TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8ff6df538c506bfcd83d9e4ab8bfaf2f4e671d11 / . / include / mbedtls / lms.h
blob: 868a667e6ab8d52a37df771dc82539567679bc85 [file] [log] [blame]
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame^]1/**
2 * \file lms.h
3 *
4 * \brief This file provides an API for the LMS post-quantum-safe stateful-hash
5 * public-key signature scheme.
6 */
7/*
8 * Copyright The Mbed TLS Contributors
9 * SPDX-License-Identifier: Apache-2.0
10 *
11 * Licensed under the Apache License, Version 2.0 (the "License"); you may
12 * not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 *
15 * http://www.apache.org/licenses/LICENSE-2.0
16 *
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
19 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
22 */
23#ifndef MBEDTLS_LMS_H
24#define MBEDTLS_LMS_H
25
26#include <stdint.h>
27#include <stddef.h>
28
29#include "mbedtls/private_access.h"
30#include "mbedtls/lmots.h"
31
32#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */
33#define MBEDTLS_ERR_LMS_OUT_OF_PRIV_KEYS -0x0013 /**< Specified LMS key has utilised all of its private keys */
34#define MBEDTLS_ERR_LMS_VERIFY_FAILED -0x0015 /**< LMS signature verification failed */
35#define MBEDTLS_ERR_LMS_ALLOC_FAILED -0x0017 /**< LMS failed to allocate space for a private key */
36
37#define MBEDTLS_LMS_TYPE_LEN (4)
38#define MBEDTLS_LMS_H_TREE_HEIGHT (10)
39#define MBEDTLS_LMS_M_NODE_BYTES (32)
40
41#define MBEDTLS_LMS_SIG_LEN (MBEDTLS_LMOTS_Q_LEAF_ID_LEN + MBEDTLS_LMOTS_SIG_LEN + \
42 MBEDTLS_LMS_TYPE_LEN + MBEDTLS_LMS_H_TREE_HEIGHT * MBEDTLS_LMS_M_NODE_BYTES)
43
44#define MBEDTLS_LMS_PUBKEY_LEN (MBEDTLS_LMS_TYPE_LEN + MBEDTLS_LMOTS_TYPE_LEN + \
45 MBEDTLS_LMOTS_I_KEY_ID_LEN + MBEDTLS_LMS_M_NODE_BYTES)
46
47#define MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET (0)
48#define MBEDTLS_LMS_SIG_OTS_SIG_OFFSET (MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET + MBEDTLS_LMOTS_Q_LEAF_ID_LEN)
49#define MBEDTLS_LMS_SIG_TYPE_OFFSET (MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_LEN)
50#define MBEDTLS_LMS_SIG_PATH_OFFSET (MBEDTLS_LMS_SIG_TYPE_OFFSET + MBEDTLS_LMS_TYPE_LEN)
51
52#define MBEDTLS_LMS_PUBKEY_TYPE_OFFSET (0)
53#define MBEDTLS_LMS_PUBKEY_OTSTYPE_OFFSET (MBEDTLS_LMS_PUBKEY_TYPE_OFFSET + MBEDTLS_LMS_TYPE_LEN)
54#define MBEDTLS_LMS_PUBKEY_I_KEY_ID_OFFSET (MBEDTLS_LMS_PUBKEY_OTSTYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN)
55#define MBEDTLS_LMS_PUBKEY_ROOT_NODE_OFFSET (MBEDTLS_LMS_PUBKEY_I_KEY_ID_OFFSET + MBEDTLS_LMOTS_I_KEY_ID_LEN)
56
57#ifdef __cplusplus
58extern "C" {
59#endif
60
61typedef enum {
62 MBEDTLS_LMS_SHA256_M32_H10 = 0x6,
63} mbedtls_lms_algorithm_type_t;
64
65
66typedef struct {
67 unsigned char MBEDTLS_PRIVATE(have_privkey);
68 unsigned char MBEDTLS_PRIVATE(have_pubkey);
69 unsigned char MBEDTLS_PRIVATE(I_key_identifier)[MBEDTLS_LMOTS_I_KEY_ID_LEN];
70 mbedtls_lms_algorithm_type_t MBEDTLS_PRIVATE(type);
71 mbedtls_lmots_algorithm_type_t MBEDTLS_PRIVATE(otstype);
72 unsigned int MBEDTLS_PRIVATE(q_next_usable_key);
73 mbedtls_lmots_context *MBEDTLS_PRIVATE(priv_keys);
74 unsigned char MBEDTLS_PRIVATE(T_1_pub_key)[MBEDTLS_LMS_M_NODE_BYTES];
75} mbedtls_lms_context;
76
77
78/**
79 * \brief This function initializes an LMS context
80 *
81 * \param ctx The uninitialized LMS context that will then be
82 * initialized.
83 */
84void mbedtls_lms_init( mbedtls_lms_context *ctx );
85
86/**
87 * \brief This function uninitializes an LMS context
88 *
89 * \param ctx The initialized LMS context that will then be
90 * uninitialized.
91 */
92void mbedtls_lms_free( mbedtls_lms_context *ctx );
93
94/**
95 * \brief This function sets the type of an LMS context
96 *
97 * \note The parameter set in the context will then be used
98 * for keygen operations etc.
99 *
100 * \param ctx The initialized LMS context.
101 * \param type The type that will be set in the context.
102 * \param otstype The type of the LMOTS implementation used by this
103 * context.
104 */
105int mbedtls_lms_set_algorithm_type( mbedtls_lms_context *ctx,
106 mbedtls_lms_algorithm_type_t type,
107 mbedtls_lmots_algorithm_type_t otstype);
108
109/**
110 * \brief This function creates a LMS signature, using a
111 * LMOTS context that contains a private key.
112 *
113 * \note Before this function is called, the context must
114 * have been initialized and must contain a private
115 * key.
116 *
117 * \note Each of the LMOTS private keys inside a LMS private
118 * key can only be used once. If they are reused, then
119 * attackers may be able to forge signatures with that
120 * key. This is all handled transparently, but it is
121 * important to not perform copy operations on LMS
122 * contexts that contain private key material.
123 *
124 * \param ctx The initialized LMS context from which the
125 * private key will be read.
126 * \param f_rng The RNG function to be used for signature
127 * generation.
128 * \param p_rng The RNG context to be passed to f_rng
129 * \param msg The buffer from which the message will be read.
130 * \param msg_len The size of the message that will be read.
131 * \param sig The buf into which the signature will be stored.
132 * Must be at least #MBEDTLS_LMOTS_SIG_LEN in size.
133 *
134 * \return \c 0 on success.
135 * \return A non-zero error code on failure.
136 */
137int mbedtls_lms_sign( mbedtls_lms_context *ctx,
138 int (*f_rng)(void *, unsigned char *, size_t),
139 void* p_rng, unsigned char *msg, unsigned int msg_len,
140 unsigned char *sig);
141
142/**
143 * \brief This function verifies a LMS signature, using a
144 * LMS context that contains a public key.
145 *
146 * \note Before this function is called, the context must
147 * have been initialized and must contain a public key
148 * (either by import or generation).
149 *
150 * \param ctx The initialized LMS context from which the public
151 * key will be read.
152 * \param msg The buffer from which the message will be read.
153 * \param msg_len The size of the message that will be read.
154 * \param sig The buf from which the signature will be read.
155 * #MBEDTLS_LMS_SIG_LEN bytes will be read from
156 * this.
157 *
158 * \return \c 0 on successful verification.
159 * \return A non-zero error code on failure.
160 */
161int mbedtls_lms_verify( const mbedtls_lms_context *ctx,
162 const unsigned char *msg, unsigned int msg_len,
163 const unsigned char *sig );
164
165/**
166 * \brief This function imports an LMOTS public key into a
167 * LMS context.
168 *
169 * \note Before this function is called, the context must
170 * have been initialized.
171 *
172 * \note See IETF RFC8554 for details of the encoding of
173 * this public key.
174 *
175 * \param ctx The initialized LMS context store the key in.
176 * \param key The buffer from which the key will be read.
177 * #MBEDTLS_LMS_PUBKEY_LEN bytes will be read from
178 * this.
179 *
180 * \return \c 0 on success.
181 * \return A non-zero error code on failure.
182 */
183int mbedtls_lms_import_pubkey( mbedtls_lms_context *ctx,
184 const unsigned char *key );
185
186/**
187 * \brief This function exports an LMOTS public key from a
188 * LMS context that already contains a public key.
189 *
190 * \note Before this function is called, the context must
191 * have been initialized and the context must contain
192 * a public key.
193 *
194 * \note See IETF RFC8554 for details of the encoding of
195 * this public key.
196 *
197 * \param ctx The initialized LMS context that contains the
198 * publc key.
199 * \param key The buffer into which the key will be output. Must
200 * be at least #MBEDTLS_LMS_PUBKEY_LEN in size.
201 *
202 * \return \c 0 on success.
203 * \return A non-zero error code on failure.
204 */
205int mbedtls_lms_export_pubkey( mbedtls_lms_context *ctx,
206 unsigned char *key );
207
208/**
209 * \brief This function generates an LMS public key from a
210 * LMS context that already contains a private key.
211 *
212 * \note Before this function is called, the context must
213 * have been initialized and the context must contain
214 * a private key.
215 *
216 * \param ctx The initialized LMS context to generate the key
217 * from and store it into.
218 *
219 * \return \c 0 on success.
220 * \return A non-zero error code on failure.
221 */
222int mbedtls_lms_gen_pubkey( mbedtls_lms_context *ctx );
223
224/**
225 * \brief This function generates an LMS private key, and
226 * stores in into an LMS context.
227 *
228 * \note Before this function is called, the context must
229 * have been initialized and the type of the LMS
230 * context set using mbedtls_lmots_set_algorithm_type
231 *
232 * \note The seed must have at least 256 bits of entropy.
233 *
234 * \param ctx The initialized LMOTS context to generate the key
235 * into.
236 * \param f_rng The RNG function to be used to generate the key ID.
237 * \param p_rng The RNG context to be passed to f_rng
238 * \param seed The seed used to deterministically generate the
239 * key.
240 * \param seed_len The length of the seed.
241 *
242 * \return \c 0 on success.
243 * \return A non-zero error code on failure.
244 */
245int mbedtls_lms_gen_privkey( mbedtls_lms_context *ctx,
246 int (*f_rng)(void *, unsigned char *, size_t),
247 void* p_rng, unsigned char *seed,
248 size_t seed_len );
249
250#ifdef __cplusplus
251}
252#endif
253
254#endif /* MBEDTLS_LMS_H */