Botan 2.19.3
Crypto and TLS for C&
xmss_wots_parameters.cpp
Go to the documentation of this file.
1/*
2 * XMSS WOTS Parameters
3 * Descibes a signature method for XMSS Winternitz One Time Signatures,
4 * as defined in:
5 * [1] XMSS: Extended Hash-Based Signatures,
6 * Request for Comments: 8391
7 * Release: May 2018.
8 * https://datatracker.ietf.org/doc/rfc8391/
9 *
10 * (C) 2016,2017,2018 Matthias Gierlings
11 *
12 * Botan is released under the Simplified BSD License (see license.txt)
13 **/
14
15#include <botan/xmss_wots.h>
16#include <botan/internal/xmss_tools.h>
17#include <botan/exceptn.h>
18#include <cmath>
19
20namespace Botan {
21
24 {
25 if(param_set == "WOTSP-SHA2_256")
26 { return WOTSP_SHA2_256; }
27 if(param_set == "WOTSP-SHA2_512")
28 { return WOTSP_SHA2_512; }
29 if(param_set == "WOTSP-SHAKE_256")
30 { return WOTSP_SHAKE_256; }
31 if(param_set == "WOTSP-SHAKE_512")
32 { return WOTSP_SHAKE_512; }
33 throw Invalid_Argument("Unknown XMSS-WOTS algorithm param '" + param_set + "'");
34 }
35
36XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(const std::string& param_set)
37 : XMSS_WOTS_Parameters(xmss_wots_id_from_string(param_set))
38 {}
39
41 : m_oid(oid)
42 {
43 switch(oid)
44 {
45 case WOTSP_SHA2_256:
46 m_element_size = 32;
47 m_w = 16;
48 m_len = 67;
49 m_name = "WOTSP-SHA2_256";
50 m_hash_name = "SHA-256";
51 m_strength = 256;
52 break;
53 case WOTSP_SHA2_512:
54 m_element_size = 64;
55 m_w = 16;
56 m_len = 131;
57 m_name = "WOTSP-SHA2_512";
58 m_hash_name = "SHA-512";
59 m_strength = 512;
60 break;
61 case WOTSP_SHAKE_256:
62 m_element_size = 32;
63 m_w = 16;
64 m_len = 67;
65 m_name = "WOTSP-SHAKE_256";
66 m_hash_name = "SHAKE-128(256)";
67 m_strength = 256;
68 break;
69 case WOTSP_SHAKE_512:
70 m_element_size = 64;
71 m_w = 16;
72 m_len = 131;
73 m_name = "WOTSP-SHAKE_512";
74 m_hash_name = "SHAKE-256(512)";
75 m_strength = 512;
76 break;
77 default:
78 throw Not_Implemented("Algorithm id does not match any known XMSS WOTS algorithm id.");
79 break;
80 }
81
82 m_lg_w = (m_w == 16) ? 4 : 2;
83 m_len_1 = static_cast<size_t>(std::ceil((8 * element_size()) / m_lg_w));
84 m_len_2 = static_cast<size_t>(
85 floor(log2(m_len_1 * (wots_parameter() - 1)) / m_lg_w) + 1);
86 BOTAN_ASSERT(m_len == m_len_1 + m_len_2, "Invalid XMSS WOTS parameter "
87 "\"len\" detedted.");
88 }
89
91XMSS_WOTS_Parameters::base_w(const secure_vector<uint8_t>& msg, size_t out_size) const
92 {
94 size_t in = 0;
95 size_t total = 0;
96 size_t bits = 0;
97
98 for(size_t i = 0; i < out_size; i++)
99 {
100 if(bits == 0)
101 {
102 total = msg[in];
103 in++;
104 bits += 8;
105 }
106 bits -= m_lg_w;
107 result.push_back(static_cast<uint8_t>((total >> bits) & (m_w - 1)));
108 }
109 return result;
110 }
111
114 {
115 value <<= (8 - ((m_len_2 * m_lg_w) % 8));
116 size_t len_2_bytes = static_cast<size_t>(
117 std::ceil(static_cast<float>(m_len_2 * m_lg_w) / 8.f));
119 XMSS_Tools::concat(result, value, len_2_bytes);
120 return base_w(result, m_len_2);
121 }
122
123void
125 {
126 size_t csum = 0;
127
128 for(size_t i = 0; i < data.size(); i++)
129 {
130 csum += wots_parameter() - 1 - data[i];
131 }
132
133 secure_vector<uint8_t> csum_bytes = base_w(csum);
134 std::move(csum_bytes.begin(), csum_bytes.end(), std::back_inserter(data));
135 }
136
137}
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:55
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition xmss_tools.h:63
size_t wots_parameter() const
Definition xmss_wots.h:93
size_t element_size() const
Definition xmss_wots.h:85
XMSS_WOTS_Parameters(const std::string &algo_name)
ots_algorithm_t oid() const
Definition xmss_wots.h:103
void append_checksum(secure_vector< uint8_t > &data)
secure_vector< uint8_t > base_w(const secure_vector< uint8_t > &msg, size_t out_size) const
static ots_algorithm_t xmss_wots_id_from_string(const std::string &param_set)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65