1=pod
2
3=head1 NAME
4
5EVP_PKEY-LMS, EVP_KEYMGMT-LMS, LMS
6- EVP_PKEY Leighton-Micali Signature (LMS) keytype and algorithm support
7
8=head1 DESCRIPTION
9
10The B<LMS> keytype is implemented in OpenSSL's default and FIPS providers.
11The OpenSSL providers only support LMS signature verification, as this is a
12[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final) requirement for
13FIPS software modules.
14
15=head2 Common LMS parameters
16
17LMS public keys are encoded in XDR format (i.e. not ASN1 format).
18The following parameters are used by EVP_PKEY_fromdata() and by the
19LMS keymanager for import and export.
20
21=over 4
22
23=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
24
25Used for getting and setting the encoding of an LMS public key. The public key
26is expected to be in XDR format.
27
28=back
29
30=head1 CONFORMING TO
31
32=over 4
33
34=item RFC 8554
35
36Leighton-Micali Hash-Based Signatures
37
38=item NIST SP800-208
39
40Recommendation for Stateful Hash-Based Signature Schemes
41
42=item CNSA 2.0
43
44Commercial National Security Algorithm Suite
45
46=back
47
48=head1 NOTES
49
50LMS support is disabled by default at compile-time.
51To enable it, specify the B<enable-lms> build configuration option.
52
53=head1 EXAMPLES
54
55NOTE error checking has been omitted in these examples
56
57An B<EVP_PKEY> context can be obtained by calling:
58
59    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, "LMS", propq);
60
61An B<LMS> public key can be loaded simply like this:
62
63     EVP_PKEY *pkey = NULL;
64     OSSL_DECODER_CTX *dctx = NULL;
65     int selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
66
67     dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "XDR", NULL,
68                                          "LMS", selection, libctx, propq);
69     ret = OSSL_DECODER_from_bio(dctx, bio);
70     OSSL_DECODER_CTX_free(dctx);
71
72To load a LMS key from XDR encoded "data" of size "datalen":
73
74    EVP_PKEY *key = NULL;
75    OSSL_PARAM params[2];
76
77    params[0] =
78        OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
79                                          (unsigned char *)data, datalen);
80    params[1] = OSSL_PARAM_construct_end();
81    ret = EVP_PKEY_fromdata_init(ctx)
82    ret = EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_PUBLIC_KEY, params);
83
84=head1 SEE ALSO
85
86L<EVP_KEYMGMT(3)>,
87L<EVP_PKEY(3)>,
88L<EVP_SIGNATURE-LMS(7)>,
89L<provider-keymgmt(7)>
90
91=head1 HISTORY
92
93This functionality was added in OpenSSL 3.6.
94
95=head1 COPYRIGHT
96
97Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
98
99Licensed under the Apache License 2.0 (the "License").  You may not use
100this file except in compliance with the License.  You can obtain a copy
101in the file LICENSE in the source distribution or at
102L<https://www.openssl.org/source/license.html>.
103
104=cut
105