Botan 3.11.0
Crypto and TLS for C&
xmss_wots.h
Go to the documentation of this file.
1/*
2 * XMSS WOTS
3 * (C) 2016,2018 Matthias Gierlings
4 * 2023 René Meusel - Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 **/
8
9#ifndef BOTAN_XMSS_WOTS_H_
10#define BOTAN_XMSS_WOTS_H_
11
12#include <botan/secmem.h>
13#include <botan/xmss_parameters.h>
14#include <botan/internal/xmss_address.h>
15#include <vector>
16
17namespace Botan {
18
19class XMSS_Hash;
20class XMSS_WOTS_PrivateKey;
21
22typedef std::vector<secure_vector<uint8_t>> wots_keysig_t;
23
24class XMSS_WOTS_Base {
25 public:
26 explicit XMSS_WOTS_Base(XMSS_WOTS_Parameters params) : m_params(std::move(params)) {}
27
28 XMSS_WOTS_Base(XMSS_WOTS_Parameters params, wots_keysig_t key_data) :
29 m_params(std::move(params)), m_key_data(std::move(key_data)) {}
30
31 const wots_keysig_t& key_data() const { return m_key_data; }
32
33 protected:
34 XMSS_WOTS_Parameters m_params; // NOLINT(*non-private-member-variable*)
35 wots_keysig_t m_key_data; // NOLINT(*non-private-member-variable*)
36};
37
38/**
39 * A Winternitz One Time Signature public key for use with Extended Hash-Based
40 * Signatures.
41 **/
42class XMSS_WOTS_PublicKey : public XMSS_WOTS_Base {
43 public:
44 /**
45 * Algorithm 4: "WOTS_genPK"
46 * Initializes a Winternitz One Time Signature+ (WOTS+) Public Key's
47 * key data, with passed-in private key data using the WOTS chaining
48 * function.
49 *
50 * This overload is used in multithreaded scenarios, where it is
51 * required to provide separate instances of XMSS_Hash to each
52 * thread.
53 *
54 * @param params The WOTS parameters to use
55 * @param public_seed The public seed for the public key generation
56 * @param private_key The private key to derive the public key from
57 * @param adrs The address of the key to retrieve.
58 * @param hash Instance of XMSS_Hash, that may only be used by the
59 * thread executing at.
60 **/
61 XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters params,
62 std::span<const uint8_t> public_seed,
63 const XMSS_WOTS_PrivateKey& private_key,
64 XMSS_Address adrs,
65 XMSS_Hash& hash);
66
67 /**
68 * Creates a XMSS_WOTS_PublicKey from a message and signature using
69 * Algorithm 6 WOTS_pkFromSig defined in the XMSS standard. This
70 * overload is used to verify a message using a public key.
71 *
72 * @param params The WOTS parameters to use
73 * @param public_seed The public seed to derive the key with
74 * @param signature A WOTS signature for msg.
75 * @param msg A message.
76 * @param adrs The address of the key to retrieve.
77 * @param hash Instance of XMSS_Hash, that may only be used by the
78 * thread executing at.
79 */
80 XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters params,
81 std::span<const uint8_t> public_seed,
82 wots_keysig_t signature,
83 const secure_vector<uint8_t>& msg,
84 XMSS_Address adrs,
85 XMSS_Hash& hash);
86};
87
88/** A Winternitz One Time Signature private key for use with Extended Hash-Based
89 * Signatures.
90 **/
91class XMSS_WOTS_PrivateKey : public XMSS_WOTS_Base {
92 public:
93 /**
94 * Algorithm 3: "Generating a WOTS+ Private Key".
95 * Generates a private key.
96 *
97 * Note that this is implemented according to the recommendations
98 * in NIST SP.800-208 Section 6.2 to avoid a multi-target attack
99 * vulnerability. This _does not_ influence the sign/verify
100 * interoperability with implementations that do not implement this
101 * recommendation.
102 *
103 * This overload is used in multithreaded scenarios, where it is
104 * required to provide separate instances of XMSS_Hash to each thread.
105 *
106 * @param params The WOTS parameters to use
107 * @param public_seed The public seed for the private key generation
108 * @param private_seed The private seed for the private key generation
109 * @param adrs The address of the key to retrieve.
110 * @param hash Instance of XMSS_Hash, that may only be used by the
111 * thread executing at.
112 **/
113 XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters params,
114 std::span<const uint8_t> public_seed,
115 std::span<const uint8_t> private_seed,
116 XMSS_Address adrs,
117 XMSS_Hash& hash);
118
119 /**
120 * Constructor for the old derivation logic.
121 * Creates a WOTS+ private key using the old key derivation logic, i.e.
122 * the logic WITHOUT the recommendations in NIST SP.800-208. It is used
123 * to support XMSS_PrivateKeys created before the derivation logic was
124 * updated.
125 *
126 * @param params The WOTS parameters to use
127 * @param private_seed The private seed for the private key generation
128 * @param adrs The address of the key to retrieve.
129 * @param hash Instance of XMSS_Hash, that may only be used by the
130 * thread executing it.
131 **/
132 XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters params,
133 std::span<const uint8_t> private_seed,
134 XMSS_Address adrs,
135 XMSS_Hash& hash);
136
137 /**
138 * Algorithm 5: "WOTS_sign"
139 * Generates a signature from a private key and a message.
140 *
141 * This overload is used in multithreaded scenarios, where it is
142 * required to provide separate instances of XMSS_Hash to each
143 * thread.
144 *
145 * @param msg A message to sign.
146 * @param public_seed The public seed to use for the signature
147 * @param adrs An OTS hash address identifying the WOTS+ key pair
148 * used for signing.
149 * @param hash Instance of XMSS_Hash, that may only be used by the
150 * thread executing sign.
151 *
152 * @return signature for msg.
153 **/
154 wots_keysig_t sign(const secure_vector<uint8_t>& msg,
155 std::span<const uint8_t> public_seed,
156 XMSS_Address adrs,
157 XMSS_Hash& hash);
158};
159
160} // namespace Botan
161
162#endif
Botan::XMSS_Address
Definition xmss_address.h:25
Botan::XMSS_Hash
Definition xmss_hash.h:23
Botan::XMSS_WOTS_Base::key_data
const wots_keysig_t & key_data() const
Definition xmss_wots.h:31
Botan::XMSS_WOTS_Base::XMSS_WOTS_Base
XMSS_WOTS_Base(XMSS_WOTS_Parameters params, wots_keysig_t key_data)
Definition xmss_wots.h:28
Botan::XMSS_WOTS_Base::XMSS_WOTS_Base
XMSS_WOTS_Base(XMSS_WOTS_Parameters params)
Definition xmss_wots.h:26
Botan::XMSS_WOTS_Base::m_key_data
wots_keysig_t m_key_data
Definition xmss_wots.h:35
Botan::XMSS_WOTS_Base::m_params
XMSS_WOTS_Parameters m_params
Definition xmss_wots.h:34
Botan::XMSS_WOTS_Parameters
Definition xmss_parameters.h:31
Botan::XMSS_WOTS_PrivateKey
Definition xmss_wots.h:91
Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters params, std::span< const uint8_t > public_seed, std::span< const uint8_t > private_seed, XMSS_Address adrs, XMSS_Hash &hash)
Definition xmss_wots.cpp:133
Botan::XMSS_WOTS_PrivateKey::sign
wots_keysig_t sign(const secure_vector< uint8_t > &msg, std::span< const uint8_t > public_seed, XMSS_Address adrs, XMSS_Hash &hash)
Definition xmss_wots.cpp:116
Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters params, std::span< const uint8_t > public_seed, const XMSS_WOTS_PrivateKey &private_key, XMSS_Address adrs, XMSS_Hash &hash)
Definition xmss_wots.cpp:81
Botan::wots_keysig_t
std::vector< secure_vector< uint8_t > > wots_keysig_t
Definition xmss_common_ops.h:20
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68
Generated by doxygen 1.15.0