diff options
| author | Matthias Gierlings <[email protected]> | 2016-10-08 20:45:53 +0200 |
|---|---|---|
| committer | Matthias Gierlings <[email protected]> | 2016-11-11 12:52:26 +0100 |
| commit | 8b06b4fe5fbe189c7d5250becb189bf2b87b9013 (patch) | |
| tree | c73fbb3bf4eddcddf1d3f37983799d80204e8f2c /src/lib/asn1/oids.cpp | |
| parent | 618f890fd7ede74c728612ca8bc590c72ee353f1 (diff) | |
Added Extended Hash-Based Signatures (XMSS)
[1] XMSS: Extended Hash-Based Signatures,
draft-itrf-cfrg-xmss-hash-based-signatures-06
Release: July 2016.
https://datatracker.ietf.org/doc/
draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations
for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has
been integrated into the Botan test bench, signature generation and verification
can be tested independently by invoking "botan-test xmss_sign" and
"botan-test xmss_verify"
- Some headers that are not required to be exposed to users of the library have
to be declared as public in `info.txt`. Declaring those headers private will
cause the amalgamation build to fail. The following headers have been
declared public inside `info.txt`, even though they are only intended for
internal use:
* atomic.h
* xmss_hash.h
* xmss_index_registry.h
* xmss_address.h
* xmss_common_ops.h
* xmss_tools.h
* xmss_wots_parameters.h
* xmss_wots_privatekey.h
* xmss_wots_publickey.h
- XMSS_Verification_Operation Requires the "randomness" parameter out of the
XMSS signature. "Randomness" is part of the prefix that is hashed *before*
the message. Since the signature is unknown till sign() is called, all
message content has to be buffered. For large messages this can be
inconvenient or impossible.
**Possible solution**: Change PK_Ops::Verification interface to take
the signature as constructor argument, and provide a setter method to be able
to update reuse the instance on multiple signatures. Make sign a parameterless
member call. This solution requires interface changes in botan.
**Suggested workaround** for signing large messages is to not sign the message
itself, but to precompute the message hash manually using Botan::HashFunctio
and sign the message hash instead of the message itself.
- Some of the available test vectors for the XMSS signature verification have
been commented out in order to reduce testbench runtime.
Diffstat (limited to 'src/lib/asn1/oids.cpp')
| -rw-r--r-- | src/lib/asn1/oids.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index b07e8a8b9..fb2aa0043 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -1,7 +1,7 @@ /* * OID maps * -* This file was automatically generated by ./src/scripts/oids.py on 2016-11-03 +* This file was automatically generated by src/scripts/oids.py on 2016-11-06 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -98,6 +98,7 @@ std::string lookup(const OID& oid) if(oid_str == "1.3.6.1.4.1.11591.12.2") return "Tiger(24,3)"; if(oid_str == "1.3.6.1.4.1.25258.1.3") return "McEliece"; if(oid_str == "1.3.6.1.4.1.25258.1.4") return "Curve25519"; + if(oid_str == "1.3.6.1.4.1.25258.1.5") return "XMSS"; if(oid_str == "1.3.6.1.4.1.25258.3.1") return "Serpent/CBC"; if(oid_str == "1.3.6.1.4.1.25258.3.101") return "Serpent/GCM"; if(oid_str == "1.3.6.1.4.1.25258.3.102") return "Twofish/GCM"; @@ -309,6 +310,7 @@ OID lookup(const std::string& name) if(name == "X520.State") return OID("2.5.4.8"); if(name == "X520.Surname") return OID("2.5.4.4"); if(name == "X520.Title") return OID("2.5.4.12"); + if(name == "XMSS") return OID("1.3.6.1.4.1.25258.1.5"); if(name == "brainpool160r1") return OID("1.3.36.3.3.2.8.1.1.1"); if(name == "brainpool192r1") return OID("1.3.36.3.3.2.8.1.1.3"); if(name == "brainpool224r1") return OID("1.3.36.3.3.2.8.1.1.5"); |