Botan  2.1.0
Crypto and TLS for C++11
xmss_wots_privatekey.h
Go to the documentation of this file.
1 /*
2  * XMSS WOTS Private Key
3  * (C) 2016 Matthias Gierlings
4  *
5  * Botan is released under the Simplified BSD License (see license.txt)
6  **/
7 
8 #ifndef BOTAN_XMSS_WOTS_PRIVATEKEY_H__
9 #define BOTAN_XMSS_WOTS_PRIVATEKEY_H__
10 
11 #include <cstddef>
12 #include <memory>
13 #include <botan/alg_id.h>
14 #include <botan/assert.h>
15 #include <botan/exceptn.h>
16 #include <botan/pk_keys.h>
17 #include <botan/types.h>
18 #include <botan/xmss_wots_parameters.h>
19 #include <botan/xmss_address.h>
20 #include <botan/xmss_wots_publickey.h>
21 
22 namespace Botan {
23 
24 /** A Winternitz One Time Signature private key for use with Extended Hash-Based
25  * Signatures.
26  **/
27 class BOTAN_DLL XMSS_WOTS_PrivateKey : public virtual XMSS_WOTS_PublicKey,
28  public virtual Private_Key
29  {
30  public:
31  /**
32  * Creates a WOTS private key for the chosen XMSS WOTS signature method.
33  * Members need to be initialized manually.
34  *
35  * @param oid Identifier for the selected signature method.
36  **/
38  : XMSS_WOTS_PublicKey(oid)
39  {}
40 
41  /**
42  * Creates a WOTS private key for the chosen XMSS WOTS signature method.
43  *
44  * @param oid Identifier for the selected signature method.
45  * @param rng A random number generator to use for key generation.
46  **/
49  : XMSS_WOTS_PublicKey(oid, rng),
50  m_private_seed(rng.random_vec(m_wots_params.element_size()))
51  {
52  set_key_data(generate(m_private_seed));
53  }
54 
55  /**
56  * Constructs a WOTS private key. Chains will be generated on demand
57  * applying a hash function to a unique value generated from a secret
58  * seed and a counter. The secret seed of length n, will be
59  * automatically generated using AutoSeeded_RNG(). "n" equals
60  * the element size of the chosen WOTS security parameter set.
61  *
62  * @param oid Identifier for the selected signature method.
63  * @param public_seed A public seed used for the pseudo random generation
64  * of public keys derived from this private key.
65  * @param rng A random number generator to use for key generation.
66  **/
68  const secure_vector<uint8_t>& public_seed,
70  : XMSS_WOTS_PublicKey(oid, public_seed),
71  m_private_seed(rng.random_vec(m_wots_params.element_size()))
72  {
73  set_key_data(generate(m_private_seed));
74  }
75 
76  /**
77  * Constructs a WOTS private key. Chains will be generated on demand
78  * applying a hash function to a unique value generated from a secret
79  * seed and a counter. The secret seed of length n, will be
80  * automatically generated using AutoSeeded_RNG(). "n" equals
81  * the element size of the chosen WOTS security parameter set.
82  *
83  * @param oid Identifier for the selected signature method.
84  * @param public_seed A public seed used for the pseudo random generation
85  * of public keys derived from this private key.
86  **/
88  const secure_vector<uint8_t>& public_seed)
89  : XMSS_WOTS_PublicKey(oid, public_seed)
90  {}
91 
92  /**
93  * Constructs a WOTS private key. Chains will be generated on demand
94  * applying a hash function to a unique value generated from the
95  * secret seed and a counter.
96  *
97  * @param oid Identifier for the selected signature method.
98  * @param public_seed A public seed used for the pseudo random generation
99  * of public keys derived from this private key.
100  * @param private_seed A secret uniformly random n-byte value.
101  **/
103  const secure_vector<uint8_t>& public_seed,
104  const secure_vector<uint8_t>& private_seed)
105  : XMSS_WOTS_PublicKey(oid, public_seed),
106  m_private_seed(private_seed)
107  {
108  set_key_data(generate(private_seed));
109  }
110 
111  /**
112  * Retrieves the i-th WOTS private key using pseudo random key
113  * (re-)generation.
114  *
115  * @param i Index of the key to retrieve.
116  *
117  * @return WOTS secret key.
118  **/
120  {
121  secure_vector<uint8_t> idx_bytes;
122  XMSS_Tools::concat(idx_bytes, i, m_wots_params.element_size());
123  m_hash.h(idx_bytes, m_private_seed, idx_bytes);
124  return generate(idx_bytes);
125  }
126 
127  /**
128  * Retrieves the i-th WOTS private key using pseudo random key
129  * (re-)generation.
130  *
131  * @param adrs The address of the key to retrieve.
132  *
133  * @return WOTS secret key.
134  **/
136  {
137  secure_vector<uint8_t> result;
138  m_hash.prf(result, m_private_seed, adrs.bytes());
139  return generate(result);
140  }
141 
142  wots_keysig_t generate_private_key(const secure_vector<uint8_t>& priv_seed);
143 
144  /**
145  * Algorithm 4: "WOTS_genPK"
146  * Generates a Winternitz One Time Signature+ (WOTS+) Public Key from a
147  * given private key.
148  *
149  * @param adrs Hash function address encoding the address of the WOTS+
150  * key pair within a greater structure.
151  *
152  * @return A XMSS_WOTS_PublicKey.
153  **/
154  XMSS_WOTS_PublicKey generate_public_key(XMSS_Address& adrs);
155 
156  /**
157  * Algorithm 4: "WOTS_genPK"
158  * Initializes a Winternitz One Time Signature+ (WOTS+) Public Key's
159  * key_data() member, with data derived from in_key_data using the
160  * WOTS chaining function.
161  *
162  * @param[out] pub_key Public key to initialize key_data() member on.
163  * @param in_key_data Input key material from private key used for
164  * public key generation.
165  * @param adrs Hash function address encoding the address of
166  * the WOTS+ key pair within a greater structure.
167  **/
168  void generate_public_key(XMSS_WOTS_PublicKey& pub_key,
169  wots_keysig_t&& in_key_data,
170  XMSS_Address& adrs);
171 
172  /**
173  * Algorithm 5: "WOTS_sign"
174  * Generates a signature from a private key and a message.
175  *
176  * @param msg A message to sign.
177  * @param adrs An OTS hash address identifying the WOTS+ key pair
178  * used for signing.
179  *
180  * @return signature for msg.
181  **/
182  wots_keysig_t sign(const secure_vector<uint8_t>& msg,
183  XMSS_Address& adrs);
184 
185  /**
186  * Retrieves the secret seed used to generate WOTS+ chains. The seed
187  * should be a uniformly random n-byte value.
188  *
189  * @return secret seed.
190  **/
192  {
193  return m_private_seed;
194  }
195 
196  /**
197  * Sets the secret seed used to generate WOTS+ chains. The seed
198  * should be a uniformly random n-byte value.
199  *
200  * @param private_seed Uniformly random n-byte value.
201  **/
202  void set_private_seed(const secure_vector<uint8_t>& private_seed)
203  {
204  m_private_seed = private_seed;
205  }
206 
207  /**
208  * Sets the secret seed used to generate WOTS+ chains. The seed
209  * should be a uniformly random n-byte value.
210  *
211  * @param private_seed Uniformly random n-byte value.
212  **/
214  {
215  m_private_seed = std::move(private_seed);
216  }
217 
218  virtual AlgorithmIdentifier
219  pkcs8_algorithm_identifier() const override
220  {
221  throw Not_Implemented("No AlgorithmIdentifier available for XMSS-WOTS.");
222  }
223 
224  virtual std::unique_ptr<PK_Ops::Signature>
225  create_signature_op(RandomNumberGenerator&,
226  const std::string&,
227  const std::string& provider) const override;
228 
229  virtual secure_vector<uint8_t> private_key_bits() const override
230  {
231  throw Not_Implemented("No PKCS8 key format defined for XMSS-WOTS.");
232  }
233 
234  private:
235  /**
236  * Algorithm 3: "Generating a WOTS+ Private Key".
237  * Generates a private key.
238  *
239  * @param private_seed Uniformly random n-byte value.
240  *
241  * @returns a vector of length key_size() of vectors of n bytes length
242  * containing uniformly random data.
243  **/
244  wots_keysig_t generate(const secure_vector<uint8_t>& private_seed);
245 
246  secure_vector<uint8_t> m_private_seed;
247  };
248 
249 }
250 
251 #endif
252 
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, RandomNumberGenerator &rng)
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &public_seed, const secure_vector< uint8_t > &private_seed)
const secure_vector< uint8_t > & private_seed() const
wots_keysig_t operator[](const XMSS_Address &adrs)
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &public_seed)
virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const override
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:121
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &public_seed, RandomNumberGenerator &rng)
XMSS_WOTS_PrivateKey(XMSS_WOTS_Parameters::ots_algorithm_t oid)
void set_private_seed(secure_vector< uint8_t > &&private_seed)
Definition: alg_id.cpp:13
std::vector< secure_vector< uint8_t > > wots_keysig_t
static void concat(secure_vector< uint8_t > &target, const T &src)
Definition: xmss_tools.h:63
wots_keysig_t operator[](size_t i)
const secure_vector< uint8_t > & bytes() const
Definition: xmss_address.h:326
virtual secure_vector< uint8_t > private_key_bits() const override
void set_private_seed(const secure_vector< uint8_t > &private_seed)
std::unique_ptr< HashFunction > m_hash
Definition: tpm.cpp:439