Documentation ¶
Overview ¶
Package lms implements Leighton-Micali Hash-Based Signatures (RFC 8554)
This file implements the private key and signing logic.
Package lms implements Leighton-Micali Hash-Based Signatures (RFC 8554)
This file implements the public key and signature verification logic.
Package lms implements Leighton-Micali Hash-Based Signatures (RFC 8554)
This file implements the LmsSignature type, including serialization.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GeneratePKTree ¶
func GeneratePKTree(tc common.LmsAlgorithmType, otstc common.LmsOtsAlgorithmType, id common.ID, seed []byte) ([][]byte, error)
GeneratePKTree generates the Merkle Tree needed to derive the public key and authentication path for any message.
Types ¶
type LmsPrivateKey ¶
type LmsPrivateKey struct {
// contains filtered or unexported fields
}
A LmsPrivateKey is used to sign a finite number of messages
func LmsPrivateKeyFromBytes ¶
func LmsPrivateKeyFromBytes(b []byte) (LmsPrivateKey, error)
LmsPrivateKeyFromBytes returns an LmsPrivateKey that represents b. This is the inverse of the ToBytes() method on the LmsPrivateKey object.
func NewPrivateKey ¶
func NewPrivateKey(tc common.LmsAlgorithmType, otstc common.LmsOtsAlgorithmType) (LmsPrivateKey, error)
NewPrivateKey returns a LmsPrivateKey, seeded by a cryptographically secure random number generator.
func NewPrivateKeyFromSeed ¶
func NewPrivateKeyFromSeed(tc common.LmsAlgorithmType, otstc common.LmsOtsAlgorithmType, id common.ID, seed []byte) (LmsPrivateKey, error)
NewPrivateKeyFromSeed returns a new LmsPrivateKey, using the algorithm from Appendix A of <https://datatracker.ietf.org/doc/html/rfc8554#appendix-A>
func (*LmsPrivateKey) Public ¶
func (priv *LmsPrivateKey) Public() LmsPublicKey
Public returns an LmsPublicKey that validates signatures for this private key
func (*LmsPrivateKey) Q ¶
func (priv *LmsPrivateKey) Q() uint32
Retrieve the current value of the internal counter, q. Used for unit tests
func (*LmsPrivateKey) Sign ¶
func (priv *LmsPrivateKey) Sign(msg []byte, rng io.Reader) (LmsSignature, error)
Sign calculates the LMS signature of a chosen message. The rng argument is optional. If nil is provided, crypto/rand.Reader will be used.
func (*LmsPrivateKey) ToBytes ¶
func (priv *LmsPrivateKey) ToBytes() []byte
ToBytes() serialized the private key into a byte string for storage. The current value of the internal counter, q, is included.
type LmsPublicKey ¶
type LmsPublicKey struct {
// contains filtered or unexported fields
}
A LmsPublicKey is used to verify messages signed by a LmsPrivateKey
func LmsPublicKeyFromBytes ¶
func LmsPublicKeyFromBytes(b []byte) (LmsPublicKey, error)
LmsPublicKeyFromBytes returns an LmsPublicKey that represents b. This is the inverse of the ToBytes() method on the LmsPublicKey object.
func NewPublicKey ¶
func NewPublicKey(tc common.LmsAlgorithmType, otstc common.LmsOtsAlgorithmType, id common.ID, k []byte) (LmsPublicKey, error)
NewPublicKey return a new LmsPublicKey, given the LMS typecode, LM-OTS typecode, ID, and root of the authentication tree (called k).
func (*LmsPublicKey) Key ¶
func (pub *LmsPublicKey) Key() []byte
Return a []byte representing the actual public key, k, which is the root of the authentication path in the corresponding private key. We need this to get the public key as bytes in order to test
func (*LmsPublicKey) ToBytes ¶
func (pub *LmsPublicKey) ToBytes() []byte
ToBytes() serializes the public key into a byte string for transmission or storage.
func (*LmsPublicKey) Verify ¶
func (pub *LmsPublicKey) Verify(msg []byte, sig LmsSignature) bool
Verify returns true if sig is valid for msg and this public key. It returns false otherwise.
type LmsSignature ¶
type LmsSignature struct {
// contains filtered or unexported fields
}
A LmsSignature represents a signature produced by an LmsPrivateKey which an LmsPublicKey can validate for a given message
func LmsSignatureFromBytes ¶
func LmsSignatureFromBytes(b []byte) (LmsSignature, error)
LmsSignatureFromBytes returns an LmsSignature represented by b. This is the inverse of the ToBytes() on LmsSignature.
func NewLmsSignature ¶
func NewLmsSignature(tc common.LmsAlgorithmType, q uint32, otsig ots.LmsOtsSignature, path [][]byte) (LmsSignature, error)
NewLmsSignature returns a LmsSignature, given an LMS algorithm type, internal counter, LM-OTS signature, and authentication path.
func (*LmsSignature) ToBytes ¶
func (sig *LmsSignature) ToBytes() ([]byte, error)
ToBytes() serializes the signature into a byte string for transmission or storage.