Added Extended Hash-Based Signatures (XMSS)

[1] XMSS: Extended Hash-Based Signatures,
    draft-itrf-cfrg-xmss-hash-based-signatures-06
    Release: July 2016.
    https://datatracker.ietf.org/doc/
    draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1

Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations
for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has
been integrated into the Botan test bench, signature generation and verification
can be tested independently by invoking "botan-test xmss_sign" and
"botan-test xmss_verify"

- Some headers that are not required to be exposed to users of the library have
  to be declared as public in `info.txt`. Declaring those headers private will
  cause the amalgamation build to fail. The following headers have been
  declared public inside `info.txt`, even though they are only intended for
  internal use:
    * atomic.h
    * xmss_hash.h
    * xmss_index_registry.h
    * xmss_address.h
    * xmss_common_ops.h
    * xmss_tools.h
    * xmss_wots_parameters.h
    * xmss_wots_privatekey.h
    * xmss_wots_publickey.h

- XMSS_Verification_Operation Requires the "randomness" parameter out of the
  XMSS signature. "Randomness" is part of the prefix that is hashed *before*
  the message. Since the signature is unknown till sign() is called, all
  message content has to be buffered. For large messages this can be
  inconvenient or impossible.

  **Possible solution**: Change PK_Ops::Verification interface to take
  the signature as constructor argument, and provide a setter method to be able
  to update reuse the instance on multiple signatures. Make sign a parameterless
  member call. This solution requires interface changes in botan.

  **Suggested workaround** for signing large messages is to not sign the message
  itself, but to precompute the message hash manually using Botan::HashFunctio
  and sign the message hash instead of the message itself.

- Some of the available test vectors for the XMSS signature verification have
  been commented out in order to reduce testbench runtime.

1 files changed, 52 insertions, 0 deletions

diff --git a/src/lib/pubkey/xmss/xmss_key_pair.h b/src/lib/pubkey/xmss/xmss_key_pair.h
new file mode 100644
index 000000000..4d86f1766
--- /dev/null
+++ b/src/lib/pubkey/xmss/xmss_key_pair.h
@@ -0,0 +1,52 @@
+/**
+ * XMSS Key Pair
+ * (C) 2016 Matthias Gierlings
+ *
+ * Botan is released under the Simplified BSD License (see license.txt)
+ **/
+
+#ifndef BOTAN_XMSS_KEY_PAIR_H__
+#define BOTAN_XMSS_KEY_PAIR_H__
+
+#include <botan/botan.h>
+#include <botan/rng.h>
+#include <botan/xmss_parameters.h>
+#include <botan/xmss_wots_parameters.h>
+#include <botan/xmss_publickey.h>
+#include <botan/xmss_privatekey.h>
+
+namespace Botan {
+
+/**
+ * A pair of XMSS public and private key.
+ **/
+class BOTAN_DLL XMSS_Key_Pair
+   {
+   public:
+      XMSS_Key_Pair(XMSS_Parameters::xmss_algorithm_t xmss_oid,
+                    RandomNumberGenerator& rng)
+         : m_priv_key(xmss_oid, rng), m_pub_key(m_priv_key) {}
+
+      XMSS_Key_Pair(const XMSS_PublicKey& pub_key,
+                    const XMSS_PrivateKey& priv_key)
+         : m_priv_key(priv_key), m_pub_key(pub_key)
+         {}
+
+      XMSS_Key_Pair(XMSS_PublicKey&& pub_key,
+                    XMSS_PrivateKey&& priv_key)
+         : m_priv_key(std::move(priv_key)), m_pub_key(std::move(pub_key)) {}
+
+      const XMSS_PublicKey& public_key() const { return m_pub_key; }
+      XMSS_PublicKey& public_key() { return m_pub_key; }
+
+      const XMSS_PrivateKey& private_key() const { return m_priv_key; }
+      XMSS_PrivateKey& private_key() { return m_priv_key; }
+
+   private:
+      XMSS_PrivateKey m_priv_key;
+      XMSS_PublicKey m_pub_key;
+   };
+
+}
+
+#endif