Botan 2.19.1
Crypto and TLS for C&
xmss_publickey.cpp
Go to the documentation of this file.
1/*
2 * XMSS Public Key
3 * An XMSS: Extended Hash-Based Siganture public key.
4 * The XMSS public key does not support the X509 standard. Instead the
5 * raw format described in [1] is used.
6 *
7 * [1] XMSS: Extended Hash-Based Signatures,
8 * Request for Comments: 8391
9 * Release: May 2018.
10 * https://datatracker.ietf.org/doc/rfc8391/
11 *
12 * (C) 2016,2017 Matthias Gierlings
13 *
14 * Botan is released under the Simplified BSD License (see license.txt)
15 **/
16
17#include <botan/xmss.h>
18#include <botan/internal/xmss_verification_operation.h>
19#include <botan/der_enc.h>
20#include <botan/ber_dec.h>
21#include <iterator>
22
23namespace Botan {
24
25namespace {
26
27// fall back to raw decoding for previous versions, which did not encode an OCTET STRING
28std::vector<uint8_t> extract_raw_key(const std::vector<uint8_t>& key_bits)
29 {
30 std::vector<uint8_t> raw_key;
31 try
32 {
33 BER_Decoder(key_bits).decode(raw_key, OCTET_STRING);
34 }
35 catch(Decoding_Error&)
36 {
37 raw_key = key_bits;
38 }
39 return raw_key;
40 }
41
42}
43
46 : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()),
47 m_root(m_xmss_params.element_size()),
48 m_public_seed(rng.random_vec(m_xmss_params.element_size()))
49 {}
50
51XMSS_PublicKey::XMSS_PublicKey(const std::vector<uint8_t>& key_bits)
52 : m_raw_key(extract_raw_key(key_bits)),
53 m_xmss_params(XMSS_PublicKey::deserialize_xmss_oid(m_raw_key)),
54 m_wots_params(m_xmss_params.ots_oid())
55 {
56 if(m_raw_key.size() < XMSS_PublicKey::size())
57 {
58 throw Decoding_Error("Invalid XMSS public key size detected");
59 }
60
61 // extract & copy root from raw key
62 m_root.clear();
64 auto begin = m_raw_key.begin() + sizeof(uint32_t);
65 auto end = begin + m_xmss_params.element_size();
66 std::copy(begin, end, std::back_inserter(m_root));
67
68 // extract & copy public seed from raw key
69 begin = end;
70 end = begin + m_xmss_params.element_size();
71 m_public_seed.clear();
73 std::copy(begin, end, std::back_inserter(m_public_seed));
74 }
75
77XMSS_PublicKey::deserialize_xmss_oid(const std::vector<uint8_t>& raw_key)
78 {
79 if(raw_key.size() < 4)
80 {
81 throw Decoding_Error("XMSS signature OID missing.");
82 }
83
84 // extract and convert algorithm id to enum type
85 uint32_t raw_id = 0;
86 for(size_t i = 0; i < 4; i++)
87 { raw_id = ((raw_id << 8) | raw_key[i]); }
88
89 return static_cast<XMSS_Parameters::xmss_algorithm_t>(raw_id);
90 }
91
92std::unique_ptr<PK_Ops::Verification>
94 const std::string& provider) const
95 {
96 if(provider == "base" || provider.empty())
97 {
98 return std::unique_ptr<PK_Ops::Verification>(
100 }
101 throw Provider_Not_Found(algo_name(), provider);
102 }
103
104std::vector<uint8_t> XMSS_PublicKey::raw_public_key() const
105 {
106 std::vector<uint8_t> result
107 {
108 static_cast<uint8_t>(m_xmss_params.oid() >> 24),
109 static_cast<uint8_t>(m_xmss_params.oid() >> 16),
110 static_cast<uint8_t>(m_xmss_params.oid() >> 8),
111 static_cast<uint8_t>(m_xmss_params.oid())
112 };
113
114 std::copy(m_root.begin(), m_root.end(), std::back_inserter(result));
115 std::copy(m_public_seed.begin(),
116 m_public_seed.end(),
117 std::back_inserter(result));
118
119 return result;
120 }
121
122std::vector<uint8_t> XMSS_PublicKey::public_key_bits() const
123 {
124 std::vector<uint8_t> output;
126 return output;
127 }
128
129}
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:285
xmss_algorithm_t oid() const
size_t element_size() const
secure_vector< uint8_t > m_root
Definition: xmss.h:247
std::vector< uint8_t > public_key_bits() const override
secure_vector< uint8_t > m_public_seed
Definition: xmss.h:248
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
std::vector< uint8_t > m_raw_key
Definition: xmss.h:244
virtual std::vector< uint8_t > raw_public_key() const
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string &, const std::string &provider) const override
std::string algo_name() const override
Definition: xmss.h:186
XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, RandomNumberGenerator &rng)
virtual size_t size() const
Definition: xmss.h:229
Definition: alg_id.cpp:13
@ OCTET_STRING
Definition: asn1_obj.h:38