An HSS/LMS private key. More...

#include <hss_lms.h>

Inheritance diagram for Botan::HSS_LMS_PrivateKey:

Public Member Functions
std::string	algo_name () const override

AlgorithmIdentifier	algorithm_identifier () const override

bool	check_key (RandomNumberGenerator &rng, bool strong) const override

virtual std::unique_ptr< PK_Ops::Decryption >	create_decryption_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const

virtual std::unique_ptr< PK_Ops::Encryption >	create_encryption_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const

virtual std::unique_ptr< PK_Ops::KEM_Decryption >	create_kem_decryption_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const

virtual std::unique_ptr< PK_Ops::KEM_Encryption >	create_kem_encryption_op (std::string_view params, std::string_view provider) const

virtual std::unique_ptr< PK_Ops::Key_Agreement >	create_key_agreement_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const

std::unique_ptr< PK_Ops::Signature >	create_signature_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override

std::unique_ptr< PK_Ops::Verification >	create_verification_op (std::string_view params, std::string_view provider) const override

std::unique_ptr< PK_Ops::Verification >	create_x509_verification_op (const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const override

virtual Signature_Format	default_x509_signature_format () const

size_t	estimated_strength () const override

std::string	fingerprint_private (std::string_view alg) const

std::string	fingerprint_public (std::string_view alg="SHA-256") const

std::unique_ptr< Private_Key >	generate_another (RandomNumberGenerator &rng) const override

virtual const BigInt &	get_int_field (std::string_view field) const

OID	get_oid () const

	HSS_LMS_PrivateKey (RandomNumberGenerator &rng, std::string_view algo_params)
	Construct a new hss lms privatekey object.

	HSS_LMS_PrivateKey (std::span< const uint8_t > private_key_bytes)
	Load an existing LMS private key using its bytes.

size_t	key_length () const override

virtual size_t	message_part_size () const

virtual size_t	message_parts () const

OID	object_identifier () const override

AlgorithmIdentifier	pkcs8_algorithm_identifier () const override

secure_vector< uint8_t >	private_key_bits () const override

secure_vector< uint8_t >	private_key_info () const

std::unique_ptr< Public_Key >	public_key () const override

std::vector< uint8_t >	public_key_bits () const override

secure_vector< uint8_t >	raw_private_key_bits () const override

std::vector< uint8_t >	raw_public_key_bits () const override

std::optional< uint64_t >	remaining_operations () const override

bool	stateful_operation () const override

std::vector< uint8_t >	subject_public_key () const

bool	supports_operation (PublicKeyOperation op) const override

	~HSS_LMS_PrivateKey () override

Protected Attributes
std::shared_ptr< HSS_LMS_PublicKeyInternal >	m_public

Detailed Description

An HSS/LMS private key.

HSS/LMS is a statefule hash-based signature scheme. This means the private key must be (securely) updated after using it for signing. Also, there is a maximal number of signatures that can be created using one HSS/LMS key pair, which depends on the number and size of LMS layers of the chosen HSS/LMS instance. For the selection of a sensible parameter set, refer to RFC 8554 6.4.

The format of the HSS/LMS private key is not defined in RFC 8554. We use the following format (big endian):

PrivateKey = u32str(L) || u64str(idx) || u32str(LMS algorithm id (root layer)) || u32str(LMOTS algorithm id (root layer)) || ... || u32str(LMS algorithm id (bottom layer)) || u32str(LMOTS algorithm id (bottom layer)) || HSS_SEED || HSS_Identifier

L: Number of LMS layers Idx: Number of signatures already created using this private key HSS_SEED: Seed to derive LMS Seeds (see RFC 8554 Appendix A) like in SECRET_METHOD 2 of https://github.com/cisco/hash-sigs. As long as the hash functions output length. HSS_Identifier: 16 bytes long.

The HSS/LMS instance to use for creating new keys is defined using an algorithm parameter sting, i.e. to define which hash function (hash), LMS tree height (h) and OTS Winternitz coefficient widths (w) to use. The syntax is the following:

HSS-LMS(<hash>,HW(<h>,<w>),HW(<h>,<w>),...)

e.g. 'HSS-LMS(SHA-256,HW(5,1),HW(5,1))' to use SHA-256 in a two-layer HSS instance with a LMS tree hights 5 and w=1. The following parameters are allowed (which are specified in RFC 8554 and draft-fluhrer-lms-more-parm-sets-11):

hash: 'SHA-256', 'Truncated(SHA-256,192)', 'SHAKE-256(256)', SHAKE-256(192) h: '5', '10', '15', '20', '25' w: '1', '2', '4', '8'

Note: The selected hash function is also used for seed derivation.

Definition at line 116 of file hss_lms.h.

Constructor & Destructor Documentation

◆ HSS_LMS_PrivateKey() [1/2]

Botan::HSS_LMS_PrivateKey::HSS_LMS_PrivateKey ( std::span< const uint8_t > private_key_bytes )

Load an existing LMS private key using its bytes.

Definition at line 117 of file hss_lms.cpp.

                                                                         {
   m_private = HSS_LMS_PrivateKeyInternal::from_bytes_or_throw(private_key);
   auto scope = CT::scoped_poison(*m_private);
   m_public = std::make_shared<HSS_LMS_PublicKeyInternal>(HSS_LMS_PublicKeyInternal::create(*m_private));
   CT::unpoison(*m_public);
}

References Botan::HSS_LMS_PublicKeyInternal::create(), Botan::HSS_LMS_PrivateKeyInternal::from_bytes_or_throw(), Botan::HSS_LMS_PublicKey::m_public, Botan::CT::scoped_poison(), and Botan::CT::unpoison().

Referenced by generate_another().

◆ HSS_LMS_PrivateKey() [2/2]

Botan::HSS_LMS_PrivateKey::HSS_LMS_PrivateKey	(	RandomNumberGenerator &	rng,
		std::string_view	algo_params )

Construct a new hss lms privatekey object.

Parameters

rng	random number generator
algo_params	string is format 'HSS-LMS(<hash>,HW(<h>,<w>),HW(<h>,<w>),...)'

Definition at line 124 of file hss_lms.cpp.

                                                                                             {
   HSS_LMS_Params hss_params(algo_params);
   m_private = std::make_shared<HSS_LMS_PrivateKeyInternal>(hss_params, rng);
   auto scope = CT::scoped_poison(*m_private);
   m_public = std::make_shared<HSS_LMS_PublicKeyInternal>(HSS_LMS_PublicKeyInternal::create(*m_private));
   CT::unpoison(*m_public);
}

References Botan::HSS_LMS_PublicKeyInternal::create(), Botan::HSS_LMS_PublicKey::m_public, Botan::CT::scoped_poison(), and Botan::CT::unpoison().

◆ ~HSS_LMS_PrivateKey()

Botan::HSS_LMS_PrivateKey::~HSS_LMS_PrivateKey ( )

overridedefault

Member Function Documentation

◆ algo_name()

std::string Botan::HSS_LMS_PublicKey::algo_name ( ) const

overridevirtualinherited

Get the name of the underlying public key scheme.

Returns: name of the public key scheme

Implements Botan::Asymmetric_Key.

Definition at line 34 of file hss_lms.cpp.

                                             {
   return m_public->algo_name();
}

References Botan::HSS_LMS_PublicKey::m_public.

Referenced by create_signature_op(), Botan::HSS_LMS_PublicKey::create_verification_op(), and Botan::HSS_LMS_PublicKey::create_x509_verification_op().

◆ algorithm_identifier()

AlgorithmIdentifier Botan::HSS_LMS_PublicKey::algorithm_identifier ( ) const

overridevirtualinherited

Returns: X.509 AlgorithmIdentifier for this key

Implements Botan::Public_Key.

Definition at line 38 of file hss_lms.cpp.

                                                                  {
   return m_public->algorithm_identifier();
}

References Botan::HSS_LMS_PublicKey::m_public.

Referenced by Botan::HSS_LMS_PublicKey::create_x509_verification_op().

◆ check_key()

bool Botan::HSS_LMS_PublicKey::check_key	(	RandomNumberGenerator &	rng,
		bool	strong ) const

overridevirtualinherited

Implements Botan::Public_Key.

Definition at line 46 of file hss_lms.cpp.

                                                                    {
   // Nothing to check. Only useful checks are already done during parsing.
   return true;
}

◆ create_decryption_op()

std::unique_ptr< PK_Ops::Decryption > Botan::Private_Key::create_decryption_op	(	RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

virtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return an decryption operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented in Botan::ElGamal_PrivateKey, Botan::RSA_PrivateKey, Botan::SM2_PrivateKey, and Botan::TPM2::RSA_PrivateKey.

Definition at line 111 of file pk_keys.cpp.

                                                                                              {
   throw Lookup_Error(fmt("{} does not support decryption", algo_name()));
}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_Decryptor_EME::PK_Decryptor_EME().

◆ create_encryption_op()

std::unique_ptr< PK_Ops::Encryption > Botan::Public_Key::create_encryption_op	(	RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return an encryption operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented in Botan::ElGamal_PublicKey, Botan::RSA_PublicKey, Botan::SM2_PublicKey, and Botan::TPM2::RSA_PublicKey.

Definition at line 90 of file pk_keys.cpp.

                                                                                             {
   throw Lookup_Error(fmt("{} does not support encryption", algo_name()));
}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_Encryptor_EME::PK_Encryptor_EME().

◆ create_kem_decryption_op()

std::unique_ptr< PK_Ops::KEM_Decryption > Botan::Private_Key::create_kem_decryption_op	(	RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

virtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a KEM decryption operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented in Botan::FrodoKEM_PrivateKey, Botan::Kyber_PrivateKey, Botan::McEliece_PrivateKey, Botan::RSA_PrivateKey, Botan::TLS::Hybrid_KEM_PrivateKey, and Botan::TLS::KEX_to_KEM_Adapter_PrivateKey.

Definition at line 117 of file pk_keys.cpp.

                                                                                                      {
   throw Lookup_Error(fmt("{} does not support KEM decryption", algo_name()));
}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_KEM_Decryptor::PK_KEM_Decryptor().

◆ create_kem_encryption_op()

std::unique_ptr< PK_Ops::KEM_Encryption > Botan::Public_Key::create_kem_encryption_op	(	std::string_view	params,
		std::string_view	provider ) const

virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a KEM encryption operation for this key/params or throw

Parameters

params	additional parameters
provider	the provider to use

Reimplemented in Botan::FrodoKEM_PublicKey, Botan::Kyber_PublicKey, Botan::McEliece_PublicKey, Botan::RSA_PublicKey, Botan::TLS::Hybrid_KEM_PublicKey, and Botan::TLS::KEX_to_KEM_Adapter_PublicKey.

Definition at line 96 of file pk_keys.cpp.

                                                                                                     {
   throw Lookup_Error(fmt("{} does not support KEM encryption", algo_name()));
}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_KEM_Encryptor::PK_KEM_Encryptor().

◆ create_key_agreement_op()

std::unique_ptr< PK_Ops::Key_Agreement > Botan::Private_Key::create_key_agreement_op	(	RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

virtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a key agreement operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented in Botan::DH_PrivateKey, Botan::ECDH_PrivateKey, Botan::X25519_PrivateKey, and Botan::X448_PrivateKey.

Definition at line 129 of file pk_keys.cpp.

                                                                                                    {
   throw Lookup_Error(fmt("{} does not support key agreement", algo_name()));
}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_Key_Agreement::PK_Key_Agreement().

◆ create_signature_op()

std::unique_ptr< PK_Ops::Signature > Botan::HSS_LMS_PrivateKey::create_signature_op	(	RandomNumberGenerator &	rng,
		std::string_view	params,
		std::string_view	provider ) const

overridevirtual

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a signature operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented from Botan::Private_Key.

Definition at line 198 of file hss_lms.cpp.

                                                                                                          {
   BOTAN_UNUSED(rng);
   BOTAN_ARG_CHECK(params.empty(), "Unexpected parameters for signing with HSS-LMS");
 
   if(provider.empty() || provider == "base") {
      return std::make_unique<HSS_LMS_Signature_Operation>(m_private, m_public);
   }
   throw Provider_Not_Found(algo_name(), provider);
}

References Botan::HSS_LMS_PublicKey::algo_name(), BOTAN_ARG_CHECK, BOTAN_UNUSED, and Botan::HSS_LMS_PublicKey::m_public.

◆ create_verification_op()

std::unique_ptr< PK_Ops::Verification > Botan::HSS_LMS_PublicKey::create_verification_op	(	std::string_view	params,
		std::string_view	provider ) const

overridevirtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a verification operation for this key/params or throw

Parameters

params	additional parameters
provider	the provider to use

Reimplemented from Botan::Public_Key.

Definition at line 88 of file hss_lms.cpp.

                                                                                                               {
   if(provider.empty() || provider == "base") {
      return std::make_unique<HSS_LMS_Verification_Operation>(m_public);
   }
   throw Provider_Not_Found(algo_name(), provider);
}

References Botan::HSS_LMS_PublicKey::algo_name(), and Botan::HSS_LMS_PublicKey::m_public.

◆ create_x509_verification_op()

std::unique_ptr< PK_Ops::Verification > Botan::HSS_LMS_PublicKey::create_x509_verification_op	(	const AlgorithmIdentifier &	signature_algorithm,
		std::string_view	provider ) const

overridevirtualinherited

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a verification operation for this combination of key and signature algorithm or throw.

Parameters

signature_algorithm	is the X.509 algorithm identifier encoding the padding scheme and hash hash function used in the signature if applicable.
provider	the provider to use

Reimplemented from Botan::Public_Key.

Definition at line 96 of file hss_lms.cpp.

                                                                                  {
   if(provider.empty() || provider == "base") {
      if(signature_algorithm != this->algorithm_identifier()) {
         throw Decoding_Error("Unexpected AlgorithmIdentifier for HSS-LMS signature");
      }
      return std::make_unique<HSS_LMS_Verification_Operation>(m_public);
   }
   throw Provider_Not_Found(algo_name(), provider);
}

References Botan::HSS_LMS_PublicKey::algo_name(), Botan::HSS_LMS_PublicKey::algorithm_identifier(), and Botan::HSS_LMS_PublicKey::m_public.

◆ default_x509_signature_format()

virtual Signature_Format Botan::Public_Key::default_x509_signature_format ( ) const

inlinevirtualinherited

Reimplemented in Botan::GOST_3410_PublicKey.

Definition at line 201 of file pk_keys.h.

                                                                     {
         return (this->message_parts() >= 2) ? Signature_Format::DerSequence : Signature_Format::Standard;
      }

Referenced by Botan::X509_Object::choose_sig_format(), and Botan::PK_Verifier::PK_Verifier().

◆ estimated_strength()

size_t Botan::HSS_LMS_PublicKey::estimated_strength ( ) const

overridevirtualinherited

Return the estimated strength of the underlying key against the best currently known attack. Note that this ignores anything but pure attacks against the key itself and do not take into account padding schemes, usage mistakes, etc which might reduce the strength. However it does suffice to provide an upper bound.

Returns: estimated strength in bits

Implements Botan::Asymmetric_Key.

Definition at line 26 of file hss_lms.cpp.

                                                   {
   // draft-fluhrer-lms-more-parm-sets-11 Section 9.
   //   As shown in [Katz16], if we assume that the hash function can be
   //   modeled as a random oracle, then the security of the system is at
   //   least 8N-1 bits (where N is the size of the hash output in bytes);
   return 8 * m_public->lms_pub_key().lms_params().m() - 1;
}

References Botan::HSS_LMS_PublicKey::m_public.

◆ fingerprint_private()

std::string Botan::Private_Key::fingerprint_private ( std::string_view alg ) const

inherited

Returns: Hash of the PKCS #8 encoding for this key object

Definition at line 86 of file pk_keys.cpp.

                                                                         {
   return create_hex_fingerprint(private_key_bits(), hash_algo);
}

References Botan::create_hex_fingerprint(), and Botan::Private_Key::private_key_bits().

Referenced by Botan::Certificate_Store_In_SQL::find_certs_for_key(), Botan::Certificate_Store_In_SQL::insert_key(), and Botan::Certificate_Store_In_SQL::remove_key().

◆ fingerprint_public()

std::string Botan::Public_Key::fingerprint_public ( std::string_view alg = "SHA-256" ) const

inherited

Returns: Hash of the subject public key

Definition at line 79 of file pk_keys.cpp.

                                                                       {
   return create_hex_fingerprint(subject_public_key(), hash_algo);
}

References Botan::create_hex_fingerprint(), and Botan::Public_Key::subject_public_key().

◆ generate_another()

std::unique_ptr< Private_Key > Botan::HSS_LMS_PrivateKey::generate_another ( RandomNumberGenerator & rng ) const

overridevirtual

Generate another (cryptographically independent) key pair using the same algorithm parameters as this key. This is most useful for algorithms that support PublicKeyOperation::KeyAgreement to generate a fitting ephemeral key pair. For other key types it might throw Not_Implemented.

Implements Botan::Asymmetric_Key.

Definition at line 164 of file hss_lms.cpp.

                                                                                                {
   // Cannot use std::make_unique because the utilized constructor is private.
   return std::unique_ptr<HSS_LMS_PrivateKey>(
      new HSS_LMS_PrivateKey(std::make_shared<HSS_LMS_PrivateKeyInternal>(m_private->hss_params(), rng)));
}

References HSS_LMS_PrivateKey().

◆ get_int_field()

const BigInt & Botan::Asymmetric_Key::get_int_field ( std::string_view field ) const

virtualinherited

Access an algorithm specific field

If the field is not known for this algorithm, an Invalid_Argument is thrown. The interpretation of the result requires knowledge of which algorithm is involved. For instance for RSA "p" represents one of the secret primes, while for DSA "p" is the public prime.

Some algorithms may not implement this method at all.

This is primarily used to implement the FFI botan_pubkey_get_field and botan_privkey_get_field functions.

Reimplemented in Botan::DH_PrivateKey, Botan::DH_PublicKey, Botan::DSA_PrivateKey, Botan::DSA_PublicKey, Botan::EC_PrivateKey, Botan::EC_PublicKey, Botan::ElGamal_PrivateKey, Botan::ElGamal_PublicKey, Botan::RSA_PrivateKey, and Botan::RSA_PublicKey.

Definition at line 18 of file pk_keys.cpp.

                                                                      {
   throw Unknown_PK_Field_Name(algo_name(), field);
}

References Botan::Asymmetric_Key::algo_name().

Referenced by Botan::EC_PublicKey::get_int_field(), and Botan::RSA_PublicKey::get_int_field().

◆ get_oid()

OID Botan::Public_Key::get_oid ( ) const

inlineinherited

Deprecated version of object_identifier

Definition at line 132 of file pk_keys.h.

132{ return this->object_identifier(); }

Botan::Asymmetric_Key::object_identifier

virtual OID object_identifier() const

Definition pk_keys.cpp:22

◆ key_length()

size_t Botan::HSS_LMS_PublicKey::key_length ( ) const

overridevirtualinherited

Return an integer value best approximating the length of the primary security parameter. For example for RSA this will be the size of the modulus, for ECDSA the size of the ECC group, and for McEliece the size of the code will be returned.

Implements Botan::Public_Key.

Definition at line 22 of file hss_lms.cpp.

                                           {
   return m_public->size();
}

References Botan::HSS_LMS_PublicKey::m_public.

◆ message_part_size()

virtual size_t Botan::Public_Key::message_part_size ( ) const

inlinevirtualinherited

Returns how large each of the message parts refered to by message_parts() is

This function is public but applications should have few reasons to ever call this.

Returns: size of the message parts in bits

Reimplemented in Botan::DSA_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::GOST_3410_PublicKey, and Botan::SM2_PublicKey.

Definition at line 199 of file pk_keys.h.

199{ return 0; }

Referenced by Botan::PK_Signer::PK_Signer(), Botan::PK_Verifier::PK_Verifier(), and Botan::PK_Verifier::PK_Verifier().

◆ message_parts()

virtual size_t Botan::Public_Key::message_parts ( ) const

inlinevirtualinherited

Returns more than 1 if the output of this algorithm (ciphertext, signature) should be treated as more than one value. This is used for algorithms like DSA and ECDSA, where the (r,s) output pair can be encoded as either a plain binary list or a TLV tagged DER encoding depending on the protocol.

This function is public but applications should have few reasons to ever call this.

Returns: number of message parts

Reimplemented in Botan::DSA_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::GOST_3410_PublicKey, and Botan::SM2_PublicKey.

Definition at line 188 of file pk_keys.h.

188{ return 1; }

Referenced by Botan::PK_Signer::PK_Signer(), Botan::PK_Verifier::PK_Verifier(), and Botan::PK_Verifier::PK_Verifier().

◆ object_identifier()

OID Botan::HSS_LMS_PublicKey::object_identifier ( ) const

overridevirtualinherited

Get the OID of the underlying public key scheme.

Returns: OID of the public key scheme

Reimplemented from Botan::Asymmetric_Key.

Definition at line 42 of file hss_lms.cpp.

                                               {
   return m_public->object_identifier();
}

References Botan::HSS_LMS_PublicKey::m_public.

◆ pkcs8_algorithm_identifier()

AlgorithmIdentifier Botan::HSS_LMS_PrivateKey::pkcs8_algorithm_identifier ( ) const

overridevirtual

Returns: PKCS #8 AlgorithmIdentifier for this key Might be different from the X.509 identifier, but normally is not

Reimplemented from Botan::Private_Key.

Definition at line 156 of file hss_lms.cpp.

                                                                         {
   return AlgorithmIdentifier(OID::from_string("HSS-LMS-Private-Key"), AlgorithmIdentifier::USE_EMPTY_PARAM);
}

References Botan::OID::from_string(), and Botan::AlgorithmIdentifier::USE_EMPTY_PARAM.

◆ private_key_bits()

secure_vector< uint8_t > Botan::HSS_LMS_PrivateKey::private_key_bits ( ) const

overridevirtual

Returns: BER encoded private key bits

Implements Botan::Private_Key.

Definition at line 140 of file hss_lms.cpp.

                                                                  {
   auto scope = CT::scoped_poison(*m_private);
   return CT::driveby_unpoison(m_private->to_bytes());
}

References Botan::CT::driveby_unpoison(), and Botan::CT::scoped_poison().

Referenced by raw_private_key_bits().

◆ private_key_info()

secure_vector< uint8_t > Botan::Private_Key::private_key_info ( ) const

inherited

Returns: PKCS #8 private key encoding for this key object

Definition at line 60 of file pk_keys.cpp.

                                                           {
   const size_t PKCS8_VERSION = 0;
 
   return DER_Encoder()
      .start_sequence()
      .encode(PKCS8_VERSION)
      .encode(pkcs8_algorithm_identifier())
      .encode(private_key_bits(), ASN1_Type::OctetString)
      .end_cons()
      .get_contents();
}

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::OctetString, Botan::Private_Key::pkcs8_algorithm_identifier(), Botan::Private_Key::private_key_bits(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::PKCS8::BER_encode(), Botan::PKCS8::BER_encode_encrypted_pbkdf_iter(), Botan::PKCS8::BER_encode_encrypted_pbkdf_msec(), and Botan::PKCS8::PEM_encode().

◆ public_key()

std::unique_ptr< Public_Key > Botan::HSS_LMS_PrivateKey::public_key ( ) const

overridevirtual

Allocate a new object for the public key associated with this private key.

Returns: public key

Implements Botan::Private_Key.

Definition at line 149 of file hss_lms.cpp.

                                                               {
   return std::make_unique<HSS_LMS_PublicKey>(*this);
}

◆ public_key_bits()

std::vector< uint8_t > Botan::HSS_LMS_PublicKey::public_key_bits ( ) const

overridevirtualinherited

Returns: BER encoded public key bits

Implements Botan::Public_Key.

Definition at line 55 of file hss_lms.cpp.

                                                            {
   // The raw encoding of HSS/LMS public keys always contains the necessary
   // algorithm information.
   return raw_public_key_bits();
}

References Botan::HSS_LMS_PublicKey::raw_public_key_bits().

◆ raw_private_key_bits()

secure_vector< uint8_t > Botan::HSS_LMS_PrivateKey::raw_private_key_bits ( ) const

overridevirtual

Returns: binary private key bits, with no additional encoding

Note: some algorithms (for example RSA) do not have an obvious encoding for this value due to having many different values, and thus not implement this function. The default implementation throws Not_Implemented

Reimplemented from Botan::Private_Key.

Definition at line 145 of file hss_lms.cpp.

                                                                      {
   return private_key_bits();
}

References private_key_bits().

◆ raw_public_key_bits()

std::vector< uint8_t > Botan::HSS_LMS_PublicKey::raw_public_key_bits ( ) const

overridevirtualinherited

Returns: binary public key bits, with no additional encoding

For key agreements this is an alias for PK_Key_Agreement_Key::public_value.

Note: some algorithms (for example RSA) do not have an obvious encoding for this value due to having many different values, and thus throw Not_Implemented when invoking this method.

Implements Botan::Public_Key.

Definition at line 51 of file hss_lms.cpp.

                                                                {
   return m_public->to_bytes();
}

References Botan::HSS_LMS_PublicKey::m_public.

Referenced by Botan::HSS_LMS_PublicKey::public_key_bits().

◆ remaining_operations()

std::optional< uint64_t > Botan::HSS_LMS_PrivateKey::remaining_operations ( ) const

overridevirtual

Retrieves the number of remaining signatures for this private key.

Reimplemented from Botan::Private_Key.

Definition at line 160 of file hss_lms.cpp.

                                                                     {
   return (m_private->hss_params().max_sig_count() - m_private->get_idx()).get();
}

◆ stateful_operation()

bool Botan::HSS_LMS_PrivateKey::stateful_operation ( ) const

inlineoverridevirtual

Indicates if this key is stateful, ie that performing a private key operation requires updating the key storage.

Reimplemented from Botan::Private_Key.

Definition at line 140 of file hss_lms.h.

140{ return true; }

◆ subject_public_key()

std::vector< uint8_t > Botan::Public_Key::subject_public_key ( ) const

inherited

Returns: X.509 subject key encoding for this key object

Definition at line 48 of file pk_keys.cpp.

                                                        {
   std::vector<uint8_t> output;
 
   DER_Encoder(output)
      .start_sequence()
      .encode(algorithm_identifier())
      .encode(public_key_bits(), ASN1_Type::BitString)
      .end_cons();
 
   return output;
}

References Botan::Public_Key::algorithm_identifier(), Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::Public_Key::public_key_bits(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::X509::BER_encode(), Botan::PKCS10_Request::create(), Botan::Public_Key::fingerprint_public(), and Botan::X509::PEM_encode().

◆ supports_operation()

bool Botan::HSS_LMS_PublicKey::supports_operation ( PublicKeyOperation op ) const

overridevirtualinherited

Return true if this key could be used for the specified type of operation.

Implements Botan::Asymmetric_Key.

Definition at line 107 of file hss_lms.cpp.

                                                                      {
   return op == PublicKeyOperation::Signature;
}

References Botan::Signature.

Member Data Documentation

◆ m_public

std::shared_ptr<HSS_LMS_PublicKeyInternal> Botan::HSS_LMS_PublicKey::m_public

protectedinherited

Definition at line 70 of file hss_lms.h.

Referenced by Botan::HSS_LMS_PublicKey::algo_name(), Botan::HSS_LMS_PublicKey::algorithm_identifier(), create_signature_op(), Botan::HSS_LMS_PublicKey::create_verification_op(), Botan::HSS_LMS_PublicKey::create_x509_verification_op(), Botan::HSS_LMS_PublicKey::estimated_strength(), HSS_LMS_PrivateKey(), HSS_LMS_PrivateKey(), Botan::HSS_LMS_PublicKey::key_length(), Botan::HSS_LMS_PublicKey::object_identifier(), and Botan::HSS_LMS_PublicKey::raw_public_key_bits().

The documentation for this class was generated from the following files:

src/lib/pubkey/hss_lms/hss_lms.h
src/lib/pubkey/hss_lms/hss_lms.cpp

Public Member Functions

Protected Attributes

Detailed Description

Constructor & Destructor Documentation

◆ HSS_LMS_PrivateKey() [1/2]

◆ HSS_LMS_PrivateKey() [2/2]

◆ ~HSS_LMS_PrivateKey()

Member Function Documentation

◆ algo_name()

◆ algorithm_identifier()

◆ check_key()

◆ create_decryption_op()

◆ create_encryption_op()

◆ create_kem_decryption_op()

◆ create_kem_encryption_op()

◆ create_key_agreement_op()

◆ create_signature_op()

◆ create_verification_op()

◆ create_x509_verification_op()

◆ default_x509_signature_format()

◆ estimated_strength()

◆ fingerprint_private()

◆ fingerprint_public()

◆ generate_another()

◆ get_int_field()

◆ get_oid()

◆ key_length()

◆ message_part_size()

◆ message_parts()

◆ object_identifier()

◆ pkcs8_algorithm_identifier()

◆ private_key_bits()

◆ private_key_info()

◆ public_key()

◆ public_key_bits()

◆ raw_private_key_bits()

◆ raw_public_key_bits()

◆ remaining_operations()

◆ stateful_operation()

◆ subject_public_key()

◆ supports_operation()

Member Data Documentation

◆ m_public