Botan 2.19.3
Crypto and TLS for C&
Public Member Functions | Protected Attributes | List of all members
Botan::XMSS_PublicKey Class Reference

#include <xmss.h>

Inheritance diagram for Botan::XMSS_PublicKey:
Botan::Public_Key Botan::XMSS_PrivateKey

Public Member Functions

std::string algo_name () const override
 
AlgorithmIdentifier algorithm_identifier () const override
 
bool check_key (RandomNumberGenerator &, bool) const override
 
virtual std::unique_ptr< PK_Ops::Encryptioncreate_encryption_op (RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
 
virtual std::unique_ptr< PK_Ops::KEM_Encryptioncreate_kem_encryption_op (RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
 
std::unique_ptr< PK_Ops::Verificationcreate_verification_op (const std::string &, const std::string &provider) const override
 
virtual Signature_Format default_x509_signature_format () const
 
size_t estimated_strength () const override
 
std::string fingerprint_public (const std::string &alg="SHA-256") const
 
virtual OID get_oid () const
 
size_t key_length () const override
 
virtual size_t message_part_size () const
 
virtual size_t message_parts () const
 
std::vector< uint8_t > public_key_bits () const override
 
virtual secure_vector< uint8_t > & public_seed ()
 
virtual const secure_vector< uint8_t > & public_seed () const
 
virtual std::vector< uint8_t > raw_public_key () const
 
secure_vector< uint8_t > & root ()
 
const secure_vector< uint8_t > & root () const
 
virtual void set_public_seed (const secure_vector< uint8_t > &public_seed)
 
virtual void set_public_seed (secure_vector< uint8_t > &&public_seed)
 
void set_root (const secure_vector< uint8_t > &root)
 
void set_root (secure_vector< uint8_t > &&root)
 
void set_xmss_oid (XMSS_Parameters::xmss_algorithm_t xmss_oid)
 
virtual size_t size () const
 
std::vector< uint8_t > subject_public_key () const
 
XMSS_WOTS_Parameters::ots_algorithm_t wots_oid () const
 
const XMSS_WOTS_Parameterswots_parameters () const
 
std::string xmss_hash_function () const
 
XMSS_Parameters::xmss_algorithm_t xmss_oid () const
 
const XMSS_Parametersxmss_parameters () const
 
 XMSS_PublicKey (const std::vector< uint8_t > &key_bits)
 
 XMSS_PublicKey (XMSS_Parameters::xmss_algorithm_t xmss_oid, const secure_vector< uint8_t > &root, const secure_vector< uint8_t > &public_seed)
 
 XMSS_PublicKey (XMSS_Parameters::xmss_algorithm_t xmss_oid, RandomNumberGenerator &rng)
 
 XMSS_PublicKey (XMSS_Parameters::xmss_algorithm_t xmss_oid, secure_vector< uint8_t > &&root, secure_vector< uint8_t > &&public_seed)
 

Protected Attributes

secure_vector< uint8_t > m_public_seed
 
std::vector< uint8_t > m_raw_key
 
secure_vector< uint8_t > m_root
 
XMSS_WOTS_Parameters m_wots_params
 
XMSS_Parameters m_xmss_params
 

Detailed Description

An XMSS: Extended Hash-Based Signature public key.

[1] XMSS: Extended Hash-Based Signatures, Request for Comments: 8391 Release: May 2018. https://datatracker.ietf.org/doc/rfc8391/

Definition at line 30 of file xmss.h.

Constructor & Destructor Documentation

◆ XMSS_PublicKey() [1/4]

Botan::XMSS_PublicKey::XMSS_PublicKey ( XMSS_Parameters::xmss_algorithm_t  xmss_oid,
RandomNumberGenerator rng 
)

Creates a new XMSS public key for the chosen XMSS signature method. New public and prf seeds are generated using rng. The appropriate WOTS signature method will be automatically set based on the chosen XMSS signature method.

Parameters
xmss_oidIdentifier for the selected XMSS signature method.
rngA random number generator to use for key generation.

Definition at line 44 of file xmss_publickey.cpp.

49 {}
XMSS_WOTS_Parameters::ots_algorithm_t ots_oid() const
size_t element_size() const
secure_vector< uint8_t > m_root
Definition xmss.h:247
secure_vector< uint8_t > m_public_seed
Definition xmss.h:248
XMSS_Parameters m_xmss_params
Definition xmss.h:245
XMSS_Parameters::xmss_algorithm_t xmss_oid() const
Definition xmss.h:88
XMSS_WOTS_Parameters m_wots_params
Definition xmss.h:246

◆ XMSS_PublicKey() [2/4]

Botan::XMSS_PublicKey::XMSS_PublicKey ( const std::vector< uint8_t > &  key_bits)

Loads a public key.

Public key must be encoded as in RFC draft-vangeest-x509-hash-sigs-03.

Parameters
key_bitsDER encoded public key bits

Definition at line 51 of file xmss_publickey.cpp.

52 : m_raw_key(extract_raw_key(key_bits)),
53 m_xmss_params(XMSS_PublicKey::deserialize_xmss_oid(m_raw_key)),
55 {
56 if(m_raw_key.size() < XMSS_PublicKey::size())
57 {
58 throw Decoding_Error("Invalid XMSS public key size detected");
59 }
60
61 // extract & copy root from raw key
62 m_root.clear();
64 auto begin = m_raw_key.begin() + sizeof(uint32_t);
65 auto end = begin + m_xmss_params.element_size();
66 std::copy(begin, end, std::back_inserter(m_root));
67
68 // extract & copy public seed from raw key
69 begin = end;
70 end = begin + m_xmss_params.element_size();
71 m_public_seed.clear();
73 std::copy(begin, end, std::back_inserter(m_public_seed));
74 }
std::vector< uint8_t > m_raw_key
Definition xmss.h:244
virtual size_t size() const
Definition xmss.h:229

References Botan::XMSS_Parameters::element_size(), m_public_seed, m_raw_key, m_root, m_xmss_params, and size().

◆ XMSS_PublicKey() [3/4]

Botan::XMSS_PublicKey::XMSS_PublicKey ( XMSS_Parameters::xmss_algorithm_t  xmss_oid,
const secure_vector< uint8_t > &  root,
const secure_vector< uint8_t > &  public_seed 
)
inline

Creates a new XMSS public key for a chosen XMSS signature method as well as pre-computed root node and public_seed values.

Parameters
xmss_oidIdentifier for the selected XMSS signature method.
rootRoot node value.
public_seedPublic seed value.

Definition at line 63 of file xmss.h.

virtual secure_vector< uint8_t > & public_seed()
Definition xmss.h:166
secure_vector< uint8_t > & root()
Definition xmss.h:146

◆ XMSS_PublicKey() [4/4]

Botan::XMSS_PublicKey::XMSS_PublicKey ( XMSS_Parameters::xmss_algorithm_t  xmss_oid,
secure_vector< uint8_t > &&  root,
secure_vector< uint8_t > &&  public_seed 
)
inline

Creates a new XMSS public key for a chosen XMSS signature method as well as pre-computed root node and public_seed values.

Parameters
xmss_oidIdentifier for the selected XMSS signature method.
rootRoot node value.
public_seedPublic seed value.

Definition at line 77 of file xmss.h.

Member Function Documentation

◆ algo_name()

std::string Botan::XMSS_PublicKey::algo_name ( ) const
inlineoverridevirtual

Get the name of the underlying public key scheme.

Returns
name of the public key scheme

Implements Botan::Public_Key.

Definition at line 186 of file xmss.h.

187 {
188 return "XMSS";
189 }

Referenced by Botan::XMSS_PrivateKey::create_signature_op(), and create_verification_op().

◆ algorithm_identifier()

AlgorithmIdentifier Botan::XMSS_PublicKey::algorithm_identifier ( ) const
inlineoverridevirtual
Returns
X.509 AlgorithmIdentifier for this key

Implements Botan::Public_Key.

Definition at line 191 of file xmss.h.

192 {
193 return AlgorithmIdentifier(get_oid(), AlgorithmIdentifier::USE_EMPTY_PARAM);
194 }
virtual OID get_oid() const
Definition pk_keys.cpp:53

◆ check_key()

bool Botan::XMSS_PublicKey::check_key ( RandomNumberGenerator rng,
bool  strong 
) const
inlineoverridevirtual

Test the key values for consistency.

Parameters
rngrng to use
strongwhether to perform strong and lengthy version of the test
Returns
true if the test is passed

Implements Botan::Public_Key.

Definition at line 196 of file xmss.h.

197 {
198 return true;
199 }

◆ create_encryption_op()

std::unique_ptr< PK_Ops::Encryption > Botan::Public_Key::create_encryption_op ( RandomNumberGenerator rng,
const std::string &  params,
const std::string &  provider 
) const
virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return an encryption operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented in Botan::ElGamal_PublicKey, Botan::RSA_PublicKey, and Botan::SM2_PublicKey.

Definition at line 91 of file pk_keys.cpp.

94 {
95 throw Lookup_Error(algo_name() + " does not support encryption");
96 }
virtual std::string algo_name() const =0

References Botan::Public_Key::algo_name().

Referenced by Botan::PK_Encryptor_EME::PK_Encryptor_EME().

◆ create_kem_encryption_op()

std::unique_ptr< PK_Ops::KEM_Encryption > Botan::Public_Key::create_kem_encryption_op ( RandomNumberGenerator rng,
const std::string &  params,
const std::string &  provider 
) const
virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a KEM encryption operation for this key/params or throw

Parameters
rnga random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
paramsadditional parameters
providerthe provider to use

Reimplemented in Botan::McEliece_PublicKey, and Botan::RSA_PublicKey.

Definition at line 99 of file pk_keys.cpp.

102 {
103 throw Lookup_Error(algo_name() + " does not support KEM encryption");
104 }

References Botan::Public_Key::algo_name().

Referenced by Botan::PK_KEM_Encryptor::PK_KEM_Encryptor().

◆ create_verification_op()

std::unique_ptr< PK_Ops::Verification > Botan::XMSS_PublicKey::create_verification_op ( const std::string &  params,
const std::string &  provider 
) const
overridevirtual

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a verification operation for this key/params or throw

Parameters
paramsadditional parameters
providerthe provider to use

Reimplemented from Botan::Public_Key.

Definition at line 93 of file xmss_publickey.cpp.

95 {
96 if(provider == "base" || provider.empty())
97 {
98 return std::unique_ptr<PK_Ops::Verification>(
99 new XMSS_Verification_Operation(*this));
100 }
101 throw Provider_Not_Found(algo_name(), provider);
102 }
std::string algo_name() const override
Definition xmss.h:186

References algo_name().

◆ default_x509_signature_format()

virtual Signature_Format Botan::Public_Key::default_x509_signature_format ( ) const
inlinevirtualinherited

Reimplemented in Botan::GOST_3410_PublicKey.

Definition at line 125 of file pk_keys.h.

126 {
127 return (this->message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
128 }
virtual size_t message_parts() const
Definition pk_keys.h:112
@ DER_SEQUENCE
Definition pk_keys.h:23
@ IEEE_1363
Definition pk_keys.h:23

References Botan::DER_SEQUENCE, and Botan::IEEE_1363.

Referenced by Botan::X509_Object::choose_sig_format(), and Botan::X509_Object::verify_signature().

◆ estimated_strength()

size_t Botan::XMSS_PublicKey::estimated_strength ( ) const
inlineoverridevirtual

Return the estimated strength of the underlying key against the best currently known attack. Note that this ignores anything but pure attacks against the key itself and do not take into account padding schemes, usage mistakes, etc which might reduce the strength. However it does suffice to provide an upper bound.

Returns
estimated strength in bits

Implements Botan::Public_Key.

Definition at line 205 of file xmss.h.

206 {
208 }
size_t estimated_strength() const

◆ fingerprint_public()

std::string Botan::Public_Key::fingerprint_public ( const std::string &  alg = "SHA-256") const
inherited
Returns
Hash of the subject public key

Definition at line 77 of file pk_keys.cpp.

78 {
80 }
std::vector< uint8_t > subject_public_key() const
Definition pk_keys.cpp:38
std::string create_hex_fingerprint(const uint8_t bits[], size_t bits_len, const std::string &hash_name)
Definition pk_keys.cpp:17
AlgorithmIdentifier hash_algo
Definition x509_obj.cpp:22

References Botan::create_hex_fingerprint(), hash_algo, and Botan::Public_Key::subject_public_key().

◆ get_oid()

OID Botan::Public_Key::get_oid ( ) const
virtualinherited

◆ key_length()

size_t Botan::XMSS_PublicKey::key_length ( ) const
inlineoverridevirtual

Return an integer value best approximating the length of the primary security parameter. For example for RSA this will be the size of the modulus, for ECDSA the size of the ECC group, and for McEliece the size of the code will be returned.

Implements Botan::Public_Key.

Definition at line 210 of file xmss.h.

211 {
213 }

◆ message_part_size()

virtual size_t Botan::Public_Key::message_part_size ( ) const
inlinevirtualinherited

Returns how large each of the message parts refered to by message_parts() is

This function is public but applications should have few reasons to ever call this.

Returns
size of the message parts in bits

Reimplemented in Botan::DSA_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::GOST_3410_PublicKey, and Botan::SM2_PublicKey.

Definition at line 123 of file pk_keys.h.

123{ return 0; }

Referenced by Botan::PK_Signer::PK_Signer(), and Botan::PK_Verifier::PK_Verifier().

◆ message_parts()

virtual size_t Botan::Public_Key::message_parts ( ) const
inlinevirtualinherited

Returns more than 1 if the output of this algorithm (ciphertext, signature) should be treated as more than one value. This is used for algorithms like DSA and ECDSA, where the (r,s) output pair can be encoded as either a plain binary list or a TLV tagged DER encoding depending on the protocol.

This function is public but applications should have few reasons to ever call this.

Returns
number of message parts

Reimplemented in Botan::DSA_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::GOST_3410_PublicKey, and Botan::SM2_PublicKey.

Definition at line 112 of file pk_keys.h.

112{ return 1; }

Referenced by Botan::PK_Signer::PK_Signer(), and Botan::PK_Verifier::PK_Verifier().

◆ public_key_bits()

std::vector< uint8_t > Botan::XMSS_PublicKey::public_key_bits ( ) const
overridevirtual

Returns the encoded public key as defined in RFC draft-vangeest-x509-hash-sigs-03.

Returns
encoded public key bits

Implements Botan::Public_Key.

Definition at line 122 of file xmss_publickey.cpp.

123 {
124 std::vector<uint8_t> output;
125 DER_Encoder(output).encode(raw_public_key(), OCTET_STRING);
126 return output;
127 }
virtual std::vector< uint8_t > raw_public_key() const
@ OCTET_STRING
Definition asn1_obj.h:38

References Botan::DER_Encoder::encode(), Botan::OCTET_STRING, and raw_public_key().

◆ public_seed() [1/2]

virtual secure_vector< uint8_t > & Botan::XMSS_PublicKey::public_seed ( )
inlinevirtual

Definition at line 166 of file xmss.h.

167 {
168 return m_public_seed;
169 }

◆ public_seed() [2/2]

virtual const secure_vector< uint8_t > & Botan::XMSS_PublicKey::public_seed ( ) const
inlinevirtual

Reimplemented in Botan::XMSS_PrivateKey.

Definition at line 181 of file xmss.h.

182 {
183 return m_public_seed;
184 }

◆ raw_public_key()

std::vector< uint8_t > Botan::XMSS_PublicKey::raw_public_key ( ) const
virtual

Generates a byte sequence representing the XMSS public key, as defined in [1] (p. 23, "XMSS Public Key")

Returns
4-byte OID, followed by n-byte root node, followed by public seed.

Definition at line 104 of file xmss_publickey.cpp.

105 {
106 std::vector<uint8_t> result
107 {
108 static_cast<uint8_t>(m_xmss_params.oid() >> 24),
109 static_cast<uint8_t>(m_xmss_params.oid() >> 16),
110 static_cast<uint8_t>(m_xmss_params.oid() >> 8),
111 static_cast<uint8_t>(m_xmss_params.oid())
112 };
113
114 std::copy(m_root.begin(), m_root.end(), std::back_inserter(result));
115 std::copy(m_public_seed.begin(),
116 m_public_seed.end(),
117 std::back_inserter(result));
118
119 return result;
120 }
xmss_algorithm_t oid() const

References m_public_seed, m_root, m_xmss_params, and Botan::XMSS_Parameters::oid().

Referenced by public_key_bits(), and Botan::XMSS_PrivateKey::raw_private_key().

◆ root() [1/2]

secure_vector< uint8_t > & Botan::XMSS_PublicKey::root ( )
inline

Definition at line 146 of file xmss.h.

147 {
148 return m_root;
149 }

◆ root() [2/2]

const secure_vector< uint8_t > & Botan::XMSS_PublicKey::root ( ) const
inline

Definition at line 161 of file xmss.h.

162 {
163 return m_root;
164 }

◆ set_public_seed() [1/2]

virtual void Botan::XMSS_PublicKey::set_public_seed ( const secure_vector< uint8_t > &  public_seed)
inlinevirtual

Reimplemented in Botan::XMSS_PrivateKey.

Definition at line 171 of file xmss.h.

172 {
174 }

◆ set_public_seed() [2/2]

virtual void Botan::XMSS_PublicKey::set_public_seed ( secure_vector< uint8_t > &&  public_seed)
inlinevirtual

Reimplemented in Botan::XMSS_PrivateKey.

Definition at line 176 of file xmss.h.

177 {
178 m_public_seed = std::move(public_seed);
179 }

◆ set_root() [1/2]

void Botan::XMSS_PublicKey::set_root ( const secure_vector< uint8_t > &  root)
inline

Definition at line 151 of file xmss.h.

152 {
153 m_root = root;
154 }

Referenced by Botan::XMSS_PrivateKey::XMSS_PrivateKey().

◆ set_root() [2/2]

void Botan::XMSS_PublicKey::set_root ( secure_vector< uint8_t > &&  root)
inline

Definition at line 156 of file xmss.h.

157 {
158 m_root = std::move(root);
159 }

◆ set_xmss_oid()

void Botan::XMSS_PublicKey::set_xmss_oid ( XMSS_Parameters::xmss_algorithm_t  xmss_oid)
inline

Sets the chosen XMSS signature method

Definition at line 96 of file xmss.h.

97 {
98 m_xmss_params = XMSS_Parameters(xmss_oid);
99 m_wots_params = XMSS_WOTS_Parameters(m_xmss_params.ots_oid());
100 }

◆ size()

virtual size_t Botan::XMSS_PublicKey::size ( ) const
inlinevirtual

Size in bytes of the serialized XMSS public key produced by raw_public_key().

Returns
size in bytes of serialized Public Key.

Reimplemented in Botan::XMSS_PrivateKey.

Definition at line 229 of file xmss.h.

230 {
231 return sizeof(uint32_t) + 2 * m_xmss_params.element_size();
232 }

Referenced by Botan::XMSS_PrivateKey::XMSS_PrivateKey(), and XMSS_PublicKey().

◆ subject_public_key()

std::vector< uint8_t > Botan::Public_Key::subject_public_key ( ) const
inherited
Returns
X.509 subject key encoding for this key object

Definition at line 38 of file pk_keys.cpp.

39 {
40 std::vector<uint8_t> output;
41
42 DER_Encoder(output).start_cons(SEQUENCE)
43 .encode(algorithm_identifier())
44 .encode(public_key_bits(), BIT_STRING)
45 .end_cons();
46
47 return output;
48 }
virtual AlgorithmIdentifier algorithm_identifier() const =0
virtual std::vector< uint8_t > public_key_bits() const =0
@ BIT_STRING
Definition asn1_obj.h:37
@ SEQUENCE
Definition asn1_obj.h:42

References Botan::Public_Key::algorithm_identifier(), Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Public_Key::public_key_bits(), Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().

Referenced by Botan::X509::BER_encode(), Botan::PKCS10_Request::create(), Botan::Public_Key::fingerprint_public(), and Botan::X509::PEM_encode().

◆ wots_oid()

XMSS_WOTS_Parameters::ots_algorithm_t Botan::XMSS_PublicKey::wots_oid ( ) const
inline

Retrieves the Winternitz One Time Signature (WOTS) method, corresponding to the chosen XMSS signature method.

Returns
XMSS WOTS signature method identifier.

Definition at line 130 of file xmss.h.

131 {
132 return m_wots_params.oid();
133 }
ots_algorithm_t oid() const
Definition xmss_wots.h:103

◆ wots_parameters()

const XMSS_WOTS_Parameters & Botan::XMSS_PublicKey::wots_parameters ( ) const
inline

Retrieves the Winternitz One Time Signature (WOTS) parameters corresponding to the chosen XMSS signature method.

Returns
XMSS WOTS signature method parameters.

Definition at line 141 of file xmss.h.

142 {
143 return m_wots_params;
144 }

◆ xmss_hash_function()

std::string Botan::XMSS_PublicKey::xmss_hash_function ( ) const
inline

Retrieves the XMSS parameters determined by the chosen XMSS Signature method.

Returns
XMSS parameters.

Definition at line 119 of file xmss.h.

120 {
122 }
const std::string & hash_function_name() const

◆ xmss_oid()

XMSS_Parameters::xmss_algorithm_t Botan::XMSS_PublicKey::xmss_oid ( ) const
inline

Retrieves the chosen XMSS signature method.

Returns
XMSS signature method identifier.

Definition at line 88 of file xmss.h.

89 {
90 return m_xmss_params.oid();
91 }

◆ xmss_parameters()

const XMSS_Parameters & Botan::XMSS_PublicKey::xmss_parameters ( ) const
inline

Retrieves the XMSS parameters determined by the chosen XMSS Signature method.

Returns
XMSS parameters.

Definition at line 108 of file xmss.h.

109 {
110 return m_xmss_params;
111 }

Referenced by Botan::XMSS_Verification_Operation::is_valid_signature().

Member Data Documentation

◆ m_public_seed

secure_vector<uint8_t> Botan::XMSS_PublicKey::m_public_seed
protected

Definition at line 248 of file xmss.h.

Referenced by raw_public_key(), and XMSS_PublicKey().

◆ m_raw_key

std::vector<uint8_t> Botan::XMSS_PublicKey::m_raw_key
protected

Definition at line 244 of file xmss.h.

Referenced by XMSS_PublicKey().

◆ m_root

secure_vector<uint8_t> Botan::XMSS_PublicKey::m_root
protected

Definition at line 247 of file xmss.h.

Referenced by raw_public_key(), and XMSS_PublicKey().

◆ m_wots_params

XMSS_WOTS_Parameters Botan::XMSS_PublicKey::m_wots_params
protected

Definition at line 246 of file xmss.h.

Referenced by Botan::XMSS_PrivateKey::XMSS_PrivateKey().

◆ m_xmss_params

XMSS_Parameters Botan::XMSS_PublicKey::m_xmss_params
protected

The documentation for this class was generated from the following files: