/src/botan/src/lib/pubkey/xmss/xmss_common_ops.cpp

Source (jump to first uncovered line)
/*
 * XMSS Common Ops
 * Operations shared by XMSS signature generation and verification operations.
 * (C) 2016,2017 Matthias Gierlings
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 **/

#include <botan/internal/xmss_common_ops.h>

#include <botan/internal/xmss_hash.h>

namespace Botan {

void XMSS_Common_Ops::randomize_tree_hash(secure_vector<uint8_t>& result,
                                          const secure_vector<uint8_t>& left,
                                          const secure_vector<uint8_t>& right,
                                          XMSS_Address& adrs,
                                          const secure_vector<uint8_t>& seed,
                                          XMSS_Hash& hash,
                                          const XMSS_Parameters& params) {
   adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode);
   secure_vector<uint8_t> key;
   hash.prf(key, seed, adrs.bytes());

   adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_MSB_Mode);
   secure_vector<uint8_t> bitmask_l;
   hash.prf(bitmask_l, seed, adrs.bytes());

   adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_LSB_Mode);
   secure_vector<uint8_t> bitmask_r;
   hash.prf(bitmask_r, seed, adrs.bytes());

   BOTAN_ASSERT(bitmask_l.size() == left.size() && bitmask_r.size() == right.size(),
                "Bitmask size doesn't match node size.");

   secure_vector<uint8_t> concat_xor(params.element_size() * 2);
   for(size_t i = 0; i < left.size(); i++) {
      concat_xor[i] = left[i] ^ bitmask_l[i];
      concat_xor[i + left.size()] = right[i] ^ bitmask_r[i];
   }

   hash.h(result, key, concat_xor);
}

void XMSS_Common_Ops::create_l_tree(secure_vector<uint8_t>& result,
                                    wots_keysig_t pk,
                                    XMSS_Address& adrs,
                                    const secure_vector<uint8_t>& seed,
                                    XMSS_Hash& hash,
                                    const XMSS_Parameters& params) {
   size_t l = params.len();
   adrs.set_tree_height(0);

   while(l > 1) {
      for(size_t i = 0; i < l >> 1; i++) {
         adrs.set_tree_index(static_cast<uint32_t>(i));
         randomize_tree_hash(pk[i], pk[2 * i], pk[2 * i + 1], adrs, seed, hash, params);
      }
      if(l & 0x01) {
         pk[l >> 1] = pk[l - 1];
      }
      l = (l >> 1) + (l & 0x01);
      adrs.set_tree_height(adrs.get_tree_height() + 1);
   }
   result = pk[0];
}

}  // namespace Botan

Line	Count	Source (jump to first uncovered line)
1		/*
2		* XMSS Common Ops
3		* Operations shared by XMSS signature generation and verification operations.
4		* (C) 2016,2017 Matthias Gierlings
5		*
6		* Botan is released under the Simplified BSD License (see license.txt)
7		**/
8
9		#include <botan/internal/xmss_common_ops.h>
10
11		#include <botan/internal/xmss_hash.h>
12
13		namespace Botan {
14
15		void XMSS_Common_Ops::randomize_tree_hash(secure_vector<uint8_t>& result,
16		const secure_vector<uint8_t>& left,
17		const secure_vector<uint8_t>& right,
18		XMSS_Address& adrs,
19		const secure_vector<uint8_t>& seed,
20		XMSS_Hash& hash,
21	0	const XMSS_Parameters& params) {
22	0	adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Key_Mode);
23	0	secure_vector<uint8_t> key;
24	0	hash.prf(key, seed, adrs.bytes());
25
26	0	adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_MSB_Mode);
27	0	secure_vector<uint8_t> bitmask_l;
28	0	hash.prf(bitmask_l, seed, adrs.bytes());
29
30	0	adrs.set_key_mask_mode(XMSS_Address::Key_Mask::Mask_LSB_Mode);
31	0	secure_vector<uint8_t> bitmask_r;
32	0	hash.prf(bitmask_r, seed, adrs.bytes());
33
34	0	BOTAN_ASSERT(bitmask_l.size() == left.size() && bitmask_r.size() == right.size(),
35	0	"Bitmask size doesn't match node size.");
36
37	0	secure_vector<uint8_t> concat_xor(params.element_size() * 2);
38	0	for(size_t i = 0; i < left.size(); i++) {
39	0	concat_xor[i] = left[i] ^ bitmask_l[i];
40	0	concat_xor[i + left.size()] = right[i] ^ bitmask_r[i];
41	0	}
42
43	0	hash.h(result, key, concat_xor);
44	0	}
45
46		void XMSS_Common_Ops::create_l_tree(secure_vector<uint8_t>& result,
47		wots_keysig_t pk,
48		XMSS_Address& adrs,
49		const secure_vector<uint8_t>& seed,
50		XMSS_Hash& hash,
51	0	const XMSS_Parameters& params) {
52	0	size_t l = params.len();
53	0	adrs.set_tree_height(0);
54
55	0	while(l > 1) {
56	0	for(size_t i = 0; i < l >> 1; i++) {
57	0	adrs.set_tree_index(static_cast<uint32_t>(i));
58	0	randomize_tree_hash(pk[i], pk[2 * i], pk[2 * i + 1], adrs, seed, hash, params);
59	0	}
60	0	if(l & 0x01) {
61	0	pk[l >> 1] = pk[l - 1];
62	0	}
63	0	l = (l >> 1) + (l & 0x01);
64	0	adrs.set_tree_height(adrs.get_tree_height() + 1);
65	0	}
66	0	result = pk[0];
67	0	}
68
69		} // namespace Botan

Coverage Report

Created: 2025-04-11 06:34