Botan  2.8.0
Crypto and TLS for C++11
xmss_wots_parameters.cpp
Go to the documentation of this file.
1 /*
2  * XMSS WOTS Parameters
3  * Descibes a signature method for XMSS Winternitz One Time Signatures,
4  * as defined in:
5  * [1] XMSS: Extended Hash-Based Signatures,
6  * draft-itrf-cfrg-xmss-hash-based-signatures-06
7  * Release: July 2016.
8  * https://datatracker.ietf.org/doc/
9  * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
10  *
11  * (C) 2016,2017 Matthias Gierlings
12  *
13  * Botan is released under the Simplified BSD License (see license.txt)
14  **/
15 
16 #include <botan/xmss_wots_parameters.h>
17 #include <botan/exceptn.h>
18 #include <cmath>
19 
20 namespace Botan {
21 
24  {
25  if(param_set == "WOTSP_SHA2-256_W16")
26  { return WOTSP_SHA2_256_W16; }
27  if(param_set == "WOTSP_SHA2-512_W16")
28  { return WOTSP_SHA2_512_W16; }
29  if(param_set == "WOTSP_SHAKE128_W16")
30  { return WOTSP_SHAKE128_W16; }
31  if(param_set == "WOTSP_SHAKE256_W16")
32  { return WOTSP_SHAKE256_W16; }
33  throw Invalid_Argument("Unknown XMSS-WOTS algorithm param '" + param_set + "'");
34  }
35 
36 XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(const std::string& param_set)
37  : XMSS_WOTS_Parameters(xmss_wots_id_from_string(param_set))
38  {}
39 
41  : m_oid(oid)
42  {
43  switch(oid)
44  {
45  case WOTSP_SHA2_256_W16:
46  m_element_size = 32;
47  m_w = 16;
48  m_len = 67;
49  m_name = "WOTSP_SHA2-256_W16";
50  m_hash_name = "SHA-256";
51  m_strength = 256;
52  break;
53  case WOTSP_SHA2_512_W16:
54  m_element_size = 64;
55  m_w = 16;
56  m_len = 131;
57  m_name = "WOTSP_SHA2-512_W16";
58  m_hash_name = "SHA-512";
59  m_strength = 512;
60  break;
61  case WOTSP_SHAKE128_W16:
62  m_element_size = 32;
63  m_w = 16;
64  m_len = 67;
65  m_name = "WOTSP_SHAKE128_W16";
66  m_hash_name = "SHAKE-128(256)";
67  m_strength = 256;
68  break;
69  case WOTSP_SHAKE256_W16:
70  m_element_size = 64;
71  m_w = 16;
72  m_len = 131;
73  m_name = "WOTSP_SHAKE256_W16";
74  m_hash_name = "SHAKE-256(512)";
75  m_strength = 512;
76  break;
77  default:
79  "Algorithm id does not match any XMSS WOTS algorithm id.");
80  break;
81  }
82 
83  m_w == 16 ? m_lg_w = 4 : m_lg_w = 2;
84  m_len_1 = static_cast<size_t>(std::ceil((8 * element_size()) / m_lg_w));
85  m_len_2 = static_cast<size_t>(
86  floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1);
87  BOTAN_ASSERT(m_len == m_len_1 + m_len_2, "Invalid XMSS WOTS parameter "
88  "\"len\" detedted.");
89  }
90 
92 XMSS_WOTS_Parameters::base_w(const secure_vector<uint8_t>& msg, size_t out_size) const
93  {
95  size_t in = 0;
96  size_t total = 0;
97  size_t bits = 0;
98 
99  for(size_t i = 0; i < out_size; i++)
100  {
101  if(bits == 0)
102  {
103  total = msg[in];
104  in++;
105  bits += 8;
106  }
107  bits -= m_lg_w;
108  result.push_back(static_cast<uint8_t>((total >> bits) & (m_w - 1)));
109  }
110  return result;
111  }
112 
114 XMSS_WOTS_Parameters::base_w(size_t value) const
115  {
116  value <<= (8 - ((m_len_2 * m_lg_w) % 8));
117  size_t len_2_bytes = static_cast<size_t>(
118  std::ceil(static_cast<float>(m_len_2 * m_lg_w) / 8.f));
119  secure_vector<uint8_t> result;
120  XMSS_Tools::concat(result, value, len_2_bytes);
121  return base_w(result, m_len_2);
122  }
123 
124 void
126  {
127  size_t csum = 0;
128 
129  for(size_t i = 0; i < data.size(); i++)
130  {
131  csum += wots_parameter() - 1 - data[i];
132  }
133 
134  secure_vector<uint8_t> csum_bytes = base_w(csum);
135  std::move(csum_bytes.begin(), csum_bytes.end(), std::back_inserter(data));
136  }
137 
138 }
static ots_algorithm_t xmss_wots_id_from_string(const std::string &param_set)
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55
Definition: alg_id.cpp:13
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition: xmss_tools.h:103
void append_checksum(secure_vector< uint8_t > &data)
XMSS_WOTS_Parameters(const std::string &algo_name)
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
ots_algorithm_t oid() const