Botan 3.7.1
Crypto and TLS for C&
sphincsplus.cpp
Go to the documentation of this file.
1/*
2* SLH-DSA - Stateless Hash-Based Digital Signature Standard - FIPS 205
3* (C) 2023 Jack Lloyd
4* 2023 Fabian Albert, René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7**/
8
9#include <botan/sphincsplus.h>
10
11#include <botan/rng.h>
12#include <botan/internal/int_utils.h>
13#include <botan/internal/pk_ops_impl.h>
14#include <botan/internal/sp_fors.h>
15#include <botan/internal/sp_hash.h>
16#include <botan/internal/sp_hypertree.h>
17#include <botan/internal/sp_treehash.h>
18#include <botan/internal/sp_types.h>
19#include <botan/internal/sp_wots.h>
20#include <botan/internal/sp_xmss.h>
21#include <botan/internal/stl_util.h>
22
23#include <utility>
24
25#if !defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHA2) and !defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHAKE) and \
26 !defined(BOTAN_HAS_SLH_DSA_WITH_SHA2) and !defined(BOTAN_HAS_SLH_DSA_WITH_SHAKE)
27static_assert(
28 false,
29 "botan module 'sphincsplus_common' is useful only when enabling at least 'sphincsplus_sha2', 'sphincsplus_shake', 'slh_dsa_sha2', or 'slh_dsa_shake'");
30#endif
31
32namespace Botan {
33
34namespace {
35// FIPS 205, Algorithm 22, line 8
36SphincsMessageInternal prepare_message(SphincsInputMessage msg,
37 const Sphincs_Parameters& params,
38 StrongSpan<const SphincsContext> context) {
39 BOTAN_ARG_CHECK(params.is_slh_dsa() || context.empty(), "Context is not supported for SPHINCS+");
40#if defined(BOTAN_HAS_SLH_DSA_WITH_SHA2) || defined(BOTAN_HAS_SLH_DSA_WITH_SHAKE)
41 if(params.is_slh_dsa()) {
42 // prefix (no pre-hash mode): input mode byte + |ctx| + ctx
43 const uint8_t input_mode_byte = 0x00; // Pure (TODO: pre-hash mode: 0x01)
44 return {
45 .prefix = concat<SphincsMessagePrefix>(
46 store_be(input_mode_byte), store_be(checked_cast_to<uint8_t>(context.size())), context),
47 .message = std::move(msg),
48 };
49 }
50#endif
51#if defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHA2) || defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHAKE)
52 if(!params.is_slh_dsa()) {
53 // SPHINCS+ Round 3.1 uses the message without any prefix
54 return {
55 .prefix = {}, // SPHINCS+ has no prefix
56 .message = std::move(msg),
57 };
58 }
59#endif
60 throw Internal_Error("Missing message preparation logic for SLH-DSA or SPHINCS+");
61}
62} // namespace
63
64class SphincsPlus_PublicKeyInternal final {
65 public:
66 SphincsPlus_PublicKeyInternal(Sphincs_Parameters params,
67 SphincsPublicSeed public_seed,
68 SphincsTreeNode sphincs_root) :
69 m_params(params), m_public_seed(std::move(public_seed)), m_sphincs_root(std::move(sphincs_root)) {}
70
71 SphincsPlus_PublicKeyInternal(Sphincs_Parameters params, std::span<const uint8_t> key_bits) : m_params(params) {
72 if(key_bits.size() != m_params.public_key_bytes()) {
73 throw Decoding_Error("SLH-DSA (or SPHINCS+) Public Key doesn't have the expected length");
74 }
75
76 BufferSlicer s(key_bits);
77 m_public_seed = s.copy<SphincsPublicSeed>(params.n());
78 m_sphincs_root = s.copy<SphincsTreeNode>(params.n());
79
80 BOTAN_ASSERT_NOMSG(s.empty());
81 }
82
83 std::vector<uint8_t> key_bits() const { return concat<std::vector<uint8_t>>(m_public_seed, m_sphincs_root); }
84
85 const SphincsPublicSeed& seed() const { return m_public_seed; }
86
87 const SphincsTreeNode& root() const { return m_sphincs_root; }
88
89 const Sphincs_Parameters& parameters() const { return m_params; }
90
91 private:
92 Sphincs_Parameters m_params;
93 SphincsPublicSeed m_public_seed;
94 SphincsTreeNode m_sphincs_root;
95};
96
97class SphincsPlus_PrivateKeyInternal final {
98 public:
99 SphincsPlus_PrivateKeyInternal(SphincsSecretSeed secret_seed, SphincsSecretPRF prf) :
100 m_secret_seed(std::move(secret_seed)), m_prf(std::move(prf)) {}
101
102 SphincsPlus_PrivateKeyInternal(const Sphincs_Parameters& params, std::span<const uint8_t> key_bits) {
103 if(key_bits.size() != params.private_key_bytes() - params.public_key_bytes()) {
104 throw Decoding_Error("SLH-DSA (or SPHINCS+) Private Key doesn't have the expected length");
105 }
106
107 BufferSlicer s(key_bits);
108 m_secret_seed = s.copy<SphincsSecretSeed>(params.n());
109 m_prf = s.copy<SphincsSecretPRF>(params.n());
110
111 BOTAN_ASSERT_NOMSG(s.empty());
112 }
113
114 const SphincsSecretSeed& seed() const { return m_secret_seed; }
115
116 const SphincsSecretPRF& prf() const { return m_prf; }
117
118 secure_vector<uint8_t> key_bits() const { return concat<secure_vector<uint8_t>>(m_secret_seed, m_prf); }
119
120 private:
121 SphincsSecretSeed m_secret_seed;
122 SphincsSecretPRF m_prf;
123};
124
125SphincsPlus_PublicKey::SphincsPlus_PublicKey(std::span<const uint8_t> pub_key,
126 Sphincs_Parameter_Set type,
127 Sphincs_Hash_Type hash) :
128 SphincsPlus_PublicKey(pub_key, Sphincs_Parameters::create(type, hash)) {}
129
130SphincsPlus_PublicKey::SphincsPlus_PublicKey(std::span<const uint8_t> pub_key, Sphincs_Parameters params) :
131 m_public(std::make_shared<SphincsPlus_PublicKeyInternal>(params, pub_key)) {
132 if(!params.is_available()) {
133 throw Not_Implemented("This SPHINCS+ parameter set is not available in this configuration");
134 }
135}
136
137SphincsPlus_PublicKey::SphincsPlus_PublicKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits) :
138 SphincsPlus_PublicKey(key_bits, Sphincs_Parameters::create(alg_id.oid())) {}
139
140SphincsPlus_PublicKey::~SphincsPlus_PublicKey() = default;
141
142size_t SphincsPlus_PublicKey::key_length() const {
143 return m_public->parameters().n() * 8;
144}
145
146std::string SphincsPlus_PublicKey::algo_name() const {
147 return m_public->parameters().is_slh_dsa() ? "SLH-DSA" : "SPHINCS+";
148}
149
150size_t SphincsPlus_PublicKey::estimated_strength() const {
151 return m_public->parameters().bitsec();
152}
153
154AlgorithmIdentifier SphincsPlus_PublicKey::algorithm_identifier() const {
155 return m_public->parameters().algorithm_identifier();
156}
157
158OID SphincsPlus_PublicKey::object_identifier() const {
159 return m_public->parameters().object_identifier();
160}
161
162bool SphincsPlus_PublicKey::check_key(RandomNumberGenerator&, bool) const {
163 // Nothing to check. It's literally just hashes. :-)
164 return true;
165}
166
167std::vector<uint8_t> SphincsPlus_PublicKey::raw_public_key_bits() const {
168 return m_public->key_bits();
169}
170
171std::vector<uint8_t> SphincsPlus_PublicKey::public_key_bits() const {
172 // Currently, there isn't a finalized definition of an ASN.1 structure for
173 // SLH-DSA or SPHINCS+ public keys. Therefore, we return the raw public key bits.
174 return raw_public_key_bits();
175}
176
177std::unique_ptr<Private_Key> SphincsPlus_PublicKey::generate_another(RandomNumberGenerator& rng) const {
178 return std::make_unique<SphincsPlus_PrivateKey>(rng, m_public->parameters());
179}
180
181class SphincsPlus_Verification_Operation final : public PK_Ops::Verification {
182 public:
183 SphincsPlus_Verification_Operation(std::shared_ptr<SphincsPlus_PublicKeyInternal> pub_key) :
184 m_public(std::move(pub_key)),
185 m_hashes(Botan::Sphincs_Hash_Functions::create(m_public->parameters(), m_public->seed())),
186 m_context(/* TODO: Add API */ {}) {
187 BOTAN_ARG_CHECK(m_context.size() <= 255, "Context must not exceed 255 bytes");
188
189 if(!m_public->parameters().is_available()) {
190 throw Not_Implemented("This SPHINCS+ parameter set is not available in this configuration");
191 }
192 }
193
194 /**
195 * Add more data to the message currently being signed
196 * @param msg the message
197 */
198 void update(std::span<const uint8_t> msg) override {
199 // TODO(For Pre-Hash Mode): We need to stream the message into a hash function.
200 m_msg_buffer.get().insert(m_msg_buffer.end(), msg.begin(), msg.end());
201 }
202
203 /**
204 * Perform a verification operation
205 */
206 bool is_valid_signature(std::span<const uint8_t> sig) override {
207 const auto internal_msg = prepare_message(std::exchange(m_msg_buffer, {}), m_public->parameters(), m_context);
208 return slh_verify_internal(internal_msg, sig);
209 }
210
211 std::string hash_function() const override { return m_hashes->msg_hash_function_name(); }
212
213 private:
214 /// FIPS 205, Algorithm 20
215 bool slh_verify_internal(const SphincsMessageInternal& msg, std::span<const uint8_t> sig) {
216 const auto& p = m_public->parameters();
217 if(sig.size() != p.sphincs_signature_bytes()) {
218 return false;
219 }
220
221 BufferSlicer s(sig);
222 // Compute leaf and tree index from R
223 const auto msg_random_s = s.take<SphincsMessageRandomness>(p.n());
224 auto [mhash, tree_idx, leaf_idx] = m_hashes->H_msg(msg_random_s, m_public->root(), msg);
225
226 // Reconstruct the FORS tree
227 Sphincs_Address fors_addr(Sphincs_Address_Type::ForsTree);
228 fors_addr.set_tree_address(tree_idx).set_keypair_address(leaf_idx);
229 const auto fors_sig_s = s.take<ForsSignature>(p.fors_signature_bytes());
230 auto fors_root = fors_public_key_from_signature(mhash, fors_sig_s, fors_addr, p, *m_hashes);
231
232 // Verify the hypertree signature
233 const auto ht_sig_s = s.take<SphincsHypertreeSignature>(p.ht_signature_bytes());
234 BOTAN_ASSERT_NOMSG(s.empty());
235 return ht_verify(fors_root, ht_sig_s, m_public->root(), tree_idx, leaf_idx, p, *m_hashes);
236 }
237
238 std::shared_ptr<SphincsPlus_PublicKeyInternal> m_public;
239 std::unique_ptr<Sphincs_Hash_Functions> m_hashes;
240 SphincsInputMessage m_msg_buffer;
241 SphincsContext m_context;
242};
243
244std::unique_ptr<PK_Ops::Verification> SphincsPlus_PublicKey::create_verification_op(std::string_view /*params*/,
245 std::string_view provider) const {
246 if(provider.empty() || provider == "base") {
247 return std::make_unique<SphincsPlus_Verification_Operation>(m_public);
248 }
249 throw Provider_Not_Found(algo_name(), provider);
250}
251
252std::unique_ptr<PK_Ops::Verification> SphincsPlus_PublicKey::create_x509_verification_op(
253 const AlgorithmIdentifier& signature_algorithm, std::string_view provider) const {
254 if(provider.empty() || provider == "base") {
255 if(signature_algorithm != this->algorithm_identifier()) {
256 throw Decoding_Error("Unexpected AlgorithmIdentifier for SLH-DSA (or SPHINCS+) signature");
257 }
258 return std::make_unique<SphincsPlus_Verification_Operation>(m_public);
259 }
260 throw Provider_Not_Found(algo_name(), provider);
261}
262
266
267namespace {
268
269std::span<const uint8_t> slice_off_public_key(const OID& oid, std::span<const uint8_t> key_bits) {
270 const auto params = Sphincs_Parameters::create(oid);
271 // Note: We need to transiently instantiate the `Sphincs_Parameters` object
272 // to know the size of the public/private key. That's slightly
273 // inefficient but was the best we could do. Once we get rid of the
274 // PublicKey-PrivateKey inheritance, we might want to reconsider this
275 // control flow.
276 if(key_bits.size() != params.private_key_bytes()) {
277 throw Decoding_Error("Sphincs Private Key doesn't have the expected length");
278 }
279
280 return key_bits.subspan(params.private_key_bytes() - params.public_key_bytes());
281}
282
283} // namespace
284
285SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(std::span<const uint8_t> private_key,
286 Sphincs_Parameter_Set type,
287 Sphincs_Hash_Type hash) :
288 SphincsPlus_PrivateKey(private_key, Sphincs_Parameters::create(type, hash)) {}
289
290SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits) :
291 SphincsPlus_PrivateKey(key_bits, Sphincs_Parameters::create(alg_id.oid())) {}
292
293SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(std::span<const uint8_t> private_key, Sphincs_Parameters params) :
294 SphincsPlus_PublicKey(slice_off_public_key(params.object_identifier(), private_key), params) {
295 if(!params.is_available()) {
296 throw Not_Implemented("This SPHINCS+ parameter set is not available in this configuration");
297 }
298
299 const auto private_portion_bytes = params.private_key_bytes() - params.public_key_bytes();
300 BOTAN_ASSERT_NOMSG(private_key.size() >= private_portion_bytes);
301
302 m_private = std::make_shared<SphincsPlus_PrivateKeyInternal>(params, private_key.first(private_portion_bytes));
303}
304
309
310// FIPS 205, Algorithm 21
311SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(RandomNumberGenerator& rng, Sphincs_Parameters params) {
312 if(!params.is_available()) {
313 throw Not_Implemented("This SPHINCS+ parameter set is not available in this configuration");
314 }
315 auto sk_seed = rng.random_vec<SphincsSecretSeed>(params.n());
316 auto sk_prf = rng.random_vec<SphincsSecretPRF>(params.n());
317
318 m_private = std::make_shared<SphincsPlus_PrivateKeyInternal>(std::move(sk_seed), std::move(sk_prf));
319
320 auto pub_seed = rng.random_vec<SphincsPublicSeed>(params.n());
321 auto hashes = Sphincs_Hash_Functions::create(params, pub_seed);
322 auto root = xmss_gen_root(params, m_private->seed(), *hashes);
323
324 m_public = std::make_shared<SphincsPlus_PublicKeyInternal>(params, std::move(pub_seed), std::move(root));
325}
326
327SphincsPlus_PrivateKey::~SphincsPlus_PrivateKey() = default;
328
329secure_vector<uint8_t> SphincsPlus_PrivateKey::private_key_bits() const {
330 return concat(m_private->key_bits(), m_public->key_bits());
331}
332
336
337std::unique_ptr<Public_Key> SphincsPlus_PrivateKey::public_key() const {
338 return std::make_unique<SphincsPlus_PublicKey>(*this);
339}
340
341class SphincsPlus_Signature_Operation final : public PK_Ops::Signature {
342 public:
343 SphincsPlus_Signature_Operation(std::shared_ptr<SphincsPlus_PrivateKeyInternal> private_key,
344 std::shared_ptr<SphincsPlus_PublicKeyInternal> public_key,
345 bool randomized) :
346 m_private(std::move(private_key)),
347 m_public(std::move(public_key)),
348 m_hashes(Botan::Sphincs_Hash_Functions::create(m_public->parameters(), m_public->seed())),
349 m_randomized(randomized),
350 m_context(/* TODO: add API for context */ {}) {
351 BOTAN_ARG_CHECK(m_context.size() <= 255, "Context must not exceed 255 bytes");
352 BOTAN_ARG_CHECK(m_public->parameters().is_available(),
353 "The selected SLH-DSA (or SPHINCS+) instance is not available in this build.");
354 }
355
356 void update(std::span<const uint8_t> msg) override {
357 // TODO(For Pre-Hash Mode): We need to stream the message into a hash function.
358 m_msg_buffer.get().insert(m_msg_buffer.end(), msg.begin(), msg.end());
359 }
360
361 std::vector<uint8_t> sign(RandomNumberGenerator& rng) override {
362 std::optional<SphincsOptionalRandomness> addrnd = std::nullopt;
363 if(m_randomized) {
364 addrnd = rng.random_vec<SphincsOptionalRandomness>(m_public->parameters().n());
365 }
366 auto internal_msg = prepare_message(std::exchange(m_msg_buffer, {}), m_public->parameters(), m_context);
367
368 return slh_sign_internal(internal_msg, addrnd);
369 }
370
371 size_t signature_length() const override { return m_public->parameters().sphincs_signature_bytes(); }
372
373 AlgorithmIdentifier algorithm_identifier() const override {
374 return m_public->parameters().algorithm_identifier();
375 }
376
377 std::string hash_function() const override { return m_hashes->msg_hash_function_name(); }
378
379 private:
380 // FIPS 205, Algorithm 19
381 std::vector<uint8_t> slh_sign_internal(const SphincsMessageInternal& message,
382 std::optional<StrongSpan<const SphincsOptionalRandomness>> addrnd) {
383 const auto& p = m_public->parameters();
384
385 std::vector<uint8_t> sphincs_sig_buffer(p.sphincs_signature_bytes());
386 BufferStuffer sphincs_sig(sphincs_sig_buffer);
387
388 // Compute and append the digest randomization value (R of spec).
389 // Use addrng for the randomized variant. Use the public seed for the deterministic one.
390 const auto opt_rand =
391 (addrnd.has_value()) ? addrnd.value() : StrongSpan<const SphincsOptionalRandomness>(m_public->seed());
392
393 auto msg_random_s = sphincs_sig.next<SphincsMessageRandomness>(p.n());
394 m_hashes->PRF_msg(msg_random_s, m_private->prf(), opt_rand, message);
395
396 // Derive the message digest and leaf index from R, PK and M.
397 auto [mhash, tree_idx, leaf_idx] = m_hashes->H_msg(msg_random_s, m_public->root(), message);
398
399 // Compute and append the FORS signature
400 Sphincs_Address fors_addr(Sphincs_Address_Type::ForsTree);
401 fors_addr.set_tree_address(tree_idx).set_keypair_address(leaf_idx);
402 auto fors_root = fors_sign_and_pkgen(sphincs_sig.next<ForsSignature>(p.fors_signature_bytes()),
403 mhash,
404 m_private->seed(),
405 fors_addr,
406 p,
407 *m_hashes);
408
409 // Compute and append the XMSS hypertree signature
410 ht_sign(sphincs_sig.next<SphincsHypertreeSignature>(p.ht_signature_bytes()),
411 fors_root,
412 m_private->seed(),
413 tree_idx,
414 leaf_idx,
415 p,
416 *m_hashes);
417
418 BOTAN_ASSERT_NOMSG(sphincs_sig.full());
419 return sphincs_sig_buffer;
420 }
421
422 std::shared_ptr<SphincsPlus_PrivateKeyInternal> m_private;
423 std::shared_ptr<SphincsPlus_PublicKeyInternal> m_public;
424 std::unique_ptr<Sphincs_Hash_Functions> m_hashes;
425 SphincsInputMessage m_msg_buffer;
426 bool m_randomized;
427 SphincsContext m_context;
428};
429
430std::unique_ptr<PK_Ops::Signature> SphincsPlus_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
431 std::string_view params,
432 std::string_view provider) const {
433 BOTAN_UNUSED(rng);
434 BOTAN_ARG_CHECK(params.empty() || params == "Deterministic" || params == "Randomized",
435 "Unexpected parameters for signing with SLH-DSA (or SPHINCS+)");
436
437 // FIPS 205, Section 9.2
438 // The hedged variant is the default and should be used on platforms where
439 // side-channel attacks are a concern.
440 const bool randomized = (params.empty() || params == "Randomized");
441 if(provider.empty() || provider == "base") {
442 return std::make_unique<SphincsPlus_Signature_Operation>(m_private, m_public, randomized);
443 }
444 throw Provider_Not_Found(algo_name(), provider);
445}
446
447} // namespace Botan
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:118
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Botan::AlgorithmIdentifier::parameters
const std::vector< uint8_t > & parameters() const
Definition asn1_obj.h:474
Botan::Decoding_Error
Definition exceptn.h:191
Botan::Not_Implemented
Definition exceptn.h:334
Botan::PK_Ops::Signature
Definition pk_ops.h:105
Botan::PK_Ops::Verification
Definition pk_ops.h:80
Botan::Provider_Not_Found
Definition exceptn.h:262
Botan::RandomNumberGenerator::random_vec
void random_vec(std::span< uint8_t > v)
Definition rng.h:180
Botan::SphincsPlus_PrivateKey
An SLH-DSA private key.
Definition sphincsplus.h:91
Botan::SphincsPlus_PrivateKey::raw_private_key_bits
secure_vector< uint8_t > raw_private_key_bits() const override
Definition sphincsplus.cpp:333
Botan::SphincsPlus_PrivateKey::create_signature_op
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
Definition sphincsplus.cpp:430
Botan::SphincsPlus_PrivateKey::~SphincsPlus_PrivateKey
~SphincsPlus_PrivateKey() override
Botan::SphincsPlus_PrivateKey::SphincsPlus_PrivateKey
SphincsPlus_PrivateKey(std::span< const uint8_t > private_key, Sphincs_Parameter_Set type, Sphincs_Hash_Type hash)
Definition sphincsplus.cpp:285
Botan::SphincsPlus_PrivateKey::private_key_bits
secure_vector< uint8_t > private_key_bits() const override
Definition sphincsplus.cpp:329
Botan::SphincsPlus_PrivateKey::public_key
std::unique_ptr< Public_Key > public_key() const override
Definition sphincsplus.cpp:337
Botan::SphincsPlus_PublicKey
An SLH-DSA (or SPHINCS+ Round 3.1) public key.
Definition sphincsplus.h:31
Botan::SphincsPlus_PublicKey::public_key_bits
std::vector< uint8_t > public_key_bits() const override
Definition sphincsplus.cpp:171
Botan::SphincsPlus_PublicKey::raw_public_key_bits
std::vector< uint8_t > raw_public_key_bits() const override
Definition sphincsplus.cpp:167
Botan::SphincsPlus_PublicKey::create_x509_verification_op
std::unique_ptr< PK_Ops::Verification > create_x509_verification_op(const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const override
Definition sphincsplus.cpp:252
Botan::SphincsPlus_PublicKey::create_verification_op
std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const override
Definition sphincsplus.cpp:244
Botan::SphincsPlus_PublicKey::supports_operation
bool supports_operation(PublicKeyOperation op) const override
Definition sphincsplus.cpp:263
Botan::SphincsPlus_PublicKey::~SphincsPlus_PublicKey
~SphincsPlus_PublicKey() override
Botan::SphincsPlus_PublicKey::algo_name
std::string algo_name() const override
Definition sphincsplus.cpp:146
Botan::SphincsPlus_PublicKey::key_length
size_t key_length() const override
Definition sphincsplus.cpp:142
Botan::SphincsPlus_PublicKey::generate_another
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
Definition sphincsplus.cpp:177
Botan::SphincsPlus_PublicKey::check_key
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition sphincsplus.cpp:162
Botan::SphincsPlus_PublicKey::algorithm_identifier
AlgorithmIdentifier algorithm_identifier() const override
Definition sphincsplus.cpp:154
Botan::SphincsPlus_PublicKey::SphincsPlus_PublicKey
SphincsPlus_PublicKey()=default
Botan::SphincsPlus_PublicKey::m_public
std::shared_ptr< SphincsPlus_PublicKeyInternal > m_public
Definition sphincsplus.h:63
Botan::SphincsPlus_PublicKey::estimated_strength
size_t estimated_strength() const override
Definition sphincsplus.cpp:150
Botan::SphincsPlus_PublicKey::object_identifier
OID object_identifier() const override
Definition sphincsplus.cpp:158
Botan::Sphincs_Hash_Functions
Definition sp_hash.h:23
Botan::Sphincs_Hash_Functions::create
static std::unique_ptr< Sphincs_Hash_Functions > create(const Sphincs_Parameters &sphincs_params, const SphincsPublicSeed &pub_seed)
Definition sp_hash.cpp:34
Botan::Sphincs_Parameters
Definition sp_parameters.h:45
Botan::Sphincs_Parameters::n
size_t n() const
Definition sp_parameters.h:96
Botan::Sphincs_Parameters::private_key_bytes
uint32_t private_key_bytes() const
Definition sp_parameters.h:200
Botan::Sphincs_Parameters::public_key_bytes
uint32_t public_key_bytes() const
Definition sp_parameters.h:195
Botan::Sphincs_Parameters::is_available
bool is_available() const
Definition sp_parameters.cpp:324
Botan::Sphincs_Parameters::create
static Sphincs_Parameters create(Sphincs_Parameter_Set set, Sphincs_Hash_Type hash)
Definition sp_parameters.cpp:349
Botan::detail::Strong_Base::get
constexpr T & get() &
Definition strong_type.h:50
update
int(* update)(CTX *, const void *, CC_LONG len)
Definition commoncrypto_hash.cpp:28
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
Botan::PublicKeyOperation
PublicKeyOperation
Definition pk_keys.h:45
Botan::root
Gf448Elem root(const Gf448Elem &elem)
Compute the root of elem in the field.
Definition curve448_gf.cpp:354
Botan::SphincsTreeNode
Strong< std::vector< uint8_t >, struct SphincsTreeNode_ > SphincsTreeNode
Either an XMSS or FORS tree node or leaf.
Definition sp_types.h:70
Botan::xmss_gen_root
SphincsTreeNode xmss_gen_root(const Sphincs_Parameters &params, const SphincsSecretSeed &secret_seed, Sphincs_Hash_Functions &hashes)
Definition sp_xmss.cpp:58
Botan::SphincsMessageRandomness
Strong< secure_vector< uint8_t >, struct SphincsMessageRandomness_ > SphincsMessageRandomness
Definition sp_types.h:64
Botan::checked_cast_to
constexpr RT checked_cast_to(AT i)
Definition int_utils.h:74
Botan::fors_sign_and_pkgen
SphincsTreeNode fors_sign_and_pkgen(StrongSpan< ForsSignature > sig_out, const SphincsHashedMessage &hashed_message, const SphincsSecretSeed &secret_seed, const Sphincs_Address &address, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 16: fors_sign (with simultaneous FORS pk generation)
Definition sp_fors.cpp:63
Botan::ForsSignature
Strong< std::vector< uint8_t >, struct ForsSignature_ > ForsSignature
Definition sp_types.h:72
Botan::ht_sign
void ht_sign(StrongSpan< SphincsHypertreeSignature > out_sig, const SphincsTreeNode &message_to_sign, const SphincsSecretSeed &secret_seed, XmssTreeIndexInLayer tree_index_in_layer, TreeNodeIndex idx_leaf, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 12: ht_sign.
Definition sp_hypertree.cpp:21
Botan::Sphincs_Parameter_Set
Sphincs_Parameter_Set
Definition sp_parameters.h:24
Botan::ht_verify
bool ht_verify(const SphincsTreeNode &signed_msg, StrongSpan< const SphincsHypertreeSignature > ht_sig, const SphincsTreeNode &pk_root, XmssTreeIndexInLayer tree_index_in_layer, TreeNodeIndex idx_leaf, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 13: ht_verify.
Definition sp_hypertree.cpp:61
Botan::SphincsHypertreeSignature
Strong< std::vector< uint8_t >, struct SphincsXmssSignature_ > SphincsHypertreeSignature
Definition sp_types.h:66
Botan::Sphincs_Hash_Type
Sphincs_Hash_Type
Definition sp_parameters.h:18
Botan::SphincsInputMessage
Strong< std::vector< uint8_t >, struct SphincsInputMessage_ > SphincsInputMessage
Definition sp_types.h:49
Botan::SphincsPublicSeed
Strong< std::vector< uint8_t >, struct SphincsPublicSeed_ > SphincsPublicSeed
Definition sp_types.h:60
Botan::SphincsSecretSeed
Strong< secure_vector< uint8_t >, struct SphincsSecretSeed_ > SphincsSecretSeed
Definition sp_types.h:61
Botan::SphincsSecretPRF
Strong< secure_vector< uint8_t >, struct SphincsSecretPRF_ > SphincsSecretPRF
Definition sp_types.h:62
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:263
Botan::fors_public_key_from_signature
SphincsTreeNode fors_public_key_from_signature(const SphincsHashedMessage &hashed_message, StrongSpan< const ForsSignature > signature, const Sphincs_Address &address, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 17: fors_pkFromSig.
Definition sp_fors.cpp:129
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Botan::SphincsOptionalRandomness
Strong< secure_vector< uint8_t >, struct SphincsOptionalRandomness_ > SphincsOptionalRandomness
Definition sp_types.h:63
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:773
Botan::SphincsContext
Strong< std::vector< uint8_t >, struct SphincsContext_ > SphincsContext
Definition sp_types.h:57
Generated by doxygen 1.12.0