Botan  2.15.0
Crypto and TLS for C++11
xmss_wots_parameters.cpp
Go to the documentation of this file.
1 /*
2  * XMSS WOTS Parameters
3  * Descibes a signature method for XMSS Winternitz One Time Signatures,
4  * as defined in:
5  * [1] XMSS: Extended Hash-Based Signatures,
6  * Request for Comments: 8391
7  * Release: May 2018.
8  * https://datatracker.ietf.org/doc/rfc8391/
9  *
10  * (C) 2016,2017,2018 Matthias Gierlings
11  *
12  * Botan is released under the Simplified BSD License (see license.txt)
13  **/
14 
15 #include <botan/xmss_wots_parameters.h>
16 #include <botan/exceptn.h>
17 #include <cmath>
18 
19 namespace Botan {
20 
23  {
24  if(param_set == "WOTSP-SHA2_256")
25  { return WOTSP_SHA2_256; }
26  if(param_set == "WOTSP-SHA2_512")
27  { return WOTSP_SHA2_512; }
28  if(param_set == "WOTSP-SHAKE_256")
29  { return WOTSP_SHAKE_256; }
30  if(param_set == "WOTSP-SHAKE_512")
31  { return WOTSP_SHAKE_512; }
32  throw Invalid_Argument("Unknown XMSS-WOTS algorithm param '" + param_set + "'");
33  }
34 
35 XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(const std::string& param_set)
36  : XMSS_WOTS_Parameters(xmss_wots_id_from_string(param_set))
37  {}
38 
40  : m_oid(oid)
41  {
42  switch(oid)
43  {
44  case WOTSP_SHA2_256:
45  m_element_size = 32;
46  m_w = 16;
47  m_len = 67;
48  m_name = "WOTSP-SHA2_256";
49  m_hash_name = "SHA-256";
50  m_strength = 256;
51  break;
52  case WOTSP_SHA2_512:
53  m_element_size = 64;
54  m_w = 16;
55  m_len = 131;
56  m_name = "WOTSP-SHA2_512";
57  m_hash_name = "SHA-512";
58  m_strength = 512;
59  break;
60  case WOTSP_SHAKE_256:
61  m_element_size = 32;
62  m_w = 16;
63  m_len = 67;
64  m_name = "WOTSP-SHAKE_256";
65  m_hash_name = "SHAKE-128(256)";
66  m_strength = 256;
67  break;
68  case WOTSP_SHAKE_512:
69  m_element_size = 64;
70  m_w = 16;
71  m_len = 131;
72  m_name = "WOTSP-SHAKE_512";
73  m_hash_name = "SHAKE-256(512)";
74  m_strength = 512;
75  break;
76  default:
77  throw Not_Implemented("Algorithm id does not match any known XMSS WOTS algorithm id.");
78  break;
79  }
80 
81  m_lg_w = (m_w == 16) ? 4 : 2;
82  m_len_1 = static_cast<size_t>(std::ceil((8 * element_size()) / m_lg_w));
83  m_len_2 = static_cast<size_t>(
84  floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1);
85  BOTAN_ASSERT(m_len == m_len_1 + m_len_2, "Invalid XMSS WOTS parameter "
86  "\"len\" detedted.");
87  }
88 
90 XMSS_WOTS_Parameters::base_w(const secure_vector<uint8_t>& msg, size_t out_size) const
91  {
93  size_t in = 0;
94  size_t total = 0;
95  size_t bits = 0;
96 
97  for(size_t i = 0; i < out_size; i++)
98  {
99  if(bits == 0)
100  {
101  total = msg[in];
102  in++;
103  bits += 8;
104  }
105  bits -= m_lg_w;
106  result.push_back(static_cast<uint8_t>((total >> bits) & (m_w - 1)));
107  }
108  return result;
109  }
110 
112 XMSS_WOTS_Parameters::base_w(size_t value) const
113  {
114  value <<= (8 - ((m_len_2 * m_lg_w) % 8));
115  size_t len_2_bytes = static_cast<size_t>(
116  std::ceil(static_cast<float>(m_len_2 * m_lg_w) / 8.f));
117  secure_vector<uint8_t> result;
118  XMSS_Tools::concat(result, value, len_2_bytes);
119  return base_w(result, m_len_2);
120  }
121 
122 void
124  {
125  size_t csum = 0;
126 
127  for(size_t i = 0; i < data.size(); i++)
128  {
129  csum += wots_parameter() - 1 - data[i];
130  }
131 
132  secure_vector<uint8_t> csum_bytes = base_w(csum);
133  std::move(csum_bytes.begin(), csum_bytes.end(), std::back_inserter(data));
134  }
135 
136 }
static ots_algorithm_t xmss_wots_id_from_string(const std::string &param_set)
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55
Definition: alg_id.cpp:13
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition: xmss_tools.h:63
void append_checksum(secure_vector< uint8_t > &data)
XMSS_WOTS_Parameters(const std::string &algo_name)
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
ots_algorithm_t oid() const