aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey/xmss
diff options
context:
space:
mode:
authorMatthias Gierlings <[email protected]>2016-10-08 20:45:53 +0200
committerMatthias Gierlings <[email protected]>2016-11-12 20:58:31 +0100
commitd16fd1d9b35698852e7b7aed023dc5057d630098 (patch)
treedd56019fd9b7ba1ef8b1f886552ff928b6bb8f13 /src/lib/pubkey/xmss
parent37c1a62525c74461693789f983a41c80697ff4a3 (diff)
Added Extended Hash-Based Signatures (XMSS)
[1] XMSS: Extended Hash-Based Signatures, draft-itrf-cfrg-xmss-hash-based-signatures-06 Release: July 2016. https://datatracker.ietf.org/doc/ draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has been integrated into the Botan test bench, signature generation and verification can be tested independently by invoking "botan-test xmss_sign" and "botan-test xmss_verify" - Some headers that are not required to be exposed to users of the library have to be declared as public in `info.txt`. Declaring those headers private will cause the amalgamation build to fail. The following headers have been declared public inside `info.txt`, even though they are only intended for internal use: * atomic.h * xmss_hash.h * xmss_index_registry.h * xmss_address.h * xmss_common_ops.h * xmss_tools.h * xmss_wots_parameters.h * xmss_wots_privatekey.h * xmss_wots_publickey.h - XMSS_Verification_Operation Requires the "randomness" parameter out of the XMSS signature. "Randomness" is part of the prefix that is hashed *before* the message. Since the signature is unknown till sign() is called, all message content has to be buffered. For large messages this can be inconvenient or impossible. **Possible solution**: Change PK_Ops::Verification interface to take the signature as constructor argument, and provide a setter method to be able to update reuse the instance on multiple signatures. Make sign a parameterless member call. This solution requires interface changes in botan. **Suggested workaround** for signing large messages is to not sign the message itself, but to precompute the message hash manually using Botan::HashFunctio and sign the message hash instead of the message itself. - Some of the available test vectors for the XMSS signature verification have been commented out in order to reduce testbench runtime.
Diffstat (limited to 'src/lib/pubkey/xmss')
-rw-r--r--src/lib/pubkey/xmss/xmss_index_registry.h7
-rw-r--r--src/lib/pubkey/xmss/xmss_signature_operation.cpp2
-rw-r--r--src/lib/pubkey/xmss/xmss_tools.cpp32
-rw-r--r--src/lib/pubkey/xmss/xmss_tools.h11
-rw-r--r--src/lib/pubkey/xmss/xmss_verification_operation.cpp4
5 files changed, 53 insertions, 3 deletions
diff --git a/src/lib/pubkey/xmss/xmss_index_registry.h b/src/lib/pubkey/xmss/xmss_index_registry.h
index 8759ca03b..3e5aaa794 100644
--- a/src/lib/pubkey/xmss/xmss_index_registry.h
+++ b/src/lib/pubkey/xmss/xmss_index_registry.h
@@ -12,12 +12,19 @@
#include <cstddef>
#include <limits>
#include <memory>
+<<<<<<< HEAD
+=======
+#include <mutex>
+>>>>>>> 959425d... Added Extended Hash-Based Signatures (XMSS)
#include <string>
#include <botan/hash.h>
#include <botan/secmem.h>
#include <botan/types.h>
#include <botan/atomic.h>
+<<<<<<< HEAD
#include <botan/mutex.h>
+=======
+>>>>>>> 959425d... Added Extended Hash-Based Signatures (XMSS)
namespace Botan {
diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.cpp b/src/lib/pubkey/xmss/xmss_signature_operation.cpp
index 07121db14..abbcadff7 100644
--- a/src/lib/pubkey/xmss/xmss_signature_operation.cpp
+++ b/src/lib/pubkey/xmss/xmss_signature_operation.cpp
@@ -101,7 +101,7 @@ void XMSS_Signature_Operation::initialize()
m_randomness = m_hash.prf(m_priv_key.prf(), index_bytes);
index_bytes.clear();
XMSS_Tools::concat(index_bytes, m_leaf_idx,
- m_priv_key.xmss_parameters().element_size());
+ m_priv_key.xmss_parameters().element_size());
m_hash.h_msg_init(m_randomness,
m_priv_key.root(),
index_bytes);
diff --git a/src/lib/pubkey/xmss/xmss_tools.cpp b/src/lib/pubkey/xmss/xmss_tools.cpp
new file mode 100644
index 000000000..13e66759c
--- /dev/null
+++ b/src/lib/pubkey/xmss/xmss_tools.cpp
@@ -0,0 +1,32 @@
+/**
+ * XMSS Tools
+ * Contains some helper functions.
+ * (C) 2016 Matthias Gierlings
+ *
+ * Botan is released under the Simplified BSD License (see license.txt)
+ **/
+#include <botan/xmss_tools.h>
+
+namespace Botan {
+
+XMSS_Tools::XMSS_Tools()
+ {
+#if defined(BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANESS)
+#if defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN)
+ m_is_little_endian = true;
+#else
+ m_is_little_endian = false;
+#endif
+#else
+ uint16_t data = 0x01;
+ m_is_little_endian = reinterpret_cast<const byte*>(&data)[0] == 0x01;
+#endif
+ }
+
+const XMSS_Tools& XMSS_Tools::get()
+ {
+ static const XMSS_Tools self;
+ return self;
+ }
+
+}
diff --git a/src/lib/pubkey/xmss/xmss_tools.h b/src/lib/pubkey/xmss/xmss_tools.h
index 773953fae..ab60665c7 100644
--- a/src/lib/pubkey/xmss/xmss_tools.h
+++ b/src/lib/pubkey/xmss/xmss_tools.h
@@ -11,7 +11,10 @@
#include <stdint.h>
#include <iterator>
#include <type_traits>
+<<<<<<< HEAD
#include <botan/cpuid.h>
+=======
+>>>>>>> 959425d... Added Extended Hash-Based Signatures (XMSS)
#include <botan/types.h>
#include <botan/secmem.h>
@@ -64,13 +67,17 @@ void XMSS_Tools::concat(secure_vector<byte>& target, const T& src)
{
const byte* src_bytes = reinterpret_cast<const byte*>(&src);
if(CPUID::is_little_endian())
+ {
std::reverse_copy(src_bytes,
src_bytes + sizeof(src),
std::back_inserter(target));
+ }
else
+ {
std::copy(src_bytes,
src_bytes + sizeof(src),
std::back_inserter(target));
+ }
}
@@ -87,13 +94,17 @@ void XMSS_Tools::concat(secure_vector<byte>& target,
const byte* src_bytes = reinterpret_cast<const byte*>(&src);
if(CPUID::is_little_endian())
+ {
std::reverse_copy(src_bytes,
src_bytes + c,
std::back_inserter(target));
+ }
else
+ {
std::copy(src_bytes + sizeof(src) - c,
src_bytes + sizeof(src),
std::back_inserter(target));
+ }
}
}
diff --git a/src/lib/pubkey/xmss/xmss_verification_operation.cpp b/src/lib/pubkey/xmss/xmss_verification_operation.cpp
index 79bd61d17..c789a6d85 100644
--- a/src/lib/pubkey/xmss/xmss_verification_operation.cpp
+++ b/src/lib/pubkey/xmss/xmss_verification_operation.cpp
@@ -78,8 +78,8 @@ XMSS_Verification_Operation::verify(const XMSS_Signature& sig,
XMSS_Address adrs;
secure_vector<byte> index_bytes;
XMSS_Tools::concat(index_bytes,
- sig.unused_leaf_index(),
- m_xmss_params.element_size());
+ sig.unused_leaf_index(),
+ m_xmss_params.element_size());
secure_vector<byte> msg_digest =
m_hash.h_msg(sig.randomness(),
public_key.root(),