Botan  2.19.1
Crypto and TLS for C++11
Public Member Functions | Protected Attributes | List of all members
Botan::XMSS_PrivateKey Class Referencefinal

#include <xmss.h>

Inheritance diagram for Botan::XMSS_PrivateKey:
Botan::XMSS_PublicKey Botan::Private_Key Botan::Public_Key Botan::Public_Key

Public Member Functions

std::string algo_name () const override
 
AlgorithmIdentifier algorithm_identifier () const override
 
bool check_key (RandomNumberGenerator &, bool) const override
 
virtual std::unique_ptr< PK_Ops::Decryptioncreate_decryption_op (RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
 
virtual std::unique_ptr< PK_Ops::Encryptioncreate_encryption_op (RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
 
virtual std::unique_ptr< PK_Ops::KEM_Decryptioncreate_kem_decryption_op (RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
 
virtual std::unique_ptr< PK_Ops::KEM_Encryptioncreate_kem_encryption_op (RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
 
virtual std::unique_ptr< PK_Ops::Key_Agreementcreate_key_agreement_op (RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
 
std::unique_ptr< PK_Ops::Signaturecreate_signature_op (RandomNumberGenerator &, const std::string &, const std::string &provider) const override
 
std::unique_ptr< PK_Ops::Verificationcreate_verification_op (const std::string &, const std::string &provider) const override
 
virtual Signature_Format default_x509_signature_format () const
 
size_t estimated_strength () const override
 
std::string fingerprint (const std::string &alg) const
 
std::string fingerprint_private (const std::string &alg) const
 
std::string fingerprint_public (const std::string &alg="SHA-256") const
 
virtual OID get_oid () const
 
size_t key_length () const override
 
virtual size_t message_part_size () const
 
virtual size_t message_parts () const
 
virtual AlgorithmIdentifier pkcs8_algorithm_identifier () const
 
const secure_vector< uint8_t > & prf () const
 
secure_vector< uint8_t > & prf ()
 
secure_vector< uint8_t > private_key_bits () const override
 
secure_vector< uint8_t > private_key_info () const
 
std::vector< uint8_t > public_key_bits () const override
 
virtual secure_vector< uint8_t > & public_seed ()
 
const secure_vector< uint8_t > & public_seed () const override
 
secure_vector< uint8_t > raw_private_key () const
 
virtual std::vector< uint8_t > raw_public_key () const
 
size_t reserve_unused_leaf_index ()
 
secure_vector< uint8_t > & root ()
 
const secure_vector< uint8_t > & root () const
 
void set_public_seed (const secure_vector< uint8_t > &public_seed) override
 
void set_public_seed (secure_vector< uint8_t > &&public_seed) override
 
void set_root (const secure_vector< uint8_t > &root)
 
void set_root (secure_vector< uint8_t > &&root)
 
void set_unused_leaf_index (size_t idx)
 
void set_xmss_oid (XMSS_Parameters::xmss_algorithm_t xmss_oid)
 
size_t size () const override
 
bool stateful_operation () const override
 
std::vector< uint8_t > subject_public_key () const
 
secure_vector< uint8_t > tree_hash (size_t start_idx, size_t target_node_height, XMSS_Address &adrs)
 
size_t unused_leaf_index () const
 
XMSS_WOTS_Parameters::ots_algorithm_t wots_oid () const
 
const XMSS_WOTS_Parameterswots_parameters () const
 
const XMSS_WOTS_PrivateKeywots_private_key () const
 
XMSS_WOTS_PrivateKeywots_private_key ()
 
std::string xmss_hash_function () const
 
XMSS_Parameters::xmss_algorithm_t xmss_oid () const
 
const XMSS_Parametersxmss_parameters () const
 
 XMSS_PrivateKey (XMSS_Parameters::xmss_algorithm_t xmss_algo_id, RandomNumberGenerator &rng)
 
 XMSS_PrivateKey (const secure_vector< uint8_t > &raw_key)
 
 XMSS_PrivateKey (XMSS_Parameters::xmss_algorithm_t xmss_algo_id, size_t idx_leaf, const secure_vector< uint8_t > &wots_priv_seed, const secure_vector< uint8_t > &prf, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &public_seed)
 

Protected Attributes

secure_vector< uint8_t > m_public_seed
 
std::vector< uint8_t > m_raw_key
 
secure_vector< uint8_t > m_root
 
XMSS_WOTS_Parameters m_wots_params
 
XMSS_Parameters m_xmss_params
 

Detailed Description

An XMSS: Extended Hash-Based Signature private key. The XMSS private key does not support the X509 and PKCS7 standard. Instead the raw format described in [1] is used.

[1] XMSS: Extended Hash-Based Signatures, Request for Comments: 8391 Release: May 2018. https://datatracker.ietf.org/doc/rfc8391/

Definition at line 269 of file xmss.h.

Constructor & Destructor Documentation

Botan::XMSS_PrivateKey::XMSS_PrivateKey ( XMSS_Parameters::xmss_algorithm_t  xmss_algo_id,
RandomNumberGenerator rng 
)

Creates a new XMSS private key for the chosen XMSS signature method. New seeds for public/private key and pseudo random function input are generated using the provided RNG. The appropriate WOTS signature method will be automatically set based on the chosen XMSS signature method.

Parameters
xmss_algo_idIdentifier for the selected XMSS signature method.
rngA random number generator to use for key generation.

Definition at line 101 of file xmss_privatekey.cpp.

References Botan::XMSS_PublicKey::m_xmss_params, Botan::XMSS_PublicKey::set_root(), and tree_hash().

104  : XMSS_PublicKey(xmss_algo_id, rng),
105  m_wots_priv_key(XMSS_PublicKey::m_xmss_params.ots_oid(),
106  public_seed(),
107  rng),
108  m_hash(xmss_hash_function()),
109  m_prf(rng.random_vec(XMSS_PublicKey::m_xmss_params.element_size())),
110  m_index_reg(XMSS_Index_Registry::get_instance())
111  {
112  XMSS_Address adrs;
114  XMSS_PublicKey::m_xmss_params.tree_height(),
115  adrs));
116  }
const secure_vector< uint8_t > & public_seed() const override
Definition: xmss.h:382
std::string xmss_hash_function() const
Definition: xmss.h:119
secure_vector< uint8_t > tree_hash(size_t start_idx, size_t target_node_height, XMSS_Address &adrs)
size_t element_size() const
void set_root(const secure_vector< uint8_t > &root)
Definition: xmss.h:151
XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, RandomNumberGenerator &rng)
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
static XMSS_Index_Registry & get_instance()
Botan::XMSS_PrivateKey::XMSS_PrivateKey ( const secure_vector< uint8_t > &  raw_key)

Creates an XMSS_PrivateKey from a byte sequence produced by raw_private_key().

Parameters
raw_keyAn XMSS private key serialized using raw_private_key().

Definition at line 51 of file xmss_privatekey.cpp.

References Botan::XMSS_Parameters::element_size(), Botan::XMSS_WOTS_Parameters::element_size(), Botan::XMSS_PublicKey::m_wots_params, Botan::XMSS_PublicKey::m_xmss_params, Botan::XMSS_WOTS_PrivateKey::set_private_seed(), set_unused_leaf_index(), Botan::XMSS_PublicKey::size(), and size().

52  : XMSS_PublicKey(unlock(key_bits)),
53  m_wots_priv_key(m_wots_params.oid(), m_public_seed),
54  m_hash(xmss_hash_function()),
56  {
57  /*
58  The code requires sizeof(size_t) >= ceil(tree_height / 8)
59 
60  Maximum supported tree height is 20, ceil(20/8) == 3, so 4 byte
61  size_t is sufficient for all defined parameters, or even a
62  (hypothetical) tree height 32, which would be extremely slow to
63  compute.
64  */
65  static_assert(sizeof(size_t) >= 4, "size_t is big enough to support leaf index");
66 
67  secure_vector<uint8_t> raw_key = extract_raw_key(key_bits);
68 
69  if(raw_key.size() != XMSS_PrivateKey::size())
70  {
71  throw Decoding_Error("Invalid XMSS private key size");
72  }
73 
74  // extract & copy unused leaf index from raw_key
75  uint64_t unused_leaf = 0;
76  auto begin = (raw_key.begin() + XMSS_PublicKey::size());
77  auto end = raw_key.begin() + XMSS_PublicKey::size() + sizeof(uint32_t);
78 
79  for(auto& i = begin; i != end; i++)
80  {
81  unused_leaf = ((unused_leaf << 8) | *i);
82  }
83 
84  if(unused_leaf >= (1ull << XMSS_PublicKey::m_xmss_params.tree_height()))
85  {
86  throw Decoding_Error("XMSS private key leaf index out of bounds");
87  }
88 
89  begin = end;
91  m_prf.clear();
92  m_prf.reserve(XMSS_PublicKey::m_xmss_params.element_size());
93  std::copy(begin, end, std::back_inserter(m_prf));
94 
95  begin = end;
96  end = begin + m_wots_params.element_size();
97  m_wots_priv_key.set_private_seed(secure_vector<uint8_t>(begin, end));
98  set_unused_leaf_index(static_cast<size_t>(unused_leaf));
99  }
secure_vector< uint8_t > m_public_seed
Definition: xmss.h:248
std::string xmss_hash_function() const
Definition: xmss.h:119
size_t element_size() const
void set_unused_leaf_index(size_t idx)
size_t element_size() const
Definition: xmss_wots.h:85
size_t size() const override
Definition: xmss.h:394
virtual size_t size() const
Definition: xmss.h:229
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:72
XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, RandomNumberGenerator &rng)
XMSS_WOTS_Parameters m_wots_params
Definition: xmss.h:246
void set_private_seed(const secure_vector< uint8_t > &private_seed)
Definition: xmss_wots.h:697
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
static XMSS_Index_Registry & get_instance()
ots_algorithm_t oid() const
Definition: xmss_wots.h:103
Botan::XMSS_PrivateKey::XMSS_PrivateKey ( XMSS_Parameters::xmss_algorithm_t  xmss_algo_id,
size_t  idx_leaf,
const secure_vector< uint8_t > &  wots_priv_seed,
const secure_vector< uint8_t > &  prf,
const secure_vector< uint8_t > &  root,
const secure_vector< uint8_t > &  public_seed 
)

Creates a new XMSS private key for the chosen XMSS signature method using precomputed seeds for public/private keys and pseudo random function input. The appropriate WOTS signature method will be automatically set, based on the chosen XMSS signature method.

Parameters
xmss_algo_idIdentifier for the selected XMSS signature method.
idx_leafIndex of the next unused leaf.
wots_priv_seedA seed to generate a Winternitz-One-Time- Signature private key from.
prfa secret n-byte key sourced from a secure source of uniformly random data.
rootRoot node of the binary hash tree.
public_seedThe public seed.

Definition at line 119 of file xmss_privatekey.cpp.

References set_unused_leaf_index().

125  : XMSS_PublicKey(xmss_algo_id, root, public_seed),
126  m_wots_priv_key(XMSS_PublicKey::m_xmss_params.ots_oid(),
127  public_seed,
128  wots_priv_seed),
129  m_hash(XMSS_PublicKey::m_xmss_params.hash_function_name()),
130  m_prf(prf),
131  m_index_reg(XMSS_Index_Registry::get_instance())
132  {
133  set_unused_leaf_index(idx_leaf);
134  }
const secure_vector< uint8_t > & public_seed() const override
Definition: xmss.h:382
void set_unused_leaf_index(size_t idx)
secure_vector< uint8_t > & root()
Definition: xmss.h:146
const secure_vector< uint8_t > & prf() const
Definition: xmss.h:359
XMSS_PublicKey(XMSS_Parameters::xmss_algorithm_t xmss_oid, RandomNumberGenerator &rng)
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
static XMSS_Index_Registry & get_instance()

Member Function Documentation

std::string Botan::XMSS_PublicKey::algo_name ( ) const
inlineoverridevirtualinherited

Get the name of the underlying public key scheme.

Returns
name of the public key scheme

Implements Botan::Public_Key.

Definition at line 186 of file xmss.h.

Referenced by create_signature_op(), and Botan::XMSS_PublicKey::create_verification_op().

187  {
188  return "XMSS";
189  }
AlgorithmIdentifier Botan::XMSS_PublicKey::algorithm_identifier ( ) const
inlineoverridevirtualinherited
Returns
X.509 AlgorithmIdentifier for this key

Implements Botan::Public_Key.

Definition at line 191 of file xmss.h.

References Botan::AlgorithmIdentifier::USE_EMPTY_PARAM.

192  {
193  return AlgorithmIdentifier(get_oid(), AlgorithmIdentifier::USE_EMPTY_PARAM);
194  }
virtual OID get_oid() const
Definition: pk_keys.cpp:53
bool Botan::XMSS_PublicKey::check_key ( RandomNumberGenerator rng,
bool  strong 
) const
inlineoverridevirtualinherited

Test the key values for consistency.

Parameters
rngrng to use
strongwhether to perform strong and lengthy version of the test
Returns
true if the test is passed

Implements Botan::Public_Key.

Definition at line 196 of file xmss.h.

197  {
198  return true;
199  }
std::unique_ptr< PK_Ops::Decryption > Botan::Private_Key::create_decryption_op ( RandomNumberGenerator rng,
const std::string &  params,
const std::string &  provider 
) const
virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return an decryption operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented in Botan::RSA_PrivateKey, Botan::SM2_PrivateKey, and Botan::ElGamal_PrivateKey.

Definition at line 114 of file pk_keys.cpp.

References Botan::Public_Key::algo_name().

Referenced by Botan::PK_Decryptor_EME::PK_Decryptor_EME().

117  {
118  throw Lookup_Error(algo_name() + " does not support decryption");
119  }
virtual std::string algo_name() const =0
std::unique_ptr< PK_Ops::Encryption > Botan::Public_Key::create_encryption_op ( RandomNumberGenerator rng,
const std::string &  params,
const std::string &  provider 
) const
virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return an encryption operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented in Botan::RSA_PublicKey, Botan::SM2_PublicKey, and Botan::ElGamal_PublicKey.

Definition at line 91 of file pk_keys.cpp.

References Botan::Public_Key::algo_name().

Referenced by Botan::PK_Encryptor_EME::PK_Encryptor_EME().

94  {
95  throw Lookup_Error(algo_name() + " does not support encryption");
96  }
virtual std::string algo_name() const =0
std::unique_ptr< PK_Ops::KEM_Decryption > Botan::Private_Key::create_kem_decryption_op ( RandomNumberGenerator rng,
const std::string &  params,
const std::string &  provider 
) const
virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a KEM decryption operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented in Botan::RSA_PrivateKey, and Botan::McEliece_PrivateKey.

Definition at line 122 of file pk_keys.cpp.

References Botan::Public_Key::algo_name().

Referenced by Botan::PK_KEM_Decryptor::PK_KEM_Decryptor().

125  {
126  throw Lookup_Error(algo_name() + " does not support KEM decryption");
127  }
virtual std::string algo_name() const =0
std::unique_ptr< PK_Ops::KEM_Encryption > Botan::Public_Key::create_kem_encryption_op ( RandomNumberGenerator rng,
const std::string &  params,
const std::string &  provider 
) const
virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a KEM encryption operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented in Botan::RSA_PublicKey, and Botan::McEliece_PublicKey.

Definition at line 99 of file pk_keys.cpp.

References Botan::Public_Key::algo_name().

Referenced by Botan::PK_KEM_Encryptor::PK_KEM_Encryptor().

102  {
103  throw Lookup_Error(algo_name() + " does not support KEM encryption");
104  }
virtual std::string algo_name() const =0
std::unique_ptr< PK_Ops::Key_Agreement > Botan::Private_Key::create_key_agreement_op ( RandomNumberGenerator rng,
const std::string &  params,
const std::string &  provider 
) const
virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a key agreement operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented in Botan::ECDH_PrivateKey, Botan::Curve25519_PrivateKey, and Botan::DH_PrivateKey.

Definition at line 138 of file pk_keys.cpp.

References Botan::Public_Key::algo_name().

Referenced by Botan::PK_Key_Agreement::PK_Key_Agreement().

141  {
142  throw Lookup_Error(algo_name() + " does not support key agreement");
143  }
virtual std::string algo_name() const =0
std::unique_ptr< PK_Ops::Signature > Botan::XMSS_PrivateKey::create_signature_op ( RandomNumberGenerator rng,
const std::string &  params,
const std::string &  provider 
) const
overridevirtual

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a signature operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented from Botan::Private_Key.

Definition at line 394 of file xmss_privatekey.cpp.

References Botan::XMSS_PublicKey::algo_name().

397  {
398  if(provider == "base" || provider.empty())
399  return std::unique_ptr<PK_Ops::Signature>(
400  new XMSS_Signature_Operation(*this));
401 
402  throw Provider_Not_Found(algo_name(), provider);
403  }
std::string algo_name() const override
Definition: xmss.h:186
std::unique_ptr< PK_Ops::Verification > Botan::XMSS_PublicKey::create_verification_op ( const std::string &  params,
const std::string &  provider 
) const
overridevirtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a verification operation for this key/params or throw

Parameters
paramsadditional parameters
providerthe provider to use

Reimplemented from Botan::Public_Key.

Definition at line 93 of file xmss_publickey.cpp.

References Botan::XMSS_PublicKey::algo_name().

95  {
96  if(provider == "base" || provider.empty())
97  {
98  return std::unique_ptr<PK_Ops::Verification>(
99  new XMSS_Verification_Operation(*this));
100  }
101  throw Provider_Not_Found(algo_name(), provider);
102  }
std::string algo_name() const override
Definition: xmss.h:186
virtual Signature_Format Botan::Public_Key::default_x509_signature_format ( ) const
inlinevirtualinherited

Reimplemented in Botan::GOST_3410_PublicKey.

Definition at line 125 of file pk_keys.h.

References Botan::DER_SEQUENCE, and Botan::IEEE_1363.

Referenced by Botan::X509_Object::choose_sig_format(), and Botan::X509_Object::verify_signature().

126  {
127  return (this->message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
128  }
virtual size_t message_parts() const
Definition: pk_keys.h:112
size_t Botan::XMSS_PublicKey::estimated_strength ( ) const
inlineoverridevirtualinherited

Return the estimated strength of the underlying key against the best currently known attack. Note that this ignores anything but pure attacks against the key itself and do not take into account padding schemes, usage mistakes, etc which might reduce the strength. However it does suffice to provide an upper bound.

Returns
estimated strength in bits

Implements Botan::Public_Key.

Definition at line 205 of file xmss.h.

206  {
208  }
size_t estimated_strength() const
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
std::string Botan::Private_Key::fingerprint ( const std::string &  alg) const
inlineinherited

Definition at line 215 of file pk_keys.h.

216  {
217  return fingerprint_private(alg); // match behavior in previous versions
218  }
std::string fingerprint_private(const std::string &alg) const
Definition: pk_keys.cpp:85
std::string Botan::Private_Key::fingerprint_private ( const std::string &  alg) const
inherited
Returns
Hash of the PKCS #8 encoding for this key object

Definition at line 85 of file pk_keys.cpp.

References Botan::create_hex_fingerprint(), and Botan::Private_Key::private_key_bits().

Referenced by Botan::Certificate_Store_In_SQL::find_certs_for_key(), Botan::Certificate_Store_In_SQL::insert_key(), and Botan::Certificate_Store_In_SQL::remove_key().

86  {
88  }
virtual secure_vector< uint8_t > private_key_bits() const =0
AlgorithmIdentifier hash_algo
Definition: x509_obj.cpp:22
std::string create_hex_fingerprint(const uint8_t bits[], size_t bits_len, const std::string &hash_name)
Definition: pk_keys.cpp:17
std::string Botan::Public_Key::fingerprint_public ( const std::string &  alg = "SHA-256") const
inherited
Returns
Hash of the subject public key

Definition at line 77 of file pk_keys.cpp.

References Botan::create_hex_fingerprint(), and Botan::Public_Key::subject_public_key().

78  {
80  }
AlgorithmIdentifier hash_algo
Definition: x509_obj.cpp:22
std::string create_hex_fingerprint(const uint8_t bits[], size_t bits_len, const std::string &hash_name)
Definition: pk_keys.cpp:17
std::vector< uint8_t > subject_public_key() const
Definition: pk_keys.cpp:38
OID Botan::Public_Key::get_oid ( ) const
virtualinherited
size_t Botan::XMSS_PublicKey::key_length ( ) const
inlineoverridevirtualinherited

Return an integer value best approximating the length of the primary security parameter. For example for RSA this will be the size of the modulus, for ECDSA the size of the ECC group, and for McEliece the size of the code will be returned.

Implements Botan::Public_Key.

Definition at line 210 of file xmss.h.

211  {
213  }
size_t estimated_strength() const
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
virtual size_t Botan::Public_Key::message_part_size ( ) const
inlinevirtualinherited

Returns how large each of the message parts refered to by message_parts() is

This function is public but applications should have few reasons to ever call this.

Returns
size of the message parts in bits

Reimplemented in Botan::ECDSA_PublicKey, Botan::GOST_3410_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::SM2_PublicKey, and Botan::DSA_PublicKey.

Definition at line 123 of file pk_keys.h.

Referenced by Botan::PK_Signer::PK_Signer(), and Botan::PK_Verifier::PK_Verifier().

123 { return 0; }
virtual size_t Botan::Public_Key::message_parts ( ) const
inlinevirtualinherited

Returns more than 1 if the output of this algorithm (ciphertext, signature) should be treated as more than one value. This is used for algorithms like DSA and ECDSA, where the (r,s) output pair can be encoded as either a plain binary list or a TLV tagged DER encoding depending on the protocol.

This function is public but applications should have few reasons to ever call this.

Returns
number of message parts

Reimplemented in Botan::ECDSA_PublicKey, Botan::GOST_3410_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::SM2_PublicKey, and Botan::DSA_PublicKey.

Definition at line 112 of file pk_keys.h.

Referenced by Botan::PK_Signer::PK_Signer(), and Botan::PK_Verifier::PK_Verifier().

112 { return 1; }
virtual AlgorithmIdentifier Botan::Private_Key::pkcs8_algorithm_identifier ( ) const
inlinevirtualinherited
Returns
PKCS #8 AlgorithmIdentifier for this key Might be different from the X.509 identifier, but normally is not

Reimplemented in Botan::XMSS_WOTS_PrivateKey, Botan::GOST_3410_PrivateKey, and Botan::XMSS_WOTS_Addressed_PrivateKey.

Definition at line 204 of file pk_keys.h.

Referenced by Botan::Private_Key::private_key_info().

205  { return algorithm_identifier(); }
virtual AlgorithmIdentifier algorithm_identifier() const =0
const secure_vector<uint8_t>& Botan::XMSS_PrivateKey::prf ( ) const
inline

Definition at line 359 of file xmss.h.

360  {
361  return m_prf;
362  }
secure_vector<uint8_t>& Botan::XMSS_PrivateKey::prf ( )
inline

Definition at line 364 of file xmss.h.

365  {
366  return m_prf;
367  }
secure_vector< uint8_t > Botan::XMSS_PrivateKey::private_key_bits ( ) const
overridevirtual
Returns
BER encoded private key bits

Implements Botan::Private_Key.

Definition at line 319 of file xmss_privatekey.cpp.

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::get_contents(), Botan::OCTET_STRING, and raw_private_key().

320  {
321  return DER_Encoder().encode(raw_private_key(), OCTET_STRING).get_contents();
322  }
secure_vector< uint8_t > raw_private_key() const
secure_vector< uint8_t > Botan::Private_Key::private_key_info ( ) const
inherited
Returns
PKCS #8 private key encoding for this key object

Definition at line 61 of file pk_keys.cpp.

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::OCTET_STRING, Botan::Private_Key::pkcs8_algorithm_identifier(), Botan::Private_Key::private_key_bits(), Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().

Referenced by Botan::PKCS8::BER_encode(), Botan::PKCS8::BER_encode_encrypted_pbkdf_iter(), and Botan::PKCS8::BER_encode_encrypted_pbkdf_msec().

62  {
63  const size_t PKCS8_VERSION = 0;
64 
65  return DER_Encoder()
66  .start_cons(SEQUENCE)
67  .encode(PKCS8_VERSION)
69  .encode(private_key_bits(), OCTET_STRING)
70  .end_cons()
71  .get_contents();
72  }
virtual secure_vector< uint8_t > private_key_bits() const =0
virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const
Definition: pk_keys.h:204
std::vector< uint8_t > Botan::XMSS_PublicKey::public_key_bits ( ) const
overridevirtualinherited

Returns the encoded public key as defined in RFC draft-vangeest-x509-hash-sigs-03.

Returns
encoded public key bits

Implements Botan::Public_Key.

Definition at line 122 of file xmss_publickey.cpp.

References Botan::DER_Encoder::encode(), Botan::OCTET_STRING, and Botan::XMSS_PublicKey::raw_public_key().

123  {
124  std::vector<uint8_t> output;
125  DER_Encoder(output).encode(raw_public_key(), OCTET_STRING);
126  return output;
127  }
virtual std::vector< uint8_t > raw_public_key() const
virtual secure_vector<uint8_t>& Botan::XMSS_PublicKey::public_seed ( )
inlinevirtualinherited

Definition at line 166 of file xmss.h.

167  {
168  return m_public_seed;
169  }
secure_vector< uint8_t > m_public_seed
Definition: xmss.h:248
const secure_vector<uint8_t>& Botan::XMSS_PrivateKey::public_seed ( ) const
inlineoverridevirtual

Reimplemented from Botan::XMSS_PublicKey.

Definition at line 382 of file xmss.h.

Referenced by tree_hash().

383  {
384  return m_public_seed;
385  }
secure_vector< uint8_t > m_public_seed
Definition: xmss.h:248
secure_vector< uint8_t > Botan::XMSS_PrivateKey::raw_private_key ( ) const

Generates a non standartized byte sequence representing the XMSS private key.

Returns
byte sequence consisting of the following elements in order: 4-byte OID, n-byte root node, n-byte public seed, 8-byte unused leaf index, n-byte prf seed, n-byte private seed.

Definition at line 372 of file xmss_privatekey.cpp.

References Botan::XMSS_WOTS_PrivateKey::private_seed(), Botan::XMSS_PublicKey::raw_public_key(), size(), and unused_leaf_index().

Referenced by private_key_bits().

373  {
374  std::vector<uint8_t> pk { raw_public_key() };
375  secure_vector<uint8_t> result(pk.begin(), pk.end());
376  result.reserve(size());
377 
378  for(int i = 3; i >= 0; i--)
379  {
380  result.push_back(
381  static_cast<uint8_t>(
382  static_cast<uint64_t>(unused_leaf_index()) >> 8 * i));
383  }
384 
385  std::copy(m_prf.begin(), m_prf.end(), std::back_inserter(result));
386  std::copy(m_wots_priv_key.private_seed().begin(),
387  m_wots_priv_key.private_seed().end(),
388  std::back_inserter(result));
389 
390  return result;
391  }
const secure_vector< uint8_t > & private_seed() const
Definition: xmss_wots.h:686
size_t size() const override
Definition: xmss.h:394
virtual std::vector< uint8_t > raw_public_key() const
size_t unused_leaf_index() const
std::vector< uint8_t > Botan::XMSS_PublicKey::raw_public_key ( ) const
virtualinherited

Generates a byte sequence representing the XMSS public key, as defined in 1

Returns
4-byte OID, followed by n-byte root node, followed by public seed.

Definition at line 104 of file xmss_publickey.cpp.

References Botan::XMSS_PublicKey::m_public_seed, Botan::XMSS_PublicKey::m_root, Botan::XMSS_PublicKey::m_xmss_params, and Botan::XMSS_Parameters::oid().

Referenced by Botan::XMSS_PublicKey::public_key_bits(), and raw_private_key().

105  {
106  std::vector<uint8_t> result
107  {
108  static_cast<uint8_t>(m_xmss_params.oid() >> 24),
109  static_cast<uint8_t>(m_xmss_params.oid() >> 16),
110  static_cast<uint8_t>(m_xmss_params.oid() >> 8),
111  static_cast<uint8_t>(m_xmss_params.oid())
112  };
113 
114  std::copy(m_root.begin(), m_root.end(), std::back_inserter(result));
115  std::copy(m_public_seed.begin(),
116  m_public_seed.end(),
117  std::back_inserter(result));
118 
119  return result;
120  }
secure_vector< uint8_t > m_public_seed
Definition: xmss.h:248
secure_vector< uint8_t > m_root
Definition: xmss.h:247
xmss_algorithm_t oid() const
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
size_t Botan::XMSS_PrivateKey::reserve_unused_leaf_index ( )

Definition at line 356 of file xmss_privatekey.cpp.

References Botan::XMSS_PublicKey::m_xmss_params.

357  {
358  size_t idx = (static_cast<std::atomic<size_t>&>(
359  *recover_global_leaf_index())).fetch_add(1);
360  if(idx >= (1ull << XMSS_PublicKey::m_xmss_params.tree_height()))
361  {
362  throw Decoding_Error("XMSS private key, one time signatures exhaused");
363  }
364  return idx;
365  }
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
secure_vector<uint8_t>& Botan::XMSS_PublicKey::root ( )
inlineinherited

Definition at line 146 of file xmss.h.

147  {
148  return m_root;
149  }
secure_vector< uint8_t > m_root
Definition: xmss.h:247
const secure_vector<uint8_t>& Botan::XMSS_PublicKey::root ( ) const
inlineinherited

Definition at line 161 of file xmss.h.

162  {
163  return m_root;
164  }
secure_vector< uint8_t > m_root
Definition: xmss.h:247
void Botan::XMSS_PrivateKey::set_public_seed ( const secure_vector< uint8_t > &  public_seed)
inlineoverridevirtual

Reimplemented from Botan::XMSS_PublicKey.

Definition at line 369 of file xmss.h.

371  {
373  m_wots_priv_key.set_public_seed(public_seed);
374  }
const secure_vector< uint8_t > & public_seed() const override
Definition: xmss.h:382
secure_vector< uint8_t > m_public_seed
Definition: xmss.h:248
void set_public_seed(const secure_vector< uint8_t > &public_seed)
Definition: xmss_wots.h:307
void Botan::XMSS_PrivateKey::set_public_seed ( secure_vector< uint8_t > &&  public_seed)
inlineoverridevirtual

Reimplemented from Botan::XMSS_PublicKey.

Definition at line 376 of file xmss.h.

377  {
378  m_public_seed = std::move(public_seed);
379  m_wots_priv_key.set_public_seed(m_public_seed);
380  }
const secure_vector< uint8_t > & public_seed() const override
Definition: xmss.h:382
secure_vector< uint8_t > m_public_seed
Definition: xmss.h:248
void set_public_seed(const secure_vector< uint8_t > &public_seed)
Definition: xmss_wots.h:307
void Botan::XMSS_PublicKey::set_root ( const secure_vector< uint8_t > &  root)
inlineinherited

Definition at line 151 of file xmss.h.

Referenced by XMSS_PrivateKey().

152  {
153  m_root = root;
154  }
secure_vector< uint8_t > m_root
Definition: xmss.h:247
secure_vector< uint8_t > & root()
Definition: xmss.h:146
void Botan::XMSS_PublicKey::set_root ( secure_vector< uint8_t > &&  root)
inlineinherited

Definition at line 156 of file xmss.h.

157  {
158  m_root = std::move(root);
159  }
secure_vector< uint8_t > m_root
Definition: xmss.h:247
secure_vector< uint8_t > & root()
Definition: xmss.h:146
void Botan::XMSS_PrivateKey::set_unused_leaf_index ( size_t  idx)

Sets the last unused leaf index of the private key. The leaf index will be updated automatically during every signing operation, and should not be set manually.

Parameters
idxIndex of the last unused leaf.

Definition at line 334 of file xmss_privatekey.cpp.

References Botan::XMSS_PublicKey::m_xmss_params.

Referenced by XMSS_PrivateKey().

335  {
336  if(idx >= (1ull << XMSS_PublicKey::m_xmss_params.tree_height()))
337  {
338  throw Decoding_Error("XMSS private key leaf index out of bounds");
339  }
340  else
341  {
342  std::atomic<size_t>& index =
343  static_cast<std::atomic<size_t>&>(*recover_global_leaf_index());
344  size_t current = 0;
345 
346  do
347  {
348  current = index.load();
349  if(current > idx)
350  { return; }
351  }
352  while(!index.compare_exchange_strong(current, idx));
353  }
354  }
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
void Botan::XMSS_PublicKey::set_xmss_oid ( XMSS_Parameters::xmss_algorithm_t  xmss_oid)
inlineinherited

Sets the chosen XMSS signature method

Definition at line 96 of file xmss.h.

97  {
98  m_xmss_params = XMSS_Parameters(xmss_oid);
99  m_wots_params = XMSS_WOTS_Parameters(m_xmss_params.ots_oid());
100  }
XMSS_WOTS_Parameters::ots_algorithm_t ots_oid() const
XMSS_Parameters::xmss_algorithm_t xmss_oid() const
Definition: xmss.h:88
XMSS_WOTS_Parameters m_wots_params
Definition: xmss.h:246
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
size_t Botan::XMSS_PrivateKey::size ( ) const
inlineoverridevirtual

Size in bytes of the serialized XMSS public key produced by raw_public_key().

Returns
size in bytes of serialized Public Key.

Reimplemented from Botan::XMSS_PublicKey.

Definition at line 394 of file xmss.h.

References Botan::XMSS_PublicKey::m_xmss_params, and Botan::XMSS_PublicKey::size().

Referenced by raw_private_key(), and XMSS_PrivateKey().

395  {
396  return XMSS_PublicKey::size() +
397  sizeof(uint32_t) +
398  2 * XMSS_PublicKey::m_xmss_params.element_size();
399  }
virtual size_t size() const
Definition: xmss.h:229
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
bool Botan::XMSS_PrivateKey::stateful_operation ( ) const
inlineoverridevirtual

Reimplemented from Botan::Private_Key.

Definition at line 315 of file xmss.h.

315 { return true; }
std::vector< uint8_t > Botan::Public_Key::subject_public_key ( ) const
inherited
Returns
X.509 subject key encoding for this key object

Definition at line 38 of file pk_keys.cpp.

References Botan::Public_Key::algorithm_identifier(), Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Public_Key::public_key_bits(), Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().

Referenced by Botan::X509::BER_encode(), Botan::PKCS10_Request::create(), Botan::Public_Key::fingerprint_public(), and Botan::X509::PEM_encode().

39  {
40  std::vector<uint8_t> output;
41 
42  DER_Encoder(output).start_cons(SEQUENCE)
43  .encode(algorithm_identifier())
44  .encode(public_key_bits(), BIT_STRING)
45  .end_cons();
46 
47  return output;
48  }
virtual std::vector< uint8_t > public_key_bits() const =0
virtual AlgorithmIdentifier algorithm_identifier() const =0
secure_vector< uint8_t > Botan::XMSS_PrivateKey::tree_hash ( size_t  start_idx,
size_t  target_node_height,
XMSS_Address adrs 
)

Algorithm 9: "treeHash" Computes the internal n-byte nodes of a Merkle tree.

Parameters
start_idxThe start index.
target_node_heightHeight of the target node.
adrsAddress of the tree containing the target node.
Returns
The root node of a tree of height target_node height with the leftmost leaf being the hash of the WOTS+ pk with index start_idx.

Definition at line 137 of file xmss_privatekey.cpp.

References BOTAN_ASSERT, BOTAN_ASSERT_NOMSG, Botan::Thread_Pool::global_instance(), Botan::XMSS_PublicKey::m_xmss_params, public_seed(), Botan::XMSS_Common_Ops::randomize_tree_hash(), Botan::Thread_Pool::run(), and Botan::Thread_Pool::worker_count().

Referenced by XMSS_PrivateKey().

140  {
141  BOTAN_ASSERT_NOMSG(target_node_height <= 30);
142  BOTAN_ASSERT((start_idx % (static_cast<size_t>(1) << target_node_height)) == 0,
143  "Start index must be divisible by 2^{target node height}.");
144 
145 #if defined(BOTAN_HAS_THREAD_UTILS)
146  // dertermine number of parallel tasks to split the tree_hashing into.
147 
148  Thread_Pool& thread_pool = Thread_Pool::global_instance();
149 
150  const size_t split_level = std::min(target_node_height, thread_pool.worker_count());
151 
152  // skip parallelization overhead for leaf nodes.
153  if(split_level == 0)
154  {
155  secure_vector<uint8_t> result;
156  tree_hash_subtree(result, start_idx, target_node_height, adrs);
157  return result;
158  }
159 
160  const size_t subtrees = static_cast<size_t>(1) << split_level;
161  const size_t last_idx = (static_cast<size_t>(1) << (target_node_height)) + start_idx;
162  const size_t offs = (last_idx - start_idx) / subtrees;
163  // this cast cannot overflow because target_node_height is limited
164  uint8_t level = static_cast<uint8_t>(split_level); // current level in the tree
165 
166  BOTAN_ASSERT((last_idx - start_idx) % subtrees == 0,
167  "Number of worker threads in tree_hash need to divide range "
168  "of calculated nodes.");
169 
170  std::vector<secure_vector<uint8_t>> nodes(
171  subtrees,
172  secure_vector<uint8_t>(XMSS_PublicKey::m_xmss_params.element_size()));
173  std::vector<XMSS_Address> node_addresses(subtrees, adrs);
174  std::vector<XMSS_Hash> xmss_hash(subtrees, m_hash);
175  std::vector<std::future<void>> work;
176 
177  // Calculate multiple subtrees in parallel.
178  for(size_t i = 0; i < subtrees; i++)
179  {
180  using tree_hash_subtree_fn_t =
181  void (XMSS_PrivateKey::*)(secure_vector<uint8_t>&,
182  size_t,
183  size_t,
184  XMSS_Address&,
185  XMSS_Hash&);
186 
187  tree_hash_subtree_fn_t work_fn = &XMSS_PrivateKey::tree_hash_subtree;
188 
189  work.push_back(thread_pool.run(
190  work_fn,
191  this,
192  std::ref(nodes[i]),
193  start_idx + i * offs,
194  target_node_height - split_level,
195  std::ref(node_addresses[i]),
196  std::ref(xmss_hash[i])));
197  }
198 
199  for(auto& w : work)
200  {
201  w.get();
202  }
203  work.clear();
204 
205  // Parallelize the top tree levels horizontally
206  while(level-- > 1)
207  {
208  std::vector<secure_vector<uint8_t>> ro_nodes(
209  nodes.begin(), nodes.begin() + (static_cast<size_t>(1) << (level+1)));
210 
211  for(size_t i = 0; i < (static_cast<size_t>(1) << level); i++)
212  {
213  BOTAN_ASSERT_NOMSG(xmss_hash.size() > i);
214 
215  node_addresses[i].set_tree_height(static_cast<uint32_t>(target_node_height - (level + 1)));
216  node_addresses[i].set_tree_index(
217  (node_addresses[2 * i + 1].get_tree_index() - 1) >> 1);
218 
219  work.push_back(thread_pool.run(
221  std::ref(nodes[i]),
222  std::cref(ro_nodes[2 * i]),
223  std::cref(ro_nodes[2 * i + 1]),
224  std::ref(node_addresses[i]),
225  std::cref(this->public_seed()),
226  std::ref(xmss_hash[i]),
227  std::cref(m_xmss_params)));
228  }
229 
230  for(auto &w : work)
231  {
232  w.get();
233  }
234  work.clear();
235  }
236 
237  // Avoid creation an extra thread to calculate root node.
238  node_addresses[0].set_tree_height(static_cast<uint32_t>(target_node_height - 1));
239  node_addresses[0].set_tree_index(
240  (node_addresses[1].get_tree_index() - 1) >> 1);
242  nodes[0],
243  nodes[1],
244  node_addresses[0],
245  this->public_seed(),
246  m_hash,
247  m_xmss_params);
248  return nodes[0];
249 #else
250  secure_vector<uint8_t> result;
251  tree_hash_subtree(result, start_idx, target_node_height, adrs, m_hash);
252  return result;
253 #endif
254  }
const secure_vector< uint8_t > & public_seed() const override
Definition: xmss.h:382
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:68
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55
XMSS_PrivateKey(XMSS_Parameters::xmss_algorithm_t xmss_algo_id, RandomNumberGenerator &rng)
static void randomize_tree_hash(secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed, XMSS_Hash &hash, const XMSS_Parameters &params)
static Thread_Pool & global_instance()
Definition: thread_pool.cpp:15
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
size_t Botan::XMSS_PrivateKey::unused_leaf_index ( ) const

Retrieves the last unused leaf index of the private key. Reusing a leaf by utilizing leaf indices lower than the last unused leaf index will compromise security.

Returns
Index of the last unused leaf.

Definition at line 367 of file xmss_privatekey.cpp.

Referenced by raw_private_key().

368  {
369  return *recover_global_leaf_index();
370  }
XMSS_WOTS_Parameters::ots_algorithm_t Botan::XMSS_PublicKey::wots_oid ( ) const
inlineinherited

Retrieves the Winternitz One Time Signature (WOTS) method, corresponding to the chosen XMSS signature method.

Returns
XMSS WOTS signature method identifier.

Definition at line 130 of file xmss.h.

131  {
132  return m_wots_params.oid();
133  }
XMSS_WOTS_Parameters m_wots_params
Definition: xmss.h:246
ots_algorithm_t oid() const
Definition: xmss_wots.h:103
const XMSS_WOTS_Parameters& Botan::XMSS_PublicKey::wots_parameters ( ) const
inlineinherited

Retrieves the Winternitz One Time Signature (WOTS) parameters corresponding to the chosen XMSS signature method.

Returns
XMSS WOTS signature method parameters.

Definition at line 141 of file xmss.h.

142  {
143  return m_wots_params;
144  }
XMSS_WOTS_Parameters m_wots_params
Definition: xmss.h:246
const XMSS_WOTS_PrivateKey& Botan::XMSS_PrivateKey::wots_private_key ( ) const
inline

Winternitz One Time Signature Scheme key utilized for signing operations.

Returns
WOTS+ private key.

Definition at line 343 of file xmss.h.

344  {
345  return m_wots_priv_key;
346  }
XMSS_WOTS_PrivateKey& Botan::XMSS_PrivateKey::wots_private_key ( )
inline

Winternitz One Time Signature Scheme key utilized for signing operations.

Returns
WOTS+ private key.

Definition at line 354 of file xmss.h.

355  {
356  return m_wots_priv_key;
357  }
std::string Botan::XMSS_PublicKey::xmss_hash_function ( ) const
inlineinherited

Retrieves the XMSS parameters determined by the chosen XMSS Signature method.

Returns
XMSS parameters.

Definition at line 119 of file xmss.h.

120  {
122  }
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
const std::string & hash_function_name() const
XMSS_Parameters::xmss_algorithm_t Botan::XMSS_PublicKey::xmss_oid ( ) const
inlineinherited

Retrieves the chosen XMSS signature method.

Returns
XMSS signature method identifier.

Definition at line 88 of file xmss.h.

89  {
90  return m_xmss_params.oid();
91  }
xmss_algorithm_t oid() const
XMSS_Parameters m_xmss_params
Definition: xmss.h:245
const XMSS_Parameters& Botan::XMSS_PublicKey::xmss_parameters ( ) const
inlineinherited

Retrieves the XMSS parameters determined by the chosen XMSS Signature method.

Returns
XMSS parameters.

Definition at line 108 of file xmss.h.

Referenced by Botan::XMSS_Verification_Operation::is_valid_signature().

109  {
110  return m_xmss_params;
111  }
XMSS_Parameters m_xmss_params
Definition: xmss.h:245

Member Data Documentation

secure_vector<uint8_t> Botan::XMSS_PublicKey::m_public_seed
protectedinherited
std::vector<uint8_t> Botan::XMSS_PublicKey::m_raw_key
protectedinherited

Definition at line 244 of file xmss.h.

Referenced by Botan::XMSS_PublicKey::XMSS_PublicKey().

secure_vector<uint8_t> Botan::XMSS_PublicKey::m_root
protectedinherited
XMSS_WOTS_Parameters Botan::XMSS_PublicKey::m_wots_params
protectedinherited

Definition at line 246 of file xmss.h.

Referenced by XMSS_PrivateKey().

XMSS_Parameters Botan::XMSS_PublicKey::m_xmss_params
protectedinherited

The documentation for this class was generated from the following files: