Botan 3.6.1
Crypto and TLS for C&
xmss_wots_parameters.cpp
Go to the documentation of this file.
1/*
2 * XMSS WOTS Parameters
3 * Descibes a signature method for XMSS Winternitz One Time Signatures,
4 * as defined in:
5 * [1] XMSS: Extended Hash-Based Signatures,
6 * Request for Comments: 8391
7 * Release: May 2018.
8 * https://datatracker.ietf.org/doc/rfc8391/
9 *
10 * (C) 2016,2017,2018 Matthias Gierlings
11 *
12 * Botan is released under the Simplified BSD License (see license.txt)
13 **/
14
15#include <botan/internal/xmss_wots.h>
16
17#include <botan/exceptn.h>
18#include <botan/internal/fmt.h>
19#include <botan/internal/xmss_tools.h>
20#include <cmath>
21
22namespace Botan {
23
24XMSS_WOTS_Parameters::ots_algorithm_t XMSS_WOTS_Parameters::xmss_wots_id_from_string(std::string_view param_set) {
25 if(param_set == "WOTSP-SHA2_256") {
26 return WOTSP_SHA2_256;
27 }
28 if(param_set == "WOTSP-SHA2_512") {
29 return WOTSP_SHA2_512;
30 }
31 if(param_set == "WOTSP-SHAKE_256") {
32 return WOTSP_SHAKE_256;
33 }
34 if(param_set == "WOTSP-SHAKE_512") {
35 return WOTSP_SHAKE_512;
36 }
37 if(param_set == "WOTSP-SHA2_192") {
38 return WOTSP_SHA2_192;
39 }
40 if(param_set == "WOTSP-SHAKE_256_256") {
41 return WOTSP_SHAKE_256_256;
42 }
43 if(param_set == "WOTSP-SHAKE_256_192") {
44 return WOTSP_SHAKE_256_192;
45 }
46
47 throw Lookup_Error(fmt("Unknown XMSS-WOTS algorithm param '{}'", param_set));
48}
49
50XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(std::string_view param_set) :
51 XMSS_WOTS_Parameters(xmss_wots_id_from_string(param_set)) {}
52
53XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(ots_algorithm_t oid) : m_oid(oid) {
54 switch(oid) {
55 case WOTSP_SHA2_256:
56 m_element_size = 32;
57 m_w = 16;
58 m_len = 67;
59 m_name = "WOTSP-SHA2_256";
60 m_hash_name = "SHA-256";
61 m_strength = 256;
62 break;
63 case WOTSP_SHA2_512:
64 m_element_size = 64;
65 m_w = 16;
66 m_len = 131;
67 m_name = "WOTSP-SHA2_512";
68 m_hash_name = "SHA-512";
69 m_strength = 512;
70 break;
71 case WOTSP_SHAKE_256:
72 m_element_size = 32;
73 m_w = 16;
74 m_len = 67;
75 m_name = "WOTSP-SHAKE_256";
76 m_hash_name = "SHAKE-128(256)";
77 m_strength = 256;
78 break;
79 case WOTSP_SHAKE_512:
80 m_element_size = 64;
81 m_w = 16;
82 m_len = 131;
83 m_name = "WOTSP-SHAKE_512";
84 m_hash_name = "SHAKE-256(512)";
85 m_strength = 512;
86 break;
87 case WOTSP_SHA2_192:
88 m_element_size = 24;
89 m_w = 16;
90 m_len = 51;
91 m_name = "WOTSP-SHA2_192";
92 m_hash_name = "Truncated(SHA-256,192)";
93 m_strength = 192;
94 break;
95 case WOTSP_SHAKE_256_256:
96 m_element_size = 32;
97 m_w = 16;
98 m_len = 67;
99 m_name = "WOTSP-SHAKE_256_256";
100 m_hash_name = "SHAKE-256(256)";
101 m_strength = 256;
102 break;
103 case WOTSP_SHAKE_256_192:
104 m_element_size = 24;
105 m_w = 16;
106 m_len = 51;
107 m_name = "WOTSP-SHAKE_256_192";
108 m_hash_name = "SHAKE-256(192)";
109 m_strength = 192;
110 break;
111 default:
112 throw Not_Implemented("Algorithm id does not match any known XMSS WOTS algorithm id.");
113 }
114
115 m_lg_w = (m_w == 16) ? 4 : 2;
116 m_len_1 = static_cast<size_t>(std::ceil((8 * element_size()) / m_lg_w));
117 m_len_2 = static_cast<size_t>(floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1);
118 BOTAN_ASSERT(m_len == m_len_1 + m_len_2,
119 "Invalid XMSS WOTS parameter "
120 "\"len\" detected.");
121}
122
123secure_vector<uint8_t> XMSS_WOTS_Parameters::base_w(const secure_vector<uint8_t>& msg, size_t out_size) const {
124 secure_vector<uint8_t> result;
125 result.reserve(out_size);
126
127 size_t in = 0;
128 size_t total = 0;
129 size_t bits = 0;
130
131 for(size_t i = 0; i < out_size; i++) {
132 if(bits == 0) {
133 total = msg[in];
134 in++;
135 bits += 8;
136 }
137 bits -= m_lg_w;
138 result.push_back(static_cast<uint8_t>((total >> bits) & (m_w - 1)));
139 }
140 return result;
141}
142
143secure_vector<uint8_t> XMSS_WOTS_Parameters::base_w(size_t value) const {
144 value <<= (8 - ((m_len_2 * m_lg_w) % 8));
145 size_t len_2_bytes = static_cast<size_t>(std::ceil(static_cast<float>(m_len_2 * m_lg_w) / 8.0));
146 secure_vector<uint8_t> result;
147 XMSS_Tools::concat(result, value, len_2_bytes);
148 return base_w(result, m_len_2);
149}
150
151void XMSS_WOTS_Parameters::append_checksum(secure_vector<uint8_t>& data) const {
152 size_t csum = 0;
153
154 for(size_t i = 0; i < data.size(); i++) {
155 csum += wots_parameter() - 1 - data[i];
156 }
157
158 secure_vector<uint8_t> csum_bytes = base_w(csum);
159 std::move(csum_bytes.begin(), csum_bytes.end(), std::back_inserter(data));
160}
161
162} // namespace Botan
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
Botan::Lookup_Error
Definition exceptn.h:235
Botan::Not_Implemented
Definition exceptn.h:334
Botan::XMSS_Tools::concat
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition xmss_tools.h:54
Botan::XMSS_WOTS_Parameters
Definition xmss_parameters.h:31
Botan::XMSS_WOTS_Parameters::wots_parameter
size_t wots_parameter() const
Definition xmss_parameters.h:88
Botan::XMSS_WOTS_Parameters::element_size
size_t element_size() const
Definition xmss_parameters.h:80
Botan::XMSS_WOTS_Parameters::XMSS_WOTS_Parameters
XMSS_WOTS_Parameters(std::string_view algo_name)
Definition xmss_wots_parameters.cpp:50
Botan::XMSS_WOTS_Parameters::xmss_wots_id_from_string
static ots_algorithm_t xmss_wots_id_from_string(std::string_view param_set)
Definition xmss_wots_parameters.cpp:24
Botan::XMSS_WOTS_Parameters::ots_algorithm_t
ots_algorithm_t
Definition xmss_parameters.h:33
Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_192
@ WOTSP_SHA2_192
Definition xmss_parameters.h:44
Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256
@ WOTSP_SHAKE_256
Definition xmss_parameters.h:40
Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256_192
@ WOTSP_SHAKE_256_192
Definition xmss_parameters.h:46
Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_512
@ WOTSP_SHAKE_512
Definition xmss_parameters.h:41
Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256_256
@ WOTSP_SHAKE_256_256
Definition xmss_parameters.h:45
Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_256
@ WOTSP_SHA2_256
Definition xmss_parameters.h:35
Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_512
@ WOTSP_SHA2_512
Definition xmss_parameters.h:39
Botan::XMSS_WOTS_Parameters::oid
ots_algorithm_t oid() const
Definition xmss_parameters.h:98
Botan::XMSS_WOTS_Parameters::base_w
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
Definition xmss_wots_parameters.cpp:123
Botan::XMSS_WOTS_Parameters::append_checksum
void append_checksum(secure_vector< uint8_t > &data) const
Definition xmss_wots_parameters.cpp:151
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Generated by doxygen 1.12.0