/src/botan/src/lib/pubkey/xmss/xmss_wots_publickey.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * XMSS WOTS Public Key |
3 | | * A Winternitz One Time Signature public key for use with Extended Hash-Based |
4 | | * Signatures. |
5 | | * |
6 | | * (C) 2016,2017,2018 Matthias Gierlings |
7 | | * |
8 | | * Botan is released under the Simplified BSD License (see license.txt) |
9 | | **/ |
10 | | |
11 | | #include <botan/xmss_wots.h> |
12 | | #include <botan/internal/xmss_address.h> |
13 | | |
14 | | namespace Botan { |
15 | | |
16 | | void |
17 | | XMSS_WOTS_PublicKey::chain(secure_vector<uint8_t>& result, |
18 | | size_t start_idx, |
19 | | size_t steps, |
20 | | XMSS_Address& adrs, |
21 | | const secure_vector<uint8_t>& seed, |
22 | | XMSS_Hash& hash) |
23 | 0 | { |
24 | 0 | secure_vector<uint8_t> prf_output(hash.output_length()); |
25 | |
|
26 | 0 | for(size_t i = start_idx; |
27 | 0 | i < (start_idx + steps) && i < m_wots_params.wots_parameter(); |
28 | 0 | i++) |
29 | 0 | { |
30 | 0 | adrs.set_hash_address(static_cast<uint32_t>(i)); |
31 | | |
32 | | //Calculate tmp XOR bitmask |
33 | 0 | adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_Mode); |
34 | 0 | hash.prf(prf_output, seed, adrs.bytes()); |
35 | 0 | xor_buf(result, prf_output, result.size()); |
36 | | |
37 | | // Calculate key |
38 | 0 | adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode); |
39 | | |
40 | | //Calculate f(key, tmp XOR bitmask) |
41 | 0 | hash.prf(prf_output, seed, adrs.bytes()); |
42 | 0 | hash.f(result, prf_output, result); |
43 | 0 | } |
44 | 0 | } |
45 | | |
46 | | wots_keysig_t |
47 | | XMSS_WOTS_PublicKey::pub_key_from_signature(const secure_vector<uint8_t>& msg, |
48 | | const wots_keysig_t& sig, |
49 | | XMSS_Address& adrs, |
50 | | const secure_vector<uint8_t>& seed) |
51 | 0 | { |
52 | 0 | secure_vector<uint8_t> msg_digest |
53 | 0 | { |
54 | 0 | m_wots_params.base_w(msg, m_wots_params.len_1()) |
55 | 0 | }; |
56 | |
|
57 | 0 | m_wots_params.append_checksum(msg_digest); |
58 | 0 | wots_keysig_t result(sig); |
59 | |
|
60 | 0 | for(size_t i = 0; i < m_wots_params.len(); i++) |
61 | 0 | { |
62 | 0 | adrs.set_chain_address(static_cast<uint32_t>(i)); |
63 | 0 | chain(result[i], |
64 | 0 | msg_digest[i], |
65 | 0 | m_wots_params.wots_parameter() - 1 - msg_digest[i], |
66 | 0 | adrs, |
67 | 0 | seed); |
68 | 0 | } |
69 | 0 | return result; |
70 | 0 | } |
71 | | |
72 | | } |