Mbed TLS v3.6.0
|
This file provides an API for the LMS post-quantum-safe stateful-hash public-key signature scheme as defined in RFC8554 and NIST.SP.200-208. This implementation currently only supports a single parameter set MBEDTLS_LMS_SHA256_M32_H10 in order to reduce complexity. This is one of the signature schemes recommended by the IETF draft SUIT standard for IOT firmware upgrades (RFC9019). More...
#include <stdint.h>
#include <stddef.h>
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
Go to the source code of this file.
Data Structures | |
struct | mbedtls_lmots_parameters_t |
struct | mbedtls_lmots_public_t |
struct | mbedtls_lms_parameters_t |
struct | mbedtls_lms_public_t |
Enumerations | |
enum | mbedtls_lms_algorithm_type_t { MBEDTLS_LMS_SHA256_M32_H10 = 0x6 } |
enum | mbedtls_lmots_algorithm_type_t { MBEDTLS_LMOTS_SHA256_N32_W8 = 4 } |
Functions | |
void | mbedtls_lms_public_init (mbedtls_lms_public_t *ctx) |
This function initializes an LMS public context. | |
void | mbedtls_lms_public_free (mbedtls_lms_public_t *ctx) |
This function uninitializes an LMS public context. | |
int | mbedtls_lms_import_public_key (mbedtls_lms_public_t *ctx, const unsigned char *key, size_t key_size) |
This function imports an LMS public key into a public LMS context. | |
int | mbedtls_lms_export_public_key (const mbedtls_lms_public_t *ctx, unsigned char *key, size_t key_size, size_t *key_len) |
This function exports an LMS public key from a LMS public context that already contains a public key. | |
int | mbedtls_lms_verify (const mbedtls_lms_public_t *ctx, const unsigned char *msg, size_t msg_size, const unsigned char *sig, size_t sig_size) |
This function verifies a LMS signature, using a LMS context that contains a public key. | |
This file provides an API for the LMS post-quantum-safe stateful-hash public-key signature scheme as defined in RFC8554 and NIST.SP.200-208. This implementation currently only supports a single parameter set MBEDTLS_LMS_SHA256_M32_H10 in order to reduce complexity. This is one of the signature schemes recommended by the IETF draft SUIT standard for IOT firmware upgrades (RFC9019).
Definition in file lms.h.
#define MBEDTLS_ERR_LMS_ALLOC_FAILED -0x0017 |
#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 |
#define MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL -0x0019 |
#define MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS -0x0013 |
#define MBEDTLS_ERR_LMS_VERIFY_FAILED -0x0015 |
#define MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN | ( | type | ) | (MBEDTLS_LMOTS_N_HASH_LEN(type)) |
#define MBEDTLS_LMOTS_N_HASH_LEN | ( | type | ) | ((type) == MBEDTLS_LMOTS_SHA256_N32_W8 ? 32u : 0) |
#define MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT | ( | type | ) | ((type) == MBEDTLS_LMOTS_SHA256_N32_W8 ? 34u : 0) |
#define MBEDTLS_LMOTS_SIG_LEN | ( | type | ) |
#define MBEDTLS_LMS_H_TREE_HEIGHT | ( | type | ) | ((type) == MBEDTLS_LMS_SHA256_M32_H10 ? 10u : 0) |
#define MBEDTLS_LMS_M_NODE_BYTES | ( | type | ) | ((type) == MBEDTLS_LMS_SHA256_M32_H10 ? 32 : 0) |
#define MBEDTLS_LMS_PUBLIC_KEY_LEN | ( | type | ) |
#define MBEDTLS_LMS_SIG_LEN | ( | type, | |
otstype | |||
) |
The Identifier of the LMOTS parameter set, as per https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml. We are only implementing a subset of the types, particularly N32_W8, for the sake of simplicity.
Enumerator | |
---|---|
MBEDTLS_LMOTS_SHA256_N32_W8 |
The Identifier of the LMS parameter set, as per https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml We are only implementing a subset of the types, particularly H10, for the sake of simplicity.
Enumerator | |
---|---|
MBEDTLS_LMS_SHA256_M32_H10 |
int mbedtls_lms_export_public_key | ( | const mbedtls_lms_public_t * | ctx, |
unsigned char * | key, | ||
size_t | key_size, | ||
size_t * | key_len | ||
) |
This function exports an LMS public key from a LMS public context that already contains a public key.
ctx | The initialized LMS public context that contains the public key. |
key | The buffer into which the key will be output. Must be at least MBEDTLS_LMS_PUBLIC_KEY_LEN in size. |
key_size | The size of the key buffer. |
key_len | If not NULL, will be written with the size of the key. |
0
on success. int mbedtls_lms_import_public_key | ( | mbedtls_lms_public_t * | ctx, |
const unsigned char * | key, | ||
size_t | key_size | ||
) |
This function imports an LMS public key into a public LMS context.
ctx | The initialized LMS context store the key in. |
key | The buffer from which the key will be read. MBEDTLS_LMS_PUBLIC_KEY_LEN bytes will be read from this. |
key_size | The size of the key being imported. |
0
on success. void mbedtls_lms_public_free | ( | mbedtls_lms_public_t * | ctx | ) |
This function uninitializes an LMS public context.
ctx | The initialized LMS context that will then be uninitialized. |
void mbedtls_lms_public_init | ( | mbedtls_lms_public_t * | ctx | ) |
This function initializes an LMS public context.
ctx | The uninitialized LMS context that will then be initialized. |
int mbedtls_lms_verify | ( | const mbedtls_lms_public_t * | ctx, |
const unsigned char * | msg, | ||
size_t | msg_size, | ||
const unsigned char * | sig, | ||
size_t | sig_size | ||
) |
This function verifies a LMS signature, using a LMS context that contains a public key.
ctx | The initialized LMS public context from which the public key will be read. |
msg | The buffer from which the message will be read. |
msg_size | The size of the message that will be read. |
sig | The buf from which the signature will be read. MBEDTLS_LMS_SIG_LEN bytes will be read from this. |
sig_size | The size of the signature to be verified. |
0
on successful verification.