#include <stdint.h>
#include "nettle-types.h"
-#include "sha2.h"
-#include "sha3.h"
/* Name mangling */
#define _wots_gen _nettle_wots_gen
SLH_FORS_PRF = 6,
};
-union slh_hash_ctx
-{
- struct sha256_ctx sha256;
- struct sha3_ctx sha3;
-};
-
typedef void slh_hash_randomizer_func (const uint8_t *public_seed, const uint8_t *secret_prf,
size_t prefix_length, const uint8_t *prefix,
size_t msg_length, const uint8_t *msg,
_xmss_gen (const struct slh_hash *hash,
const uint8_t *public_seed, const uint8_t *secret_seed,
const struct slh_xmss_params *xmss, uint8_t *root,
- void *tree_ctx, uint8_t *scratch);
+ void *tree_ctx, void *scratch_ctx, uint8_t *scratch);
/* Signs using wots, then signs wots public key using xmss. Also
returns the xmss public key (i.e., root hash).*/
const struct slh_hash *hash,
const uint8_t *pub, const uint8_t *priv,
const uint8_t *digest, uint8_t *signature,
- void *tree_ctx);
+ void *tree_ctx, void *scratch_ctx);
int
_slh_dsa_verify (const struct slh_dsa_params *params,
const struct slh_hash *hash,
const uint8_t *pub,
const uint8_t *digest, const uint8_t *signature,
- void *tree_ctx);
+ void *tree_ctx, void *scratch_ctx);
#endif /* NETTLE_SLH_DSA_INTERNAL_H_INCLUDED */
slh_dsa_sha2_128f_root (const uint8_t *public_seed, const uint8_t *private_seed,
uint8_t *root)
{
- struct sha256_ctx tree_ctx;
+ struct sha256_ctx tree_ctx, scratch_ctx;
uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE];
_xmss_gen (&_slh_hash_sha256, public_seed, private_seed,
&_slh_dsa_128f_params.xmss, root,
- &tree_ctx, scratch);
+ &tree_ctx, &scratch_ctx, scratch);
}
void
size_t length, const uint8_t *msg,
uint8_t *signature)
{
- struct sha256_ctx tree_ctx;
+ struct sha256_ctx tree_ctx, scratch_ctx;
uint8_t digest[SLH_DSA_M];
_slh_dsa_pure_rdigest (&_slh_hash_sha256,
pub, priv + _SLH_DSA_128_SIZE, length, msg,
signature, sizeof (digest), digest);
_slh_dsa_sign (&_slh_dsa_128f_params, &_slh_hash_sha256,
pub, priv, digest, signature + _SLH_DSA_128_SIZE,
- &tree_ctx);
+ &tree_ctx, &scratch_ctx);
}
int
size_t length, const uint8_t *msg,
const uint8_t *signature)
{
- struct sha256_ctx tree_ctx;
+ struct sha256_ctx tree_ctx, scratch_ctx;
uint8_t digest[SLH_DSA_M];
_slh_dsa_pure_digest (&_slh_hash_sha256,
pub, length, msg, signature, sizeof (digest), digest);
return _slh_dsa_verify (&_slh_dsa_128f_params, &_slh_hash_sha256,
pub, digest, signature + _SLH_DSA_128_SIZE,
- &tree_ctx);
+ &tree_ctx, &scratch_ctx);
}
slh_dsa_sha2_128s_root (const uint8_t *public_seed, const uint8_t *private_seed,
uint8_t *root)
{
- struct sha256_ctx tree_ctx;
+ struct sha256_ctx tree_ctx, scratch_ctx;
uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE];
_xmss_gen (&_slh_hash_sha256, public_seed, private_seed,
&_slh_dsa_128s_params.xmss, root,
- &tree_ctx, scratch);
+ &tree_ctx, &scratch_ctx, scratch);
}
void
size_t length, const uint8_t *msg,
uint8_t *signature)
{
- struct sha256_ctx tree_ctx;
+ struct sha256_ctx tree_ctx, scratch_ctx;
uint8_t digest[SLH_DSA_M];
_slh_dsa_pure_rdigest (&_slh_hash_sha256,
pub, priv + _SLH_DSA_128_SIZE, length, msg,
signature, sizeof (digest), digest);
_slh_dsa_sign (&_slh_dsa_128s_params, &_slh_hash_sha256,
pub, priv, digest, signature + _SLH_DSA_128_SIZE,
- &tree_ctx);
+ &tree_ctx, &scratch_ctx);
}
int
size_t length, const uint8_t *msg,
const uint8_t *signature)
{
- struct sha256_ctx tree_ctx;
+ struct sha256_ctx tree_ctx, scratch_ctx;
uint8_t digest[SLH_DSA_M];
_slh_dsa_pure_digest (&_slh_hash_sha256,
pub, length, msg, signature, sizeof (digest), digest);
return _slh_dsa_verify (&_slh_dsa_128s_params, &_slh_hash_sha256,
pub, digest, signature + _SLH_DSA_128_SIZE,
- &tree_ctx);
+ &tree_ctx, &scratch_ctx);
}
slh_dsa_shake_128f_root (const uint8_t *public_seed, const uint8_t *private_seed,
uint8_t *root)
{
- struct sha3_ctx tree_ctx;
+ struct sha3_ctx tree_ctx, scratch_ctx;
uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE];
_xmss_gen (&_slh_hash_shake, public_seed, private_seed,
&_slh_dsa_128f_params.xmss, root,
- &tree_ctx, scratch);
+ &tree_ctx, &scratch_ctx, scratch);
}
void
size_t length, const uint8_t *msg,
uint8_t *signature)
{
- struct sha3_ctx tree_ctx;
+ struct sha3_ctx tree_ctx, scratch_ctx;
uint8_t digest[SLH_DSA_M];
_slh_dsa_pure_rdigest (&_slh_hash_shake,
pub, priv + _SLH_DSA_128_SIZE, length, msg,
signature, sizeof (digest), digest);
_slh_dsa_sign (&_slh_dsa_128f_params, &_slh_hash_shake,
pub, priv, digest, signature + _SLH_DSA_128_SIZE,
- &tree_ctx);
+ &tree_ctx, &scratch_ctx);
}
int
size_t length, const uint8_t *msg,
const uint8_t *signature)
{
- struct sha3_ctx tree_ctx;
+ struct sha3_ctx tree_ctx, scratch_ctx;
uint8_t digest[SLH_DSA_M];
_slh_dsa_pure_digest (&_slh_hash_shake,
pub, length, msg, signature, sizeof (digest), digest);
return _slh_dsa_verify (&_slh_dsa_128f_params, &_slh_hash_shake,
pub, digest, signature + _SLH_DSA_128_SIZE,
- &tree_ctx);
+ &tree_ctx, &scratch_ctx);
}
slh_dsa_shake_128s_root (const uint8_t *public_seed, const uint8_t *private_seed,
uint8_t *root)
{
- struct sha3_ctx tree_ctx;
+ struct sha3_ctx tree_ctx, scratch_ctx;
uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE];
_xmss_gen (&_slh_hash_shake, public_seed, private_seed,
&_slh_dsa_128s_params.xmss, root,
- &tree_ctx, scratch);
+ &tree_ctx, &scratch_ctx, scratch);
}
void
size_t length, const uint8_t *msg,
uint8_t *signature)
{
- struct sha3_ctx tree_ctx;
+ struct sha3_ctx tree_ctx, scratch_ctx;
uint8_t digest[SLH_DSA_M];
_slh_dsa_pure_rdigest (&_slh_hash_shake,
pub, priv + _SLH_DSA_128_SIZE, length, msg,
signature, sizeof (digest), digest);
_slh_dsa_sign (&_slh_dsa_128s_params, &_slh_hash_shake,
pub, priv, digest, signature + _SLH_DSA_128_SIZE,
- &tree_ctx);
+ &tree_ctx, &scratch_ctx);
}
int
size_t length, const uint8_t *msg,
const uint8_t *signature)
{
- struct sha3_ctx tree_ctx;
+ struct sha3_ctx tree_ctx, scratch_ctx;
uint8_t digest[SLH_DSA_M];
_slh_dsa_pure_digest (&_slh_hash_shake,
pub, length, msg, signature, sizeof (digest), digest);
return _slh_dsa_verify (&_slh_dsa_128s_params, &_slh_hash_shake,
pub, digest, signature + _SLH_DSA_128_SIZE,
- &tree_ctx);
+ &tree_ctx, &scratch_ctx);
}
const struct slh_hash *hash,
const uint8_t *pub, const uint8_t *priv,
const uint8_t *digest, uint8_t *signature,
- void *tree_ctx)
+ void *tree_ctx, void *scratch_ctx)
{
uint64_t tree_idx;
unsigned leaf_idx;
params->parse_digest (digest + params->fors.msg_size, &tree_idx, &leaf_idx);
- union slh_hash_ctx scratch_ctx;
const struct slh_merkle_ctx_secret merkle_ctx =
{
{ hash, tree_ctx, leaf_idx },
- priv, &scratch_ctx,
+ priv, scratch_ctx,
};
hash->init_tree (tree_ctx, pub, 0, tree_idx);
uint8_t root[_SLH_DSA_128_SIZE];
- _fors_sign (&merkle_ctx, ¶ms->fors, digest, signature, root, &scratch_ctx);
+ _fors_sign (&merkle_ctx, ¶ms->fors, digest, signature, root, scratch_ctx);
signature += params->fors.signature_size;
_xmss_sign (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root);
const struct slh_hash *hash,
const uint8_t *pub,
const uint8_t *digest, const uint8_t *signature,
- void *tree_ctx)
+ void *tree_ctx, void *scratch_ctx)
{
uint64_t tree_idx;
unsigned leaf_idx;
uint8_t root[_SLH_DSA_128_SIZE];
- union slh_hash_ctx scratch_ctx;
- _fors_verify (&merkle_ctx, ¶ms->fors, digest, signature, root, &scratch_ctx);
+ _fors_verify (&merkle_ctx, ¶ms->fors, digest, signature, root, scratch_ctx);
signature += params->fors.signature_size;
- _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root, &scratch_ctx);
+ _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root, scratch_ctx);
for (unsigned i = 1; i < params->xmss.d; i++)
{
hash->init_tree (tree_ctx, pub, i, tree_idx);
- _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root, &scratch_ctx);
+ _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root, scratch_ctx);
}
return memcmp (root, pub + _SLH_DSA_128_SIZE, sizeof (root)) == 0;
}
_xmss_gen (const struct slh_hash *hash,
const uint8_t *public_seed, const uint8_t *secret_seed,
const struct slh_xmss_params *xmss, uint8_t *root,
- void *tree_ctx, uint8_t *scratch)
+ void *tree_ctx, void *scratch_ctx, uint8_t *scratch)
{
- union slh_hash_ctx scratch_ctx;
const struct slh_merkle_ctx_secret ctx =
{
{ hash, tree_ctx, 0 },
- secret_seed, &scratch_ctx,
+ secret_seed, scratch_ctx,
};
hash->init_tree (tree_ctx, public_seed, xmss->d - 1, 0);
_merkle_root (&ctx, xmss_leaf, xmss_node, xmss->h, 0, root, scratch);
projects / thirdparty / nettle.git / commitdiff
