Botan  2.4.0
Crypto and TLS for C++11
xmss_privatekey.h
Go to the documentation of this file.
1 /*
2  * XMSS_PrivateKey.h
3  * (C) 2016,2017 Matthias Gierlings
4  *
5  * Botan is released under the Simplified BSD License (see license.txt)
6  **/
7 
8 #ifndef BOTAN_XMSS_PRIVATEKEY_H_
9 #define BOTAN_XMSS_PRIVATEKEY_H_
10 
11 #include <cstddef>
12 #include <iterator>
13 #include <memory>
14 #include <botan/alg_id.h>
15 #include <botan/exceptn.h>
16 #include <botan/pk_keys.h>
17 #include <botan/types.h>
18 #include <botan/xmss_parameters.h>
19 #include <botan/xmss_publickey.h>
20 #include <botan/atomic.h>
21 #include <botan/xmss_common_ops.h>
22 #include <botan/xmss_wots_privatekey.h>
23 #include <botan/xmss_index_registry.h>
24 
25 namespace Botan {
26 
27 /**
28  * An XMSS: Extended Hash-Based Signature private key.
29  * The XMSS private key does not support the X509 and PKCS7 standard. Instead
30  * the raw format described in [1] is used.
31  *
32  * [1] XMSS: Extended Hash-Based Signatures,
33  * draft-itrf-cfrg-xmss-hash-based-signatures-06
34  * Release: July 2016.
35  * https://datatracker.ietf.org/doc/
36  * draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
37  **/
38 class BOTAN_PUBLIC_API(2,0) XMSS_PrivateKey final : public virtual XMSS_PublicKey,
39  public XMSS_Common_Ops,
40  public virtual Private_Key
41  {
42  public:
43  /**
44  * Creates a new XMSS private key for the chosen XMSS signature method.
45  * New seeds for public/private key and pseudo random function input are
46  * generated using the provided RNG. The appropriate WOTS signature method
47  * will be automatically set based on the chosen XMSS signature method.
48  *
49  * @param xmss_algo_id Identifier for the selected XMSS signature method.
50  * @param rng A random number generator to use for key generation.
51  **/
54 
55  /**
56  * Creates an XMSS_PrivateKey from a byte sequence produced by
57  * raw_private_key().
58  *
59  * @param raw_key An XMSS private key serialized using raw_private_key().
60  **/
62 
63  /**
64  * Creates a new XMSS private key for the chosen XMSS signature method
65  * using precomputed seeds for public/private keys and pseudo random
66  * function input. The appropriate WOTS signature method will be
67  * automatically set, based on the chosen XMSS signature method.
68  *
69  * @param xmss_algo_id Identifier for the selected XMSS signature method.
70  * @param idx_leaf Index of the next unused leaf.
71  * @param wots_priv_seed A seed to generate a Winternitz-One-Time-
72  * Signature private key from.
73  * @param prf a secret n-byte key sourced from a secure source
74  * of uniformly random data.
75  * @param root Root node of the binary hash tree.
76  * @param public_seed The public seed.
77  **/
79  size_t idx_leaf,
80  const secure_vector<uint8_t>& wots_priv_seed,
81  const secure_vector<uint8_t>& prf,
82  const secure_vector<uint8_t>& root,
83  const secure_vector<uint8_t>& public_seed)
84  : XMSS_PublicKey(xmss_algo_id, root, public_seed),
85  XMSS_Common_Ops(xmss_algo_id),
86  m_wots_priv_key(XMSS_PublicKey::m_xmss_params.ots_oid(),
87  public_seed,
88  wots_priv_seed),
89  m_prf(prf),
90  m_index_reg(XMSS_Index_Registry::get_instance())
91  {
92  set_unused_leaf_index(idx_leaf);
93  }
94 
95  /**
96  * Retrieves the last unused leaf index of the private key. Reusing a leaf
97  * by utilizing leaf indices lower than the last unused leaf index will
98  * compromise security.
99  *
100  * @return Index of the last unused leaf.
101  **/
102  size_t unused_leaf_index() const
103  {
104  return *recover_global_leaf_index();
105  }
106 
107  /**
108  * Sets the last unused leaf index of the private key. The leaf index
109  * will be updated automatically during every signing operation, and
110  * should not be set manually.
111  *
112  * @param idx Index of the last unused leaf.
113  **/
114  void set_unused_leaf_index(size_t idx)
115  {
116  if(idx >= (1ull << (XMSS_PublicKey::m_xmss_params.tree_height() - 1)))
117  {
118  throw Integrity_Failure("XMSS private key leaf index out of "
119  "bounds.");
120  }
121  else
122  {
123  std::atomic<size_t>& index =
124  static_cast<std::atomic<size_t>&>(*recover_global_leaf_index());
125  size_t current = 0;
126 
127  do
128  {
129  current = index.load();
130  if(current > idx)
131  { return; }
132  }
133  while(!index.compare_exchange_strong(current, idx));
134  }
135  }
136 
138  {
139  size_t idx = (static_cast<std::atomic<size_t>&>(
140  *recover_global_leaf_index())).fetch_add(1);
141  if(idx >= (1ull << (XMSS_PublicKey::m_xmss_params.tree_height() - 1)))
142  {
143  throw Integrity_Failure("XMSS private key, one time signatures "
144  "exhausted.");
145  }
146  return idx;
147  }
148 
149  /**
150  * Winternitz One Time Signature Scheme key utilized for signing
151  * operations.
152  *
153  * @return WOTS+ private key.
154  **/
156  {
157  return m_wots_priv_key;
158  }
159 
160  /**
161  * Winternitz One Time Signature Scheme key utilized for signing
162  * operations.
163  *
164  * @return WOTS+ private key.
165  **/
167  {
168  return m_wots_priv_key;
169  }
170 
172  {
173  return m_prf;
174  }
175 
177  {
178  return m_prf;
179  }
180 
182  const secure_vector<uint8_t>& public_seed) override
183  {
184  m_public_seed = public_seed;
185  m_wots_priv_key.set_public_seed(public_seed);
186  }
187 
188  void set_public_seed(secure_vector<uint8_t>&& public_seed) override
189  {
190  m_public_seed = std::move(public_seed);
191  m_wots_priv_key.set_public_seed(m_public_seed);
192  }
193 
194  const secure_vector<uint8_t>& public_seed() const override
195  {
196  return m_public_seed;
197  }
198 
199  std::unique_ptr<PK_Ops::Signature>
200  create_signature_op(RandomNumberGenerator&,
201  const std::string&,
202  const std::string& provider) const override;
203 
205  {
206  return raw_private_key();
207  }
208 
209  size_t size() const override
210  {
211  return XMSS_PublicKey::size() +
212  sizeof(uint64_t) +
213  2 * XMSS_PublicKey::m_xmss_params.element_size();
214  }
215 
216  /**
217  * Generates a non standartized byte sequence representing the XMSS
218  * private key.
219  *
220  * @return byte sequence consisting of the following elements in order:
221  * 4-byte OID, n-byte root node, n-byte public seed,
222  * 8-byte unused leaf index, n-byte prf seed, n-byte private seed.
223  **/
224  secure_vector<uint8_t> raw_private_key() const;
225  /**
226  * Algorithm 9: "treeHash"
227  * Computes the internal n-byte nodes of a Merkle tree.
228  *
229  * @param start_idx The start index.
230  * @param target_node_height Height of the target node.
231  * @param adrs Address of the tree containing the target node.
232  *
233  * @return The root node of a tree of height target_node height with the
234  * leftmost leaf being the hash of the WOTS+ pk with index
235  * start_idx.
236  **/
237  secure_vector<uint8_t> tree_hash(
238  size_t start_idx,
239  size_t target_node_height,
240  XMSS_Address& adrs);
241 
242  private:
243  /**
244  * Fetches shared unused leaf index from the index registry
245  **/
246  std::shared_ptr<Atomic<size_t>> recover_global_leaf_index() const;
247 
248  inline void tree_hash_subtree(secure_vector<uint8_t>& result,
249  size_t start_idx,
250  size_t target_node_height,
251  XMSS_Address& adrs)
252  {
253  return tree_hash_subtree(result, start_idx, target_node_height, adrs, m_hash);
254  }
255 
256 
257  /**
258  * Helper for multithreaded tree hashing.
259  */
260  void tree_hash_subtree(secure_vector<uint8_t>& result,
261  size_t start_idx,
262  size_t target_node_height,
263  XMSS_Address& adrs,
264  XMSS_Hash& hash);
265 
266  XMSS_WOTS_PrivateKey m_wots_priv_key;
268  XMSS_Index_Registry& m_index_reg;
269  };
270 
271 }
272 
273 #endif
274 
const secure_vector< uint8_t > & public_seed() const override
const XMSS_WOTS_PrivateKey & wots_private_key() const
void set_public_seed(const secure_vector< uint8_t > &public_seed) override
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
void set_unused_leaf_index(size_t idx)
const secure_vector< uint8_t > & prf() const
virtual size_t size() const
size_t unused_leaf_index() const
secure_vector< uint8_t > private_key_bits() const override
size_t size() const override
void set_public_seed(secure_vector< uint8_t > &&public_seed) override
XMSS_PrivateKey(XMSS_Parameters::xmss_algorithm_t xmss_algo_id, size_t idx_leaf, const secure_vector< uint8_t > &wots_priv_seed, const secure_vector< uint8_t > &prf, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &public_seed)
Definition: alg_id.cpp:13
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
XMSS_Parameters m_xmss_params
XMSS_WOTS_PrivateKey & wots_private_key()
MechanismType hash
secure_vector< uint8_t > & prf()