Botan 2.19.1
Crypto and TLS for C&
xmss_signature_operation.cpp
Go to the documentation of this file.
1/*
2 * XMSS Signature Operation
3 * Signature generation operation for Extended Hash-Based Signatures (XMSS) as
4 * defined in:
5 *
6 * [1] XMSS: Extended Hash-Based Signatures,
7 * Request for Comments: 8391
8 * Release: May 2018.
9 * https://datatracker.ietf.org/doc/rfc8391/
10 *
11 * (C) 2016,2017,2018 Matthias Gierlings
12 *
13 * Botan is released under the Simplified BSD License (see license.txt)
14 **/
15
16#include <botan/internal/xmss_signature_operation.h>
17#include <botan/internal/xmss_tools.h>
18
19namespace Botan {
20
22 const XMSS_PrivateKey& private_key) :
23 m_priv_key(private_key),
24 m_xmss_params(private_key.xmss_oid()),
25 m_hash(private_key.xmss_hash_function()),
26 m_randomness(0),
27 m_leaf_idx(0),
28 m_is_initialized(false)
29 {}
30
32XMSS_Signature_Operation::generate_tree_signature(const secure_vector<uint8_t>& msg,
33 XMSS_PrivateKey& xmss_priv_key,
34 XMSS_Address& adrs)
35 {
36
37 wots_keysig_t auth_path = build_auth_path(xmss_priv_key, adrs);
39 adrs.set_ots_address(m_leaf_idx);
40
41 wots_keysig_t sig_ots = xmss_priv_key.wots_private_key().sign(msg, adrs);
42 return XMSS_WOTS_PublicKey::TreeSignature(sig_ots, auth_path);
43 }
44
45XMSS_Signature
46XMSS_Signature_Operation::sign(const secure_vector<uint8_t>& msg_hash,
47 XMSS_PrivateKey& xmss_priv_key)
48 {
49 XMSS_Address adrs;
50 XMSS_Signature sig(m_leaf_idx,
51 m_randomness,
52 generate_tree_signature(msg_hash, xmss_priv_key,adrs));
53 return sig;
54 }
55
57 {
58 return sizeof(uint64_t) + // size of leaf index
59 m_xmss_params.element_size() +
60 m_xmss_params.len() * m_xmss_params.element_size() +
61 m_xmss_params.tree_height() * m_xmss_params.element_size();
62 }
63
65XMSS_Signature_Operation::build_auth_path(XMSS_PrivateKey& priv_key,
66 XMSS_Address& adrs)
67 {
68 wots_keysig_t auth_path(m_xmss_params.tree_height());
70
71 for(size_t j = 0; j < m_xmss_params.tree_height(); j++)
72 {
73 size_t k = (m_leaf_idx / (1ULL << j)) ^ 0x01;
74 auth_path[j] = priv_key.tree_hash(k * (1ULL << j), j, adrs);
75 }
76
77 return auth_path;
78 }
79
80void XMSS_Signature_Operation::update(const uint8_t msg[], size_t msg_len)
81 {
82 initialize();
83 m_hash.h_msg_update(msg, msg_len);
84 }
85
88 {
89 initialize();
90 secure_vector<uint8_t> signature(sign(m_hash.h_msg_final(),
91 m_priv_key).bytes());
92 m_is_initialized = false;
93 return signature;
94 }
95
96void XMSS_Signature_Operation::initialize()
97 {
98 // return if we already initialized and reserved a leaf index for signing.
99 if(m_is_initialized)
100 { return; }
101
102 secure_vector<uint8_t> index_bytes;
103 // reserve leaf index so it can not be reused in by another signature
104 // operation using the same private key.
105 m_leaf_idx = static_cast<uint32_t>(m_priv_key.reserve_unused_leaf_index());
106
107 // write prefix for message hashing into buffer.
108 XMSS_Tools::concat(index_bytes, m_leaf_idx, 32);
109 m_randomness = m_hash.prf(m_priv_key.prf(), index_bytes);
110 index_bytes.clear();
111 XMSS_Tools::concat(index_bytes, m_leaf_idx,
112 m_priv_key.xmss_parameters().element_size());
113 m_hash.h_msg_init(m_randomness,
114 m_priv_key.root(),
115 index_bytes);
116 m_is_initialized = true;
117 }
118
119}
120
void set_ots_address(uint32_t value)
Definition: xmss_address.h:164
void set_type(Type type)
Definition: xmss_address.h:111
void h_msg_update(const uint8_t data[], size_t size)
Definition: xmss_hash.cpp:59
secure_vector< uint8_t > h_msg_final()
Definition: xmss_hash.cpp:64
void h_msg_init(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes)
Definition: xmss_hash.cpp:47
void prf(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:35
size_t tree_height() const
size_t element_size() const
secure_vector< uint8_t > tree_hash(size_t start_idx, size_t target_node_height, XMSS_Address &adrs)
const XMSS_WOTS_PrivateKey & wots_private_key() const
Definition: xmss.h:343
const secure_vector< uint8_t > & prf() const
Definition: xmss.h:359
const XMSS_Parameters & xmss_parameters() const
Definition: xmss.h:108
secure_vector< uint8_t > & root()
Definition: xmss.h:146
XMSS_Signature_Operation(const XMSS_PrivateKey &private_key)
secure_vector< uint8_t > sign(RandomNumberGenerator &) override
void update(const uint8_t msg[], size_t msg_len) override
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition: xmss_tools.h:63
wots_keysig_t sign(const secure_vector< uint8_t > &msg, XMSS_Address &adrs)
Definition: xmss_wots.h:654
Definition: alg_id.cpp:13
std::vector< secure_vector< uint8_t > > wots_keysig_t
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65