mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-08 13:03:39 +00:00
8ff6df538c
Also an LM-OTS implementation as one is required for LMS. Signed-off-by: Raef Coles <raef.coles@arm.com>
13 lines
804 B
Plaintext
13 lines
804 B
Plaintext
Features
|
|
* Add the LMS post-quantum-safe stateful-hash asymmetric signature scheme
|
|
as defined in RFC8554 and NIST.SP.200-208. This currently only supports
|
|
one parameter set (LMS_SHA256_M32_H10), meaning that each private key can
|
|
be used to sign 1024 messages. As such, it is not intended for use in TLS,
|
|
but instead for verification of assets transmitted over an insecure
|
|
channel, particularly firmware images. This is one of the signature
|
|
schemes recommended by the IETF draft SUIT standard for IOT firmware
|
|
upgrades (RFC9019).
|
|
* Add the LM-OTS post-quantum-safe one-time signature scheme, which is
|
|
required for LMS. This can be used independently, but each key can only be
|
|
used to sign one message so is impractical for most circumstances.
|