Coverage Report

Created: 2021-11-25 09:31

/src/botan/src/lib/pubkey/xmss/xmss_wots_publickey.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * XMSS WOTS Public Key
3
 * A Winternitz One Time Signature public key for use with Extended Hash-Based
4
 * Signatures.
5
 *
6
 * (C) 2016,2017,2018 Matthias Gierlings
7
 *
8
 * Botan is released under the Simplified BSD License (see license.txt)
9
 **/
10
11
#include <botan/xmss_wots.h>
12
#include <botan/internal/xmss_address.h>
13
14
namespace Botan {
15
16
void
17
XMSS_WOTS_PublicKey::chain(secure_vector<uint8_t>& result,
18
                           size_t start_idx,
19
                           size_t steps,
20
                           XMSS_Address& adrs,
21
                           const secure_vector<uint8_t>& seed,
22
                           XMSS_Hash& hash)
23
0
   {
24
0
   secure_vector<uint8_t> prf_output(hash.output_length());
25
26
0
   for(size_t i = start_idx;
27
0
         i < (start_idx + steps) && i < m_wots_params.wots_parameter();
28
0
         i++)
29
0
      {
30
0
      adrs.set_hash_address(static_cast<uint32_t>(i));
31
32
      //Calculate tmp XOR bitmask
33
0
      adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_Mode);
34
0
      hash.prf(prf_output, seed, adrs.bytes());
35
0
      xor_buf(result, prf_output, result.size());
36
37
      // Calculate key
38
0
      adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode);
39
40
      //Calculate f(key, tmp XOR bitmask)
41
0
      hash.prf(prf_output, seed, adrs.bytes());
42
0
      hash.f(result, prf_output, result);
43
0
      }
44
0
   }
45
46
wots_keysig_t
47
XMSS_WOTS_PublicKey::pub_key_from_signature(const secure_vector<uint8_t>& msg,
48
                                            const wots_keysig_t& sig,
49
                                            XMSS_Address& adrs,
50
                                            const secure_vector<uint8_t>& seed)
51
0
   {
52
0
   secure_vector<uint8_t> msg_digest
53
0
      {
54
0
      m_wots_params.base_w(msg, m_wots_params.len_1())
55
0
      };
56
57
0
   m_wots_params.append_checksum(msg_digest);
58
0
   wots_keysig_t result(sig);
59
60
0
   for(size_t i = 0; i < m_wots_params.len(); i++)
61
0
      {
62
0
      adrs.set_chain_address(static_cast<uint32_t>(i));
63
0
      chain(result[i],
64
0
            msg_digest[i],
65
0
            m_wots_params.wots_parameter() - 1 - msg_digest[i],
66
0
            adrs,
67
0
            seed);
68
0
      }
69
0
   return result;
70
0
   }
71
72
}