21 #include "mbedtls/private_access.h"
25 #define MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS -0x0013
26 #define MBEDTLS_ERR_LMS_VERIFY_FAILED -0x0015
29 #define MBEDTLS_LMOTS_N_HASH_LEN_MAX (32u)
30 #define MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX (34u)
31 #define MBEDTLS_LMOTS_N_HASH_LEN(type) ((type) == MBEDTLS_LMOTS_SHA256_N32_W8 ? 32u : 0)
32 #define MBEDTLS_LMOTS_I_KEY_ID_LEN (16u)
33 #define MBEDTLS_LMOTS_Q_LEAF_ID_LEN (4u)
34 #define MBEDTLS_LMOTS_TYPE_LEN (4u)
35 #define MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(type) ((type) == MBEDTLS_LMOTS_SHA256_N32_W8 ? 34u : 0)
36 #define MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(type) (MBEDTLS_LMOTS_N_HASH_LEN(type))
38 #define MBEDTLS_LMOTS_SIG_LEN(type) (MBEDTLS_LMOTS_TYPE_LEN + \
39 MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(type) + \
40 (MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(type) * \
41 MBEDTLS_LMOTS_N_HASH_LEN(type)))
44 #define MBEDTLS_LMS_TYPE_LEN (4)
45 #define MBEDTLS_LMS_H_TREE_HEIGHT(type) ((type) == MBEDTLS_LMS_SHA256_M32_H10 ? 10u : 0)
50 #define MBEDTLS_LMS_M_NODE_BYTES(type) ((type) == MBEDTLS_LMS_SHA256_M32_H10 ? 32 : 0)
51 #define MBEDTLS_LMS_M_NODE_BYTES_MAX 32
53 #define MBEDTLS_LMS_SIG_LEN(type, otstype) (MBEDTLS_LMOTS_Q_LEAF_ID_LEN + \
54 MBEDTLS_LMOTS_SIG_LEN(otstype) + \
55 MBEDTLS_LMS_TYPE_LEN + \
56 (MBEDTLS_LMS_H_TREE_HEIGHT(type) * \
57 MBEDTLS_LMS_M_NODE_BYTES(type)))
59 #define MBEDTLS_LMS_PUBLIC_KEY_LEN(type) (MBEDTLS_LMS_TYPE_LEN + \
60 MBEDTLS_LMOTS_TYPE_LEN + \
61 MBEDTLS_LMOTS_I_KEY_ID_LEN + \
62 MBEDTLS_LMS_M_NODE_BYTES(type))
122 unsigned char MBEDTLS_PRIVATE(have_public_key);
126 #if defined(MBEDTLS_LMS_PRIVATE)
148 unsigned char MBEDTLS_PRIVATE(have_private_key);
192 unsigned char MBEDTLS_PRIVATE(have_public_key);
197 #if defined(MBEDTLS_LMS_PRIVATE)
216 uint32_t MBEDTLS_PRIVATE(q_next_usable_key);
228 unsigned char MBEDTLS_PRIVATE(have_private_key);
269 const unsigned char *key,
size_t key_size);
295 unsigned char *key,
size_t key_size,
319 const unsigned char *msg,
size_t msg_size,
320 const unsigned char *sig,
size_t sig_size);
322 #if defined(MBEDTLS_LMS_PRIVATE)
363 const unsigned char *seed,
422 const unsigned char *msg,
423 unsigned int msg_size,
unsigned char *sig,
size_t sig_size,
void mbedtls_lms_private_init(mbedtls_lms_private_t *ctx)
This function initializes an LMS private context.
int mbedtls_lms_import_public_key(mbedtls_lms_public_t *ctx, const unsigned char *key, size_t key_size)
This function imports an LMS public key into a public LMS context.
int mbedtls_lms_sign(mbedtls_lms_private_t *ctx, const unsigned char *msg, unsigned int msg_size, unsigned char *sig, size_t sig_size, size_t *sig_len)
This function creates a LMS signature, using a LMS context that contains unused private keys...
void mbedtls_lms_private_free(mbedtls_lms_private_t *ctx)
This function uninitializes an LMS private context.
void mbedtls_lms_public_init(mbedtls_lms_public_t *ctx)
This function initializes an LMS public context.
int mbedtls_lms_generate_private_key(mbedtls_lms_private_t *ctx, mbedtls_lms_algorithm_type_t type, mbedtls_lmots_algorithm_type_t otstype, const unsigned char *seed, size_t seed_size)
This function generates an LMS private key, and stores in into an LMS private context.
#define MBEDTLS_LMOTS_Q_LEAF_ID_LEN
void mbedtls_lms_public_free(mbedtls_lms_public_t *ctx)
This function uninitializes an LMS public context.
mbedtls_lmots_algorithm_type_t
Compatibility definitions for MbedTLS 3.x code built with MbedTLS 4.x or TF-PSA-Crypto 1...
int mbedtls_lms_export_public_key(const mbedtls_lms_public_t *ctx, unsigned char *key, size_t key_size, size_t *key_len)
This function exports an LMS public key from a LMS public context that already contains a public key...
#define MBEDTLS_LMOTS_N_HASH_LEN_MAX
int mbedtls_lms_calculate_public_key(mbedtls_lms_public_t *ctx, const mbedtls_lms_private_t *priv_ctx)
This function calculates an LMS public key from a LMS context that already contains a private key...
Build-time configuration info.
#define MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX
#define MBEDTLS_LMOTS_I_KEY_ID_LEN
#define MBEDTLS_LMS_M_NODE_BYTES_MAX
int mbedtls_lms_verify(const mbedtls_lms_public_t *ctx, const unsigned char *msg, size_t msg_size, const unsigned char *sig, size_t sig_size)
This function verifies a LMS signature, using a LMS context that contains a public key...
mbedtls_lms_algorithm_type_t