Botan  2.9.0
Crypto and TLS for C++11
xmss_wots_parameters.cpp
Go to the documentation of this file.
1 /*
2  * XMSS WOTS Parameters
3  * Descibes a signature method for XMSS Winternitz One Time Signatures,
4  * as defined in:
5  * [1] XMSS: Extended Hash-Based Signatures,
6  * draft-itrf-cfrg-xmss-hash-based-signatures-06
7  * Release: July 2016.
8  * https://datatracker.ietf.org/doc/
9  * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
10  *
11  * (C) 2016,2017 Matthias Gierlings
12  *
13  * Botan is released under the Simplified BSD License (see license.txt)
14  **/
15 
16 #include <botan/xmss_wots_parameters.h>
17 #include <botan/exceptn.h>
18 #include <cmath>
19 
20 namespace Botan {
21 
24  {
25  if(param_set == "WOTSP_SHA2-256_W16")
26  { return WOTSP_SHA2_256_W16; }
27  if(param_set == "WOTSP_SHA2-512_W16")
28  { return WOTSP_SHA2_512_W16; }
29  if(param_set == "WOTSP_SHAKE128_W16")
30  { return WOTSP_SHAKE128_W16; }
31  if(param_set == "WOTSP_SHAKE256_W16")
32  { return WOTSP_SHAKE256_W16; }
33  throw Invalid_Argument("Unknown XMSS-WOTS algorithm param '" + param_set + "'");
34  }
35 
36 XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(const std::string& param_set)
37  : XMSS_WOTS_Parameters(xmss_wots_id_from_string(param_set))
38  {}
39 
41  : m_oid(oid)
42  {
43  switch(oid)
44  {
45  case WOTSP_SHA2_256_W16:
46  m_element_size = 32;
47  m_w = 16;
48  m_len = 67;
49  m_name = "WOTSP_SHA2-256_W16";
50  m_hash_name = "SHA-256";
51  m_strength = 256;
52  break;
53  case WOTSP_SHA2_512_W16:
54  m_element_size = 64;
55  m_w = 16;
56  m_len = 131;
57  m_name = "WOTSP_SHA2-512_W16";
58  m_hash_name = "SHA-512";
59  m_strength = 512;
60  break;
61  case WOTSP_SHAKE128_W16:
62  m_element_size = 32;
63  m_w = 16;
64  m_len = 67;
65  m_name = "WOTSP_SHAKE128_W16";
66  m_hash_name = "SHAKE-128(256)";
67  m_strength = 256;
68  break;
69  case WOTSP_SHAKE256_W16:
70  m_element_size = 64;
71  m_w = 16;
72  m_len = 131;
73  m_name = "WOTSP_SHAKE256_W16";
74  m_hash_name = "SHAKE-256(512)";
75  m_strength = 512;
76  break;
77  default:
78  throw Not_Implemented("Algorithm id does not match any known XMSS WOTS algorithm id.");
79  break;
80  }
81 
82  m_w == 16 ? m_lg_w = 4 : m_lg_w = 2;
83  m_len_1 = static_cast<size_t>(std::ceil((8 * element_size()) / m_lg_w));
84  m_len_2 = static_cast<size_t>(
85  floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1);
86  BOTAN_ASSERT(m_len == m_len_1 + m_len_2, "Invalid XMSS WOTS parameter "
87  "\"len\" detedted.");
88  }
89 
91 XMSS_WOTS_Parameters::base_w(const secure_vector<uint8_t>& msg, size_t out_size) const
92  {
94  size_t in = 0;
95  size_t total = 0;
96  size_t bits = 0;
97 
98  for(size_t i = 0; i < out_size; i++)
99  {
100  if(bits == 0)
101  {
102  total = msg[in];
103  in++;
104  bits += 8;
105  }
106  bits -= m_lg_w;
107  result.push_back(static_cast<uint8_t>((total >> bits) & (m_w - 1)));
108  }
109  return result;
110  }
111 
113 XMSS_WOTS_Parameters::base_w(size_t value) const
114  {
115  value <<= (8 - ((m_len_2 * m_lg_w) % 8));
116  size_t len_2_bytes = static_cast<size_t>(
117  std::ceil(static_cast<float>(m_len_2 * m_lg_w) / 8.f));
118  secure_vector<uint8_t> result;
119  XMSS_Tools::concat(result, value, len_2_bytes);
120  return base_w(result, m_len_2);
121  }
122 
123 void
125  {
126  size_t csum = 0;
127 
128  for(size_t i = 0; i < data.size(); i++)
129  {
130  csum += wots_parameter() - 1 - data[i];
131  }
132 
133  secure_vector<uint8_t> csum_bytes = base_w(csum);
134  std::move(csum_bytes.begin(), csum_bytes.end(), std::back_inserter(data));
135  }
136 
137 }
static ots_algorithm_t xmss_wots_id_from_string(const std::string &param_set)
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55
Definition: alg_id.cpp:13
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition: xmss_tools.h:103
void append_checksum(secure_vector< uint8_t > &data)
XMSS_WOTS_Parameters(const std::string &algo_name)
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
ots_algorithm_t oid() const