Make LMOTS a private api
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 37253ab..99e863c 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -353,14 +353,9 @@
#error "MBEDTLS_MD_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_LMOTS_C) && \
- ( !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_LMOTS_C requires MBEDTLS_MD_C"
-#endif
-
#if defined(MBEDTLS_LMS_C) && \
- ( !defined(MBEDTLS_LMOTS_C) || !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_LMS_C requires MBEDTLS_LMOTS_C and MBEDTLS_MD_C"
+ ( !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_LMS_C requires MBEDTLS_MD_C"
#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 73d61db..fe5d497 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -82,7 +82,6 @@
* POLY1305 3 0x0057-0x005B
* CHACHAPOLY 2 0x0054-0x0056
* PLATFORM 2 0x0070-0x0072
- * LMOTS 2 0x0076-0x0078
* LMS 2 0x0011-0x0017
*
* High-level module nr (3 bits - 0x0...-0x7...)
diff --git a/include/mbedtls/lmots.h b/include/mbedtls/lmots.h
deleted file mode 100644
index d89f5bb..0000000
--- a/include/mbedtls/lmots.h
+++ /dev/null
@@ -1,338 +0,0 @@
-/**
- * \file lmots.h
- *
- * \brief This file provides an API for the LM-OTS post-quantum-safe one-time
- * public-key signature scheme as defined in RFC8554 and NIST.SP.200-208.
- * This implementation currently only supports a single parameter set
- * MBEDTLS_LMOTS_SHA256_N32_W8 in order to reduce complexity.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_LMOTS_H
-#define MBEDTLS_LMOTS_H
-
-#include "mbedtls/private_access.h"
-
-#include <stdint.h>
-#include <stddef.h>
-
-#define MBEDTLS_ERR_LMOTS_BAD_INPUT_DATA -0x0076 /**< Bad data has been input to an LMOTS function */
-#define MBEDTLS_ERR_LMOTS_VERIFY_FAILED -0x0078 /**< LMOTS signature verification failed */
-
-#define MBEDTLS_LMOTS_N_HASH_LEN (32)
-#define MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN (34)
-#define MBEDTLS_LMOTS_TYPE_LEN (4)
-#define MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN (MBEDTLS_LMOTS_N_HASH_LEN)
-#define MBEDTLS_LMOTS_I_KEY_ID_LEN (16)
-#define MBEDTLS_LMOTS_Q_LEAF_ID_LEN (4)
-
-#define MBEDTLS_LMOTS_SIG_LEN (MBEDTLS_LMOTS_TYPE_LEN + MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN + \
- (MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN * MBEDTLS_LMOTS_N_HASH_LEN))
-
-#define MBEDTLS_LMOTS_PUBKEY_LEN (MBEDTLS_LMOTS_TYPE_LEN + MBEDTLS_LMOTS_I_KEY_ID_LEN + \
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN + MBEDTLS_LMOTS_N_HASH_LEN)
-
-#define MBEDTLS_LMOTS_SIG_TYPE_OFFSET (0)
-#define MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET (MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN)
-#define MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET (MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET + MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN)
-
-#define MBEDTLS_LMOTS_PUBKEY_TYPE_OFFSET (0)
-#define MBEDTLS_LMOTS_PUBKEY_I_KEY_ID_OFFSET (MBEDTLS_LMOTS_PUBKEY_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN)
-#define MBEDTLS_LMOTS_PUBKEY_Q_LEAF_ID_OFFSET (MBEDTLS_LMOTS_PUBKEY_I_KEY_ID_OFFSET + MBEDTLS_LMOTS_I_KEY_ID_LEN)
-#define MBEDTLS_LMOTS_PUBKEY_KEY_HASH_OFFSET (MBEDTLS_LMOTS_PUBKEY_Q_LEAF_ID_OFFSET + MBEDTLS_LMOTS_Q_LEAF_ID_LEN)
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml
- * We are only implementing a subset of the types, particularly n32_w8, for the sake of simplicty.
- */
-typedef enum {
- MBEDTLS_LMOTS_SHA256_N32_W8 = 4
-} mbedtls_lmots_algorithm_type_t;
-
-
-/** LMOTS context structure.
- *
- * The context must be initialized before it is used. A public key must either
- * be imported, or an algorithm type set, a private key generated and the public
- * key calculated from it. A context that does not contain a public key cannot
- * verify, and a context that does not contain a private key cannot sign.
- * Signing a message will remove the private key from the context, as private
- * keys can only be used a single time.
- *
- * \dot
- * digraph lmots {
- * UNINITIALIZED -> INIT [label="init"];
- * TYPE_SET -> INIT [label="free"];
- * PRIVATE -> INIT [label="free"];
- * PUBLIC -> INIT [label="free"];
- * "PRIVATE+PUBLIC" -> INIT [label="free"];
- * INIT -> TYPE_SET [label="set_algorithm_type"];
- * PRIVATE -> TYPE_SET [label="sign"];
- * "PRIVATE+PUBLIC" -> PUBLIC [label="sign"];
- * INIT -> PUBLIC [label="import_public"];
- * PUBLIC -> PUBLIC [label="export_pubkey"];
- * "PRIVATE+PUBLIC" -> "PRIVATE+PUBLIC" [label="export_pubkey"];
- * PRIVATE -> "PRIVATE+PUBLIC" [label="gen_pubkey"];
- * TYPE_SET -> PRIVATE [label="gen_privkey"];
- * }
- * \enddot
- */
-typedef struct {
- unsigned char MBEDTLS_PRIVATE(have_privkey); /*!< Whether the context contains a private key.
- Boolean values only. */
- unsigned char MBEDTLS_PRIVATE(have_pubkey); /*!< Whether the context contains a public key.
- Boolean values only. */
- unsigned char MBEDTLS_PRIVATE(I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN]); /*!< The key
- identifier. */
- unsigned int MBEDTLS_PRIVATE(q_leaf_identifier); /*!< Which leaf of the LMS key this is.
- 0 if the key is not part of an LMS key. */
- unsigned char MBEDTLS_PRIVATE(q_leaf_identifier_bytes)[MBEDTLS_LMOTS_Q_LEAF_ID_LEN];/*!< The
- leaf identifier in network bytes form. */
- mbedtls_lmots_algorithm_type_t MBEDTLS_PRIVATE(type); /*!< The LM-OTS key type identifier as
- per IANA. Only SHA256_N32_W8 is currently
- supported. */
- unsigned char MBEDTLS_PRIVATE(priv_key[MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN][32]); /*!< The private
- key, one hash output per byte of the encoded
- symbol string P (32 bytes of hash output +
- 2 bytes of checksum). */
- unsigned char MBEDTLS_PRIVATE(pub_key[32]); /*!< The public key, in the form of a SHA256
- output. */
-} mbedtls_lmots_context;
-
-
-/**
- * \brief This function initializes an LMOTS context
- *
- * \param ctx The uninitialized LMOTS context that will then be
- * initialized.
- */
-void mbedtls_lmots_init( mbedtls_lmots_context *ctx );
-
-/**
- * \brief This function uninitializes an LMOTS context
- *
- * \param ctx The initialized LMOTS context that will then be
- * uninitialized.
- */
-void mbedtls_lmots_free( mbedtls_lmots_context *ctx );
-
-/**
- * \brief This function sets the type of an LMOTS context
- *
- * \note The parameter set in the context will then be used
- * for keygen operations etc.
- *
- * \param ctx The initialized LMOTS context.
- * \param type The type that will be set in the context.
- */
-int mbedtls_lmots_set_algorithm_type( mbedtls_lmots_context *ctx,
- mbedtls_lmots_algorithm_type_t type );
-
-/**
- * \brief This function creates a candidate public key from
- * an LMOTS signature. This can then be compared to
- * the real public key to determine the validity of
- * the signature.
- *
- * \note This function is exposed publicly to be used in LMS
- * signature verification, it is expected that
- * mbedtls_lmots_verify will be used for LMOTS
- * signature verification.
- *
- * \param I_key_identifier The key identifier of the key, as a 16-byte string.
- * \param q_leaf_identifier The leaf identifier of key. If this LMOTS key is
- * not being used as part of an LMS key, this should
- * be set to 0.
- * \param msg The buffer from which the message will be read.
- * \param msg_len The size of the message that will be read.
- * \param sig The buffer from which the signature will be read.
- * #MBEDTLS_LMOTS_SIG_LEN bytes will be read from this.
- * \param out The buffer where the candidate public key will be
- * stored. Must be at least #MBEDTLS_LMOTS_N_HASH_LEN
- * bytes in size.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_lmots_generate_pub_key_candidate( const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
- const unsigned char q_leaf_identifier[MBEDTLS_LMOTS_Q_LEAF_ID_LEN],
- const unsigned char *msg,
- size_t msg_len,
- const unsigned char *sig,
- unsigned char *out );
-
-/**
- * \brief This function creates a LMOTS signature, using a
- * LMOTS context that contains a private key.
- *
- * \note Before this function is called, the context must
- * have been initialized and must contain a private
- * key.
- *
- * \note LMOTS private keys can only be used once, otherwise
- * attackers may be able to create forged signatures.
- * If the signing operation is successful, the private
- * key in the context will be erased, and no further
- * signing will be possible until another private key
- * is loaded
- *
- * \param ctx The initialized LMOTS context from which the
- * private key will be read.
- * \param f_rng The RNG function to be used for signature
- * generation.
- * \param p_rng The RNG context to be passed to f_rng
- * \param msg The buffer from which the message will be read.
- * \param msg_len The size of the message that will be read.
- * \param sig The buf into which the signature will be stored.
- * Must be at least #MBEDTLS_LMOTS_SIG_LEN in size.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_lmots_sign( mbedtls_lmots_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng, const unsigned char *msg, size_t msg_len,
- unsigned char *sig );
-
-/**
- * \brief This function verifies a LMOTS signature, using a
- * LMOTS context that contains a public key.
- *
- * \warning This function is **not intended for use in
- * production**, due to as-yet unsolved problems with
- * handling stateful keys.
- *
- * \note Before this function is called, the context must
- * have been initialized and must contain a public key
- * (either by import or generation).
- *
- * \param ctx The initialized LMOTS context from which the public
- * key will be read.
- * \param msg The buffer from which the message will be read.
- * \param msg_len The size of the message that will be read.
- * \param sig The buf from which the signature will be read.
- * #MBEDTLS_LMOTS_SIG_LEN bytes will be read from
- * this.
- *
- * \return \c 0 on successful verification.
- * \return A non-zero error code on failure.
- */
-int mbedtls_lmots_verify( mbedtls_lmots_context *ctx, const unsigned char *msg,
- size_t msg_len, const unsigned char *sig );
-
-/**
- * \brief This function imports an LMOTS public key into a
- * LMOTS context.
- *
- * \note Before this function is called, the context must
- * have been initialized.
- *
- * \note See IETF RFC8554 for details of the encoding of
- * this public key.
- *
- * \param ctx The initialized LMOTS context store the key in.
- * \param key The buffer from which the key will be read.
- * #MBEDTLS_LMOTS_PUBKEY_LEN bytes will be read from
- * this.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_lmots_import_pubkey( mbedtls_lmots_context *ctx,
- const unsigned char *key );
-
-/**
- * \brief This function exports an LMOTS public key from a
- * LMOTS context that already contains a public key.
- *
- * \note Before this function is called, the context must
- * have been initialized and the context must contain
- * a public key.
- *
- * \note See IETF RFC8554 for details of the encoding of
- * this public key.
- *
- * \param ctx The initialized LMOTS context that contains the
- * publc key.
- * \param key The buffer into which the key will be output. Must
- * be at least #MBEDTLS_LMOTS_PUBKEY_LEN in size.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_lmots_export_pubkey( mbedtls_lmots_context *ctx,
- unsigned char *key );
-
-/**
- * \brief This function generates an LMOTS public key from a
- * LMOTS context that already contains a private key.
- *
- * \note Before this function is called, the context must
- * have been initialized and the context must contain
- * a private key.
- *
- * \param ctx The initialized LMOTS context to generate the key
- * from and store it into.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_lmots_gen_pubkey( mbedtls_lmots_context *ctx );
-
-/**
- * \brief This function generates an LMOTS private key, and
- * stores in into an LMOTS context.
- *
- * \warning This function is **not intended for use in
- * production**, due to as-yet unsolved problems with
- * handling stateful keys.
- *
- * \note Before this function is called, the context must
- * have been initialized and the type of the LMOTS
- * context set using mbedtls_lmots_set_algorithm_type
- *
- * \note The seed must have at least 256 bits of entropy.
- *
- * \param ctx The initialized LMOTS context to generate the key
- * into.
- * \param I_key_identifier The key identifier of the key, as a 16-byte string.
- * \param q_leaf_identifier The leaf identifier of key. If this LMOTS key is
- * not being used as part of an LMS key, this should
- * be set to 0.
- * \param seed The seed used to deterministically generate the
- * key.
- * \param seed_len The length of the seed.
- *
- * \return \c 0 on success.
- * \return A non-zero error code on failure.
- */
-int mbedtls_lmots_gen_privkey( mbedtls_lmots_context *ctx,
- const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
- unsigned int q_leaf_identifier,
- const unsigned char *seed,
- size_t seed_len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_LMOTS_H */
diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
index 72ed521..99fe678 100644
--- a/include/mbedtls/lms.h
+++ b/include/mbedtls/lms.h
@@ -30,8 +30,9 @@
#include <stdint.h>
#include <stddef.h>
+#include "lmots.h"
+
#include "mbedtls/private_access.h"
-#include "mbedtls/lmots.h"
#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */
#define MBEDTLS_ERR_LMS_OUT_OF_PRIV_KEYS -0x0013 /**< Specified LMS key has utilised all of its private keys */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 1da395b..8c833b1 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2462,20 +2462,6 @@
#define MBEDTLS_HMAC_DRBG_C
/**
- * \def MBEDTLS_LMOTS_C
- *
- * Enable the LMOTS one-time asymmetric hash signature algorithm.
- *
- * Module: library/lm_ots.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA256_C
- *
- * Uncomment to enable the LMOTS signature algorithm.
- */
-#define MBEDTLS_LMOTS_C
-
-/**
* \def MBEDTLS_LMS_C
*
* Enable the LMS stateful-hash asymmetric signature algorithm.
@@ -2483,7 +2469,7 @@
* Module: library/lms.c
* Caller:
*
- * Requires: MBEDTLS_LMS_C
+ * Requires: MBEDTLS_MD_C
*
* Uncomment to enable the LMS signature algorithm.
*/