Botan 2.19.3
Crypto and TLS for C&
xmss_signature_operation.cpp
Go to the documentation of this file.
1/*
2 * XMSS Signature Operation
3 * Signature generation operation for Extended Hash-Based Signatures (XMSS) as
4 * defined in:
5 *
6 * [1] XMSS: Extended Hash-Based Signatures,
7 * Request for Comments: 8391
8 * Release: May 2018.
9 * https://datatracker.ietf.org/doc/rfc8391/
10 *
11 * (C) 2016,2017,2018 Matthias Gierlings
12 *
13 * Botan is released under the Simplified BSD License (see license.txt)
14 **/
15
16#include <botan/internal/xmss_signature_operation.h>
17#include <botan/internal/xmss_tools.h>
18
19namespace Botan {
20
22 const XMSS_PrivateKey& private_key) :
23 m_priv_key(private_key),
24 m_xmss_params(private_key.xmss_oid()),
25 m_hash(private_key.xmss_hash_function()),
26 m_randomness(0),
27 m_leaf_idx(0),
28 m_is_initialized(false)
29 {}
30
32XMSS_Signature_Operation::generate_tree_signature(const secure_vector<uint8_t>& msg,
33 XMSS_PrivateKey& xmss_priv_key,
34 XMSS_Address& adrs)
35 {
36
37 wots_keysig_t auth_path = build_auth_path(xmss_priv_key, adrs);
39 adrs.set_ots_address(m_leaf_idx);
40
41 wots_keysig_t sig_ots = xmss_priv_key.wots_private_key().sign(msg, adrs);
42 return XMSS_WOTS_PublicKey::TreeSignature(sig_ots, auth_path);
43 }
44
45XMSS_Signature
46XMSS_Signature_Operation::sign(const secure_vector<uint8_t>& msg_hash,
47 XMSS_PrivateKey& xmss_priv_key)
48 {
49 XMSS_Address adrs;
50 XMSS_Signature sig(m_leaf_idx,
51 m_randomness,
52 generate_tree_signature(msg_hash, xmss_priv_key,adrs));
53 return sig;
54 }
55
57 {
58 return sizeof(uint64_t) + // size of leaf index
59 m_xmss_params.element_size() +
60 m_xmss_params.len() * m_xmss_params.element_size() +
61 m_xmss_params.tree_height() * m_xmss_params.element_size();
62 }
63
65XMSS_Signature_Operation::build_auth_path(XMSS_PrivateKey& priv_key,
66 XMSS_Address& adrs)
67 {
68 wots_keysig_t auth_path(m_xmss_params.tree_height());
70
71 for(size_t j = 0; j < m_xmss_params.tree_height(); j++)
72 {
73 const size_t b = static_cast<size_t>(1) << j;
74 const size_t k = (m_leaf_idx / b) ^ 0x01;
75 auth_path[j] = priv_key.tree_hash(k * b, j, adrs);
76 }
77
78 return auth_path;
79 }
80
81void XMSS_Signature_Operation::update(const uint8_t msg[], size_t msg_len)
82 {
83 initialize();
84 m_hash.h_msg_update(msg, msg_len);
85 }
86
89 {
90 initialize();
91 secure_vector<uint8_t> signature(sign(m_hash.h_msg_final(),
92 m_priv_key).bytes());
93 m_is_initialized = false;
94 return signature;
95 }
96
97void XMSS_Signature_Operation::initialize()
98 {
99 // return if we already initialized and reserved a leaf index for signing.
100 if(m_is_initialized)
101 { return; }
102
103 secure_vector<uint8_t> index_bytes;
104 // reserve leaf index so it can not be reused in by another signature
105 // operation using the same private key.
106 m_leaf_idx = static_cast<uint32_t>(m_priv_key.reserve_unused_leaf_index());
107
108 // write prefix for message hashing into buffer.
109 XMSS_Tools::concat(index_bytes, m_leaf_idx, 32);
110 m_randomness = m_hash.prf(m_priv_key.prf(), index_bytes);
111 index_bytes.clear();
112 XMSS_Tools::concat(index_bytes, m_leaf_idx,
113 m_priv_key.xmss_parameters().element_size());
114 m_hash.h_msg_init(m_randomness,
115 m_priv_key.root(),
116 index_bytes);
117 m_is_initialized = true;
118 }
119
120}
121
void set_ots_address(uint32_t value)
void set_type(Type type)
void h_msg_update(const uint8_t data[], size_t size)
Definition xmss_hash.cpp:59
secure_vector< uint8_t > h_msg_final()
Definition xmss_hash.cpp:64
void h_msg_init(const secure_vector< uint8_t > &randomness, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &index_bytes)
Definition xmss_hash.cpp:47
void prf(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &key, const secure_vector< uint8_t > &data)
Definition xmss_hash.h:35
size_t tree_height() const
size_t element_size() const
secure_vector< uint8_t > tree_hash(size_t start_idx, size_t target_node_height, XMSS_Address &adrs)
const XMSS_WOTS_PrivateKey & wots_private_key() const
Definition xmss.h:343
const secure_vector< uint8_t > & prf() const
Definition xmss.h:359
const XMSS_Parameters & xmss_parameters() const
Definition xmss.h:108
secure_vector< uint8_t > & root()
Definition xmss.h:146
XMSS_Signature_Operation(const XMSS_PrivateKey &private_key)
secure_vector< uint8_t > sign(RandomNumberGenerator &) override
void update(const uint8_t msg[], size_t msg_len) override
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition xmss_tools.h:63
wots_keysig_t sign(const secure_vector< uint8_t > &msg, XMSS_Address &adrs)
Definition xmss_wots.h:654
std::vector< secure_vector< uint8_t > > wots_keysig_t
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65