diff options
author | Matthias Gierlings <[email protected]> | 2016-10-08 20:45:53 +0200 |
---|---|---|
committer | Matthias Gierlings <[email protected]> | 2016-11-12 20:58:31 +0100 |
commit | d16fd1d9b35698852e7b7aed023dc5057d630098 (patch) | |
tree | dd56019fd9b7ba1ef8b1f886552ff928b6bb8f13 /src/lib/pubkey | |
parent | 37c1a62525c74461693789f983a41c80697ff4a3 (diff) |
Added Extended Hash-Based Signatures (XMSS)
[1] XMSS: Extended Hash-Based Signatures,
draft-itrf-cfrg-xmss-hash-based-signatures-06
Release: July 2016.
https://datatracker.ietf.org/doc/
draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations
for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has
been integrated into the Botan test bench, signature generation and verification
can be tested independently by invoking "botan-test xmss_sign" and
"botan-test xmss_verify"
- Some headers that are not required to be exposed to users of the library have
to be declared as public in `info.txt`. Declaring those headers private will
cause the amalgamation build to fail. The following headers have been
declared public inside `info.txt`, even though they are only intended for
internal use:
* atomic.h
* xmss_hash.h
* xmss_index_registry.h
* xmss_address.h
* xmss_common_ops.h
* xmss_tools.h
* xmss_wots_parameters.h
* xmss_wots_privatekey.h
* xmss_wots_publickey.h
- XMSS_Verification_Operation Requires the "randomness" parameter out of the
XMSS signature. "Randomness" is part of the prefix that is hashed *before*
the message. Since the signature is unknown till sign() is called, all
message content has to be buffered. For large messages this can be
inconvenient or impossible.
**Possible solution**: Change PK_Ops::Verification interface to take
the signature as constructor argument, and provide a setter method to be able
to update reuse the instance on multiple signatures. Make sign a parameterless
member call. This solution requires interface changes in botan.
**Suggested workaround** for signing large messages is to not sign the message
itself, but to precompute the message hash manually using Botan::HashFunctio
and sign the message hash instead of the message itself.
- Some of the available test vectors for the XMSS signature verification have
been commented out in order to reduce testbench runtime.
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r-- | src/lib/pubkey/xmss/xmss_index_registry.h | 7 | ||||
-rw-r--r-- | src/lib/pubkey/xmss/xmss_signature_operation.cpp | 2 | ||||
-rw-r--r-- | src/lib/pubkey/xmss/xmss_tools.cpp | 32 | ||||
-rw-r--r-- | src/lib/pubkey/xmss/xmss_tools.h | 11 | ||||
-rw-r--r-- | src/lib/pubkey/xmss/xmss_verification_operation.cpp | 4 |
5 files changed, 53 insertions, 3 deletions
diff --git a/src/lib/pubkey/xmss/xmss_index_registry.h b/src/lib/pubkey/xmss/xmss_index_registry.h index 8759ca03b..3e5aaa794 100644 --- a/src/lib/pubkey/xmss/xmss_index_registry.h +++ b/src/lib/pubkey/xmss/xmss_index_registry.h @@ -12,12 +12,19 @@ #include <cstddef> #include <limits> #include <memory> +<<<<<<< HEAD +======= +#include <mutex> +>>>>>>> 959425d... Added Extended Hash-Based Signatures (XMSS) #include <string> #include <botan/hash.h> #include <botan/secmem.h> #include <botan/types.h> #include <botan/atomic.h> +<<<<<<< HEAD #include <botan/mutex.h> +======= +>>>>>>> 959425d... Added Extended Hash-Based Signatures (XMSS) namespace Botan { diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.cpp b/src/lib/pubkey/xmss/xmss_signature_operation.cpp index 07121db14..abbcadff7 100644 --- a/src/lib/pubkey/xmss/xmss_signature_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_signature_operation.cpp @@ -101,7 +101,7 @@ void XMSS_Signature_Operation::initialize() m_randomness = m_hash.prf(m_priv_key.prf(), index_bytes); index_bytes.clear(); XMSS_Tools::concat(index_bytes, m_leaf_idx, - m_priv_key.xmss_parameters().element_size()); + m_priv_key.xmss_parameters().element_size()); m_hash.h_msg_init(m_randomness, m_priv_key.root(), index_bytes); diff --git a/src/lib/pubkey/xmss/xmss_tools.cpp b/src/lib/pubkey/xmss/xmss_tools.cpp new file mode 100644 index 000000000..13e66759c --- /dev/null +++ b/src/lib/pubkey/xmss/xmss_tools.cpp @@ -0,0 +1,32 @@ +/** + * XMSS Tools + * Contains some helper functions. + * (C) 2016 Matthias Gierlings + * + * Botan is released under the Simplified BSD License (see license.txt) + **/ +#include <botan/xmss_tools.h> + +namespace Botan { + +XMSS_Tools::XMSS_Tools() + { +#if defined(BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANESS) +#if defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN) + m_is_little_endian = true; +#else + m_is_little_endian = false; +#endif +#else + uint16_t data = 0x01; + m_is_little_endian = reinterpret_cast<const byte*>(&data)[0] == 0x01; +#endif + } + +const XMSS_Tools& XMSS_Tools::get() + { + static const XMSS_Tools self; + return self; + } + +} diff --git a/src/lib/pubkey/xmss/xmss_tools.h b/src/lib/pubkey/xmss/xmss_tools.h index 773953fae..ab60665c7 100644 --- a/src/lib/pubkey/xmss/xmss_tools.h +++ b/src/lib/pubkey/xmss/xmss_tools.h @@ -11,7 +11,10 @@ #include <stdint.h> #include <iterator> #include <type_traits> +<<<<<<< HEAD #include <botan/cpuid.h> +======= +>>>>>>> 959425d... Added Extended Hash-Based Signatures (XMSS) #include <botan/types.h> #include <botan/secmem.h> @@ -64,13 +67,17 @@ void XMSS_Tools::concat(secure_vector<byte>& target, const T& src) { const byte* src_bytes = reinterpret_cast<const byte*>(&src); if(CPUID::is_little_endian()) + { std::reverse_copy(src_bytes, src_bytes + sizeof(src), std::back_inserter(target)); + } else + { std::copy(src_bytes, src_bytes + sizeof(src), std::back_inserter(target)); + } } @@ -87,13 +94,17 @@ void XMSS_Tools::concat(secure_vector<byte>& target, const byte* src_bytes = reinterpret_cast<const byte*>(&src); if(CPUID::is_little_endian()) + { std::reverse_copy(src_bytes, src_bytes + c, std::back_inserter(target)); + } else + { std::copy(src_bytes + sizeof(src) - c, src_bytes + sizeof(src), std::back_inserter(target)); + } } } diff --git a/src/lib/pubkey/xmss/xmss_verification_operation.cpp b/src/lib/pubkey/xmss/xmss_verification_operation.cpp index 79bd61d17..c789a6d85 100644 --- a/src/lib/pubkey/xmss/xmss_verification_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_verification_operation.cpp @@ -78,8 +78,8 @@ XMSS_Verification_Operation::verify(const XMSS_Signature& sig, XMSS_Address adrs; secure_vector<byte> index_bytes; XMSS_Tools::concat(index_bytes, - sig.unused_leaf_index(), - m_xmss_params.element_size()); + sig.unused_leaf_index(), + m_xmss_params.element_size()); secure_vector<byte> msg_digest = m_hash.h_msg(sig.randomness(), public_key.root(), |