Coverage Report

Created: 2020-02-14 15:38

/src/botan/src/lib/pubkey/xmss/xmss_wots_publickey.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * XMSS WOTS Public Key
3
 * A Winternitz One Time Signature public key for use with Extended Hash-Based
4
 * Signatures.
5
 *
6
 * (C) 2016,2017,2018 Matthias Gierlings
7
 *
8
 * Botan is released under the Simplified BSD License (see license.txt)
9
 **/
10
11
#include <botan/xmss_wots_publickey.h>
12
13
namespace Botan {
14
15
void
16
XMSS_WOTS_PublicKey::chain(secure_vector<uint8_t>& result,
17
                           size_t start_idx,
18
                           size_t steps,
19
                           XMSS_Address& adrs,
20
                           const secure_vector<uint8_t>& seed,
21
                           XMSS_Hash& hash)
22
0
   {
23
0
   secure_vector<uint8_t> prf_output(hash.output_length());
24
0
25
0
   for(size_t i = start_idx;
26
0
         i < (start_idx + steps) && i < m_wots_params.wots_parameter();
27
0
         i++)
28
0
      {
29
0
      adrs.set_hash_address(static_cast<uint32_t>(i));
30
0
31
0
      //Calculate tmp XOR bitmask
32
0
      adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_Mode);
33
0
      hash.prf(prf_output, seed, adrs.bytes());
34
0
      xor_buf(result, prf_output, result.size());
35
0
36
0
      // Calculate key
37
0
      adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode);
38
0
39
0
      //Calculate f(key, tmp XOR bitmask)
40
0
      hash.prf(prf_output, seed, adrs.bytes());
41
0
      hash.f(result, prf_output, result);
42
0
      }
43
0
   }
44
45
wots_keysig_t
46
XMSS_WOTS_PublicKey::pub_key_from_signature(const secure_vector<uint8_t>& msg,
47
                                            const wots_keysig_t& sig,
48
                                            XMSS_Address& adrs,
49
                                            const secure_vector<uint8_t>& seed)
50
0
   {
51
0
   secure_vector<uint8_t> msg_digest
52
0
      {
53
0
      m_wots_params.base_w(msg, m_wots_params.len_1())
54
0
      };
55
0
56
0
   m_wots_params.append_checksum(msg_digest);
57
0
   wots_keysig_t result(sig);
58
0
59
0
   for(size_t i = 0; i < m_wots_params.len(); i++)
60
0
      {
61
0
      adrs.set_chain_address(static_cast<uint32_t>(i));
62
0
      chain(result[i],
63
0
            msg_digest[i],
64
0
            m_wots_params.wots_parameter() - 1 - msg_digest[i],
65
0
            adrs,
66
0
            seed);
67
0
      }
68
0
   return result;
69
0
   }
70
71
}