Botan
2.1.0
Crypto and TLS for C++11
|
#include <xmss_privatekey.h>
Public Member Functions | |
std::string | algo_name () const override |
virtual AlgorithmIdentifier | algorithm_identifier () const override |
virtual bool | check_key (RandomNumberGenerator &, bool) const override |
virtual std::unique_ptr< PK_Ops::Decryption > | create_decryption_op (RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const |
virtual std::unique_ptr< PK_Ops::Encryption > | create_encryption_op (RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const |
virtual std::unique_ptr< PK_Ops::KEM_Decryption > | create_kem_decryption_op (RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const |
virtual std::unique_ptr< PK_Ops::KEM_Encryption > | create_kem_encryption_op (RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const |
virtual std::unique_ptr< PK_Ops::Key_Agreement > | create_key_agreement_op (RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const |
virtual std::unique_ptr< PK_Ops::Signature > | create_signature_op (RandomNumberGenerator &, const std::string &, const std::string &provider) const override |
virtual std::unique_ptr< PK_Ops::Verification > | create_verification_op (const std::string &, const std::string &provider) const override |
virtual size_t | estimated_strength () const override |
std::string | fingerprint (const std::string &alg="SHA") const |
virtual OID | get_oid () const |
virtual size_t | key_length () const override |
virtual size_t | message_part_size () const |
virtual size_t | message_parts () const |
virtual AlgorithmIdentifier | pkcs8_algorithm_identifier () const |
const secure_vector< uint8_t > & | prf () const |
secure_vector< uint8_t > & | prf () |
virtual secure_vector< uint8_t > | private_key_bits () const override |
secure_vector< uint8_t > | private_key_info () const |
virtual std::vector< uint8_t > | public_key_bits () const override |
virtual secure_vector< uint8_t > & | public_seed () |
virtual const secure_vector< uint8_t > & | public_seed () const override |
virtual secure_vector< uint8_t > | raw_private_key () const |
virtual std::vector< uint8_t > | raw_public_key () const |
size_t | reserve_unused_leaf_index () |
secure_vector< uint8_t > & | root () |
const secure_vector< uint8_t > & | root () const |
virtual void | set_public_seed (const secure_vector< uint8_t > &public_seed) override |
virtual void | set_public_seed (secure_vector< uint8_t > &&public_seed) override |
void | set_root (const secure_vector< uint8_t > &root) |
void | set_root (secure_vector< uint8_t > &&root) |
void | set_unused_leaf_index (size_t idx) |
void | set_xmss_oid (XMSS_Parameters::xmss_algorithm_t xmss_oid) |
virtual size_t | size () const override |
std::vector< uint8_t > | subject_public_key () const |
secure_vector< uint8_t > | tree_hash (size_t start_idx, size_t target_node_height, XMSS_Address &adrs) |
size_t | unused_leaf_index () const |
XMSS_WOTS_Parameters::ots_algorithm_t | wots_oid () const |
const XMSS_WOTS_Parameters & | wots_parameters () const |
const XMSS_WOTS_PrivateKey & | wots_private_key () const |
XMSS_WOTS_PrivateKey & | wots_private_key () |
XMSS_Parameters::xmss_algorithm_t | xmss_oid () const |
const XMSS_Parameters & | xmss_parameters () const |
XMSS_PrivateKey (XMSS_Parameters::xmss_algorithm_t xmss_algo_id, RandomNumberGenerator &rng) | |
XMSS_PrivateKey (const secure_vector< uint8_t > &raw_key) | |
XMSS_PrivateKey (XMSS_Parameters::xmss_algorithm_t xmss_algo_id, size_t idx_leaf, const secure_vector< uint8_t > &wots_priv_seed, const secure_vector< uint8_t > &prf, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &public_seed) | |
Protected Member Functions | |
void | create_l_tree (secure_vector< uint8_t > &result, wots_keysig_t pk, XMSS_Address &adrs, const secure_vector< uint8_t > &seed) |
void | randomize_tree_hash (secure_vector< uint8_t > &result, const secure_vector< uint8_t > &left, const secure_vector< uint8_t > &right, XMSS_Address &adrs, const secure_vector< uint8_t > &seed) |
Protected Attributes | |
XMSS_Hash | m_hash |
secure_vector< uint8_t > | m_public_seed |
secure_vector< uint8_t > | m_root |
XMSS_WOTS_Parameters | m_wots_params |
XMSS_Parameters | m_xmss_params |
XMSS_Parameters | m_xmss_params |
An XMSS: Extended Hash-Based Signature private key. The XMSS private key does not support the X509 and PKCS7 standard. Instead the raw format described in [1] is used.
[1] XMSS: Extended Hash-Based Signatures, draft-itrf-cfrg-xmss-hash-based-signatures-06 Release: July 2016. https://datatracker.ietf.org/doc/ draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
Definition at line 40 of file xmss_privatekey.h.
Botan::XMSS_PrivateKey::XMSS_PrivateKey | ( | XMSS_Parameters::xmss_algorithm_t | xmss_algo_id, |
RandomNumberGenerator & | rng | ||
) |
Creates a new XMSS private key for the chosen XMSS signature method. New seeds for public/private key and pseudo random function input are generated using the provided RNG. The appropriate WOTS signature method will be automatically set based on the chosen XMSS signature method.
xmss_algo_id | Identifier for the selected XMSS signature method. |
rng | A random number generator to use for key generation. |
Definition at line 65 of file xmss_privatekey.cpp.
References Botan::XMSS_PublicKey::m_xmss_params, Botan::XMSS_PublicKey::set_root(), and tree_hash().
Botan::XMSS_PrivateKey::XMSS_PrivateKey | ( | const secure_vector< uint8_t > & | raw_key | ) |
Creates an XMSS_PrivateKey from a byte sequence produced by raw_private_key().
raw_key | An XMSS private key serialized using raw_private_key(). |
Definition at line 23 of file xmss_privatekey.cpp.
References BOTAN_ASSERT, Botan::XMSS_Parameters::element_size(), Botan::XMSS_WOTS_Parameters::element_size(), Botan::XMSS_PublicKey::m_wots_params, Botan::XMSS_PublicKey::m_xmss_params, Botan::XMSS_WOTS_PrivateKey::set_private_seed(), set_unused_leaf_index(), size(), and Botan::XMSS_PublicKey::size().
|
inline |
Creates a new XMSS private key for the chosen XMSS signature method using precomputed seeds for public/private keys and pseudo random function input. The appropriate WOTS signature method will be automatically set, based on the chosen XMSS signature method.
xmss_algo_id | Identifier for the selected XMSS signature method. |
idx_leaf | Index of the next unused leaf. |
wots_priv_seed | A seed to generate a Winternitz-One-Time- Signature private key from. |
prf | a secret n-byte key sourced from a secure source of uniformly random data. |
root | Root node of the binary hash tree. |
public_seed | The public seed. |
Definition at line 80 of file xmss_privatekey.h.
|
inlineoverridevirtualinherited |
Get the name of the underlying public key scheme.
Implements Botan::Public_Key.
Definition at line 189 of file xmss_publickey.h.
Referenced by create_signature_op(), and Botan::XMSS_PublicKey::create_verification_op().
|
inlineoverridevirtualinherited |
Implements Botan::Public_Key.
Definition at line 194 of file xmss_publickey.h.
References Botan::AlgorithmIdentifier::USE_NULL_PARAM.
|
inlineoverridevirtualinherited |
Test the key values for consistency.
rng | rng to use |
strong | whether to perform strong and lengthy version of the test |
Implements Botan::Public_Key.
Definition at line 199 of file xmss_publickey.h.
|
virtualinherited |
This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h
Return an decryption operation for this key/params or throw
rng | a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it. |
params | additional parameters |
provider | the provider to use |
Reimplemented in Botan::RSA_PrivateKey, and Botan::ElGamal_PrivateKey.
Definition at line 102 of file pk_keys.cpp.
References Botan::Public_Key::algo_name().
Referenced by Botan::PK_Decryptor_EME::PK_Decryptor_EME().
|
virtualinherited |
This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h
Return an encryption operation for this key/params or throw
rng | a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it. |
params | additional parameters |
provider | the provider to use |
Reimplemented in Botan::RSA_PublicKey, and Botan::ElGamal_PublicKey.
Definition at line 79 of file pk_keys.cpp.
References Botan::Public_Key::algo_name().
Referenced by Botan::PK_Encryptor_EME::PK_Encryptor_EME().
|
virtualinherited |
This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h
Return a KEM decryption operation for this key/params or throw
rng | a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it. |
params | additional parameters |
provider | the provider to use |
Reimplemented in Botan::RSA_PrivateKey, and Botan::McEliece_PrivateKey.
Definition at line 110 of file pk_keys.cpp.
References Botan::Public_Key::algo_name().
Referenced by Botan::PK_KEM_Decryptor::PK_KEM_Decryptor().
|
virtualinherited |
This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h
Return a KEM encryption operation for this key/params or throw
rng | a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it. |
params | additional parameters |
provider | the provider to use |
Reimplemented in Botan::RSA_PublicKey, and Botan::McEliece_PublicKey.
Definition at line 87 of file pk_keys.cpp.
References Botan::Public_Key::algo_name().
Referenced by Botan::PK_KEM_Encryptor::PK_KEM_Encryptor().
|
virtualinherited |
This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h
Return a key agreement operation for this key/params or throw
rng | a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it. |
params | additional parameters |
provider | the provider to use |
Reimplemented in Botan::ECDH_PrivateKey, Botan::Curve25519_PrivateKey, and Botan::DH_PrivateKey.
Definition at line 126 of file pk_keys.cpp.
References Botan::Public_Key::algo_name().
Referenced by Botan::PK_Key_Agreement::PK_Key_Agreement().
|
protectedinherited |
Algorithm 8: "ltree" Create an L-tree used to compute the leaves of the binary hash tree. Takes a WOTS+ public key and compresses it to a single n-byte value.
[out] | result | Public key compressed to a single n-byte value pk[0]. |
[in] | pk | Winternitz One Time Signatures+ public key. |
[in] | adrs | Address encoding the address of the L-Tree |
[in] | seed | The seed generated during the public key generation. |
Definition at line 45 of file xmss_common_ops.cpp.
References Botan::XMSS_Address::get_tree_height(), Botan::XMSS_Parameters::len(), Botan::XMSS_Common_Ops::m_xmss_params, Botan::XMSS_Common_Ops::randomize_tree_hash(), Botan::XMSS_Address::set_tree_height(), and Botan::XMSS_Address::set_tree_index().
Referenced by tree_hash().
|
overridevirtual |
This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h
Return a signature operation for this key/params or throw
rng | a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it. |
params | additional parameters |
provider | the provider to use |
Reimplemented from Botan::Private_Key.
Definition at line 177 of file xmss_privatekey.cpp.
References Botan::XMSS_PublicKey::algo_name().
|
overridevirtualinherited |
This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h
Return a verification operation for this key/params or throw
params | additional parameters |
provider | the provider to use |
Reimplemented from Botan::Public_Key.
Definition at line 64 of file xmss_publickey.cpp.
References Botan::XMSS_PublicKey::algo_name().
|
inlineoverridevirtualinherited |
Return the estimated strength of the underlying key against the best currently known attack. Note that this ignores anything but pure attacks against the key itself and do not take into account padding schemes, usage mistakes, etc which might reduce the strength. However it does suffice to provide an upper bound.
Implements Botan::Public_Key.
Definition at line 208 of file xmss_publickey.h.
|
inherited |
Definition at line 57 of file pk_keys.cpp.
References Botan::HashFunction::create(), hash, Botan::hex_encode(), and Botan::Private_Key::private_key_bits().
Referenced by Botan::Certificate_Store_In_SQL::find_certs_for_key(), Botan::Certificate_Store_In_SQL::insert_key(), and Botan::Certificate_Store_In_SQL::remove_key().
|
virtualinherited |
Get the OID of the underlying public key scheme.
Reimplemented in Botan::XMSS_WOTS_Addressed_PublicKey.
Definition at line 30 of file pk_keys.cpp.
References Botan::Public_Key::algo_name(), and Botan::OIDS::lookup().
Referenced by Botan::DL_Scheme_PublicKey::algorithm_identifier(), Botan::Curve25519_PublicKey::algorithm_identifier(), Botan::McEliece_PublicKey::algorithm_identifier(), Botan::RSA_PublicKey::algorithm_identifier(), Botan::GOST_3410_PublicKey::algorithm_identifier(), Botan::EC_PublicKey::algorithm_identifier(), Botan::TPM_PrivateKey::algorithm_identifier(), and Botan::XMSS_WOTS_Addressed_PublicKey::get_oid().
|
inlineoverridevirtualinherited |
Return an integer value best approximating the length of the primary security parameter. For example for RSA this will be the size of the modulus, for ECDSA the size of the ECC group, and for McEliece the size of the code will be returned.
Implements Botan::Public_Key.
Definition at line 213 of file xmss_publickey.h.
|
inlinevirtualinherited |
Returns how large each of the message parts refered to by message_parts() is
This function is public but applications should have few reasons to ever call this.
Reimplemented in Botan::GOST_3410_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, and Botan::DSA_PublicKey.
Definition at line 114 of file pk_keys.h.
Referenced by Botan::PK_Signer::PK_Signer(), and Botan::PK_Verifier::PK_Verifier().
|
inlinevirtualinherited |
Returns more than 1 if the output of this algorithm (ciphertext, signature) should be treated as more than one value. This is used for algorithms like DSA and ECDSA, where the (r,s) output pair can be encoded as either a plain binary list or a TLV tagged DER encoding depending on the protocol.
This function is public but applications should have few reasons to ever call this.
Reimplemented in Botan::GOST_3410_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, and Botan::DSA_PublicKey.
Definition at line 103 of file pk_keys.h.
Referenced by Botan::X509_Object::check_signature(), Botan::choose_sig_format(), Botan::PK_Signer::PK_Signer(), and Botan::PK_Verifier::PK_Verifier().
|
inlinevirtualinherited |
Reimplemented in Botan::XMSS_WOTS_PrivateKey, Botan::GOST_3410_PrivateKey, and Botan::XMSS_WOTS_Addressed_PrivateKey.
Definition at line 188 of file pk_keys.h.
Referenced by Botan::Private_Key::private_key_info().
|
inline |
Definition at line 173 of file xmss_privatekey.h.
|
inline |
Definition at line 178 of file xmss_privatekey.h.
|
inlineoverridevirtual |
Implements Botan::Private_Key.
Definition at line 206 of file xmss_privatekey.h.
|
inherited |
Definition at line 41 of file pk_keys.cpp.
References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::OCTET_STRING, Botan::Private_Key::pkcs8_algorithm_identifier(), Botan::Private_Key::private_key_bits(), Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().
Referenced by Botan::PKCS8::BER_encode(), Botan::PKCS8::BER_encode_encrypted_pbkdf_iter(), and Botan::PKCS8::BER_encode_encrypted_pbkdf_msec().
|
inlineoverridevirtualinherited |
Returns a raw byte sequence as defined in [1]. This method acts as an alias for raw_public_key().
Implements Botan::Public_Key.
Definition at line 224 of file xmss_publickey.h.
|
inlinevirtualinherited |
Definition at line 169 of file xmss_publickey.h.
|
inlineoverridevirtual |
Reimplemented from Botan::XMSS_PublicKey.
Definition at line 196 of file xmss_privatekey.h.
Referenced by tree_hash().
|
protectedinherited |
Algorithm 7: "RAND_HASH"
Generates a randomized hash.
[out] | result | The resulting randomized hash. |
[in] | left | Left half of the hash function input. |
[in] | right | Right half of the hash function input. |
[in] | adrs | Adress of the hash function call. |
[in] | seed | The seed for G. |
Definition at line 14 of file xmss_common_ops.cpp.
References BOTAN_ASSERT, Botan::XMSS_Address::bytes(), Botan::XMSS_Parameters::element_size(), Botan::XMSS_Hash::h(), Botan::XMSS_Address::Key_Mode, Botan::XMSS_Common_Ops::m_hash, Botan::XMSS_Common_Ops::m_xmss_params, Botan::XMSS_Address::Mask_LSB_Mode, Botan::XMSS_Address::Mask_MSB_Mode, Botan::XMSS_Hash::prf(), and Botan::XMSS_Address::set_key_mask_mode().
Referenced by Botan::XMSS_Common_Ops::create_l_tree(), and tree_hash().
|
virtual |
Generates a non standartized byte sequence representing the XMSS private key.
Definition at line 155 of file xmss_privatekey.cpp.
References Botan::XMSS_WOTS_PrivateKey::private_seed(), Botan::XMSS_PublicKey::raw_public_key(), size(), and unused_leaf_index().
|
virtualinherited |
Generates a non standardized byte sequence representing the XMSS public key, as defined in 1
Definition at line 75 of file xmss_publickey.cpp.
References Botan::XMSS_PublicKey::m_public_seed, Botan::XMSS_PublicKey::m_root, Botan::XMSS_PublicKey::m_xmss_params, and Botan::XMSS_Parameters::oid().
Referenced by raw_private_key().
|
inline |
|
inlineinherited |
Definition at line 149 of file xmss_publickey.h.
|
inlineinherited |
Definition at line 164 of file xmss_publickey.h.
|
inlineoverridevirtual |
Reimplemented from Botan::XMSS_PublicKey.
Definition at line 183 of file xmss_privatekey.h.
|
inlineoverridevirtual |
Reimplemented from Botan::XMSS_PublicKey.
Definition at line 190 of file xmss_privatekey.h.
|
inlineinherited |
|
inlineinherited |
Definition at line 159 of file xmss_publickey.h.
|
inline |
Sets the last unused leaf index of the private key. The leaf index will be updated automatically during every signing operation, and should not be set manually.
idx | Index of the last unused leaf. |
Definition at line 116 of file xmss_privatekey.h.
References Botan::XMSS_PublicKey::m_xmss_params.
Referenced by XMSS_PrivateKey().
|
inlineinherited |
Sets the chosen XMSS signature method
Definition at line 110 of file xmss_publickey.h.
|
inlineoverridevirtual |
Size in bytes of the serialized XMSS public key produced by raw_public_key().
Reimplemented from Botan::XMSS_PublicKey.
Definition at line 211 of file xmss_privatekey.h.
References Botan::XMSS_PublicKey::m_xmss_params, and Botan::XMSS_PublicKey::size().
Referenced by raw_private_key(), and XMSS_PrivateKey().
|
inherited |
Definition at line 17 of file pk_keys.cpp.
References Botan::Public_Key::algorithm_identifier(), Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents_unlocked(), Botan::Public_Key::public_key_bits(), Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().
Referenced by Botan::X509::BER_encode(), and Botan::X509::PEM_encode().
secure_vector< uint8_t > Botan::XMSS_PrivateKey::tree_hash | ( | size_t | start_idx, |
size_t | target_node_height, | ||
XMSS_Address & | adrs | ||
) |
Algorithm 9: "treeHash" Computes the internal n-byte nodes of a Merkle tree.
start_idx | The start index. |
target_node_height | Height of the target node. |
adrs | Address of the tree containing the target node. |
Definition at line 83 of file xmss_privatekey.cpp.
References BOTAN_ASSERT, Botan::XMSS_Common_Ops::create_l_tree(), Botan::XMSS_WOTS_PrivateKey::generate_public_key(), Botan::XMSS_Address::get_tree_height(), Botan::XMSS_Address::get_tree_index(), Botan::XMSS_Address::Hash_Tree_Address, Botan::XMSS_Address::LTree_Address, Botan::XMSS_PublicKey::m_xmss_params, Botan::XMSS_WOTS_Parameters::oid(), Botan::XMSS_Address::OTS_Hash_Address, public_seed(), Botan::XMSS_Common_Ops::randomize_tree_hash(), Botan::XMSS_Address::set_ltree_address(), Botan::XMSS_Address::set_ots_address(), Botan::XMSS_Address::set_tree_height(), Botan::XMSS_Address::set_tree_index(), Botan::XMSS_Address::set_type(), Botan::XMSS_WOTS_PublicKey::wots_parameters(), and wots_private_key().
Referenced by XMSS_PrivateKey().
|
inline |
Retrieves the last unused leaf index of the private key. Reusing a leaf by utilizing leaf indices lower than the last unused leaf index will compromise security.
Definition at line 104 of file xmss_privatekey.h.
Referenced by raw_private_key().
|
inlineinherited |
Retrieves the Winternitz One Time Signature (WOTS) method, corrseponding to the chosen XMSS signature method.
Definition at line 133 of file xmss_publickey.h.
|
inlineinherited |
Retrieves the Winternitz One Time Signature (WOTS) parameters corresponding to the chosen XMSS signature method.
Definition at line 144 of file xmss_publickey.h.
|
inline |
Winternitz One Time Signature Scheme key utilized for signing operations.
Definition at line 157 of file xmss_privatekey.h.
Referenced by tree_hash().
|
inline |
Winternitz One Time Signature Scheme key utilized for signing operations.
Definition at line 168 of file xmss_privatekey.h.
|
inlineinherited |
Retrieves the chosen XMSS signature method.
Definition at line 100 of file xmss_publickey.h.
|
inlineinherited |
Retrieves the XMSS parameters determined by the chosen XMSS Signature method.
Definition at line 122 of file xmss_publickey.h.
Referenced by Botan::XMSS_Verification_Operation::is_valid_signature().
|
protectedinherited |
Definition at line 69 of file xmss_common_ops.h.
Referenced by Botan::XMSS_Common_Ops::randomize_tree_hash(), Botan::XMSS_Signature_Operation::sign(), and Botan::XMSS_Signature_Operation::update().
|
protectedinherited |
Definition at line 253 of file xmss_publickey.h.
Referenced by Botan::XMSS_PublicKey::raw_public_key(), and Botan::XMSS_PublicKey::XMSS_PublicKey().
|
protectedinherited |
Definition at line 252 of file xmss_publickey.h.
Referenced by Botan::XMSS_PublicKey::raw_public_key(), and Botan::XMSS_PublicKey::XMSS_PublicKey().
|
protectedinherited |
Definition at line 251 of file xmss_publickey.h.
Referenced by XMSS_PrivateKey().
|
protectedinherited |
Definition at line 68 of file xmss_common_ops.h.
Referenced by Botan::XMSS_Common_Ops::create_l_tree(), and Botan::XMSS_Common_Ops::randomize_tree_hash().
|
protectedinherited |
Definition at line 250 of file xmss_publickey.h.
Referenced by Botan::XMSS_PublicKey::raw_public_key(), reserve_unused_leaf_index(), set_unused_leaf_index(), size(), tree_hash(), XMSS_PrivateKey(), and Botan::XMSS_PublicKey::XMSS_PublicKey().