doxygen/xmss__wots__parameters_8cpp_source.html

/*

 * XMSS WOTS Parameters

 * Descibes a signature method for XMSS Winternitz One Time Signatures,

 * as defined in:

 * [1] XMSS: Extended Hash-Based Signatures,

 *     Request for Comments: 8391

 *     Release: May 2018.

 *     https://datatracker.ietf.org/doc/rfc8391/

 *

 * (C) 2016,2017,2018 Matthias Gierlings

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 **/


#include <botan/internal/xmss_wots.h>


#include <botan/exceptn.h>

#include <botan/internal/fmt.h>

#include <botan/internal/xmss_tools.h>

#include <cmath>


namespace Botan {


XMSS_WOTS_Parameters::ots_algorithm_t XMSS_WOTS_Parameters::xmss_wots_id_from_string(std::string_view param_set) {

   if(param_set == "WOTSP-SHA2_256") {

      return WOTSP_SHA2_256;

   }

   if(param_set == "WOTSP-SHA2_512") {

      return WOTSP_SHA2_512;

   }

   if(param_set == "WOTSP-SHAKE_256") {

      return WOTSP_SHAKE_256;

   }

   if(param_set == "WOTSP-SHAKE_512") {

      return WOTSP_SHAKE_512;

   }

   if(param_set == "WOTSP-SHA2_192") {

      return WOTSP_SHA2_192;

   }

   if(param_set == "WOTSP-SHAKE_256_256") {

      return WOTSP_SHAKE_256_256;

   }

   if(param_set == "WOTSP-SHAKE_256_192") {

      return WOTSP_SHAKE_256_192;

   }


   throw Lookup_Error(fmt("Unknown XMSS-WOTS algorithm param '{}'", param_set));

}


XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(std::string_view param_set) :

      XMSS_WOTS_Parameters(xmss_wots_id_from_string(param_set)) {}


XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(ots_algorithm_t oid) : m_oid(oid) {

   switch(oid) {

      case WOTSP_SHA2_256:

         m_element_size = 32;

         m_w = 16;

         m_len = 67;

         m_name = "WOTSP-SHA2_256";

         m_hash_name = "SHA-256";

         m_strength = 256;

         break;

      case WOTSP_SHA2_512:

         m_element_size = 64;

         m_w = 16;

         m_len = 131;

         m_name = "WOTSP-SHA2_512";

         m_hash_name = "SHA-512";

         m_strength = 512;

         break;

      case WOTSP_SHAKE_256:

         m_element_size = 32;

         m_w = 16;

         m_len = 67;

         m_name = "WOTSP-SHAKE_256";

         m_hash_name = "SHAKE-128(256)";

         m_strength = 256;

         break;

      case WOTSP_SHAKE_512:

         m_element_size = 64;

         m_w = 16;

         m_len = 131;

         m_name = "WOTSP-SHAKE_512";

         m_hash_name = "SHAKE-256(512)";

         m_strength = 512;

         break;

      case WOTSP_SHA2_192:

         m_element_size = 24;

         m_w = 16;

         m_len = 51;

         m_name = "WOTSP-SHA2_192";

         m_hash_name = "Truncated(SHA-256,192)";

         m_strength = 192;

         break;

      case WOTSP_SHAKE_256_256:

         m_element_size = 32;

         m_w = 16;

         m_len = 67;

         m_name = "WOTSP-SHAKE_256_256";

         m_hash_name = "SHAKE-256(256)";

         m_strength = 256;

         break;

      case WOTSP_SHAKE_256_192:

         m_element_size = 24;

         m_w = 16;

         m_len = 51;

         m_name = "WOTSP-SHAKE_256_192";

         m_hash_name = "SHAKE-256(192)";

         m_strength = 192;

         break;

      default:

         throw Not_Implemented("Algorithm id does not match any known XMSS WOTS algorithm id.");

   }


   m_lg_w = (m_w == 16) ? 4 : 2;

   m_len_1 = static_cast<size_t>(std::ceil((8 * element_size()) / m_lg_w));

   m_len_2 = static_cast<size_t>(floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1);

   BOTAN_ASSERT(m_len == m_len_1 + m_len_2,

                "Invalid XMSS WOTS parameter "

                "\"len\" detected.");

}


secure_vector<uint8_t> XMSS_WOTS_Parameters::base_w(const secure_vector<uint8_t>& msg, size_t out_size) const {

   secure_vector<uint8_t> result;

   result.reserve(out_size);


   size_t in = 0;

   size_t total = 0;

   size_t bits = 0;


   for(size_t i = 0; i < out_size; i++) {

      if(bits == 0) {

         total = msg[in];

         in++;

         bits += 8;

      }

      bits -= m_lg_w;

      result.push_back(static_cast<uint8_t>((total >> bits) & (m_w - 1)));

   }

   return result;

}


secure_vector<uint8_t> XMSS_WOTS_Parameters::base_w(size_t value) const {

   value <<= (8 - ((m_len_2 * m_lg_w) % 8));

   size_t len_2_bytes = static_cast<size_t>(std::ceil(static_cast<float>(m_len_2 * m_lg_w) / 8.0));

   secure_vector<uint8_t> result;

   XMSS_Tools::concat(result, value, len_2_bytes);

   return base_w(result, m_len_2);

}


void XMSS_WOTS_Parameters::append_checksum(secure_vector<uint8_t>& data) const {

   size_t csum = 0;


   for(size_t i = 0; i < data.size(); i++) {

      csum += wots_parameter() - 1 - data[i];

   }


   secure_vector<uint8_t> csum_bytes = base_w(csum);

   std::move(csum_bytes.begin(), csum_bytes.end(), std::back_inserter(data));

}


}  // namespace Botan

BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50

Botan::Lookup_Error
Definition exceptn.h:235

Botan::Not_Implemented
Definition exceptn.h:334

Botan::XMSS_Tools::concat
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition xmss_tools.h:54

Botan::XMSS_WOTS_Parameters
Definition xmss_parameters.h:31

Botan::XMSS_WOTS_Parameters::wots_parameter
size_t wots_parameter() const
Definition xmss_parameters.h:88

Botan::XMSS_WOTS_Parameters::element_size
size_t element_size() const
Definition xmss_parameters.h:80

Botan::XMSS_WOTS_Parameters::XMSS_WOTS_Parameters
XMSS_WOTS_Parameters(std::string_view algo_name)
Definition xmss_wots_parameters.cpp:50

Botan::XMSS_WOTS_Parameters::xmss_wots_id_from_string
static ots_algorithm_t xmss_wots_id_from_string(std::string_view param_set)
Definition xmss_wots_parameters.cpp:24

Botan::XMSS_WOTS_Parameters::ots_algorithm_t
ots_algorithm_t
Definition xmss_parameters.h:33

Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_192
@ WOTSP_SHA2_192
Definition xmss_parameters.h:44

Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256
@ WOTSP_SHAKE_256
Definition xmss_parameters.h:40

Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256_192
@ WOTSP_SHAKE_256_192
Definition xmss_parameters.h:46

Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_512
@ WOTSP_SHAKE_512
Definition xmss_parameters.h:41

Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256_256
@ WOTSP_SHAKE_256_256
Definition xmss_parameters.h:45

Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_256
@ WOTSP_SHA2_256
Definition xmss_parameters.h:35

Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_512
@ WOTSP_SHA2_512
Definition xmss_parameters.h:39

Botan::XMSS_WOTS_Parameters::oid
ots_algorithm_t oid() const
Definition xmss_parameters.h:98

Botan::XMSS_WOTS_Parameters::base_w
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
Definition xmss_wots_parameters.cpp:123

Botan::XMSS_WOTS_Parameters::append_checksum
void append_checksum(secure_vector< uint8_t > &data) const
Definition xmss_wots_parameters.cpp:151

Botan
Definition alg_id.cpp:13

Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61