/
cmce_keys_internal.h
206 lines (180 loc) · 7.39 KB
/
cmce_keys_internal.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
/*
* Classic McEliece key generation with Internal Private and Public Key classes
* (C) 2023 Jack Lloyd
* 2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
**/
#ifndef BOTAN_CMCE_KEYS_INTERNAL_H_
#define BOTAN_CMCE_KEYS_INTERNAL_H_
#include <botan/internal/cmce_field_ordering.h>
#include <botan/internal/cmce_matrix.h>
#include <botan/internal/cmce_parameters.h>
#include <botan/internal/cmce_poly.h>
#include <botan/internal/cmce_types.h>
namespace Botan {
class Classic_McEliece_PrivateKeyInternal;
/**
* @brief Representation of a Classic McEliece public key.
*
* This class represents a Classic McEliece public key. It is used internally by the Classic McEliece
* public key class and contains the following data:
* - The Classic McEliece parameters
* - The public key matrix
*/
class BOTAN_TEST_API Classic_McEliece_PublicKeyInternal {
public:
/**
* @brief Construct a Classic McEliece public key.
*
* @param params The Classic McEliece parameters
* @param matrix The public key matrix
*/
Classic_McEliece_PublicKeyInternal(const Classic_McEliece_Parameters& params, Classic_McEliece_Matrix matrix) :
m_params(params), m_matrix(std::move(matrix)) {
BOTAN_ASSERT_NOMSG(m_matrix.bytes().size() == m_params.pk_size_bytes());
}
/**
* @brief Create a Classic McEliece public key from a private key.
*
* Create the matrix from the private key values. Expects that the private key is valid, i.e.
* the matrix creation works.
*
* @param sk The private key
* @return The public key as a shared pointer
*/
static std::shared_ptr<Classic_McEliece_PublicKeyInternal> create_from_private_key(
const Classic_McEliece_PrivateKeyInternal& sk);
/**
* @brief Serializes the Classic McEliece public key as defined in Classic McEliece ISO Section 9.2.7.
*/
std::vector<uint8_t> serialize() const { return m_matrix.bytes(); }
/**
* @brief The Classic McEliece matrix.
*/
const Classic_McEliece_Matrix& matrix() const { return m_matrix; }
/**
* @brief The Classic McEliece parameters.
*/
const Classic_McEliece_Parameters& params() const { return m_params; }
private:
Classic_McEliece_Parameters m_params;
Classic_McEliece_Matrix m_matrix;
};
/**
* @brief Representation of a Classic McEliece private key.
*
* This class represents a Classic McEliece private key. It is used internally by the Classic McEliece
* private key class and contains the following data (see Classic McEliece ISO Section 9.2.12):
* - The Classic McEliece parameters
* - The seed delta
* - The column selection pivot vector c
* - The minimal polynomial g
* - The field ordering alpha
* - The seed s for implicit rejection
*/
class BOTAN_TEST_API Classic_McEliece_PrivateKeyInternal {
public:
/**
* @brief Construct a Classic McEliece private key.
*
* @param params The Classic McEliece parameters
* @param delta The seed delta
* @param c The column selection pivot vector c
* @param g The minimal polynomial g
* @param alpha The field ordering alpha
* @param s The seed s for implicit rejection
*/
Classic_McEliece_PrivateKeyInternal(const Classic_McEliece_Parameters& params,
CmceKeyGenSeed delta,
CmceColumnSelection c,
Classic_McEliece_Minimal_Polynomial g,
Classic_McEliece_Field_Ordering alpha,
CmceRejectionSeed s) :
m_params(params),
m_delta(std::move(delta)),
m_c(std::move(c)),
m_g(std::move(g)),
m_field_ordering(std::move(alpha)),
m_s(std::move(s)) {}
/**
* @brief Parses a Classic McEliece private key from a byte sequence.
*
* It also creates the field ordering from the control bits in @p sk_bytes.
*
* @param params The Classic McEliece parameters
* @param sk_bytes The secret key byte sequence
* @return the Classic McEliece private key
*/
static Classic_McEliece_PrivateKeyInternal from_bytes(const Classic_McEliece_Parameters& params,
std::span<const uint8_t> sk_bytes);
/**
* @brief Serializes the Classic McEliece private key as defined in Classic McEliece ISO Section 9.2.12.
*
* @return the serialized Classic McEliece private key
*/
secure_vector<uint8_t> serialize() const;
/**
* @brief The seed delta that was used to create the private key.
*/
const CmceKeyGenSeed& delta() const { return m_delta; }
/**
* @brief The column selection pivot vector c as defined in Classic McEliece ISO Section 9.2.11.
*/
const CmceColumnSelection& c() const { return m_c; }
/**
* @brief The minimal polynomial g.
*/
const Classic_McEliece_Minimal_Polynomial& g() const { return m_g; }
/**
* @brief The field ordering alpha.
*/
const Classic_McEliece_Field_Ordering& field_ordering() const { return m_field_ordering; }
/**
* @brief The seed s for implicit rejection on decryption failure.
*/
const CmceRejectionSeed& s() const { return m_s; }
/**
* @brief The Classic McEliece parameters.
*/
const Classic_McEliece_Parameters& params() const { return m_params; }
/**
* @brief Checks the private key for consistency with the first component delta, i.e.,
* recomputes s as a hash of delta and checks equivalence with sk.s, checks the weight of c,
* and checks the control bits. It also recomputes beta based on delta and recomputes g based on beta,
* checking that g is equal to the value sk.s
*
* See NIST Impl. guide 6.3 Double-Checks on Private Keys.
*/
bool check_key() const;
private:
Classic_McEliece_Parameters m_params;
CmceKeyGenSeed m_delta;
CmceColumnSelection m_c;
Classic_McEliece_Minimal_Polynomial m_g;
Classic_McEliece_Field_Ordering m_field_ordering;
CmceRejectionSeed m_s;
};
/**
* @brief Representation of a Classic McEliece key pair.
*/
struct BOTAN_TEST_API Classic_McEliece_KeyPair_Internal {
std::shared_ptr<Classic_McEliece_PrivateKeyInternal> private_key;
std::shared_ptr<Classic_McEliece_PublicKeyInternal> public_key;
/**
* @brief Generate a Classic McEliece key pair using the algorithm described
* in Classic McEliece ISO Section 8.3
*/
static Classic_McEliece_KeyPair_Internal generate(const Classic_McEliece_Parameters& params,
StrongSpan<const CmceInitialSeed> seed);
/**
* @brief Decompose the key pair into a pair of shared pointers to the private and public key.
*/
std::pair<std::shared_ptr<Classic_McEliece_PrivateKeyInternal>,
std::shared_ptr<Classic_McEliece_PublicKeyInternal>>
decompose_to_pair() && {
return {std::move(private_key), std::move(public_key)};
}
};
} // namespace Botan
#endif // BOTAN_CMCE_KEYS_INTERNAL_H_