/src/botan/build/include/internal/botan/internal/cmce_keys_internal.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Classic McEliece key generation with Internal Private and Public Key classes |
3 | | * (C) 2023 Jack Lloyd |
4 | | * 2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | **/ |
8 | | |
9 | | #ifndef BOTAN_CMCE_KEYS_INTERNAL_H_ |
10 | | #define BOTAN_CMCE_KEYS_INTERNAL_H_ |
11 | | |
12 | | #include <botan/internal/cmce_field_ordering.h> |
13 | | #include <botan/internal/cmce_matrix.h> |
14 | | #include <botan/internal/cmce_parameters.h> |
15 | | #include <botan/internal/cmce_poly.h> |
16 | | #include <botan/internal/cmce_types.h> |
17 | | |
18 | | namespace Botan { |
19 | | |
20 | | class Classic_McEliece_PrivateKeyInternal; |
21 | | |
22 | | /** |
23 | | * @brief Representation of a Classic McEliece public key. |
24 | | * |
25 | | * This class represents a Classic McEliece public key. It is used internally by the Classic McEliece |
26 | | * public key class and contains the following data: |
27 | | * - The Classic McEliece parameters |
28 | | * - The public key matrix |
29 | | */ |
30 | | class BOTAN_TEST_API Classic_McEliece_PublicKeyInternal { |
31 | | public: |
32 | | /** |
33 | | * @brief Construct a Classic McEliece public key. |
34 | | * |
35 | | * @param params The Classic McEliece parameters |
36 | | * @param matrix The public key matrix |
37 | | */ |
38 | | Classic_McEliece_PublicKeyInternal(const Classic_McEliece_Parameters& params, Classic_McEliece_Matrix matrix) : |
39 | 0 | m_params(params), m_matrix(std::move(matrix)) { |
40 | 0 | BOTAN_ASSERT_NOMSG(m_matrix.bytes().size() == m_params.pk_size_bytes()); |
41 | 0 | } |
42 | | |
43 | | /** |
44 | | * @brief Create a Classic McEliece public key from a private key. |
45 | | * |
46 | | * Create the matrix from the private key values. Expects that the private key is valid, i.e. |
47 | | * the matrix creation works. |
48 | | * |
49 | | * @param sk The private key |
50 | | * @return The public key as a shared pointer |
51 | | */ |
52 | | static std::shared_ptr<Classic_McEliece_PublicKeyInternal> create_from_private_key( |
53 | | const Classic_McEliece_PrivateKeyInternal& sk); |
54 | | |
55 | | /** |
56 | | * @brief Serializes the Classic McEliece public key as defined in Classic McEliece ISO Section 9.2.7. |
57 | | */ |
58 | 0 | std::vector<uint8_t> serialize() const { return m_matrix.bytes(); } |
59 | | |
60 | | /** |
61 | | * @brief The Classic McEliece matrix. |
62 | | */ |
63 | 0 | const Classic_McEliece_Matrix& matrix() const { return m_matrix; } |
64 | | |
65 | | /** |
66 | | * @brief The Classic McEliece parameters. |
67 | | */ |
68 | 0 | const Classic_McEliece_Parameters& params() const { return m_params; } |
69 | | |
70 | 0 | constexpr void _const_time_unpoison() const { CT::unpoison(m_matrix); } |
71 | | |
72 | | private: |
73 | | Classic_McEliece_Parameters m_params; |
74 | | Classic_McEliece_Matrix m_matrix; |
75 | | }; |
76 | | |
77 | | /** |
78 | | * @brief Representation of a Classic McEliece private key. |
79 | | * |
80 | | * This class represents a Classic McEliece private key. It is used internally by the Classic McEliece |
81 | | * private key class and contains the following data (see Classic McEliece ISO Section 9.2.12): |
82 | | * - The Classic McEliece parameters |
83 | | * - The seed delta |
84 | | * - The column selection pivot vector c |
85 | | * - The minimal polynomial g |
86 | | * - The field ordering alpha |
87 | | * - The seed s for implicit rejection |
88 | | */ |
89 | | class BOTAN_TEST_API Classic_McEliece_PrivateKeyInternal { |
90 | | public: |
91 | | /** |
92 | | * @brief Construct a Classic McEliece private key. |
93 | | * |
94 | | * @param params The Classic McEliece parameters |
95 | | * @param delta The seed delta |
96 | | * @param c The column selection pivot vector c |
97 | | * @param g The minimal polynomial g |
98 | | * @param alpha The field ordering alpha |
99 | | * @param s The seed s for implicit rejection |
100 | | */ |
101 | | Classic_McEliece_PrivateKeyInternal(const Classic_McEliece_Parameters& params, |
102 | | CmceKeyGenSeed delta, |
103 | | CmceColumnSelection c, |
104 | | Classic_McEliece_Minimal_Polynomial g, |
105 | | Classic_McEliece_Field_Ordering alpha, |
106 | | CmceRejectionSeed s) : |
107 | 0 | m_params(params), |
108 | 0 | m_delta(std::move(delta)), |
109 | 0 | m_c(std::move(c)), |
110 | 0 | m_g(std::move(g)), |
111 | 0 | m_field_ordering(std::move(alpha)), |
112 | 0 | m_s(std::move(s)) {} |
113 | | |
114 | | /** |
115 | | * @brief Parses a Classic McEliece private key from a byte sequence. |
116 | | * |
117 | | * It also creates the field ordering from the control bits in @p sk_bytes. |
118 | | * |
119 | | * @param params The Classic McEliece parameters |
120 | | * @param sk_bytes The secret key byte sequence |
121 | | * @return the Classic McEliece private key |
122 | | */ |
123 | | static Classic_McEliece_PrivateKeyInternal from_bytes(const Classic_McEliece_Parameters& params, |
124 | | std::span<const uint8_t> sk_bytes); |
125 | | |
126 | | /** |
127 | | * @brief Serializes the Classic McEliece private key as defined in Classic McEliece ISO Section 9.2.12. |
128 | | * |
129 | | * @return the serialized Classic McEliece private key |
130 | | */ |
131 | | secure_vector<uint8_t> serialize() const; |
132 | | |
133 | | /** |
134 | | * @brief The seed delta that was used to create the private key. |
135 | | */ |
136 | 0 | const CmceKeyGenSeed& delta() const { return m_delta; } |
137 | | |
138 | | /** |
139 | | * @brief The column selection pivot vector c as defined in Classic McEliece ISO Section 9.2.11. |
140 | | */ |
141 | 0 | const CmceColumnSelection& c() const { return m_c; } |
142 | | |
143 | | /** |
144 | | * @brief The minimal polynomial g. |
145 | | */ |
146 | 0 | const Classic_McEliece_Minimal_Polynomial& g() const { return m_g; } |
147 | | |
148 | | /** |
149 | | * @brief The field ordering alpha. |
150 | | */ |
151 | 0 | const Classic_McEliece_Field_Ordering& field_ordering() const { return m_field_ordering; } |
152 | | |
153 | | /** |
154 | | * @brief The seed s for implicit rejection on decryption failure. |
155 | | */ |
156 | 0 | const CmceRejectionSeed& s() const { return m_s; } |
157 | | |
158 | | /** |
159 | | * @brief The Classic McEliece parameters. |
160 | | */ |
161 | 0 | const Classic_McEliece_Parameters& params() const { return m_params; } |
162 | | |
163 | | /** |
164 | | * @brief Checks the private key for consistency with the first component delta, i.e., |
165 | | * recomputes s as a hash of delta and checks equivalence with sk.s, checks the weight of c, |
166 | | * and checks the control bits. It also recomputes beta based on delta and recomputes g based on beta, |
167 | | * checking that g is equal to the value sk.s |
168 | | * |
169 | | * See NIST Impl. guide 6.3 Double-Checks on Private Keys. |
170 | | */ |
171 | | bool check_key() const; |
172 | | |
173 | 0 | constexpr void _const_time_poison() const { CT::poison_all(m_delta, m_c, m_g, m_field_ordering, m_s); } |
174 | | |
175 | 0 | constexpr void _const_time_unpoison() const { CT::unpoison_all(m_delta, m_c, m_g, m_field_ordering, m_s); } |
176 | | |
177 | | private: |
178 | | Classic_McEliece_Parameters m_params; |
179 | | CmceKeyGenSeed m_delta; |
180 | | CmceColumnSelection m_c; |
181 | | Classic_McEliece_Minimal_Polynomial m_g; |
182 | | Classic_McEliece_Field_Ordering m_field_ordering; |
183 | | CmceRejectionSeed m_s; |
184 | | }; |
185 | | |
186 | | /** |
187 | | * @brief Representation of a Classic McEliece key pair. |
188 | | */ |
189 | | struct BOTAN_TEST_API Classic_McEliece_KeyPair_Internal { |
190 | | std::shared_ptr<Classic_McEliece_PrivateKeyInternal> private_key; |
191 | | std::shared_ptr<Classic_McEliece_PublicKeyInternal> public_key; |
192 | | |
193 | | /** |
194 | | * @brief Generate a Classic McEliece key pair using the algorithm described |
195 | | * in Classic McEliece ISO Section 8.3 |
196 | | */ |
197 | | static Classic_McEliece_KeyPair_Internal generate(const Classic_McEliece_Parameters& params, |
198 | | StrongSpan<const CmceInitialSeed> seed); |
199 | | |
200 | | /** |
201 | | * @brief Decompose the key pair into a pair of shared pointers to the private and public key. |
202 | | */ |
203 | | std::pair<std::shared_ptr<Classic_McEliece_PrivateKeyInternal>, |
204 | | std::shared_ptr<Classic_McEliece_PublicKeyInternal>> |
205 | 0 | decompose_to_pair() && { |
206 | 0 | return {std::move(private_key), std::move(public_key)}; |
207 | 0 | } |
208 | | }; |
209 | | |
210 | | } // namespace Botan |
211 | | |
212 | | #endif // BOTAN_CMCE_KEYS_INTERNAL_H_ |