/src/botan/build/include/botan/xmss_wots_publickey.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * XMSS WOTS Public Key |
3 | | * (C) 2016,2017,2018 Matthias Gierlings |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | **/ |
7 | | |
8 | | #ifndef BOTAN_XMSS_WOTS_PUBLICKEY_H_ |
9 | | #define BOTAN_XMSS_WOTS_PUBLICKEY_H_ |
10 | | |
11 | | #include <cstddef> |
12 | | #include <string> |
13 | | #include <vector> |
14 | | #include <botan/alg_id.h> |
15 | | #include <botan/rng.h> |
16 | | #include <botan/asn1_oid.h> |
17 | | #include <botan/exceptn.h> |
18 | | #include <botan/pk_keys.h> |
19 | | #include <botan/types.h> |
20 | | #include <botan/xmss_wots_parameters.h> |
21 | | #include <botan/xmss_address.h> |
22 | | #include <botan/xmss_hash.h> |
23 | | |
24 | | namespace Botan { |
25 | | |
26 | | typedef std::vector<secure_vector<uint8_t>> wots_keysig_t; |
27 | | |
28 | | /** |
29 | | * A Winternitz One Time Signature public key for use with Extended Hash-Based |
30 | | * Signatures. |
31 | | **/ |
32 | | class XMSS_WOTS_PublicKey : virtual public Public_Key |
33 | | { |
34 | | public: |
35 | | class TreeSignature final |
36 | | { |
37 | | public: |
38 | 0 | TreeSignature() = default; |
39 | | |
40 | | TreeSignature(const wots_keysig_t& ots_sig, |
41 | | const wots_keysig_t& auth_path) |
42 | | : m_ots_sig(ots_sig), m_auth_path(auth_path) |
43 | 0 | {} |
44 | | |
45 | | TreeSignature(wots_keysig_t&& ots_sig, |
46 | | wots_keysig_t&& auth_path) |
47 | | : m_ots_sig(std::move(ots_sig)), |
48 | | m_auth_path(std::move(auth_path)) |
49 | 0 | {} |
50 | | |
51 | | const wots_keysig_t& ots_signature() const |
52 | 0 | { |
53 | 0 | return m_ots_sig; |
54 | 0 | } |
55 | | |
56 | | wots_keysig_t& ots_signature() |
57 | 0 | { |
58 | 0 | return m_ots_sig; |
59 | 0 | } |
60 | | |
61 | | const wots_keysig_t& authentication_path() const |
62 | 0 | { |
63 | 0 | return m_auth_path; |
64 | 0 | } |
65 | | |
66 | | wots_keysig_t& authentication_path() |
67 | 0 | { |
68 | 0 | return m_auth_path; |
69 | 0 | } |
70 | | |
71 | | private: |
72 | | wots_keysig_t m_ots_sig; |
73 | | wots_keysig_t m_auth_path; |
74 | | }; |
75 | | |
76 | | /** |
77 | | * Creates a XMSS_WOTS_PublicKey for the signature method identified by |
78 | | * oid. The public seed for this key will be initialized with a |
79 | | * uniformly random n-byte value, where "n" is the element size of the |
80 | | * selected signature method. |
81 | | * |
82 | | * @param oid Identifier for the selected signature method. |
83 | | **/ |
84 | | XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid) |
85 | | : m_wots_params(oid), |
86 | 0 | m_hash(m_wots_params.hash_function_name()) {} |
87 | | |
88 | | /** |
89 | | * Creates a XMSS_WOTS_PublicKey for the signature method identified by |
90 | | * oid. The public seed for this key will be initialized with a |
91 | | * uniformly random n-byte value, where "n" is the element size of the |
92 | | * selected signature method. |
93 | | * |
94 | | * @param oid Identifier for the selected signature method. |
95 | | * @param rng A random number generate used to generate the public seed. |
96 | | **/ |
97 | | XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, |
98 | | RandomNumberGenerator& rng) |
99 | | : m_wots_params(oid), |
100 | | m_hash(m_wots_params.hash_function_name()), |
101 | 0 | m_public_seed(rng.random_vec(m_wots_params.element_size())) {} |
102 | | |
103 | | /** |
104 | | * Creates a XMSS_WOTS_PrivateKey for the signature method identified by |
105 | | * oid, with a precomputed public seed. |
106 | | * |
107 | | * @param oid Identifier for the selected signature method. |
108 | | * @param public_seed A precomputed public seed of n-bytes length. |
109 | | **/ |
110 | | XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, |
111 | | secure_vector<uint8_t> public_seed) |
112 | | : m_wots_params(oid), |
113 | | m_hash(m_wots_params.hash_function_name()), |
114 | 0 | m_public_seed(public_seed) {}Unexecuted instantiation: Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey(Botan::XMSS_WOTS_Parameters::ots_algorithm_t, std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> >) Unexecuted instantiation: Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey(Botan::XMSS_WOTS_Parameters::ots_algorithm_t, std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> >) |
115 | | |
116 | | /** |
117 | | * Creates a XMSS_WOTS_PublicKey for the signature method identified by |
118 | | * oid. The public seed will be initialized with a precomputed seed and |
119 | | * and precomputed key data which should be derived from a |
120 | | * XMSS_WOTS_PrivateKey. |
121 | | * |
122 | | * @param oid Ident:s/ifier for the selected signature methods. |
123 | | * @param public_seed A precomputed public seed of n-bytes length. |
124 | | * @param key Precomputed raw key data of the XMSS_WOTS_PublicKey. |
125 | | **/ |
126 | | XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, |
127 | | secure_vector<uint8_t>&& public_seed, |
128 | | wots_keysig_t&& key) |
129 | | : m_wots_params(oid), |
130 | | m_hash(m_wots_params.hash_function_name()), |
131 | | m_key(std::move(key)), |
132 | | m_public_seed(std::move(public_seed)) |
133 | 0 | {} |
134 | | |
135 | | /** |
136 | | * Creates a XMSS_WOTS_PublicKey for the signature method identified by |
137 | | * oid. The public seed will be initialized with a precomputed seed and |
138 | | * and precomputed key data which should be derived from a |
139 | | * XMSS_WOTS_PrivateKey. |
140 | | * |
141 | | * @param oid Identifier for the selected signature methods. |
142 | | * @param public_seed A precomputed public seed of n-bytes length. |
143 | | * @param key Precomputed raw key data of the XMSS_WOTS_PublicKey. |
144 | | **/ |
145 | | XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, |
146 | | const secure_vector<uint8_t>& public_seed, |
147 | | const wots_keysig_t& key) |
148 | | : m_wots_params(oid), |
149 | | m_hash(m_wots_params.hash_function_name()), |
150 | | m_key(key), |
151 | | m_public_seed(public_seed) |
152 | 0 | {} |
153 | | |
154 | | /** |
155 | | * Creates a XMSS_WOTS_PublicKey form a message and signature using |
156 | | * Algorithm 6 WOTS_pkFromSig defined in the XMSS standard. This |
157 | | * overload is used to verify a message using a public key. |
158 | | * |
159 | | * @param oid WOTSP algorithm identifier. |
160 | | * @param msg A message. |
161 | | * @param sig A WOTS signature for msg. |
162 | | * @param adrs An XMSS_Address. |
163 | | * @param public_seed The public public_seed. |
164 | | **/ |
165 | | XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, |
166 | | const secure_vector<uint8_t>& msg, |
167 | | const wots_keysig_t& sig, |
168 | | XMSS_Address& adrs, |
169 | | const secure_vector<uint8_t>& public_seed) |
170 | | : m_wots_params(oid), |
171 | | m_hash(m_wots_params.hash_function_name()), |
172 | | m_key(pub_key_from_signature(msg, |
173 | | sig, |
174 | | adrs, |
175 | | public_seed)), |
176 | | m_public_seed(public_seed) |
177 | 0 | {}Unexecuted instantiation: Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey(Botan::XMSS_WOTS_Parameters::ots_algorithm_t, std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> > const&, std::__1::vector<std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> >, std::__1::allocator<std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> > > > const&, Botan::XMSS_Address&, std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> > const&) Unexecuted instantiation: Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey(Botan::XMSS_WOTS_Parameters::ots_algorithm_t, std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> > const&, std::__1::vector<std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> >, std::__1::allocator<std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> > > > const&, Botan::XMSS_Address&, std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> > const&) |
178 | | |
179 | | /** |
180 | | * Retrieves the i-th element out of the length len chain of |
181 | | * n-byte elements contained in the public key. |
182 | | * |
183 | | * @param i index of the element. |
184 | | * @returns n-byte element addressed by i. |
185 | | **/ |
186 | 0 | const secure_vector<uint8_t>& operator[](size_t i) const { return m_key[i]; } |
187 | 0 | secure_vector<uint8_t>& operator[](size_t i) { return m_key[i]; } |
188 | | |
189 | | /** |
190 | | * Convert the key into the raw key data. The key becomes a length |
191 | | * len vector of n-byte elements. |
192 | | **/ |
193 | 0 | operator const wots_keysig_t& () const { return m_key; } |
194 | | |
195 | | /** |
196 | | * Convert the key into the raw key data. The key becomes a length |
197 | | * len vector of n-byte elements. |
198 | | **/ |
199 | 0 | operator wots_keysig_t& () { return m_key; } |
200 | | |
201 | 0 | const secure_vector<uint8_t>& public_seed() const { return m_public_seed; } |
202 | | |
203 | 0 | secure_vector<uint8_t>& public_seed() { return m_public_seed; } |
204 | | |
205 | | void set_public_seed(const secure_vector<uint8_t>& public_seed) |
206 | 0 | { |
207 | 0 | m_public_seed = public_seed; |
208 | 0 | } |
209 | | |
210 | | void set_public_seed(secure_vector<uint8_t>&& public_seed) |
211 | 0 | { |
212 | 0 | m_public_seed = std::move(public_seed); |
213 | 0 | } |
214 | | |
215 | 0 | const wots_keysig_t& key_data() const { return m_key; } |
216 | | |
217 | 0 | wots_keysig_t& key_data() { return m_key; } |
218 | | |
219 | | void set_key_data(const wots_keysig_t& key_data) |
220 | 0 | { |
221 | 0 | m_key = key_data; |
222 | 0 | } |
223 | | |
224 | | void set_key_data(wots_keysig_t&& key_data) |
225 | 0 | { |
226 | 0 | m_key = std::move(key_data); |
227 | 0 | } |
228 | | |
229 | | const XMSS_WOTS_Parameters& wots_parameters() const |
230 | 0 | { |
231 | 0 | return m_wots_params; |
232 | 0 | } |
233 | | |
234 | | std::string algo_name() const override |
235 | 0 | { |
236 | 0 | return m_wots_params.name(); |
237 | 0 | } |
238 | | |
239 | | AlgorithmIdentifier algorithm_identifier() const override |
240 | 0 | { |
241 | 0 | throw Not_Implemented("No AlgorithmIdentifier available for XMSS-WOTS."); |
242 | 0 | } |
243 | | |
244 | | bool check_key(RandomNumberGenerator&, bool) const override |
245 | 0 | { |
246 | 0 | return true; |
247 | 0 | } |
248 | | |
249 | | size_t estimated_strength() const override |
250 | 0 | { |
251 | 0 | return m_wots_params.estimated_strength(); |
252 | 0 | } |
253 | | |
254 | | size_t key_length() const override |
255 | 0 | { |
256 | 0 | return m_wots_params.estimated_strength(); |
257 | 0 | } |
258 | | |
259 | | std::vector<uint8_t> public_key_bits() const override |
260 | 0 | { |
261 | 0 | throw Not_Implemented("No key format defined for XMSS-WOTS"); |
262 | 0 | } |
263 | | |
264 | | bool operator==(const XMSS_WOTS_PublicKey& key) |
265 | 0 | { |
266 | 0 | return m_key == key.m_key; |
267 | 0 | } |
268 | | |
269 | | bool operator!=(const XMSS_WOTS_PublicKey& key) |
270 | 0 | { |
271 | 0 | return !(*this == key); |
272 | 0 | } |
273 | | |
274 | | protected: |
275 | | /** |
276 | | * Algorithm 2: Chaining Function. |
277 | | * |
278 | | * Takes an n-byte input string and transforms it into a the function |
279 | | * result iterating the cryptographic hash function "F" steps times on |
280 | | * the input x using the outputs of the PRNG "G". |
281 | | * |
282 | | * This overload is used in multithreaded scenarios, where it is |
283 | | * required to provide seperate instances of XMSS_Hash to each |
284 | | * thread. |
285 | | * |
286 | | * @param[out] x An n-byte input string, that will be transformed into |
287 | | * the chaining function result. |
288 | | * @param start_idx The start index. |
289 | | * @param steps A number of steps. |
290 | | * @param adrs An OTS Hash Address. |
291 | | * @param public_seed A public seed. |
292 | | * @param hash Instance of XMSS_Hash, that may only by the thead |
293 | | * executing chain. |
294 | | **/ |
295 | | void chain(secure_vector<uint8_t>& x, |
296 | | size_t start_idx, |
297 | | size_t steps, |
298 | | XMSS_Address& adrs, |
299 | | const secure_vector<uint8_t>& public_seed, |
300 | | XMSS_Hash& hash); |
301 | | |
302 | | /** |
303 | | * Algorithm 2: Chaining Function. |
304 | | * |
305 | | * Takes an n-byte input string and transforms it into a the function |
306 | | * result iterating the cryptographic hash function "F" steps times on |
307 | | * the input x using the outputs of the PRNG "G". |
308 | | * |
309 | | * @param[out] x An n-byte input string, that will be transformed into |
310 | | * the chaining function result. |
311 | | * @param start_idx The start index. |
312 | | * @param steps A number of steps. |
313 | | * @param adrs An OTS Hash Address. |
314 | | * @param public_seed A public seed. |
315 | | **/ |
316 | | inline void chain(secure_vector<uint8_t>& x, |
317 | | size_t start_idx, |
318 | | size_t steps, |
319 | | XMSS_Address& adrs, |
320 | | const secure_vector<uint8_t>& public_seed) |
321 | 0 | { |
322 | 0 | chain(x, start_idx, steps, adrs, public_seed, m_hash); |
323 | 0 | } |
324 | | |
325 | | XMSS_WOTS_Parameters m_wots_params; |
326 | | XMSS_Hash m_hash; |
327 | | wots_keysig_t m_key; |
328 | | secure_vector<uint8_t> m_public_seed; |
329 | | |
330 | | private: |
331 | | /** |
332 | | * Algorithm 6: "WOTS_pkFromSig" |
333 | | * Computes a Winternitz One Time Signature+ public key from a message and |
334 | | * its signature. |
335 | | * |
336 | | * @param msg A message. |
337 | | * @param sig The signature for msg. |
338 | | * @param adrs An address. |
339 | | * @param public_seed A public_seed. |
340 | | * |
341 | | * @return Temporary WOTS+ public key. |
342 | | **/ |
343 | | wots_keysig_t pub_key_from_signature( |
344 | | const secure_vector<uint8_t>& msg, |
345 | | const wots_keysig_t& sig, |
346 | | XMSS_Address& adrs, |
347 | | const secure_vector<uint8_t>& public_seed); |
348 | | }; |
349 | | |
350 | | } |
351 | | |
352 | | #endif |