Botan 3.5.0
Crypto and TLS for C&
hss.cpp
Go to the documentation of this file.
1/**
2 * HSS - Hierarchical Signatures System (RFC 8554)
3 * (C) 2023 Jack Lloyd
4 * 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity GmbH
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8
9#include <botan/internal/hss.h>
10
11#include <botan/internal/fmt.h>
12#include <botan/internal/hss_lms_utils.h>
13#include <botan/internal/int_utils.h>
14#include <botan/internal/scan_name.h>
15#include <botan/internal/stl_util.h>
16
17#include <algorithm>
18#include <limits>
19
20namespace Botan {
21
22namespace {
23
24/**
25 * @brief The maximum number of levels in a HSS-LMS tree.
26 *
27 * RFC 8554 Section 6:
28 * The number of levels is denoted as L and is between one
29 * and eight, inclusive.
30 */
31constexpr HSS_Level HSS_MAX_LEVELS(8);
32
33/**
34 * @brief Domain-separation parameter for generation the seed of a child LMS tree.
35 *
36 * This comes from https://github.com/cisco/hash-sigs.
37 */
38constexpr uint16_t SEED_CHILD_SEED = 0xfffe;
39
40/**
41 * @brief Domain-separation parameter for generation the identifier of a child LMS tree.
42 *
43 * This comes from https://github.com/cisco/hash-sigs.
44 */
45constexpr uint16_t SEED_CHILD_I = 0xffff;
46
47/**
48 * @brief Check that the given @p hash_name is one of the supported hash functions for HSS-LMS.
49 */
50constexpr bool is_supported_hash_function(std::string_view hash_name) {
51 return hash_name == "SHA-256" || hash_name == "Truncated(SHA-256,192)" || hash_name == "SHAKE-256(256)" ||
52 hash_name == "SHAKE-256(192)";
53}
54
55/**
56 * Given an HSS index, i.e. the number of already created HSS signatures, return the lms leaf indices for
57 * the different LMS layers from root layer to bottom layer.
58 */
59std::vector<LMS_Tree_Node_Idx> derive_lms_leaf_indices_from_hss_index(HSS_Sig_Idx hss_idx,
60 const HSS_LMS_Params& hss_params) {
61 std::vector<LMS_Tree_Node_Idx> q(hss_params.L().get());
62 for(int32_t layer_ctr = hss_params.L().get() - 1; layer_ctr >= 0; --layer_ctr) {
63 HSS_Level layer(layer_ctr);
64 const HSS_LMS_Params::LMS_LMOTS_Params_Pair& layer_params = hss_params.params_at_level(layer);
65 size_t layer_h = layer_params.lms_params().h();
66 q.at(layer.get()) =
67 checked_cast_to<LMS_Tree_Node_Idx>(hss_idx.get() % checked_cast_to<uint64_t>(1ULL << layer_h));
68 hss_idx = hss_idx >> layer_h;
69 }
70 BOTAN_ARG_CHECK(hss_idx == HSS_Sig_Idx(0), "HSS Tree is exhausted");
71
72 return q;
73}
74
75} // namespace
76
77HSS_LMS_Params::HSS_LMS_Params(std::vector<LMS_LMOTS_Params_Pair> lm_lmots_params) :
78 m_lms_lmots_params(std::move(lm_lmots_params)), m_max_sig_count(calc_max_sig_count()) {
79 BOTAN_ARG_CHECK(!m_lms_lmots_params.empty() && m_lms_lmots_params.size() <= HSS_MAX_LEVELS,
80 "Invalid number of levels");
81}
82
83HSS_LMS_Params::HSS_LMS_Params(std::string_view algo_params) {
84 SCAN_Name scan(fmt("HSS-LMS({})", algo_params));
85
86 BOTAN_ARG_CHECK(scan.arg_count() >= 2 && scan.arg_count() <= HSS_MAX_LEVELS + 1, "Invalid number of arguments");
87 std::string hash = scan.arg(0);
88 BOTAN_ARG_CHECK(is_supported_hash_function(hash), "Supported HSS-LMS hash function");
89
90 for(size_t i = 1; i < scan.arg_count(); ++i) {
91 SCAN_Name scan_layer(scan.arg(i));
92 BOTAN_ARG_CHECK(scan_layer.algo_name() == "HW", "Invalid name for layer parameters");
93 BOTAN_ARG_CHECK(scan_layer.arg_count() == 2, "Invalid number of layer parameters");
94 const auto h =
95 checked_cast_to_or_throw<uint8_t, Invalid_Argument>(scan_layer.arg_as_integer(0), "Invalid tree height");
96 const auto w = checked_cast_to_or_throw<uint8_t, Invalid_Argument>(scan_layer.arg_as_integer(1),
97 "Invalid Winternitz parameter");
98 m_lms_lmots_params.push_back({LMS_Params::create_or_throw(hash, h), LMOTS_Params::create_or_throw(hash, w)});
99 }
100 m_max_sig_count = calc_max_sig_count();
101}
102
103HSS_Sig_Idx HSS_LMS_Params::calc_max_sig_count() const {
104 uint32_t total_height_counter = 0;
105 for(HSS_Level level(0); level < L(); level++) {
106 total_height_counter += params_at_level(level).lms_params().h();
107 }
108 if(total_height_counter >= sizeof(HSS_Sig_Idx) * 8) {
109 return HSS_Sig_Idx(std::numeric_limits<HSS_Sig_Idx::wrapped_type>::max());
110 }
111 return HSS_Sig_Idx(1) << total_height_counter;
112}
113
114HSS_LMS_PrivateKeyInternal::HSS_LMS_PrivateKeyInternal(const HSS_LMS_Params& hss_params, RandomNumberGenerator& rng) :
115 m_hss_params(hss_params), m_current_idx(0), m_sig_size(HSS_Signature::size(m_hss_params)) {
116 m_hss_seed = rng.random_vec<LMS_Seed>(m_hss_params.params_at_level(HSS_Level(0)).lms_params().m());
117 m_identifier = rng.random_vec<LMS_Identifier>(LMS_IDENTIFIER_LEN);
118}
119
120std::shared_ptr<HSS_LMS_PrivateKeyInternal> HSS_LMS_PrivateKeyInternal::from_bytes_or_throw(
121 std::span<const uint8_t> key_bytes) {
122 if(key_bytes.size() < sizeof(HSS_Level) + sizeof(HSS_Sig_Idx)) {
123 throw Decoding_Error("Too few private key bytes.");
124 }
125 BufferSlicer slicer(key_bytes);
126
127 const auto L = load_be<HSS_Level>(slicer.take<sizeof(HSS_Level)>());
128 if(L == 0U || L > HSS_MAX_LEVELS) {
129 throw Decoding_Error("Invalid number of HSS layers in private HSS-LMS key.");
130 }
131
132 const auto sig_idx = load_be<HSS_Sig_Idx>(slicer.take<sizeof(HSS_Sig_Idx)>());
133
134 std::vector<HSS_LMS_Params::LMS_LMOTS_Params_Pair> params;
135 for(size_t layer = 1; layer <= L; ++layer) {
136 if(slicer.remaining() < sizeof(LMS_Algorithm_Type) + sizeof(LMOTS_Algorithm_Type)) {
137 throw Decoding_Error("Out of bytes while parsing private HSS-LMS key.");
138 }
139 const auto lms_type = load_be<LMS_Algorithm_Type>(slicer.take<sizeof(LMS_Algorithm_Type)>());
140 const auto lmots_type = load_be<LMOTS_Algorithm_Type>(slicer.take<sizeof(LMOTS_Algorithm_Type)>());
141 params.push_back({LMS_Params::create_or_throw(lms_type), LMOTS_Params::create_or_throw(lmots_type)});
142 }
143 std::string hash_name = params.at(0).lms_params().hash_name();
144 if(std::any_of(params.begin(), params.end(), [&hash_name](HSS_LMS_Params::LMS_LMOTS_Params_Pair& lms_lmots_params) {
145 bool invalid_lmots_hash = lms_lmots_params.lmots_params().hash_name() != hash_name;
146 bool invalid_lms_hash = lms_lmots_params.lms_params().hash_name() != hash_name;
147 return invalid_lmots_hash || invalid_lms_hash;
148 })) {
149 throw Decoding_Error("Inconsistent hash functions are not allowed.");
150 }
151
152 if(slicer.remaining() < params.at(0).lms_params().m() + LMS_IDENTIFIER_LEN) {
153 throw Decoding_Error("Out of bytes while parsing private HSS-LMS key.");
154 }
155 auto hss_seed = slicer.copy<LMS_Seed>(params.at(0).lms_params().m());
156 auto identifier = slicer.copy<LMS_Identifier>(LMS_IDENTIFIER_LEN);
157
158 if(!slicer.empty()) {
159 throw Decoding_Error("Private HSS-LMS key contains more bytes than expected.");
160 }
161 auto sk = std::shared_ptr<HSS_LMS_PrivateKeyInternal>(
162 new HSS_LMS_PrivateKeyInternal(HSS_LMS_Params(std::move(params)), std::move(hss_seed), std::move(identifier)));
163
164 sk->set_idx(sig_idx);
165 return sk;
166}
167
168secure_vector<uint8_t> HSS_LMS_PrivateKeyInternal::to_bytes() const {
169 secure_vector<uint8_t> sk_bytes(size());
170 BufferStuffer stuffer(sk_bytes);
171
172 stuffer.append(store_be(hss_params().L()));
173 stuffer.append(store_be(get_idx()));
174
175 for(HSS_Level layer(1); layer <= hss_params().L(); ++layer) {
176 const auto& params = hss_params().params_at_level(layer - 1);
177 stuffer.append(store_be(params.lms_params().algorithm_type()));
178 stuffer.append(store_be(params.lmots_params().algorithm_type()));
179 }
180 stuffer.append(m_hss_seed);
181 stuffer.append(m_identifier);
182 BOTAN_ASSERT_NOMSG(stuffer.full());
183
184 return sk_bytes;
185}
186
187void HSS_LMS_PrivateKeyInternal::set_idx(HSS_Sig_Idx idx) {
188 m_current_idx = idx;
189}
190
191HSS_Sig_Idx HSS_LMS_PrivateKeyInternal::reserve_next_idx() {
192 HSS_Sig_Idx next_idx = m_current_idx;
193 if(next_idx >= m_hss_params.max_sig_count()) {
194 throw Decoding_Error("HSS private key is exhausted");
195 }
196 set_idx(m_current_idx + 1);
197 return next_idx;
198}
199
200size_t HSS_LMS_PrivateKeyInternal::size() const {
201 size_t sk_size = sizeof(HSS_Level) + sizeof(HSS_Sig_Idx);
202 // The concatenated algorithm types for all layers
203 sk_size += hss_params().L().get() * (sizeof(LMS_Algorithm_Type) + sizeof(LMOTS_Algorithm_Type));
204 sk_size += m_hss_seed.size() + m_identifier.size();
205 return sk_size;
206}
207
208HSS_LMS_PrivateKeyInternal::HSS_LMS_PrivateKeyInternal(HSS_LMS_Params hss_params,
209 LMS_Seed hss_seed,
210 LMS_Identifier identifier) :
211 m_hss_params(std::move(hss_params)),
212 m_hss_seed(std::move(hss_seed)),
213 m_identifier(std::move(identifier)),
214 m_current_idx(0),
215 m_sig_size(HSS_Signature::size(m_hss_params)) {
216 BOTAN_ARG_CHECK(m_hss_seed.size() == m_hss_params.params_at_level(HSS_Level(0)).lms_params().m(),
217 "Invalid seed size");
218 BOTAN_ARG_CHECK(m_identifier.size() == LMS_IDENTIFIER_LEN, "Invalid identifier size");
219}
220
221secure_vector<uint8_t> HSS_LMS_PrivateKeyInternal::sign(std::span<const uint8_t> msg) {
222 secure_vector<uint8_t> sig(HSS_Signature::size(hss_params()));
223 BufferStuffer sig_stuffer(sig);
224 sig_stuffer.append(store_be(hss_params().L() - 1));
225
226 std::vector<LMS_Tree_Node_Idx> q = derive_lms_leaf_indices_from_hss_index(reserve_next_idx(), hss_params());
227
228 // Derive LMS private keys and compute buffers
229 std::vector<LMS_PrivateKey> lms_key_at_layer;
230 std::vector<StrongSpan<LMS_Signature_Bytes>> out_lms_sig_buffer_at_layer;
231 std::vector<std::span<uint8_t>> out_child_pk_buffer_at_layer;
232 for(HSS_Level layer(0); layer < hss_params().L(); ++layer) {
233 // Generate key for current layer
234 const HSS_LMS_Params::LMS_LMOTS_Params_Pair& layer_params = hss_params().params_at_level(layer);
235 if(layer == HSS_Level(0)) {
236 lms_key_at_layer.push_back(hss_derive_root_lms_private_key());
237 } else {
238 lms_key_at_layer.push_back(
239 hss_derive_child_lms_private_key(layer_params, lms_key_at_layer.back(), q.at(layer.get() - 1)));
240 out_child_pk_buffer_at_layer.push_back(sig_stuffer.next(LMS_PublicKey::size(layer_params.lms_params())));
241 }
242 out_lms_sig_buffer_at_layer.push_back(sig_stuffer.next<LMS_Signature_Bytes>(
243 LMS_Signature::size(layer_params.lms_params(), layer_params.lmots_params())));
244 }
245 BOTAN_ASSERT_NOMSG(sig_stuffer.full());
246
247 // Sign and write the signature from bottom layer to root layer
248 std::vector<uint8_t> current_pk;
249 for(int32_t layer_it = hss_params().L().get() - 1; layer_it >= 0; --layer_it) {
250 HSS_Level layer(layer_it);
251 if(layer == hss_params().L() - 1) {
252 current_pk =
253 lms_key_at_layer.at(layer.get())
254 .sign_and_get_pk(out_lms_sig_buffer_at_layer.at(layer.get()), q.at(layer.get()), LMS_Message(msg))
255 .to_bytes();
256 } else {
257 copy_mem(out_child_pk_buffer_at_layer.at(layer.get()), current_pk);
258 current_pk =
259 lms_key_at_layer.at(layer.get())
260 .sign_and_get_pk(out_lms_sig_buffer_at_layer.at(layer.get()), q.at(layer.get()), LMS_Message(current_pk))
261 .to_bytes();
262 }
263 }
264
265 return sig;
266}
267
268LMS_PrivateKey HSS_LMS_PrivateKeyInternal::hss_derive_root_lms_private_key() const {
269 auto& top_params = hss_params().params_at_level(HSS_Level(0));
270 return LMS_PrivateKey(top_params.lms_params(), top_params.lmots_params(), m_identifier, m_hss_seed);
271}
272
273LMS_PrivateKey HSS_LMS_PrivateKeyInternal::hss_derive_child_lms_private_key(
274 const HSS_LMS_Params::LMS_LMOTS_Params_Pair& child_lms_lmots_params,
275 const LMS_PrivateKey& parent_sk,
276 LMS_Tree_Node_Idx parent_q) {
277 const auto hash = HashFunction::create_or_throw(child_lms_lmots_params.lms_params().hash_name());
278
279 // CHILD_SEED = H( PARENT_I || PARENT_Q || SEED_CHILD_SEED || 0xff || PARENT_SEED )
280 PseudorandomKeyGeneration seed_generator(parent_sk.identifier());
281 seed_generator.set_q(parent_q.get());
282 seed_generator.set_i(SEED_CHILD_SEED);
283 seed_generator.set_j(0xff);
284 auto child_seed = seed_generator.gen<LMS_Seed>(*hash, parent_sk.seed());
285
286 // CHILD_I = H( PARENT_I || PARENT_Q || SEED_CHILD_I || 0xff || PARENT_SEED )
287 seed_generator.set_i(SEED_CHILD_I);
288 auto child_identifier = seed_generator.gen<LMS_Identifier>(*hash, parent_sk.seed());
289 child_identifier.resize(LMS_IDENTIFIER_LEN);
290
291 return LMS_PrivateKey(child_lms_lmots_params.lms_params(),
292 child_lms_lmots_params.lmots_params(),
293 std::move(child_identifier),
294 std::move(child_seed));
295}
296
297HSS_LMS_PublicKeyInternal HSS_LMS_PublicKeyInternal::create(const HSS_LMS_PrivateKeyInternal& hss_sk) {
298 auto& hss_params = hss_sk.hss_params();
299
300 const auto root_sk = hss_sk.hss_derive_root_lms_private_key();
301 LMS_PublicKey top_pub_key = LMS_PublicKey(root_sk);
302
303 return HSS_LMS_PublicKeyInternal(hss_params.L(), std::move(top_pub_key));
304}
305
306std::shared_ptr<HSS_LMS_PublicKeyInternal> HSS_LMS_PublicKeyInternal::from_bytes_or_throw(
307 std::span<const uint8_t> key_bytes) {
308 if(key_bytes.size() < sizeof(HSS_Level)) {
309 throw Decoding_Error("Too few public key bytes.");
310 }
311 BufferSlicer slicer(key_bytes);
312
313 const auto L = load_be<HSS_Level>(slicer.take<sizeof(HSS_Level)>());
314 if(L > HSS_MAX_LEVELS) {
315 throw Decoding_Error("Invalid number of HSS layers in public HSS-LMS key.");
316 }
317
318 LMS_PublicKey lms_pub_key = LMS_PublicKey::from_bytes_or_throw(slicer);
319
320 if(!slicer.empty()) {
321 throw Decoding_Error("Public HSS-LMS key contains more bytes than expected.");
322 }
323 return std::make_shared<HSS_LMS_PublicKeyInternal>(L, std::move(lms_pub_key));
324}
325
326std::vector<uint8_t> HSS_LMS_PublicKeyInternal::to_bytes() const {
327 return concat<std::vector<uint8_t>>(store_be(m_L), m_top_lms_pub_key.to_bytes());
328}
329
333
337
338size_t HSS_LMS_PublicKeyInternal::size() const {
339 return sizeof(m_L) + LMS_PublicKey::size(m_top_lms_pub_key.lms_params());
340}
341
342bool HSS_LMS_PublicKeyInternal::verify_signature(std::span<const uint8_t> msg, const HSS_Signature& sig) const {
343 if(checked_cast_to<HSS_Level>(sig.Nspk()) + 1 != m_L) {
344 // HSS levels in the public key does not match with the signature's
345 return false;
346 }
347
348 const LMS_PublicKey* lms_pk = &lms_pub_key();
349 const auto hash_name = lms_pk->lms_params().hash_name();
350
351 // Verify the signature by the above layer over the LMS public keys for layer 1 to Nspk.
352 for(HSS_Level layer(0); layer < sig.Nspk(); ++layer) {
353 const HSS_Signature::Signed_Pub_Key& signed_pub_key = sig.signed_pub_key(layer);
354 if(signed_pub_key.public_key().lms_params().hash_name() != hash_name ||
355 signed_pub_key.public_key().lmots_params().hash_name() != hash_name) {
356 // We do not allow HSS-LMS instances with multiple different hash functions.
357 return false;
358 }
359 if(!lms_pk->verify_signature(LMS_Message(signed_pub_key.public_key().to_bytes()), signed_pub_key.signature())) {
360 return false;
361 }
362 lms_pk = &signed_pub_key.public_key();
363 }
364
365 // Verify the signature by the bottom layer over the message.
366 return lms_pk->verify_signature(LMS_Message(msg), sig.bottom_sig());
367}
368
369HSS_Signature::Signed_Pub_Key::Signed_Pub_Key(LMS_Signature sig, LMS_PublicKey pub) :
370 m_sig(std::move(sig)), m_pub(std::move(pub)) {}
371
372HSS_Signature HSS_Signature::from_bytes_or_throw(std::span<const uint8_t> sig_bytes) {
373 if(sig_bytes.size() < sizeof(uint32_t)) {
374 throw Decoding_Error("Too few HSS signature bytes.");
375 }
376 BufferSlicer slicer(sig_bytes);
377
378 const auto Nspk = load_be(slicer.take<sizeof(uint32_t)>());
379 if(Nspk >= HSS_MAX_LEVELS) {
380 throw Decoding_Error("Invalid number of HSS layers in signature.");
381 }
382
383 std::vector<Signed_Pub_Key> signed_pub_keys;
384 for(size_t i = 0; i < Nspk; ++i) {
385 LMS_Signature sig = LMS_Signature::from_bytes_or_throw(slicer);
386 LMS_PublicKey pub_key = LMS_PublicKey::from_bytes_or_throw(slicer);
387 signed_pub_keys.push_back(Signed_Pub_Key(std::move(sig), std::move(pub_key)));
388 }
389
390 auto sig = LMS_Signature::from_bytes_or_throw(slicer);
391
392 if(!slicer.empty()) {
393 throw Decoding_Error("HSS-LMS signature contains more bytes than expected.");
394 }
395 return HSS_Signature(std::move(signed_pub_keys), std::move(sig));
396}
397
398size_t HSS_Signature::size(const HSS_LMS_Params& params) {
399 size_t size = sizeof(uint32_t);
400 size += LMS_Signature::size(params.params_at_level(HSS_Level(0)).lms_params(),
401 params.params_at_level(HSS_Level(0)).lmots_params());
402 for(HSS_Level layer(1); layer < params.L(); ++layer) {
403 const auto& param = params.params_at_level(layer);
404 size += LMS_PublicKey::size(param.lms_params());
405 size += LMS_Signature::size(param.lms_params(), param.lmots_params());
406 }
407 return size;
408}
409
410} // namespace Botan
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Botan::BufferSlicer::remaining
size_t remaining() const
Definition stl_util.h:127
Botan::BufferSlicer::copy
auto copy(const size_t count)
Definition stl_util.h:89
Botan::BufferSlicer::empty
bool empty() const
Definition stl_util.h:129
Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition stl_util.h:98
Botan::BufferStuffer
Helper class to ease in-place marshalling of concatenated fixed-length values.
Definition stl_util.h:142
Botan::BufferStuffer::append
constexpr void append(std::span< const uint8_t > buffer)
Definition stl_util.h:177
Botan::BufferStuffer::next
constexpr std::span< uint8_t > next(size_t bytes)
Definition stl_util.h:150
Botan::BufferStuffer::full
constexpr bool full() const
Definition stl_util.h:187
Botan::Decoding_Error
Definition exceptn.h:191
Botan::HSS_LMS_Params::LMS_LMOTS_Params_Pair
Represents a pair of LMS and LMOTS parameters associated with one LMS tree layer.
Definition hss.h:45
Botan::HSS_LMS_Params::LMS_LMOTS_Params_Pair::lms_params
const LMS_Params & lms_params() const
The LMS parameters.
Definition hss.h:50
Botan::HSS_LMS_Params::LMS_LMOTS_Params_Pair::lmots_params
const LMOTS_Params & lmots_params() const
The LMOTS parameters.
Definition hss.h:55
Botan::HSS_LMS_Params
The HSS-LMS parameters.
Definition hss.h:40
Botan::HSS_LMS_Params::params_at_level
const LMS_LMOTS_Params_Pair & params_at_level(HSS_Level level) const
Returns the LMS an LM-OTS parameters at the specified level of the HSS tree.
Definition hss.h:97
Botan::HSS_LMS_Params::L
HSS_Level L() const
Returns the number of layers the HSS tree has.
Definition hss.h:102
Botan::HSS_LMS_Params::max_sig_count
HSS_Sig_Idx max_sig_count() const
The maximal number of signatures allowed for these HSS parameters.
Definition hss.h:107
Botan::HSS_LMS_Params::HSS_LMS_Params
HSS_LMS_Params(std::vector< LMS_LMOTS_Params_Pair > lm_lmots_params)
Construct the HSS-LMS parameters from a vector LMS and LM-OTS parameters.
Definition hss.cpp:77
Botan::HSS_LMS_PrivateKeyInternal
The internal HSS-LMS private key.
Definition hss.h:125
Botan::HSS_LMS_PrivateKeyInternal::get_idx
HSS_Sig_Idx get_idx() const
Get the idx of the next signature to generate.
Definition hss.h:157
Botan::HSS_LMS_PrivateKeyInternal::set_idx
void set_idx(HSS_Sig_Idx idx)
Set the idx of the next signature to generate.
Definition hss.cpp:187
Botan::HSS_LMS_PrivateKeyInternal::sign
secure_vector< uint8_t > sign(std::span< const uint8_t > msg)
Create a HSS-LMS signature.
Definition hss.cpp:221
Botan::HSS_LMS_PrivateKeyInternal::from_bytes_or_throw
static std::shared_ptr< HSS_LMS_PrivateKeyInternal > from_bytes_or_throw(std::span< const uint8_t > key_bytes)
Parse a private HSS-LMS key.
Definition hss.cpp:120
Botan::HSS_LMS_PrivateKeyInternal::hss_params
const HSS_LMS_Params & hss_params() const
Returns the used HSS-LMS parameters.
Definition hss.h:147
Botan::HSS_LMS_PrivateKeyInternal::hss_derive_root_lms_private_key
LMS_PrivateKey hss_derive_root_lms_private_key() const
Create the HSS root LMS tree's LMS_PrivateKey using the HSS-LMS private key.
Definition hss.cpp:268
Botan::HSS_LMS_PrivateKeyInternal::to_bytes
secure_vector< uint8_t > to_bytes() const
Returns the key in its encoded format.
Definition hss.cpp:168
Botan::HSS_LMS_PrivateKeyInternal::HSS_LMS_PrivateKeyInternal
HSS_LMS_PrivateKeyInternal(const HSS_LMS_Params &hss_params, RandomNumberGenerator &rng)
Create an internal HSS-LMS private key.
Definition hss.cpp:114
Botan::HSS_LMS_PublicKeyInternal
The internal HSS-LMS public key.
Definition hss.h:240
Botan::HSS_LMS_PublicKeyInternal::from_bytes_or_throw
static std::shared_ptr< HSS_LMS_PublicKeyInternal > from_bytes_or_throw(std::span< const uint8_t > key_bytes)
Parse a public HSS-LMS key.
Definition hss.cpp:306
Botan::HSS_LMS_PublicKeyInternal::verify_signature
bool verify_signature(std::span< const uint8_t > msg, const HSS_Signature &sig) const
Verify a HSS-LMS signature.
Definition hss.cpp:342
Botan::HSS_LMS_PublicKeyInternal::to_bytes
std::vector< uint8_t > to_bytes() const
Returns the key in its encoded format.
Definition hss.cpp:326
Botan::HSS_LMS_PublicKeyInternal::algo_name
std::string algo_name() const
The algorithm name for HSS-LMS.
Definition hss.h:290
Botan::HSS_LMS_PublicKeyInternal::size
size_t size() const
Returns the size in bytes the key would have in its encoded format.
Definition hss.cpp:338
Botan::HSS_LMS_PublicKeyInternal::object_identifier
OID object_identifier() const
The object identifier for HSS-LMS.
Definition hss.cpp:334
Botan::HSS_LMS_PublicKeyInternal::create
static HSS_LMS_PublicKeyInternal create(const HSS_LMS_PrivateKeyInternal &hss_sk)
Create the public HSS-LMS key from its private key.
Definition hss.cpp:297
Botan::HSS_LMS_PublicKeyInternal::HSS_LMS_PublicKeyInternal
HSS_LMS_PublicKeyInternal(HSS_Level L, LMS_PublicKey top_lms_pub_key)
Definition hss.h:259
Botan::HSS_LMS_PublicKeyInternal::algorithm_identifier
AlgorithmIdentifier algorithm_identifier() const
The algorithm identifier for HSS-LMS.
Definition hss.cpp:330
Botan::HSS_LMS_PublicKeyInternal::lms_pub_key
const LMS_PublicKey & lms_pub_key() const
Returns the public LMS key of the top LMS tree.
Definition hss.h:270
Botan::HSS_Signature::Signed_Pub_Key
A LMS public key signed by the HSS layer above it.
Definition hss.h:322
Botan::HSS_Signature::Signed_Pub_Key::Signed_Pub_Key
Signed_Pub_Key(LMS_Signature sig, LMS_PublicKey pub)
Constructor for a new sig-pubkey-pair.
Definition hss.cpp:369
Botan::HSS_Signature::Signed_Pub_Key::signature
const LMS_Signature & signature() const
The signature of the public key.
Definition hss.h:332
Botan::HSS_Signature::Signed_Pub_Key::public_key
const LMS_PublicKey & public_key() const
The signed public key.
Definition hss.h:337
Botan::HSS_Signature
A HSS-LMS signature.
Definition hss.h:314
Botan::HSS_Signature::size
static size_t size(const HSS_LMS_Params &params)
Returns the size a signature would have in its encoded format.
Definition hss.cpp:398
Botan::HSS_Signature::bottom_sig
const LMS_Signature & bottom_sig() const
Returns the LMS signature by the bottom layer of the signed message.
Definition hss.h:377
Botan::HSS_Signature::Nspk
HSS_Level Nspk() const
Returns the number of signed public keys (Nspk = L-1).
Definition hss.h:364
Botan::HSS_Signature::signed_pub_key
const Signed_Pub_Key & signed_pub_key(HSS_Level layer) const
Returns the signed LMS key signed by a specific layer.
Definition hss.h:372
Botan::HSS_Signature::from_bytes_or_throw
static HSS_Signature from_bytes_or_throw(std::span< const uint8_t > sig_bytes)
Parse a HSS-LMS signature.
Definition hss.cpp:372
Botan::HashFunction::create_or_throw
static std::unique_ptr< HashFunction > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:298
Botan::LMOTS_Params::create_or_throw
static LMOTS_Params create_or_throw(LMOTS_Algorithm_Type type)
Create the LM-OTS parameters from a known algorithm type.
Definition lm_ots.cpp:99
Botan::LMOTS_Params::hash_name
const std::string & hash_name() const
Name of the hash function to use.
Definition lm_ots.h:150
Botan::LMS_Instance::lms_params
const LMS_Params & lms_params() const
The LMS parameters for this LMS instance.
Definition lms.h:163
Botan::LMS_Instance::lmots_params
const LMOTS_Params & lmots_params() const
The LMOTS parameters used for OTS instances of this LMS instance.
Definition lms.h:168
Botan::LMS_Instance::identifier
const LMS_Identifier & identifier() const
The identifier of this LMS tree ('I' in RFC 8554)
Definition lms.h:173
Botan::LMS_Params::hash_name
const std::string & hash_name() const
Returns the name of the hash function to use.
Definition lms.h:123
Botan::LMS_Params::m
size_t m() const
Returns the number of bytes associated with each node.
Definition lms.h:118
Botan::LMS_Params::h
uint8_t h() const
Returns the height of the LMS tree.
Definition lms.h:113
Botan::LMS_Params::create_or_throw
static LMS_Params create_or_throw(LMS_Algorithm_Type type)
Create the LMS parameters from a known algorithm type.
Definition lms.cpp:112
Botan::LMS_PrivateKey
Representation of an LMS Private key.
Definition lms.h:189
Botan::LMS_PrivateKey::seed
const LMS_Seed & seed() const
The secret seed used for LMOTS' WOTS chain input creation (RFC 8554 Appendix A)
Definition lms.h:200
Botan::LMS_PublicKey
The LMS public key.
Definition lms.h:224
Botan::LMS_PublicKey::size
static size_t size(const LMS_Params &lms_params)
The expected size of an LMS public key for given lms_params.
Definition lms.cpp:312
Botan::LMS_PublicKey::to_bytes
std::vector< uint8_t > to_bytes() const
Bytes of the full lms public key according to 8554 5.3.
Definition lms.cpp:293
Botan::LMS_PublicKey::from_bytes_or_throw
static LMS_PublicKey from_bytes_or_throw(BufferSlicer &slicer)
Parse a public LMS key.
Definition lms.cpp:263
Botan::LMS_PublicKey::verify_signature
bool verify_signature(const LMS_Message &msg, const LMS_Signature &sig) const
Verify a LMS signature.
Definition lms.cpp:351
Botan::LMS_Signature
Container for LMS Signature data.
Definition lms.h:290
Botan::LMS_Signature::from_bytes_or_throw
static LMS_Signature from_bytes_or_throw(BufferSlicer &slicer)
Parse the bytes of a lms signature into a LMS Signature object.
Definition lms.cpp:316
Botan::LMS_Signature::size
static size_t size(const LMS_Params &lms_params, const LMOTS_Params &lmots_params)
Definition lms.cpp:418
Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86
Botan::PseudorandomKeyGeneration
Helper class used to derive secret values based in the pseudorandom key generation described in RFC 8...
Definition hss_lms_utils.h:28
Botan::RandomNumberGenerator::random_vec
void random_vec(std::span< uint8_t > v)
Definition rng.h:179
Botan::SCAN_Name
Definition scan_name.h:22
Botan::SCAN_Name::arg
std::string arg(size_t i) const
Definition scan_name.cpp:119
Botan::SCAN_Name::arg_count
size_t arg_count() const
Definition scan_name.h:49
Botan::SCAN_Name::algo_name
const std::string & algo_name() const
Definition scan_name.h:44
Botan::SCAN_Name::arg_as_integer
size_t arg_as_integer(size_t i, size_t def_value) const
Definition scan_name.cpp:133
Botan::detail::Strong_Base::get
T & get()
Definition strong_type.h:50
Botan::LMS_Algorithm_Type
LMS_Algorithm_Type
Enum of available LMS algorithm types.
Definition lms.h:29
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::LMS_IDENTIFIER_LEN
constexpr size_t LMS_IDENTIFIER_LEN
The length in bytes of the LMS identifier (I).
Definition lms.h:66
Botan::HSS_Sig_Idx
Strong< uint64_t, struct HSS_Sig_Idx_, EnableArithmeticWithPlainNumber > HSS_Sig_Idx
The index of a node within a specific LMS tree layer.
Definition hss.h:28
Botan::checked_cast_to
constexpr RT checked_cast_to(AT i)
Definition int_utils.h:109
Botan::LMS_Identifier
Strong< std::vector< uint8_t >, struct LMS_Identifier_ > LMS_Identifier
The identifier of an LMS tree (I in RFC 8554)
Definition lm_ots.h:50
Botan::LMOTS_Algorithm_Type
LMOTS_Algorithm_Type
Enum of available LM-OTS algorithm types.
Definition lm_ots.h:65
Botan::LMS_Seed
Strong< secure_vector< uint8_t >, struct LMS_SEED_ > LMS_Seed
Seed of the LMS tree, used to generate the LM-OTS private keys.
Definition lm_ots.h:25
Botan::checked_cast_to_or_throw
constexpr RT checked_cast_to_or_throw(AT i, std::string_view error_msg_on_fail)
Definition int_utils.h:95
Botan::LMS_Message
Strong< std::vector< uint8_t >, struct LMS_Message_ > LMS_Message
A message that is signed with an LMS tree.
Definition lm_ots.h:55
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition stl_util.h:262
Botan::HSS_Level
Strong< uint32_t, struct HSS_Level_, EnableArithmeticWithPlainNumber > HSS_Level
The HSS layer in the HSS multi tree starting at 0 from the root.
Definition hss.h:33
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:707
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:467
Generated by doxygen 1.11.0