doxygen/xmss__signature__operation_8cpp_source.html

/*

 * XMSS Signature Operation

 * Signature generation operation for Extended Hash-Based Signatures (XMSS) as

 * defined in:

 *

 * [1] XMSS: Extended Hash-Based Signatures,

 *     Request for Comments: 8391

 *     Release: May 2018.

 *     https://datatracker.ietf.org/doc/rfc8391/

 *

 * (C) 2016,2017,2018 Matthias Gierlings

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 **/


#include <botan/internal/xmss_signature_operation.h>


#include <botan/internal/xmss_tools.h>


namespace Botan {


XMSS_Signature_Operation::XMSS_Signature_Operation(const XMSS_PrivateKey& private_key) :

      m_priv_key(private_key),

      m_hash(private_key.xmss_parameters()),

      m_randomness(0),

      m_leaf_idx(0),

      m_is_initialized(false) {}


XMSS_Signature::TreeSignature XMSS_Signature_Operation::generate_tree_signature(const secure_vector<uint8_t>& msg,

                                                                                XMSS_PrivateKey& xmss_priv_key,

                                                                                XMSS_Address& adrs) {

   XMSS_Signature::TreeSignature result;


   result.authentication_path = build_auth_path(xmss_priv_key, adrs);

   adrs.set_type(XMSS_Address::Type::OTS_Hash_Address);

   adrs.set_ots_address(m_leaf_idx);


   result.ots_signature =

      xmss_priv_key.wots_private_key_for(adrs, m_hash).sign(msg, xmss_priv_key.public_seed(), adrs, m_hash);


   return result;

}


XMSS_Signature XMSS_Signature_Operation::sign(const secure_vector<uint8_t>& msg_hash, XMSS_PrivateKey& xmss_priv_key) {

   XMSS_Address adrs;

   XMSS_Signature sig(m_leaf_idx, m_randomness, generate_tree_signature(msg_hash, xmss_priv_key, adrs));

   return sig;

}


size_t XMSS_Signature_Operation::signature_length() const {

   const auto& params = m_priv_key.xmss_parameters();

   return sizeof(uint64_t) +  // size of leaf index

          params.element_size() + params.len() * params.element_size() + params.tree_height() * params.element_size();

}


wots_keysig_t XMSS_Signature_Operation::build_auth_path(XMSS_PrivateKey& priv_key, XMSS_Address& adrs) {

   const auto& params = m_priv_key.xmss_parameters();

   wots_keysig_t auth_path(params.tree_height());

   adrs.set_type(XMSS_Address::Type::Hash_Tree_Address);


   for(size_t j = 0; j < params.tree_height(); j++) {

      size_t k = (m_leaf_idx / (static_cast<size_t>(1) << j)) ^ 0x01;

      auth_path[j] = priv_key.tree_hash(k * (static_cast<size_t>(1) << j), j, adrs);

   }


   return auth_path;

}


void XMSS_Signature_Operation::update(const uint8_t msg[], size_t msg_len) {

   initialize();

   m_hash.h_msg_update({msg, msg_len});

}


secure_vector<uint8_t> XMSS_Signature_Operation::sign(RandomNumberGenerator& /*rng*/) {

   initialize();

   secure_vector<uint8_t> signature(sign(m_hash.h_msg_final(), m_priv_key).bytes());

   m_is_initialized = false;

   return signature;

}


void XMSS_Signature_Operation::initialize() {

   // return if we already initialized and reserved a leaf index for signing.

   if(m_is_initialized) {

      return;

   }


   secure_vector<uint8_t> index_bytes;

   // reserve leaf index so it can not be reused by another signature

   // operation using the same private key.

   m_leaf_idx = static_cast<uint32_t>(m_priv_key.reserve_unused_leaf_index());


   // write prefix for message hashing into buffer.

   XMSS_Tools::concat(index_bytes, m_leaf_idx, 32);

   m_hash.prf(m_randomness, m_priv_key.prf_value(), index_bytes);

   index_bytes.clear();

   XMSS_Tools::concat(index_bytes, m_leaf_idx, m_priv_key.xmss_parameters().element_size());

   m_hash.h_msg_init(m_randomness, m_priv_key.root(), index_bytes);

   m_is_initialized = true;

}


AlgorithmIdentifier XMSS_Signature_Operation::algorithm_identifier() const {

   return AlgorithmIdentifier(OID::from_string("XMSS"), AlgorithmIdentifier::USE_EMPTY_PARAM);

}


}  // namespace Botan

Botan::AlgorithmIdentifier
Definition asn1_obj.h:440

Botan::AlgorithmIdentifier::USE_EMPTY_PARAM
@ USE_EMPTY_PARAM
Definition asn1_obj.h:442

Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:74

Botan::RandomNumberGenerator
Definition rng.h:30

Botan::XMSS_Address
Definition xmss_address.h:22

Botan::XMSS_Address::Type::OTS_Hash_Address
@ OTS_Hash_Address

Botan::XMSS_Address::Type::Hash_Tree_Address
@ Hash_Tree_Address

Botan::XMSS_Address::set_ots_address
void set_ots_address(uint32_t value)
Definition xmss_address.h:136

Botan::XMSS_Address::set_type
void set_type(Type type)
Definition xmss_address.h:90

Botan::XMSS_Hash::h_msg_final
secure_vector< uint8_t > h_msg_final()
Definition xmss_hash.cpp:49

Botan::XMSS_Hash::prf
void prf(secure_vector< uint8_t > &result, std::span< const uint8_t > key, std::span< const uint8_t > data)
Definition xmss_hash.h:57

Botan::XMSS_Hash::h_msg_update
void h_msg_update(std::span< const uint8_t > data)
Definition xmss_hash.cpp:45

Botan::XMSS_Hash::h_msg_init
void h_msg_init(std::span< const uint8_t > randomness, std::span< const uint8_t > root, std::span< const uint8_t > index_bytes)
Definition xmss_hash.cpp:34

Botan::XMSS_Parameters::element_size
size_t element_size() const
Definition xmss_parameters.h:180

Botan::XMSS_PrivateKey
Definition xmss.h:165

Botan::XMSS_PublicKey::root
const secure_vector< uint8_t > & root() const
Definition xmss.h:116

Botan::XMSS_PublicKey::public_seed
const secure_vector< uint8_t > & public_seed() const
Definition xmss.h:114

Botan::XMSS_PublicKey::xmss_parameters
const XMSS_Parameters & xmss_parameters() const
Definition xmss.h:118

Botan::XMSS_Signature_Operation::XMSS_Signature_Operation
XMSS_Signature_Operation(const XMSS_PrivateKey &private_key)
Definition xmss_signature_operation.cpp:22

Botan::XMSS_Signature_Operation::algorithm_identifier
AlgorithmIdentifier algorithm_identifier() const override
Definition xmss_signature_operation.cpp:101

Botan::XMSS_Signature_Operation::signature_length
size_t signature_length() const override
Definition xmss_signature_operation.cpp:50

Botan::XMSS_Signature_Operation::sign
secure_vector< uint8_t > sign(RandomNumberGenerator &) override
Definition xmss_signature_operation.cpp:74

Botan::XMSS_Signature_Operation::update
void update(const uint8_t msg[], size_t msg_len) override
Definition xmss_signature_operation.cpp:69

Botan::XMSS_Tools::concat
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition xmss_tools.h:54

Botan::XMSS_WOTS_PrivateKey::sign
wots_keysig_t sign(const secure_vector< uint8_t > &msg, std::span< const uint8_t > public_seed, XMSS_Address &adrs, XMSS_Hash &hash)
Definition xmss_wots.cpp:114

Botan
Definition alg_id.cpp:13

Botan::wots_keysig_t
std::vector< secure_vector< uint8_t > > wots_keysig_t
Definition xmss_common_ops.h:20

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

Botan::XMSS_Signature::TreeSignature
Definition xmss_signature.h:25

Botan::XMSS_Signature::TreeSignature::authentication_path
wots_keysig_t authentication_path
Definition xmss_signature.h:28

Botan::XMSS_Signature::TreeSignature::ots_signature
wots_keysig_t ots_signature
Definition xmss_signature.h:27