Botan  2.8.0
Crypto and TLS for C++11
xmss_signature_operation.cpp
Go to the documentation of this file.
1 /*
2  * XMSS Signature Operation
3  * Signature generation operation for Extended Hash-Based Signatures (XMSS) as
4  * defined in:
5  *
6  * [1] XMSS: Extended Hash-Based Signatures,
7  * draft-itrf-cfrg-xmss-hash-based-signatures-06
8  * Release: July 2016.
9  * https://datatracker.ietf.org/doc/
10  * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
11  *
12  * (C) 2016,2017 Matthias Gierlings
13  *
14  * Botan is released under the Simplified BSD License (see license.txt)
15  **/
16 
17 #include <botan/internal/xmss_signature_operation.h>
18 
19 namespace Botan {
20 
22  const XMSS_PrivateKey& private_key)
23  : XMSS_Common_Ops(private_key.xmss_oid()),
24  m_priv_key(private_key),
25  m_randomness(0),
26  m_leaf_idx(0),
27  m_is_initialized(false)
28  {}
29 
31 XMSS_Signature_Operation::generate_tree_signature(const secure_vector<uint8_t>& msg,
32  XMSS_PrivateKey& xmss_priv_key,
33  XMSS_Address& adrs)
34  {
35 
36  wots_keysig_t auth_path = build_auth_path(xmss_priv_key, adrs);
38  adrs.set_ots_address(m_leaf_idx);
39 
40  wots_keysig_t sig_ots = xmss_priv_key.wots_private_key().sign(msg, adrs);
41  return XMSS_WOTS_PublicKey::TreeSignature(sig_ots, auth_path);
42  }
43 
44 XMSS_Signature
45 XMSS_Signature_Operation::sign(const secure_vector<uint8_t>& msg_hash,
46  XMSS_PrivateKey& xmss_priv_key)
47  {
48  XMSS_Address adrs;
49  XMSS_Signature sig(m_leaf_idx,
50  m_randomness,
51  generate_tree_signature(msg_hash, xmss_priv_key,adrs));
52  return sig;
53  }
54 
56  {
57  return sizeof(uint64_t) + // size of leaf index
61  }
62 
64 XMSS_Signature_Operation::build_auth_path(XMSS_PrivateKey& priv_key,
65  XMSS_Address& adrs)
66  {
69 
70  for(size_t j = 0; j < m_xmss_params.tree_height(); j++)
71  {
72  size_t k = (m_leaf_idx / (1 << j)) ^ 0x01;
73  auth_path[j] = priv_key.tree_hash(k * (1 << j), j, adrs);
74  }
75 
76  return auth_path;
77  }
78 
79 void XMSS_Signature_Operation::update(const uint8_t msg[], size_t msg_len)
80  {
81  initialize();
82  m_hash.h_msg_update(msg, msg_len);
83  }
84 
87  {
88  initialize();
90  m_priv_key).bytes());
91  m_is_initialized = false;
92  return signature;
93  }
94 
95 void XMSS_Signature_Operation::initialize()
96  {
97  // return if we already initialized and reserved a leaf index for signing.
98  if(m_is_initialized)
99  { return; }
100 
101  secure_vector<uint8_t> index_bytes;
102  // reserve leaf index so it can not be reused in by another signature
103  // operation using the same private key.
104  m_leaf_idx = m_priv_key.reserve_unused_leaf_index();
105 
106  // write prefix for message hashing into buffer.
107  XMSS_Tools::concat(index_bytes, m_leaf_idx, 32);
108  m_randomness = m_hash.prf(m_priv_key.prf(), index_bytes);
109  index_bytes.clear();
110  XMSS_Tools::concat(index_bytes, m_leaf_idx,
111  m_priv_key.xmss_parameters().element_size());
112  m_hash.h_msg_init(m_randomness,
113  m_priv_key.root(),
114  index_bytes);
115  m_is_initialized = true;
116  }
117 
118 }
119 
const XMSS_WOTS_PrivateKey & wots_private_key() const
secure_vector< uint8_t > tree_hash(size_t start_idx, size_t target_node_height, XMSS_Address &adrs)
secure_vector< uint8_t > h_msg_final()
Definition: xmss_hash.cpp:64
void set_ots_address(uint32_t value)
Definition: xmss_address.h:164
XMSS_Signature_Operation(const XMSS_PrivateKey &private_key)
void h_msg_update(const uint8_t data[], size_t size)
Definition: xmss_hash.cpp:59
wots_keysig_t sign(const secure_vector< uint8_t > &msg, XMSS_Address &adrs)
size_t tree_height() const
const secure_vector< uint8_t > & prf() const
void prf(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition: xmss_hash.h:33
const XMSS_Parameters & xmss_parameters() const
void set_type(Type type)
Definition: xmss_address.h:111
secure_vector< uint8_t > & root()
XMSS_Parameters m_xmss_params
Definition: alg_id.cpp:13
std::vector< secure_vector< uint8_t > > wots_keysig_t
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition: xmss_tools.h:103
void h_msg_init(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes)
Definition: xmss_hash.cpp:47
size_t element_size() const
secure_vector< uint8_t > sign(RandomNumberGenerator &) override
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
void update(const uint8_t msg[], size_t msg_len) override