Botan  1.10.9
Public Member Functions | Static Public Member Functions | List of all members
Botan::RTSS_Share Class Reference

#include <tss.h>

Public Member Functions

bool initialized () const
 
 RTSS_Share ()
 
 RTSS_Share (const std::string &hex_input)
 
byte share_id () const
 
size_t size () const
 
std::string to_string () const
 

Static Public Member Functions

static SecureVector< bytereconstruct (const std::vector< RTSS_Share > &shares)
 
static std::vector< RTSS_Sharesplit (byte M, byte N, const byte secret[], u16bit secret_len, const byte identifier[16], RandomNumberGenerator &rng)
 

Detailed Description

A split secret, using the format from draft-mcgrew-tss-03

Definition at line 21 of file tss.h.

Constructor & Destructor Documentation

Botan::RTSS_Share::RTSS_Share ( )
inline

Definition at line 44 of file tss.h.

44 {}
Botan::RTSS_Share::RTSS_Share ( const std::string &  hex_input)
Parameters
hex_inputthe share encoded in hexadecimal

Definition at line 107 of file tss.cpp.

References Botan::hex_decode().

108  {
109  contents = hex_decode(hex_input);
110  }
size_t hex_decode(byte output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws)
Definition: hex.cpp:55

Member Function Documentation

bool Botan::RTSS_Share::initialized ( ) const
inline
Returns
if this TSS share was initialized or not

Definition at line 69 of file tss.h.

Referenced by share_id().

69 { return (contents.size() > 0); }
size_t size() const
Definition: secmem.h:29
SecureVector< byte > Botan::RTSS_Share::reconstruct ( const std::vector< RTSS_Share > &  shares)
static
Parameters
sharesthe list of shares

Definition at line 182 of file tss.cpp.

References Botan::make_u16bit(), r, Botan::same_mem(), share_id(), and size().

183  {
184  const size_t RTSS_HEADER_SIZE = 20;
185 
186  for(size_t i = 0; i != shares.size(); ++i)
187  {
188  if(shares[i].size() != shares[0].size())
189  throw Decoding_Error("Different sized RTSS shares detected");
190  if(shares[i].share_id() == 0)
191  throw Decoding_Error("Invalid (id = 0) RTSS share detected");
192  if(shares[i].size() < RTSS_HEADER_SIZE)
193  throw Decoding_Error("Missing or malformed RTSS header");
194 
195  if(!same_mem(&shares[0].contents[0],
196  &shares[i].contents[0], RTSS_HEADER_SIZE))
197  throw Decoding_Error("Different RTSS headers detected");
198  }
199 
200  if(shares.size() < shares[0].contents[17])
201  throw Decoding_Error("Insufficient shares to do TSS reconstruction");
202 
203  u16bit secret_len = make_u16bit(shares[0].contents[18],
204  shares[0].contents[19]);
205 
206  byte hash_id = shares[0].contents[16];
207 
208  std::auto_ptr<HashFunction> hash(get_rtss_hash_by_id(hash_id));
209 
210  if(shares[0].size() != secret_len + hash->output_length() + RTSS_HEADER_SIZE + 1)
211  throw Decoding_Error("Bad RTSS length field in header");
212 
213  std::vector<byte> V(shares.size());
214  SecureVector<byte> secret;
215 
216  for(size_t i = RTSS_HEADER_SIZE + 1; i != shares[0].size(); ++i)
217  {
218  for(size_t j = 0; j != V.size(); ++j)
219  V[j] = shares[j].contents[i];
220 
221  byte r = 0;
222  for(size_t k = 0; k != shares.size(); ++k)
223  {
224  // L_i function:
225  byte r2 = 1;
226  for(size_t l = 0; l != shares.size(); ++l)
227  {
228  if(k == l)
229  continue;
230 
231  byte share_k = shares[k].share_id();
232  byte share_l = shares[l].share_id();
233 
234  if(share_k == share_l)
235  throw Decoding_Error("Duplicate shares found in RTSS recovery");
236 
237  byte div = RTSS_EXP[(255 +
238  RTSS_LOG[share_l] -
239  RTSS_LOG[share_k ^ share_l]) % 255];
240 
241  r2 = gfp_mul(r2, div);
242  }
243 
244  r ^= gfp_mul(V[k], r2);
245  }
246  secret.push_back(r);
247  }
248 
249  if(secret.size() != secret_len + hash->output_length())
250  throw Decoding_Error("Bad length in RTSS output");
251 
252  hash->update(&secret[0], secret_len);
253  SecureVector<byte> hash_check = hash->final();
254 
255  if(!same_mem(&hash_check[0],
256  &secret[secret_len], hash->output_length()))
257  throw Decoding_Error("RTSS hash check failed");
258 
259  return SecureVector<byte>(&secret[0], secret_len);
260  }
size_t size() const
Definition: tss.h:64
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:57
unsigned char byte
Definition: types.h:22
unsigned short u16bit
Definition: types.h:27
u16bit make_u16bit(byte i0, byte i1)
Definition: loadstor.h:47
BigInt r
Definition: numthry.cpp:26
byte share_id() const
Definition: tss.cpp:112
byte Botan::RTSS_Share::share_id ( ) const
Returns
share identifier

Definition at line 112 of file tss.cpp.

References initialized().

Referenced by reconstruct().

113  {
114  if(!initialized())
115  throw Invalid_State("RTSS_Share::share_id not initialized");
116 
117  return contents[20];
118  }
bool initialized() const
Definition: tss.h:69
size_t Botan::RTSS_Share::size ( ) const
inline
Returns
size of this share in bytes

Definition at line 64 of file tss.h.

Referenced by reconstruct().

64 { return contents.size(); }
size_t size() const
Definition: secmem.h:29
std::vector< RTSS_Share > Botan::RTSS_Share::split ( byte  M,
byte  N,
const byte  secret[],
u16bit  secret_len,
const byte  identifier[16],
RandomNumberGenerator rng 
)
static
Parameters
Mthe number of shares needed to reconstruct
Nthe number of shares generated
secretthe secret to split
secret_lenthe length of the secret
identifierthe 16 byte share identifier
rngthe random number generator to use

Definition at line 126 of file tss.cpp.

References Botan::get_byte(), Botan::SHA_256::name(), Botan::Buffered_Computation::process(), Botan::MemoryRegion< T >::push_back(), Botan::RandomNumberGenerator::randomize(), and Botan::MemoryRegion< T >::size().

130  {
131  if(M == 0 || N == 0 || M > N)
132  throw Encoding_Error("RTSS_Share::split: M == 0 or N == 0 or M > N");
133 
134  SHA_256 hash; // always use SHA-256 when generating shares
135 
136  std::vector<RTSS_Share> shares(N);
137 
138  // Create RTSS header in each share
139  for(byte i = 0; i != N; ++i)
140  {
141  shares[i].contents += std::make_pair(identifier, 16);
142  shares[i].contents += rtss_hash_id(hash.name());
143  shares[i].contents += M;
144  shares[i].contents += get_byte(0, S_len);
145  shares[i].contents += get_byte(1, S_len);
146  }
147 
148  // Choose sequential values for X starting from 1
149  for(byte i = 0; i != N; ++i)
150  shares[i].contents.push_back(i+1);
151 
152  // secret = S || H(S)
153  SecureVector<byte> secret(S, S_len);
154  secret += hash.process(S, S_len);
155 
156  for(size_t i = 0; i != secret.size(); ++i)
157  {
158  std::vector<byte> coefficients(M-1);
159  rng.randomize(&coefficients[0], coefficients.size());
160 
161  for(byte j = 0; j != N; ++j)
162  {
163  const byte X = j + 1;
164 
165  byte sum = secret[i];
166  byte X_i = X;
167 
168  for(size_t k = 0; k != coefficients.size(); ++k)
169  {
170  sum ^= gfp_mul(X_i, coefficients[k]);
171  X_i = gfp_mul(X_i, X);
172  }
173 
174  shares[j].contents.push_back(sum);
175  }
176  }
177 
178  return shares;
179  }
void push_back(T x)
Definition: secmem.h:143
byte get_byte(size_t byte_num, T input)
Definition: get_byte.h:21
unsigned char byte
Definition: types.h:22
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
std::string Botan::RTSS_Share::to_string ( ) const
Returns
hex representation

Definition at line 120 of file tss.cpp.

References Botan::hex_encode(), and Botan::MemoryRegion< T >::size().

121  {
122  return hex_encode(&contents[0], contents.size());
123  }
size_t size() const
Definition: secmem.h:29
void hex_encode(char output[], const byte input[], size_t input_length, bool uppercase)
Definition: hex.cpp:14

The documentation for this class was generated from the following files: