Coverage Report

Created: 2020-02-14 15:38

/src/botan/build/include/botan/xmss_publickey.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * XMSS Public Key
3
 * (C) 2016,2017 Matthias Gierlings
4
 * (C) 2019 René Korthaus, Rohde & Schwarz Cybersecurity
5
 *
6
 * Botan is released under the Simplified BSD License (see license.txt)
7
 **/
8
9
#ifndef BOTAN_XMSS_PUBLICKEY_H_
10
#define BOTAN_XMSS_PUBLICKEY_H_
11
12
#include <cstddef>
13
#include <iterator>
14
#include <memory>
15
#include <string>
16
#include <botan/alg_id.h>
17
#include <botan/asn1_oid.h>
18
#include <botan/der_enc.h>
19
#include <botan/exceptn.h>
20
#include <botan/rng.h>
21
#include <botan/types.h>
22
#include <botan/pk_keys.h>
23
#include <botan/xmss_parameters.h>
24
#include <botan/xmss_wots_parameters.h>
25
#include <botan/pk_ops.h>
26
27
namespace Botan {
28
29
class XMSS_Verification_Operation;
30
31
/**
32
 * An XMSS: Extended Hash-Based Signature public key.
33
 *
34
 * [1] XMSS: Extended Hash-Based Signatures,
35
 *     Request for Comments: 8391
36
 *     Release: May 2018.
37
 *     https://datatracker.ietf.org/doc/rfc8391/
38
 **/
39
class BOTAN_PUBLIC_API(2,0) XMSS_PublicKey : public virtual Public_Key
40
   {
41
   public:
42
      /**
43
       * Creates a new XMSS public key for the chosen XMSS signature method.
44
       * New public and prf seeds are generated using rng. The appropriate WOTS
45
       * signature method will be automatically set based on the chosen XMSS
46
       * signature method.
47
       *
48
       * @param xmss_oid Identifier for the selected XMSS signature method.
49
       * @param rng A random number generator to use for key generation.
50
       **/
51
      XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid,
52
                     RandomNumberGenerator& rng)
53
         : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()),
54
           m_root(m_xmss_params.element_size()),
55
0
           m_public_seed(rng.random_vec(m_xmss_params.element_size())) {}
56
57
      /**
58
       * Loads a public key.
59
       *
60
       * Public key must be encoded as in RFC
61
       * draft-vangeest-x509-hash-sigs-03.
62
       *
63
       * @param key_bits DER encoded public key bits
64
       */
65
      XMSS_PublicKey(const std::vector<uint8_t>& key_bits);
66
67
      /**
68
       * Creates a new XMSS public key for a chosen XMSS signature method as
69
       * well as pre-computed root node and public_seed values.
70
       *
71
       * @param xmss_oid Identifier for the selected XMSS signature method.
72
       * @param root Root node value.
73
       * @param public_seed Public seed value.
74
       **/
75
      XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid,
76
                     const secure_vector<uint8_t>& root,
77
                     const secure_vector<uint8_t>& public_seed)
78
         : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()),
79
0
           m_root(root), m_public_seed(public_seed) {}
80
81
      /**
82
       * Creates a new XMSS public key for a chosen XMSS signature method as
83
       * well as pre-computed root node and public_seed values.
84
       *
85
       * @param xmss_oid Identifier for the selected XMSS signature method.
86
       * @param root Root node value.
87
       * @param public_seed Public seed value.
88
       **/
89
      XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid,
90
                     secure_vector<uint8_t>&& root,
91
                     secure_vector<uint8_t>&& public_seed)
92
         : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()),
93
0
           m_root(std::move(root)), m_public_seed(std::move(public_seed)) {}
94
95
      /**
96
       * Retrieves the chosen XMSS signature method.
97
       *
98
       * @return XMSS signature method identifier.
99
       **/
100
      XMSS_Parameters::xmss_algorithm_t xmss_oid() const
101
0
         {
102
0
         return m_xmss_params.oid();
103
0
         }
104
105
      /**
106
       * Sets the chosen XMSS signature method
107
       **/
108
      void set_xmss_oid(XMSS_Parameters::xmss_algorithm_t xmss_oid)
109
0
         {
110
0
         m_xmss_params = XMSS_Parameters(xmss_oid);
111
0
         m_wots_params = XMSS_WOTS_Parameters(m_xmss_params.ots_oid());
112
0
         }
113
114
      /**
115
       * Retrieves the XMSS parameters determined by the chosen XMSS Signature
116
       * method.
117
       *
118
       * @return XMSS parameters.
119
       **/
120
      const XMSS_Parameters& xmss_parameters() const
121
0
         {
122
0
         return m_xmss_params;
123
0
         }
124
125
      /**
126
       * Retrieves the Winternitz One Time Signature (WOTS) method,
127
       * corresponding to the chosen XMSS signature method.
128
       *
129
       * @return XMSS WOTS signature method identifier.
130
       **/
131
      XMSS_WOTS_Parameters::ots_algorithm_t wots_oid() const
132
0
         {
133
0
         return m_wots_params.oid();
134
0
         }
135
136
      /**
137
       * Retrieves the Winternitz One Time Signature (WOTS) parameters
138
       * corresponding to the chosen XMSS signature method.
139
       *
140
       * @return XMSS WOTS signature method parameters.
141
       **/
142
      const XMSS_WOTS_Parameters& wots_parameters() const
143
0
         {
144
0
         return m_wots_params;
145
0
         }
146
147
      secure_vector<uint8_t>& root()
148
0
         {
149
0
         return m_root;
150
0
         }
151
152
      void set_root(const secure_vector<uint8_t>& root)
153
0
         {
154
0
         m_root = root;
155
0
         }
156
157
      void set_root(secure_vector<uint8_t>&& root)
158
0
         {
159
0
         m_root = std::move(root);
160
0
         }
161
162
      const secure_vector<uint8_t>& root() const
163
0
         {
164
0
         return m_root;
165
0
         }
166
167
      virtual secure_vector<uint8_t>& public_seed()
168
0
         {
169
0
         return m_public_seed;
170
0
         }
171
172
      virtual void set_public_seed(const secure_vector<uint8_t>& public_seed)
173
0
         {
174
0
         m_public_seed = public_seed;
175
0
         }
176
177
      virtual void set_public_seed(secure_vector<uint8_t>&& public_seed)
178
0
         {
179
0
         m_public_seed = std::move(public_seed);
180
0
         }
181
182
      virtual const secure_vector<uint8_t>& public_seed() const
183
0
         {
184
0
         return m_public_seed;
185
0
         }
186
187
      std::string algo_name() const override
188
0
         {
189
0
         return "XMSS";
190
0
         }
191
192
      AlgorithmIdentifier algorithm_identifier() const override
193
0
         {
194
0
         return AlgorithmIdentifier(get_oid(), AlgorithmIdentifier::USE_EMPTY_PARAM);
195
0
         }
196
197
      bool check_key(RandomNumberGenerator&, bool) const override
198
0
         {
199
0
         return true;
200
0
         }
201
202
      std::unique_ptr<PK_Ops::Verification>
203
      create_verification_op(const std::string&,
204
                             const std::string& provider) const override;
205
206
      size_t estimated_strength() const override
207
0
         {
208
0
         return m_xmss_params.estimated_strength();
209
0
         }
210
211
      size_t key_length() const override
212
0
         {
213
0
         return m_xmss_params.estimated_strength();
214
0
         }
215
216
      /**
217
       * Returns the encoded public key as defined in RFC
218
       * draft-vangeest-x509-hash-sigs-03.
219
       *
220
       * @return encoded public key bits
221
       **/
222
      std::vector<uint8_t> public_key_bits() const override
223
0
         {
224
0
         std::vector<uint8_t> output;
225
0
         DER_Encoder(output).encode(raw_public_key(), OCTET_STRING);
226
0
         return output;
227
0
         }
228
229
      /**
230
       * Size in bytes of the serialized XMSS public key produced by
231
       * raw_public_key().
232
       *
233
       * @return size in bytes of serialized Public Key.
234
       **/
235
      virtual size_t size() const
236
0
         {
237
0
         return sizeof(uint32_t) + 2 * m_xmss_params.element_size();
238
0
         }
239
240
      /**
241
       * Generates a byte sequence representing the XMSS
242
       * public key, as defined in [1] (p. 23, "XMSS Public Key")
243
       *
244
       * @return 4-byte OID, followed by n-byte root node, followed by
245
       *         public seed.
246
       **/
247
      virtual std::vector<uint8_t> raw_public_key() const;
248
249
   protected:
250
      std::vector<uint8_t> m_raw_key;
251
      XMSS_Parameters m_xmss_params;
252
      XMSS_WOTS_Parameters m_wots_params;
253
      secure_vector<uint8_t> m_root;
254
      secure_vector<uint8_t> m_public_seed;
255
256
   private:
257
      XMSS_Parameters::xmss_algorithm_t deserialize_xmss_oid(
258
         const std::vector<uint8_t>& raw_key);
259
   };
260
261
}
262
263
#endif