Add LMS implementation
Also an LM-OTS implementation as one is required for LMS.
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 6b330a7..37253ab 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -353,6 +353,16 @@
#error "MBEDTLS_MD_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_LMOTS_C) && \
+ ( !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_LMOTS_C requires MBEDTLS_MD_C"
+#endif
+
+#if defined(MBEDTLS_LMS_C) && \
+ ( !defined(MBEDTLS_LMOTS_C) || !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_LMS_C requires MBEDTLS_LMOTS_C and MBEDTLS_MD_C"
+#endif
+
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 8b2b9ea..73d61db 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -82,6 +82,8 @@
* POLY1305 3 0x0057-0x005B
* CHACHAPOLY 2 0x0054-0x0056
* PLATFORM 2 0x0070-0x0072
+ * LMOTS 2 0x0076-0x0078
+ * LMS 2 0x0011-0x0017
*
* High-level module nr (3 bits - 0x0...-0x7...)
* Name ID Nr of Errors
diff --git a/include/mbedtls/lmots.h b/include/mbedtls/lmots.h
new file mode 100644
index 0000000..a177ad4
--- /dev/null
+++ b/include/mbedtls/lmots.h
@@ -0,0 +1,292 @@
+/**
+ * \file lmots.h
+ *
+ * \brief This file provides an API for the LM-OTS post-quantum-safe one-time
+ * public-key signature scheme.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_LMOTS_H
+#define MBEDTLS_LMOTS_H
+
+#include "mbedtls/private_access.h"
+
+#include <stdint.h>
+#include <stddef.h>
+
+#define MBEDTLS_ERR_LMOTS_BAD_INPUT_DATA -0x0076 /**< Bad data has been input to an LMOTS function */
+#define MBEDTLS_ERR_LMOTS_VERIFY_FAILED -0x0078 /**< LMOTS signature verification failed */
+
+#define MBEDTLS_LMOTS_N_HASH_LEN (32)
+#define MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN (34)
+#define MBEDTLS_LMOTS_TYPE_LEN (4)
+#define MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN (MBEDTLS_LMOTS_N_HASH_LEN)
+#define MBEDTLS_LMOTS_I_KEY_ID_LEN (16)
+#define MBEDTLS_LMOTS_Q_LEAF_ID_LEN (4)
+
+#define MBEDTLS_LMOTS_SIG_LEN (MBEDTLS_LMOTS_TYPE_LEN + MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN + \
+ (MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN * MBEDTLS_LMOTS_N_HASH_LEN))
+
+#define MBEDTLS_LMOTS_PUBKEY_LEN (MBEDTLS_LMOTS_TYPE_LEN + MBEDTLS_LMOTS_I_KEY_ID_LEN + \
+ MBEDTLS_LMOTS_Q_LEAF_ID_LEN + MBEDTLS_LMOTS_N_HASH_LEN)
+
+#define MBEDTLS_LMOTS_SIG_TYPE_OFFSET (0)
+#define MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET (MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN)
+#define MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET (MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET + MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN)
+
+#define MBEDTLS_LMOTS_PUBKEY_TYPE_OFFSET (0)
+#define MBEDTLS_LMOTS_PUBKEY_I_KEY_ID_OFFSET (MBEDTLS_LMOTS_PUBKEY_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN)
+#define MBEDTLS_LMOTS_PUBKEY_Q_LEAF_ID_OFFSET (MBEDTLS_LMOTS_PUBKEY_I_KEY_ID_OFFSET + MBEDTLS_LMOTS_I_KEY_ID_LEN)
+#define MBEDTLS_LMOTS_PUBKEY_KEY_HASH_OFFSET (MBEDTLS_LMOTS_PUBKEY_Q_LEAF_ID_OFFSET + MBEDTLS_LMOTS_Q_LEAF_ID_LEN)
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* We are only implementing a subset of the types, particularly n32_w8, for the
+ * sake of simplicty
+ */
+typedef enum {
+ MBEDTLS_LMOTS_SHA256_N32_W8 = 4
+} mbedtls_lmots_algorithm_type_t;
+
+
+typedef struct {
+ unsigned char MBEDTLS_PRIVATE(have_privkey);
+ unsigned char MBEDTLS_PRIVATE(have_pubkey);
+ unsigned char MBEDTLS_PRIVATE(I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN]);
+ unsigned int MBEDTLS_PRIVATE(q_leaf_identifier);
+ unsigned char MBEDTLS_PRIVATE(q_leaf_identifier_bytes)[MBEDTLS_LMOTS_Q_LEAF_ID_LEN];
+ mbedtls_lmots_algorithm_type_t MBEDTLS_PRIVATE(type);
+ unsigned char MBEDTLS_PRIVATE(priv_key[MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN][32]);
+ unsigned char MBEDTLS_PRIVATE(pub_key[32]);
+} mbedtls_lmots_context;
+
+
+/**
+ * \brief This function initializes an LMOTS context
+ *
+ * \param ctx The uninitialized LMOTS context that will then be
+ * initialized.
+ */
+void mbedtls_lmots_init( mbedtls_lmots_context *ctx );
+
+/**
+ * \brief This function uninitializes an LMOTS context
+ *
+ * \param ctx The initialized LMOTS context that will then be
+ * uninitialized.
+ */
+void mbedtls_lmots_free( mbedtls_lmots_context *ctx );
+
+/**
+ * \brief This function sets the type of an LMOTS context
+ *
+ * \note The parameter set in the context will then be used
+ * for keygen operations etc.
+ *
+ * \param ctx The initialized LMOTS context.
+ * \param type The type that will be set in the context.
+ */
+int mbedtls_lmots_set_algorithm_type( mbedtls_lmots_context *ctx,
+ mbedtls_lmots_algorithm_type_t type );
+
+/**
+ * \brief This function creates a candidate public key from
+ * an LMOTS signature. This can then be compared to
+ * the real public key to determine the validity of
+ * the signature.
+ *
+ * \note This function is exposed publicly to be used in LMS
+ * signature verification, it is expected that
+ * mbedtls_lmots_verify will be used for LMOTS
+ * signature verification.
+ *
+ * \param I_key_identifier The key identifier of the key, as a 16 byte
+ * bytestring.
+ * \param q_leaf_identifier The leaf identifier of key. If this LMOTS key is
+ * not being used as part of an LMS key, this should
+ * be set to 0.
+ * \param msg The buffer from which the message will be read.
+ * \param msg_len The size of the message that will be read.
+ * \param sig The buff from which the signature will be read.
+ * MBEDTLS_LMOTS_SIG_LEN bytes will be read from this.
+ * \param out The buffer where the candidate public key will be
+ * stored. Must be at least #MBEDTLS_LMOTS_N_HASH_LEN
+ * bytes in size.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lmots_generate_pub_key_candidate( const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
+ const unsigned char q_leaf_identifier[MBEDTLS_LMOTS_Q_LEAF_ID_LEN],
+ const unsigned char *msg,
+ size_t msg_len,
+ const unsigned char *sig,
+ unsigned char *out );
+
+/**
+ * \brief This function creates a LMOTS signature, using a
+ * LMOTS context that contains a private key.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and must contain a private
+ * key.
+ *
+ * \note LMOTS private keys can only be used once, otherwise
+ * attackers may be able to create forged signatures.
+ * If the signing operation is successful, the private
+ * key in the context will be erased, and no further
+ * signing will be possible until another private key
+ * is loaded
+ *
+ * \param ctx The initialized LMOTS context from which the
+ * private key will be read.
+ * \param f_rng The RNG function to be used for signature
+ * generation.
+ * \param p_rng The RNG context to be passed to f_rng
+ * \param msg The buffer from which the message will be read.
+ * \param msg_len The size of the message that will be read.
+ * \param sig The buf into which the signature will be stored.
+ * Must be at least #MBEDTLS_LMOTS_SIG_LEN in size.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lmots_sign( mbedtls_lmots_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng, const unsigned char *msg, size_t msg_len,
+ unsigned char *sig );
+
+/**
+ * \brief This function verifies a LMOTS signature, using a
+ * LMOTS context that contains a public key.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and must contain a public key
+ * (either by import or generation).
+ *
+ * \param ctx The initialized LMOTS context from which the public
+ * key will be read.
+ * \param msg The buffer from which the message will be read.
+ * \param msg_len The size of the message that will be read.
+ * \param sig The buf from which the signature will be read.
+ * #MBEDTLS_LMOTS_SIG_LEN bytes will be read from
+ * this.
+ *
+ * \return \c 0 on successful verification.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lmots_verify( mbedtls_lmots_context *ctx, const unsigned char *msg,
+ size_t msg_len, const unsigned char *sig );
+
+/**
+ * \brief This function imports an LMOTS public key into a
+ * LMOTS context.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized.
+ *
+ * \note See IETF RFC8554 for details of the encoding of
+ * this public key.
+ *
+ * \param ctx The initialized LMOTS context store the key in.
+ * \param key The buffer from which the key will be read.
+ * #MBEDTLS_LMOTS_PUBKEY_LEN bytes will be read from
+ * this.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lmots_import_pubkey( mbedtls_lmots_context *ctx,
+ const unsigned char *key );
+
+/**
+ * \brief This function exports an LMOTS public key from a
+ * LMOTS context that already contains a public key.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and the context must contain
+ * a public key.
+ *
+ * \note See IETF RFC8554 for details of the encoding of
+ * this public key.
+ *
+ * \param ctx The initialized LMOTS context that contains the
+ * publc key.
+ * \param key The buffer into which the key will be output. Must
+ * be at least #MBEDTLS_LMOTS_PUBKEY_LEN in size.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lmots_export_pubkey( mbedtls_lmots_context *ctx,
+ unsigned char *key );
+
+/**
+ * \brief This function generates an LMOTS public key from a
+ * LMOTS context that already contains a private key.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and the context must contain
+ * a private key.
+ *
+ * \param ctx The initialized LMOTS context to generate the key
+ * from and store it into.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lmots_gen_pubkey( mbedtls_lmots_context *ctx );
+
+/**
+ * \brief This function generates an LMOTS private key, and
+ * stores in into an LMOTS context.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and the type of the LMOTS
+ * context set using mbedtls_lmots_set_algorithm_type
+ *
+ * \note The seed must have at least 256 bits of entropy.
+ *
+ * \param ctx The initialized LMOTS context to generate the key
+ * into.
+ * \param I_key_identifier The key identifier of the key, as a 16 byte
+ * bytestring.
+ * \param q_leaf_identifier The leaf identifier of key. If this LMOTS key is
+ * not being used as part of an LMS key, this should
+ * be set to 0.
+ * \param seed The seed used to deterministically generate the
+ * key.
+ * \param seed_len The length of the seed.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lmots_gen_privkey( mbedtls_lmots_context *ctx,
+ const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
+ unsigned int q_leaf_identifier,
+ const unsigned char *seed,
+ size_t seed_len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_LMOTS_H */
diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
new file mode 100644
index 0000000..868a667
--- /dev/null
+++ b/include/mbedtls/lms.h
@@ -0,0 +1,254 @@
+/**
+ * \file lms.h
+ *
+ * \brief This file provides an API for the LMS post-quantum-safe stateful-hash
+ * public-key signature scheme.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef MBEDTLS_LMS_H
+#define MBEDTLS_LMS_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "mbedtls/private_access.h"
+#include "mbedtls/lmots.h"
+
+#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */
+#define MBEDTLS_ERR_LMS_OUT_OF_PRIV_KEYS -0x0013 /**< Specified LMS key has utilised all of its private keys */
+#define MBEDTLS_ERR_LMS_VERIFY_FAILED -0x0015 /**< LMS signature verification failed */
+#define MBEDTLS_ERR_LMS_ALLOC_FAILED -0x0017 /**< LMS failed to allocate space for a private key */
+
+#define MBEDTLS_LMS_TYPE_LEN (4)
+#define MBEDTLS_LMS_H_TREE_HEIGHT (10)
+#define MBEDTLS_LMS_M_NODE_BYTES (32)
+
+#define MBEDTLS_LMS_SIG_LEN (MBEDTLS_LMOTS_Q_LEAF_ID_LEN + MBEDTLS_LMOTS_SIG_LEN + \
+ MBEDTLS_LMS_TYPE_LEN + MBEDTLS_LMS_H_TREE_HEIGHT * MBEDTLS_LMS_M_NODE_BYTES)
+
+#define MBEDTLS_LMS_PUBKEY_LEN (MBEDTLS_LMS_TYPE_LEN + MBEDTLS_LMOTS_TYPE_LEN + \
+ MBEDTLS_LMOTS_I_KEY_ID_LEN + MBEDTLS_LMS_M_NODE_BYTES)
+
+#define MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET (0)
+#define MBEDTLS_LMS_SIG_OTS_SIG_OFFSET (MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET + MBEDTLS_LMOTS_Q_LEAF_ID_LEN)
+#define MBEDTLS_LMS_SIG_TYPE_OFFSET (MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_LEN)
+#define MBEDTLS_LMS_SIG_PATH_OFFSET (MBEDTLS_LMS_SIG_TYPE_OFFSET + MBEDTLS_LMS_TYPE_LEN)
+
+#define MBEDTLS_LMS_PUBKEY_TYPE_OFFSET (0)
+#define MBEDTLS_LMS_PUBKEY_OTSTYPE_OFFSET (MBEDTLS_LMS_PUBKEY_TYPE_OFFSET + MBEDTLS_LMS_TYPE_LEN)
+#define MBEDTLS_LMS_PUBKEY_I_KEY_ID_OFFSET (MBEDTLS_LMS_PUBKEY_OTSTYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN)
+#define MBEDTLS_LMS_PUBKEY_ROOT_NODE_OFFSET (MBEDTLS_LMS_PUBKEY_I_KEY_ID_OFFSET + MBEDTLS_LMOTS_I_KEY_ID_LEN)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+ MBEDTLS_LMS_SHA256_M32_H10 = 0x6,
+} mbedtls_lms_algorithm_type_t;
+
+
+typedef struct {
+ unsigned char MBEDTLS_PRIVATE(have_privkey);
+ unsigned char MBEDTLS_PRIVATE(have_pubkey);
+ unsigned char MBEDTLS_PRIVATE(I_key_identifier)[MBEDTLS_LMOTS_I_KEY_ID_LEN];
+ mbedtls_lms_algorithm_type_t MBEDTLS_PRIVATE(type);
+ mbedtls_lmots_algorithm_type_t MBEDTLS_PRIVATE(otstype);
+ unsigned int MBEDTLS_PRIVATE(q_next_usable_key);
+ mbedtls_lmots_context *MBEDTLS_PRIVATE(priv_keys);
+ unsigned char MBEDTLS_PRIVATE(T_1_pub_key)[MBEDTLS_LMS_M_NODE_BYTES];
+} mbedtls_lms_context;
+
+
+/**
+ * \brief This function initializes an LMS context
+ *
+ * \param ctx The uninitialized LMS context that will then be
+ * initialized.
+ */
+void mbedtls_lms_init( mbedtls_lms_context *ctx );
+
+/**
+ * \brief This function uninitializes an LMS context
+ *
+ * \param ctx The initialized LMS context that will then be
+ * uninitialized.
+ */
+void mbedtls_lms_free( mbedtls_lms_context *ctx );
+
+/**
+ * \brief This function sets the type of an LMS context
+ *
+ * \note The parameter set in the context will then be used
+ * for keygen operations etc.
+ *
+ * \param ctx The initialized LMS context.
+ * \param type The type that will be set in the context.
+ * \param otstype The type of the LMOTS implementation used by this
+ * context.
+ */
+int mbedtls_lms_set_algorithm_type( mbedtls_lms_context *ctx,
+ mbedtls_lms_algorithm_type_t type,
+ mbedtls_lmots_algorithm_type_t otstype);
+
+/**
+ * \brief This function creates a LMS signature, using a
+ * LMOTS context that contains a private key.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and must contain a private
+ * key.
+ *
+ * \note Each of the LMOTS private keys inside a LMS private
+ * key can only be used once. If they are reused, then
+ * attackers may be able to forge signatures with that
+ * key. This is all handled transparently, but it is
+ * important to not perform copy operations on LMS
+ * contexts that contain private key material.
+ *
+ * \param ctx The initialized LMS context from which the
+ * private key will be read.
+ * \param f_rng The RNG function to be used for signature
+ * generation.
+ * \param p_rng The RNG context to be passed to f_rng
+ * \param msg The buffer from which the message will be read.
+ * \param msg_len The size of the message that will be read.
+ * \param sig The buf into which the signature will be stored.
+ * Must be at least #MBEDTLS_LMOTS_SIG_LEN in size.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lms_sign( mbedtls_lms_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void* p_rng, unsigned char *msg, unsigned int msg_len,
+ unsigned char *sig);
+
+/**
+ * \brief This function verifies a LMS signature, using a
+ * LMS context that contains a public key.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and must contain a public key
+ * (either by import or generation).
+ *
+ * \param ctx The initialized LMS context from which the public
+ * key will be read.
+ * \param msg The buffer from which the message will be read.
+ * \param msg_len The size of the message that will be read.
+ * \param sig The buf from which the signature will be read.
+ * #MBEDTLS_LMS_SIG_LEN bytes will be read from
+ * this.
+ *
+ * \return \c 0 on successful verification.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lms_verify( const mbedtls_lms_context *ctx,
+ const unsigned char *msg, unsigned int msg_len,
+ const unsigned char *sig );
+
+/**
+ * \brief This function imports an LMOTS public key into a
+ * LMS context.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized.
+ *
+ * \note See IETF RFC8554 for details of the encoding of
+ * this public key.
+ *
+ * \param ctx The initialized LMS context store the key in.
+ * \param key The buffer from which the key will be read.
+ * #MBEDTLS_LMS_PUBKEY_LEN bytes will be read from
+ * this.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lms_import_pubkey( mbedtls_lms_context *ctx,
+ const unsigned char *key );
+
+/**
+ * \brief This function exports an LMOTS public key from a
+ * LMS context that already contains a public key.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and the context must contain
+ * a public key.
+ *
+ * \note See IETF RFC8554 for details of the encoding of
+ * this public key.
+ *
+ * \param ctx The initialized LMS context that contains the
+ * publc key.
+ * \param key The buffer into which the key will be output. Must
+ * be at least #MBEDTLS_LMS_PUBKEY_LEN in size.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lms_export_pubkey( mbedtls_lms_context *ctx,
+ unsigned char *key );
+
+/**
+ * \brief This function generates an LMS public key from a
+ * LMS context that already contains a private key.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and the context must contain
+ * a private key.
+ *
+ * \param ctx The initialized LMS context to generate the key
+ * from and store it into.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lms_gen_pubkey( mbedtls_lms_context *ctx );
+
+/**
+ * \brief This function generates an LMS private key, and
+ * stores in into an LMS context.
+ *
+ * \note Before this function is called, the context must
+ * have been initialized and the type of the LMS
+ * context set using mbedtls_lmots_set_algorithm_type
+ *
+ * \note The seed must have at least 256 bits of entropy.
+ *
+ * \param ctx The initialized LMOTS context to generate the key
+ * into.
+ * \param f_rng The RNG function to be used to generate the key ID.
+ * \param p_rng The RNG context to be passed to f_rng
+ * \param seed The seed used to deterministically generate the
+ * key.
+ * \param seed_len The length of the seed.
+ *
+ * \return \c 0 on success.
+ * \return A non-zero error code on failure.
+ */
+int mbedtls_lms_gen_privkey( mbedtls_lms_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void* p_rng, unsigned char *seed,
+ size_t seed_len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_LMS_H */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 23e601b..1da395b 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2462,6 +2462,34 @@
#define MBEDTLS_HMAC_DRBG_C
/**
+ * \def MBEDTLS_LMOTS_C
+ *
+ * Enable the LMOTS one-time asymmetric hash signature algorithm.
+ *
+ * Module: library/lm_ots.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * Uncomment to enable the LMOTS signature algorithm.
+ */
+#define MBEDTLS_LMOTS_C
+
+/**
+ * \def MBEDTLS_LMS_C
+ *
+ * Enable the LMS stateful-hash asymmetric signature algorithm.
+ *
+ * Module: library/lms.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_LMS_C
+ *
+ * Uncomment to enable the LMS signature algorithm.
+ */
+#define MBEDTLS_LMS_C
+
+/**
* \def MBEDTLS_NIST_KW_C
*
* Enable the Key Wrapping mode for 128-bit block ciphers,