eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use PSA hashing for LMS and LMOTS

Browse source 
Signed-off-by: Raef Coles <raef.coles@arm.com>
This commit is contained in:
Raef Coles 2022-08-25 13:49:54 +01:00
parent 7dce69a27a
commit c8f9604d7b
No known key found for this signature in database
GPG key ID: 1AAF1B43DF2086F4
8 changed files with 185 additions and 127 deletions
Download patch file Download diff file Expand all files Collapse all files

4
include/mbedtls/check_config.h
View file

@ -354,8 +354,8 @@
#endif #endif
#if defined(MBEDTLS_LMS_C) && \ #if defined(MBEDTLS_LMS_C) && \
( !defined(MBEDTLS_MD_C) ) ( !defined(MBEDTLS_PSA_CRYPTO_C) )
#error "MBEDTLS_LMS_C requires MBEDTLS_MD_C" #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C"
#endif #endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \

2
include/mbedtls/error.h
View file

@ -82,7 +82,7 @@
* POLY1305 3 0x0057-0x005B * POLY1305 3 0x0057-0x005B
* CHACHAPOLY 2 0x0054-0x0056 * CHACHAPOLY 2 0x0054-0x0056
* PLATFORM 2 0x0070-0x0072 * PLATFORM 2 0x0070-0x0072
* LMS 2 0x0011-0x0017 * LMS 5 0x0011-0x0019
* *
* High-level module nr (3 bits - 0x0...-0x7...) * High-level module nr (3 bits - 0x0...-0x7...)
* Name ID Nr of Errors * Name ID Nr of Errors

1
include/mbedtls/lms.h
View file

@ -38,6 +38,7 @@
#define MBEDTLS_ERR_LMS_OUT_OF_PRIV_KEYS -0x0013 /**< Specified LMS key has utilised all of its private keys */ #define MBEDTLS_ERR_LMS_OUT_OF_PRIV_KEYS -0x0013 /**< Specified LMS key has utilised all of its private keys */
#define MBEDTLS_ERR_LMS_VERIFY_FAILED -0x0015 /**< LMS signature verification failed */ #define MBEDTLS_ERR_LMS_VERIFY_FAILED -0x0015 /**< LMS signature verification failed */
#define MBEDTLS_ERR_LMS_ALLOC_FAILED -0x0017 /**< LMS failed to allocate space for a private key */ #define MBEDTLS_ERR_LMS_ALLOC_FAILED -0x0017 /**< LMS failed to allocate space for a private key */
#define MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL -0x0019 /**< Input/output buffer is too small to contain requited data */
#define MBEDTLS_LMS_TYPE_LEN (4) #define MBEDTLS_LMS_TYPE_LEN (4)
#define MBEDTLS_LMS_H_TREE_HEIGHT (10) #define MBEDTLS_LMS_H_TREE_HEIGHT (10)

209
library/lmots.c
View file

@ -38,10 +38,12 @@
#include "lmots.h" #include "lmots.h"
#include "mbedtls/md.h" #include "mbedtls/lms.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "psa/crypto.h"
#define W_SYMBOL_BIT_LEN (8) #define W_SYMBOL_BIT_LEN (8)
#define CHECKSUM_LEN (2) #define CHECKSUM_LEN (2)
#define I_SYMBOL_IDX_LEN (2) #define I_SYMBOL_IDX_LEN (2)
@ -94,56 +96,61 @@ static int create_symbol_array( const unsigned char I_key_identifier[MBEDTLS_LMO
const unsigned char C_random_value[MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN], const unsigned char C_random_value[MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN],
unsigned char out[MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN] ) unsigned char out[MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN] )
{ {
mbedtls_md_context_t hash_ctx; psa_hash_operation_t op;
psa_status_t status;
size_t output_hash_len;
unsigned char D_MESG_BYTES[D_CONST_LEN]; unsigned char D_MESG_BYTES[D_CONST_LEN];
unsigned short checksum; unsigned short checksum;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_init( &hash_ctx ); op = psa_hash_operation_init();
ret = mbedtls_md_setup( &hash_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 0 ); status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
if( ret ) ret = mbedtls_lms_error_from_psa( status );
{ if ( ret != 0 )
goto out;
}
ret = mbedtls_md_starts( &hash_ctx );
if ( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN ); status = psa_hash_update( &op, I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN ); status = psa_hash_update( &op, q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
val_to_network_bytes( D_MESG_CONSTANT, D_CONST_LEN, D_MESG_BYTES ); val_to_network_bytes( D_MESG_CONSTANT, D_CONST_LEN, D_MESG_BYTES );
ret = mbedtls_md_update( &hash_ctx, D_MESG_BYTES, sizeof( D_MESG_BYTES ) ); status = psa_hash_update( &op, D_MESG_BYTES, sizeof( D_MESG_BYTES ) );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, C_random_value, MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN ); status = psa_hash_update( &op, C_random_value, MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, msg, msg_len ); status = psa_hash_update( &op, msg, msg_len );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_finish( &hash_ctx, out ); status = psa_hash_finish( &op, out, MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN,
if ( ret ) &output_hash_len );
ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
@ -152,7 +159,7 @@ static int create_symbol_array( const unsigned char I_key_identifier[MBEDTLS_LMO
val_to_network_bytes( checksum, CHECKSUM_LEN, out + MBEDTLS_LMOTS_N_HASH_LEN ); val_to_network_bytes( checksum, CHECKSUM_LEN, out + MBEDTLS_LMOTS_N_HASH_LEN );
out: out:
mbedtls_md_free( &hash_ctx ); psa_hash_abort( &op );
return( ret ); return( ret );
} }
@ -170,7 +177,9 @@ static int hash_symbol_array( const unsigned char I_key_identifier[MBEDTLS_LMOTS
unsigned char j_hash_idx_bytes[1]; unsigned char j_hash_idx_bytes[1];
unsigned short j_hash_idx_min; unsigned short j_hash_idx_min;
unsigned short j_hash_idx_max; unsigned short j_hash_idx_max;
mbedtls_md_context_t hash_ctx; psa_hash_operation_t op;
psa_status_t status;
size_t output_hash_len;
unsigned char tmp_hash[32]; unsigned char tmp_hash[32];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -184,57 +193,59 @@ static int hash_symbol_array( const unsigned char I_key_identifier[MBEDTLS_LMOTS
for ( j_hash_idx = (unsigned char)j_hash_idx_min; j_hash_idx < j_hash_idx_max; j_hash_idx++ ) for ( j_hash_idx = (unsigned char)j_hash_idx_min; j_hash_idx < j_hash_idx_max; j_hash_idx++ )
{ {
mbedtls_md_init( &hash_ctx ); op = psa_hash_operation_init();
ret = mbedtls_md_setup( &hash_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 0 ); status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
if( ret ) ret = mbedtls_lms_error_from_psa( status );
{ if ( ret != 0 )
goto out;
}
ret = mbedtls_md_starts( &hash_ctx );
if ( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN ); status = psa_hash_update( &op, I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN ); status = psa_hash_update( &op, q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
val_to_network_bytes( i_symbol_idx, I_SYMBOL_IDX_LEN, i_symbol_idx_bytes ); val_to_network_bytes( i_symbol_idx, I_SYMBOL_IDX_LEN, i_symbol_idx_bytes );
ret = mbedtls_md_update( &hash_ctx, i_symbol_idx_bytes, I_SYMBOL_IDX_LEN ); status = psa_hash_update( &op, i_symbol_idx_bytes, I_SYMBOL_IDX_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
val_to_network_bytes( j_hash_idx, J_HASH_IDX_LEN, j_hash_idx_bytes ); val_to_network_bytes( j_hash_idx, J_HASH_IDX_LEN, j_hash_idx_bytes );
ret = mbedtls_md_update( &hash_ctx, j_hash_idx_bytes, J_HASH_IDX_LEN ); status = psa_hash_update( &op, j_hash_idx_bytes, J_HASH_IDX_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN ); status = psa_hash_update( &op, tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_finish( &hash_ctx, tmp_hash ); status = psa_hash_finish( &op, tmp_hash, sizeof( tmp_hash ), &output_hash_len );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
mbedtls_md_free( &hash_ctx ); psa_hash_abort( &op );
} }
memcpy( &output[i_symbol_idx], tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN ); memcpy( &output[i_symbol_idx], tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN );
@ -243,7 +254,7 @@ static int hash_symbol_array( const unsigned char I_key_identifier[MBEDTLS_LMOTS
out: out:
if( ret ) if( ret )
{ {
mbedtls_md_free( &hash_ctx ); psa_hash_abort( &op );
return( ret ); return( ret );
} }
@ -256,56 +267,75 @@ static int public_key_from_hashed_symbol_array( const unsigned char I_key_identi
unsigned char *pub_key ) unsigned char *pub_key )
{ {
unsigned char D_PBLC_bytes[D_CONST_LEN]; unsigned char D_PBLC_bytes[D_CONST_LEN];
mbedtls_md_context_t hash_ctx; psa_hash_operation_t op;
psa_status_t status;
size_t output_hash_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_init( &hash_ctx ); op = psa_hash_operation_init( );
ret = mbedtls_md_setup( &hash_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 0 ); status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
if( ret ) ret = mbedtls_lms_error_from_psa( status );
{ if ( ret != 0 )
goto out;
}
ret = mbedtls_md_starts( &hash_ctx );
if ( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, I_key_identifier, status = psa_hash_update( &op, I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN );
MBEDTLS_LMOTS_I_KEY_ID_LEN ); ret = mbedtls_lms_error_from_psa( status );
if ( ret ) if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, q_leaf_identifier, status = psa_hash_update( &op, q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
MBEDTLS_LMOTS_Q_LEAF_ID_LEN ); ret = mbedtls_lms_error_from_psa( status );
if ( ret ) if ( ret != 0 )
{ {
goto out; goto out;
} }
val_to_network_bytes( D_PBLC_CONSTANT, D_CONST_LEN, D_PBLC_bytes ); val_to_network_bytes( D_PBLC_CONSTANT, D_CONST_LEN, D_PBLC_bytes );
ret = mbedtls_md_update( &hash_ctx, D_PBLC_bytes, D_CONST_LEN ); status = psa_hash_update( &op, D_PBLC_bytes, D_CONST_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, ( unsigned char * )y_hashed_symbols, status = psa_hash_update( &op, ( unsigned char * )y_hashed_symbols,
MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN * MBEDTLS_LMOTS_N_HASH_LEN ); MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN * MBEDTLS_LMOTS_N_HASH_LEN );
if ( ret ) ret = mbedtls_lms_error_from_psa( status );
if ( ret != 0 )
{ {
goto out; goto out;
} }
ret = mbedtls_md_finish( &hash_ctx, pub_key ); status = psa_hash_finish( &op, pub_key, 32, &output_hash_len );
ret = mbedtls_lms_error_from_psa( status );
out: out:
mbedtls_md_free( &hash_ctx ); psa_hash_abort( &op );
return( ret ); return( ret );
} }
int mbedtls_lms_error_from_psa(psa_status_t status)
{
switch( status ) {
case PSA_SUCCESS:
return( 0 );
case PSA_ERROR_HARDWARE_FAILURE:
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
case PSA_ERROR_NOT_SUPPORTED:
return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
case PSA_ERROR_BUFFER_TOO_SMALL:
return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
case PSA_ERROR_INVALID_ARGUMENT:
return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
default:
return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
}
}
void mbedtls_lmots_init( mbedtls_lmots_context *ctx ) void mbedtls_lmots_init( mbedtls_lmots_context *ctx )
{ {
if( ctx == NULL ) { if( ctx == NULL ) {
@ -585,7 +615,9 @@ int mbedtls_lmots_gen_privkey( mbedtls_lmots_context *ctx,
const unsigned char *seed, const unsigned char *seed,
size_t seed_len ) size_t seed_len )
{ {
mbedtls_md_context_t hash_ctx; psa_hash_operation_t op;
psa_status_t status;
size_t output_hash_len;
unsigned int i_symbol_idx; unsigned int i_symbol_idx;
unsigned char i_symbol_idx_bytes[2]; unsigned char i_symbol_idx_bytes[2];
unsigned char const_bytes[1]; unsigned char const_bytes[1];
@ -617,57 +649,60 @@ int mbedtls_lmots_gen_privkey( mbedtls_lmots_context *ctx,
for ( i_symbol_idx = 0; i_symbol_idx < MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN; i_symbol_idx++ ) for ( i_symbol_idx = 0; i_symbol_idx < MBEDTLS_LMOTS_P_SIG_SYMBOL_LEN; i_symbol_idx++ )
{ {
mbedtls_md_init( &hash_ctx ); op = psa_hash_operation_init( );
ret = mbedtls_md_setup( &hash_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 0 ); status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
if( ret ) ret = mbedtls_lms_error_from_psa( status );
{ if ( ret != 0 )
goto out;
}
ret = mbedtls_md_starts( &hash_ctx );
if ( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, ctx->MBEDTLS_PRIVATE(I_key_identifier), ret = psa_hash_update( &op, ctx->MBEDTLS_PRIVATE(I_key_identifier),
sizeof( ctx->MBEDTLS_PRIVATE(I_key_identifier) ) ); sizeof( ctx->MBEDTLS_PRIVATE(I_key_identifier) ) );
ret = mbedtls_lms_error_from_psa( status );
if ( ret ) { if ( ret ) {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, ctx->MBEDTLS_PRIVATE(q_leaf_identifier_bytes), status = psa_hash_update( &op, ctx->MBEDTLS_PRIVATE(q_leaf_identifier_bytes),
sizeof( ctx->MBEDTLS_PRIVATE(q_leaf_identifier_bytes) ) ); sizeof( ctx->MBEDTLS_PRIVATE(q_leaf_identifier_bytes) ) );
ret = mbedtls_lms_error_from_psa( status );
if ( ret ) if ( ret )
{ {
goto out; goto out;
} }
val_to_network_bytes( i_symbol_idx, I_SYMBOL_IDX_LEN, i_symbol_idx_bytes ); val_to_network_bytes( i_symbol_idx, I_SYMBOL_IDX_LEN, i_symbol_idx_bytes );
ret = mbedtls_md_update( &hash_ctx, i_symbol_idx_bytes, I_SYMBOL_IDX_LEN ); status = psa_hash_update( &op, i_symbol_idx_bytes, I_SYMBOL_IDX_LEN );
ret = mbedtls_lms_error_from_psa( status );
if ( ret ) if ( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, const_bytes, sizeof( const_bytes) ); status = psa_hash_update( &op, const_bytes, sizeof( const_bytes) );
ret = mbedtls_lms_error_from_psa( status );
if ( ret ) if ( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, seed, seed_len ); status = psa_hash_update( &op, seed, seed_len );
ret = mbedtls_lms_error_from_psa( status );
if ( ret ) if ( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_finish( &hash_ctx, ctx->MBEDTLS_PRIVATE(priv_key)[i_symbol_idx] ); status = psa_hash_finish( &op, ctx->MBEDTLS_PRIVATE(priv_key)[i_symbol_idx],
32, &output_hash_len );
ret = mbedtls_lms_error_from_psa( status );
if ( ret ) if ( ret )
{ {
goto out; goto out;
} }
mbedtls_md_free( &hash_ctx); psa_hash_abort( &op );
} }
ctx->MBEDTLS_PRIVATE(have_privkey) = 1; ctx->MBEDTLS_PRIVATE(have_privkey) = 1;
@ -675,7 +710,7 @@ int mbedtls_lmots_gen_privkey( mbedtls_lmots_context *ctx,
out: out:
if( ret ) if( ret )
{ {
mbedtls_md_free( &hash_ctx ); psa_hash_abort( &op );
return( ret ); return( ret );
} }

15
library/lmots.h
View file

@ -28,6 +28,8 @@
#include "mbedtls/private_access.h" #include "mbedtls/private_access.h"
#include "psa/crypto.h"
#include <stdint.h> #include <stdint.h>
#include <stddef.h> #include <stddef.h>
@ -115,6 +117,16 @@ typedef struct {
output. */ output. */
} mbedtls_lmots_context; } mbedtls_lmots_context;
/**
* \brief This function converts a \ref psa_status_t to a
* low-level LMS error code.
*
* \param status The psa_status_t to convert
*
* \return The corresponding LMS error code.
*/
int mbedtls_lms_error_from_psa(psa_status_t status);
/** /**
* \brief This function initializes an LMOTS context * \brief This function initializes an LMOTS context
@ -140,6 +152,9 @@ void mbedtls_lmots_free( mbedtls_lmots_context *ctx );
* *
* \param ctx The initialized LMOTS context. * \param ctx The initialized LMOTS context.
* \param type The type that will be set in the context. * \param type The type that will be set in the context.
*
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/ */
int mbedtls_lmots_set_algorithm_type( mbedtls_lmots_context *ctx, int mbedtls_lmots_set_algorithm_type( mbedtls_lmots_context *ctx,
mbedtls_lmots_algorithm_type_t type ); mbedtls_lmots_algorithm_type_t type );

77
library/lms.c
View file

@ -38,8 +38,9 @@
#include "lmots.h" #include "lmots.h"
#include "psa/crypto.h"
#include "mbedtls/lms.h" #include "mbedtls/lms.h"
#include "mbedtls/md.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
@ -88,59 +89,61 @@ static int create_merkle_leaf_node( const mbedtls_lms_context *ctx,
unsigned int r_node_idx, unsigned int r_node_idx,
unsigned char out[32] ) unsigned char out[32] )
{ {
mbedtls_md_context_t hash_ctx; psa_hash_operation_t op;
psa_status_t status;
size_t output_hash_len;
unsigned char D_LEAF_bytes[D_CONST_LEN]; unsigned char D_LEAF_bytes[D_CONST_LEN];
unsigned char r_node_idx_bytes[4]; unsigned char r_node_idx_bytes[4];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_init( &hash_ctx ); op = psa_hash_operation_init( );
ret = mbedtls_md_setup( &hash_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 0 ); status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
if( ret ) ret = mbedtls_lms_error_from_psa( status );
{ if ( ret != 0 )
goto out;
}
ret = mbedtls_md_starts( &hash_ctx );
if( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, status = psa_hash_update( &op, ctx->MBEDTLS_PRIVATE(I_key_identifier),
ctx->MBEDTLS_PRIVATE(I_key_identifier), MBEDTLS_LMOTS_I_KEY_ID_LEN );
MBEDTLS_LMOTS_I_KEY_ID_LEN ); ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
val_to_network_bytes( r_node_idx, 4, r_node_idx_bytes ); val_to_network_bytes( r_node_idx, 4, r_node_idx_bytes );
ret = mbedtls_md_update( &hash_ctx, r_node_idx_bytes, 4 ); status = psa_hash_update( &op, r_node_idx_bytes, 4 );
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
val_to_network_bytes( D_LEAF_CONSTANT, D_CONST_LEN, D_LEAF_bytes ); val_to_network_bytes( D_LEAF_CONSTANT, D_CONST_LEN, D_LEAF_bytes );
ret = mbedtls_md_update( &hash_ctx, D_LEAF_bytes, D_CONST_LEN ); status = psa_hash_update( &op, D_LEAF_bytes, D_CONST_LEN );
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, pub_key, MBEDTLS_LMOTS_N_HASH_LEN ); status = psa_hash_update( &op, pub_key, MBEDTLS_LMOTS_N_HASH_LEN );
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_finish( &hash_ctx, out ); status = psa_hash_finish( &op, out, 32, &output_hash_len);
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
out: out:
mbedtls_md_free( &hash_ctx ); psa_hash_abort( &op );
return( ret ); return( ret );
} }
@ -151,64 +154,68 @@ static int create_merkle_intr_node( const mbedtls_lms_context *ctx,
unsigned int r_node_idx, unsigned int r_node_idx,
unsigned char out[32] ) unsigned char out[32] )
{ {
mbedtls_md_context_t hash_ctx; psa_hash_operation_t op;
psa_status_t status;
size_t output_hash_len;
unsigned char D_INTR_bytes[D_CONST_LEN]; unsigned char D_INTR_bytes[D_CONST_LEN];
unsigned char r_node_idx_bytes[4]; unsigned char r_node_idx_bytes[4];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_init( &hash_ctx ); op = psa_hash_operation_init( );
ret = mbedtls_md_setup( &hash_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 0 ); status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
if( ret ) ret = mbedtls_lms_error_from_psa( status );
{ if ( ret != 0 )
goto out;
}
ret = mbedtls_md_starts( &hash_ctx );
if( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, ctx->MBEDTLS_PRIVATE(I_key_identifier), status = psa_hash_update( &op, ctx->MBEDTLS_PRIVATE(I_key_identifier),
MBEDTLS_LMOTS_I_KEY_ID_LEN ); MBEDTLS_LMOTS_I_KEY_ID_LEN );
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
val_to_network_bytes( r_node_idx, 4, r_node_idx_bytes ); val_to_network_bytes( r_node_idx, 4, r_node_idx_bytes );
ret = mbedtls_md_update( &hash_ctx, r_node_idx_bytes, 4 ); status = psa_hash_update( &op, r_node_idx_bytes, 4 );
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
val_to_network_bytes( D_INTR_CONSTANT, D_CONST_LEN, D_INTR_bytes ); val_to_network_bytes( D_INTR_CONSTANT, D_CONST_LEN, D_INTR_bytes );
ret = mbedtls_md_update( &hash_ctx, D_INTR_bytes, D_CONST_LEN ); status = psa_hash_update( &op, D_INTR_bytes, D_CONST_LEN );
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, left_node, MBEDTLS_LMOTS_N_HASH_LEN ); status = psa_hash_update( &op, left_node, MBEDTLS_LMOTS_N_HASH_LEN );
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_update( &hash_ctx, rght_node, MBEDTLS_LMOTS_N_HASH_LEN ); status = psa_hash_update( &op, rght_node, MBEDTLS_LMOTS_N_HASH_LEN );
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
ret = mbedtls_md_finish( &hash_ctx, out ); ret = psa_hash_finish( &op, out, 32, &output_hash_len);
ret = mbedtls_lms_error_from_psa( status );
if( ret ) if( ret )
{ {
goto out; goto out;
} }
out: out:
mbedtls_md_free( &hash_ctx ); psa_hash_abort( &op );
return ret; return ret;
} }

2
tests/suites/test_suite_lmots.function
View file

@ -8,7 +8,7 @@
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_LMS_C:MBEDTLS_SHA256_C:MBEDTLS_CTR_DRBG_C * depends_on:MBEDTLS_LMS_C:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_CTR_DRBG_C
* END_DEPENDENCIES * END_DEPENDENCIES
*/ */

2
tests/suites/test_suite_lms.function
View file

@ -6,7 +6,7 @@
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_LMS_C:MBEDTLS_SHA256_C:MBEDTLS_CTR_DRBG_C * depends_on:MBEDTLS_LMS_C:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_CTR_DRBG_C
* END_DEPENDENCIES * END_DEPENDENCIES
*/ */