Coverage Report

Created: 2024-11-29 06:10

/src/botan/build/include/internal/botan/internal/cmce_keys_internal.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Classic McEliece key generation with Internal Private and Public Key classes
3
 * (C) 2023 Jack Lloyd
4
 *     2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity
5
 *
6
 * Botan is released under the Simplified BSD License (see license.txt)
7
 **/
8
9
#ifndef BOTAN_CMCE_KEYS_INTERNAL_H_
10
#define BOTAN_CMCE_KEYS_INTERNAL_H_
11
12
#include <botan/internal/cmce_field_ordering.h>
13
#include <botan/internal/cmce_matrix.h>
14
#include <botan/internal/cmce_parameters.h>
15
#include <botan/internal/cmce_poly.h>
16
#include <botan/internal/cmce_types.h>
17
18
namespace Botan {
19
20
class Classic_McEliece_PrivateKeyInternal;
21
22
/**
23
 * @brief Representation of a Classic McEliece public key.
24
 *
25
 * This class represents a Classic McEliece public key. It is used internally by the Classic McEliece
26
 * public key class and contains the following data:
27
 * - The Classic McEliece parameters
28
 * - The public key matrix
29
 */
30
class BOTAN_TEST_API Classic_McEliece_PublicKeyInternal {
31
   public:
32
      /**
33
       * @brief Construct a Classic McEliece public key.
34
       *
35
       * @param params The Classic McEliece parameters
36
       * @param matrix The public key matrix
37
       */
38
      Classic_McEliece_PublicKeyInternal(const Classic_McEliece_Parameters& params, Classic_McEliece_Matrix matrix) :
39
0
            m_params(params), m_matrix(std::move(matrix)) {
40
0
         BOTAN_ASSERT_NOMSG(m_matrix.bytes().size() == m_params.pk_size_bytes());
41
0
      }
42
43
      /**
44
       * @brief Create a Classic McEliece public key from a private key.
45
       *
46
       * Create the matrix from the private key values. Expects that the private key is valid, i.e.
47
       * the matrix creation works.
48
       *
49
       * @param sk The private key
50
       * @return The public key as a shared pointer
51
       */
52
      static std::shared_ptr<Classic_McEliece_PublicKeyInternal> create_from_private_key(
53
         const Classic_McEliece_PrivateKeyInternal& sk);
54
55
      /**
56
       * @brief Serializes the Classic McEliece public key as defined in Classic McEliece ISO Section 9.2.7.
57
       */
58
0
      std::vector<uint8_t> serialize() const { return m_matrix.bytes(); }
59
60
      /**
61
       * @brief The Classic McEliece matrix.
62
       */
63
0
      const Classic_McEliece_Matrix& matrix() const { return m_matrix; }
64
65
      /**
66
       * @brief The Classic McEliece parameters.
67
       */
68
0
      const Classic_McEliece_Parameters& params() const { return m_params; }
69
70
0
      constexpr void _const_time_unpoison() const { CT::unpoison(m_matrix); }
71
72
   private:
73
      Classic_McEliece_Parameters m_params;
74
      Classic_McEliece_Matrix m_matrix;
75
};
76
77
/**
78
 * @brief Representation of a Classic McEliece private key.
79
 *
80
 * This class represents a Classic McEliece private key. It is used internally by the Classic McEliece
81
 * private key class and contains the following data (see Classic McEliece ISO Section 9.2.12):
82
 * - The Classic McEliece parameters
83
 * - The seed delta
84
 * - The column selection pivot vector c
85
 * - The minimal polynomial g
86
 * - The field ordering alpha
87
 * - The seed s for implicit rejection
88
 */
89
class BOTAN_TEST_API Classic_McEliece_PrivateKeyInternal {
90
   public:
91
      /**
92
       * @brief Construct a Classic McEliece private key.
93
       *
94
       * @param params The Classic McEliece parameters
95
       * @param delta The seed delta
96
       * @param c The column selection pivot vector c
97
       * @param g The minimal polynomial g
98
       * @param alpha The field ordering alpha
99
       * @param s The seed s for implicit rejection
100
       */
101
      Classic_McEliece_PrivateKeyInternal(const Classic_McEliece_Parameters& params,
102
                                          CmceKeyGenSeed delta,
103
                                          CmceColumnSelection c,
104
                                          Classic_McEliece_Minimal_Polynomial g,
105
                                          Classic_McEliece_Field_Ordering alpha,
106
                                          CmceRejectionSeed s) :
107
0
            m_params(params),
108
0
            m_delta(std::move(delta)),
109
0
            m_c(std::move(c)),
110
0
            m_g(std::move(g)),
111
0
            m_field_ordering(std::move(alpha)),
112
0
            m_s(std::move(s)) {}
113
114
      /**
115
       * @brief Parses a Classic McEliece private key from a byte sequence.
116
       *
117
       * It also creates the field ordering from the control bits in @p sk_bytes.
118
       *
119
       * @param params The Classic McEliece parameters
120
       * @param sk_bytes The secret key byte sequence
121
       * @return the Classic McEliece private key
122
       */
123
      static Classic_McEliece_PrivateKeyInternal from_bytes(const Classic_McEliece_Parameters& params,
124
                                                            std::span<const uint8_t> sk_bytes);
125
126
      /**
127
       * @brief Serializes the Classic McEliece private key as defined in Classic McEliece ISO Section 9.2.12.
128
       *
129
       * @return the serialized Classic McEliece private key
130
       */
131
      secure_vector<uint8_t> serialize() const;
132
133
      /**
134
       * @brief The seed delta that was used to create the private key.
135
       */
136
0
      const CmceKeyGenSeed& delta() const { return m_delta; }
137
138
      /**
139
       * @brief The column selection pivot vector c as defined in Classic McEliece ISO Section 9.2.11.
140
       */
141
0
      const CmceColumnSelection& c() const { return m_c; }
142
143
      /**
144
       * @brief The minimal polynomial g.
145
       */
146
0
      const Classic_McEliece_Minimal_Polynomial& g() const { return m_g; }
147
148
      /**
149
       * @brief The field ordering alpha.
150
       */
151
0
      const Classic_McEliece_Field_Ordering& field_ordering() const { return m_field_ordering; }
152
153
      /**
154
       * @brief The seed s for implicit rejection on decryption failure.
155
       */
156
0
      const CmceRejectionSeed& s() const { return m_s; }
157
158
      /**
159
       * @brief The Classic McEliece parameters.
160
       */
161
0
      const Classic_McEliece_Parameters& params() const { return m_params; }
162
163
      /**
164
       * @brief Checks the private key for consistency with the first component delta, i.e.,
165
       * recomputes s as a hash of delta and checks equivalence with sk.s, checks the weight of c,
166
       * and checks the control bits. It also recomputes beta based on delta and recomputes g based on beta,
167
       * checking that g is equal to the value sk.s
168
       *
169
       * See NIST Impl. guide 6.3 Double-Checks on Private Keys.
170
       */
171
      bool check_key() const;
172
173
0
      constexpr void _const_time_poison() const { CT::poison_all(m_delta, m_c, m_g, m_field_ordering, m_s); }
174
175
0
      constexpr void _const_time_unpoison() const { CT::unpoison_all(m_delta, m_c, m_g, m_field_ordering, m_s); }
176
177
   private:
178
      Classic_McEliece_Parameters m_params;
179
      CmceKeyGenSeed m_delta;
180
      CmceColumnSelection m_c;
181
      Classic_McEliece_Minimal_Polynomial m_g;
182
      Classic_McEliece_Field_Ordering m_field_ordering;
183
      CmceRejectionSeed m_s;
184
};
185
186
/**
187
 * @brief Representation of a Classic McEliece key pair.
188
 */
189
struct BOTAN_TEST_API Classic_McEliece_KeyPair_Internal {
190
      std::shared_ptr<Classic_McEliece_PrivateKeyInternal> private_key;
191
      std::shared_ptr<Classic_McEliece_PublicKeyInternal> public_key;
192
193
      /**
194
       * @brief Generate a Classic McEliece key pair using the algorithm described
195
       * in Classic McEliece ISO Section 8.3
196
       */
197
      static Classic_McEliece_KeyPair_Internal generate(const Classic_McEliece_Parameters& params,
198
                                                        StrongSpan<const CmceInitialSeed> seed);
199
200
      /**
201
       * @brief Decompose the key pair into a pair of shared pointers to the private and public key.
202
       */
203
      std::pair<std::shared_ptr<Classic_McEliece_PrivateKeyInternal>,
204
                std::shared_ptr<Classic_McEliece_PublicKeyInternal>>
205
0
      decompose_to_pair() && {
206
0
         return {std::move(private_key), std::move(public_key)};
207
0
      }
208
};
209
210
}  // namespace Botan
211
212
#endif  // BOTAN_CMCE_KEYS_INTERNAL_H_