Botan  2.15.0
Crypto and TLS for C++11
xmss_publickey.h
Go to the documentation of this file.
1 /*
2  * XMSS Public Key
3  * (C) 2016,2017 Matthias Gierlings
4  * (C) 2019 RenĂ© Korthaus, Rohde & Schwarz Cybersecurity
5  *
6  * Botan is released under the Simplified BSD License (see license.txt)
7  **/
8 
9 #ifndef BOTAN_XMSS_PUBLICKEY_H_
10 #define BOTAN_XMSS_PUBLICKEY_H_
11 
12 #include <cstddef>
13 #include <iterator>
14 #include <memory>
15 #include <string>
16 #include <botan/alg_id.h>
17 #include <botan/asn1_oid.h>
18 #include <botan/der_enc.h>
19 #include <botan/exceptn.h>
20 #include <botan/rng.h>
21 #include <botan/types.h>
22 #include <botan/pk_keys.h>
23 #include <botan/xmss_parameters.h>
24 #include <botan/xmss_wots_parameters.h>
25 #include <botan/pk_ops.h>
26 
27 namespace Botan {
28 
29 class XMSS_Verification_Operation;
30 
31 /**
32  * An XMSS: Extended Hash-Based Signature public key.
33  *
34  * [1] XMSS: Extended Hash-Based Signatures,
35  * Request for Comments: 8391
36  * Release: May 2018.
37  * https://datatracker.ietf.org/doc/rfc8391/
38  **/
39 class BOTAN_PUBLIC_API(2,0) XMSS_PublicKey : public virtual Public_Key
40  {
41  public:
42  /**
43  * Creates a new XMSS public key for the chosen XMSS signature method.
44  * New public and prf seeds are generated using rng. The appropriate WOTS
45  * signature method will be automatically set based on the chosen XMSS
46  * signature method.
47  *
48  * @param xmss_oid Identifier for the selected XMSS signature method.
49  * @param rng A random number generator to use for key generation.
50  **/
53  : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()),
54  m_root(m_xmss_params.element_size()),
55  m_public_seed(rng.random_vec(m_xmss_params.element_size())) {}
56 
57  /**
58  * Loads a public key.
59  *
60  * Public key must be encoded as in RFC
61  * draft-vangeest-x509-hash-sigs-03.
62  *
63  * @param key_bits DER encoded public key bits
64  */
65  XMSS_PublicKey(const std::vector<uint8_t>& key_bits);
66 
67  /**
68  * Creates a new XMSS public key for a chosen XMSS signature method as
69  * well as pre-computed root node and public_seed values.
70  *
71  * @param xmss_oid Identifier for the selected XMSS signature method.
72  * @param root Root node value.
73  * @param public_seed Public seed value.
74  **/
76  const secure_vector<uint8_t>& root,
77  const secure_vector<uint8_t>& public_seed)
78  : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()),
79  m_root(root), m_public_seed(public_seed) {}
80 
81  /**
82  * Creates a new XMSS public key for a chosen XMSS signature method as
83  * well as pre-computed root node and public_seed values.
84  *
85  * @param xmss_oid Identifier for the selected XMSS signature method.
86  * @param root Root node value.
87  * @param public_seed Public seed value.
88  **/
91  secure_vector<uint8_t>&& public_seed)
92  : m_xmss_params(xmss_oid), m_wots_params(m_xmss_params.ots_oid()),
93  m_root(std::move(root)), m_public_seed(std::move(public_seed)) {}
94 
95  /**
96  * Retrieves the chosen XMSS signature method.
97  *
98  * @return XMSS signature method identifier.
99  **/
101  {
102  return m_xmss_params.oid();
103  }
104 
105  /**
106  * Sets the chosen XMSS signature method
107  **/
109  {
110  m_xmss_params = XMSS_Parameters(xmss_oid);
111  m_wots_params = XMSS_WOTS_Parameters(m_xmss_params.ots_oid());
112  }
113 
114  /**
115  * Retrieves the XMSS parameters determined by the chosen XMSS Signature
116  * method.
117  *
118  * @return XMSS parameters.
119  **/
121  {
122  return m_xmss_params;
123  }
124 
125  /**
126  * Retrieves the XMSS parameters determined by the chosen XMSS Signature
127  * method.
128  *
129  * @return XMSS parameters.
130  **/
131  std::string xmss_hash_function() const
132  {
133  return m_xmss_params.hash_function_name();
134  }
135 
136  /**
137  * Retrieves the Winternitz One Time Signature (WOTS) method,
138  * corresponding to the chosen XMSS signature method.
139  *
140  * @return XMSS WOTS signature method identifier.
141  **/
143  {
144  return m_wots_params.oid();
145  }
146 
147  /**
148  * Retrieves the Winternitz One Time Signature (WOTS) parameters
149  * corresponding to the chosen XMSS signature method.
150  *
151  * @return XMSS WOTS signature method parameters.
152  **/
154  {
155  return m_wots_params;
156  }
157 
159  {
160  return m_root;
161  }
162 
164  {
165  m_root = root;
166  }
167 
169  {
170  m_root = std::move(root);
171  }
172 
174  {
175  return m_root;
176  }
177 
179  {
180  return m_public_seed;
181  }
182 
183  virtual void set_public_seed(const secure_vector<uint8_t>& public_seed)
184  {
185  m_public_seed = public_seed;
186  }
187 
188  virtual void set_public_seed(secure_vector<uint8_t>&& public_seed)
189  {
190  m_public_seed = std::move(public_seed);
191  }
192 
193  virtual const secure_vector<uint8_t>& public_seed() const
194  {
195  return m_public_seed;
196  }
197 
198  std::string algo_name() const override
199  {
200  return "XMSS";
201  }
202 
204  {
206  }
207 
208  bool check_key(RandomNumberGenerator&, bool) const override
209  {
210  return true;
211  }
212 
213  std::unique_ptr<PK_Ops::Verification>
214  create_verification_op(const std::string&,
215  const std::string& provider) const override;
216 
217  size_t estimated_strength() const override
218  {
219  return m_xmss_params.estimated_strength();
220  }
221 
222  size_t key_length() const override
223  {
224  return m_xmss_params.estimated_strength();
225  }
226 
227  /**
228  * Returns the encoded public key as defined in RFC
229  * draft-vangeest-x509-hash-sigs-03.
230  *
231  * @return encoded public key bits
232  **/
233  std::vector<uint8_t> public_key_bits() const override
234  {
235  std::vector<uint8_t> output;
236  DER_Encoder(output).encode(raw_public_key(), OCTET_STRING);
237  return output;
238  }
239 
240  /**
241  * Size in bytes of the serialized XMSS public key produced by
242  * raw_public_key().
243  *
244  * @return size in bytes of serialized Public Key.
245  **/
246  virtual size_t size() const
247  {
248  return sizeof(uint32_t) + 2 * m_xmss_params.element_size();
249  }
250 
251  /**
252  * Generates a byte sequence representing the XMSS
253  * public key, as defined in [1] (p. 23, "XMSS Public Key")
254  *
255  * @return 4-byte OID, followed by n-byte root node, followed by
256  * public seed.
257  **/
258  virtual std::vector<uint8_t> raw_public_key() const;
259 
260  protected:
261  std::vector<uint8_t> m_raw_key;
266 
267  private:
268  XMSS_Parameters::xmss_algorithm_t deserialize_xmss_oid(
269  const std::vector<uint8_t>& raw_key);
270  };
271 
272 }
273 
274 #endif
secure_vector< uint8_t > m_public_seed
XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &public_seed)
virtual void set_public_seed(const secure_vector< uint8_t > &public_seed)
secure_vector< uint8_t > m_root
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
void set_root(const secure_vector< uint8_t > &root)
const secure_vector< uint8_t > & root() const
Definition: bigint.h:1142
std::string xmss_hash_function() const
XMSS_Parameters::xmss_algorithm_t xmss_oid() const
void set_root(secure_vector< uint8_t > &&root)
virtual size_t size() const
virtual void set_public_seed(secure_vector< uint8_t > &&public_seed)
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:285
const XMSS_WOTS_Parameters & wots_parameters() const
void set_xmss_oid(XMSS_Parameters::xmss_algorithm_t xmss_oid)
const XMSS_Parameters & xmss_parameters() const
virtual const secure_vector< uint8_t > & public_seed() const
secure_vector< uint8_t > & root()
size_t key_length() const override
XMSS_WOTS_Parameters::ots_algorithm_t wots_oid() const
Definition: alg_id.cpp:13
XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, secure_vector< uint8_t > &&root, secure_vector< uint8_t > &&public_seed)
std::vector< uint8_t > public_key_bits() const override
AlgorithmIdentifier algorithm_identifier() const override
std::string algo_name() const override
size_t estimated_strength() const override
XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, RandomNumberGenerator &rng)
XMSS_WOTS_Parameters m_wots_params
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
virtual secure_vector< uint8_t > & public_seed()
XMSS_Parameters m_xmss_params
std::vector< uint8_t > m_raw_key
bool check_key(RandomNumberGenerator &, bool) const override