// From email with Scott Fluhrer: // To generate the SEED for a child LMS tree, we will adapt algorithm A by using the // I value of the parent LMS tree the q value to be the LMS index of the child, and the i value to be 65534. // Algorithm A: // x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). // UPDATE: Generate child I from algorithm A using the I value of the parent LMS tree, the q value // to be the LMS index of the child, and the i value to be 65535; the I value will be the first 128 bits of the hash. public Hss(int layers, LmsType[] lmsTypes, LmotsType[] lmotsTypes, EntropyProviderTypes entropyType = EntropyProviderTypes.Random, BitString seed = null, BitString rootI = null) { _entropyType = entropyType; _entropyProvider = _entropyFactory.GetEntropyProvider(entropyType); _entropyProvider.AddEntropy(seed); SEED = _entropyProvider.GetEntropy(256); // for now will only be 256 bits (m = 256) _entropyProvider.AddEntropy(rootI); RootI = _entropyProvider.GetEntropy(128); _sha256 = new NativeFastSha2_256(); _lms = new Lms[layers]; _lmsTypes = lmsTypes; _lmotsTypes = lmotsTypes; _lms[0] = new Lms(lmsTypes[0], lmotsTypes[0], entropyType, SEED, rootI); var parentSeed = SEED; var parentI = RootI; for (int i = 1; i < layers; i++) { var childSeed = _sha256.HashMessage(parentI .ConcatenateBits(new BitString(0, 32)) .ConcatenateBits(new BitString(65534, 16)) .ConcatenateBits(new BitString("ff", 8)) .ConcatenateBits(parentSeed)).Digest; var I = _sha256.HashMessage(parentI .ConcatenateBits(new BitString(0, 32)) .ConcatenateBits(new BitString(65535, 16)) .ConcatenateBits(new BitString("ff", 8)) .ConcatenateBits(parentSeed)).Digest.MSBSubstring(0, 128); _lms[i] = new Lms(lmsTypes[i], lmotsTypes[i], entropyType, childSeed, I); parentSeed = childSeed; parentI = I; } }
public IDsaEcc GetInstance(HashFunction hashFunction, EntropyProviderTypes entropyType = EntropyProviderTypes.Random) { // KAS ECC is using the base IDsa function that relies on a hash function and entropy type. // Kas ECC should be the only method using this function, but I didn't want to mark it obsolete, // as the FFC KAS also uses this function from the base IDsa interface. return(new EccDsa(_shaFactory.GetShaInstance(hashFunction), _entropyProviderFactory.GetEntropyProvider(entropyType))); }
public Lmots(LmotsType type, EntropyProviderTypes entropyType = EntropyProviderTypes.Random) { var(n, w, p, ls, siglen, typecode) = LmotsModeMapping.GetValsFromType(type); _n = n; _w = w; _p = p; _ls = ls; _siglen = siglen; _typecode = typecode; _entropyProvider = _entropyFactory.GetEntropyProvider(entropyType); _isRandom = entropyType == EntropyProviderTypes.Random; _sha256 = new NativeFastSha2_256(); }
/// <summary> /// Returns a new instance of an <see cref="IEntropyProvider"/> /// </summary> /// <param name="providerType">The <see cref="IEntropyProvider"/> type </param> /// <exception cref="ArgumentException">Thrown when <see cref="providerType"/> is invalid</exception> /// <returns></returns> public IEntropyProvider GetEntropyProvider(EntropyProviderTypes providerType) { switch (providerType) { case EntropyProviderTypes.Testable: return(new TestableEntropyProvider()); case EntropyProviderTypes.Random: return(new EntropyProvider(new Random800_90())); default: throw new ArgumentException($"Invalid {providerType} supplied."); } }
private const int H25_PIECE_SIZE = 32768; // creates 1024 threads #endregion Fields #region Constructors // From an email from Scott Fluhrer: // To generate the I value for the LMS tree, we will adapt algorithm A, // by setting the I value input to be the all-zeros value, the q value // to be 0 and the i value to be 65535; we will use the first 16 bytes of the hash output. // Algorithm A: // x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). // UPDATE: I value is now generated separate from SEED. Child I values still computed the same public Lms(LmsType lmsType, LmotsType lmotsType, EntropyProviderTypes entropyType = EntropyProviderTypes.Random, BitString seed = null, BitString I = null) { var(m, h, typecode) = LmsModeMapping.GetValsFromType(lmsType); _m = m; _h = h; _typecode = typecode; var param = LmotsModeMapping.GetValsFromType(lmotsType); _lmotsTypecode = param.typecode; _entropyProvider = _entropyFactory.GetEntropyProvider(entropyType); _entropyProvider.AddEntropy(seed); SEED = _entropyProvider.GetEntropy(_m * 8); _entropyProvider.AddEntropy(I); _I = _entropyProvider.GetEntropy(128); _lmots = new Lmots(lmotsType, entropyType); _isRandom = entropyType == EntropyProviderTypes.Random; _sha256 = new NativeFastSha2_256(); // For optimization the balance between interop calls and asynchronization if (_h == 5) { _pieceSize = H5_PIECE_SIZE; } else if (_h == 10) { _pieceSize = H10_PIECE_SIZE; } else if (_h == 15) { _pieceSize = H15_PIECE_SIZE; } else if (_h == 20) { _pieceSize = H20_PIECE_SIZE; } else { _pieceSize = H25_PIECE_SIZE; } }
// Used for both signatures and keys public EccDsa(ISha sha, IEccNonceProvider nonceProvider, EntropyProviderTypes entropyType) { Sha = sha; _nonceProvider = nonceProvider; _entropyProvider = _entropyFactory.GetEntropyProvider(entropyType); }
public IEntropyProvider GetEntropyProvider(EntropyProviderTypes providerType) { return(new EntropyProviderLeadingZeroes(_random, MinimumLeadingZeroes)); }
public FfcDsa(ISha sha, EntropyProviderTypes entropyType = EntropyProviderTypes.Random) { Sha = sha; _entropyProvider = _entropyFactory.GetEntropyProvider(entropyType); }
public void ShouldReturnRandomCorrectProvider(EntropyProviderTypes providerType, Type expectedType) { var result = _subject.GetEntropyProvider(providerType); Assert.IsInstanceOf(expectedType, result); }
public ProvablePQGeneratorValidator(ISha sha, EntropyProviderTypes entropyType = EntropyProviderTypes.Random) { _sha = sha; _entropy = _entropyFactory.GetEntropyProvider(entropyType); }
/// <summary> /// hashFunction should just be null /// </summary> /// <param name="hashFunction"></param> /// <param name="entropyType"></param> /// <returns></returns> public IDsaEd GetInstance(HashFunction hashFunction, EntropyProviderTypes entropyType = EntropyProviderTypes.Random) { return(new EdDsa(entropyType)); }
public IDsaFfc GetInstance(HashFunction hashFunction, EntropyProviderTypes entropyType = EntropyProviderTypes.Random) { return(new FfcDsa(_shaFactory.GetShaInstance(hashFunction), entropyType)); }
public IHss GetInstance(int layers, LmsType[] lmsTypes, LmotsType[] lmotsTypes, EntropyProviderTypes entropyType = EntropyProviderTypes.Random, BitString seed = null, BitString rootI = null) { return(new Hss(layers, lmsTypes, lmotsTypes, entropyType, seed, rootI)); }
public EdDsa(EntropyProviderTypes entropyType = EntropyProviderTypes.Random) { _entropyProvider = _entropyFactory.GetEntropyProvider(entropyType); }
public IPQGeneratorValidator GetGeneratorValidator(PrimeGenMode primeGenMode, ISha sha, EntropyProviderTypes entropyType = EntropyProviderTypes.Random) { switch (primeGenMode) { case PrimeGenMode.Probable: return(new ProbablePQGeneratorValidator(sha, entropyType)); case PrimeGenMode.Provable: return(new ProvablePQGeneratorValidator(sha, entropyType)); default: throw new ArgumentOutOfRangeException("Invalid PrimeGenMode provided"); } }