Botan 3.7.1
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::HSS_LMS_PublicKeyInternal Class Referencefinal

The internal HSS-LMS public key. More...

#include <hss.h>

Public Member Functions

void _const_time_unpoison () const
 
std::string algo_name () const
 The algorithm name for HSS-LMS.
 
AlgorithmIdentifier algorithm_identifier () const
 The algorithm identifier for HSS-LMS.
 
 HSS_LMS_PublicKeyInternal (HSS_Level L, LMS_PublicKey top_lms_pub_key)
 
const LMS_PublicKeylms_pub_key () const
 Returns the public LMS key of the top LMS tree.
 
OID object_identifier () const
 The object identifier for HSS-LMS.
 
size_t size () const
 Returns the size in bytes the key would have in its encoded format.
 
std::vector< uint8_t > to_bytes () const
 Returns the key in its encoded format.
 
bool verify_signature (std::span< const uint8_t > msg, const HSS_Signature &sig) const
 Verify a HSS-LMS signature.
 

Static Public Member Functions

static HSS_LMS_PublicKeyInternal create (const HSS_LMS_PrivateKeyInternal &hss_sk)
 Create the public HSS-LMS key from its private key.
 
static std::shared_ptr< HSS_LMS_PublicKeyInternalfrom_bytes_or_throw (std::span< const uint8_t > key_bytes)
 Parse a public HSS-LMS key.
 

Detailed Description

The internal HSS-LMS public key.

Format according to RFC 8554: u32str(L) || pub[0]

Definition at line 245 of file hss.h.

Constructor & Destructor Documentation

◆ HSS_LMS_PublicKeyInternal()

Botan::HSS_LMS_PublicKeyInternal::HSS_LMS_PublicKeyInternal ( HSS_Level L,
LMS_PublicKey top_lms_pub_key )
inline

Definition at line 264 of file hss.h.

264 :
265 m_L(L), m_top_lms_pub_key(std::move(top_lms_pub_key)) {}

Referenced by create().

Member Function Documentation

◆ _const_time_unpoison()

void Botan::HSS_LMS_PublicKeyInternal::_const_time_unpoison ( ) const
inline

Definition at line 308 of file hss.h.

308{ CT::unpoison(m_top_lms_pub_key); }
Botan::CT::unpoison
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:64

References Botan::CT::unpoison().

◆ algo_name()

std::string Botan::HSS_LMS_PublicKeyInternal::algo_name ( ) const
inline

The algorithm name for HSS-LMS.

Definition at line 295 of file hss.h.

295{ return "HSS-LMS"; }

Referenced by object_identifier().

◆ algorithm_identifier()

AlgorithmIdentifier Botan::HSS_LMS_PublicKeyInternal::algorithm_identifier ( ) const

The algorithm identifier for HSS-LMS.

Definition at line 338 of file hss.cpp.

338 {
339 return AlgorithmIdentifier(object_identifier(), AlgorithmIdentifier::USE_EMPTY_PARAM);
340}
Botan::HSS_LMS_PublicKeyInternal::object_identifier
OID object_identifier() const
The object identifier for HSS-LMS.
Definition hss.cpp:342

References object_identifier(), and Botan::AlgorithmIdentifier::USE_EMPTY_PARAM.

◆ create()

HSS_LMS_PublicKeyInternal Botan::HSS_LMS_PublicKeyInternal::create ( const HSS_LMS_PrivateKeyInternal & hss_sk)
static

Create the public HSS-LMS key from its private key.

Parameters
hss_skThe private HSS-LMS key.
Returns
The internal HSS-LMS public key.

Definition at line 305 of file hss.cpp.

305 {
306 auto& hss_params = hss_sk.hss_params();
307
308 const auto root_sk = hss_sk.hss_derive_root_lms_private_key();
309 LMS_PublicKey top_pub_key = LMS_PublicKey(root_sk);
310
311 return HSS_LMS_PublicKeyInternal(hss_params.L(), std::move(top_pub_key));
312}
Botan::HSS_LMS_PublicKeyInternal::HSS_LMS_PublicKeyInternal
HSS_LMS_PublicKeyInternal(HSS_Level L, LMS_PublicKey top_lms_pub_key)
Definition hss.h:264

References Botan::HSS_LMS_PrivateKeyInternal::hss_derive_root_lms_private_key(), HSS_LMS_PublicKeyInternal(), and Botan::HSS_LMS_PrivateKeyInternal::hss_params().

Referenced by Botan::HSS_LMS_PrivateKey::HSS_LMS_PrivateKey(), and Botan::HSS_LMS_PrivateKey::HSS_LMS_PrivateKey().

◆ from_bytes_or_throw()

std::shared_ptr< HSS_LMS_PublicKeyInternal > Botan::HSS_LMS_PublicKeyInternal::from_bytes_or_throw ( std::span< const uint8_t > key_bytes)
static

Parse a public HSS-LMS key.

Parameters
key_bytesThe public key bytes to parse.
Returns
The internal HSS-LMS public key.
Exceptions
Decoding_ErrorIf parsing the public key fails.

Definition at line 314 of file hss.cpp.

315 {
316 if(key_bytes.size() < sizeof(HSS_Level)) {
317 throw Decoding_Error("Too few public key bytes.");
318 }
319 BufferSlicer slicer(key_bytes);
320
321 const auto L = load_be<HSS_Level>(slicer.take<sizeof(HSS_Level)>());
322 if(L > HSS_MAX_LEVELS) {
323 throw Decoding_Error("Invalid number of HSS layers in public HSS-LMS key.");
324 }
325
326 LMS_PublicKey lms_pub_key = LMS_PublicKey::from_bytes_or_throw(slicer);
327
328 if(!slicer.empty()) {
329 throw Decoding_Error("Public HSS-LMS key contains more bytes than expected.");
330 }
331 return std::make_shared<HSS_LMS_PublicKeyInternal>(L, std::move(lms_pub_key));
332}
Botan::HSS_LMS_PublicKeyInternal::lms_pub_key
const LMS_PublicKey & lms_pub_key() const
Returns the public LMS key of the top LMS tree.
Definition hss.h:275
Botan::LMS_PublicKey::from_bytes_or_throw
static LMS_PublicKey from_bytes_or_throw(BufferSlicer &slicer)
Parse a public LMS key.
Definition lms.cpp:264
Botan::HSS_Level
Strong< uint32_t, struct HSS_Level_, EnableArithmeticWithPlainNumber > HSS_Level
The HSS layer in the HSS multi tree starting at 0 from the root.
Definition hss.h:34
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:530

References Botan::BufferSlicer::empty(), Botan::LMS_PublicKey::from_bytes_or_throw(), lms_pub_key(), Botan::load_be(), and Botan::BufferSlicer::take().

◆ lms_pub_key()

const LMS_PublicKey & Botan::HSS_LMS_PublicKeyInternal::lms_pub_key ( ) const
inline

Returns the public LMS key of the top LMS tree.

Definition at line 275 of file hss.h.

275{ return m_top_lms_pub_key; }

Referenced by from_bytes_or_throw(), and verify_signature().

◆ object_identifier()

OID Botan::HSS_LMS_PublicKeyInternal::object_identifier ( ) const

The object identifier for HSS-LMS.

Definition at line 342 of file hss.cpp.

342 {
343 return OID::from_string(algo_name());
344}
Botan::HSS_LMS_PublicKeyInternal::algo_name
std::string algo_name() const
The algorithm name for HSS-LMS.
Definition hss.h:295
Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86

References algo_name(), and Botan::OID::from_string().

Referenced by algorithm_identifier().

◆ size()

size_t Botan::HSS_LMS_PublicKeyInternal::size ( ) const

Returns the size in bytes the key would have in its encoded format.

Definition at line 346 of file hss.cpp.

346 {
347 return sizeof(m_L) + LMS_PublicKey::size(m_top_lms_pub_key.lms_params());
348}
Botan::LMS_Instance::lms_params
const LMS_Params & lms_params() const
The LMS parameters for this LMS instance.
Definition lms.h:164
Botan::LMS_PublicKey::size
static size_t size(const LMS_Params &lms_params)
The expected size of an LMS public key for given lms_params.
Definition lms.cpp:313

References Botan::LMS_Instance::lms_params(), and Botan::LMS_PublicKey::size().

◆ to_bytes()

std::vector< uint8_t > Botan::HSS_LMS_PublicKeyInternal::to_bytes ( ) const

Returns the key in its encoded format.

Definition at line 334 of file hss.cpp.

334 {
335 return concat<std::vector<uint8_t>>(store_be(m_L), m_top_lms_pub_key.to_bytes());
336}
Botan::LMS_PublicKey::to_bytes
std::vector< uint8_t > to_bytes() const
Bytes of the full lms public key according to 8554 5.3.
Definition lms.cpp:294
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:263
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:773

References Botan::concat(), Botan::store_be(), and Botan::LMS_PublicKey::to_bytes().

◆ verify_signature()

bool Botan::HSS_LMS_PublicKeyInternal::verify_signature ( std::span< const uint8_t > msg,
const HSS_Signature & sig ) const

Verify a HSS-LMS signature.

See RFC 8554 6.3.

Parameters
msgThe signed message.
sigThe already parsed HSS-LMS signature.
Returns
True iff the signature is valid.

Definition at line 350 of file hss.cpp.

350 {
351 if(checked_cast_to<HSS_Level>(sig.Nspk()) + 1 != m_L) {
352 // HSS levels in the public key does not match with the signature's
353 return false;
354 }
355
356 const LMS_PublicKey* lms_pk = &lms_pub_key();
357 const auto hash_name = lms_pk->lms_params().hash_name();
358
359 // Verify the signature by the above layer over the LMS public keys for layer 1 to Nspk.
360 for(HSS_Level layer(0); layer < sig.Nspk(); ++layer) {
361 const HSS_Signature::Signed_Pub_Key& signed_pub_key = sig.signed_pub_key(layer);
362 if(signed_pub_key.public_key().lms_params().hash_name() != hash_name ||
363 signed_pub_key.public_key().lmots_params().hash_name() != hash_name) {
364 // We do not allow HSS-LMS instances with multiple different hash functions.
365 return false;
366 }
367 if(!lms_pk->verify_signature(LMS_Message(signed_pub_key.public_key().to_bytes()), signed_pub_key.signature())) {
368 return false;
369 }
370 lms_pk = &signed_pub_key.public_key();
371 }
372
373 // Verify the signature by the bottom layer over the message.
374 return lms_pk->verify_signature(LMS_Message(msg), sig.bottom_sig());
375}
Botan::checked_cast_to
constexpr RT checked_cast_to(AT i)
Definition int_utils.h:74
Botan::LMS_Message
Strong< std::vector< uint8_t >, struct LMS_Message_ > LMS_Message
A message that is signed with an LMS tree.
Definition lm_ots.h:55

References Botan::HSS_Signature::bottom_sig(), Botan::checked_cast_to(), Botan::LMOTS_Params::hash_name(), Botan::LMS_Params::hash_name(), Botan::LMS_Instance::lmots_params(), Botan::LMS_Instance::lms_params(), lms_pub_key(), Botan::HSS_Signature::Nspk(), Botan::HSS_Signature::Signed_Pub_Key::public_key(), Botan::HSS_Signature::Signed_Pub_Key::signature(), Botan::HSS_Signature::signed_pub_key(), Botan::LMS_PublicKey::to_bytes(), and Botan::LMS_PublicKey::verify_signature().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0