Botan  2.7.0
Crypto and TLS for C++11
xmss_wots_publickey.h
Go to the documentation of this file.
1 /*
2  * XMSS WOTS Public Key
3  * (C) 2016,2017 Matthias Gierlings
4  *
5  * Botan is released under the Simplified BSD License (see license.txt)
6  **/
7 
8 #ifndef BOTAN_XMSS_WOTS_PUBLICKEY_H_
9 #define BOTAN_XMSS_WOTS_PUBLICKEY_H_
10 
11 #include <cstddef>
12 #include <string>
13 #include <vector>
14 #include <botan/alg_id.h>
15 #include <botan/rng.h>
16 #include <botan/asn1_oid.h>
17 #include <botan/exceptn.h>
18 #include <botan/pk_keys.h>
19 #include <botan/types.h>
20 #include <botan/xmss_wots_parameters.h>
21 #include <botan/xmss_address.h>
22 #include <botan/xmss_hash.h>
23 
24 namespace Botan {
25 
26 typedef std::vector<secure_vector<uint8_t>> wots_keysig_t;
27 
28 /**
29  * A Winternitz One Time Signature public key for use with Extended Hash-Based
30  * Signatures.
31  **/
32 class XMSS_WOTS_PublicKey : virtual public Public_Key
33  {
34  public:
35  class TreeSignature final
36  {
37  public:
38  TreeSignature() = default;
39 
40  TreeSignature(const wots_keysig_t& ots_sig,
41  const wots_keysig_t& auth_path)
42  : m_ots_sig(ots_sig), m_auth_path(auth_path)
43  {}
44 
46  wots_keysig_t&& auth_path)
47  : m_ots_sig(std::move(ots_sig)),
48  m_auth_path(std::move(auth_path))
49  {}
50 
52  {
53  return m_ots_sig;
54  }
55 
57  {
58  return m_ots_sig;
59  }
60 
62  {
63  return m_auth_path;
64  }
65 
67  {
68  return m_auth_path;
69  }
70 
71  private:
72  wots_keysig_t m_ots_sig;
73  wots_keysig_t m_auth_path;
74  };
75 
76  /**
77  * Creates a XMSS_WOTS_PublicKey for the signature method identified by
78  * oid. The public seed for this key will be initialized with a
79  * uniformly random n-byte value, where "n" is the element size of the
80  * selected signature method.
81  *
82  * @param oid Identifier for the selected signature method.
83  **/
85  : m_wots_params(oid),
86  m_hash(m_wots_params.hash_function_name()) {}
87 
88  /**
89  * Creates a XMSS_WOTS_PublicKey for the signature method identified by
90  * oid. The public seed for this key will be initialized with a
91  * uniformly random n-byte value, where "n" is the element size of the
92  * selected signature method.
93  *
94  * @param oid Identifier for the selected signature method.
95  * @param rng A random number generate used to generate the public seed.
96  **/
99  : m_wots_params(oid),
100  m_hash(m_wots_params.hash_function_name()),
101  m_public_seed(rng.random_vec(m_wots_params.element_size())) {}
102 
103  /**
104  * Creates a XMSS_WOTS_PrivateKey for the signature method identified by
105  * oid, with a precomputed public seed.
106  *
107  * @param oid Identifier for the selected signature method.
108  * @param public_seed A precomputed public seed of n-bytes length.
109  **/
112  : m_wots_params(oid),
113  m_hash(m_wots_params.hash_function_name()),
115 
116  /**
117  * Creates a XMSS_WOTS_PublicKey for the signature method identified by
118  * oid. The public seed will be initialized with a precomputed seed and
119  * and precomputed key data which should be derived from a
120  * XMSS_WOTS_PrivateKey.
121  *
122  * @param oid Ident:s/ifier for the selected signature methods.
123  * @param public_seed A precomputed public seed of n-bytes length.
124  * @param key Precomputed raw key data of the XMSS_WOTS_PublicKey.
125  **/
128  wots_keysig_t&& key)
129  : m_wots_params(oid),
130  m_hash(m_wots_params.hash_function_name()),
131  m_key(std::move(key)),
133  {}
134 
135  /**
136  * Creates a XMSS_WOTS_PublicKey for the signature method identified by
137  * oid. The public seed will be initialized with a precomputed seed and
138  * and precomputed key data which should be derived from a
139  * XMSS_WOTS_PrivateKey.
140  *
141  * @param oid Identifier for the selected signature methods.
142  * @param public_seed A precomputed public seed of n-bytes length.
143  * @param key Precomputed raw key data of the XMSS_WOTS_PublicKey.
144  **/
147  const wots_keysig_t& key)
148  : m_wots_params(oid),
149  m_hash(m_wots_params.hash_function_name()),
150  m_key(key),
152  {}
153 
154  /**
155  * Creates a XMSS_WOTS_PublicKey form a message and signature using
156  * Algorithm 6 WOTS_pkFromSig defined in the XMSS standard. This
157  * overload is used to verify a message using a public key.
158  *
159  * @param oid WOTSP algorithm identifier.
160  * @param msg A message.
161  * @param sig A WOTS signature for msg.
162  * @param adrs An XMSS_Address.
163  * @param public_seed The public public_seed.
164  **/
166  const secure_vector<uint8_t>& msg,
167  const wots_keysig_t& sig,
168  XMSS_Address& adrs,
170  : m_wots_params(oid),
171  m_hash(m_wots_params.hash_function_name()),
172  m_key(pub_key_from_signature(msg,
173  sig,
174  adrs,
175  public_seed)),
177  {}
178 
179  /**
180  * Retrieves the i-th element out of the length len chain of
181  * n-byte elements contained in the public key.
182  *
183  * @param i index of the element.
184  * @returns n-byte element addressed by i.
185  **/
186  const secure_vector<uint8_t>& operator[](size_t i) const { return m_key[i]; }
187  secure_vector<uint8_t>& operator[](size_t i) { return m_key[i]; }
188 
189  /**
190  * Convert the key into the raw key data. The key becomes a length
191  * len vector of n-byte elements.
192  **/
193  operator const wots_keysig_t& () const { return m_key; }
194 
195  /**
196  * Convert the key into the raw key data. The key becomes a length
197  * len vector of n-byte elements.
198  **/
199  operator wots_keysig_t& () { return m_key; }
200 
202 
204 
206  {
208  }
209 
211  {
212  m_public_seed = std::move(public_seed);
213  }
214 
215  const wots_keysig_t& key_data() const { return m_key; }
216 
217  wots_keysig_t& key_data() { return m_key; }
218 
220  {
221  m_key = key_data;
222  }
223 
225  {
226  m_key = std::move(key_data);
227  }
228 
230  {
231  return m_wots_params;
232  }
233 
234  std::string algo_name() const override
235  {
236  return m_wots_params.name();
237  }
238 
240  {
241  throw Not_Implemented("No AlgorithmIdentifier available for XMSS-WOTS.");
242  }
243 
244  bool check_key(RandomNumberGenerator&, bool) const override
245  {
246  return true;
247  }
248 
249  size_t estimated_strength() const override
250  {
252  }
253 
254  size_t key_length() const override
255  {
257  }
258 
259  std::vector<uint8_t> public_key_bits() const override
260  {
261  throw Not_Implemented("No key format defined for XMSS-WOTS");
262  }
263 
265  {
266  return m_key == key.m_key;
267  }
268 
270  {
271  return !(*this == key);
272  }
273 
274  protected:
275  /**
276  * Algorithm 2: Chaining Function.
277  *
278  * Takes an n-byte input string and transforms it into a the function
279  * result iterating the cryptographic hash function "F" steps times on
280  * the input x using the outputs of the PRNG "G".
281  *
282  * This overload is used in multithreaded scenarios, where it is
283  * required to provide seperate instances of XMSS_Hash to each
284  * thread.
285  *
286  * @param[out] x An n-byte input string, that will be transformed into
287  * the chaining function result.
288  * @param start_idx The start index.
289  * @param steps A number of steps.
290  * @param adrs An OTS Hash Address.
291  * @param public_seed A public seed.
292  * @param hash Instance of XMSS_Hash, that may only by the thead
293  * executing chain.
294  **/
296  size_t start_idx,
297  size_t steps,
298  XMSS_Address& adrs,
300  XMSS_Hash& hash);
301 
302  /**
303  * Algorithm 2: Chaining Function.
304  *
305  * Takes an n-byte input string and transforms it into a the function
306  * result iterating the cryptographic hash function "F" steps times on
307  * the input x using the outputs of the PRNG "G".
308  *
309  * @param[out] x An n-byte input string, that will be transformed into
310  * the chaining function result.
311  * @param start_idx The start index.
312  * @param steps A number of steps.
313  * @param adrs An OTS Hash Address.
314  * @param public_seed A public seed.
315  **/
317  size_t start_idx,
318  size_t steps,
319  XMSS_Address& adrs,
321  {
322  chain(x, start_idx, steps, adrs, public_seed, m_hash);
323  }
324 
329 
330  private:
331  /**
332  * Algorithm 6: "WOTS_pkFromSig"
333  * Computes a Winternitz One Time Signature+ public key from a message and
334  * its signature.
335  *
336  * @param msg A message.
337  * @param sig The signature for msg.
338  * @param adrs An address.
339  * @param public_seed A public_seed.
340  *
341  * @return Temporary WOTS+ public key.
342  **/
343  wots_keysig_t pub_key_from_signature(
344  const secure_vector<uint8_t>& msg,
345  const wots_keysig_t& sig,
346  XMSS_Address& adrs,
348  };
349 
350 }
351 
352 #endif
const secure_vector< uint8_t > & public_seed() const
TreeSignature(wots_keysig_t &&ots_sig, wots_keysig_t &&auth_path)
void set_public_seed(secure_vector< uint8_t > &&public_seed)
void set_public_seed(const secure_vector< uint8_t > &public_seed)
TreeSignature(const wots_keysig_t &ots_sig, const wots_keysig_t &auth_path)
secure_vector< uint8_t > & public_seed()
secure_vector< uint8_t > m_public_seed
Definition: bigint.h:796
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, secure_vector< uint8_t > public_seed)
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &msg, const wots_keysig_t &sig, XMSS_Address &adrs, const secure_vector< uint8_t > &public_seed)
const wots_keysig_t & authentication_path() const
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, RandomNumberGenerator &rng)
size_t estimated_strength() const override
bool check_key(RandomNumberGenerator &, bool) const override
void chain(secure_vector< uint8_t > &x, size_t start_idx, size_t steps, XMSS_Address &adrs, const secure_vector< uint8_t > &public_seed, XMSS_Hash &hash)
const secure_vector< uint8_t > & operator[](size_t i) const
std::vector< uint8_t > public_key_bits() const override
secure_vector< uint8_t > & operator[](size_t i)
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid)
const wots_keysig_t & key_data() const
bool operator!=(const XMSS_WOTS_PublicKey &key)
Definition: alg_id.cpp:13
std::vector< secure_vector< uint8_t > > wots_keysig_t
const XMSS_WOTS_Parameters & wots_parameters() const
const wots_keysig_t & ots_signature() const
const std::string & name() const
void set_key_data(const wots_keysig_t &key_data)
bool operator==(const XMSS_WOTS_PublicKey &key)
void set_key_data(wots_keysig_t &&key_data)
void chain(secure_vector< uint8_t > &x, size_t start_idx, size_t steps, XMSS_Address &adrs, const secure_vector< uint8_t > &public_seed)
AlgorithmIdentifier algorithm_identifier() const override
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
size_t key_length() const override
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, secure_vector< uint8_t > &&public_seed, wots_keysig_t &&key)
MechanismType hash
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &public_seed, const wots_keysig_t &key)
XMSS_WOTS_Parameters m_wots_params
std::string algo_name() const override