/src/botan/src/lib/pubkey/xmss/xmss_wots_publickey.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * XMSS WOTS Public Key |
3 | | * A Winternitz One Time Signature public key for use with Extended Hash-Based |
4 | | * Signatures. |
5 | | * |
6 | | * (C) 2016,2017,2018 Matthias Gierlings |
7 | | * |
8 | | * Botan is released under the Simplified BSD License (see license.txt) |
9 | | **/ |
10 | | |
11 | | #include <botan/xmss_wots_publickey.h> |
12 | | |
13 | | namespace Botan { |
14 | | |
15 | | void |
16 | | XMSS_WOTS_PublicKey::chain(secure_vector<uint8_t>& result, |
17 | | size_t start_idx, |
18 | | size_t steps, |
19 | | XMSS_Address& adrs, |
20 | | const secure_vector<uint8_t>& seed, |
21 | | XMSS_Hash& hash) |
22 | 0 | { |
23 | 0 | secure_vector<uint8_t> prf_output(hash.output_length()); |
24 | 0 |
|
25 | 0 | for(size_t i = start_idx; |
26 | 0 | i < (start_idx + steps) && i < m_wots_params.wots_parameter(); |
27 | 0 | i++) |
28 | 0 | { |
29 | 0 | adrs.set_hash_address(static_cast<uint32_t>(i)); |
30 | 0 |
|
31 | 0 | //Calculate tmp XOR bitmask |
32 | 0 | adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_Mode); |
33 | 0 | hash.prf(prf_output, seed, adrs.bytes()); |
34 | 0 | xor_buf(result, prf_output, result.size()); |
35 | 0 |
|
36 | 0 | // Calculate key |
37 | 0 | adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode); |
38 | 0 |
|
39 | 0 | //Calculate f(key, tmp XOR bitmask) |
40 | 0 | hash.prf(prf_output, seed, adrs.bytes()); |
41 | 0 | hash.f(result, prf_output, result); |
42 | 0 | } |
43 | 0 | } |
44 | | |
45 | | wots_keysig_t |
46 | | XMSS_WOTS_PublicKey::pub_key_from_signature(const secure_vector<uint8_t>& msg, |
47 | | const wots_keysig_t& sig, |
48 | | XMSS_Address& adrs, |
49 | | const secure_vector<uint8_t>& seed) |
50 | 0 | { |
51 | 0 | secure_vector<uint8_t> msg_digest |
52 | 0 | { |
53 | 0 | m_wots_params.base_w(msg, m_wots_params.len_1()) |
54 | 0 | }; |
55 | 0 |
|
56 | 0 | m_wots_params.append_checksum(msg_digest); |
57 | 0 | wots_keysig_t result(sig); |
58 | 0 |
|
59 | 0 | for(size_t i = 0; i < m_wots_params.len(); i++) |
60 | 0 | { |
61 | 0 | adrs.set_chain_address(static_cast<uint32_t>(i)); |
62 | 0 | chain(result[i], |
63 | 0 | msg_digest[i], |
64 | 0 | m_wots_params.wots_parameter() - 1 - msg_digest[i], |
65 | 0 | adrs, |
66 | 0 | seed); |
67 | 0 | } |
68 | 0 | return result; |
69 | 0 | } |
70 | | |
71 | | } |