss_gen_root
SphincsTreeNode xmss_gen_root(const Sphincs_Parameters &params, const SphincsSecretSeed &secret_seed, Sphincs_Hash_Functions &hashes)
Definition sp_xmss.cpp:58

Botan::wots_sign_and_pkgen
void wots_sign_and_pkgen(StrongSpan< WotsSignature > sig_out, StrongSpan< SphincsTreeNode > leaf_out, const SphincsSecretSeed &secret_seed, TreeNodeIndex leaf_idx, std::optional< TreeNodeIndex > sign_leaf_idx, const std::vector< WotsHashIndex > &wots_steps, Sphincs_Address &leaf_addr, Sphincs_Address &pk_addr, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 6 and 7: wots_pkGen and wots_sign.
Definition sp_wots.cpp:132

Botan::GenerateLeafFunction
std::function< void(StrongSpan< SphincsTreeNode >, TreeNodeIndex)> GenerateLeafFunction
Definition sp_treehash.h:25

Botan::xmss_sign_and_pkgen
SphincsTreeNode xmss_sign_and_pkgen(StrongSpan< SphincsXmssSignature > out_sig, const SphincsTreeNode &message, const SphincsSecretSeed &secret_seed, Sphincs_Address &wots_addr, Sphincs_Address &tree_addr, std::optional< TreeNodeIndex > idx_leaf, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 10: xmss_sign.
Definition sp_xmss.cpp:19

Botan::HypertreeLayerIndex
Strong< uint32_t, struct HypertreeLayerIndex_ > HypertreeLayerIndex
Index of a layer in the XMSS hyper-tree.
Definition sp_types.h:86

Botan::chain_lengths
std::vector< WotsHashIndex > chain_lengths(const SphincsTreeNode &msg, const Sphincs_Parameters &params)
Definition sp_wots.cpp:91

Botan::treehash
void treehash(StrongSpan< SphincsTreeNode > out_root, StrongSpan< SphincsAuthenticationPath > out_auth_path, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes, std::optional< TreeNodeIndex > leaf_idx, uint32_t idx_offset, uint32_t total_tree_height, const GenerateLeafFunction &gen_leaf, Sphincs_Address &tree_address)
Definition sp_treehash.cpp:17