/src/botan/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * XMSS WOTS Private Key |
3 | | * A Winternitz One Time Signature private key for use with Extended Hash-Based |
4 | | * Signatures. |
5 | | * |
6 | | * (C) 2016,2017 Matthias Gierlings |
7 | | * |
8 | | * Botan is released under the Simplified BSD License (see license.txt) |
9 | | **/ |
10 | | |
11 | | #include <botan/xmss_wots.h> |
12 | | #include <botan/internal/xmss_tools.h> |
13 | | #include <botan/internal/xmss_address.h> |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | | wots_keysig_t |
18 | | XMSS_WOTS_PrivateKey::generate(const secure_vector<uint8_t>& priv_seed, |
19 | | XMSS_Hash& hash) |
20 | 0 | { |
21 | 0 | wots_keysig_t priv_key(m_wots_params.len(), |
22 | 0 | secure_vector<uint8_t>(0)); |
23 | |
|
24 | 0 | for(size_t i = 0; i < m_wots_params.len(); i++) |
25 | 0 | { |
26 | 0 | XMSS_Tools::concat<size_t>(priv_key[i], i, 32); |
27 | 0 | hash.prf(priv_key[i], priv_seed, priv_key[i]); |
28 | 0 | } |
29 | 0 | return priv_key; |
30 | 0 | } |
31 | | |
32 | | |
33 | | XMSS_WOTS_PublicKey |
34 | | XMSS_WOTS_PrivateKey::generate_public_key(XMSS_Address& adrs) |
35 | 0 | { |
36 | 0 | XMSS_WOTS_PublicKey pub_key(m_wots_params.oid(), |
37 | 0 | public_seed()); |
38 | 0 | generate_public_key(pub_key, wots_keysig_t((*this)[adrs]), adrs); |
39 | 0 | return pub_key; |
40 | 0 | } |
41 | | |
42 | | void |
43 | | XMSS_WOTS_PrivateKey::generate_public_key(XMSS_WOTS_PublicKey& pub_key, |
44 | | wots_keysig_t&& in_key_data, |
45 | | XMSS_Address& adrs, |
46 | | XMSS_Hash& hash) |
47 | 0 | { |
48 | 0 | BOTAN_ASSERT(wots_parameters() == pub_key.wots_parameters() && |
49 | 0 | public_seed() == pub_key.public_seed(), |
50 | 0 | "Conflicting public key data."); |
51 | |
|
52 | 0 | pub_key.set_key_data(std::move(in_key_data)); |
53 | 0 | for(size_t i = 0; i < m_wots_params.len(); i++) |
54 | 0 | { |
55 | 0 | adrs.set_chain_address(static_cast<uint32_t>(i)); |
56 | 0 | chain(pub_key[i], 0, m_wots_params.wots_parameter() - 1, adrs, |
57 | 0 | public_seed(), hash); |
58 | 0 | } |
59 | 0 | } |
60 | | |
61 | | wots_keysig_t |
62 | | XMSS_WOTS_PrivateKey::sign(const secure_vector<uint8_t>& msg, |
63 | | XMSS_Address& adrs, |
64 | | XMSS_Hash& hash) |
65 | | |
66 | 0 | { |
67 | 0 | secure_vector<uint8_t> msg_digest |
68 | 0 | { |
69 | 0 | m_wots_params.base_w(msg, m_wots_params.len_1()) |
70 | 0 | }; |
71 | |
|
72 | 0 | m_wots_params.append_checksum(msg_digest); |
73 | 0 | wots_keysig_t sig(this->at(adrs, hash)); |
74 | |
|
75 | 0 | for(size_t i = 0; i < m_wots_params.len(); i++) |
76 | 0 | { |
77 | 0 | adrs.set_chain_address(static_cast<uint32_t>(i)); |
78 | 0 | chain(sig[i], 0 , msg_digest[i], adrs, m_public_seed, hash); |
79 | 0 | } |
80 | |
|
81 | 0 | return sig; |
82 | 0 | } |
83 | | |
84 | | wots_keysig_t XMSS_WOTS_PrivateKey::at(const XMSS_Address& adrs, XMSS_Hash& hash) |
85 | 0 | { |
86 | 0 | secure_vector<uint8_t> result; |
87 | 0 | hash.prf(result, m_private_seed, adrs.bytes()); |
88 | 0 | return generate(result, hash); |
89 | 0 | } |
90 | | |
91 | | wots_keysig_t XMSS_WOTS_PrivateKey::at(size_t i, XMSS_Hash& hash) |
92 | 0 | { |
93 | 0 | secure_vector<uint8_t> idx_bytes; |
94 | 0 | XMSS_Tools::concat(idx_bytes, i, m_wots_params.element_size()); |
95 | 0 | hash.h(idx_bytes, m_private_seed, idx_bytes); |
96 | 0 | return generate(idx_bytes, hash); |
97 | 0 | } |
98 | | |
99 | | } |