Botan 3.5.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::LMS_PublicKey Class Reference

The LMS public key. More...

#include <lms.h>

Inheritance diagram for Botan::LMS_PublicKey:
Botan::LMS_Instance

Public Member Functions

const LMS_Identifieridentifier () const
 The identifier of this LMS tree ('I' in RFC 8554)
 
const LMOTS_Paramslmots_params () const
 The LMOTS parameters used for OTS instances of this LMS instance.
 
const LMS_Paramslms_params () const
 The LMS parameters for this LMS instance.
 
 LMS_PublicKey (const LMS_PrivateKey &sk)
 Construct a new public key from a given LMS private key (RFC 8554 5.3).
 
 LMS_PublicKey (LMS_Params lms_params, LMOTS_Params lmots_params, LMS_Identifier I, LMS_Tree_Node lms_root)
 Construct a public key for given public key data.
 
std::vector< uint8_t > to_bytes () const
 Bytes of the full lms public key according to 8554 5.3.
 
bool verify_signature (const LMS_Message &msg, const LMS_Signature &sig) const
 Verify a LMS signature.
 

Static Public Member Functions

static LMS_PublicKey from_bytes_or_throw (BufferSlicer &slicer)
 Parse a public LMS key.
 
static size_t size (const LMS_Params &lms_params)
 The expected size of an LMS public key for given lms_params.
 

Detailed Description

The LMS public key.

Format according to RFC 8554: u32str(type) || u32str(otstype) || I || T[1]

Definition at line 224 of file lms.h.

Constructor & Destructor Documentation

◆ LMS_PublicKey() [1/2]

Botan::LMS_PublicKey::LMS_PublicKey ( LMS_Params lms_params,
LMOTS_Params lmots_params,
LMS_Identifier I,
LMS_Tree_Node lms_root )

Construct a public key for given public key data.

Definition at line 303 of file lms.cpp.

306 :
307 LMS_Instance(std::move(lms_params), std::move(lmots_params), std::move(I)), m_lms_root(std::move(lms_root)) {
308 BOTAN_ARG_CHECK(identifier().size() == LMS_IDENTIFIER_LEN, "Invalid LMS identifier");
309 BOTAN_ARG_CHECK(m_lms_root.size() == this->lms_params().m(), "Invalid LMS root");
310}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Botan::LMS_Instance::lms_params
const LMS_Params & lms_params() const
The LMS parameters for this LMS instance.
Definition lms.h:163
Botan::LMS_Instance::lmots_params
const LMOTS_Params & lmots_params() const
The LMOTS parameters used for OTS instances of this LMS instance.
Definition lms.h:168
Botan::LMS_Instance::identifier
const LMS_Identifier & identifier() const
The identifier of this LMS tree ('I' in RFC 8554)
Definition lms.h:173
Botan::LMS_Instance::LMS_Instance
LMS_Instance(LMS_Params lms_params, LMOTS_Params lmots_params, LMS_Identifier identifier)
Constructor storing the provided LMS data.
Definition lms.h:155
Botan::LMS_PublicKey::size
static size_t size(const LMS_Params &lms_params)
The expected size of an LMS public key for given lms_params.
Definition lms.cpp:312
Botan::LMS_IDENTIFIER_LEN
constexpr size_t LMS_IDENTIFIER_LEN
The length in bytes of the LMS identifier (I).
Definition lms.h:66

References BOTAN_ARG_CHECK, Botan::LMS_Instance::identifier(), Botan::LMS_IDENTIFIER_LEN, and size().

Referenced by from_bytes_or_throw().

◆ LMS_PublicKey() [2/2]

Botan::LMS_PublicKey::LMS_PublicKey ( const LMS_PrivateKey & sk)

Construct a new public key from a given LMS private key (RFC 8554 5.3).

Definition at line 347 of file lms.cpp.

347 : LMS_Instance(sk), m_lms_root(sk.lms_params().m()) {
348 lms_treehash(StrongSpan<LMS_Tree_Node>(m_lms_root), std::nullopt, std::nullopt, sk);
349}

Member Function Documentation

◆ from_bytes_or_throw()

LMS_PublicKey Botan::LMS_PublicKey::from_bytes_or_throw ( BufferSlicer & slicer)
static

Parse a public LMS key.

Parameters
slicerThe BufferSlicer at the public key bytes' position
Returns
The LMS public key.
Exceptions
Decoding_ErrorIf parsing the public key fails.

Definition at line 263 of file lms.cpp.

263 {
264 size_t total_remaining_bytes = slicer.remaining();
265 // Alg. 6. 1. (4 bytes are sufficient until the next check)
266 if(total_remaining_bytes < sizeof(LMS_Algorithm_Type)) {
267 throw Decoding_Error("Too few bytes while parsing LMS public key.");
268 }
269 // Alg. 6. 2.a.
270 auto lms_type = load_be<LMS_Algorithm_Type>(slicer.take<sizeof(LMS_Algorithm_Type)>());
271 // Alg. 6. 2.c.
272 auto lms_params = LMS_Params::create_or_throw(lms_type);
273 // Alg. 6. 2.d.
274 if(total_remaining_bytes < LMS_PublicKey::size(lms_params)) {
275 throw Decoding_Error("Too few bytes while parsing LMS public key.");
276 }
277 // Alg. 6. 2.b.
278 auto lmots_type = load_be<LMOTS_Algorithm_Type>(slicer.take<sizeof(LMOTS_Algorithm_Type)>());
279 auto lmots_params = LMOTS_Params::create_or_throw(lmots_type);
280
281 if(lms_params.hash_name() != lmots_params.hash_name()) {
282 throw Decoding_Error("No support for HSS-LMS instances with multiple hash functions.");
283 }
284
285 // Alg. 6. 2.e.
286 auto I = slicer.copy<LMS_Identifier>(LMS_IDENTIFIER_LEN);
287 // Alg. 6. 2.f.
288 auto lms_root = slicer.copy<LMS_Tree_Node>(lms_params.m());
289
290 return LMS_PublicKey(std::move(lms_params), std::move(lmots_params), std::move(I), std::move(lms_root));
291}
Botan::LMOTS_Params::create_or_throw
static LMOTS_Params create_or_throw(LMOTS_Algorithm_Type type)
Create the LM-OTS parameters from a known algorithm type.
Definition lm_ots.cpp:99
Botan::LMOTS_Params::hash_name
const std::string & hash_name() const
Name of the hash function to use.
Definition lm_ots.h:150
Botan::LMS_Params::hash_name
const std::string & hash_name() const
Returns the name of the hash function to use.
Definition lms.h:123
Botan::LMS_Params::m
size_t m() const
Returns the number of bytes associated with each node.
Definition lms.h:118
Botan::LMS_Params::create_or_throw
static LMS_Params create_or_throw(LMS_Algorithm_Type type)
Create the LMS parameters from a known algorithm type.
Definition lms.cpp:112
Botan::LMS_PublicKey::LMS_PublicKey
LMS_PublicKey(LMS_Params lms_params, LMOTS_Params lmots_params, LMS_Identifier I, LMS_Tree_Node lms_root)
Construct a public key for given public key data.
Definition lms.cpp:303
Botan::LMS_Algorithm_Type
LMS_Algorithm_Type
Enum of available LMS algorithm types.
Definition lms.h:29
Botan::LMS_Tree_Node
Strong< std::vector< uint8_t >, struct LMS_Tree_Node_ > LMS_Tree_Node
A node with the LMS tree.
Definition lms.h:76
Botan::LMS_Identifier
Strong< std::vector< uint8_t >, struct LMS_Identifier_ > LMS_Identifier
The identifier of an LMS tree (I in RFC 8554)
Definition lm_ots.h:50
Botan::LMOTS_Algorithm_Type
LMOTS_Algorithm_Type
Enum of available LM-OTS algorithm types.
Definition lm_ots.h:65
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:467

References Botan::BufferSlicer::copy(), Botan::LMOTS_Params::create_or_throw(), Botan::LMS_Params::create_or_throw(), Botan::LMOTS_Params::hash_name(), Botan::LMS_Params::hash_name(), Botan::LMS_Instance::lmots_params(), Botan::LMS_IDENTIFIER_LEN, Botan::LMS_Instance::lms_params(), LMS_PublicKey(), Botan::load_be(), Botan::LMS_Params::m(), Botan::BufferSlicer::remaining(), size(), and Botan::BufferSlicer::take().

Referenced by Botan::HSS_LMS_PublicKeyInternal::from_bytes_or_throw(), and Botan::HSS_Signature::from_bytes_or_throw().

◆ identifier()

const LMS_Identifier & Botan::LMS_Instance::identifier ( ) const
inlineinherited

The identifier of this LMS tree ('I' in RFC 8554)

Definition at line 173 of file lms.h.

173{ return m_identifier; }

Referenced by LMS_PublicKey(), Botan::LMS_PrivateKey::sign_and_get_pk(), and to_bytes().

◆ lmots_params()

const LMOTS_Params & Botan::LMS_Instance::lmots_params ( ) const
inlineinherited

The LMOTS parameters used for OTS instances of this LMS instance.

Definition at line 168 of file lms.h.

168{ return m_lmots_params; }

Referenced by from_bytes_or_throw(), Botan::LMS_PrivateKey::sign_and_get_pk(), to_bytes(), Botan::HSS_LMS_PublicKeyInternal::verify_signature(), and verify_signature().

◆ lms_params()

const LMS_Params & Botan::LMS_Instance::lms_params ( ) const
inlineinherited

The LMS parameters for this LMS instance.

Definition at line 163 of file lms.h.

163{ return m_lms_params; }

Referenced by from_bytes_or_throw(), Botan::LMS_PrivateKey::sign_and_get_pk(), Botan::HSS_LMS_PublicKeyInternal::size(), size(), to_bytes(), Botan::HSS_LMS_PublicKeyInternal::verify_signature(), and verify_signature().

◆ size()

size_t Botan::LMS_PublicKey::size ( const LMS_Params & lms_params)
static

The expected size of an LMS public key for given lms_params.

Definition at line 312 of file lms.cpp.

312 {
313 return sizeof(LMS_Algorithm_Type) + sizeof(LMOTS_Algorithm_Type) + LMS_IDENTIFIER_LEN + lms_params.m();
314}

References Botan::LMS_IDENTIFIER_LEN, Botan::LMS_Instance::lms_params(), and Botan::LMS_Params::m().

Referenced by from_bytes_or_throw(), LMS_PublicKey(), Botan::HSS_LMS_PrivateKeyInternal::sign(), Botan::HSS_LMS_PublicKeyInternal::size(), Botan::HSS_Signature::size(), and verify_signature().

◆ to_bytes()

std::vector< uint8_t > Botan::LMS_PublicKey::to_bytes ( ) const

Bytes of the full lms public key according to 8554 5.3.

pub_key_bytes = u32str(type) || u32str(otstype) || I || T[1]

Definition at line 293 of file lms.cpp.

293 {
294 // clang-format off
295 return concat<std::vector<uint8_t>>(
296 store_be(lms_params().algorithm_type()),
297 store_be(lmots_params().algorithm_type()),
298 identifier(),
299 m_lms_root);
300 // clang-format on
301}
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:262
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:707

References Botan::concat(), Botan::LMS_Instance::identifier(), Botan::LMS_Instance::lmots_params(), Botan::LMS_Instance::lms_params(), and Botan::store_be().

Referenced by Botan::HSS_LMS_PublicKeyInternal::to_bytes(), and Botan::HSS_LMS_PublicKeyInternal::verify_signature().

◆ verify_signature()

bool Botan::LMS_PublicKey::verify_signature ( const LMS_Message & msg,
const LMS_Signature & sig ) const

Verify a LMS signature.

See RFC 8554 5.4.2 - Algorithm 6.

Parameters
msgThe signed message.
sigThe already parsed LMS signature.
Returns
True if the signature is valid, false otherwise.

Definition at line 351 of file lms.cpp.

351 {
352 if(lms_root().size() != lms_params().m()) {
353 // LMS public key (T[1] part) has unexpected length
354 return false;
355 }
356 if(lms_params().algorithm_type() != sig.lms_type()) {
357 // LMS algorithm type does not match with the signature's
358 return false;
359 }
360 // Alg. 6a 2.g.
361 if(lmots_params().algorithm_type() != sig.lmots_sig().algorithm_type()) {
362 // LMOTS algorithm type does not match with the signature's
363 return false;
364 }
365 // Alg. 6a 2.i.
366 if(sig.q() >= (1ULL << uint64_t(lms_params().h()))) {
367 return false;
368 }
369 // Alg 6. 3.
370 std::optional<LMS_Tree_Node> Tc = lms_compute_root_from_sig(msg, sig);
371 if(!Tc.has_value()) {
372 return false;
373 }
374 // Alg 6. 4.
375 return Tc.value() == lms_root();
376}
Botan::LMOTS_Params::algorithm_type
LMOTS_Algorithm_Type algorithm_type() const
Returns the LM-OTS algorithm type.
Definition lm_ots.h:120

References Botan::LMOTS_Signature::algorithm_type(), Botan::LMS_Instance::lmots_params(), Botan::LMS_Signature::lmots_sig(), Botan::LMS_Instance::lms_params(), Botan::LMS_Signature::lms_type(), Botan::LMS_Signature::q(), and size().

Referenced by Botan::HSS_LMS_PublicKeyInternal::verify_signature().

The documentation for this class was generated from the following files:
Generated by doxygen 1.11.0