Merge pull request #133 from dorssel/ephemeral

Refactor ephemeral keys

Author: dorssel

.github/linters/.mega-linter.yml

@@ -21,7 +21,6 @@ DISABLE_LINTERS:
   - CSHARP_ROSLYNATOR # Not compatible with .NET 8 (yet)
   - JSON_V8R # Too many missing/obsolete schemas
   - REPOSITORY_TRIVY # Unstable, leading to a lot of build failures
-  - MARKDOWN_MARKDOWN_LINK_CHECK # TODO: remove once repository goes public
 SHOW_ELAPSED_TIME: true
 FILEIO_REPORTER: false
 # DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass

Documentation/index.md

@@ -8,6 +8,7 @@ SPDX-License-Identifier: MIT
 
 ## Under construction
 
+<!-- markdown-link-check-disable-next-line -->
 Already available: [XMSS WebAssembly Demo](wasm-example/).
 
 > [!NOTE]

Examples/ConsoleApp/Program.cs

@@ -35,7 +35,7 @@ static async Task Main()
             Console.WriteLine("Generating new key...");
 
             using var xmss = new Xmss();
-            xmss.GeneratePrivateKey(new XmssEphemeralStateManager(), XmssParameterSet.XMSS_SHA2_10_256, false);
+            xmss.GeneratePrivateKey(null, XmssParameterSet.XMSS_SHA2_10_256, false);
             {
                 // this is special for XMSS, a long-running (cancelable) process
 

UnitTests/UnitTests/CalculateTests.cs

@@ -9,6 +9,27 @@ namespace UnitTests;
 [TestClass]
 sealed class CalculateTests
 {
+    [TestMethod]
+    public async Task CalculatePublicKeyAsync_Ephemeral_AndSign()
+    {
+        using var xmss = new Xmss();
+
+        Assert.IsFalse(xmss.HasPrivateKey);
+        Assert.IsFalse(xmss.HasPublicKey);
+
+        xmss.GeneratePrivateKey(null, XmssParameterSet.XMSS_SHA2_10_256, true);
+
+        Assert.IsTrue(xmss.HasPrivateKey);
+        Assert.IsFalse(xmss.HasPublicKey);
+
+        await xmss.CalculatePublicKeyAsync();
+
+        Assert.IsTrue(xmss.HasPrivateKey);
+        Assert.IsTrue(xmss.HasPublicKey);
+
+        _ = xmss.Sign([1, 2, 3]);
+    }
+
     [TestMethod]
     public async Task CalculatePublicKeyAsync_AndImport()
     {

UnitTests/UnitTests/GenerateTests.cs

@@ -29,6 +29,20 @@ public void GeneratePrivateKey(XmssParameterSet parameterSet)
         Assert.IsFalse(xmss.HasPublicKey);
     }
 
+    [TestMethod]
+    public void GeneratePrivateKey_Ephemeral()
+    {
+        using var xmss = new Xmss();
+
+        Assert.IsFalse(xmss.HasPrivateKey);
+        Assert.IsFalse(xmss.HasPublicKey);
+
+        xmss.GeneratePrivateKey(null, XmssParameterSet.XMSS_SHA2_10_256, false);
+
+        Assert.IsTrue(xmss.HasPrivateKey);
+        Assert.IsFalse(xmss.HasPublicKey);
+    }
+
     [TestMethod]
     public void GeneratePrivateKey_AfterPrivateKey()
     {

UnitTests/UnitTests/PartitionTests.cs

@@ -46,6 +46,18 @@ public void SplitPrivateKey()
         Assert.AreEqual(oldRemaining - 100, xmss.SignaturesRemaining);
     }
 
+    [TestMethod]
+    public void SplitPrivateKey_Ephemeral()
+    {
+        using var xmss = new Xmss();
+        xmss.GeneratePrivateKey(null, XmssParameterSet.XMSS_SHA2_10_256, false);
+
+        Assert.ThrowsException<InvalidOperationException>(() =>
+        {
+            xmss.SplitPrivateKey(new MockStateManager(), 100);
+        });
+    }
+
     [TestMethod]
     public void SplitPrivateKey_WithPublic()
     {
@@ -332,6 +344,24 @@ public void MergePartition()
         }
     }
 
+    [TestMethod]
+    public void MergePartition_Ephemeral()
+    {
+        var stateManager = new MockStateManager();
+        {
+            using var tmpXmss = new Xmss();
+            tmpXmss.GeneratePrivateKey(stateManager, XmssParameterSet.XMSS_SHA2_10_256, false);
+        }
+
+        using var xmss = new Xmss();
+        xmss.GeneratePrivateKey(null, XmssParameterSet.XMSS_SHA2_10_256, false);
+
+        Assert.ThrowsException<InvalidOperationException>(() =>
+        {
+            xmss.MergePartition(stateManager);
+        });
+    }
+
     [TestMethod]
     public void MergePartition_DeleteFails()
     {

UnitTests/UnitTests/XmssEphemeralStateManagerTests.cs

@@ -6,13 +6,13 @@
 
 namespace Dorssel.Security.Cryptography;
 
-sealed class XmssPrivateKey(StateManagerWrapper wrappedStateManager) : IDisposable
+sealed class PrivateKey(WrappedStateManager wrappedStateManager) : IDisposable
 {
-    readonly StateManagerWrapper _WrappedStateManager = wrappedStateManager;
+    readonly WrappedStateManager _WrappedStateManager = wrappedStateManager;
     readonly CriticalXmssKeyContextHandle _KeyContext = new();
     readonly CriticalXmssPrivateKeyStatefulBlobHandle _StatefulBlob = new();
 
-    public IXmssStateManager WrappedStateManager
+    public WrappedStateManager WrappedStateManager
     {
         get
         {

Xmss/XmssPrivateKey.cs renamed to Xmss/PrivateKey.cs

@@ -4,13 +4,18 @@
 
 namespace Dorssel.Security.Cryptography;
 
-sealed class StateManagerWrapper(IXmssStateManager stateManager)
+sealed class WrappedStateManager(IXmssStateManager? stateManager)
     : IXmssStateManager
 {
-    readonly IXmssStateManager StateManager = stateManager;
+    readonly IXmssStateManager? StateManager = stateManager;
 
     public void Store(XmssKeyPart part, ReadOnlySpan<byte> data)
     {
+        if (StateManager is null)
+        {
+            // ephemeral key
+            return;
+        }
         try
         {
             StateManager.Store(part, data);
@@ -23,6 +28,11 @@ public void Store(XmssKeyPart part, ReadOnlySpan<byte> data)
 
     public void StoreStatefulPart(ReadOnlySpan<byte> expected, ReadOnlySpan<byte> data)
     {
+        if (StateManager is null)
+        {
+            // ephemeral key
+            return;
+        }
         try
         {
             StateManager.StoreStatefulPart(expected, data);
@@ -37,6 +47,11 @@ public void Load(XmssKeyPart part, Span<byte> destination)
     {
         try
         {
+            if (StateManager is null)
+            {
+                // ephemeral key
+                throw new NotImplementedException();
+            }
             StateManager.Load(part, destination);
         }
         catch (Exception ex)
@@ -47,6 +62,11 @@ public void Load(XmssKeyPart part, Span<byte> destination)
 
     public void DeletePublicPart()
     {
+        if (StateManager is null)
+        {
+            // ephemeral key
+            return;
+        }
         try
         {
             StateManager.DeletePublicPart();
@@ -59,6 +79,11 @@ public void DeletePublicPart()
 
     public void Purge()
     {
+        if (StateManager is null)
+        {
+            // ephemeral key
+            return;
+        }
         try
         {
             StateManager.Purge();
@@ -80,4 +105,12 @@ public void PurgeAfterFailure(Exception exception)
             throw new AggregateException(exception, ex2);
         }
     }
+
+    public void ThrowIfEphemeralKey()
+    {
+        if (StateManager is null)
+        {
+            throw new InvalidOperationException("Ephemeral keys do not support partitioning.");
+        }
+    }
 }

Xmss/StateManagerWrapper.cs renamed to Xmss/WrappedStateManager.cs

@@ -96,7 +96,7 @@ public static void RegisterWithCryptoConfig()
     public XmssParameterSet ParameterSet { get; private set; } = XmssParameterSet.None;
 
     bool IsDisposed;
-    XmssPrivateKey? PrivateKey;
+    PrivateKey? PrivateKey;
     XmssPublicKey PublicKey;
 
     void ResetState()
@@ -167,7 +167,7 @@ void ThrowIfNoPublicKey()
     #endregion
 
     #region Private Key
-    static void VerifyNoPrivateState(StateManagerWrapper wrappedStateManager)
+    static void VerifyNoPrivateState(WrappedStateManager wrappedStateManager)
     {
         var partExists = false;
 
@@ -202,13 +202,11 @@ static void VerifyNoPrivateState(StateManagerWrapper wrappedStateManager)
     /// <param name="stateManager">TODO</param>
     /// <param name="parameterSet">TODO</param>
     /// <param name="enableIndexObfuscation">TODO</param>
-    public void GeneratePrivateKey(IXmssStateManager stateManager, XmssParameterSet parameterSet, bool enableIndexObfuscation)
+    public void GeneratePrivateKey(IXmssStateManager? stateManager, XmssParameterSet parameterSet, bool enableIndexObfuscation)
     {
-        ArgumentNullException.ThrowIfNull(stateManager);
-
         ObjectDisposedException.ThrowIf(IsDisposed, this);
 
-        var wrappedStateManager = new StateManagerWrapper(stateManager);
+        var wrappedStateManager = new WrappedStateManager(stateManager);
 
         // Step 1: Verify that no (possibly valid) private parts exist for the new state.
 
@@ -282,7 +280,7 @@ public void ImportPrivateKey(IXmssStateManager stateManager)
         ArgumentNullException.ThrowIfNull(stateManager);
         ObjectDisposedException.ThrowIf(IsDisposed, this);
 
-        var wrappedStateManager = new StateManagerWrapper(stateManager);
+        var wrappedStateManager = new WrappedStateManager(stateManager);
 
         XmssError result;
 
@@ -360,8 +358,9 @@ public void SplitPrivateKey(IXmssStateManager newPartition, int newPartitionSize
 
         ObjectDisposedException.ThrowIf(IsDisposed, this);
         ThrowIfNoPrivateKey();
+        PrivateKey.WrappedStateManager.ThrowIfEphemeralKey();
 
-        var wrappedNewPartition = new StateManagerWrapper(newPartition);
+        var wrappedNewPartition = new WrappedStateManager(newPartition);
 
         // Step 1: Verify that no (possibly valid) private parts exist for the new state.
 
@@ -457,8 +456,9 @@ public void MergePartition(IXmssStateManager consumedPartition)
 
         ObjectDisposedException.ThrowIf(IsDisposed, this);
         ThrowIfNoPrivateKey();
+        PrivateKey.WrappedStateManager.ThrowIfEphemeralKey();
 
-        var wrappedConsumedPartition = new StateManagerWrapper(consumedPartition);
+        var wrappedConsumedPartition = new WrappedStateManager(consumedPartition);
 
         using var consumedKeyStatefulBlob = CriticalXmssPrivateKeyStatefulBlobHandle.Alloc();
         wrappedConsumedPartition.Load(XmssKeyPart.PrivateStateful, consumedKeyStatefulBlob.Data);