doxygen/xmss__common__ops_8cpp_source.html

/*

 * XMSS Common Ops

 * Operations shared by XMSS signature generation and verification operations.

 * (C) 2016,2017 Matthias Gierlings

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 **/


#include <botan/internal/xmss_common_ops.h>

#include <botan/internal/xmss_hash.h>


namespace Botan {


void

XMSS_Common_Ops::randomize_tree_hash(secure_vector<uint8_t>& result,

                                     const secure_vector<uint8_t>& left,

                                     const secure_vector<uint8_t>& right,

                                     XMSS_Address& adrs,

                                     const secure_vector<uint8_t>& seed,

                                     XMSS_Hash& hash,

                                     const XMSS_Parameters& params)

   {

   adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode);

   secure_vector<uint8_t> key;

   hash.prf(key, seed, adrs.bytes());


   adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_MSB_Mode);

   secure_vector<uint8_t> bitmask_l;

   hash.prf(bitmask_l, seed, adrs.bytes());


   adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_LSB_Mode);

   secure_vector<uint8_t> bitmask_r;

   hash.prf(bitmask_r, seed, adrs.bytes());


   BOTAN_ASSERT(bitmask_l.size() == left.size() &&

                bitmask_r.size() == right.size(),

                "Bitmask size doesn't match node size.");


   secure_vector<uint8_t> concat_xor(params.element_size() * 2);

   for(size_t i = 0; i < left.size(); i++)

      {

      concat_xor[i] = left[i] ^ bitmask_l[i];

      concat_xor[i + left.size()] = right[i] ^ bitmask_r[i];

      }


   hash.h(result, key, concat_xor);

   }


void

XMSS_Common_Ops::create_l_tree(secure_vector<uint8_t>& result,

                               wots_keysig_t pk,

                               XMSS_Address& adrs,

                               const secure_vector<uint8_t>& seed,

                               XMSS_Hash& hash,

                               const XMSS_Parameters& params)

   {

   size_t l = params.len();

   adrs.set_tree_height(0);


   while(l > 1)

      {

      for(size_t i = 0; i < l >> 1; i++)

         {

         adrs.set_tree_index(static_cast<uint32_t>(i));

         randomize_tree_hash(pk[i], pk[2 * i], pk[2 * i + 1], adrs, seed, hash, params);

         }

      if(l & 0x01)

         {

         pk[l >> 1] = pk[l - 1];

         }

      l = (l >> 1) + (l & 0x01);

      adrs.set_tree_height(adrs.get_tree_height() + 1);

      }

   result = pk[0];

   }


}

BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:54

Botan::XMSS_Address
Definition: xmss_address.h:23

Botan::XMSS_Address::set_key_mask_mode
void set_key_mask_mode(Key_Mask value)
Definition: xmss_address.h:135

Botan::XMSS_Address::get_tree_height
uint32_t get_tree_height() const
Definition: xmss_address.h:236

Botan::XMSS_Address::Key_Mask::Mask_MSB_Mode
@ Mask_MSB_Mode

Botan::XMSS_Address::Key_Mask::Key_Mode
@ Key_Mode

Botan::XMSS_Address::Key_Mask::Mask_LSB_Mode
@ Mask_LSB_Mode

Botan::XMSS_Address::set_tree_height
void set_tree_height(uint32_t value)
Definition: xmss_address.h:252

Botan::XMSS_Address::set_tree_index
void set_tree_index(uint32_t value)
Definition: xmss_address.h:314

Botan::XMSS_Address::bytes
const secure_vector< uint8_t > & bytes() const
Definition: xmss_address.h:323

Botan::XMSS_Common_Ops::create_l_tree
static void create_l_tree(secure_vector< uint8_t > &result, wots_keysig_t pk, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash, const XMSS_Parameters &params)
Definition: xmss_common_ops.cpp:51

Botan::XMSS_Common_Ops::randomize_tree_hash
static void randomize_tree_hash(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash, const XMSS_Parameters &params)
Definition: xmss_common_ops.cpp:15

Botan::XMSS_Hash
Definition: xmss_hash.h:24

Botan::XMSS_Hash::prf
void prf(secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
Definition: xmss_hash.h:59

Botan::XMSS_Hash::h
void h(secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
Definition: xmss_hash.h:106

Botan::XMSS_Parameters
Definition: xmss_parameters.h:138

Botan::XMSS_Parameters::len
size_t len() const
Definition: xmss_parameters.h:226

Botan::XMSS_Parameters::element_size
size_t element_size() const
Definition: xmss_parameters.h:196

Botan
Definition: alg_id.cpp:12

Botan::wots_keysig_t
std::vector< secure_vector< uint8_t > > wots_keysig_t
Definition: xmss_common_ops.h:20

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64