Merge pull request #3821 from randombit/pl/stateful_keys

Add Private_Key::remaining_operations()
randombit · Dec 6, 2023 · b7c737f · b7c737f
2 parents 6a6ba96 + 096382c
commit b7c737f
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 5 deletions.
diff --git a/src/lib/pubkey/pk_keys.h b/src/lib/pubkey/pk_keys.h
@@ -11,6 +11,8 @@
 #include <botan/asn1_obj.h>
 #include <botan/pk_ops_fwd.h>
 #include <botan/secmem.h>
+
+#include <optional>
 #include <span>
 #include <string>
 #include <string_view>
@@ -288,6 +290,13 @@ class BOTAN_PUBLIC_API(2, 0) Private_Key : public virtual Public_Key {
       */
       virtual bool stateful_operation() const { return false; }
 
+      /**
+       * @brief Retrieves the number of remaining operations if this is a stateful private key.
+       *
+       * @returns the number of remaining operations or std::nullopt if not applicable.
+       */
+      virtual std::optional<uint64_t> remaining_operations() const { return std::nullopt; }
+
       // Internal or non-public declarations follow
 
       /**

diff --git a/src/lib/pubkey/xmss/xmss.h b/src/lib/pubkey/xmss/xmss.h
@@ -221,14 +221,17 @@ class BOTAN_PUBLIC_API(2, 0) XMSS_PrivateKey final : public virtual XMSS_PublicK
        *
        * @return Index of the last unused leaf.
        **/
-      BOTAN_DEPRECATED("Use remaining_signatures()")
+      BOTAN_DEPRECATED("Use remaining_operations()")
       size_t unused_leaf_index() const;
 
       /**
        * Retrieves the number of remaining signatures for this private key.
        */
+      BOTAN_DEPRECATED("Use remaining_operations()")
       size_t remaining_signatures() const;
 
+      std::optional<uint64_t> remaining_operations() const override;
+
       std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator&,
                                                              std::string_view,
                                                              std::string_view provider) const override;

diff --git a/src/lib/pubkey/xmss/xmss_privatekey.cpp b/src/lib/pubkey/xmss/xmss_privatekey.cpp
@@ -409,6 +409,10 @@ size_t XMSS_PrivateKey::remaining_signatures() const {
    return m_private->remaining_signatures();
 }
 
+std::optional<uint64_t> XMSS_PrivateKey::remaining_operations() const {
+   return m_private->remaining_signatures();
+}
+
 const secure_vector<uint8_t>& XMSS_PrivateKey::prf_value() const {
    return m_private->prf_value();
 }

diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp
@@ -803,6 +803,13 @@ class PK_API_Sign_Test : public Text_Based_Test {
          result.confirm("public key claims to support signatures",
                         pubkey->supports_operation(Botan::PublicKeyOperation::Signature));
          result.test_gt("Public key length must be greater than 0", privkey->key_length(), 0);
+         if(privkey->stateful_operation()) {
+            result.confirm("A stateful key reports the number of remaining operations",
+                           privkey->remaining_operations().has_value());
+         } else {
+            result.confirm("A stateless key has an unlimited number of remaining operations",
+                           !privkey->remaining_operations().has_value());
+         }
 
          auto signer = std::make_unique<Botan::PK_Signer>(
             *privkey, Test::rng(), sig_params, Botan::Signature_Format::Standard, provider);

diff --git a/src/tests/test_xmss.cpp b/src/tests/test_xmss.cpp
@@ -148,11 +148,11 @@ std::vector<Test::Result> xmss_statefulness() {
    return {CHECK("signing alters state",
                  [&](auto& result) {
                     Botan::XMSS_PrivateKey sk(Botan::XMSS_Parameters::XMSS_SHA2_10_256, Test::rng());
-                    result.require("allows 1024 signatures", sk.remaining_signatures() == 1024);
+                    result.require("allows 1024 signatures", sk.remaining_operations() == 1024);
 
                     sign_something(sk);
 
-                    result.require("allows 1023 signatures", sk.remaining_signatures() == 1023);
+                    result.require("allows 1023 signatures", sk.remaining_operations() == 1023);
                  }),
 
            CHECK("state can become exhausted", [&](auto& result) {
@@ -163,11 +163,11 @@ std::vector<Test::Result> xmss_statefulness() {
                  "19DA96E9C8EE4E28C2078441A76B6BB8BAFD358F67FBCBFC559B55C37C01FFADBB118099759EEB"
                  "A3B07643F73BCB4AAC546E244B57782D6BEABC");
               Botan::XMSS_PrivateKey sk(skbytes);
-              result.require("allow one last signature", sk.remaining_signatures() == 1);
+              result.require("allow one last signature", sk.remaining_operations() == 1);
 
               sign_something(sk);
 
-              result.require("allow no more signatures", sk.remaining_signatures() == 0);
+              result.require("allow no more signatures", sk.remaining_operations() == 0);
               result.test_throws("no more signing", [&] { sign_something(sk); });
            })};
 }