eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Shorted LMS and LMOTS line-lengths

Browse source 
To attempt to comply with the 80-char suggestion

Signed-off-by: Raef Coles <raef.coles@arm.com>
This commit is contained in:
Raef Coles 2022-09-01 17:23:12 +01:00
parent e9479a0264
commit 366d67d9af
No known key found for this signature in database
GPG key ID: 1AAF1B43DF2086F4
4 changed files with 92 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

3
include/mbedtls/lms.h
View file

@ -68,7 +68,8 @@
extern "C" { extern "C" {
#endif #endif
/* https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml /** The Identifier of the LMS parameter set, as per
* https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml
* We are only implementing a subset of the types, particularly H10, for the sake of simplicty. * We are only implementing a subset of the types, particularly H10, for the sake of simplicty.
*/ */
typedef enum { typedef enum {

66
library/lmots.c
View file

@ -44,13 +44,18 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#define MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET (MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) #define MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET (MBEDTLS_LMOTS_SIG_TYPE_OFFSET + \
#define MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(type) (MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET + MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(type)) MBEDTLS_LMOTS_TYPE_LEN)
#define MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(type) (MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET + \
MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(type))
#define MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET (0) #define MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET (0)
#define MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) #define MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET + \
#define MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET + MBEDTLS_LMOTS_I_KEY_ID_LEN) MBEDTLS_LMOTS_TYPE_LEN)
#define MBEDTLS_LMOTS_PUBLIC_KEY_KEY_HASH_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET + MBEDTLS_LMOTS_Q_LEAF_ID_LEN) #define MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET + \
MBEDTLS_LMOTS_I_KEY_ID_LEN)
#define MBEDTLS_LMOTS_PUBLIC_KEY_KEY_HASH_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET + \
MBEDTLS_LMOTS_Q_LEAF_ID_LEN)
/* We only support parameter sets that use 8-bit digits, as it does not require /* We only support parameter sets that use 8-bit digits, as it does not require
* translation logic between digits and bytes */ * translation logic between digits and bytes */
@ -69,7 +74,8 @@
static const unsigned char D_PUBLIC_CONSTANT_BYTES[D_CONST_LEN] = {0x80, 0x80}; static const unsigned char D_PUBLIC_CONSTANT_BYTES[D_CONST_LEN] = {0x80, 0x80};
static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = {0x81, 0x81}; static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = {0x81, 0x81};
void unsigned_int_to_network_bytes(unsigned int val, size_t len, unsigned char *bytes) void unsigned_int_to_network_bytes(unsigned int val, size_t len,
unsigned char *bytes)
{ {
size_t idx; size_t idx;
@ -78,7 +84,8 @@ void unsigned_int_to_network_bytes(unsigned int val, size_t len, unsigned char *
} }
} }
unsigned int network_bytes_to_unsigned_int(size_t len, const unsigned char *bytes) unsigned int network_bytes_to_unsigned_int(size_t len,
const unsigned char *bytes)
{ {
size_t idx; size_t idx;
unsigned int val = 0; unsigned int val = 0;
@ -195,13 +202,18 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params,
i_digit_idx++ ) i_digit_idx++ )
{ {
memcpy( tmp_hash, &x_digit_array[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)], memcpy( tmp_hash,
&x_digit_array[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
MBEDTLS_LMOTS_N_HASH_LEN(params->type) ); MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
j_hash_idx_min = hash_idx_min_values != NULL ? hash_idx_min_values[i_digit_idx] : 0; j_hash_idx_min = hash_idx_min_values != NULL ?
j_hash_idx_max = hash_idx_max_values != NULL ? hash_idx_max_values[i_digit_idx] : DIGIT_MAX_VALUE; hash_idx_min_values[i_digit_idx] : 0;
j_hash_idx_max = hash_idx_max_values != NULL ?
hash_idx_max_values[i_digit_idx] : DIGIT_MAX_VALUE;
for ( j_hash_idx = (unsigned char)j_hash_idx_min; j_hash_idx < j_hash_idx_max; j_hash_idx++ ) for ( j_hash_idx = (unsigned char)j_hash_idx_min;
j_hash_idx < j_hash_idx_max;
j_hash_idx++ )
{ {
status = psa_hash_setup( &op, PSA_ALG_SHA_256 ); status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
ret = mbedtls_lms_error_from_psa( status ); ret = mbedtls_lms_error_from_psa( status );
@ -222,13 +234,15 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params,
if ( ret != 0 ) if ( ret != 0 )
goto exit; goto exit;
unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN, i_digit_idx_bytes ); unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN,
i_digit_idx_bytes );
status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN ); status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN );
ret = mbedtls_lms_error_from_psa( status ); ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 ) if ( ret != 0 )
goto exit; goto exit;
unsigned_int_to_network_bytes( j_hash_idx, J_HASH_IDX_LEN, j_hash_idx_bytes ); unsigned_int_to_network_bytes( j_hash_idx, J_HASH_IDX_LEN,
j_hash_idx_bytes );
status = psa_hash_update( &op, j_hash_idx_bytes, J_HASH_IDX_LEN ); status = psa_hash_update( &op, j_hash_idx_bytes, J_HASH_IDX_LEN );
ret = mbedtls_lms_error_from_psa( status ); ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 ) if ( ret != 0 )
@ -240,7 +254,8 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params,
if ( ret != 0 ) if ( ret != 0 )
goto exit; goto exit;
status = psa_hash_finish( &op, tmp_hash, sizeof( tmp_hash ), &output_hash_len ); status = psa_hash_finish( &op, tmp_hash, sizeof( tmp_hash ),
&output_hash_len );
ret = mbedtls_lms_error_from_psa( status ); ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 ) if ( ret != 0 )
goto exit; goto exit;
@ -248,8 +263,8 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params,
psa_hash_abort( &op ); psa_hash_abort( &op );
} }
memcpy( &output[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)], tmp_hash, memcpy( &output[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
MBEDTLS_LMOTS_N_HASH_LEN(params->type) ); tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
} }
exit: exit:
@ -304,7 +319,8 @@ static int public_key_from_hashed_digit_array( const mbedtls_lmots_parameters_t
if ( ret != 0 ) if ( ret != 0 )
goto exit; goto exit;
status = psa_hash_finish( &op, pub_key, MBEDTLS_LMOTS_N_HASH_LEN(params->type), status = psa_hash_finish( &op, pub_key,
MBEDTLS_LMOTS_N_HASH_LEN(params->type),
&output_hash_len ); &output_hash_len );
ret = mbedtls_lms_error_from_psa( status ); ret = mbedtls_lms_error_from_psa( status );
@ -354,10 +370,12 @@ int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx,
} }
memcpy( ctx->params.I_key_identifier, memcpy( ctx->params.I_key_identifier,
key + MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET, MBEDTLS_LMOTS_I_KEY_ID_LEN ); key + MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET,
MBEDTLS_LMOTS_I_KEY_ID_LEN );
memcpy( ctx->params.q_leaf_identifier, memcpy( ctx->params.q_leaf_identifier,
key + MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET, MBEDTLS_LMOTS_Q_LEAF_ID_LEN ); key + MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET,
MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
memcpy( ctx->public_key, memcpy( ctx->public_key,
key + MBEDTLS_LMOTS_PUBLIC_KEY_KEY_HASH_OFFSET, key + MBEDTLS_LMOTS_PUBLIC_KEY_KEY_HASH_OFFSET,
@ -448,7 +466,7 @@ int mbedtls_lmots_verify( mbedtls_lmots_public_t *ctx, const unsigned char *msg,
} }
if ( network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, if ( network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 ) sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 )
{ {
return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
} }
@ -545,7 +563,8 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx,
if ( ret ) if ( ret )
goto exit; goto exit;
unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN, i_digit_idx_bytes ); unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN,
i_digit_idx_bytes );
status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN ); status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN );
ret = mbedtls_lms_error_from_psa( status ); ret = mbedtls_lms_error_from_psa( status );
if ( ret ) if ( ret )
@ -691,7 +710,8 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
} }
ret = f_rng( p_rng, tmp_c_random, MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) ); ret = f_rng( p_rng, tmp_c_random,
MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) );
if ( ret ) if ( ret )
{ {
return( ret ); return( ret );

21
library/lmots.h
View file

@ -59,8 +59,9 @@
extern "C" { extern "C" {
#endif #endif
/* https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml /** The Identifier of the LMS parameter set, as per
* We are only implementing a subset of the types, particularly n32_w8, for the sake of simplicty. * https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml.
* We are only implementing a subset of the types, particularly N32_W8, for the sake of simplicty.
*/ */
typedef enum { typedef enum {
MBEDTLS_LMOTS_SHA256_N32_W8 = 4 MBEDTLS_LMOTS_SHA256_N32_W8 = 4
@ -144,7 +145,8 @@ typedef struct {
* *
* \return The corresponding LMS error code. * \return The corresponding LMS error code.
*/ */
void unsigned_int_to_network_bytes(unsigned int val, size_t len, unsigned char *bytes); void unsigned_int_to_network_bytes(unsigned int val, size_t len,
unsigned char *bytes);
/** /**
* \brief This function converts a network-byte-order * \brief This function converts a network-byte-order
@ -155,7 +157,8 @@ void unsigned_int_to_network_bytes(unsigned int val, size_t len, unsigned char *
* *
* \return The corresponding LMS error code. * \return The corresponding LMS error code.
*/ */
unsigned int network_bytes_to_unsigned_int(size_t len, const unsigned char *bytes); unsigned int network_bytes_to_unsigned_int(size_t len,
const unsigned char *bytes);
/** /**
* \brief This function converts a \ref psa_status_t to a * \brief This function converts a \ref psa_status_t to a
@ -196,8 +199,8 @@ void mbedtls_lmots_free_public( mbedtls_lmots_public_t *ctx );
* *
* \param ctx The initialized LMOTS context store the key in. * \param ctx The initialized LMOTS context store the key in.
* \param key The buffer from which the key will be read. * \param key The buffer from which the key will be read.
* #MBEDTLS_LMOTS_PUBLIC_KEY_LEN bytes will be read from * #MBEDTLS_LMOTS_PUBLIC_KEY_LEN bytes will be read
* this. * from this.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return A non-zero error code on failure. * \return A non-zero error code on failure.
@ -221,7 +224,8 @@ int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx,
* \param msg The buffer from which the message will be read. * \param msg The buffer from which the message will be read.
* \param msg_size The size of the message that will be read. * \param msg_size The size of the message that will be read.
* \param sig The buffer from which the signature will be read. * \param sig The buffer from which the signature will be read.
* #MBEDTLS_LMOTS_SIG_LEN bytes will be read from this. * #MBEDTLS_LMOTS_SIG_LEN bytes will be read from
* this.
* \param out The buffer where the candidate public key will be * \param out The buffer where the candidate public key will be
* stored. Must be at least #MBEDTLS_LMOTS_N_HASH_LEN * stored. Must be at least #MBEDTLS_LMOTS_N_HASH_LEN
* bytes in size. * bytes in size.
@ -248,7 +252,8 @@ int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters
* *
* \note Before this function is called, the context must * \note Before this function is called, the context must
* have been initialized and must contain a public key * have been initialized and must contain a public key
* (either by import or calculation from a private key). * (either by import or calculation from a private
* key).
* *
* \param ctx The initialized LMOTS context from which the public * \param ctx The initialized LMOTS context from which the public
* key will be read. * key will be read.

62
library/lms.c
View file

@ -55,14 +55,20 @@
#endif #endif
#define MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET (0) #define MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET (0)
#define MBEDTLS_LMS_SIG_OTS_SIG_OFFSET (MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET + MBEDTLS_LMOTS_Q_LEAF_ID_LEN) #define MBEDTLS_LMS_SIG_OTS_SIG_OFFSET (MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET + \
#define MBEDTLS_LMS_SIG_TYPE_OFFSET(otstype) (MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_LEN(otstype)) MBEDTLS_LMOTS_Q_LEAF_ID_LEN)
#define MBEDTLS_LMS_SIG_PATH_OFFSET(otstype) (MBEDTLS_LMS_SIG_TYPE_OFFSET(otstype) + MBEDTLS_LMS_TYPE_LEN) #define MBEDTLS_LMS_SIG_TYPE_OFFSET(otstype) (MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + \
MBEDTLS_LMOTS_SIG_LEN(otstype))
#define MBEDTLS_LMS_SIG_PATH_OFFSET(otstype) (MBEDTLS_LMS_SIG_TYPE_OFFSET(otstype) + \
MBEDTLS_LMS_TYPE_LEN)
#define MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET (0) #define MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET (0)
#define MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET + MBEDTLS_LMS_TYPE_LEN) #define MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET + \
#define MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) MBEDTLS_LMS_TYPE_LEN)
#define MBEDTLS_LMS_PUBLIC_KEY_ROOT_NODE_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET + MBEDTLS_LMOTS_I_KEY_ID_LEN) #define MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET + \
MBEDTLS_LMOTS_TYPE_LEN)
#define MBEDTLS_LMS_PUBLIC_KEY_ROOT_NODE_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET + \
MBEDTLS_LMOTS_I_KEY_ID_LEN)
/* Currently only support H=10 */ /* Currently only support H=10 */
@ -208,7 +214,8 @@ int mbedtls_lms_import_public_key( mbedtls_lms_public_t *ctx,
return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
} }
type = network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET ); type = network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN,
key + MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET );
if( type != MBEDTLS_LMS_SHA256_M32_H10 ) if( type != MBEDTLS_LMS_SHA256_M32_H10 )
{ {
return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
@ -216,7 +223,7 @@ int mbedtls_lms_import_public_key( mbedtls_lms_public_t *ctx,
ctx->params.type = type; ctx->params.type = type;
otstype = network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, otstype = network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET ); key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET );
if( otstype != MBEDTLS_LMOTS_SHA256_N32_W8 ) if( otstype != MBEDTLS_LMOTS_SHA256_N32_W8 )
{ {
return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
@ -272,14 +279,14 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
} }
if( network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, if( network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET) sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET)
!= MBEDTLS_LMOTS_SHA256_N32_W8 ) != MBEDTLS_LMOTS_SHA256_N32_W8 )
{ {
return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
} }
if( network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, if( network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN,
sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype)) sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype))
!= MBEDTLS_LMS_SHA256_M32_H10 ) != MBEDTLS_LMS_SHA256_M32_H10 )
{ {
return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
@ -287,7 +294,7 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
q_leaf_identifier = network_bytes_to_unsigned_int( MBEDTLS_LMOTS_Q_LEAF_ID_LEN, q_leaf_identifier = network_bytes_to_unsigned_int( MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET ); sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET );
if( q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type) ) if( q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type) )
{ {
@ -302,12 +309,10 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
ots_params.q_leaf_identifier ); ots_params.q_leaf_identifier );
ots_params.type = ctx->params.otstype; ots_params.type = ctx->params.otstype;
ret = mbedtls_lmots_calculate_public_key_candidate( &ots_params, msg, msg_size, ret = mbedtls_lmots_calculate_public_key_candidate( &ots_params, msg,
sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET, msg_size, sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET,
MBEDTLS_LMOTS_SIG_LEN(ctx->params.otstype), MBEDTLS_LMOTS_SIG_LEN(ctx->params.otstype), Kc_candidate_ots_pub_key,
Kc_candidate_ots_pub_key, sizeof(Kc_candidate_ots_pub_key), NULL );
sizeof(Kc_candidate_ots_pub_key),
NULL );
if( ret ) if( ret )
{ {
return( ret ); return( ret );
@ -319,7 +324,8 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier, MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,
Tc_candidate_root_node ); Tc_candidate_root_node );
curr_node_id = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier; curr_node_id = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) +
q_leaf_identifier;
for( height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type); for( height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type);
height++ ) height++ )
@ -389,7 +395,8 @@ static int calculate_merkle_tree( mbedtls_lms_private_t *ctx,
ret = create_merkle_internal_value( &ctx->params, ret = create_merkle_internal_value( &ctx->params,
&tree[(r_node_idx * 2) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], &tree[(r_node_idx * 2) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)],
&tree[(r_node_idx * 2 + 1) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], &tree[(r_node_idx * 2 + 1) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)],
r_node_idx, &tree[r_node_idx * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)] ); r_node_idx,
&tree[r_node_idx * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)] );
if( ret ) if( ret )
{ {
return( ret ); return( ret );
@ -587,7 +594,8 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx,
} }
int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, unsigned char *key, int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx,
unsigned char *key,
size_t key_size, size_t *key_len ) size_t key_size, size_t *key_len )
{ {
if( key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type) ) { if( key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type) ) {
@ -602,9 +610,8 @@ int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, unsigned char *key
unsigned_int_to_network_bytes( unsigned_int_to_network_bytes(
ctx->params.type, ctx->params.type,
MBEDTLS_LMS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET ); MBEDTLS_LMS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET );
unsigned_int_to_network_bytes( unsigned_int_to_network_bytes( ctx->params.otstype, MBEDTLS_LMOTS_TYPE_LEN,
ctx->params.otstype, key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET );
MBEDTLS_LMOTS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET );
memcpy( key + MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET, memcpy( key + MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET,
ctx->params.I_key_identifier, ctx->params.I_key_identifier,
MBEDTLS_LMOTS_I_KEY_ID_LEN ); MBEDTLS_LMOTS_I_KEY_ID_LEN );
@ -671,15 +678,14 @@ int mbedtls_lms_sign( mbedtls_lms_private_t *ctx,
return( ret ); return( ret );
} }
unsigned_int_to_network_bytes( ctx->params.type, unsigned_int_to_network_bytes( ctx->params.type, MBEDTLS_LMS_TYPE_LEN,
MBEDTLS_LMS_TYPE_LEN, sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype) );
sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype) );
unsigned_int_to_network_bytes( q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN, unsigned_int_to_network_bytes( q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET); sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET);
ret = get_merkle_path( ctx, ret = get_merkle_path( ctx,
MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier, MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,
sig + MBEDTLS_LMS_SIG_PATH_OFFSET(ctx->params.otstype) ); sig + MBEDTLS_LMS_SIG_PATH_OFFSET(ctx->params.otstype) );
if( ret ) if( ret )
{ {
return( ret ); return( ret );