/src/botan/build/include/botan/xmss_publickey.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * XMSS Public Key |
3 | | * (C) 2016,2017 Matthias Gierlings |
4 | | * (C) 2019 René Korthaus, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | **/ |
8 | | |
9 | | #ifndef BOTAN_XMSS_PUBLICKEY_H_ |
10 | | #define BOTAN_XMSS_PUBLICKEY_H_ |
11 | | |
12 | | #include <cstddef> |
13 | | #include <iterator> |
14 | | #include <memory> |
15 | | #include <string> |
16 | | #include <botan/alg_id.h> |
17 | | #include <botan/asn1_oid.h> |
18 | | #include <botan/der_enc.h> |
19 | | #include <botan/exceptn.h> |
20 | | #include <botan/rng.h> |
21 | | #include <botan/types.h> |
22 | | #include <botan/pk_keys.h> |
23 | | #include <botan/xmss_parameters.h> |
24 | | #include <botan/xmss_wots_parameters.h> |
25 | | #include <botan/pk_ops.h> |
26 | | |
27 | | namespace Botan { |
28 | | |
29 | | class XMSS_Verification_Operation; |
30 | | |
31 | | /** |
32 | | * An XMSS: Extended Hash-Based Signature public key. |
33 | | * |
34 | | * [1] XMSS: Extended Hash-Based Signatures, |
35 | | * Request for Comments: 8391 |
36 | | * Release: May 2018. |
37 | | * https://datatracker.ietf.org/doc/rfc8391/ |
38 | | **/ |
39 | | class BOTAN_PUBLIC_API(2,0) XMSS_PublicKey : public virtual Public_Key |
40 | | { |
41 | | public: |
42 | | /** |
43 | | * Creates a new XMSS public key for the chosen XMSS signature method. |
44 | | * New public and prf seeds are generated using rng. The appropriate WOTS |
45 | | * signature method will be automatically set based on the chosen XMSS |
46 | | * signature method. |
47 | | * |
48 | | * @param xmss_oid Identifier for the selected XMSS signature method. |
49 | | * @param rng A random number generator to use for key generation. |
50 | | **/ |
51 | | XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, |
52 | | RandomNumberGenerator& rng) |
53 | | : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()), |
54 | | m_root(m_xmss_params.element_size()), |
55 | 0 | m_public_seed(rng.random_vec(m_xmss_params.element_size())) {} |
56 | | |
57 | | /** |
58 | | * Loads a public key. |
59 | | * |
60 | | * Public key must be encoded as in RFC |
61 | | * draft-vangeest-x509-hash-sigs-03. |
62 | | * |
63 | | * @param key_bits DER encoded public key bits |
64 | | */ |
65 | | XMSS_PublicKey(const std::vector<uint8_t>& key_bits); |
66 | | |
67 | | /** |
68 | | * Creates a new XMSS public key for a chosen XMSS signature method as |
69 | | * well as pre-computed root node and public_seed values. |
70 | | * |
71 | | * @param xmss_oid Identifier for the selected XMSS signature method. |
72 | | * @param root Root node value. |
73 | | * @param public_seed Public seed value. |
74 | | **/ |
75 | | XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, |
76 | | const secure_vector<uint8_t>& root, |
77 | | const secure_vector<uint8_t>& public_seed) |
78 | | : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()), |
79 | 0 | m_root(root), m_public_seed(public_seed) {} |
80 | | |
81 | | /** |
82 | | * Creates a new XMSS public key for a chosen XMSS signature method as |
83 | | * well as pre-computed root node and public_seed values. |
84 | | * |
85 | | * @param xmss_oid Identifier for the selected XMSS signature method. |
86 | | * @param root Root node value. |
87 | | * @param public_seed Public seed value. |
88 | | **/ |
89 | | XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, |
90 | | secure_vector<uint8_t>&& root, |
91 | | secure_vector<uint8_t>&& public_seed) |
92 | | : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()), |
93 | 0 | m_root(std::move(root)), m_public_seed(std::move(public_seed)) {} |
94 | | |
95 | | /** |
96 | | * Retrieves the chosen XMSS signature method. |
97 | | * |
98 | | * @return XMSS signature method identifier. |
99 | | **/ |
100 | | XMSS_Parameters::xmss_algorithm_t xmss_oid() const |
101 | 0 | { |
102 | 0 | return m_xmss_params.oid(); |
103 | 0 | } |
104 | | |
105 | | /** |
106 | | * Sets the chosen XMSS signature method |
107 | | **/ |
108 | | void set_xmss_oid(XMSS_Parameters::xmss_algorithm_t xmss_oid) |
109 | 0 | { |
110 | 0 | m_xmss_params = XMSS_Parameters(xmss_oid); |
111 | 0 | m_wots_params = XMSS_WOTS_Parameters(m_xmss_params.ots_oid()); |
112 | 0 | } |
113 | | |
114 | | /** |
115 | | * Retrieves the XMSS parameters determined by the chosen XMSS Signature |
116 | | * method. |
117 | | * |
118 | | * @return XMSS parameters. |
119 | | **/ |
120 | | const XMSS_Parameters& xmss_parameters() const |
121 | 0 | { |
122 | 0 | return m_xmss_params; |
123 | 0 | } |
124 | | |
125 | | /** |
126 | | * Retrieves the XMSS parameters determined by the chosen XMSS Signature |
127 | | * method. |
128 | | * |
129 | | * @return XMSS parameters. |
130 | | **/ |
131 | | std::string xmss_hash_function() const |
132 | 0 | { |
133 | 0 | return m_xmss_params.hash_function_name(); |
134 | 0 | } |
135 | | |
136 | | /** |
137 | | * Retrieves the Winternitz One Time Signature (WOTS) method, |
138 | | * corresponding to the chosen XMSS signature method. |
139 | | * |
140 | | * @return XMSS WOTS signature method identifier. |
141 | | **/ |
142 | | XMSS_WOTS_Parameters::ots_algorithm_t wots_oid() const |
143 | 0 | { |
144 | 0 | return m_wots_params.oid(); |
145 | 0 | } |
146 | | |
147 | | /** |
148 | | * Retrieves the Winternitz One Time Signature (WOTS) parameters |
149 | | * corresponding to the chosen XMSS signature method. |
150 | | * |
151 | | * @return XMSS WOTS signature method parameters. |
152 | | **/ |
153 | | const XMSS_WOTS_Parameters& wots_parameters() const |
154 | 0 | { |
155 | 0 | return m_wots_params; |
156 | 0 | } |
157 | | |
158 | | secure_vector<uint8_t>& root() |
159 | 0 | { |
160 | 0 | return m_root; |
161 | 0 | } |
162 | | |
163 | | void set_root(const secure_vector<uint8_t>& root) |
164 | 0 | { |
165 | 0 | m_root = root; |
166 | 0 | } |
167 | | |
168 | | void set_root(secure_vector<uint8_t>&& root) |
169 | 0 | { |
170 | 0 | m_root = std::move(root); |
171 | 0 | } |
172 | | |
173 | | const secure_vector<uint8_t>& root() const |
174 | 0 | { |
175 | 0 | return m_root; |
176 | 0 | } |
177 | | |
178 | | virtual secure_vector<uint8_t>& public_seed() |
179 | 0 | { |
180 | 0 | return m_public_seed; |
181 | 0 | } |
182 | | |
183 | | virtual void set_public_seed(const secure_vector<uint8_t>& public_seed) |
184 | 0 | { |
185 | 0 | m_public_seed = public_seed; |
186 | 0 | } |
187 | | |
188 | | virtual void set_public_seed(secure_vector<uint8_t>&& public_seed) |
189 | 0 | { |
190 | 0 | m_public_seed = std::move(public_seed); |
191 | 0 | } |
192 | | |
193 | | virtual const secure_vector<uint8_t>& public_seed() const |
194 | 0 | { |
195 | 0 | return m_public_seed; |
196 | 0 | } |
197 | | |
198 | | std::string algo_name() const override |
199 | 0 | { |
200 | 0 | return "XMSS"; |
201 | 0 | } |
202 | | |
203 | | AlgorithmIdentifier algorithm_identifier() const override |
204 | 0 | { |
205 | 0 | return AlgorithmIdentifier(get_oid(), AlgorithmIdentifier::USE_EMPTY_PARAM); |
206 | 0 | } |
207 | | |
208 | | bool check_key(RandomNumberGenerator&, bool) const override |
209 | 0 | { |
210 | 0 | return true; |
211 | 0 | } |
212 | | |
213 | | std::unique_ptr<PK_Ops::Verification> |
214 | | create_verification_op(const std::string&, |
215 | | const std::string& provider) const override; |
216 | | |
217 | | size_t estimated_strength() const override |
218 | 0 | { |
219 | 0 | return m_xmss_params.estimated_strength(); |
220 | 0 | } |
221 | | |
222 | | size_t key_length() const override |
223 | 0 | { |
224 | 0 | return m_xmss_params.estimated_strength(); |
225 | 0 | } |
226 | | |
227 | | /** |
228 | | * Returns the encoded public key as defined in RFC |
229 | | * draft-vangeest-x509-hash-sigs-03. |
230 | | * |
231 | | * @return encoded public key bits |
232 | | **/ |
233 | | std::vector<uint8_t> public_key_bits() const override |
234 | 0 | { |
235 | 0 | std::vector<uint8_t> output; |
236 | 0 | DER_Encoder(output).encode(raw_public_key(), OCTET_STRING); |
237 | 0 | return output; |
238 | 0 | } |
239 | | |
240 | | /** |
241 | | * Size in bytes of the serialized XMSS public key produced by |
242 | | * raw_public_key(). |
243 | | * |
244 | | * @return size in bytes of serialized Public Key. |
245 | | **/ |
246 | | virtual size_t size() const |
247 | 0 | { |
248 | 0 | return sizeof(uint32_t) + 2 * m_xmss_params.element_size(); |
249 | 0 | } |
250 | | |
251 | | /** |
252 | | * Generates a byte sequence representing the XMSS |
253 | | * public key, as defined in [1] (p. 23, "XMSS Public Key") |
254 | | * |
255 | | * @return 4-byte OID, followed by n-byte root node, followed by |
256 | | * public seed. |
257 | | **/ |
258 | | virtual std::vector<uint8_t> raw_public_key() const; |
259 | | |
260 | | protected: |
261 | | std::vector<uint8_t> m_raw_key; |
262 | | XMSS_Parameters m_xmss_params; |
263 | | XMSS_WOTS_Parameters m_wots_params; |
264 | | secure_vector<uint8_t> m_root; |
265 | | secure_vector<uint8_t> m_public_seed; |
266 | | |
267 | | private: |
268 | | XMSS_Parameters::xmss_algorithm_t deserialize_xmss_oid( |
269 | | const std::vector<uint8_t>& raw_key); |
270 | | }; |
271 | | |
272 | | } |
273 | | |
274 | | #endif |