Botan 3.6.1
Crypto and TLS for C&
sphincsplus.cpp
Go to the documentation of this file.
1/*
2* SLH-DSA - Stateless Hash-Based Digital Signature Standard - FIPS 205
3* (C) 2023 Jack Lloyd
4* 2023 Fabian Albert, René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7**/
8
9#include <botan/sphincsplus.h>
10
11#include <botan/rng.h>
12#include <botan/internal/int_utils.h>
13#include <botan/internal/pk_ops_impl.h>
14#include <botan/internal/sp_fors.h>
15#include <botan/internal/sp_hash.h>
16#include <botan/internal/sp_hypertree.h>
17#include <botan/internal/sp_treehash.h>
18#include <botan/internal/sp_types.h>
19#include <botan/internal/sp_wots.h>
20#include <botan/internal/sp_xmss.h>
21#include <botan/internal/stl_util.h>
22
23#include <utility>
24
25#if !defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHA2) and !defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHAKE) and \
26 !defined(BOTAN_HAS_SLH_DSA_WITH_SHA2) and !defined(BOTAN_HAS_SLH_DSA_WITH_SHAKE)
27static_assert(
28 false,
29 "botan module 'sphincsplus_common' is useful only when enabling at least 'sphincsplus_sha2', 'sphincsplus_shake', 'slh_dsa_sha2', or 'slh_dsa_shake'");
30#endif
31
32namespace Botan {
33
34namespace {
35// FIPS 205, Algorithm 22, line 8
36SphincsMessageInternal prepare_message(SphincsInputMessage msg,
37 const Sphincs_Parameters& params,
38 StrongSpan<const SphincsContext> context) {
39 BOTAN_ARG_CHECK(params.is_slh_dsa() || context.empty(), "Context is not supported for SPHINCS+");
40#if defined(BOTAN_HAS_SLH_DSA_WITH_SHA2) || defined(BOTAN_HAS_SLH_DSA_WITH_SHAKE)
41 if(params.is_slh_dsa()) {
42 // prefix (no pre-hash mode): input mode byte + |ctx| + ctx
43 const uint8_t input_mode_byte = 0x00; // Pure (TODO: pre-hash mode: 0x01)
44 return {
45 .prefix = concat<SphincsMessagePrefix>(
46 store_be(input_mode_byte), store_be(checked_cast_to<uint8_t>(context.size())), context),
47 .message = std::move(msg),
48 };
49 }
50#endif
51#if defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHA2) || defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHAKE)
52 if(!params.is_slh_dsa()) {
53 // SPHINCS+ Round 3.1 uses the message without any prefix
54 return {
55 .prefix = {}, // SPHINCS+ has no prefix
56 .message = std::move(msg),
57 };
58 }
59#endif
60 throw Internal_Error("Missing message preparation logic for SLH-DSA or SPHINCS+");
61}
62} // namespace
63
64class SphincsPlus_PublicKeyInternal final {
65 public:
66 SphincsPlus_PublicKeyInternal(Sphincs_Parameters params,
67 SphincsPublicSeed public_seed,
68 SphincsTreeNode sphincs_root) :
69 m_params(params), m_public_seed(std::move(public_seed)), m_sphincs_root(std::move(sphincs_root)) {}
70
71 SphincsPlus_PublicKeyInternal(Sphincs_Parameters params, std::span<const uint8_t> key_bits) : m_params(params) {
72 if(key_bits.size() != m_params.public_key_bytes()) {
73 throw Decoding_Error("SLH-DSA (or SPHINCS+) Public Key doesn't have the expected length");
74 }
75
76 BufferSlicer s(key_bits);
77 m_public_seed = s.copy<SphincsPublicSeed>(params.n());
78 m_sphincs_root = s.copy<SphincsTreeNode>(params.n());
79
80 BOTAN_ASSERT_NOMSG(s.empty());
81 }
82
83 std::vector<uint8_t> key_bits() const { return concat<std::vector<uint8_t>>(m_public_seed, m_sphincs_root); }
84
85 const SphincsPublicSeed& seed() const { return m_public_seed; }
86
87 const SphincsTreeNode& root() const { return m_sphincs_root; }
88
89 const Sphincs_Parameters& parameters() const { return m_params; }
90
91 private:
92 Sphincs_Parameters m_params;
93 SphincsPublicSeed m_public_seed;
94 SphincsTreeNode m_sphincs_root;
95};
96
97class SphincsPlus_PrivateKeyInternal final {
98 public:
99 SphincsPlus_PrivateKeyInternal(SphincsSecretSeed secret_seed, SphincsSecretPRF prf) :
100 m_secret_seed(std::move(secret_seed)), m_prf(std::move(prf)) {}
101
102 SphincsPlus_PrivateKeyInternal(const Sphincs_Parameters& params, std::span<const uint8_t> key_bits) {
103 if(key_bits.size() != params.private_key_bytes() - params.public_key_bytes()) {
104 throw Decoding_Error("SLH-DSA (or SPHINCS+) Private Key doesn't have the expected length");
105 }
106
107 BufferSlicer s(key_bits);
108 m_secret_seed = s.copy<SphincsSecretSeed>(params.n());
109 m_prf = s.copy<SphincsSecretPRF>(params.n());
110
111 BOTAN_ASSERT_NOMSG(s.empty());
112 }
113
114 const SphincsSecretSeed& seed() const { return m_secret_seed; }
115
116 const SphincsSecretPRF& prf() const { return m_prf; }
117
118 secure_vector<uint8_t> key_bits() const { return concat<secure_vector<uint8_t>>(m_secret_seed, m_prf); }
119
120 private:
121 SphincsSecretSeed m_secret_seed;
122 SphincsSecretPRF m_prf;
123};
124
125SphincsPlus_PublicKey::SphincsPlus_PublicKey(std::span<const uint8_t> pub_key,
126 Sphincs_Parameter_Set type,
127 Sphincs_Hash_Type hash) :
128 SphincsPlus_PublicKey(pub_key, Sphincs_Parameters::create(type, hash)) {}
129
130SphincsPlus_PublicKey::SphincsPlus_PublicKey(std::span<const uint8_t> pub_key, Sphincs_Parameters params) :
131 m_public(std::make_shared<SphincsPlus_PublicKeyInternal>(params, pub_key)) {
132 BOTAN_ARG_CHECK(params.is_available(),
133 "The selected parameter-set-hash combination is not activated in this build.");
134}
135
136SphincsPlus_PublicKey::SphincsPlus_PublicKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits) :
137 SphincsPlus_PublicKey(key_bits, Sphincs_Parameters::create(alg_id.oid())) {}
138
139SphincsPlus_PublicKey::~SphincsPlus_PublicKey() = default;
140
141size_t SphincsPlus_PublicKey::key_length() const {
142 return m_public->parameters().n() * 8;
143}
144
145std::string SphincsPlus_PublicKey::algo_name() const {
146 return m_public->parameters().is_slh_dsa() ? "SLH-DSA" : "SPHINCS+";
147}
148
149size_t SphincsPlus_PublicKey::estimated_strength() const {
150 return m_public->parameters().bitsec();
151}
152
153AlgorithmIdentifier SphincsPlus_PublicKey::algorithm_identifier() const {
154 return m_public->parameters().algorithm_identifier();
155}
156
157OID SphincsPlus_PublicKey::object_identifier() const {
158 return m_public->parameters().object_identifier();
159}
160
161bool SphincsPlus_PublicKey::check_key(RandomNumberGenerator&, bool) const {
162 // Nothing to check. It's literally just hashes. :-)
163 return true;
164}
165
166std::vector<uint8_t> SphincsPlus_PublicKey::raw_public_key_bits() const {
167 return m_public->key_bits();
168}
169
170std::vector<uint8_t> SphincsPlus_PublicKey::public_key_bits() const {
171 // Currently, there isn't a finalized definition of an ASN.1 structure for
172 // SLH-DSA or SPHINCS+ public keys. Therefore, we return the raw public key bits.
173 return raw_public_key_bits();
174}
175
176std::unique_ptr<Private_Key> SphincsPlus_PublicKey::generate_another(RandomNumberGenerator& rng) const {
177 return std::make_unique<SphincsPlus_PrivateKey>(rng, m_public->parameters());
178}
179
180class SphincsPlus_Verification_Operation final : public PK_Ops::Verification {
181 public:
182 SphincsPlus_Verification_Operation(std::shared_ptr<SphincsPlus_PublicKeyInternal> pub_key) :
183 m_public(std::move(pub_key)),
184 m_hashes(Botan::Sphincs_Hash_Functions::create(m_public->parameters(), m_public->seed())),
185 m_context(/* TODO: Add API */ {}) {
186 BOTAN_ARG_CHECK(m_context.size() <= 255, "Context must not exceed 255 bytes");
187 BOTAN_ARG_CHECK(m_public->parameters().is_available(),
188 "The selected SLH-DSA (or SPHINCS+) instance is not available in this build.");
189 }
190
191 /**
192 * Add more data to the message currently being signed
193 * @param msg the message
194 */
195 void update(std::span<const uint8_t> msg) override {
196 // TODO(For Pre-Hash Mode): We need to stream the message into a hash function.
197 m_msg_buffer.get().insert(m_msg_buffer.end(), msg.begin(), msg.end());
198 }
199
200 /**
201 * Perform a verification operation
202 */
203 bool is_valid_signature(std::span<const uint8_t> sig) override {
204 const auto internal_msg = prepare_message(std::exchange(m_msg_buffer, {}), m_public->parameters(), m_context);
205 return slh_verify_internal(internal_msg, sig);
206 }
207
208 std::string hash_function() const override { return m_hashes->msg_hash_function_name(); }
209
210 private:
211 /// FIPS 205, Algorithm 20
212 bool slh_verify_internal(const SphincsMessageInternal& msg, std::span<const uint8_t> sig) {
213 const auto& p = m_public->parameters();
214 if(sig.size() != p.sphincs_signature_bytes()) {
215 return false;
216 }
217
218 BufferSlicer s(sig);
219 // Compute leaf and tree index from R
220 const auto msg_random_s = s.take<SphincsMessageRandomness>(p.n());
221 auto [mhash, tree_idx, leaf_idx] = m_hashes->H_msg(msg_random_s, m_public->root(), msg);
222
223 // Reconstruct the FORS tree
224 Sphincs_Address fors_addr(Sphincs_Address_Type::ForsTree);
225 fors_addr.set_tree_address(tree_idx).set_keypair_address(leaf_idx);
226 const auto fors_sig_s = s.take<ForsSignature>(p.fors_signature_bytes());
227 auto fors_root = fors_public_key_from_signature(mhash, fors_sig_s, fors_addr, p, *m_hashes);
228
229 // Verify the hypertree signature
230 const auto ht_sig_s = s.take<SphincsHypertreeSignature>(p.ht_signature_bytes());
231 BOTAN_ASSERT_NOMSG(s.empty());
232 return ht_verify(fors_root, ht_sig_s, m_public->root(), tree_idx, leaf_idx, p, *m_hashes);
233 }
234
235 std::shared_ptr<SphincsPlus_PublicKeyInternal> m_public;
236 std::unique_ptr<Sphincs_Hash_Functions> m_hashes;
237 SphincsInputMessage m_msg_buffer;
238 SphincsContext m_context;
239};
240
241std::unique_ptr<PK_Ops::Verification> SphincsPlus_PublicKey::create_verification_op(std::string_view /*params*/,
242 std::string_view provider) const {
243 if(provider.empty() || provider == "base") {
244 return std::make_unique<SphincsPlus_Verification_Operation>(m_public);
245 }
246 throw Provider_Not_Found(algo_name(), provider);
247}
248
249std::unique_ptr<PK_Ops::Verification> SphincsPlus_PublicKey::create_x509_verification_op(
250 const AlgorithmIdentifier& signature_algorithm, std::string_view provider) const {
251 if(provider.empty() || provider == "base") {
252 if(signature_algorithm != this->algorithm_identifier()) {
253 throw Decoding_Error("Unexpected AlgorithmIdentifier for SLH-DSA (or SPHINCS+) signature");
254 }
255 return std::make_unique<SphincsPlus_Verification_Operation>(m_public);
256 }
257 throw Provider_Not_Found(algo_name(), provider);
258}
259
263
264namespace {
265
266std::span<const uint8_t> slice_off_public_key(const OID& oid, std::span<const uint8_t> key_bits) {
267 const auto params = Sphincs_Parameters::create(oid);
268 // Note: We need to transiently instantiate the `Sphincs_Parameters` object
269 // to know the size of the public/private key. That's slightly
270 // inefficient but was the best we could do. Once we get rid of the
271 // PublicKey-PrivateKey inheritance, we might want to reconsider this
272 // control flow.
273 if(key_bits.size() != params.private_key_bytes()) {
274 throw Decoding_Error("Sphincs Private Key doesn't have the expected length");
275 }
276
277 return key_bits.subspan(params.private_key_bytes() - params.public_key_bytes());
278}
279
280} // namespace
281
282SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(std::span<const uint8_t> private_key,
283 Sphincs_Parameter_Set type,
284 Sphincs_Hash_Type hash) :
285 SphincsPlus_PrivateKey(private_key, Sphincs_Parameters::create(type, hash)) {}
286
287SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits) :
288 SphincsPlus_PrivateKey(key_bits, Sphincs_Parameters::create(alg_id.oid())) {}
289
290SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(std::span<const uint8_t> private_key, Sphincs_Parameters params) :
291 SphincsPlus_PublicKey(slice_off_public_key(params.object_identifier(), private_key), params) {
292 BOTAN_ARG_CHECK(params.is_available(),
293 "The selected parameter-set-hash combination is not activated in this build.");
294 const auto private_portion_bytes = params.private_key_bytes() - params.public_key_bytes();
295 BOTAN_ASSERT_NOMSG(private_key.size() >= private_portion_bytes);
296
297 m_private = std::make_shared<SphincsPlus_PrivateKeyInternal>(params, private_key.first(private_portion_bytes));
298}
299
304
305// FIPS 205, Algorithm 21
306SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(RandomNumberGenerator& rng, Sphincs_Parameters params) {
307 BOTAN_ARG_CHECK(params.is_available(),
308 "The selected parameter-set-hash combination is not activated in this build.");
309 auto sk_seed = rng.random_vec<SphincsSecretSeed>(params.n());
310 auto sk_prf = rng.random_vec<SphincsSecretPRF>(params.n());
311
312 m_private = std::make_shared<SphincsPlus_PrivateKeyInternal>(std::move(sk_seed), std::move(sk_prf));
313
314 auto pub_seed = rng.random_vec<SphincsPublicSeed>(params.n());
315 auto hashes = Sphincs_Hash_Functions::create(params, pub_seed);
316 auto root = xmss_gen_root(params, m_private->seed(), *hashes);
317
318 m_public = std::make_shared<SphincsPlus_PublicKeyInternal>(params, std::move(pub_seed), std::move(root));
319}
320
321SphincsPlus_PrivateKey::~SphincsPlus_PrivateKey() = default;
322
323secure_vector<uint8_t> SphincsPlus_PrivateKey::private_key_bits() const {
324 return concat(m_private->key_bits(), m_public->key_bits());
325}
326
330
331std::unique_ptr<Public_Key> SphincsPlus_PrivateKey::public_key() const {
332 return std::make_unique<SphincsPlus_PublicKey>(*this);
333}
334
335class SphincsPlus_Signature_Operation final : public PK_Ops::Signature {
336 public:
337 SphincsPlus_Signature_Operation(std::shared_ptr<SphincsPlus_PrivateKeyInternal> private_key,
338 std::shared_ptr<SphincsPlus_PublicKeyInternal> public_key,
339 bool randomized) :
340 m_private(std::move(private_key)),
341 m_public(std::move(public_key)),
342 m_hashes(Botan::Sphincs_Hash_Functions::create(m_public->parameters(), m_public->seed())),
343 m_randomized(randomized),
344 m_context(/* TODO: add API for context */ {}) {
345 BOTAN_ARG_CHECK(m_context.size() <= 255, "Context must not exceed 255 bytes");
346 BOTAN_ARG_CHECK(m_public->parameters().is_available(),
347 "The selected SLH-DSA (or SPHINCS+) instance is not available in this build.");
348 }
349
350 void update(std::span<const uint8_t> msg) override {
351 // TODO(For Pre-Hash Mode): We need to stream the message into a hash function.
352 m_msg_buffer.get().insert(m_msg_buffer.end(), msg.begin(), msg.end());
353 }
354
355 std::vector<uint8_t> sign(RandomNumberGenerator& rng) override {
356 std::optional<SphincsOptionalRandomness> addrnd = std::nullopt;
357 if(m_randomized) {
358 addrnd = rng.random_vec<SphincsOptionalRandomness>(m_public->parameters().n());
359 }
360 auto internal_msg = prepare_message(std::exchange(m_msg_buffer, {}), m_public->parameters(), m_context);
361
362 return slh_sign_internal(internal_msg, addrnd);
363 }
364
365 size_t signature_length() const override { return m_public->parameters().sphincs_signature_bytes(); }
366
367 AlgorithmIdentifier algorithm_identifier() const override {
368 return m_public->parameters().algorithm_identifier();
369 }
370
371 std::string hash_function() const override { return m_hashes->msg_hash_function_name(); }
372
373 private:
374 // FIPS 205, Algorithm 19
375 std::vector<uint8_t> slh_sign_internal(const SphincsMessageInternal& message,
376 std::optional<StrongSpan<const SphincsOptionalRandomness>> addrnd) {
377 const auto& p = m_public->parameters();
378
379 std::vector<uint8_t> sphincs_sig_buffer(p.sphincs_signature_bytes());
380 BufferStuffer sphincs_sig(sphincs_sig_buffer);
381
382 // Compute and append the digest randomization value (R of spec).
383 // Use addrng for the randomized variant. Use the public seed for the deterministic one.
384 const auto opt_rand =
385 (addrnd.has_value()) ? addrnd.value() : StrongSpan<const SphincsOptionalRandomness>(m_public->seed());
386
387 auto msg_random_s = sphincs_sig.next<SphincsMessageRandomness>(p.n());
388 m_hashes->PRF_msg(msg_random_s, m_private->prf(), opt_rand, message);
389
390 // Derive the message digest and leaf index from R, PK and M.
391 auto [mhash, tree_idx, leaf_idx] = m_hashes->H_msg(msg_random_s, m_public->root(), message);
392
393 // Compute and append the FORS signature
394 Sphincs_Address fors_addr(Sphincs_Address_Type::ForsTree);
395 fors_addr.set_tree_address(tree_idx).set_keypair_address(leaf_idx);
396 auto fors_root = fors_sign_and_pkgen(sphincs_sig.next<ForsSignature>(p.fors_signature_bytes()),
397 mhash,
398 m_private->seed(),
399 fors_addr,
400 p,
401 *m_hashes);
402
403 // Compute and append the XMSS hypertree signature
404 ht_sign(sphincs_sig.next<SphincsHypertreeSignature>(p.ht_signature_bytes()),
405 fors_root,
406 m_private->seed(),
407 tree_idx,
408 leaf_idx,
409 p,
410 *m_hashes);
411
412 BOTAN_ASSERT_NOMSG(sphincs_sig.full());
413 return sphincs_sig_buffer;
414 }
415
416 std::shared_ptr<SphincsPlus_PrivateKeyInternal> m_private;
417 std::shared_ptr<SphincsPlus_PublicKeyInternal> m_public;
418 std::unique_ptr<Sphincs_Hash_Functions> m_hashes;
419 SphincsInputMessage m_msg_buffer;
420 bool m_randomized;
421 SphincsContext m_context;
422};
423
424std::unique_ptr<PK_Ops::Signature> SphincsPlus_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
425 std::string_view params,
426 std::string_view provider) const {
427 BOTAN_UNUSED(rng);
428 BOTAN_ARG_CHECK(params.empty() || params == "Deterministic" || params == "Randomized",
429 "Unexpected parameters for signing with SLH-DSA (or SPHINCS+)");
430
431 // FIPS 205, Section 9.2
432 // The hedged variant is the default and should be used on platforms where
433 // side-channel attacks are a concern.
434 const bool randomized = (params.empty() || params == "Randomized");
435 if(provider.empty() || provider == "base") {
436 return std::make_unique<SphincsPlus_Signature_Operation>(m_private, m_public, randomized);
437 }
438 throw Provider_Not_Found(algo_name(), provider);
439}
440
441} // namespace Botan
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:118
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Botan::AlgorithmIdentifier::parameters
const std::vector< uint8_t > & parameters() const
Definition asn1_obj.h:466
Botan::Decoding_Error
Definition exceptn.h:191
Botan::PK_Ops::Signature
Definition pk_ops.h:105
Botan::PK_Ops::Verification
Definition pk_ops.h:80
Botan::Provider_Not_Found
Definition exceptn.h:262
Botan::RandomNumberGenerator::random_vec
void random_vec(std::span< uint8_t > v)
Definition rng.h:180
Botan::SphincsPlus_PrivateKey
An SLH-DSA private key.
Definition sphincsplus.h:91
Botan::SphincsPlus_PrivateKey::raw_private_key_bits
secure_vector< uint8_t > raw_private_key_bits() const override
Definition sphincsplus.cpp:327
Botan::SphincsPlus_PrivateKey::create_signature_op
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
Definition sphincsplus.cpp:424
Botan::SphincsPlus_PrivateKey::~SphincsPlus_PrivateKey
~SphincsPlus_PrivateKey() override
Botan::SphincsPlus_PrivateKey::SphincsPlus_PrivateKey
SphincsPlus_PrivateKey(std::span< const uint8_t > private_key, Sphincs_Parameter_Set type, Sphincs_Hash_Type hash)
Definition sphincsplus.cpp:282
Botan::SphincsPlus_PrivateKey::private_key_bits
secure_vector< uint8_t > private_key_bits() const override
Definition sphincsplus.cpp:323
Botan::SphincsPlus_PrivateKey::public_key
std::unique_ptr< Public_Key > public_key() const override
Definition sphincsplus.cpp:331
Botan::SphincsPlus_PublicKey
An SLH-DSA (or SPHINCS+ Round 3.1) public key.
Definition sphincsplus.h:31
Botan::SphincsPlus_PublicKey::public_key_bits
std::vector< uint8_t > public_key_bits() const override
Definition sphincsplus.cpp:170
Botan::SphincsPlus_PublicKey::raw_public_key_bits
std::vector< uint8_t > raw_public_key_bits() const override
Definition sphincsplus.cpp:166
Botan::SphincsPlus_PublicKey::create_x509_verification_op
std::unique_ptr< PK_Ops::Verification > create_x509_verification_op(const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const override
Definition sphincsplus.cpp:249
Botan::SphincsPlus_PublicKey::create_verification_op
std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const override
Definition sphincsplus.cpp:241
Botan::SphincsPlus_PublicKey::supports_operation
bool supports_operation(PublicKeyOperation op) const override
Definition sphincsplus.cpp:260
Botan::SphincsPlus_PublicKey::~SphincsPlus_PublicKey
~SphincsPlus_PublicKey() override
Botan::SphincsPlus_PublicKey::algo_name
std::string algo_name() const override
Definition sphincsplus.cpp:145
Botan::SphincsPlus_PublicKey::key_length
size_t key_length() const override
Definition sphincsplus.cpp:141
Botan::SphincsPlus_PublicKey::generate_another
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
Definition sphincsplus.cpp:176
Botan::SphincsPlus_PublicKey::check_key
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition sphincsplus.cpp:161
Botan::SphincsPlus_PublicKey::algorithm_identifier
AlgorithmIdentifier algorithm_identifier() const override
Definition sphincsplus.cpp:153
Botan::SphincsPlus_PublicKey::SphincsPlus_PublicKey
SphincsPlus_PublicKey()=default
Botan::SphincsPlus_PublicKey::m_public
std::shared_ptr< SphincsPlus_PublicKeyInternal > m_public
Definition sphincsplus.h:63
Botan::SphincsPlus_PublicKey::estimated_strength
size_t estimated_strength() const override
Definition sphincsplus.cpp:149
Botan::SphincsPlus_PublicKey::object_identifier
OID object_identifier() const override
Definition sphincsplus.cpp:157
Botan::Sphincs_Hash_Functions
Definition sp_hash.h:23
Botan::Sphincs_Hash_Functions::create
static std::unique_ptr< Sphincs_Hash_Functions > create(const Sphincs_Parameters &sphincs_params, const SphincsPublicSeed &pub_seed)
Definition sp_hash.cpp:34
Botan::Sphincs_Parameters
Definition sp_parameters.h:45
Botan::Sphincs_Parameters::n
size_t n() const
Definition sp_parameters.h:96
Botan::Sphincs_Parameters::private_key_bytes
uint32_t private_key_bytes() const
Definition sp_parameters.h:200
Botan::Sphincs_Parameters::public_key_bytes
uint32_t public_key_bytes() const
Definition sp_parameters.h:195
Botan::Sphincs_Parameters::is_available
bool is_available() const
Definition sp_parameters.cpp:324
Botan::Sphincs_Parameters::create
static Sphincs_Parameters create(Sphincs_Parameter_Set set, Sphincs_Hash_Type hash)
Definition sp_parameters.cpp:349
Botan::detail::Strong_Base::get
constexpr T & get() &
Definition strong_type.h:50
update
int(* update)(CTX *, const void *, CC_LONG len)
Definition commoncrypto_hash.cpp:28
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
Botan::PublicKeyOperation
PublicKeyOperation
Definition pk_keys.h:45
Botan::root
Gf448Elem root(const Gf448Elem &elem)
Compute the root of elem in the field.
Definition curve448_gf.cpp:354
Botan::SphincsTreeNode
Strong< std::vector< uint8_t >, struct SphincsTreeNode_ > SphincsTreeNode
Either an XMSS or FORS tree node or leaf.
Definition sp_types.h:70
Botan::xmss_gen_root
SphincsTreeNode xmss_gen_root(const Sphincs_Parameters &params, const SphincsSecretSeed &secret_seed, Sphincs_Hash_Functions &hashes)
Definition sp_xmss.cpp:58
Botan::SphincsMessageRandomness
Strong< secure_vector< uint8_t >, struct SphincsMessageRandomness_ > SphincsMessageRandomness
Definition sp_types.h:64
Botan::checked_cast_to
constexpr RT checked_cast_to(AT i)
Definition int_utils.h:74
Botan::fors_sign_and_pkgen
SphincsTreeNode fors_sign_and_pkgen(StrongSpan< ForsSignature > sig_out, const SphincsHashedMessage &hashed_message, const SphincsSecretSeed &secret_seed, const Sphincs_Address &address, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 16: fors_sign (with simultaneous FORS pk generation)
Definition sp_fors.cpp:63
Botan::ForsSignature
Strong< std::vector< uint8_t >, struct ForsSignature_ > ForsSignature
Definition sp_types.h:72
Botan::ht_sign
void ht_sign(StrongSpan< SphincsHypertreeSignature > out_sig, const SphincsTreeNode &message_to_sign, const SphincsSecretSeed &secret_seed, XmssTreeIndexInLayer tree_index_in_layer, TreeNodeIndex idx_leaf, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 12: ht_sign.
Definition sp_hypertree.cpp:21
Botan::Sphincs_Parameter_Set
Sphincs_Parameter_Set
Definition sp_parameters.h:24
Botan::ht_verify
bool ht_verify(const SphincsTreeNode &signed_msg, StrongSpan< const SphincsHypertreeSignature > ht_sig, const SphincsTreeNode &pk_root, XmssTreeIndexInLayer tree_index_in_layer, TreeNodeIndex idx_leaf, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 13: ht_verify.
Definition sp_hypertree.cpp:61
Botan::SphincsHypertreeSignature
Strong< std::vector< uint8_t >, struct SphincsXmssSignature_ > SphincsHypertreeSignature
Definition sp_types.h:66
Botan::Sphincs_Hash_Type
Sphincs_Hash_Type
Definition sp_parameters.h:18
Botan::SphincsInputMessage
Strong< std::vector< uint8_t >, struct SphincsInputMessage_ > SphincsInputMessage
Definition sp_types.h:49
Botan::SphincsPublicSeed
Strong< std::vector< uint8_t >, struct SphincsPublicSeed_ > SphincsPublicSeed
Definition sp_types.h:60
Botan::SphincsSecretSeed
Strong< secure_vector< uint8_t >, struct SphincsSecretSeed_ > SphincsSecretSeed
Definition sp_types.h:61
Botan::SphincsSecretPRF
Strong< secure_vector< uint8_t >, struct SphincsSecretPRF_ > SphincsSecretPRF
Definition sp_types.h:62
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:263
Botan::fors_public_key_from_signature
SphincsTreeNode fors_public_key_from_signature(const SphincsHashedMessage &hashed_message, StrongSpan< const ForsSignature > signature, const Sphincs_Address &address, const Sphincs_Parameters &params, Sphincs_Hash_Functions &hashes)
FIPS 205, Algorithm 17: fors_pkFromSig.
Definition sp_fors.cpp:129
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Botan::SphincsOptionalRandomness
Strong< secure_vector< uint8_t >, struct SphincsOptionalRandomness_ > SphincsOptionalRandomness
Definition sp_types.h:63
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:773
Botan::SphincsContext
Strong< std::vector< uint8_t >, struct SphincsContext_ > SphincsContext
Definition sp_types.h:57
Generated by doxygen 1.12.0