Botan 3.8.1
Crypto and TLS for C&
xmss_wots_parameters.cpp
Go to the documentation of this file.
1/*
2 * XMSS WOTS Parameters
3 * Descibes a signature method for XMSS Winternitz One Time Signatures,
4 * as defined in:
5 * [1] XMSS: Extended Hash-Based Signatures,
6 * Request for Comments: 8391
7 * Release: May 2018.
8 * https://datatracker.ietf.org/doc/rfc8391/
9 *
10 * (C) 2016,2017,2018 Matthias Gierlings
11 *
12 * Botan is released under the Simplified BSD License (see license.txt)
13 **/
14
15#include <botan/internal/xmss_wots.h>
16
17#include <botan/assert.h>
18#include <botan/exceptn.h>
19#include <botan/internal/fmt.h>
20#include <botan/internal/xmss_tools.h>
21#include <cmath>
22
23namespace Botan {
24
26 if(param_set == "WOTSP-SHA2_256") {
27 return WOTSP_SHA2_256;
28 }
29 if(param_set == "WOTSP-SHA2_512") {
30 return WOTSP_SHA2_512;
31 }
32 if(param_set == "WOTSP-SHAKE_256") {
33 return WOTSP_SHAKE_256;
34 }
35 if(param_set == "WOTSP-SHAKE_512") {
36 return WOTSP_SHAKE_512;
37 }
38 if(param_set == "WOTSP-SHA2_192") {
39 return WOTSP_SHA2_192;
40 }
41 if(param_set == "WOTSP-SHAKE_256_256") {
43 }
44 if(param_set == "WOTSP-SHAKE_256_192") {
46 }
47
48 throw Lookup_Error(fmt("Unknown XMSS-WOTS algorithm param '{}'", param_set));
49}
50
53
55 switch(oid) {
56 case WOTSP_SHA2_256:
57 m_element_size = 32;
58 m_w = 16;
59 m_len = 67;
60 m_name = "WOTSP-SHA2_256";
61 m_hash_name = "SHA-256";
62 m_strength = 256;
63 break;
64 case WOTSP_SHA2_512:
65 m_element_size = 64;
66 m_w = 16;
67 m_len = 131;
68 m_name = "WOTSP-SHA2_512";
69 m_hash_name = "SHA-512";
70 m_strength = 512;
71 break;
72 case WOTSP_SHAKE_256:
73 m_element_size = 32;
74 m_w = 16;
75 m_len = 67;
76 m_name = "WOTSP-SHAKE_256";
77 m_hash_name = "SHAKE-128(256)";
78 m_strength = 256;
79 break;
80 case WOTSP_SHAKE_512:
81 m_element_size = 64;
82 m_w = 16;
83 m_len = 131;
84 m_name = "WOTSP-SHAKE_512";
85 m_hash_name = "SHAKE-256(512)";
86 m_strength = 512;
87 break;
88 case WOTSP_SHA2_192:
89 m_element_size = 24;
90 m_w = 16;
91 m_len = 51;
92 m_name = "WOTSP-SHA2_192";
93 m_hash_name = "Truncated(SHA-256,192)";
94 m_strength = 192;
95 break;
97 m_element_size = 32;
98 m_w = 16;
99 m_len = 67;
100 m_name = "WOTSP-SHAKE_256_256";
101 m_hash_name = "SHAKE-256(256)";
102 m_strength = 256;
103 break;
105 m_element_size = 24;
106 m_w = 16;
107 m_len = 51;
108 m_name = "WOTSP-SHAKE_256_192";
109 m_hash_name = "SHAKE-256(192)";
110 m_strength = 192;
111 break;
112 default:
113 throw Not_Implemented("Algorithm id does not match any known XMSS WOTS algorithm id.");
114 }
115
116 m_lg_w = (m_w == 16) ? 4 : 2;
117 m_len_1 = static_cast<size_t>(std::ceil((8 * element_size()) / m_lg_w));
118 m_len_2 = static_cast<size_t>(floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1);
119 BOTAN_ASSERT(m_len == m_len_1 + m_len_2,
120 "Invalid XMSS WOTS parameter "
121 "\"len\" detected.");
122}
123
126 result.reserve(out_size);
127
128 size_t in = 0;
129 size_t total = 0;
130 size_t bits = 0;
131
132 for(size_t i = 0; i < out_size; i++) {
133 if(bits == 0) {
134 total = msg[in];
135 in++;
136 bits += 8;
137 }
138 bits -= m_lg_w;
139 result.push_back(static_cast<uint8_t>((total >> bits) & (m_w - 1)));
140 }
141 return result;
142}
143
145 value <<= (8 - ((m_len_2 * m_lg_w) % 8));
146 size_t len_2_bytes = static_cast<size_t>(std::ceil(static_cast<float>(m_len_2 * m_lg_w) / 8.0));
148 XMSS_Tools::concat(result, value, len_2_bytes);
149 return base_w(result, m_len_2);
150}
151
153 size_t csum = 0;
154
155 for(size_t i = 0; i < data.size(); i++) {
156 csum += wots_parameter() - 1 - data[i];
157 }
158
159 secure_vector<uint8_t> csum_bytes = base_w(csum);
160 std::move(csum_bytes.begin(), csum_bytes.end(), std::back_inserter(data));
161}
162
163} // namespace Botan
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:52
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition xmss_tools.h:55
XMSS_WOTS_Parameters(std::string_view algo_name)
static ots_algorithm_t xmss_wots_id_from_string(std::string_view param_set)
ots_algorithm_t oid() const
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
void append_checksum(secure_vector< uint8_t > &data) const
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65