The LMS public key. More...

#include <lms.h>

Inheritance diagram for Botan::LMS_PublicKey:

Public Member Functions
void	_const_time_unpoison () const

const LMS_Identifier &	identifier () const
	The identifier of this LMS tree ('I' in RFC 8554)

const LMOTS_Params &	lmots_params () const
	The LMOTS parameters used for OTS instances of this LMS instance.

const LMS_Params &	lms_params () const
	The LMS parameters for this LMS instance.

	LMS_PublicKey (const LMS_PrivateKey &sk)
	Construct a new public key from a given LMS private key (RFC 8554 5.3).

	LMS_PublicKey (LMS_Params lms_params, LMOTS_Params lmots_params, LMS_Identifier I, LMS_Tree_Node lms_root)
	Construct a public key for given public key data.

std::vector< uint8_t >	to_bytes () const
	Bytes of the full lms public key according to 8554 5.3.

bool	verify_signature (const LMS_Message &msg, const LMS_Signature &sig) const
	Verify a LMS signature.

Static Public Member Functions
static LMS_PublicKey	from_bytes_or_throw (BufferSlicer &slicer)
	Parse a public LMS key.

static size_t	size (const LMS_Params &lms_params)
	The expected size of an LMS public key for given `lms_params`.

Detailed Description

The LMS public key.

Format according to RFC 8554: u32str(type) || u32str(otstype) || I || T[1]

Definition at line 225 of file lms.h.

Constructor & Destructor Documentation

◆ LMS_PublicKey() [1/2]

Botan::LMS_PublicKey::LMS_PublicKey	(	LMS_Params	lms_params,
		LMOTS_Params	lmots_params,
		LMS_Identifier	I,
		LMS_Tree_Node	lms_root )

Construct a public key for given public key data.

Definition at line 304 of file lms.cpp.

                                                     :
      LMS_Instance(std::move(lms_params), std::move(lmots_params), std::move(I)), m_lms_root(std::move(lms_root)) {
   BOTAN_ARG_CHECK(identifier().size() == LMS_IDENTIFIER_LEN, "Invalid LMS identifier");
   BOTAN_ARG_CHECK(m_lms_root.size() == this->lms_params().m(), "Invalid LMS root");
}

References BOTAN_ARG_CHECK, Botan::LMS_Instance::identifier(), Botan::LMS_IDENTIFIER_LEN, and size().

Referenced by from_bytes_or_throw().

◆ LMS_PublicKey() [2/2]

Botan::LMS_PublicKey::LMS_PublicKey ( const LMS_PrivateKey & sk )

Construct a new public key from a given LMS private key (RFC 8554 5.3).

Definition at line 348 of file lms.cpp.

                                                     : LMS_Instance(sk), m_lms_root(sk.lms_params().m()) {
   lms_treehash(StrongSpan<LMS_Tree_Node>(m_lms_root), std::nullopt, std::nullopt, sk);
}

Member Function Documentation

◆ _const_time_unpoison()

void Botan::LMS_PublicKey::_const_time_unpoison ( ) const

inline

Definition at line 269 of file lms.h.

269{ CT::unpoison(m_lms_root); }

Botan::CT::unpoison

constexpr void unpoison(const T *p, size_t n)

Definition ct_utils.h:64

◆ from_bytes_or_throw()

LMS_PublicKey Botan::LMS_PublicKey::from_bytes_or_throw ( BufferSlicer & slicer )

static

Parse a public LMS key.

Parameters

slicer The BufferSlicer at the public key bytes' position

Returns: The LMS public key.

Exceptions

Decoding_Error If parsing the public key fails.

Definition at line 264 of file lms.cpp.

                                                                     {
   size_t total_remaining_bytes = slicer.remaining();
   // Alg. 6. 1. (4 bytes are sufficient until the next check)
   if(total_remaining_bytes < sizeof(LMS_Algorithm_Type)) {
      throw Decoding_Error("Too few bytes while parsing LMS public key.");
   }
   // Alg. 6. 2.a.
   auto lms_type = load_be<LMS_Algorithm_Type>(slicer.take<sizeof(LMS_Algorithm_Type)>());
   // Alg. 6. 2.c.
   auto lms_params = LMS_Params::create_or_throw(lms_type);
   // Alg. 6. 2.d.
   if(total_remaining_bytes < LMS_PublicKey::size(lms_params)) {
      throw Decoding_Error("Too few bytes while parsing LMS public key.");
   }
   // Alg. 6. 2.b.
   auto lmots_type = load_be<LMOTS_Algorithm_Type>(slicer.take<sizeof(LMOTS_Algorithm_Type)>());
   auto lmots_params = LMOTS_Params::create_or_throw(lmots_type);
 
   if(lms_params.hash_name() != lmots_params.hash_name()) {
      throw Decoding_Error("No support for HSS-LMS instances with multiple hash functions.");
   }
 
   // Alg. 6. 2.e.
   auto I = slicer.copy<LMS_Identifier>(LMS_IDENTIFIER_LEN);
   // Alg. 6. 2.f.
   auto lms_root = slicer.copy<LMS_Tree_Node>(lms_params.m());
 
   return LMS_PublicKey(std::move(lms_params), std::move(lmots_params), std::move(I), std::move(lms_root));
}

References Botan::BufferSlicer::copy(), Botan::LMOTS_Params::create_or_throw(), Botan::LMS_Params::create_or_throw(), Botan::LMOTS_Params::hash_name(), Botan::LMS_Params::hash_name(), Botan::LMS_Instance::lmots_params(), Botan::LMS_IDENTIFIER_LEN, Botan::LMS_Instance::lms_params(), LMS_PublicKey(), Botan::load_be(), Botan::LMS_Params::m(), Botan::BufferSlicer::remaining(), size(), and Botan::BufferSlicer::take().

Referenced by Botan::HSS_LMS_PublicKeyInternal::from_bytes_or_throw(), and Botan::HSS_Signature::from_bytes_or_throw().

◆ identifier()

const LMS_Identifier & Botan::LMS_Instance::identifier ( ) const

inlineinherited

The identifier of this LMS tree ('I' in RFC 8554)

Definition at line 174 of file lms.h.

174{ return m_identifier; }

Referenced by LMS_PublicKey(), Botan::LMS_PrivateKey::sign_and_get_pk(), and to_bytes().

◆ lmots_params()

const LMOTS_Params & Botan::LMS_Instance::lmots_params ( ) const

inlineinherited

The LMOTS parameters used for OTS instances of this LMS instance.

Definition at line 169 of file lms.h.

169{ return m_lmots_params; }

Referenced by from_bytes_or_throw(), Botan::LMS_PrivateKey::sign_and_get_pk(), to_bytes(), Botan::HSS_LMS_PublicKeyInternal::verify_signature(), and verify_signature().

◆ lms_params()

const LMS_Params & Botan::LMS_Instance::lms_params ( ) const

inlineinherited

The LMS parameters for this LMS instance.

Definition at line 164 of file lms.h.

164{ return m_lms_params; }

Referenced by from_bytes_or_throw(), Botan::LMS_PrivateKey::sign_and_get_pk(), Botan::HSS_LMS_PublicKeyInternal::size(), size(), to_bytes(), Botan::HSS_LMS_PublicKeyInternal::verify_signature(), and verify_signature().

◆ size()

size_t Botan::LMS_PublicKey::size ( const LMS_Params & lms_params )

static

The expected size of an LMS public key for given lms_params.

Definition at line 313 of file lms.cpp.

                                                       {
   return sizeof(LMS_Algorithm_Type) + sizeof(LMOTS_Algorithm_Type) + LMS_IDENTIFIER_LEN + lms_params.m();
}

References Botan::LMS_IDENTIFIER_LEN, Botan::LMS_Instance::lms_params(), and Botan::LMS_Params::m().

Referenced by from_bytes_or_throw(), LMS_PublicKey(), Botan::HSS_LMS_PrivateKeyInternal::sign(), Botan::HSS_LMS_PublicKeyInternal::size(), Botan::HSS_Signature::size(), and verify_signature().

◆ to_bytes()

std::vector< uint8_t > Botan::LMS_PublicKey::to_bytes ( ) const

Bytes of the full lms public key according to 8554 5.3.

pub_key_bytes = u32str(type) || u32str(otstype) || I || T[1]

Definition at line 294 of file lms.cpp.

                                                 {
   // clang-format off
   return concat<std::vector<uint8_t>>(
      store_be(lms_params().algorithm_type()),
      store_be(lmots_params().algorithm_type()),
      identifier(),
      m_lms_root);
   // clang-format on
}

References Botan::concat(), Botan::LMS_Instance::identifier(), Botan::LMS_Instance::lmots_params(), Botan::LMS_Instance::lms_params(), and Botan::store_be().

Referenced by Botan::HSS_LMS_PublicKeyInternal::to_bytes(), and Botan::HSS_LMS_PublicKeyInternal::verify_signature().

◆ verify_signature()

bool Botan::LMS_PublicKey::verify_signature	(	const LMS_Message &	msg,
		const LMS_Signature &	sig ) const

Verify a LMS signature.

See RFC 8554 5.4.2 - Algorithm 6.

Parameters

msg	The signed message.
sig	The already parsed LMS signature.

Returns: True if the signature is valid, false otherwise.

Definition at line 352 of file lms.cpp.

                                                                                           {
   if(lms_root().size() != lms_params().m()) {
      // LMS public key (T[1] part) has unexpected length
      return false;
   }
   if(lms_params().algorithm_type() != sig.lms_type()) {
      // LMS algorithm type does not match with the signature's
      return false;
   }
   // Alg. 6a 2.g.
   if(lmots_params().algorithm_type() != sig.lmots_sig().algorithm_type()) {
      // LMOTS algorithm type does not match with the signature's
      return false;
   }
   // Alg. 6a 2.i.
   if(sig.q() >= (1ULL << uint64_t(lms_params().h()))) {
      return false;
   }
   // Alg 6. 3.
   std::optional<LMS_Tree_Node> Tc = lms_compute_root_from_sig(msg, sig);
   if(!Tc.has_value()) {
      return false;
   }
   // Alg 6. 4.
   return Tc.value() == lms_root();
}

References Botan::LMOTS_Signature::algorithm_type(), Botan::LMS_Instance::lmots_params(), Botan::LMS_Signature::lmots_sig(), Botan::LMS_Instance::lms_params(), Botan::LMS_Signature::lms_type(), Botan::LMS_Signature::q(), and size().

Referenced by Botan::HSS_LMS_PublicKeyInternal::verify_signature().

The documentation for this class was generated from the following files:

src/lib/pubkey/hss_lms/lms.h
src/lib/pubkey/hss_lms/lms.cpp

Public Member Functions

Static Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ LMS_PublicKey() [1/2]

◆ LMS_PublicKey() [2/2]

Member Function Documentation

◆ _const_time_unpoison()

◆ from_bytes_or_throw()

◆ identifier()

◆ lmots_params()

◆ lms_params()

◆ size()

◆ to_bytes()

◆ verify_signature()