Botan 2.19.3
Crypto and TLS for C&
xmss_wots_publickey.cpp
Go to the documentation of this file.
1/*
2 * XMSS WOTS Public Key
3 * A Winternitz One Time Signature public key for use with Extended Hash-Based
4 * Signatures.
5 *
6 * (C) 2016,2017,2018 Matthias Gierlings
7 *
8 * Botan is released under the Simplified BSD License (see license.txt)
9 **/
10
11#include <botan/xmss_wots.h>
12#include <botan/internal/xmss_address.h>
13
14namespace Botan {
15
16void
18 size_t start_idx,
19 size_t steps,
20 XMSS_Address& adrs,
21 const secure_vector<uint8_t>& seed,
23 {
24 secure_vector<uint8_t> prf_output(hash.output_length());
25
26 for(size_t i = start_idx;
27 i < (start_idx + steps) && i < m_wots_params.wots_parameter();
28 i++)
29 {
30 adrs.set_hash_address(static_cast<uint32_t>(i));
31
32 //Calculate tmp XOR bitmask
34 hash.prf(prf_output, seed, adrs.bytes());
35 xor_buf(result, prf_output, result.size());
36
37 // Calculate key
39
40 //Calculate f(key, tmp XOR bitmask)
41 hash.prf(prf_output, seed, adrs.bytes());
42 hash.f(result, prf_output, result);
43 }
44 }
45
47XMSS_WOTS_PublicKey::pub_key_from_signature(const secure_vector<uint8_t>& msg,
48 const wots_keysig_t& sig,
49 XMSS_Address& adrs,
50 const secure_vector<uint8_t>& seed)
51 {
52 secure_vector<uint8_t> msg_digest
53 {
55 };
56
58 wots_keysig_t result(sig);
59
60 for(size_t i = 0; i < m_wots_params.len(); i++)
61 {
62 adrs.set_chain_address(static_cast<uint32_t>(i));
63 chain(result[i],
64 msg_digest[i],
65 m_wots_params.wots_parameter() - 1 - msg_digest[i],
66 adrs,
67 seed);
68 }
69 return result;
70 }
71
72}
void set_hash_address(uint32_t value)
void set_key_mask_mode(Key_Mask value)
void set_chain_address(uint32_t value)
const secure_vector< uint8_t > & bytes() const
size_t wots_parameter() const
Definition xmss_wots.h:93
void append_checksum(secure_vector< uint8_t > &data)
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
XMSS_WOTS_Parameters m_wots_params
Definition xmss_wots.h:427
void chain(secure_vector< uint8_t > &x, size_t start_idx, size_t steps, XMSS_Address &adrs, const secure_vector< uint8_t > &public_seed, XMSS_Hash &hash)
std::vector< secure_vector< uint8_t > > wots_keysig_t
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition mem_ops.h:262
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
MechanismType hash