Botan  2.7.0
Crypto and TLS for C++11
xmss_verification_operation.cpp
Go to the documentation of this file.
1 /*
2  * XMSS Verification Operation
3  * Provides signature verification capabilities for Extended Hash-Based
4  * Signatures (XMSS).
5  *
6  * (C) 2016,2017 Matthias Gierlings
7  *
8  * Botan is released under the Simplified BSD License (see license.txt)
9  **/
10 
11 #include <botan/internal/xmss_verification_operation.h>
12 
13 namespace Botan {
14 
16  const XMSS_PublicKey& public_key)
17  : XMSS_Common_Ops(public_key.xmss_oid()),
18  m_pub_key(public_key),
19  m_msg_buf(0)
20  {
21  }
22 
24 XMSS_Verification_Operation::root_from_signature(const XMSS_Signature& sig,
25  const secure_vector<uint8_t>& msg,
26  XMSS_Address& adrs,
27  const secure_vector<uint8_t>& seed)
28  {
31 
32  XMSS_WOTS_PublicKey pub_key_ots(m_pub_key.wots_parameters().oid(),
33  msg,
34  sig.tree().ots_signature(),
35  adrs,
36  seed);
37 
40 
41  std::array<secure_vector<uint8_t>, 2> node;
42  create_l_tree(node[0], pub_key_ots, adrs, seed);
43 
46 
47  for(size_t k = 0; k < m_xmss_params.tree_height(); k++)
48  {
49  adrs.set_tree_height(k);
50  if(((sig.unused_leaf_index() / (1 << k)) & 0x01) == 0)
51  {
52  adrs.set_tree_index(adrs.get_tree_index() >> 1);
53  randomize_tree_hash(node[1],
54  node[0],
55  sig.tree().authentication_path()[k],
56  adrs,
57  seed);
58  }
59  else
60  {
61  adrs.set_tree_index((adrs.get_tree_index() - 1) >> 1);
62  randomize_tree_hash(node[1],
63  sig.tree().authentication_path()[k],
64  node[0],
65  adrs,
66  seed);
67  }
68  node[0] = node[1];
69  }
70  return node[0];
71  }
72 
73 bool
74 XMSS_Verification_Operation::verify(const XMSS_Signature& sig,
75  const secure_vector<uint8_t>& msg,
76  const XMSS_PublicKey& public_key)
77  {
78  XMSS_Address adrs;
79  secure_vector<uint8_t> index_bytes;
80  XMSS_Tools::concat(index_bytes,
81  sig.unused_leaf_index(),
83  secure_vector<uint8_t> msg_digest =
84  m_hash.h_msg(sig.randomness(),
85  public_key.root(),
86  index_bytes,
87  msg);
88 
89  secure_vector<uint8_t> node = root_from_signature(sig,
90  msg_digest,
91  adrs,
92  public_key.public_seed());
93 
94  return (node == public_key.root());
95  }
96 
97 // FIXME: XMSS signature verification requires the "randomness" parameter out
98 // of the XMSS signature, which is part of the prefix that is hashed before
99 // msg. Since the signature is unknown till sign() is called all message
100 // content has to be buffered. For large messages this can be inconvenient or
101 // impossible.
102 // Possible solution: Change PK_Ops::Verification interface to take the
103 // signature as constructor argument, make sign a parameterless member call.
104 void XMSS_Verification_Operation::update(const uint8_t msg[], size_t msg_len)
105  {
106  std::copy(msg, msg + msg_len, std::back_inserter(m_msg_buf));
107  }
108 
110  size_t sig_len)
111  {
112  try
113  {
114  XMSS_Signature signature(m_pub_key.xmss_parameters().oid(),
115  secure_vector<uint8_t>(sig, sig + sig_len));
116  bool result = verify(signature, m_msg_buf, m_pub_key);
117  m_msg_buf.clear();
118  return result;
119  }
120  catch(Integrity_Failure&)
121  {
122  m_msg_buf.clear();
123  return false;
124  }
125  }
126 
127 }
128 
uint32_t get_tree_index() const
Definition: xmss_address.h:297
void set_ots_address(uint32_t value)
Definition: xmss_address.h:164
void set_tree_height(uint32_t value)
Definition: xmss_address.h:251
void set_ltree_address(uint32_t value)
Definition: xmss_address.h:194
const XMSS_WOTS_PublicKey::TreeSignature & tree() const
size_t tree_height() const
const wots_keysig_t & authentication_path() const
bool is_valid_signature(const uint8_t sig[], size_t sig_len) override
void create_l_tree(secure_vector< uint8_t > &result, wots_keysig_t pk, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash)
secure_vector< uint8_t > h_msg(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes, const secure_vector< uint8_t > &data)
Definition: xmss_hash.cpp:70
void update(const uint8_t msg[], size_t msg_len) override
const XMSS_WOTS_Parameters & wots_parameters() const
const XMSS_Parameters & xmss_parameters() const
void set_type(Type type)
Definition: xmss_address.h:111
XMSS_Parameters m_xmss_params
Definition: alg_id.cpp:13
XMSS_Verification_Operation(const XMSS_PublicKey &public_key)
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition: xmss_tools.h:103
const wots_keysig_t & ots_signature() const
size_t element_size() const
size_t unused_leaf_index() const
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
void randomize_tree_hash(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash)
void set_tree_index(uint32_t value)
Definition: xmss_address.h:313
xmss_algorithm_t oid() const
ots_algorithm_t oid() const