Botan 3.6.1
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::HSS_LMS_PublicKeyInternal Class Referencefinal

The internal HSS-LMS public key. More...

#include <hss.h>

Public Member Functions

void _const_time_unpoison () const
 
std::string algo_name () const
 The algorithm name for HSS-LMS.
 
AlgorithmIdentifier algorithm_identifier () const
 The algorithm identifier for HSS-LMS.
 
 HSS_LMS_PublicKeyInternal (HSS_Level L, LMS_PublicKey top_lms_pub_key)
 
const LMS_PublicKeylms_pub_key () const
 Returns the public LMS key of the top LMS tree.
 
OID object_identifier () const
 The object identifier for HSS-LMS.
 
size_t size () const
 Returns the size in bytes the key would have in its encoded format.
 
std::vector< uint8_t > to_bytes () const
 Returns the key in its encoded format.
 
bool verify_signature (std::span< const uint8_t > msg, const HSS_Signature &sig) const
 Verify a HSS-LMS signature.
 

Static Public Member Functions

static HSS_LMS_PublicKeyInternal create (const HSS_LMS_PrivateKeyInternal &hss_sk)
 Create the public HSS-LMS key from its private key.
 
static std::shared_ptr< HSS_LMS_PublicKeyInternalfrom_bytes_or_throw (std::span< const uint8_t > key_bytes)
 Parse a public HSS-LMS key.
 

Detailed Description

The internal HSS-LMS public key.

Format according to RFC 8554: u32str(L) || pub[0]

Definition at line 245 of file hss.h.

Constructor & Destructor Documentation

◆ HSS_LMS_PublicKeyInternal()

Botan::HSS_LMS_PublicKeyInternal::HSS_LMS_PublicKeyInternal ( HSS_Level L,
LMS_PublicKey top_lms_pub_key )
inline

Definition at line 264 of file hss.h.

264 :
265 m_L(L), m_top_lms_pub_key(std::move(top_lms_pub_key)) {}

Referenced by create().

Member Function Documentation

◆ _const_time_unpoison()

void Botan::HSS_LMS_PublicKeyInternal::_const_time_unpoison ( ) const
inline

Definition at line 308 of file hss.h.

308{ CT::unpoison(m_top_lms_pub_key); }
Botan::CT::unpoison
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:64

◆ algo_name()

std::string Botan::HSS_LMS_PublicKeyInternal::algo_name ( ) const
inline

The algorithm name for HSS-LMS.

Definition at line 295 of file hss.h.

295{ return "HSS-LMS"; }

Referenced by object_identifier().

◆ algorithm_identifier()

AlgorithmIdentifier Botan::HSS_LMS_PublicKeyInternal::algorithm_identifier ( ) const

The algorithm identifier for HSS-LMS.

Definition at line 331 of file hss.cpp.

331 {
332 return AlgorithmIdentifier(object_identifier(), AlgorithmIdentifier::USE_EMPTY_PARAM);
333}
Botan::HSS_LMS_PublicKeyInternal::object_identifier
OID object_identifier() const
The object identifier for HSS-LMS.
Definition hss.cpp:335

References object_identifier(), and Botan::AlgorithmIdentifier::USE_EMPTY_PARAM.

◆ create()

HSS_LMS_PublicKeyInternal Botan::HSS_LMS_PublicKeyInternal::create ( const HSS_LMS_PrivateKeyInternal & hss_sk)
static

Create the public HSS-LMS key from its private key.

Parameters
hss_skThe private HSS-LMS key.
Returns
The internal HSS-LMS public key.

Definition at line 298 of file hss.cpp.

298 {
299 auto& hss_params = hss_sk.hss_params();
300
301 const auto root_sk = hss_sk.hss_derive_root_lms_private_key();
302 LMS_PublicKey top_pub_key = LMS_PublicKey(root_sk);
303
304 return HSS_LMS_PublicKeyInternal(hss_params.L(), std::move(top_pub_key));
305}
Botan::HSS_LMS_PublicKeyInternal::HSS_LMS_PublicKeyInternal
HSS_LMS_PublicKeyInternal(HSS_Level L, LMS_PublicKey top_lms_pub_key)
Definition hss.h:264

References Botan::HSS_LMS_PrivateKeyInternal::hss_derive_root_lms_private_key(), HSS_LMS_PublicKeyInternal(), and Botan::HSS_LMS_PrivateKeyInternal::hss_params().

Referenced by Botan::HSS_LMS_PrivateKey::HSS_LMS_PrivateKey(), and Botan::HSS_LMS_PrivateKey::HSS_LMS_PrivateKey().

◆ from_bytes_or_throw()

std::shared_ptr< HSS_LMS_PublicKeyInternal > Botan::HSS_LMS_PublicKeyInternal::from_bytes_or_throw ( std::span< const uint8_t > key_bytes)
static

Parse a public HSS-LMS key.

Parameters
key_bytesThe public key bytes to parse.
Returns
The internal HSS-LMS public key.
Exceptions
Decoding_ErrorIf parsing the public key fails.

Definition at line 307 of file hss.cpp.

308 {
309 if(key_bytes.size() < sizeof(HSS_Level)) {
310 throw Decoding_Error("Too few public key bytes.");
311 }
312 BufferSlicer slicer(key_bytes);
313
314 const auto L = load_be<HSS_Level>(slicer.take<sizeof(HSS_Level)>());
315 if(L > HSS_MAX_LEVELS) {
316 throw Decoding_Error("Invalid number of HSS layers in public HSS-LMS key.");
317 }
318
319 LMS_PublicKey lms_pub_key = LMS_PublicKey::from_bytes_or_throw(slicer);
320
321 if(!slicer.empty()) {
322 throw Decoding_Error("Public HSS-LMS key contains more bytes than expected.");
323 }
324 return std::make_shared<HSS_LMS_PublicKeyInternal>(L, std::move(lms_pub_key));
325}
Botan::HSS_LMS_PublicKeyInternal::lms_pub_key
const LMS_PublicKey & lms_pub_key() const
Returns the public LMS key of the top LMS tree.
Definition hss.h:275
Botan::LMS_PublicKey::from_bytes_or_throw
static LMS_PublicKey from_bytes_or_throw(BufferSlicer &slicer)
Parse a public LMS key.
Definition lms.cpp:264
Botan::HSS_Level
Strong< uint32_t, struct HSS_Level_, EnableArithmeticWithPlainNumber > HSS_Level
The HSS layer in the HSS multi tree starting at 0 from the root.
Definition hss.h:34
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:530

References Botan::BufferSlicer::empty(), Botan::LMS_PublicKey::from_bytes_or_throw(), lms_pub_key(), Botan::load_be(), and Botan::BufferSlicer::take().

◆ lms_pub_key()

const LMS_PublicKey & Botan::HSS_LMS_PublicKeyInternal::lms_pub_key ( ) const
inline

Returns the public LMS key of the top LMS tree.

Definition at line 275 of file hss.h.

275{ return m_top_lms_pub_key; }

Referenced by from_bytes_or_throw(), and verify_signature().

◆ object_identifier()

OID Botan::HSS_LMS_PublicKeyInternal::object_identifier ( ) const

The object identifier for HSS-LMS.

Definition at line 335 of file hss.cpp.

335 {
336 return OID::from_string(algo_name());
337}
Botan::HSS_LMS_PublicKeyInternal::algo_name
std::string algo_name() const
The algorithm name for HSS-LMS.
Definition hss.h:295
Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86

References algo_name(), and Botan::OID::from_string().

Referenced by algorithm_identifier().

◆ size()

size_t Botan::HSS_LMS_PublicKeyInternal::size ( ) const

Returns the size in bytes the key would have in its encoded format.

Definition at line 339 of file hss.cpp.

339 {
340 return sizeof(m_L) + LMS_PublicKey::size(m_top_lms_pub_key.lms_params());
341}
Botan::LMS_Instance::lms_params
const LMS_Params & lms_params() const
The LMS parameters for this LMS instance.
Definition lms.h:164
Botan::LMS_PublicKey::size
static size_t size(const LMS_Params &lms_params)
The expected size of an LMS public key for given lms_params.
Definition lms.cpp:313

References Botan::LMS_Instance::lms_params(), and Botan::LMS_PublicKey::size().

◆ to_bytes()

std::vector< uint8_t > Botan::HSS_LMS_PublicKeyInternal::to_bytes ( ) const

Returns the key in its encoded format.

Definition at line 327 of file hss.cpp.

327 {
328 return concat<std::vector<uint8_t>>(store_be(m_L), m_top_lms_pub_key.to_bytes());
329}
Botan::LMS_PublicKey::to_bytes
std::vector< uint8_t > to_bytes() const
Bytes of the full lms public key according to 8554 5.3.
Definition lms.cpp:294
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:263
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:773

References Botan::concat(), Botan::store_be(), and Botan::LMS_PublicKey::to_bytes().

◆ verify_signature()

bool Botan::HSS_LMS_PublicKeyInternal::verify_signature ( std::span< const uint8_t > msg,
const HSS_Signature & sig ) const

Verify a HSS-LMS signature.

See RFC 8554 6.3.

Parameters
msgThe signed message.
sigThe already parsed HSS-LMS signature.
Returns
True iff the signature is valid.

Definition at line 343 of file hss.cpp.

343 {
344 if(checked_cast_to<HSS_Level>(sig.Nspk()) + 1 != m_L) {
345 // HSS levels in the public key does not match with the signature's
346 return false;
347 }
348
349 const LMS_PublicKey* lms_pk = &lms_pub_key();
350 const auto hash_name = lms_pk->lms_params().hash_name();
351
352 // Verify the signature by the above layer over the LMS public keys for layer 1 to Nspk.
353 for(HSS_Level layer(0); layer < sig.Nspk(); ++layer) {
354 const HSS_Signature::Signed_Pub_Key& signed_pub_key = sig.signed_pub_key(layer);
355 if(signed_pub_key.public_key().lms_params().hash_name() != hash_name ||
356 signed_pub_key.public_key().lmots_params().hash_name() != hash_name) {
357 // We do not allow HSS-LMS instances with multiple different hash functions.
358 return false;
359 }
360 if(!lms_pk->verify_signature(LMS_Message(signed_pub_key.public_key().to_bytes()), signed_pub_key.signature())) {
361 return false;
362 }
363 lms_pk = &signed_pub_key.public_key();
364 }
365
366 // Verify the signature by the bottom layer over the message.
367 return lms_pk->verify_signature(LMS_Message(msg), sig.bottom_sig());
368}
Botan::checked_cast_to
constexpr RT checked_cast_to(AT i)
Definition int_utils.h:74
Botan::LMS_Message
Strong< std::vector< uint8_t >, struct LMS_Message_ > LMS_Message
A message that is signed with an LMS tree.
Definition lm_ots.h:55

References Botan::HSS_Signature::bottom_sig(), Botan::checked_cast_to(), Botan::LMOTS_Params::hash_name(), Botan::LMS_Params::hash_name(), Botan::LMS_Instance::lmots_params(), Botan::LMS_Instance::lms_params(), lms_pub_key(), Botan::HSS_Signature::Nspk(), Botan::HSS_Signature::Signed_Pub_Key::public_key(), Botan::HSS_Signature::Signed_Pub_Key::signature(), Botan::HSS_Signature::signed_pub_key(), Botan::LMS_PublicKey::to_bytes(), and Botan::LMS_PublicKey::verify_signature().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0