Botan 3.3.0
Crypto and TLS for C&
xmss_wots.h
Go to the documentation of this file.
1/*
2 * XMSS WOTS
3 * (C) 2016,2018 Matthias Gierlings
4 * 2023 René Meusel - Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 **/
8
9#ifndef BOTAN_XMSS_WOTS_H_
10#define BOTAN_XMSS_WOTS_H_
11
12#include <botan/asn1_obj.h>
13#include <botan/exceptn.h>
14#include <botan/pk_keys.h>
15#include <botan/rng.h>
16#include <botan/secmem.h>
17#include <botan/xmss_parameters.h>
18#include <botan/internal/xmss_hash.h>
19#include <map>
20#include <memory>
21#include <string>
22#include <vector>
23
24namespace Botan {
25
26class XMSS_Address;
27class XMSS_WOTS_PrivateKey;
28
29typedef std::vector<secure_vector<uint8_t>> wots_keysig_t;
30
32 public:
33 XMSS_WOTS_Base(XMSS_WOTS_Parameters params) : m_params(std::move(params)) {}
34
36 m_params(std::move(params)), m_key_data(std::move(key_data)) {}
37
38 const wots_keysig_t& key_data() const { return m_key_data; }
39
40 protected:
43};
44
45/**
46 * A Winternitz One Time Signature public key for use with Extended Hash-Based
47 * Signatures.
48 **/
50 public:
51 /**
52 * Algorithm 4: "WOTS_genPK"
53 * Initializes a Winternitz One Time Signature+ (WOTS+) Public Key's
54 * key data, with passed-in private key data using the WOTS chaining
55 * function.
56 *
57 * This overload is used in multithreaded scenarios, where it is
58 * required to provide seperate instances of XMSS_Hash to each
59 * thread.
60 *
61 * @param params The WOTS parameters to use
62 * @param public_seed The public seed for the public key generation
63 * @param private_key The private key to derive the public key from
64 * @param adrs The address of the key to retrieve.
65 * @param hash Instance of XMSS_Hash, that may only be used by the
66 * thread executing at.
67 **/
69 std::span<const uint8_t> public_seed,
70 const XMSS_WOTS_PrivateKey& private_key,
71 XMSS_Address& adrs,
72 XMSS_Hash& hash);
73
74 /**
75 * Creates a XMSS_WOTS_PublicKey from a message and signature using
76 * Algorithm 6 WOTS_pkFromSig defined in the XMSS standard. This
77 * overload is used to verify a message using a public key.
78 *
79 * @param params The WOTS parameters to use
80 * @param public_seed The public seed to derive the key with
81 * @param signature A WOTS signature for msg.
82 * @param msg A message.
83 * @param adrs The address of the key to retrieve.
84 * @param hash Instance of XMSS_Hash, that may only be used by the
85 * thread executing at.
86 */
88 std::span<const uint8_t> public_seed,
89 wots_keysig_t signature,
90 const secure_vector<uint8_t>& msg,
91 XMSS_Address& adrs,
92 XMSS_Hash& hash);
93};
94
95/** A Winternitz One Time Signature private key for use with Extended Hash-Based
96 * Signatures.
97 **/
99 public:
100 /**
101 * Algorithm 3: "Generating a WOTS+ Private Key".
102 * Generates a private key.
103 *
104 * Note that this is implemented according to the recommendations
105 * in NIST SP.800-208 Section 6.2 to avoid a multi-target attack
106 * vulnerability. This _does not_ influence the sign/verify
107 * interoperability with implementations that do not implement this
108 * recommendation.
109 *
110 * This overload is used in multithreaded scenarios, where it is
111 * required to provide seperate instances of XMSS_Hash to each thread.
112 *
113 * @param params The WOTS parameters to use
114 * @param public_seed The public seed for the private key generation
115 * @param private_seed The private seed for the private key generation
116 * @param adrs The address of the key to retrieve.
117 * @param hash Instance of XMSS_Hash, that may only be used by the
118 * thread executing at.
119 **/
121 std::span<const uint8_t> public_seed,
122 std::span<const uint8_t> private_seed,
123 XMSS_Address adrs,
124 XMSS_Hash& hash);
125
126 /**
127 * Constructor for the old derivation logic.
128 * Creates a WOTS+ private key using the old key derivation logic, i.e.
129 * the logic WITHOUT the recommendations in NIST SP.800-208. It is used
130 * to support XMSS_PrivateKeys created before the derivation logic was
131 * updated.
132 *
133 * @param params The WOTS parameters to use
134 * @param private_seed The private seed for the private key generation
135 * @param adrs The address of the key to retrieve.
136 * @param hash Instance of XMSS_Hash, that may only be used by the
137 * thread executing it.
138 **/
140 std::span<const uint8_t> private_seed,
141 XMSS_Address adrs,
142 XMSS_Hash& hash);
143
144 /**
145 * Algorithm 5: "WOTS_sign"
146 * Generates a signature from a private key and a message.
147 *
148 * This overload is used in multithreaded scenarios, where it is
149 * required to provide seperate instances of XMSS_Hash to each
150 * thread.
151 *
152 * @param msg A message to sign.
153 * @param public_seed The public seed to use for the signature
154 * @param adrs An OTS hash address identifying the WOTS+ key pair
155 * used for signing.
156 * @param hash Instance of XMSS_Hash, that may only be used by the
157 * thread executing sign.
158 *
159 * @return signature for msg.
160 **/
162 std::span<const uint8_t> public_seed,
163 XMSS_Address& adrs,
164 XMSS_Hash& hash);
165};
166
167} // namespace Botan
168
169#endif
const wots_keysig_t & key_data() const
Definition xmss_wots.h:38
XMSS_WOTS_Base(XMSS_WOTS_Parameters params, wots_keysig_t key_data)
Definition xmss_wots.h:35
XMSS_WOTS_Base(XMSS_WOTS_Parameters params)
Definition xmss_wots.h:33
wots_keysig_t m_key_data
Definition xmss_wots.h:42
XMSS_WOTS_Parameters m_params
Definition xmss_wots.h:41
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters params, std::span< const uint8_t > public_seed, std::span< const uint8_t > private_seed, XMSS_Address adrs, XMSS_Hash &hash)
wots_keysig_t sign(const secure_vector< uint8_t > &msg, std::span< const uint8_t > public_seed, XMSS_Address &adrs, XMSS_Hash &hash)
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters params, std::span< const uint8_t > public_seed, const XMSS_WOTS_PrivateKey &private_key, XMSS_Address &adrs, XMSS_Hash &hash)
Definition xmss_wots.cpp:79
std::vector< secure_vector< uint8_t > > wots_keysig_t
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61