public static GMSSRootCalc[] Clone(GMSSRootCalc[] Data)
{
if (Data == null)
return null;
GMSSRootCalc[] copy = new GMSSRootCalc[Data.Length];
Array.Copy(Data, 0, copy, 0, Data.Length);
return copy;
}
/// <summary>
/// Calculates the authpath and root for tree in layer h which starts with seed[h]
/// </summary>
///
/// <param name="NextStack">Stack used for the treehash instance created by this method</param>
/// <param name="Seed">Starting seeds</param>
/// <param name="H">Actual layer</param>
///
/// <returns>An initialized GMSSRootCalc</returns>
private GMSSRootCalc GenerateNextAuthpathAndRoot(List<byte[]> NextStack, byte[] Seed, int H)
{
byte[] OTSseed = new byte[_numLayer];
WinternitzOTSignature ots;
// data structure that constructs the whole tree and stores the initial values for treehash, Auth and retain
GMSSRootCalc treeToConstruct = new GMSSRootCalc(_heightOfTrees[H], _K[H], GetDigest(_msgDigestType));
treeToConstruct.Initialize(NextStack);
int seedForTreehashIndex = 3;
int count = 0;
// update the tree 2^(H) times, from the first to the last leaf
for (int i = 0; i < (1 << _heightOfTrees[H]); i++)
{
// initialize the seeds for the leaf generation with index 3 * 2^h
if (i == seedForTreehashIndex && count < _heightOfTrees[H] - _K[H])
{
treeToConstruct.InitializeTreehashSeed(Seed, count);
seedForTreehashIndex *= 2;
count++;
}
OTSseed = _gmssRand.NextSeed(Seed);
ots = new WinternitzOTSignature(OTSseed, GetDigest(_msgDigestType), _otsIndex[H]);
treeToConstruct.Update(ots.GetPublicKey());
}
if (treeToConstruct.IsFinished())
return treeToConstruct;
return null;
}
/// <summary>
/// Calculates the authpath for tree in layer h which starts with seed[h] additionally computes the rootSignature of underlaying root
/// </summary>
///
/// <param name="LowerRoot">Stores the root of the lower tree</param>
/// <param name="CurrentStack">Stack used for the treehash instance created by this method</param>
/// <param name="Seed">Starting seeds</param>
/// <param name="H">Actual layer</param>
/// <returns>An initialized GMSSRootCalc</returns>
private GMSSRootCalc GenerateCurrentAuthpathAndRoot(byte[] LowerRoot, List<byte[]> CurrentStack, byte[] Seed, int H)
{
byte[] help = new byte[_mdLength];
byte[] OTSseed = new byte[_mdLength];
OTSseed = _gmssRand.NextSeed(Seed);
WinternitzOTSignature ots;
// data structure that constructs the whole tree and stores the initial values for treehash, Auth and retain
GMSSRootCalc treeToConstruct = new GMSSRootCalc(_heightOfTrees[H], _K[H], GetDigest(_msgDigestType));
treeToConstruct.Initialize(CurrentStack);
// generate the first leaf
if (H == _numLayer - 1)
{
ots = new WinternitzOTSignature(OTSseed, GetDigest(_msgDigestType), _otsIndex[H]);
help = ots.GetPublicKey();
}
else
{
// for all layers except the lowest, generate the signature of the underlying root
// and reuse this signature to compute the first leaf of acual layer more efficiently (by verifiing the signature)
ots = new WinternitzOTSignature(OTSseed, GetDigest(_msgDigestType), _otsIndex[H]);
_currentRootSigs[H] = ots.GetSignature(LowerRoot);
WinternitzOTSVerify otsver = new WinternitzOTSVerify(GetDigest(_msgDigestType), _otsIndex[H]);
help = otsver.Verify(LowerRoot, _currentRootSigs[H]);
}
// update the tree with the first leaf
treeToConstruct.Update(help);
int seedForTreehashIndex = 3;
int count = 0;
// update the tree 2^(H) - 1 times, from the second to the last leaf
for (int i = 1; i < (1 << _heightOfTrees[H]); i++)
{
// initialize the seeds for the leaf generation with index 3 * 2^h
if (i == seedForTreehashIndex && count < _heightOfTrees[H] - _K[H])
{
treeToConstruct.InitializeTreehashSeed(Seed, count);
seedForTreehashIndex *= 2;
count++;
}
OTSseed = _gmssRand.NextSeed(Seed);
ots = new WinternitzOTSignature(OTSseed, GetDigest(_msgDigestType), _otsIndex[H]);
treeToConstruct.Update(ots.GetPublicKey());
}
if (treeToConstruct.IsFinished())
return treeToConstruct;
return null;
}
/// <summary>
/// Generate an encryption Key pair
/// </summary>
///
/// <returns>A GMSSKeyPair containing public and private keys</returns>
public IAsymmetricKeyPair GenerateKeyPair()
{
// initialize authenticationPaths and treehash instances
byte[][][] currentAuthPaths = new byte[_numLayer][][];
byte[][][] nextAuthPaths = new byte[_numLayer - 1][][];
Treehash[][] currentTreehash = new Treehash[_numLayer][];
Treehash[][] nextTreehash = new Treehash[_numLayer - 1][];
List<byte[]>[] currentStack = new List<byte[]>[_numLayer];
List<byte[]>[] nextStack = new List<byte[]>[_numLayer - 1];
List<byte[]>[][] currentRetain = new List<byte[]>[_numLayer][];
List<byte[]>[][] nextRetain = new List<byte[]>[_numLayer - 1][];
for (int i = 0; i < _numLayer; i++)
{
currentAuthPaths[i] = ArrayUtils.CreateJagged<byte[][]>(_heightOfTrees[i], _mdLength);//new byte[heightOfTrees[i]][mdLength];
currentTreehash[i] = new Treehash[_heightOfTrees[i] - _K[i]];
if (i > 0)
{
nextAuthPaths[i - 1] = ArrayUtils.CreateJagged<byte[][]>(_heightOfTrees[i], _mdLength);//new byte[heightOfTrees[i]][mdLength];
nextTreehash[i - 1] = new Treehash[_heightOfTrees[i] - _K[i]];
}
currentStack[i] = new List<byte[]>();
if (i > 0)
nextStack[i - 1] = new List<byte[]>();
}
// initialize roots
byte[][] currentRoots = ArrayUtils.CreateJagged<byte[][]>(_numLayer, _mdLength);
byte[][] nextRoots = ArrayUtils.CreateJagged<byte[][]>(_numLayer - 1, _mdLength);
// initialize seeds
byte[][] seeds = ArrayUtils.CreateJagged<byte[][]>(_numLayer, _mdLength);
// initialize seeds[] by copying starting-seeds of first trees of each layer
for (int i = 0; i < _numLayer; i++)
Array.Copy(_currentSeeds[i], 0, seeds[i], 0, _mdLength);
// initialize rootSigs
_currentRootSigs = ArrayUtils.CreateJagged<byte[][]>(_numLayer - 1, _mdLength);//new byte[numLayer - 1][mdLength];
// calculation of current authpaths and current rootsigs (AUTHPATHS, SIG) from bottom up to the root
for (int h = _numLayer - 1; h >= 0; h--)
{
GMSSRootCalc tree = new GMSSRootCalc(_heightOfTrees[h], _K[h], GetDigest(_msgDigestType));
try
{
// on lowest layer no lower root is available, so just call the method with null as first parameter
if (h == _numLayer - 1)
tree = GenerateCurrentAuthpathAndRoot(null, currentStack[h], seeds[h], h);
else
// otherwise call the method with the former computed root value
tree = GenerateCurrentAuthpathAndRoot(currentRoots[h + 1], currentStack[h], seeds[h], h);
}
catch
{
}
// set initial values needed for the private key construction
for (int i = 0; i < _heightOfTrees[h]; i++)
Array.Copy(tree.GetAuthPath()[i], 0, currentAuthPaths[h][i], 0, _mdLength);
currentRetain[h] = tree.GetRetain();
currentTreehash[h] = tree.GetTreehash();
Array.Copy(tree.GetRoot(), 0, currentRoots[h], 0, _mdLength);
}
// calculation of next authpaths and next roots (AUTHPATHS+, ROOTS+)
for (int h = _numLayer - 2; h >= 0; h--)
{
GMSSRootCalc tree = GenerateNextAuthpathAndRoot(nextStack[h], seeds[h + 1], h + 1);
// set initial values needed for the private key construction
for (int i = 0; i < _heightOfTrees[h + 1]; i++)
Array.Copy(tree.GetAuthPath()[i], 0, nextAuthPaths[h][i], 0, _mdLength);
nextRetain[h] = tree.GetRetain();
nextTreehash[h] = tree.GetTreehash();
Array.Copy(tree.GetRoot(), 0, nextRoots[h], 0, _mdLength);
// create seed for the Merkle tree after next (nextNextSeeds) SEEDs++
Array.Copy(seeds[h + 1], 0, _nextNextSeeds[h], 0, _mdLength);
}
// generate JDKGMSSPublicKey
int[] len = new int[] { currentRoots[0].Length };
byte[] btlen = new byte[4];
Buffer.BlockCopy(len, 0, btlen, 0, btlen.Length);
GMSSPublicKey pubKey = new GMSSPublicKey(ArrayUtils.Concat(btlen, currentRoots[0]));
// generate the JDKGMSSPrivateKey
GMSSPrivateKey privKey = new GMSSPrivateKey(_currentSeeds, _nextNextSeeds, currentAuthPaths, nextAuthPaths, currentTreehash,
nextTreehash, currentStack, nextStack, currentRetain, nextRetain, nextRoots, _currentRootSigs, _gmssParams, _msgDigestType);
// return the KeyPair
return new GMSSKeyPair(pubKey, privKey);
}
/// <summary>
///
/// </summary>
///
/// <param name="Index">The tree indices</param>
/// <param name="CurrentSeeds">A seed for the generation of private OTS keys for the current subtrees</param>
/// <param name="NextNextSeeds">A seed for the generation of private OTS keys for the next subtrees</param>
/// <param name="CurrentAuthPaths">Array of current authentication paths</param>
/// <param name="NextAuthPaths">Array of next authentication paths</param>
/// <param name="Keep">Keep array for the authPath algorithm</param>
/// <param name="CurrentTreehash">Treehash for authPath algorithm of current tree</param>
/// <param name="NextTreehash">Treehash for authPath algorithm of next tree (TREE+)</param>
/// <param name="CurrentStack">Shared stack for authPath algorithm of current tree</param>
/// <param name="NextStack">Shared stack for authPath algorithm of next tree (TREE+)</param>
/// <param name="CurrentRetain">Retain stack for authPath algorithm of current tree</param>
/// <param name="NextRetain">Retain stack for authPath algorithm of next tree (TREE+)</param>
/// <param name="NextNextLeaf">Array of upcoming leafs of the tree after next (LEAF++) of each layer</param>
/// <param name="UpperLeaf">Needed for precomputation of upper nodes</param>
/// <param name="UpperTreehashLeaf">Needed for precomputation of upper treehash nodes</param>
/// <param name="MinTreehash">Index of next treehash instance to receive an update</param>
/// <param name="NextRoot">The roots of the next trees (ROOT+)</param>
/// <param name="NextNextRoot">The roots of the tree after next (ROOT++)</param>
/// <param name="CurrentRootSig">Array of signatures of the roots of the current subtrees (SIG)</param>
/// <param name="NextRootSig">Array of signatures of the roots of the next subtree (SIG+)</param>
/// <param name="ParameterSet">The GMSS Parameterset</param>
/// <param name="Digest">The digest type</param>
internal GMSSPrivateKey(int[] Index, byte[][] CurrentSeeds, byte[][] NextNextSeeds, byte[][][] CurrentAuthPaths, byte[][][] NextAuthPaths, byte[][][] Keep,
Treehash[][] CurrentTreehash, Treehash[][] NextTreehash, List<byte[]>[] CurrentStack, List<byte[]>[] NextStack, List<byte[]>[][] CurrentRetain, List<byte[]>[][] NextRetain,
GMSSLeaf[] NextNextLeaf, GMSSLeaf[] UpperLeaf, GMSSLeaf[] UpperTreehashLeaf, int[] MinTreehash, byte[][] NextRoot, GMSSRootCalc[] NextNextRoot, byte[][] CurrentRootSig,
GMSSRootSig[] NextRootSig, GMSSParameters ParameterSet, Digests Digest)
{
_msgDigestType = Digest;
// construct message digest
_msgDigestTrees = GetDigest(Digest);
_mdLength = _msgDigestTrees.DigestSize;
// Parameter
_gmssPS = ParameterSet;
_otsIndex = ParameterSet.WinternitzParameter;
_K = ParameterSet.K;
_heightOfTrees = ParameterSet.HeightOfTrees;
// initialize numLayer
_numLayer = _gmssPS.NumLayers;
// initialize index if null
if (Index == null)
{
_index = new int[_numLayer];
for (int i = 0; i < _numLayer; i++)
_index[i] = 0;
}
else
{
_index = Index;
}
_currentSeeds = CurrentSeeds;
_nextNextSeeds = NextNextSeeds;
_currentAuthPaths = CurrentAuthPaths;
_nextAuthPaths = NextAuthPaths;
// initialize keep if null
if (Keep == null)
{
_keep = new byte[_numLayer][][];
for (int i = 0; i < _numLayer; i++)
_keep[i] = ArrayUtils.CreateJagged<byte[][]>((int)Math.Floor((decimal)_heightOfTrees[i] / 2), _mdLength);
}
else
{
_keep = Keep;
}
// initialize stack if null
if (CurrentStack == null)
{
_currentStack = new List<byte[]>[_numLayer];
for (int i = 0; i < _numLayer; i++)
_currentStack[i] = new List<byte[]>();
}
else
{
_currentStack = CurrentStack;
}
// initialize nextStack if null
if (NextStack == null)
{
_nextStack = new List<byte[]>[_numLayer - 1];
for (int i = 0; i < _numLayer - 1; i++)
_nextStack[i] = new List<byte[]>();
}
else
{
_nextStack = NextStack;
}
_currentTreehash = CurrentTreehash;
_nextTreehash = NextTreehash;
_currentRetain = CurrentRetain;
_nextRetain = NextRetain;
_nextRoot = NextRoot;
if (NextNextRoot == null)
{
NextNextRoot = new GMSSRootCalc[_numLayer - 1];
for (int i = 0; i < _numLayer - 1; i++)
NextNextRoot[i] = new GMSSRootCalc(_heightOfTrees[i + 1], _K[i + 1], GetDigest(Digest));
}
else
{
_nextNextRoot = NextNextRoot;
}
_currentRootSig = CurrentRootSig;
// calculate numLeafs
_numLeafs = new int[_numLayer];
for (int i = 0; i < _numLayer; i++)
_numLeafs[i] = 1 << _heightOfTrees[i];
// construct PRNG
_gmssRandom = new GMSSRandom(_msgDigestTrees);
if (_numLayer > 1)
{
// construct the nextNextLeaf (LEAFs++) array for upcoming leafs in
// tree after next (TREE++)
if (NextNextLeaf == null)
{
_nextNextLeaf = new GMSSLeaf[_numLayer - 2];
for (int i = 0; i < _numLayer - 2; i++)
_nextNextLeaf[i] = new GMSSLeaf(GetDigest(Digest), _otsIndex[i + 1], _numLeafs[i + 2], _nextNextSeeds[i]);
}
else
{
_nextNextLeaf = NextNextLeaf;
}
}
else
{
_nextNextLeaf = new GMSSLeaf[0];
}
// construct the upperLeaf array for upcoming leafs in tree over the
// actual
if (UpperLeaf == null)
{
_upperLeaf = new GMSSLeaf[_numLayer - 1];
for (int i = 0; i < _numLayer - 1; i++)
_upperLeaf[i] = new GMSSLeaf(GetDigest(Digest), _otsIndex[i], _numLeafs[i + 1], _currentSeeds[i]);
}
else
{
_upperLeaf = UpperLeaf;
}
// construct the leafs for upcoming leafs in treehashs in tree over the actual
if (UpperTreehashLeaf == null)
{
_upperTreehashLeaf = new GMSSLeaf[_numLayer - 1];
for (int i = 0; i < _numLayer - 1; i++)
_upperTreehashLeaf[i] = new GMSSLeaf(GetDigest(Digest), _otsIndex[i], _numLeafs[i + 1]);
}
else
{
_upperTreehashLeaf = UpperTreehashLeaf;
}
if (MinTreehash == null)
{
_minTreehash = new int[_numLayer - 1];
for (int i = 0; i < _numLayer - 1; i++)
_minTreehash[i] = -1;
}
else
{
_minTreehash = MinTreehash;
}
// construct the nextRootSig (RootSig++)
byte[] dummy = new byte[_mdLength];
byte[] OTSseed = new byte[_mdLength];
if (NextRootSig == null)
{
_nextRootSig = new GMSSRootSig[_numLayer - 1];
for (int i = 0; i < _numLayer - 1; i++)
{
Array.Copy(CurrentSeeds[i], 0, dummy, 0, _mdLength);
_gmssRandom.NextSeed(dummy);
OTSseed = _gmssRandom.NextSeed(dummy);
_nextRootSig[i] = new GMSSRootSig(GetDigest(Digest), _otsIndex[i], _heightOfTrees[i + 1]);
_nextRootSig[i].InitSign(OTSseed, NextRoot[i]);
}
}
else
{
_nextRootSig = NextRootSig;
}
}
