Botan::HSS_LMS_PublicKey Class Reference

An HSS/LMS public key. More...

#include <hss_lms.h>

Inheritance diagram for Botan::HSS_LMS_PublicKey:

Public Member Functions
virtual Signature_Format	_default_x509_signature_format () const
virtual std::optional< size_t >	_signature_element_size_for_DER_encoding () const
std::string	algo_name () const override
AlgorithmIdentifier	algorithm_identifier () const override
bool	check_key (RandomNumberGenerator &rng, bool strong) const override
virtual std::unique_ptr< PK_Ops::Encryption >	create_encryption_op (RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::KEM_Encryption >	create_kem_encryption_op (std::string_view params, std::string_view provider) const
std::unique_ptr< PK_Ops::Verification >	create_verification_op (std::string_view params, std::string_view provider) const override
std::unique_ptr< PK_Ops::Verification >	create_x509_verification_op (const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const override
Signature_Format	default_x509_signature_format () const
size_t	estimated_strength () const override
std::string	fingerprint_public (std::string_view alg="SHA-256") const
std::unique_ptr< Private_Key >	generate_another (RandomNumberGenerator &rng) const override
virtual const BigInt &	get_int_field (std::string_view field) const
OID	get_oid () const
	HSS_LMS_PublicKey (const HSS_LMS_PublicKey &other)=default
	HSS_LMS_PublicKey (HSS_LMS_PublicKey &&other)=default
BOTAN_FUTURE_EXPLICIT	HSS_LMS_PublicKey (std::span< const uint8_t > pub_key_bytes)
	Load an existing public key using its bytes.
size_t	key_length () const override
size_t	message_part_size () const
size_t	message_parts () const
OID	object_identifier () const override
HSS_LMS_PublicKey &	operator= (const HSS_LMS_PublicKey &other)=delete
HSS_LMS_PublicKey &	operator= (HSS_LMS_PublicKey &&other)=delete
std::vector< uint8_t >	public_key_bits () const override
std::vector< uint8_t >	raw_public_key_bits () const override
std::vector< uint8_t >	subject_public_key () const
bool	supports_operation (PublicKeyOperation op) const override
	~HSS_LMS_PublicKey () override

Protected Member Functions
	HSS_LMS_PublicKey ()=default

Protected Attributes
std::shared_ptr< HSS_LMS_PublicKeyInternal >	m_public

Detailed Description

An HSS/LMS public key.

Implementation of the Hierarchical Signature System (HSS) of Leighton-Micali Hash-Based Signatures (LMS) defined in RFC 8554 (https://www.rfc-editor.org/rfc/rfc8554.html).

To derive seeds for single LMS trees in the HSS-multitree, the method (SECRET_METHOD 2) of the reference implementation (https://github.com/cisco/hash-sigs) is used.

Definition at line 34 of file hss_lms.h.

Constructor & Destructor Documentation

HSS_LMS_PublicKey() [1/4]

Botan::HSS_LMS_PublicKey::HSS_LMS_PublicKey

(

std::span< const uint8_t >

pub_key_bytes

)

Load an existing public key using its bytes.

Definition at line 17 of file hss_lms.cpp.

                                                                   :
      m_public(HSS_LMS_PublicKeyInternal::from_bytes_or_throw(pub_key)) {}

References m_public.

Referenced by HSS_LMS_PublicKey(), HSS_LMS_PublicKey(), operator=(), and operator=().

~HSS_LMS_PublicKey()

Botan::HSS_LMS_PublicKey::~HSS_LMS_PublicKey ( )

overridedefault

HSS_LMS_PublicKey() [2/4]

Botan::HSS_LMS_PublicKey::HSS_LMS_PublicKey ( const HSS_LMS_PublicKey & other )

default

References HSS_LMS_PublicKey().

HSS_LMS_PublicKey() [3/4]

Botan::HSS_LMS_PublicKey::HSS_LMS_PublicKey ( HSS_LMS_PublicKey && other )

default

References HSS_LMS_PublicKey().

HSS_LMS_PublicKey() [4/4]

Botan::HSS_LMS_PublicKey::HSS_LMS_PublicKey ( )

protecteddefault

Member Function Documentation

_default_x509_signature_format()

Signature_Format Botan::Asymmetric_Key::_default_x509_signature_format ( ) const

virtualinherited

Reimplemented in Botan::GOST_3410_PublicKey.

Definition at line 30 of file pk_keys.cpp.

                                                                      {
   if(_signature_element_size_for_DER_encoding()) {
      return Signature_Format::DerSequence;
   } else {
      return Signature_Format::Standard;
   }
}

References _signature_element_size_for_DER_encoding(), Botan::DerSequence, and Botan::Standard.

Referenced by Botan::X509_Object::choose_sig_format(), Botan::Public_Key::default_x509_signature_format(), and Botan::PK_Verifier::PK_Verifier().

_signature_element_size_for_DER_encoding()

virtual std::optional< size_t > Botan::Asymmetric_Key::_signature_element_size_for_DER_encoding ( ) const

inlinevirtualinherited

Certain signatures schemes such as ECDSA have more than one element, and certain unfortunate protocols decided the thing to do was not concatenate them as normally done, but instead DER encode each of the elements as independent values.

If this returns a value x then the signature is checked to be exactly 2*x bytes and split in half for DER encoding.

Reimplemented in Botan::DSA_PublicKey, Botan::ECDSA_PublicKey, Botan::ECGDSA_PublicKey, Botan::ECKCDSA_PublicKey, Botan::GOST_3410_PublicKey, and Botan::SM2_PublicKey.

Definition at line 137 of file pk_keys.h.

{ return {}; }

Referenced by _default_x509_signature_format(), Botan::Public_Key::message_part_size(), Botan::Public_Key::message_parts(), Botan::PK_Verifier::PK_Verifier(), and Botan::PK_Verifier::PK_Verifier().

algo_name()

std::string Botan::HSS_LMS_PublicKey::algo_name ( ) const

overridevirtual

Get the name of the underlying public key scheme.

Returns

name of the public key scheme

Implements Botan::Asymmetric_Key.

Definition at line 34 of file hss_lms.cpp.

                                             {
   return m_public->algo_name();
}

References m_public.

Referenced by Botan::HSS_LMS_PrivateKey::create_signature_op(), create_verification_op(), create_x509_verification_op(), and operator=().

algorithm_identifier()

AlgorithmIdentifier Botan::HSS_LMS_PublicKey::algorithm_identifier ( ) const

overridevirtual

Returns

X.509 AlgorithmIdentifier for this key

Implements Botan::Public_Key.

Definition at line 38 of file hss_lms.cpp.

                                                                  {
   return m_public->algorithm_identifier();
}

References m_public.

Referenced by create_x509_verification_op(), and operator=().

check_key()

bool Botan::HSS_LMS_PublicKey::check_key ( RandomNumberGenerator & rng, bool strong ) const

overridevirtual

Implements Botan::Asymmetric_Key.

Definition at line 46 of file hss_lms.cpp.

                                                                        {
   // Nothing to check. Only useful checks are already done during parsing.
   return true;
}

Referenced by operator=().

create_encryption_op()

std::unique_ptr< PK_Ops::Encryption > Botan::Public_Key::create_encryption_op ( RandomNumberGenerator & rng, std::string_view params, std::string_view provider ) const

virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return an encryption operation for this key/params or throw

Parameters

rng	a random number generator. The PK_Op may maintain a reference to the RNG and use it many times. The rng must outlive any operations which reference it.
params	additional parameters
provider	the provider to use

Reimplemented in Botan::ElGamal_PublicKey, Botan::RSA_PublicKey, Botan::SM2_PublicKey, and Botan::TPM2::RSA_PublicKey.

Definition at line 98 of file pk_keys.cpp.

                                                                                             {
   throw Lookup_Error(fmt("{} does not support encryption", algo_name()));
}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_Encryptor_EME::PK_Encryptor_EME().

create_kem_encryption_op()

std::unique_ptr< PK_Ops::KEM_Encryption > Botan::Public_Key::create_kem_encryption_op ( std::string_view params, std::string_view provider ) const

virtualinherited

This is an internal library function exposed on key types. In almost all cases applications should use wrappers in pubkey.h

Return a KEM encryption operation for this key/params or throw

Parameters

params	additional parameters
provider	the provider to use

Reimplemented in Botan::Classic_McEliece_PublicKey, Botan::FrodoKEM_PublicKey, Botan::KEX_to_KEM_Adapter_PublicKey, Botan::Kyber_PublicKey, Botan::McEliece_PublicKey, Botan::RSA_PublicKey, and Botan::TLS::Hybrid_KEM_PublicKey.

Definition at line 104 of file pk_keys.cpp.

                                                                                                     {
   throw Lookup_Error(fmt("{} does not support KEM encryption", algo_name()));
}

References Botan::Asymmetric_Key::algo_name(), and Botan::fmt().

Referenced by Botan::PK_KEM_Encryptor::PK_KEM_Encryptor().

create_verification_op()

std::unique_ptr< PK_Ops::Verification > Botan::HSS_LMS_PublicKey::create_verification_op ( std::string_view params, std::string_view provider ) const

overridevirtual

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a verification operation for this key/params or throw

Parameters

params	additional parameters
provider	the provider to use

Reimplemented from Botan::Public_Key.

Definition at line 88 of file hss_lms.cpp.

                                                                                                               {
   if(provider.empty() || provider == "base") {
      return std::make_unique<HSS_LMS_Verification_Operation>(m_public);
   }
   throw Provider_Not_Found(algo_name(), provider);
}

References algo_name(), and m_public.

Referenced by operator=().

create_x509_verification_op()

std::unique_ptr< PK_Ops::Verification > Botan::HSS_LMS_PublicKey::create_x509_verification_op ( const AlgorithmIdentifier & signature_algorithm, std::string_view provider ) const

overridevirtual

This is an internal library function exposed on key types. In all cases applications should use wrappers in pubkey.h

Return a verification operation for this combination of key and signature algorithm or throw.

Parameters

signature_algorithm	is the X.509 algorithm identifier encoding the padding scheme and hash hash function used in the signature if applicable.
provider	the provider to use

Reimplemented from Botan::Public_Key.

Definition at line 96 of file hss_lms.cpp.

                                                                                  {
   if(provider.empty() || provider == "base") {
      if(signature_algorithm != this->algorithm_identifier()) {
         throw Decoding_Error("Unexpected AlgorithmIdentifier for HSS-LMS signature");
      }
      return std::make_unique<HSS_LMS_Verification_Operation>(m_public);
   }
   throw Provider_Not_Found(algo_name(), provider);
}

References algo_name(), algorithm_identifier(), and m_public.

Referenced by operator=().

default_x509_signature_format()

Signature_Format Botan::Public_Key::default_x509_signature_format ( ) const

inlineinherited

Definition at line 229 of file pk_keys.h.

                                                               {
         return _default_x509_signature_format();
      }

References Botan::Asymmetric_Key::_default_x509_signature_format(), and default_x509_signature_format().

Referenced by default_x509_signature_format().

estimated_strength()

size_t Botan::HSS_LMS_PublicKey::estimated_strength ( ) const

overridevirtual

Return the estimated strength of the underlying key against the best currently known attack. Note that this ignores anything but pure attacks against the key itself and do not take into account padding schemes, usage mistakes, etc which might reduce the strength. However it does suffice to provide an upper bound.

Returns

estimated strength in bits

Implements Botan::Asymmetric_Key.

Definition at line 26 of file hss_lms.cpp.

                                                   {
   // draft-fluhrer-lms-more-parm-sets-11 Section 9.
   //   As shown in [Katz16], if we assume that the hash function can be
   //   modeled as a random oracle, then the security of the system is at
   //   least 8N-1 bits (where N is the size of the hash output in bytes);
   return 8 * m_public->lms_pub_key().lms_params().m() - 1;
}

References m_public.

Referenced by operator=().

fingerprint_public()

std::string Botan::Public_Key::fingerprint_public ( std::string_view alg = "SHA-256" ) const

inherited

Returns

Hash of the subject public key

Definition at line 87 of file pk_keys.cpp.

                                                                       {
   return create_hex_fingerprint(subject_public_key(), hash_algo);
}

References Botan::create_hex_fingerprint(), and subject_public_key().

Referenced by public_key_bits().

generate_another()

std::unique_ptr< Private_Key > Botan::HSS_LMS_PublicKey::generate_another ( RandomNumberGenerator & rng ) const

overridevirtual

Exceptions

Not_Implemented

for LMS public keys.

Implements Botan::Asymmetric_Key.

Definition at line 111 of file hss_lms.cpp.

                                                                                             {
   // For this key type we cannot derive all required parameters from just
   // the public key. It is however possible to call HSS_LMS_PrivateKey::generate_another().
   throw Not_Implemented("Cannot generate a new HSS/LMS keypair from a public key");
}

Referenced by operator=().

get_int_field()

const BigInt & Botan::Asymmetric_Key::get_int_field ( std::string_view field ) const

virtualinherited

Access an algorithm specific field

If the field is not known for this algorithm, an Invalid_Argument is thrown. The interpretation of the result requires knowledge of which algorithm is involved. For instance for RSA "p" represents one of the secret primes, while for DSA "p" is the public prime.

Some algorithms may not implement this method at all.

This is primarily used to implement the FFI botan_pubkey_get_field and botan_privkey_get_field functions.

TODO(Botan4) Change this to return by value

Reimplemented in Botan::DH_PrivateKey, Botan::DH_PublicKey, Botan::DSA_PrivateKey, Botan::DSA_PublicKey, Botan::EC_PrivateKey, Botan::EC_PublicKey, Botan::ElGamal_PrivateKey, Botan::ElGamal_PublicKey, Botan::RSA_PrivateKey, and Botan::RSA_PublicKey.

Definition at line 18 of file pk_keys.cpp.

                                                                      {
   throw Unknown_PK_Field_Name(algo_name(), field);
}

References algo_name().

Referenced by estimated_strength(), Botan::EC_PublicKey::get_int_field(), and Botan::RSA_PublicKey::get_int_field().

get_oid()

OID Botan::Public_Key::get_oid ( ) const

inlineinherited

Deprecated version of object_identifier

Definition at line 161 of file pk_keys.h.

{ return this->object_identifier(); }

References get_oid(), and Botan::Asymmetric_Key::object_identifier().

Referenced by get_oid().

key_length()

size_t Botan::HSS_LMS_PublicKey::key_length ( ) const

overridevirtual

Return an integer value best approximating the length of the primary security parameter. For example for RSA this will be the size of the modulus, for ECDSA the size of the ECC group, and for McEliece the size of the code will be returned.

Implements Botan::Public_Key.

Definition at line 22 of file hss_lms.cpp.

                                           {
   return m_public->size();
}

References m_public.

Referenced by operator=().

message_part_size()

size_t Botan::Public_Key::message_part_size ( ) const

inlineinherited

Returns how large each of the message parts refered to by message_parts() is

This function is public but applications should have few reasons to ever call this.

Returns

size of the message parts in bits

Definition at line 221 of file pk_keys.h.

                                                                                     {
         return _signature_element_size_for_DER_encoding().value_or(0);
      }

References Botan::Asymmetric_Key::_signature_element_size_for_DER_encoding(), and message_part_size().

Referenced by message_part_size().

message_parts()

size_t Botan::Public_Key::message_parts ( ) const

inlineinherited

Returns more than 1 if the output of this algorithm (ciphertext, signature) should be treated as more than one value. This is used for algorithms like DSA and ECDSA, where the (r,s) output pair can be encoded as either a plain binary list or a TLV tagged DER encoding depending on the protocol.

This function is public but applications should have few reasons to ever call this.

Returns

number of message parts

Definition at line 208 of file pk_keys.h.

                                                                                 {
         return _signature_element_size_for_DER_encoding() ? 2 : 1;
      }

References Botan::Asymmetric_Key::_signature_element_size_for_DER_encoding(), and message_parts().

Referenced by message_parts().

object_identifier()

OID Botan::HSS_LMS_PublicKey::object_identifier ( ) const

overridevirtual

Get the OID of the underlying public key scheme.

Returns

OID of the public key scheme

Reimplemented from Botan::Asymmetric_Key.

Definition at line 42 of file hss_lms.cpp.

                                               {
   return m_public->object_identifier();
}

References m_public.

Referenced by operator=().

operator=() [1/2]

HSS_LMS_PublicKey & Botan::HSS_LMS_PublicKey::operator= ( const HSS_LMS_PublicKey & other )

delete

References HSS_LMS_PublicKey().

operator=() [2/2]

HSS_LMS_PublicKey & Botan::HSS_LMS_PublicKey::operator= ( HSS_LMS_PublicKey && other )

delete

References algo_name(), algorithm_identifier(), check_key(), create_verification_op(), create_x509_verification_op(), estimated_strength(), generate_another(), HSS_LMS_PublicKey(), key_length(), object_identifier(), public_key_bits(), raw_public_key_bits(), and supports_operation().

public_key_bits()

std::vector< uint8_t > Botan::HSS_LMS_PublicKey::public_key_bits ( ) const

overridevirtual

Returns

BER encoded public key bits

Implements Botan::Public_Key.

Definition at line 55 of file hss_lms.cpp.

                                                            {
   // The raw encoding of HSS/LMS public keys always contains the necessary
   // algorithm information.
   return raw_public_key_bits();
}

References raw_public_key_bits().

Referenced by operator=().

raw_public_key_bits()

std::vector< uint8_t > Botan::HSS_LMS_PublicKey::raw_public_key_bits ( ) const

overridevirtual

Returns

binary public key bits, with no additional encoding

For key agreements this is an alias for PK_Key_Agreement_Key::public_value.

Note: some algorithms (for example RSA) do not have an obvious encoding for this value due to having many different values, and thus throw Not_Implemented when invoking this method.

Implements Botan::Public_Key.

Definition at line 51 of file hss_lms.cpp.

                                                                {
   return m_public->to_bytes();
}

References m_public.

Referenced by operator=(), and public_key_bits().

subject_public_key()

std::vector< uint8_t > Botan::Public_Key::subject_public_key ( ) const

inherited

Returns

X.509 subject key encoding for this key object

Definition at line 56 of file pk_keys.cpp.

                                                        {
   std::vector<uint8_t> output;
 
   DER_Encoder(output)
      .start_sequence()
      .encode(algorithm_identifier())
      .encode(public_key_bits(), ASN1_Type::BitString)
      .end_cons();
 
   return output;
}

References algorithm_identifier(), Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), public_key_bits(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::X509::BER_encode(), Botan::PKCS10_Request::create(), fingerprint_public(), Botan::X509::PEM_encode(), and public_key_bits().

supports_operation()

bool Botan::HSS_LMS_PublicKey::supports_operation ( PublicKeyOperation op ) const

overridevirtual

Return true if this key could be used for the specified type of operation.

Implements Botan::Asymmetric_Key.

Definition at line 107 of file hss_lms.cpp.

                                                                      {
   return op == PublicKeyOperation::Signature;
}

References Botan::Signature.

Referenced by operator=().

Member Data Documentation

m_public

std::shared_ptr<HSS_LMS_PublicKeyInternal> Botan::HSS_LMS_PublicKey::m_public

protected

Definition at line 74 of file hss_lms.h.

Referenced by algo_name(), algorithm_identifier(), Botan::HSS_LMS_PrivateKey::create_signature_op(), create_verification_op(), create_x509_verification_op(), estimated_strength(), Botan::HSS_LMS_PrivateKey::HSS_LMS_PrivateKey(), Botan::HSS_LMS_PrivateKey::HSS_LMS_PrivateKey(), HSS_LMS_PublicKey(), key_length(), object_identifier(), and raw_public_key_bits().

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/hss_lms/hss_lms.h
• src/lib/pubkey/hss_lms/hss_lms.cpp