botan icon indicating copy to clipboard operation
botan copied to clipboard

Published 20 hours ago verified publisher icon randombit

Improve API of asymmetric algorithms

Open reneme opened this issue 2 years ago • 2 comments

This is a collection of potential API improvements found in #3609.

  • [ ] Parameter consistency for generic key handling functions (pk_algs.h) The generic function create_private_key() takes string-typed algo_name and algo_params to identify the algorithm (see also #3275). In contrast load_{public/private}_key() requires an AlgorithmIdentifier object. This is inconvenient, as it requires the user to find a way to translate between the two.
  • [x] New method: Public_Key::raw_public_key_bits() (https://github.com/randombit/botan/pull/3985) Currently, we provide public_key_bits() ("BER encoded public key bits") and subject_public_key() ("X.509 subject key encoding"). Especially the new PQC algorithms seem to converge on their own (concat-based) encodings. Key agreement public keys could make this an alias for PK_Key_Agreement_Key::public_value(). Other keys might treat raw_public_key_bits() as an alias for the existing public_key_bits().
  • [x] New method: std::unique_ptr<Private_Key> Public_Key::generate_another(RNG&) (https://github.com/randombit/botan/pull/3770) ... to generically generate an equivalent new key pair with the same algorithm (and configuration) as the public key at hand. Use case: Mapping a KEM interface using a Key Agreement algorithm. The abstract "Encaps()" function needs ::generate_another() to conveniently create an ephemeral keypair without knowledge about the exact underlying algorithm.
  • [x] New method: std::optional<uint64_t> Private_Key::remaining_operations() const (https://github.com/randombit/botan/pull/3821) LMS and XMSS both have stateful operation, but there is no generic way to detect how many operations remain on a key. The proposed method should return nullopt for non-stateful algorithms, otherwise the remaining number of valid usages. [1]
  • [ ] (to be discussed) Internal static access to algorithm parameters Allow accessing algorithm parameters (such as "shared key length", ...) statically. This would simplify some internal implementations that statically know which algorithm they are going to deal with. That might be useful not just for asym algos but in general (1, 2). For instance to avoid magic number such as: https://github.com/randombit/botan/pull/3933#discussion_r1522881729

reneme avatar Sep 19 '23 07:09 reneme

Another one: LMS and XMSS both have stateful operation, but there is no generic way to detect how many operations remain on a key. I think the fix here is fairly easy, add std::optional<uint64_t> remaining_operations() const on Private_Key which returns nullopt for non-stateful algorithms.

randombit avatar Oct 05 '23 11:10 randombit

For the record, here's an example of the hoops one needs to jump through to load a private key that is not wrapped in PKCS#8: https://github.com/randombit/botan/discussions/3902#discussioncomment-8476815.

reneme avatar Feb 15 '24 09:02 reneme