Botan 2.19.1
Crypto and TLS for C&
xmss_wots.h
Go to the documentation of this file.
1/*
2 * XMSS WOTS
3 * (C) 2016,2018 Matthias Gierlings
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 **/
7
8#ifndef BOTAN_XMSS_WOTS_H_
9#define BOTAN_XMSS_WOTS_H_
10
11#include <botan/asn1_obj.h>
12#include <botan/exceptn.h>
13#include <botan/pk_keys.h>
14#include <botan/rng.h>
15#include <botan/secmem.h>
16#include <botan/xmss_hash.h>
17#include <map>
18#include <memory>
19#include <string>
20#include <vector>
21
22namespace Botan {
23
24/**
25 * Descibes a signature method for XMSS Winternitz One Time Signatures,
26 * as defined in:
27 * [1] XMSS: Extended Hash-Based Signatures,
28 * Request for Comments: 8391
29 * Release: May 2018.
30 * https://datatracker.ietf.org/doc/rfc8391/
31 **/
33 {
34 public:
36 {
37 WOTSP_SHA2_256 = 0x00000001,
38 WOTSP_SHA2_512 = 0x00000002,
39 WOTSP_SHAKE_256 = 0x00000003,
40 WOTSP_SHAKE_512 = 0x00000004
41 };
42
43 XMSS_WOTS_Parameters(const std::string& algo_name);
45
46 static ots_algorithm_t xmss_wots_id_from_string(const std::string& param_set);
47
48 /**
49 * Algorithm 1: convert input string to base.
50 *
51 * @param msg Input string (referred to as X in [1]).
52 * @param out_size size of message in base w.
53 *
54 * @return Input string converted to the given base.
55 **/
56 secure_vector<uint8_t> base_w(const secure_vector<uint8_t>& msg, size_t out_size) const;
57
58 secure_vector<uint8_t> base_w(size_t value) const;
59
61
62 /**
63 * @return XMSS WOTS registry name for the chosen parameter set.
64 **/
65 const std::string& name() const
66 {
67 return m_name;
68 }
69
70 /**
71 * @return Botan name for the hash function used.
72 **/
73 const std::string& hash_function_name() const
74 {
75 return m_hash_name;
76 }
77
78 /**
79 * Retrieves the uniform length of a message, and the size of
80 * each node. This correlates to XMSS parameter "n" defined
81 * in [1].
82 *
83 * @return element length in bytes.
84 **/
85 size_t element_size() const { return m_element_size; }
86
87 /**
88 * The Winternitz parameter.
89 *
90 * @return numeric base used for internal representation of
91 * data.
92 **/
93 size_t wots_parameter() const { return m_w; }
94
95 size_t len() const { return m_len; }
96
97 size_t len_1() const { return m_len_1; }
98
99 size_t len_2() const { return m_len_2; }
100
101 size_t lg_w() const { return m_lg_w; }
102
103 ots_algorithm_t oid() const { return m_oid; }
104
105 size_t estimated_strength() const { return m_strength; }
106
107 bool operator==(const XMSS_WOTS_Parameters& p) const
108 {
109 return m_oid == p.m_oid;
110 }
111
112 private:
113 static const std::map<std::string, ots_algorithm_t> m_oid_name_lut;
114 ots_algorithm_t m_oid;
115 std::string m_name;
116 std::string m_hash_name;
117 size_t m_element_size;
118 size_t m_w;
119 size_t m_len_1;
120 size_t m_len_2;
121 size_t m_len;
122 size_t m_strength;
123 uint8_t m_lg_w;
124 };
125
126class XMSS_Address;
127
128typedef std::vector<secure_vector<uint8_t>> wots_keysig_t;
129
130/**
131 * A Winternitz One Time Signature public key for use with Extended Hash-Based
132 * Signatures.
133 **/
134class XMSS_WOTS_PublicKey : virtual public Public_Key
135 {
136 public:
138 {
139 public:
140 TreeSignature() = default;
141
143 const wots_keysig_t& auth_path)
144 : m_ots_sig(ots_sig), m_auth_path(auth_path)
145 {}
146
148 wots_keysig_t&& auth_path)
149 : m_ots_sig(std::move(ots_sig)),
150 m_auth_path(std::move(auth_path))
151 {}
152
154 {
155 return m_ots_sig;
156 }
157
159 {
160 return m_ots_sig;
161 }
162
164 {
165 return m_auth_path;
166 }
167
169 {
170 return m_auth_path;
171 }
172
173 private:
174 wots_keysig_t m_ots_sig;
175 wots_keysig_t m_auth_path;
176 };
177
178 /**
179 * Creates a XMSS_WOTS_PublicKey for the signature method identified by
180 * oid. The public seed for this key will be initialized with a
181 * uniformly random n-byte value, where "n" is the element size of the
182 * selected signature method.
183 *
184 * @param oid Identifier for the selected signature method.
185 **/
187 : m_wots_params(oid),
188 m_hash(m_wots_params.hash_function_name()) {}
189
190 /**
191 * Creates a XMSS_WOTS_PublicKey for the signature method identified by
192 * oid. The public seed for this key will be initialized with a
193 * uniformly random n-byte value, where "n" is the element size of the
194 * selected signature method.
195 *
196 * @param oid Identifier for the selected signature method.
197 * @param rng A random number generate used to generate the public seed.
198 **/
201 : m_wots_params(oid),
202 m_hash(m_wots_params.hash_function_name()),
203 m_public_seed(rng.random_vec(m_wots_params.element_size())) {}
204
205 /**
206 * Creates a XMSS_WOTS_PrivateKey for the signature method identified by
207 * oid, with a precomputed public seed.
208 *
209 * @param oid Identifier for the selected signature method.
210 * @param public_seed A precomputed public seed of n-bytes length.
211 **/
214 : m_wots_params(oid),
215 m_hash(m_wots_params.hash_function_name()),
217
218 /**
219 * Creates a XMSS_WOTS_PublicKey for the signature method identified by
220 * oid. The public seed will be initialized with a precomputed seed and
221 * and precomputed key data which should be derived from a
222 * XMSS_WOTS_PrivateKey.
223 *
224 * @param oid Ident:s/ifier for the selected signature methods.
225 * @param public_seed A precomputed public seed of n-bytes length.
226 * @param key Precomputed raw key data of the XMSS_WOTS_PublicKey.
227 **/
230 wots_keysig_t&& key)
231 : m_wots_params(oid),
232 m_hash(m_wots_params.hash_function_name()),
233 m_key(std::move(key)),
235 {}
236
237 /**
238 * Creates a XMSS_WOTS_PublicKey for the signature method identified by
239 * oid. The public seed will be initialized with a precomputed seed and
240 * and precomputed key data which should be derived from a
241 * XMSS_WOTS_PrivateKey.
242 *
243 * @param oid Identifier for the selected signature methods.
244 * @param public_seed A precomputed public seed of n-bytes length.
245 * @param key Precomputed raw key data of the XMSS_WOTS_PublicKey.
246 **/
249 const wots_keysig_t& key)
250 : m_wots_params(oid),
251 m_hash(m_wots_params.hash_function_name()),
252 m_key(key),
254 {}
255
256 /**
257 * Creates a XMSS_WOTS_PublicKey form a message and signature using
258 * Algorithm 6 WOTS_pkFromSig defined in the XMSS standard. This
259 * overload is used to verify a message using a public key.
260 *
261 * @param oid WOTSP algorithm identifier.
262 * @param msg A message.
263 * @param sig A WOTS signature for msg.
264 * @param adrs An XMSS_Address.
265 * @param public_seed The public public_seed.
266 **/
268 const secure_vector<uint8_t>& msg,
269 const wots_keysig_t& sig,
270 XMSS_Address& adrs,
272 : m_wots_params(oid),
273 m_hash(m_wots_params.hash_function_name()),
274 m_key(pub_key_from_signature(msg,
275 sig,
276 adrs,
277 public_seed)),
279 {}
280
281 /**
282 * Retrieves the i-th element out of the length len chain of
283 * n-byte elements contained in the public key.
284 *
285 * @param i index of the element.
286 * @returns n-byte element addressed by i.
287 **/
288 const secure_vector<uint8_t>& operator[](size_t i) const { return m_key[i]; }
289 secure_vector<uint8_t>& operator[](size_t i) { return m_key[i]; }
290
291 /**
292 * Convert the key into the raw key data. The key becomes a length
293 * len vector of n-byte elements.
294 **/
295 operator const wots_keysig_t& () const { return m_key; }
296
297 /**
298 * Convert the key into the raw key data. The key becomes a length
299 * len vector of n-byte elements.
300 **/
301 operator wots_keysig_t& () { return m_key; }
302
304
306
308 {
310 }
311
313 {
314 m_public_seed = std::move(public_seed);
315 }
316
317 const wots_keysig_t& key_data() const { return m_key; }
318
320
322 {
323 m_key = key_data;
324 }
325
327 {
328 m_key = std::move(key_data);
329 }
330
332 {
333 return m_wots_params;
334 }
335
336 std::string algo_name() const override
337 {
338 return m_wots_params.name();
339 }
340
342 {
343 throw Not_Implemented("No AlgorithmIdentifier available for XMSS-WOTS.");
344 }
345
346 bool check_key(RandomNumberGenerator&, bool) const override
347 {
348 return true;
349 }
350
351 size_t estimated_strength() const override
352 {
354 }
355
356 size_t key_length() const override
357 {
359 }
360
361 std::vector<uint8_t> public_key_bits() const override
362 {
363 throw Not_Implemented("No key format defined for XMSS-WOTS");
364 }
365
367 {
368 return m_key == key.m_key;
369 }
370
372 {
373 return !(*this == key);
374 }
375
376 protected:
377 /**
378 * Algorithm 2: Chaining Function.
379 *
380 * Takes an n-byte input string and transforms it into a the function
381 * result iterating the cryptographic hash function "F" steps times on
382 * the input x using the outputs of the PRNG "G".
383 *
384 * This overload is used in multithreaded scenarios, where it is
385 * required to provide seperate instances of XMSS_Hash to each
386 * thread.
387 *
388 * @param[out] x An n-byte input string, that will be transformed into
389 * the chaining function result.
390 * @param start_idx The start index.
391 * @param steps A number of steps.
392 * @param adrs An OTS Hash Address.
393 * @param public_seed A public seed.
394 * @param hash Instance of XMSS_Hash, that may only by the thead
395 * executing chain.
396 **/
398 size_t start_idx,
399 size_t steps,
400 XMSS_Address& adrs,
402 XMSS_Hash& hash);
403
404 /**
405 * Algorithm 2: Chaining Function.
406 *
407 * Takes an n-byte input string and transforms it into a the function
408 * result iterating the cryptographic hash function "F" steps times on
409 * the input x using the outputs of the PRNG "G".
410 *
411 * @param[out] x An n-byte input string, that will be transformed into
412 * the chaining function result.
413 * @param start_idx The start index.
414 * @param steps A number of steps.
415 * @param adrs An OTS Hash Address.
416 * @param public_seed A public seed.
417 **/
419 size_t start_idx,
420 size_t steps,
421 XMSS_Address& adrs,
423 {
424 chain(x, start_idx, steps, adrs, public_seed, m_hash);
425 }
426
431
432 private:
433 /**
434 * Algorithm 6: "WOTS_pkFromSig"
435 * Computes a Winternitz One Time Signature+ public key from a message and
436 * its signature.
437 *
438 * @param msg A message.
439 * @param sig The signature for msg.
440 * @param adrs An address.
441 * @param public_seed A public_seed.
442 *
443 * @return Temporary WOTS+ public key.
444 **/
445 wots_keysig_t pub_key_from_signature(
446 const secure_vector<uint8_t>& msg,
447 const wots_keysig_t& sig,
448 XMSS_Address& adrs,
450 };
451
452/** A Winternitz One Time Signature private key for use with Extended Hash-Based
453 * Signatures.
454 **/
456 public virtual Private_Key
457 {
458 public:
459 /**
460 * Creates a WOTS private key for the chosen XMSS WOTS signature method.
461 * Members need to be initialized manually.
462 *
463 * @param oid Identifier for the selected signature method.
464 **/
467 {}
468
469 /**
470 * Creates a WOTS private key for the chosen XMSS WOTS signature method.
471 *
472 * @param oid Identifier for the selected signature method.
473 * @param rng A random number generator to use for key generation.
474 **/
477 : XMSS_WOTS_PublicKey(oid, rng),
478 m_private_seed(rng.random_vec(m_wots_params.element_size()))
479 {
480 set_key_data(generate(m_private_seed));
481 }
482
483 /**
484 * Constructs a WOTS private key. Chains will be generated on demand
485 * applying a hash function to a unique value generated from a secret
486 * seed and a counter. The secret seed of length n, will be
487 * automatically generated using AutoSeeded_RNG(). "n" equals
488 * the element size of the chosen WOTS security parameter set.
489 *
490 * @param oid Identifier for the selected signature method.
491 * @param public_seed A public seed used for the pseudo random generation
492 * of public keys derived from this private key.
493 * @param rng A random number generator to use for key generation.
494 **/
499 m_private_seed(rng.random_vec(m_wots_params.element_size()))
500 {
501 set_key_data(generate(m_private_seed));
502 }
503
504 /**
505 * Constructs a WOTS private key. Chains will be generated on demand
506 * applying a hash function to a unique value generated from a secret
507 * seed and a counter. The secret seed of length n, will be
508 * automatically generated using AutoSeeded_RNG(). "n" equals
509 * the element size of the chosen WOTS security parameter set.
510 *
511 * @param oid Identifier for the selected signature method.
512 * @param public_seed A public seed used for the pseudo random generation
513 * of public keys derived from this private key.
514 **/
518 {}
519
520 /**
521 * Constructs a WOTS private key. Chains will be generated on demand
522 * applying a hash function to a unique value generated from the
523 * secret seed and a counter.
524 *
525 * @param oid Identifier for the selected signature method.
526 * @param public_seed A public seed used for the pseudo random generation
527 * of public keys derived from this private key.
528 * @param private_seed A secret uniformly random n-byte value.
529 **/
534 m_private_seed(private_seed)
535 {
536 set_key_data(generate(private_seed));
537 }
538
539 /**
540 * Retrieves the i-th WOTS private key using pseudo random key
541 * (re-)generation.
542 *
543 * This overload is used in multithreaded scenarios, where it is
544 * required to provide seperate instances of XMSS_Hash to each
545 * thread.
546 *
547 * @param i Index of the key to retrieve.
548 * @param hash Instance of XMSS_Hash, that may only be used by the
549 * thead executing at.
550 *
551 * @return WOTS secret key.
552 **/
553 wots_keysig_t at(size_t i, XMSS_Hash& hash);
554
555 /**
556 * Retrieves the i-th WOTS private key using pseudo random key
557 * (re-)generation.
558 *
559 * @param i Index of the key to retrieve.
560 *
561 * @return WOTS secret key.
562 **/
563 inline wots_keysig_t operator[](size_t i)
564 {
565 return this->at(i, m_hash);
566 }
567
568 /**
569 * Retrieves the i-th WOTS private key using pseudo random key
570 * (re-)generation.
571 *
572 * This overload is used in multithreaded scenarios, where it is
573 * required to provide seperate instances of XMSS_Hash to each
574 * thread.
575 *
576 * @param adrs The address of the key to retrieve.
577 * @param hash Instance of XMSS_Hash, that may only be used by the
578 * thead executing at.
579 *
580 * @return WOTS secret key.
581 **/
583
585 {
586 return this->at(adrs, m_hash);
587 }
588
590
591 /**
592 * Algorithm 4: "WOTS_genPK"
593 * Generates a Winternitz One Time Signature+ (WOTS+) Public Key from a
594 * given private key.
595 *
596 * @param adrs Hash function address encoding the address of the WOTS+
597 * key pair within a greater structure.
598 *
599 * @return A XMSS_WOTS_PublicKey.
600 **/
602
603 /**
604 * Algorithm 4: "WOTS_genPK"
605 * Initializes a Winternitz One Time Signature+ (WOTS+) Public Key's
606 * key_data() member, with data derived from in_key_data using the
607 * WOTS chaining function.
608 *
609 * This overload is used in multithreaded scenarios, where it is
610 * required to provide seperate instances of XMSS_Hash to each
611 * thread.
612 *
613 * @param[out] pub_key Public key to initialize key_data() member on.
614 * @param in_key_data Input key material from private key used for
615 * public key generation.
616 * @param adrs Hash function address encoding the address of
617 * the WOTS+ key pair within a greater structure.
618 * @param hash Instance of XMSS_Hash, that may only by the thead
619 * executing generate_public_key.
620 **/
622 wots_keysig_t&& in_key_data,
623 XMSS_Address& adrs,
624 XMSS_Hash& hash);
625 /**
626 * Algorithm 4: "WOTS_genPK"
627 * Initializes a Winternitz One Time Signature+ (WOTS+) Public Key's
628 * key_data() member, with data derived from in_key_data using the
629 * WOTS chaining function.
630 *
631 * @param[out] pub_key Public key to initialize key_data() member on.
632 * @param in_key_data Input key material from private key used for
633 * public key generation.
634 * @param adrs Hash function address encoding the address of
635 * the WOTS+ key pair within a greater structure.
636 **/
638 wots_keysig_t&& in_key_data,
639 XMSS_Address& adrs)
640 {
641 generate_public_key(pub_key, std::forward<wots_keysig_t>(in_key_data), adrs, m_hash);
642 }
643
644 /**
645 * Algorithm 5: "WOTS_sign"
646 * Generates a signature from a private key and a message.
647 *
648 * @param msg A message to sign.
649 * @param adrs An OTS hash address identifying the WOTS+ key pair
650 * used for signing.
651 *
652 * @return signature for msg.
653 **/
655 XMSS_Address& adrs)
656 {
657 return sign(msg, adrs, m_hash);
658 }
659
660 /**
661 * Algorithm 5: "WOTS_sign"
662 * Generates a signature from a private key and a message.
663 *
664 * This overload is used in multithreaded scenarios, where it is
665 * required to provide seperate instances of XMSS_Hash to each
666 * thread.
667 *
668 * @param msg A message to sign.
669 * @param adrs An OTS hash address identifying the WOTS+ key pair
670 * used for signing.
671 * @param hash Instance of XMSS_Hash, that may only be used by the
672 * thead executing sign.
673 *
674 * @return signature for msg.
675 **/
677 XMSS_Address& adrs,
678 XMSS_Hash& hash);
679
680 /**
681 * Retrieves the secret seed used to generate WOTS+ chains. The seed
682 * should be a uniformly random n-byte value.
683 *
684 * @return secret seed.
685 **/
687 {
688 return m_private_seed;
689 }
690
691 /**
692 * Sets the secret seed used to generate WOTS+ chains. The seed
693 * should be a uniformly random n-byte value.
694 *
695 * @param private_seed Uniformly random n-byte value.
696 **/
698 {
699 m_private_seed = private_seed;
700 }
701
702 /**
703 * Sets the secret seed used to generate WOTS+ chains. The seed
704 * should be a uniformly random n-byte value.
705 *
706 * @param private_seed Uniformly random n-byte value.
707 **/
709 {
710 m_private_seed = std::move(private_seed);
711 }
712
715 {
716 throw Not_Implemented("No AlgorithmIdentifier available for XMSS-WOTS.");
717 }
718
720 {
721 throw Not_Implemented("No PKCS8 key format defined for XMSS-WOTS.");
722 }
723
724 private:
725 /**
726 * Algorithm 3: "Generating a WOTS+ Private Key".
727 * Generates a private key.
728 *
729 * This overload is used in multithreaded scenarios, where it is
730 * required to provide seperate instances of XMSS_Hash to each thread.
731 *
732 * @param private_seed Uniformly random n-byte value.
733 * @param[in] hash Instance of XMSS_Hash, that may only be used by the
734 * thead executing generate.
735 *
736 * @returns a vector of length key_size() of vectors of n bytes length
737 * containing uniformly random data.
738 **/
740 XMSS_Hash& hash);
741
743 {
744 return generate(private_seed, m_hash);
745 }
746
747 secure_vector<uint8_t> m_private_seed;
748 };
749
750}
751
752#endif
size_t len_2() const
Definition: xmss_wots.h:99
size_t wots_parameter() const
Definition: xmss_wots.h:93
const std::string & hash_function_name() const
Definition: xmss_wots.h:73
size_t len_1() const
Definition: xmss_wots.h:97
size_t element_size() const
Definition: xmss_wots.h:85
XMSS_WOTS_Parameters(const std::string &algo_name)
ots_algorithm_t oid() const
Definition: xmss_wots.h:103
void append_checksum(secure_vector< uint8_t > &data)
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
size_t estimated_strength() const
Definition: xmss_wots.h:105
const std::string & name() const
Definition: xmss_wots.h:65
static ots_algorithm_t xmss_wots_id_from_string(const std::string &param_set)
bool operator==(const XMSS_WOTS_Parameters &p) const
Definition: xmss_wots.h:107
const secure_vector< uint8_t > & private_seed() const
Definition: xmss_wots.h:686
wots_keysig_t generate_private_key(const secure_vector< uint8_t > &priv_seed)
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid)
Definition: xmss_wots.h:465
void set_private_seed(secure_vector< uint8_t > &&private_seed)
Definition: xmss_wots.h:708
secure_vector< uint8_t > private_key_bits() const override
Definition: xmss_wots.h:719
XMSS_WOTS_PublicKey generate_public_key(XMSS_Address &adrs)
wots_keysig_t operator[](const XMSS_Address &adrs)
Definition: xmss_wots.h:584
wots_keysig_t sign(const secure_vector< uint8_t > &msg, XMSS_Address &adrs)
Definition: xmss_wots.h:654
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &public_seed, const secure_vector< uint8_t > &private_seed)
Definition: xmss_wots.h:530
AlgorithmIdentifier pkcs8_algorithm_identifier() const override
Definition: xmss_wots.h:714
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, RandomNumberGenerator &rng)
Definition: xmss_wots.h:475
void set_private_seed(const secure_vector< uint8_t > &private_seed)
Definition: xmss_wots.h:697
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &public_seed)
Definition: xmss_wots.h:515
void generate_public_key(XMSS_WOTS_PublicKey &pub_key, wots_keysig_t &&in_key_data, XMSS_Address &adrs)
Definition: xmss_wots.h:637
wots_keysig_t at(size_t i, XMSS_Hash &hash)
wots_keysig_t operator[](size_t i)
Definition: xmss_wots.h:563
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &public_seed, RandomNumberGenerator &rng)
Definition: xmss_wots.h:495
TreeSignature(wots_keysig_t &&ots_sig, wots_keysig_t &&auth_path)
Definition: xmss_wots.h:147
const wots_keysig_t & ots_signature() const
Definition: xmss_wots.h:153
TreeSignature(const wots_keysig_t &ots_sig, const wots_keysig_t &auth_path)
Definition: xmss_wots.h:142
const wots_keysig_t & authentication_path() const
Definition: xmss_wots.h:163
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, secure_vector< uint8_t > &&public_seed, wots_keysig_t &&key)
Definition: xmss_wots.h:228
XMSS_WOTS_Parameters m_wots_params
Definition: xmss_wots.h:427
const secure_vector< uint8_t > & public_seed() const
Definition: xmss_wots.h:303
const wots_keysig_t & key_data() const
Definition: xmss_wots.h:317
const XMSS_WOTS_Parameters & wots_parameters() const
Definition: xmss_wots.h:331
const secure_vector< uint8_t > & operator[](size_t i) const
Definition: xmss_wots.h:288
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, RandomNumberGenerator &rng)
Definition: xmss_wots.h:199
secure_vector< uint8_t > m_public_seed
Definition: xmss_wots.h:430
size_t key_length() const override
Definition: xmss_wots.h:356
void chain(secure_vector< uint8_t > &x, size_t start_idx, size_t steps, XMSS_Address &adrs, const secure_vector< uint8_t > &public_seed)
Definition: xmss_wots.h:418
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &public_seed, const wots_keysig_t &key)
Definition: xmss_wots.h:247
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &msg, const wots_keysig_t &sig, XMSS_Address &adrs, const secure_vector< uint8_t > &public_seed)
Definition: xmss_wots.h:267
size_t estimated_strength() const override
Definition: xmss_wots.h:351
wots_keysig_t & key_data()
Definition: xmss_wots.h:319
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid)
Definition: xmss_wots.h:186
bool operator==(const XMSS_WOTS_PublicKey &key)
Definition: xmss_wots.h:366
std::vector< uint8_t > public_key_bits() const override
Definition: xmss_wots.h:361
void set_public_seed(secure_vector< uint8_t > &&public_seed)
Definition: xmss_wots.h:312
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, secure_vector< uint8_t > public_seed)
Definition: xmss_wots.h:212
AlgorithmIdentifier algorithm_identifier() const override
Definition: xmss_wots.h:341
bool check_key(RandomNumberGenerator &, bool) const override
Definition: xmss_wots.h:346
void set_public_seed(const secure_vector< uint8_t > &public_seed)
Definition: xmss_wots.h:307
std::string algo_name() const override
Definition: xmss_wots.h:336
bool operator!=(const XMSS_WOTS_PublicKey &key)
Definition: xmss_wots.h:371
secure_vector< uint8_t > & public_seed()
Definition: xmss_wots.h:305
void chain(secure_vector< uint8_t > &x, size_t start_idx, size_t steps, XMSS_Address &adrs, const secure_vector< uint8_t > &public_seed, XMSS_Hash &hash)
void set_key_data(const wots_keysig_t &key_data)
Definition: xmss_wots.h:321
secure_vector< uint8_t > & operator[](size_t i)
Definition: xmss_wots.h:289
void set_key_data(wots_keysig_t &&key_data)
Definition: xmss_wots.h:326
int(* final)(unsigned char *, CTX *)
Definition: alg_id.cpp:13
std::vector< secure_vector< uint8_t > > wots_keysig_t
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
Definition: bigint.h:1143
MechanismType hash