diff options
Diffstat (limited to 'src/lib')
51 files changed, 216 insertions, 202 deletions
diff --git a/src/lib/kdf/hkdf/hkdf.h b/src/lib/kdf/hkdf/hkdf.h index 5ab253420..5ad389aeb 100644 --- a/src/lib/kdf/hkdf/hkdf.h +++ b/src/lib/kdf/hkdf/hkdf.h @@ -36,7 +36,7 @@ class BOTAN_DLL HKDF final : public KDF const byte label[], size_t label_len) const override; private: - MessageAuthenticationCode* m_prf; + std::unique_ptr<MessageAuthenticationCode> m_prf; }; /** diff --git a/src/lib/pubkey/mce/code_based_key_gen.cpp b/src/lib/pubkey/mce/code_based_key_gen.cpp index 8fb290386..839ebc977 100644 --- a/src/lib/pubkey/mce/code_based_key_gen.cpp +++ b/src/lib/pubkey/mce/code_based_key_gen.cpp @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * diff --git a/src/lib/pubkey/mce/code_based_util.h b/src/lib/pubkey/mce/code_based_util.h index 31c962746..9b5395f41 100644 --- a/src/lib/pubkey/mce/code_based_util.h +++ b/src/lib/pubkey/mce/code_based_util.h @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * @@ -18,7 +18,7 @@ namespace Botan { /** * Expand an input to a bit mask depending on it being being zero or non-zero -* @ param tst the input +* @param tst the input * @return the mask 0xFFFF if tst is non-zero and 0 otherwise */ template<typename T> diff --git a/src/lib/pubkey/mce/gf2m_rootfind_dcmp.cpp b/src/lib/pubkey/mce/gf2m_rootfind_dcmp.cpp index c9d82fdbf..74cb1c64b 100644 --- a/src/lib/pubkey/mce/gf2m_rootfind_dcmp.cpp +++ b/src/lib/pubkey/mce/gf2m_rootfind_dcmp.cpp @@ -1,4 +1,4 @@ -/** +/* * (C) 2014 cryptosource GmbH * (C) 2014 Falko Strenzke [email protected] * diff --git a/src/lib/pubkey/mce/gf2m_small_m.h b/src/lib/pubkey/mce/gf2m_small_m.h index 0b27a82e3..595ef3999 100644 --- a/src/lib/pubkey/mce/gf2m_small_m.h +++ b/src/lib/pubkey/mce/gf2m_small_m.h @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * diff --git a/src/lib/pubkey/mce/goppa_code.cpp b/src/lib/pubkey/mce/goppa_code.cpp index e866a1631..cbec6302a 100644 --- a/src/lib/pubkey/mce/goppa_code.cpp +++ b/src/lib/pubkey/mce/goppa_code.cpp @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * diff --git a/src/lib/pubkey/mce/mce_internal.h b/src/lib/pubkey/mce/mce_internal.h index 526552944..1985c23d2 100644 --- a/src/lib/pubkey/mce/mce_internal.h +++ b/src/lib/pubkey/mce/mce_internal.h @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * diff --git a/src/lib/pubkey/mce/mceliece.cpp b/src/lib/pubkey/mce/mceliece.cpp index dd05b8212..7617ff11f 100644 --- a/src/lib/pubkey/mce/mceliece.cpp +++ b/src/lib/pubkey/mce/mceliece.cpp @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * diff --git a/src/lib/pubkey/mce/mceliece.h b/src/lib/pubkey/mce/mceliece.h index c46be4a49..2c4f38c33 100644 --- a/src/lib/pubkey/mce/mceliece.h +++ b/src/lib/pubkey/mce/mceliece.h @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * diff --git a/src/lib/pubkey/mce/mceliece_key.cpp b/src/lib/pubkey/mce/mceliece_key.cpp index da92479ef..93ce41fb2 100644 --- a/src/lib/pubkey/mce/mceliece_key.cpp +++ b/src/lib/pubkey/mce/mceliece_key.cpp @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * diff --git a/src/lib/pubkey/mce/polyn_gf2m.cpp b/src/lib/pubkey/mce/polyn_gf2m.cpp index e0d1c5a65..2815181c1 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.cpp +++ b/src/lib/pubkey/mce/polyn_gf2m.cpp @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * diff --git a/src/lib/pubkey/mce/polyn_gf2m.h b/src/lib/pubkey/mce/polyn_gf2m.h index 62264e480..73e495fba 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.h +++ b/src/lib/pubkey/mce/polyn_gf2m.h @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * diff --git a/src/lib/pubkey/mce/workfactor.cpp b/src/lib/pubkey/mce/workfactor.cpp index 9594c0aab..51cfcc269 100644 --- a/src/lib/pubkey/mce/workfactor.cpp +++ b/src/lib/pubkey/mce/workfactor.cpp @@ -1,4 +1,4 @@ -/** +/* * (C) Copyright Projet SECRET, INRIA, Rocquencourt * (C) Bhaskar Biswas and Nicolas Sendrier * (C) 2014 Jack Lloyd diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index 7cccd0168..178001316 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -242,7 +242,7 @@ create_private_key(const std::string& alg_name, if(alg_name == "XMSS") { return std::unique_ptr<Private_Key>( - new XMSS_PrivateKey(XMSS_Parameters(params).oid(), rng)); + new XMSS_PrivateKey(XMSS_Parameters(params.empty() ? "XMSS_SHA2-512_W16_H10" : params).oid(), rng)); } #endif diff --git a/src/lib/pubkey/workfactor.h b/src/lib/pubkey/workfactor.h index eb86b6d88..1fccc1a1b 100644 --- a/src/lib/pubkey/workfactor.h +++ b/src/lib/pubkey/workfactor.h @@ -17,7 +17,7 @@ namespace Botan { * @param prime_group_size size of the group in bits * @return estimated security level for this group */ -size_t dl_work_factor(size_t prime_group_size); +BOTAN_DLL size_t dl_work_factor(size_t prime_group_size); /** * Return the appropriate exponent size to use for a particular prime @@ -29,21 +29,21 @@ size_t dl_work_factor(size_t prime_group_size); * algorithm can compute the DL in sqrt(x) operations) while minimizing * the exponent size for performance reasons. */ -size_t dl_exponent_size(size_t prime_group_size); +BOTAN_DLL size_t dl_exponent_size(size_t prime_group_size); /** * Estimate work factor for integer factorization * @param n_bits size of modulus in bits * @return estimated security level for this modulus */ -size_t if_work_factor(size_t n_bits); +BOTAN_DLL size_t if_work_factor(size_t n_bits); /** * Estimate work factor for EC discrete logarithm * @param prime_group_size size of the group in bits * @return estimated security level for this group */ -size_t ecp_work_factor(size_t prime_group_size); +BOTAN_DLL size_t ecp_work_factor(size_t prime_group_size); } diff --git a/src/lib/pubkey/xmss/atomic.h b/src/lib/pubkey/xmss/atomic.h index 485728d54..cf3f5528c 100644 --- a/src/lib/pubkey/xmss/atomic.h +++ b/src/lib/pubkey/xmss/atomic.h @@ -1,4 +1,4 @@ -/** +/* * Atomic * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/info.txt b/src/lib/pubkey/xmss/info.txt index bab541625..862ff68f9 100644 --- a/src/lib/pubkey/xmss/info.txt +++ b/src/lib/pubkey/xmss/info.txt @@ -42,4 +42,5 @@ xmss_verification_operation.h asn1 rng hash +sha2_32 </requires> diff --git a/src/lib/pubkey/xmss/xmss.h b/src/lib/pubkey/xmss/xmss.h index f12871672..bad7f2aad 100644 --- a/src/lib/pubkey/xmss/xmss.h +++ b/src/lib/pubkey/xmss/xmss.h @@ -1,4 +1,4 @@ -/** +/* * XMSS * Includes XMSS headers. * (C) 2016 Matthias Gierlings diff --git a/src/lib/pubkey/xmss/xmss_address.h b/src/lib/pubkey/xmss/xmss_address.h index 438059cba..07bfd1dbf 100644 --- a/src/lib/pubkey/xmss/xmss_address.h +++ b/src/lib/pubkey/xmss/xmss_address.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Address * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_common_ops.cpp b/src/lib/pubkey/xmss/xmss_common_ops.cpp index dd139a349..aec584201 100644 --- a/src/lib/pubkey/xmss/xmss_common_ops.cpp +++ b/src/lib/pubkey/xmss/xmss_common_ops.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS Common Ops * Operations shared by XMSS signature generation and verification operations. * (C) 2016 Matthias Gierlings diff --git a/src/lib/pubkey/xmss/xmss_common_ops.h b/src/lib/pubkey/xmss/xmss_common_ops.h index 74ae52a78..bcf036f5c 100644 --- a/src/lib/pubkey/xmss/xmss_common_ops.h +++ b/src/lib/pubkey/xmss/xmss_common_ops.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Common Ops * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_hash.cpp b/src/lib/pubkey/xmss/xmss_hash.cpp index 2dfcabbbc..3731f7751 100644 --- a/src/lib/pubkey/xmss/xmss_hash.cpp +++ b/src/lib/pubkey/xmss/xmss_hash.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS Hash * A collection of pseudorandom hash functions required for XMSS and WOTS * computations. @@ -8,6 +8,7 @@ **/ #include <botan/xmss_hash.h> +#include <botan/exceptn.h> namespace Botan { @@ -16,14 +17,19 @@ XMSS_Hash::XMSS_Hash(const XMSS_Hash& hash) { } -XMSS_Hash::XMSS_Hash(const std::string& h_func_name) - : m_hash(HashFunction::create(h_func_name)), - m_msg_hash(HashFunction::create(h_func_name)), - m_output_length(m_hash->output_length()), - m_zero_padding(m_output_length - 1, 0x00), - m_hash_func_name(h_func_name) +XMSS_Hash::XMSS_Hash(const std::string& h_func_name) : + m_hash_func_name(h_func_name), + m_hash(HashFunction::create(h_func_name)) { + if(!m_hash) + throw Lookup_Error("XMSS cannot use hash " + h_func_name + + " because it is unavailable"); + + m_output_length = m_hash->output_length(); BOTAN_ASSERT(m_output_length > 0, "Hash output length of zero is invalid."); + + m_zero_padding.resize(m_output_length - 1); + m_msg_hash.reset(m_hash->clone()); } void diff --git a/src/lib/pubkey/xmss/xmss_hash.h b/src/lib/pubkey/xmss/xmss_hash.h index 1af9feb25..2cca26658 100644 --- a/src/lib/pubkey/xmss/xmss_hash.h +++ b/src/lib/pubkey/xmss/xmss_hash.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Hash * (C) 2016 Matthias Gierlings * @@ -147,17 +147,18 @@ class XMSS_Hash size_t output_length() const { return m_output_length; }; private: + static const byte m_id_f = 0x00; + static const byte m_id_h = 0x01; + static const byte m_id_hmsg = 0x02; + static const byte m_id_prf = 0x03; + + const std::string m_hash_func_name; std::unique_ptr<HashFunction> m_hash; std::unique_ptr<HashFunction> m_msg_hash; size_t m_output_length; //32 byte id prefixes prepended to the hash input. std::vector<byte> m_zero_padding; - static const byte m_id_f = 0x00; - static const byte m_id_h = 0x01; - static const byte m_id_hmsg = 0x02; - static const byte m_id_prf = 0x03; - const std::string m_hash_func_name; }; } diff --git a/src/lib/pubkey/xmss/xmss_index_registry.cpp b/src/lib/pubkey/xmss/xmss_index_registry.cpp index a85bc7c9f..e26cfdad4 100644 --- a/src/lib/pubkey/xmss/xmss_index_registry.cpp +++ b/src/lib/pubkey/xmss/xmss_index_registry.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS Index Registry * A registry for XMSS private keys, keeps track of the leaf index for * independend copies of the same key. diff --git a/src/lib/pubkey/xmss/xmss_index_registry.h b/src/lib/pubkey/xmss/xmss_index_registry.h index 8759ca03b..77842e4f3 100644 --- a/src/lib/pubkey/xmss/xmss_index_registry.h +++ b/src/lib/pubkey/xmss/xmss_index_registry.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Index Registry * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_key_pair.h b/src/lib/pubkey/xmss/xmss_key_pair.h index 4d86f1766..d6c82af60 100644 --- a/src/lib/pubkey/xmss/xmss_key_pair.h +++ b/src/lib/pubkey/xmss/xmss_key_pair.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Key Pair * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_parameters.cpp b/src/lib/pubkey/xmss/xmss_parameters.cpp index 5a106320b..cc4d923dd 100644 --- a/src/lib/pubkey/xmss/xmss_parameters.cpp +++ b/src/lib/pubkey/xmss/xmss_parameters.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS Parameters * Descibes a signature method for XMSS, as defined in: * [1] XMSS: Extended Hash-Based Signatures, @@ -16,26 +16,41 @@ namespace Botan { -const std::map<std::string, XMSS_Parameters::xmss_algorithm_t> - XMSS_Parameters::m_oid_name_lut = - { - { "XMSS_SHA2-256_W16_H10", XMSS_SHA2_256_W16_H10 }, - { "XMSS_SHA2-256_W16_H16", XMSS_SHA2_256_W16_H16 }, - { "XMSS_SHA2-256_W16_H20", XMSS_SHA2_256_W16_H20 }, - { "XMSS_SHA2-512_W16_H10", XMSS_SHA2_512_W16_H10 }, - { "XMSS_SHA2-512_W16_H16", XMSS_SHA2_512_W16_H16 }, - { "XMSS_SHA2-512_W16_H20", XMSS_SHA2_512_W16_H20 } -// { "XMSS_SHAKE128_W16_H10", xmss_algorithm_t::XMSS_SHAKE128_W16_H10 }, -// { "XMSS_SHAKE128_W16_H16", xmss_algorithm_t::XMSS_SHAKE128_W16_H16 }, -// { "XMSS_SHAKE128_W16_H20", xmss_algorithm_t::XMSS_SHAKE128_W16_H20 }, -// { "XMSS_SHAKE256_W16_H10", xmss_algorithm_t::XMSS_SHAKE256_W16_H10 }, -// { "XMSS_SHAKE256_W16_H16", xmss_algorithm_t::XMSS_SHAKE256_W16_H16 }, -// { "XMSS_SHAKE256_W16_H20", xmss_algorithm_t::XMSS_SHAKE256_W16_H20 } - }; +//static +XMSS_Parameters::xmss_algorithm_t XMSS_Parameters::xmss_id_from_string(const std::string& param_set) + { + if(param_set == "XMSS_SHA2-256_W16_H10") + return XMSS_SHA2_256_W16_H10; + if(param_set == "XMSS_SHA2-256_W16_H16") + return XMSS_SHA2_256_W16_H16; + if(param_set == "XMSS_SHA2-256_W16_H20") + return XMSS_SHA2_256_W16_H20; + if(param_set == "XMSS_SHA2-512_W16_H10") + return XMSS_SHA2_512_W16_H10; + if(param_set == "XMSS_SHA2-512_W16_H16") + return XMSS_SHA2_512_W16_H16; + if(param_set == "XMSS_SHA2-512_W16_H20") + return XMSS_SHA2_512_W16_H20; + if(param_set == "XMSS_SHAKE128_W16_H10") + return XMSS_SHAKE128_W16_H10; + if(param_set == "XMSS_SHAKE128_W16_H16") + return XMSS_SHAKE128_W16_H16; + if(param_set == "XMSS_SHAKE128_W16_H20") + return XMSS_SHAKE128_W16_H20; + if(param_set == "XMSS_SHAKE256_W16_H10") + return XMSS_SHAKE256_W16_H10; + if(param_set == "XMSS_SHAKE256_W16_H16") + return XMSS_SHAKE256_W16_H16; + if(param_set == "XMSS_SHAKE256_W16_H20") + return XMSS_SHAKE256_W16_H20; + throw Lookup_Error("Unknown XMSS algorithm param '" + param_set + "'"); + } + +XMSS_Parameters::XMSS_Parameters(const std::string& param_set) + : XMSS_Parameters(XMSS_Parameters::xmss_id_from_string(param_set)) + { + } -XMSS_Parameters::XMSS_Parameters(const std::string& algo_name) - : XMSS_Parameters(m_oid_name_lut.at(algo_name)) - {} XMSS_Parameters::XMSS_Parameters(xmss_algorithm_t oid) : m_oid(oid) @@ -102,73 +117,66 @@ XMSS_Parameters::XMSS_Parameters(xmss_algorithm_t oid) m_strength = 512; m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHA2_512_W16; break; -// FIXME: Uncomment once SHAKE128/256 implementation is available in Botan. -// case XMSS_SHAKE128_W16_H10: -// m_element_size = 32; -// m_w = 16; -// m_len = 67; -// m_tree_height = 10; -// m_name = "XMSS_SHAKE128_W16_H10"; -// m_hash_name = ""; -// m_strength = 256; -// m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE128_W16; -// BOTAN_ASSERT(false, "XMSS_SHAKE128_W16_H10 not implemented."); -// break; -// case XMSS_SHAKE128_W16_H16: -// m_element_size = 32; -// m_w = 16; -// m_len = 67; -// m_tree_height = 16; -// m_name = "XMSS_SHAKE128_W16_H16"; -// m_hash_name = ""; -// m_strength = 256; -// m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE128_W16; -// BOTAN_ASSERT(false, "XMSS_SHAKE128_W16_H16 not implemented."); -// break; -// case XMSS_SHAKE128_W16_H20: -// m_element_size = 32; -// m_w = 16; -// m_len = 67; -// m_tree_height = 20; -// m_name = "XMSS_SHAKE128_W16_H20"; -// m_hash_name = ""; -// m_strength = 256; -// m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE128_W16; -// BOTAN_ASSERT(false, "XMSS_SHAKE128_W16_H20 not implemented."); -// break; -// case XMSS_SHAKE256_W16_H10: -// m_element_size = 64; -// m_w = 16; -// m_len = 131; -// m_tree_height = 10; -// m_name = "XMSS_SHAKE256_W16_H10"; -// m_hash_name = ""; -// m_strength = 512; -// m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE256_W16; -// BOTAN_ASSERT(false, "XMSS_SHAKE256_W16_H10 not implemented."); -// break; -// case XMSS_SHAKE256_W16_H16: -// m_element_size = 64; -// m_w = 16; -// m_len = 131; -// m_tree_height = 16; -// m_name = "XMSS_SHAKE256_W16_H16"; -// m_hash_name = ""; -// m_strength = 512; -// m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE256_W16; -// BOTAN_ASSERT(false, "XMSS_SHAKE256_W16_H16 not implemented."); -// break; -// case XMSS_SHAKE256_W16_H20: -// m_element_size = 64; -// m_w = 16; -// m_len = 131; -// m_tree_height = 20; -// m_name = "XMSS_SHAKE256_W16_H20"; -// m_hash_name = ""; -// m_strength = 512; -// m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE256_W16; -// BOTAN_ASSERT(false, "XMSS_SHAKE256_W16_H20 not implemented."); -// break; + case XMSS_SHAKE128_W16_H10: + m_element_size = 32; + m_w = 16; + m_len = 67; + m_tree_height = 10; + m_name = "XMSS_SHAKE128_W16_H10"; + m_hash_name = "SHAKE-128(256)"; + m_strength = 256; + m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE128_W16; + break; + case XMSS_SHAKE128_W16_H16: + m_element_size = 32; + m_w = 16; + m_len = 67; + m_tree_height = 16; + m_name = "XMSS_SHAKE128_W16_H16"; + m_hash_name = "SHAKE-128(256)"; + m_strength = 256; + m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE128_W16; + break; + case XMSS_SHAKE128_W16_H20: + m_element_size = 32; + m_w = 16; + m_len = 67; + m_tree_height = 20; + m_name = "XMSS_SHAKE128_W16_H20"; + m_hash_name = "SHAKE-128(256)"; + m_strength = 256; + m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE128_W16; + break; + case XMSS_SHAKE256_W16_H10: + m_element_size = 64; + m_w = 16; + m_len = 131; + m_tree_height = 10; + m_name = "XMSS_SHAKE256_W16_H10"; + m_hash_name = "SHAKE-256(512)"; + m_strength = 512; + m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE256_W16; + break; + case XMSS_SHAKE256_W16_H16: + m_element_size = 64; + m_w = 16; + m_len = 131; + m_tree_height = 16; + m_name = "XMSS_SHAKE256_W16_H16"; + m_hash_name = "SHAKE-256(512)"; + m_strength = 512; + m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE256_W16; + break; + case XMSS_SHAKE256_W16_H20: + m_element_size = 64; + m_w = 16; + m_len = 131; + m_tree_height = 20; + m_name = "XMSS_SHAKE256_W16_H20"; + m_hash_name = "SHAKE-256(512)"; + m_strength = 512; + m_wots_oid = XMSS_WOTS_Parameters::ots_algorithm_t::WOTSP_SHAKE256_W16; + break; default: throw Unsupported_Argument( "Algorithm id does not match any XMSS algorithm id."); diff --git a/src/lib/pubkey/xmss/xmss_parameters.h b/src/lib/pubkey/xmss/xmss_parameters.h index eb5ff4422..1e8048217 100644 --- a/src/lib/pubkey/xmss/xmss_parameters.h +++ b/src/lib/pubkey/xmss/xmss_parameters.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Parameters * (C) 2016 Matthias Gierlings * @@ -36,15 +36,16 @@ class BOTAN_DLL XMSS_Parameters XMSS_SHA2_512_W16_H10 = 0x04000004, XMSS_SHA2_512_W16_H16 = 0x05000005, XMSS_SHA2_512_W16_H20 = 0x06000006, -// FIXME: Uncomment once SHAKE128/256 implementation is available in Botan. -// XMSS_SHAKE128_W16_H10 = 0x07000007, -// XMSS_SHAKE128_W16_H16 = 0x08000008, -// XMSS_SHAKE128_W16_H20 = 0x09000009, -// XMSS_SHAKE256_W16_H10 = 0x0a00000a, -// XMSS_SHAKE256_W16_H16 = 0x0b00000b, -// XMSS_SHAKE256_W16_H20 = 0x0c00000c + XMSS_SHAKE128_W16_H10 = 0x07000007, + XMSS_SHAKE128_W16_H16 = 0x08000008, + XMSS_SHAKE128_W16_H20 = 0x09000009, + XMSS_SHAKE256_W16_H10 = 0x0a00000a, + XMSS_SHAKE256_W16_H16 = 0x0b00000b, + XMSS_SHAKE256_W16_H20 = 0x0c00000c }; + static xmss_algorithm_t xmss_id_from_string(const std::string& algo_name); + XMSS_Parameters(const std::string& algo_name); XMSS_Parameters(xmss_algorithm_t oid); @@ -107,8 +108,6 @@ class BOTAN_DLL XMSS_Parameters } private: - static const std::map<std::string, xmss_algorithm_t> - m_oid_name_lut; xmss_algorithm_t m_oid; XMSS_WOTS_Parameters::ots_algorithm_t m_wots_oid; std::string m_name; diff --git a/src/lib/pubkey/xmss/xmss_privatekey.cpp b/src/lib/pubkey/xmss/xmss_privatekey.cpp index 18d712a5f..4e4ff73b7 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_privatekey.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS Private Key * An XMSS: Extended Hash-Based Siganture private key. * The XMSS private key does not support the X509 and PKCS7 standard. Instead diff --git a/src/lib/pubkey/xmss/xmss_privatekey.h b/src/lib/pubkey/xmss/xmss_privatekey.h index a0abb87e7..2fa9bd655 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_privatekey.h @@ -1,4 +1,4 @@ -/** +/* * XMSS_PrivateKey.h * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_publickey.cpp b/src/lib/pubkey/xmss/xmss_publickey.cpp index 4ec33e5f3..9bf166779 100644 --- a/src/lib/pubkey/xmss/xmss_publickey.cpp +++ b/src/lib/pubkey/xmss/xmss_publickey.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS Public Key * An XMSS: Extended Hash-Based Siganture public key. * The XMSS public key does not support the X509 standard. Instead the diff --git a/src/lib/pubkey/xmss/xmss_publickey.h b/src/lib/pubkey/xmss/xmss_publickey.h index 049a617ca..55385b438 100644 --- a/src/lib/pubkey/xmss/xmss_publickey.h +++ b/src/lib/pubkey/xmss/xmss_publickey.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Public Key * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_signature.cpp b/src/lib/pubkey/xmss/xmss_signature.cpp index f31dcd8bb..a54d8d9cd 100644 --- a/src/lib/pubkey/xmss/xmss_signature.cpp +++ b/src/lib/pubkey/xmss/xmss_signature.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS Signature * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_signature.h b/src/lib/pubkey/xmss/xmss_signature.h index 3194ad28c..662aa8988 100644 --- a/src/lib/pubkey/xmss/xmss_signature.h +++ b/src/lib/pubkey/xmss/xmss_signature.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Signature * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.cpp b/src/lib/pubkey/xmss/xmss_signature_operation.cpp index 07121db14..9418e3385 100644 --- a/src/lib/pubkey/xmss/xmss_signature_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_signature_operation.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS Signature Operation * Signature generation operation for Extended Hash-Based Signatures (XMSS) as * defined in: diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.h b/src/lib/pubkey/xmss/xmss_signature_operation.h index 8015e8e12..42cad8f82 100644 --- a/src/lib/pubkey/xmss/xmss_signature_operation.h +++ b/src/lib/pubkey/xmss/xmss_signature_operation.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Signature Operation * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_tools.h b/src/lib/pubkey/xmss/xmss_tools.h index 773953fae..6f85c5818 100644 --- a/src/lib/pubkey/xmss/xmss_tools.h +++ b/src/lib/pubkey/xmss/xmss_tools.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Address * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_verification_operation.cpp b/src/lib/pubkey/xmss/xmss_verification_operation.cpp index 79bd61d17..4a9c5aa11 100644 --- a/src/lib/pubkey/xmss/xmss_verification_operation.cpp +++ b/src/lib/pubkey/xmss/xmss_verification_operation.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS Verification Operation * Provides signature verification capabilities for Extended Hash-Based * Signatures (XMSS). diff --git a/src/lib/pubkey/xmss/xmss_verification_operation.h b/src/lib/pubkey/xmss/xmss_verification_operation.h index 0f45fd55f..1fa3f24e9 100644 --- a/src/lib/pubkey/xmss/xmss_verification_operation.h +++ b/src/lib/pubkey/xmss/xmss_verification_operation.h @@ -1,4 +1,4 @@ -/** +/* * XMSS Verification Operation * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_wots_parameters.cpp b/src/lib/pubkey/xmss/xmss_wots_parameters.cpp index 903885d72..3a1c1902d 100644 --- a/src/lib/pubkey/xmss/xmss_wots_parameters.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_parameters.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS WOTS Parameters * Descibes a signature method for XMSS Winternitz One Time Signatures, * as defined in: @@ -17,15 +17,23 @@ namespace Botan { -const std::map<std::string, XMSS_WOTS_Parameters::ots_algorithm_t> - XMSS_WOTS_Parameters::m_oid_name_lut = +//static +XMSS_WOTS_Parameters::ots_algorithm_t +XMSS_WOTS_Parameters::xmss_wots_id_from_string(const std::string& param_set) { - { "WOTSP_SHA2-256_W16", WOTSP_SHA2_256_W16 }, - { "WOTSP_SHA2-512_W16", WOTSP_SHA2_512_W16 } - }; + if(param_set == "WOTSP_SHA2-256_W16") + return WOTSP_SHA2_256_W16; + if(param_set == "WOTSP_SHA2-512_W16") + return WOTSP_SHA2_512_W16; + if(param_set == "WOTSP_SHAKE128_W16") + return WOTSP_SHAKE128_W16; + if(param_set == "WOTSP_SHAKE256_W16") + return WOTSP_SHAKE256_W16; + throw Invalid_Argument("Unknown XMSS-WOTS algorithm param '" + param_set + "'"); + } -XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(const std::string& algo_name) - : XMSS_WOTS_Parameters(m_oid_name_lut.at(algo_name)) +XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(const std::string& param_set) + : XMSS_WOTS_Parameters(xmss_wots_id_from_string(param_set)) {} XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(ots_algorithm_t oid) @@ -49,23 +57,22 @@ XMSS_WOTS_Parameters::XMSS_WOTS_Parameters(ots_algorithm_t oid) m_hash_name = "SHA-512"; m_strength = 512; break; -// FIXME: Uncomment once SHAKE128/256 implementation is available in Botan. -// case WOTSP_SHAKE128_W16: -// m_element_size = 32; -// m_w = 16; -// m_len = 67; -// m_name = "WOTSP_SHAKE128_W16"; -// m_hash_name = "<MISSING>"; -// m_strength = 256; -// break; -// case WOTSP_SHAKE256_W16: -// m_element_size = 64; -// m_w = 16; -// m_len = 131; -// m_name = "WOTSP_SHAKE256_W16"; -// m_hash_name = "<MISSING>"; -// m_strength = 512; -// break; + case WOTSP_SHAKE128_W16: + m_element_size = 32; + m_w = 16; + m_len = 67; + m_name = "WOTSP_SHAKE128_W16"; + m_hash_name = "SHAKE-128(256)"; + m_strength = 256; + break; + case WOTSP_SHAKE256_W16: + m_element_size = 64; + m_w = 16; + m_len = 131; + m_name = "WOTSP_SHAKE256_W16"; + m_hash_name = "SHAKE-256(512)"; + m_strength = 512; + break; default: throw Unsupported_Argument( "Algorithm id does not match any XMSS WOTS algorithm id."); diff --git a/src/lib/pubkey/xmss/xmss_wots_parameters.h b/src/lib/pubkey/xmss/xmss_wots_parameters.h index a4840c354..cc89c3d4a 100644 --- a/src/lib/pubkey/xmss/xmss_wots_parameters.h +++ b/src/lib/pubkey/xmss/xmss_wots_parameters.h @@ -1,4 +1,4 @@ -/** +/* * XMSS WOTS Parameters * (C) 2016 Matthias Gierlings * @@ -38,14 +38,15 @@ class XMSS_WOTS_Parameters { WOTSP_SHA2_256_W16 = 0x01000001, WOTSP_SHA2_512_W16 = 0x02000002, -// FIXME: Uncomment once SHAKE128/256 implementation is available in Botan. -// WOTSP_SHAKE128_W16 = 0x03000003, -// WOTSP_SHAKE256_W16 = 0x04000004 + WOTSP_SHAKE128_W16 = 0x03000003, + WOTSP_SHAKE256_W16 = 0x04000004 }; XMSS_WOTS_Parameters(const std::string& algo_name); XMSS_WOTS_Parameters(ots_algorithm_t ots_spec); + static ots_algorithm_t xmss_wots_id_from_string(const std::string& param_set); + /** * Algorithm 1: convert input string to base. * diff --git a/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp b/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp index 1a68b187d..02a3934f5 100644 --- a/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_privatekey.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS WOTS Private Key * A Winternitz One Time Signature private key for use with Extended Hash-Based * Signatures. diff --git a/src/lib/pubkey/xmss/xmss_wots_privatekey.h b/src/lib/pubkey/xmss/xmss_wots_privatekey.h index 1a6e50fe8..71e87ef48 100644 --- a/src/lib/pubkey/xmss/xmss_wots_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_wots_privatekey.h @@ -1,4 +1,4 @@ -/** +/* * XMSS WOTS Private Key * (C) 2016 Matthias Gierlings * diff --git a/src/lib/pubkey/xmss/xmss_wots_publickey.cpp b/src/lib/pubkey/xmss/xmss_wots_publickey.cpp index aa0240be8..3726fcc59 100644 --- a/src/lib/pubkey/xmss/xmss_wots_publickey.cpp +++ b/src/lib/pubkey/xmss/xmss_wots_publickey.cpp @@ -1,4 +1,4 @@ -/** +/* * XMSS WOTS Public Key * A Winternitz One Time Signature public key for use with Extended Hash-Based * Signatures. diff --git a/src/lib/pubkey/xmss/xmss_wots_publickey.h b/src/lib/pubkey/xmss/xmss_wots_publickey.h index bf3a8110d..394824d0a 100644 --- a/src/lib/pubkey/xmss/xmss_wots_publickey.h +++ b/src/lib/pubkey/xmss/xmss_wots_publickey.h @@ -1,4 +1,4 @@ -/** +/* * XMSS WOTS Public Key * (C) 2016 Matthias Gierlings * diff --git a/src/lib/rng/rdrand_rng/rdrand_rng.cpp b/src/lib/rng/rdrand_rng/rdrand_rng.cpp index 1ee857c6c..d807bd81d 100644 --- a/src/lib/rng/rdrand_rng/rdrand_rng.cpp +++ b/src/lib/rng/rdrand_rng/rdrand_rng.cpp @@ -1,4 +1,4 @@ -/** +/* * RDRAND RNG * (C) 2016 Jack Lloyd * diff --git a/src/lib/rng/rdrand_rng/rdrand_rng.h b/src/lib/rng/rdrand_rng/rdrand_rng.h index 94363b89c..73616637e 100644 --- a/src/lib/rng/rdrand_rng/rdrand_rng.h +++ b/src/lib/rng/rdrand_rng/rdrand_rng.h @@ -1,4 +1,4 @@ -/** +/* * RDRAND RNG * (C) 2016 Jack Lloyd * diff --git a/src/lib/stream/chacha/chacha_sse2/chacha_sse2.cpp b/src/lib/stream/chacha/chacha_sse2/chacha_sse2.cpp index bf01cc879..f28257fb8 100644 --- a/src/lib/stream/chacha/chacha_sse2/chacha_sse2.cpp +++ b/src/lib/stream/chacha/chacha_sse2/chacha_sse2.cpp @@ -37,20 +37,17 @@ void ChaCha::chacha_sse2_x4(byte output[64*4], u32bit input[16], size_t rounds) __m128i r1_0 = input0; __m128i r1_1 = input1; __m128i r1_2 = input2; - __m128i r1_3 = input3; - r1_3 = _mm_add_epi64(r0_3, _mm_set_epi32(0, 0, 0, 1)); + __m128i r1_3 = _mm_add_epi64(r0_3, _mm_set_epi32(0, 0, 0, 1)); __m128i r2_0 = input0; __m128i r2_1 = input1; __m128i r2_2 = input2; - __m128i r2_3 = input3; - r2_3 = _mm_add_epi64(r0_3, _mm_set_epi32(0, 0, 0, 2)); + __m128i r2_3 = _mm_add_epi64(r0_3, _mm_set_epi32(0, 0, 0, 2)); __m128i r3_0 = input0; __m128i r3_1 = input1; __m128i r3_2 = input2; - __m128i r3_3 = input3; - r3_3 = _mm_add_epi64(r0_3, _mm_set_epi32(0, 0, 0, 3)); + __m128i r3_3 = _mm_add_epi64(r0_3, _mm_set_epi32(0, 0, 0, 3)); for(size_t r = 0; r != rounds / 2; ++r) { diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index 3c29c3c2b..a15f936be 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -37,9 +37,7 @@ bool Ciphersuite::ecc_ciphersuite() const bool Ciphersuite::cbc_ciphersuite() const { - return (cipher_algo() == "3DES" || cipher_algo() == "SEED" || - cipher_algo() == "AES-128" || cipher_algo() == "AES-256" || - cipher_algo() == "Camellia-128" || cipher_algo() == "Camellia-256"); + return (mac_algo() != "AEAD"); } Ciphersuite Ciphersuite::by_id(u16bit suite) diff --git a/src/lib/tls/tls_handshake_hash.cpp b/src/lib/tls/tls_handshake_hash.cpp index 540f1de14..7bac87bc8 100644 --- a/src/lib/tls/tls_handshake_hash.cpp +++ b/src/lib/tls/tls_handshake_hash.cpp @@ -19,16 +19,12 @@ namespace TLS { secure_vector<byte> Handshake_Hash::final(Protocol_Version version, const std::string& mac_algo) const { - auto choose_hash = [=]() { - if(!version.supports_ciphersuite_specific_prf()) - return "Parallel(MD5,SHA-160)"; + std::string hash_algo = mac_algo; + if(!version.supports_ciphersuite_specific_prf()) + hash_algo = "Parallel(MD5,SHA-160)"; + else if(mac_algo == "MD5" || mac_algo == "SHA-1") + hash_algo = "SHA-256"; - if(mac_algo == "MD5" || mac_algo == "SHA-1") - return "SHA-256"; - return mac_algo.c_str(); - }; - - const std::string hash_algo = choose_hash(); std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_algo)); hash->update(m_data); return hash->final(); diff --git a/src/lib/utils/dyn_load/dyn_load.cpp b/src/lib/utils/dyn_load/dyn_load.cpp index ce6b61a1d..df6777e58 100644 --- a/src/lib/utils/dyn_load/dyn_load.cpp +++ b/src/lib/utils/dyn_load/dyn_load.cpp @@ -1,4 +1,4 @@ -/** +/* * Dynamically Loaded Object * (C) 2010 Jack Lloyd * |