/src/botan/build/include/internal/botan/internal/xmss_wots.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * XMSS WOTS |
3 | | * (C) 2016,2018 Matthias Gierlings |
4 | | * 2023 René Meusel - Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | **/ |
8 | | |
9 | | #ifndef BOTAN_XMSS_WOTS_H_ |
10 | | #define BOTAN_XMSS_WOTS_H_ |
11 | | |
12 | | #include <botan/asn1_obj.h> |
13 | | #include <botan/exceptn.h> |
14 | | #include <botan/pk_keys.h> |
15 | | #include <botan/rng.h> |
16 | | #include <botan/secmem.h> |
17 | | #include <botan/xmss_parameters.h> |
18 | | #include <botan/internal/xmss_hash.h> |
19 | | #include <map> |
20 | | #include <memory> |
21 | | #include <string> |
22 | | #include <vector> |
23 | | |
24 | | namespace Botan { |
25 | | |
26 | | class XMSS_Address; |
27 | | class XMSS_WOTS_PrivateKey; |
28 | | |
29 | | typedef std::vector<secure_vector<uint8_t>> wots_keysig_t; |
30 | | |
31 | | class XMSS_WOTS_Base { |
32 | | public: |
33 | 0 | XMSS_WOTS_Base(XMSS_WOTS_Parameters params) : m_params(std::move(params)) {} |
34 | | |
35 | | XMSS_WOTS_Base(XMSS_WOTS_Parameters params, wots_keysig_t key_data) : |
36 | 0 | m_params(std::move(params)), m_key_data(std::move(key_data)) {} |
37 | | |
38 | 0 | const wots_keysig_t& key_data() const { return m_key_data; } |
39 | | |
40 | | protected: |
41 | | XMSS_WOTS_Parameters m_params; |
42 | | wots_keysig_t m_key_data; |
43 | | }; |
44 | | |
45 | | /** |
46 | | * A Winternitz One Time Signature public key for use with Extended Hash-Based |
47 | | * Signatures. |
48 | | **/ |
49 | | class XMSS_WOTS_PublicKey : public XMSS_WOTS_Base { |
50 | | public: |
51 | | /** |
52 | | * Algorithm 4: "WOTS_genPK" |
53 | | * Initializes a Winternitz One Time Signature+ (WOTS+) Public Key's |
54 | | * key data, with passed-in private key data using the WOTS chaining |
55 | | * function. |
56 | | * |
57 | | * This overload is used in multithreaded scenarios, where it is |
58 | | * required to provide seperate instances of XMSS_Hash to each |
59 | | * thread. |
60 | | * |
61 | | * @param params The WOTS parameters to use |
62 | | * @param public_seed The public seed for the public key generation |
63 | | * @param private_key The private key to derive the public key from |
64 | | * @param adrs The address of the key to retrieve. |
65 | | * @param hash Instance of XMSS_Hash, that may only be used by the |
66 | | * thread executing at. |
67 | | **/ |
68 | | XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters params, |
69 | | std::span<const uint8_t> public_seed, |
70 | | const XMSS_WOTS_PrivateKey& private_key, |
71 | | XMSS_Address& adrs, |
72 | | XMSS_Hash& hash); |
73 | | |
74 | | /** |
75 | | * Creates a XMSS_WOTS_PublicKey from a message and signature using |
76 | | * Algorithm 6 WOTS_pkFromSig defined in the XMSS standard. This |
77 | | * overload is used to verify a message using a public key. |
78 | | * |
79 | | * @param params The WOTS parameters to use |
80 | | * @param public_seed The public seed to derive the key with |
81 | | * @param signature A WOTS signature for msg. |
82 | | * @param msg A message. |
83 | | * @param adrs The address of the key to retrieve. |
84 | | * @param hash Instance of XMSS_Hash, that may only be used by the |
85 | | * thread executing at. |
86 | | */ |
87 | | XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters params, |
88 | | std::span<const uint8_t> public_seed, |
89 | | wots_keysig_t signature, |
90 | | const secure_vector<uint8_t>& msg, |
91 | | XMSS_Address& adrs, |
92 | | XMSS_Hash& hash); |
93 | | }; |
94 | | |
95 | | /** A Winternitz One Time Signature private key for use with Extended Hash-Based |
96 | | * Signatures. |
97 | | **/ |
98 | | class XMSS_WOTS_PrivateKey : public XMSS_WOTS_Base { |
99 | | public: |
100 | | /** |
101 | | * Algorithm 3: "Generating a WOTS+ Private Key". |
102 | | * Generates a private key. |
103 | | * |
104 | | * Note that this is implemented according to the recommendations |
105 | | * in NIST SP.800-208 Section 6.2 to avoid a multi-target attack |
106 | | * vulnerability. This _does not_ influence the sign/verify |
107 | | * interoperability with implementations that do not implement this |
108 | | * recommendation. |
109 | | * |
110 | | * This overload is used in multithreaded scenarios, where it is |
111 | | * required to provide seperate instances of XMSS_Hash to each thread. |
112 | | * |
113 | | * @param params The WOTS parameters to use |
114 | | * @param public_seed The public seed for the private key generation |
115 | | * @param private_seed The private seed for the private key generation |
116 | | * @param adrs The address of the key to retrieve. |
117 | | * @param hash Instance of XMSS_Hash, that may only be used by the |
118 | | * thread executing at. |
119 | | **/ |
120 | | XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters params, |
121 | | std::span<const uint8_t> public_seed, |
122 | | std::span<const uint8_t> private_seed, |
123 | | XMSS_Address adrs, |
124 | | XMSS_Hash& hash); |
125 | | |
126 | | /** |
127 | | * Constructor for the old derivation logic. |
128 | | * Creates a WOTS+ private key using the old key derivation logic, i.e. |
129 | | * the logic WITHOUT the recommendations in NIST SP.800-208. It is used |
130 | | * to support XMSS_PrivateKeys created before the derivation logic was |
131 | | * updated. |
132 | | * |
133 | | * @param params The WOTS parameters to use |
134 | | * @param private_seed The private seed for the private key generation |
135 | | * @param adrs The address of the key to retrieve. |
136 | | * @param hash Instance of XMSS_Hash, that may only be used by the |
137 | | * thread executing it. |
138 | | **/ |
139 | | XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters params, |
140 | | std::span<const uint8_t> private_seed, |
141 | | XMSS_Address adrs, |
142 | | XMSS_Hash& hash); |
143 | | |
144 | | /** |
145 | | * Algorithm 5: "WOTS_sign" |
146 | | * Generates a signature from a private key and a message. |
147 | | * |
148 | | * This overload is used in multithreaded scenarios, where it is |
149 | | * required to provide seperate instances of XMSS_Hash to each |
150 | | * thread. |
151 | | * |
152 | | * @param msg A message to sign. |
153 | | * @param public_seed The public seed to use for the signature |
154 | | * @param adrs An OTS hash address identifying the WOTS+ key pair |
155 | | * used for signing. |
156 | | * @param hash Instance of XMSS_Hash, that may only be used by the |
157 | | * thread executing sign. |
158 | | * |
159 | | * @return signature for msg. |
160 | | **/ |
161 | | wots_keysig_t sign(const secure_vector<uint8_t>& msg, |
162 | | std::span<const uint8_t> public_seed, |
163 | | XMSS_Address& adrs, |
164 | | XMSS_Hash& hash); |
165 | | }; |
166 | | |
167 | | } // namespace Botan |
168 | | |
169 | | #endif |