public Builder withPublicSeed(byte[] val) { publicSeed = XMSSUtil.cloneArray(val); return this; }
final int totalHeight = params.getHeight(); final int xmssHeight = xmssParams.getHeight(); if (!XMSSUtil.isIndexValid(totalHeight, globalIndex)) byte[] random = wotsPlus.getKhf().PRF(privateKey.getSecretKeyPRF(), XMSSUtil.toBytesBigEndian(globalIndex, 32)); byte[] concatenated = Arrays.concatenate(random, privateKey.getRoot(), XMSSUtil.toBytesBigEndian(globalIndex, params.getDigestSize())); byte[] messageDigest = wotsPlus.getKhf().HMsg(concatenated, message); long indexTree = XMSSUtil.getTreeIndex(globalIndex, xmssHeight); int indexLeaf = XMSSUtil.getLeafIndex(globalIndex, xmssHeight); indexLeaf = XMSSUtil.getLeafIndex(indexTree, xmssHeight); indexTree = XMSSUtil.getTreeIndex(indexTree, xmssHeight); if (bdsState.get(layer) == null || XMSSUtil.isNewBDSInitNeeded(globalIndex, xmssHeight, layer))
private static XMSSPrivateKey xmssCreateKeyStructure(XMSSPrivateKeyParameters keyParams) { byte[] keyData = keyParams.toByteArray(); int n = keyParams.getParameters().getDigestSize(); int totalHeight = keyParams.getParameters().getHeight(); int indexSize = 4; int secretKeySize = n; int secretKeyPRFSize = n; int publicSeedSize = n; int rootSize = n; int position = 0; int index = (int)XMSSUtil.bytesToXBigEndian(keyData, position, indexSize); if (!XMSSUtil.isIndexValid(totalHeight, index)) { throw new IllegalArgumentException("index out of bounds"); } position += indexSize; byte[] secretKeySeed = XMSSUtil.extractBytesAtOffset(keyData, position, secretKeySize); position += secretKeySize; byte[] secretKeyPRF = XMSSUtil.extractBytesAtOffset(keyData, position, secretKeyPRFSize); position += secretKeyPRFSize; byte[] publicSeed = XMSSUtil.extractBytesAtOffset(keyData, position, publicSeedSize); position += publicSeedSize; byte[] root = XMSSUtil.extractBytesAtOffset(keyData, position, rootSize); position += rootSize; /* import BDS state */ byte[] bdsStateBinary = XMSSUtil.extractBytesAtOffset(keyData, position, keyData.length - position); return new XMSSPrivateKey(index, secretKeySeed, secretKeyPRF, publicSeed, root, bdsStateBinary); }
index = XMSSUtil.bytesToXBigEndian(privateKey, position, indexSize); if (!XMSSUtil.isIndexValid(totalHeight, index)) secretKeySeed = XMSSUtil.extractBytesAtOffset(privateKey, position, secretKeySize); position += secretKeySize; secretKeyPRF = XMSSUtil.extractBytesAtOffset(privateKey, position, secretKeyPRFSize); position += secretKeyPRFSize; publicSeed = XMSSUtil.extractBytesAtOffset(privateKey, position, publicSeedSize); position += publicSeedSize; root = XMSSUtil.extractBytesAtOffset(privateKey, position, rootSize); position += rootSize; byte[] bdsStateBinary = XMSSUtil.extractBytesAtOffset(privateKey, position, privateKey.length - position); BDSStateMap bdsImport = (BDSStateMap)XMSSUtil.deserialize(bdsStateBinary, BDSStateMap.class); int totalHeight = params.getHeight(); if (XMSSUtil.isIndexValid(totalHeight, globalIndex) && tmpPublicSeed != null && tmpSecretKeySeed != null)
int position = 0; byte[] indexBytes = XMSSUtil.toBytesBigEndian(index, indexSize); XMSSUtil.copyBytesAtOffset(out, indexBytes, position); position += indexSize; XMSSUtil.copyBytesAtOffset(out, secretKeySeed, position); position += secretKeySize; XMSSUtil.copyBytesAtOffset(out, secretKeyPRF, position); position += secretKeyPRFSize; XMSSUtil.copyBytesAtOffset(out, publicSeed, position); position += publicSeedSize; XMSSUtil.copyBytesAtOffset(out, root, position); return Arrays.concatenate(out, XMSSUtil.serialize(bdsState));
if (!XMSSUtil.isIndexValid(height, index)) secretKeySeed = XMSSUtil.extractBytesAtOffset(privateKey, position, secretKeySize); position += secretKeySize; secretKeyPRF = XMSSUtil.extractBytesAtOffset(privateKey, position, secretKeyPRFSize); position += secretKeyPRFSize; publicSeed = XMSSUtil.extractBytesAtOffset(privateKey, position, publicSeedSize); position += publicSeedSize; root = XMSSUtil.extractBytesAtOffset(privateKey, position, rootSize); position += rootSize; byte[] bdsStateBinary = XMSSUtil.extractBytesAtOffset(privateKey, position, privateKey.length - position); try BDS bdsImport = (BDS)XMSSUtil.deserialize(bdsStateBinary, BDS.class); if (bdsImport.getIndex() != index)
protected WOTSPlusPublicKeyParameters(WOTSPlusParameters params, byte[][] publicKey) { super(); if (params == null) { throw new NullPointerException("params == null"); } if (publicKey == null) { throw new NullPointerException("publicKey == null"); } if (XMSSUtil.hasNullPointer(publicKey)) { throw new NullPointerException("publicKey byte array == null"); } if (publicKey.length != params.getLen()) { throw new IllegalArgumentException("wrong publicKey size"); } for (int i = 0; i < publicKey.length; i++) { if (publicKey[i].length != params.getDigestSize()) { throw new IllegalArgumentException("wrong publicKey format"); } } this.publicKey = XMSSUtil.cloneArray(publicKey); }
long indexTree = XMSSUtil.getTreeIndex(globalIndex, xmssHeight); int indexLeaf = XMSSUtil.getLeafIndex(globalIndex, xmssHeight); indexLeaf = XMSSUtil.getLeafIndex(indexTree, xmssHeight); indexTree = XMSSUtil.getTreeIndex(indexTree, xmssHeight); && XMSSUtil.isNewAuthenticationPathNeeded(globalIndex, xmssHeight, layer))
XMSSUtil.toBytesBigEndian(sig.getIndex(), params.getDigestSize())); byte[] messageDigest = wotsPlus.getKhf().HMsg(concatenated, message); long indexTree = XMSSUtil.getTreeIndex(globalIndex, xmssHeight); int indexLeaf = XMSSUtil.getLeafIndex(globalIndex, xmssHeight); indexLeaf = XMSSUtil.getLeafIndex(indexTree, xmssHeight); indexTree = XMSSUtil.getTreeIndex(indexTree, xmssHeight);
/** * Constructor... * * @param digest The digest used for WOTS+. */ protected WOTSPlusParameters(Digest digest) { super(); if (digest == null) { throw new NullPointerException("digest == null"); } this.digest = digest; digestSize = XMSSUtil.getDigestSize(digest); winternitzParameter = 16; len1 = (int)Math.ceil((double)(8 * digestSize) / XMSSUtil.log2(winternitzParameter)); len2 = (int)Math.floor(XMSSUtil.log2(len1 * (winternitzParameter - 1)) / XMSSUtil.log2(winternitzParameter)) + 1; len = len1 + len2; oid = WOTSPlusOid.lookup(digest.getAlgorithmName(), digestSize, winternitzParameter, len); if (oid == null) { throw new IllegalArgumentException("cannot find OID for digest algorithm: " + digest.getAlgorithmName()); } }
position += indexSize; XMSSUtil.copyBytesAtOffset(out, secretKeySeed, position); position += secretKeySize; XMSSUtil.copyBytesAtOffset(out, secretKeyPRF, position); position += secretKeyPRFSize; XMSSUtil.copyBytesAtOffset(out, publicSeed, position); position += publicSeedSize; XMSSUtil.copyBytesAtOffset(out, root, position); bdsStateOut = XMSSUtil.serialize(bdsState);
public byte[] toByteArray() { /* index || random || reduced signatures */ int n = params.getDigestSize(); int len = params.getWOTSPlus().getParams().getLen(); int indexSize = (int)Math.ceil(params.getHeight() / (double)8); int randomSize = n; int reducedSignatureSizeSingle = ((params.getHeight() / params.getLayers()) + len) * n; int reducedSignaturesSizeTotal = reducedSignatureSizeSingle * params.getLayers(); int totalSize = indexSize + randomSize + reducedSignaturesSizeTotal; byte[] out = new byte[totalSize]; int position = 0; /* copy index */ byte[] indexBytes = XMSSUtil.toBytesBigEndian(index, indexSize); XMSSUtil.copyBytesAtOffset(out, indexBytes, position); position += indexSize; /* copy random */ XMSSUtil.copyBytesAtOffset(out, random, position); position += randomSize; /* copy reduced signatures */ for (XMSSReducedSignature reducedSignature : reducedSignatures) { byte[] signature = reducedSignature.toByteArray(); XMSSUtil.copyBytesAtOffset(out, signature, position); position += reducedSignatureSizeSingle; } return out; }
public boolean verifySignature(byte[] message, byte[] signature) { /* parse signature and public key */ XMSSSignature sig = new XMSSSignature.Builder(params).withSignature(signature).build(); /* generate public key */ int index = sig.getIndex(); /* reinitialize WOTS+ object */ params.getWOTSPlus().importKeys(new byte[params.getDigestSize()], publicKey.getPublicSeed()); /* create message digest */ byte[] concatenated = Arrays.concatenate(sig.getRandom(), publicKey.getRoot(), XMSSUtil.toBytesBigEndian(index, params.getDigestSize())); byte[] messageDigest = khf.HMsg(concatenated, message); int xmssHeight = params.getHeight(); int indexLeaf = XMSSUtil.getLeafIndex(index, xmssHeight); /* get root from signature */ OTSHashAddress otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withOTSAddress(index).build(); XMSSNode rootNodeFromSignature = XMSSVerifierUtil.getRootNodeFromSignature(params.getWOTSPlus(), xmssHeight, messageDigest, sig, otsHashAddress, indexLeaf); return Arrays.constantTimeAreEqual(rootNodeFromSignature.getValue(), publicKey.getRoot()); }
root = XMSSUtil.extractBytesAtOffset(publicKey, position, rootSize); position += rootSize; publicSeed = XMSSUtil.extractBytesAtOffset(publicKey, position, publicSeedSize);
public byte[] toByteArray() { /* oid || root || seed */ int n = params.getDigestSize(); // int oidSize = 4; int rootSize = n; int publicSeedSize = n; int totalSize = rootSize + publicSeedSize; // int totalSize = oidSize + rootSize + publicSeedSize; byte[] out = new byte[totalSize]; int position = 0; /* copy oid */ /* * XMSSUtil.intToBytesBigEndianOffset(out, oid, position); position += * oidSize; */ /* copy root */ XMSSUtil.copyBytesAtOffset(out, root, position); position += rootSize; /* copy public seed */ XMSSUtil.copyBytesAtOffset(out, publicSeed, position); return out; }
return XMSSUtil.areEqual(tmpPublicKey, getPublicKey(otsHashAddress).toByteArray()) ? true : false;
int tau = XMSSUtil.calculateTau(index, treeHeight);
BDS bds = (BDS)XMSSUtil.deserialize(xmssPrivateKey.getBdsState(), BDS.class); keyBuilder.withBDSState(bds.withWOTSDigest(treeDigest)); BDSStateMap bdsState = (BDSStateMap)XMSSUtil.deserialize(xmssMtPrivateKey.getBdsState(), BDSStateMap.class); keyBuilder.withBDSState(bdsState.withWOTSDigest(treeDigest));
int index = (int)XMSSUtil.bytesToXBigEndian(keyData, position, indexSize); if (!XMSSUtil.isIndexValid(totalHeight, index)) byte[] secretKeySeed = XMSSUtil.extractBytesAtOffset(keyData, position, secretKeySize); position += secretKeySize; byte[] secretKeyPRF = XMSSUtil.extractBytesAtOffset(keyData, position, secretKeyPRFSize); position += secretKeyPRFSize; byte[] publicSeed = XMSSUtil.extractBytesAtOffset(keyData, position, publicSeedSize); position += publicSeedSize; byte[] root = XMSSUtil.extractBytesAtOffset(keyData, position, rootSize); position += rootSize; byte[] bdsStateBinary = XMSSUtil.extractBytesAtOffset(keyData, position, keyData.length - position);
protected WOTSPlusPrivateKeyParameters(WOTSPlusParameters params, byte[][] privateKey) { super(); if (params == null) { throw new NullPointerException("params == null"); } if (privateKey == null) { throw new NullPointerException("privateKey == null"); } if (XMSSUtil.hasNullPointer(privateKey)) { throw new NullPointerException("privateKey byte array == null"); } if (privateKey.length != params.getLen()) { throw new IllegalArgumentException("wrong privateKey format"); } for (int i = 0; i < privateKey.length; i++) { if (privateKey[i].length != params.getDigestSize()) { throw new IllegalArgumentException("wrong privateKey format"); } } this.privateKey = XMSSUtil.cloneArray(privateKey); }