Botan  2.1.0
Crypto and TLS for C++11
xmss_wots_publickey.h
Go to the documentation of this file.
1 /*
2  * XMSS WOTS Public Key
3  * (C) 2016 Matthias Gierlings
4  *
5  * Botan is released under the Simplified BSD License (see license.txt)
6  **/
7 
8 #ifndef BOTAN_XMSS_WOTS_PUBLICKEY_H__
9 #define BOTAN_XMSS_WOTS_PUBLICKEY_H__
10 
11 #include <cstddef>
12 #include <string>
13 #include <vector>
14 #include <botan/alg_id.h>
15 #include <botan/asn1_oid.h>
16 #include <botan/assert.h>
17 #include <botan/exceptn.h>
18 #include <botan/pk_keys.h>
19 #include <botan/types.h>
20 #include <botan/xmss_wots_parameters.h>
21 #include <botan/xmss_address.h>
22 #include <botan/xmss_hash.h>
23 
24 namespace Botan {
25 
26 typedef std::vector<secure_vector<uint8_t>> wots_keysig_t;
27 
28 /**
29  * A Winternitz One Time Signature public key for use with Extended Hash-Based
30  * Signatures.
31  **/
32 class BOTAN_DLL XMSS_WOTS_PublicKey : virtual public Public_Key
33  {
34  public:
36  {
37  public:
38  TreeSignature() = default;
39 
40  TreeSignature(const wots_keysig_t& ots_sig,
41  const wots_keysig_t& auth_path)
42  : m_ots_sig(ots_sig), m_auth_path(auth_path)
43  {}
44 
45  TreeSignature(wots_keysig_t&& ots_sig,
46  wots_keysig_t&& auth_path)
47  : m_ots_sig(std::move(ots_sig)),
48  m_auth_path(std::move(auth_path))
49  {}
50 
51  const wots_keysig_t& ots_signature() const
52  {
53  return m_ots_sig;
54  }
55 
56  wots_keysig_t& ots_signature()
57  {
58  return m_ots_sig;
59  }
60 
61  const wots_keysig_t& authentication_path() const
62  {
63  return m_auth_path;
64  }
65 
66  wots_keysig_t& authentication_path()
67  {
68  return m_auth_path;
69  }
70 
71  private:
72  wots_keysig_t m_ots_sig;
73  wots_keysig_t m_auth_path;
74  };
75 
76  /**
77  * Creates a XMSS_WOTS_PublicKey for the signature method identified by
78  * oid. The public seed for this key will be initialized with a
79  * uniformly random n-byte value, where "n" is the element size of the
80  * selected signature method.
81  *
82  * @param oid Identifier for the selected signature method.
83  **/
85  : m_wots_params(oid),
86  m_hash(m_wots_params.hash_function_name()) {}
87 
88  /**
89  * Creates a XMSS_WOTS_PublicKey for the signature method identified by
90  * oid. The public seed for this key will be initialized with a
91  * uniformly random n-byte value, where "n" is the element size of the
92  * selected signature method.
93  *
94  * @param oid Identifier for the selected signature method.
95  * @param rng A random number generate used to generate the public seed.
96  **/
99  : m_wots_params(oid),
100  m_hash(m_wots_params.hash_function_name()),
101  m_public_seed(rng.random_vec(m_wots_params.element_size())) {}
102 
103  /**
104  * Creates a XMSS_WOTS_PrivateKey for the signature method identified by
105  * oid, with a precomputed public seed.
106  *
107  * @param oid Identifier for the selected signature method.
108  * @param public_seed A precomputed public seed of n-bytes length.
109  **/
111  secure_vector<uint8_t> public_seed)
112  : m_wots_params(oid),
113  m_hash(m_wots_params.hash_function_name()),
114  m_public_seed(public_seed) {}
115 
116  /**
117  * Creates a XMSS_WOTS_PublicKey for the signature method identified by
118  * oid. The public seed will be initialized with a precomputed seed and
119  * and precomputed key data which should be derived from a
120  * XMSS_WOTS_PrivateKey.
121  *
122  * @param oid Ident:s/ifier for the selected signature methods.
123  * @param public_seed A precomputed public seed of n-bytes length.
124  * @param key Precomputed raw key data of the XMSS_WOTS_PublicKey.
125  **/
127  secure_vector<uint8_t>&& public_seed,
128  wots_keysig_t&& key)
129  : m_wots_params(oid),
130  m_hash(m_wots_params.hash_function_name()),
131  m_key(std::move(key)),
132  m_public_seed(std::move(public_seed))
133  {}
134 
135  /**
136  * Creates a XMSS_WOTS_PublicKey for the signature method identified by
137  * oid. The public seed will be initialized with a precomputed seed and
138  * and precomputed key data which should be derived from a
139  * XMSS_WOTS_PrivateKey.
140  *
141  * @param oid Identifier for the selected signature methods.
142  * @param public_seed A precomputed public seed of n-bytes length.
143  * @param key Precomputed raw key data of the XMSS_WOTS_PublicKey.
144  **/
146  const secure_vector<uint8_t>& public_seed,
147  const wots_keysig_t& key)
148  : m_wots_params(oid),
149  m_hash(m_wots_params.hash_function_name()),
150  m_key(key),
151  m_public_seed(public_seed)
152  {}
153 
154  /**
155  * Creates a XMSS_WOTS_PublicKey form a message and signature using
156  * Algorithm 6 WOTS_pkFromSig defined in the XMSS standard. This
157  * overload is used to verify a message using a public key.
158  *
159  * @param oid WOTSP algorithm identifier.
160  * @param msg A message.
161  * @param sig A WOTS signature for msg.
162  * @param adrs An XMSS_Address.
163  * @param public_seed The public public_seed.
164  **/
166  const secure_vector<uint8_t>& msg,
167  const wots_keysig_t& sig,
168  XMSS_Address& adrs,
169  const secure_vector<uint8_t>& public_seed)
170  : m_wots_params(oid),
171  m_hash(m_wots_params.hash_function_name()),
172  m_key(pub_key_from_signature(msg,
173  sig,
174  adrs,
175  public_seed)),
176  m_public_seed(public_seed)
177  {}
178 
179  /**
180  * Retrieves the i-th element out of the length len chain of
181  * n-byte elements contained in the public key.
182  *
183  * @param i index of the element.
184  * @returns n-byte element addressed by i.
185  **/
186  const secure_vector<uint8_t>& operator[](size_t i) const { return m_key[i]; }
187  secure_vector<uint8_t>& operator[](size_t i) { return m_key[i]; }
188 
189  /**
190  * Convert the key into the raw key data. The key becomes a length
191  * len vector of n-byte elements.
192  **/
193  operator const wots_keysig_t& () const { return m_key; }
194 
195  /**
196  * Convert the key into the raw key data. The key becomes a length
197  * len vector of n-byte elements.
198  **/
199  operator wots_keysig_t& () { return m_key; }
200 
201  const secure_vector<uint8_t>& public_seed() const { return m_public_seed; }
202 
203  secure_vector<uint8_t>& public_seed() { return m_public_seed; }
204 
205  void set_public_seed(const secure_vector<uint8_t>& public_seed)
206  {
207  m_public_seed = public_seed;
208  }
209 
211  {
212  m_public_seed = std::move(public_seed);
213  }
214 
215  const wots_keysig_t& key_data() const { return m_key; }
216 
217  wots_keysig_t& key_data() { return m_key; }
218 
219  void set_key_data(const wots_keysig_t& key_data)
220  {
221  m_key = key_data;
222  }
223 
224  void set_key_data(wots_keysig_t&& key_data)
225  {
226  m_key = std::move(key_data);
227  }
228 
230  {
231  return m_wots_params;
232  }
233 
234  virtual std::string algo_name() const override
235  {
236  return m_wots_params.name();
237  }
238 
239  virtual AlgorithmIdentifier algorithm_identifier() const override
240  {
241  throw Not_Implemented("No AlgorithmIdentifier available for XMSS-WOTS.");
242  }
243 
244  virtual bool check_key(RandomNumberGenerator&, bool) const override
245  {
246  return true;
247  }
248 
249  virtual std::unique_ptr<PK_Ops::Verification>
250  create_verification_op(const std::string&,
251  const std::string& provider) const override;
252 
253  virtual size_t estimated_strength() const override
254  {
255  return m_wots_params.estimated_strength();
256  }
257 
258  virtual size_t key_length() const override
259  {
260  return m_wots_params.estimated_strength();
261  }
262 
263  virtual std::vector<uint8_t> public_key_bits() const override
264  {
265  throw Not_Implemented("No key format defined for XMSS-WOTS");
266  }
267 
269  {
270  return m_key == key.m_key;
271  }
272 
274  {
275  return !(*this == key);
276  }
277 
278  protected:
279  /**
280  * Algorithm 2: Chaining Function.
281  *
282  * Takes an n-byte input string and transforms it into a the function
283  * result iterating the cryptographic hash function "F" steps times on
284  * the input x using the outputs of the PRNG "G".
285  *
286  *
287  * @param[out] x An n-byte input string, that will be transformed into
288  * the chaining function result.
289  * @param start_idx The start index.
290  * @param steps A number of steps.
291  * @param adrs An OTS Hash Address.
292  * @param public_seed A public seed.
293  *
294  **/
295  void chain(secure_vector<uint8_t>& x,
296  size_t start_idx,
297  size_t steps,
298  XMSS_Address& adrs,
299  const secure_vector<uint8_t>& public_seed);
300 
303 
304  wots_keysig_t m_key;
306 
307  private:
308  /**
309  * Algorithm 6: "WOTS_pkFromSig"
310  * Computes a Winternitz One Time Signature+ public key from a message and
311  * its signature.
312  *
313  * @param msg A message.
314  * @param sig The signature for msg.
315  * @param adrs An address.
316  * @param public_seed A public_seed.
317  *
318  * @return Temporary WOTS+ public key.
319  **/
320  wots_keysig_t pub_key_from_signature(
321  const secure_vector<uint8_t>& msg,
322  const wots_keysig_t& sig,
323  XMSS_Address& adrs,
324  const secure_vector<uint8_t>& public_seed);
325  };
326 
327 }
328 
329 #endif
virtual bool check_key(RandomNumberGenerator &, bool) const override
TreeSignature(wots_keysig_t &&ots_sig, wots_keysig_t &&auth_path)
virtual AlgorithmIdentifier algorithm_identifier() const override
void set_public_seed(secure_vector< uint8_t > &&public_seed)
void set_public_seed(const secure_vector< uint8_t > &public_seed)
TreeSignature(const wots_keysig_t &ots_sig, const wots_keysig_t &auth_path)
secure_vector< uint8_t > & public_seed()
secure_vector< uint8_t > m_public_seed
Definition: bigint.h:619
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, secure_vector< uint8_t > public_seed)
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &msg, const wots_keysig_t &sig, XMSS_Address &adrs, const secure_vector< uint8_t > &public_seed)
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, RandomNumberGenerator &rng)
const secure_vector< uint8_t > & public_seed() const
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:121
const wots_keysig_t & ots_signature() const
virtual size_t key_length() const override
secure_vector< uint8_t > & operator[](size_t i)
virtual std::vector< uint8_t > public_key_bits() const override
virtual std::string algo_name() const override
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid)
const secure_vector< uint8_t > & operator[](size_t i) const
bool operator!=(const XMSS_WOTS_PublicKey &key)
Definition: alg_id.cpp:13
std::vector< secure_vector< uint8_t > > wots_keysig_t
void set_key_data(const wots_keysig_t &key_data)
const XMSS_WOTS_Parameters & wots_parameters() const
bool operator==(const XMSS_WOTS_PublicKey &key)
void set_key_data(wots_keysig_t &&key_data)
std::unique_ptr< HashFunction > m_hash
Definition: tpm.cpp:439
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, secure_vector< uint8_t > &&public_seed, wots_keysig_t &&key)
const TPM_PrivateKey & m_key
Definition: tpm.cpp:438
virtual size_t estimated_strength() const override
const wots_keysig_t & key_data() const
XMSS_WOTS_PublicKey(XMSS_WOTS_Parameters::ots_algorithm_t oid, const secure_vector< uint8_t > &public_seed, const wots_keysig_t &key)
XMSS_WOTS_Parameters m_wots_params
const wots_keysig_t & authentication_path() const