Change back to hash ctx pointer in merkle ctx.

diff --git a/slh-dsa-internal.h b/slh-dsa-internal.h
index e67e8eb6cabff0d67542e509bab8a5d94024e3a2..1d680136f635f31715a850edbca4cc67a020dc1b 100644 (file)
--- a/slh-dsa-internal.h
+++ b/slh-dsa-internal.h
@@ -133,8 +133,8 @@ extern const struct slh_hash _slh_hash_sha256;
 struct slh_merkle_ctx_public
 {
   const struct slh_hash *hash;
-  /* Initialized using hash->init_tree. */
-  union slh_hash_ctx tree_ctx;
+  /* Initialized based on public seed and slh_address_tree. */
+  const void *tree_ctx;
   unsigned keypair; /* Used only by fors_leaf and fors_node. */
 };
 

diff --git a/slh-dsa.c b/slh-dsa.c
index 5414991bda41825d9a354eed5686a612713a1155..edc239fefcff51c6b5a59b07848a68ed298f086c 100644 (file)
--- a/slh-dsa.c
+++ b/slh-dsa.c
@@ -65,31 +65,26 @@ _slh_dsa_pure_rdigest (const struct slh_hash *hash,
   _slh_dsa_pure_digest (hash, pub, length, msg, randomizer, digest_size, digest);
 }
 
-static void
-merkle_ctx_secret_init (struct slh_merkle_ctx_secret *ctx,
-                       const struct slh_hash *hash, unsigned keypair,
-                       const uint8_t *secret_seed)
-{
-  ctx->pub.hash = hash;
-  ctx->pub.keypair = keypair;
-  ctx->secret_seed = secret_seed;
-}
-
 void
 _slh_dsa_sign (const struct slh_dsa_params *params,
               const struct slh_hash *hash,
               const uint8_t *pub, const uint8_t *priv,
               const uint8_t *digest, uint8_t *signature)
 {
-  struct slh_merkle_ctx_secret merkle_ctx;
-  uint8_t root[_SLH_DSA_128_SIZE];
   uint64_t tree_idx;
   unsigned leaf_idx;
 
   params->parse_digest (digest + params->fors.msg_size, &tree_idx, &leaf_idx);
-  merkle_ctx_secret_init (&merkle_ctx, hash, leaf_idx, priv);
 
-  hash->init_tree (&merkle_ctx.pub.tree_ctx, pub, 0, tree_idx);
+  union slh_hash_ctx tree_ctx;
+  const struct slh_merkle_ctx_secret merkle_ctx =
+    {
+      { hash, &tree_ctx, leaf_idx },
+      priv,
+    };
+  hash->init_tree (&tree_ctx, pub, 0, tree_idx);
+
+  uint8_t root[_SLH_DSA_128_SIZE];
 
   _fors_sign (&merkle_ctx, &params->fors, digest, signature, root);
   signature += params->fors.signature_size;
@@ -103,37 +98,31 @@ _slh_dsa_sign (const struct slh_dsa_params *params,
       leaf_idx = tree_idx & ((1 << params->xmss.h) - 1);
       tree_idx >>= params->xmss.h;
 
-      hash->init_tree (&merkle_ctx.pub.tree_ctx, pub, i, tree_idx);
+      hash->init_tree (&tree_ctx, pub, i, tree_idx);
 
       _xmss_sign (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root);
     }
   assert (memeql_sec (root, pub + _SLH_DSA_128_SIZE, sizeof (root)));
 }
 
-
-static void
-merkle_ctx_public_init (struct slh_merkle_ctx_public *ctx,
-                       const struct slh_hash *hash, unsigned keypair)
-{
-  ctx->hash = hash;
-  ctx->keypair = keypair;
-}
-
 int
 _slh_dsa_verify (const struct slh_dsa_params *params,
                 const struct slh_hash *hash,
                 const uint8_t *pub,
                 const uint8_t *digest, const uint8_t *signature)
 {
-  struct slh_merkle_ctx_public merkle_ctx;
-  uint8_t root[_SLH_DSA_128_SIZE];
   uint64_t tree_idx;
   unsigned leaf_idx;
 
   params->parse_digest (digest + params->fors.msg_size, &tree_idx, &leaf_idx);
-  merkle_ctx_public_init (&merkle_ctx, hash, leaf_idx);
 
-  hash->init_tree (&merkle_ctx.tree_ctx, pub, 0, tree_idx);
+  union slh_hash_ctx tree_ctx;
+  const struct slh_merkle_ctx_public merkle_ctx =
+    { hash, &tree_ctx, leaf_idx };
+
+  hash->init_tree (&tree_ctx, pub, 0, tree_idx);
+
+  uint8_t root[_SLH_DSA_128_SIZE];
 
   _fors_verify (&merkle_ctx, &params->fors, digest, signature, root);
   signature += params->fors.signature_size;
@@ -147,7 +136,7 @@ _slh_dsa_verify (const struct slh_dsa_params *params,
       leaf_idx = tree_idx & ((1 << params->xmss.h) - 1);
       tree_idx >>= params->xmss.h;
 
-      hash->init_tree (&merkle_ctx.tree_ctx, pub, i, tree_idx);
+      hash->init_tree (&tree_ctx, pub, i, tree_idx);
 
       _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root);
     }

diff --git a/slh-fors.c b/slh-fors.c
index 0c20df56b87f1843a4db7650ff2e702b636cb16f..e990643663d04ce0e87ae7a9aac5df2f429468e2 100644 (file)
--- a/slh-fors.c
+++ b/slh-fors.c
@@ -50,10 +50,10 @@ _fors_gen (const struct slh_merkle_ctx_secret *ctx,
       bswap32_if_le (idx),
     };
 
-  ctx->pub.hash->secret (&ctx->pub.tree_ctx, &ah, ctx->secret_seed, sk);
+  ctx->pub.hash->secret (ctx->pub.tree_ctx, &ah, ctx->secret_seed, sk);
 
   ah.type = bswap32_if_le (SLH_FORS_TREE);
-  ctx->pub.hash->secret (&ctx->pub.tree_ctx, &ah, sk, leaf);
+  ctx->pub.hash->secret (ctx->pub.tree_ctx, &ah, sk, leaf);
 }
 
 static void
@@ -73,7 +73,7 @@ fors_node (const struct slh_merkle_ctx_public *ctx, unsigned height, unsigned in
       bswap32_if_le (height),
       bswap32_if_le (index),
     };
-  ctx->hash->node (&ctx->tree_ctx, &ah, left, right, out);
+  ctx->hash->node (ctx->tree_ctx, &ah, left, right, out);
 }
 
 static void
@@ -106,7 +106,7 @@ _fors_sign (const struct slh_merkle_ctx_secret *ctx,
   unsigned i, w, bits;
   unsigned mask = (1 << fors->a) - 1;
 
-  ctx->pub.hash->init_hash (&ctx->pub.tree_ctx, &pub_ctx, &ah);
+  ctx->pub.hash->init_hash (ctx->pub.tree_ctx, &pub_ctx, &ah);
 
   for (i = w = bits = 0; i < fors->k; i++, signature += (fors->a + 1) * _SLH_DSA_128_SIZE)
     {
@@ -133,7 +133,7 @@ fors_verify_one (const struct slh_merkle_ctx_public *ctx, unsigned a,
       bswap32_if_le (idx),
     };
 
-  ctx->hash->secret (&ctx->tree_ctx, &ah, signature, root);
+  ctx->hash->secret (ctx->tree_ctx, &ah, signature, root);
   _merkle_verify (ctx, fors_node, a, idx, signature + _SLH_DSA_128_SIZE, root);
 
   ctx->hash->update (pub, _SLH_DSA_128_SIZE, root);
@@ -154,7 +154,7 @@ _fors_verify (const struct slh_merkle_ctx_public *ctx,
   unsigned i, w, bits;
   unsigned mask = (1 << fors->a) - 1;
 
-  ctx->hash->init_hash (&ctx->tree_ctx, &pub_ctx, &ah);
+  ctx->hash->init_hash (ctx->tree_ctx, &pub_ctx, &ah);
 
   for (i = w = bits = 0; i < fors->k; i++, signature += (fors->a + 1) * _SLH_DSA_128_SIZE)
     {

diff --git a/slh-xmss.c b/slh-xmss.c
index 42b9cb47486ef5ec39c3b5b3f6efc0b924060049..e88c0d83f9b36e7ba12a32b85b107dd7d461e271 100644 (file)
--- a/slh-xmss.c
+++ b/slh-xmss.c
@@ -41,7 +41,7 @@
 static void
 xmss_leaf (const struct slh_merkle_ctx_secret *ctx, unsigned idx, uint8_t *leaf)
 {
-  _wots_gen (ctx->pub.hash, &ctx->pub.tree_ctx, ctx->secret_seed, idx, leaf);
+  _wots_gen (ctx->pub.hash, ctx->pub.tree_ctx, ctx->secret_seed, idx, leaf);
 }
 
 static void
@@ -55,7 +55,7 @@ xmss_node (const struct slh_merkle_ctx_public *ctx, unsigned height, unsigned in
       bswap32_if_le (height),
       bswap32_if_le (index),
     };
-  ctx->hash->node (&ctx->tree_ctx, &ah, left, right, out);
+  ctx->hash->node (ctx->tree_ctx, &ah, left, right, out);
 }
 
 void
@@ -64,12 +64,13 @@ _xmss_gen (const struct slh_hash *hash,
           const struct slh_xmss_params *xmss,
           uint8_t *scratch, uint8_t *root)
 {
-  struct slh_merkle_ctx_secret ctx =
+  union slh_hash_ctx tree_ctx;
+  const struct slh_merkle_ctx_secret ctx =
     {
-      { hash, {}, 0 },
+      { hash, &tree_ctx, 0 },
       secret_seed
     };
-  hash->init_tree (&ctx.pub.tree_ctx, public_seed, xmss->d - 1, 0);
+  hash->init_tree (&tree_ctx, public_seed, xmss->d - 1, 0);
   _merkle_root (&ctx, xmss_leaf, xmss_node, xmss->h, 0, root, scratch);
 }
 
@@ -77,7 +78,7 @@ void
 _xmss_sign (const struct slh_merkle_ctx_secret *ctx, unsigned h,
            unsigned idx, const uint8_t *msg, uint8_t *signature, uint8_t *pub)
 {
-  _wots_sign (ctx->pub.hash, &ctx->pub.tree_ctx, ctx->secret_seed, idx, msg, signature, pub);
+  _wots_sign (ctx->pub.hash, ctx->pub.tree_ctx, ctx->secret_seed, idx, msg, signature, pub);
   signature += WOTS_SIGNATURE_SIZE;
 
   _merkle_sign (ctx, xmss_leaf, xmss_node, h, idx, signature);
@@ -88,7 +89,7 @@ void
 _xmss_verify (const struct slh_merkle_ctx_public *ctx, unsigned h,
              unsigned idx, const uint8_t *msg, const uint8_t *signature, uint8_t *pub)
 {
-  _wots_verify (ctx->hash, &ctx->tree_ctx, idx, msg, signature, pub);
+  _wots_verify (ctx->hash, ctx->tree_ctx, idx, msg, signature, pub);
   signature += WOTS_SIGNATURE_SIZE;
 
   _merkle_verify (ctx, xmss_node, h, idx, signature, pub);

diff --git a/testsuite/slh-dsa-test.c b/testsuite/slh-dsa-test.c
index 585aa791e54a098849dd256fef9f675c23638593..2367dfdd035de34302f91c2552e4add6b0d1d787 100644 (file)
--- a/testsuite/slh-dsa-test.c
+++ b/testsuite/slh-dsa-test.c
@@ -147,7 +147,7 @@ test_wots_sign (const struct tstring *public_seed, const struct tstring *secret_
 static void
 xmss_leaf (const struct slh_merkle_ctx_secret *ctx, unsigned idx, uint8_t *leaf)
 {
-  _wots_gen (ctx->pub.hash, &ctx->pub.tree_ctx, ctx->secret_seed, idx, leaf);
+  _wots_gen (ctx->pub.hash, ctx->pub.tree_ctx, ctx->secret_seed, idx, leaf);
   mark_bytes_defined (SLH_DSA_128_SEED_SIZE, leaf);
 }
 
@@ -163,7 +163,7 @@ xmss_node (const struct slh_merkle_ctx_public *ctx, unsigned height, unsigned in
       bswap32_if_le (index),
     };
 
-  ctx->hash->node (&ctx->tree_ctx, &ah, left, right, out);
+  ctx->hash->node (ctx->tree_ctx, &ah, left, right, out);
 }
 
 static void
@@ -172,9 +172,10 @@ test_merkle (const struct tstring *public_seed, const struct tstring *secret_see
             unsigned layer, uint64_t tree_idx, uint32_t idx, const struct tstring *msg,
             const struct tstring *exp_pub, const struct tstring *exp_sig)
 {
-  struct slh_merkle_ctx_secret ctx =
+  union slh_hash_ctx tree_ctx;
+  const struct slh_merkle_ctx_secret ctx =
     {
-      { &_slh_hash_shake, {}, 0 },
+      { &_slh_hash_shake, &tree_ctx, 0 },
       secret_seed->data,
     };
 
@@ -187,7 +188,7 @@ test_merkle (const struct tstring *public_seed, const struct tstring *secret_see
   ASSERT (exp_pub->length == _SLH_DSA_128_SIZE);
   ASSERT (exp_sig->length == XMSS_AUTH_SIZE (h));
 
-  _slh_hash_shake.init_tree (&ctx.pub.tree_ctx, public_seed->data, layer, tree_idx);
+  _slh_hash_shake.init_tree (&tree_ctx, public_seed->data, layer, tree_idx);
 
   _merkle_sign (&ctx, xmss_leaf, xmss_node, h, idx, sig);
   ASSERT (MEMEQ (exp_sig->length, sig, exp_sig->data));
@@ -203,9 +204,10 @@ test_fors_gen (const struct tstring *public_seed, const struct tstring *secret_s
               unsigned layer, uint64_t tree_idx, unsigned keypair, unsigned idx,
               const struct tstring *exp_sk, const struct tstring *exp_leaf)
 {
-  struct slh_merkle_ctx_secret ctx =
+  union slh_hash_ctx tree_ctx;
+  const struct slh_merkle_ctx_secret ctx =
     {
-      { &_slh_hash_shake, {}, keypair },
+      { &_slh_hash_shake, &tree_ctx, keypair },
       secret_seed->data,
     };
   uint8_t sk[_SLH_DSA_128_SIZE];
@@ -215,7 +217,7 @@ test_fors_gen (const struct tstring *public_seed, const struct tstring *secret_s
   ASSERT (exp_sk->length == _SLH_DSA_128_SIZE);
   ASSERT (exp_leaf->length == _SLH_DSA_128_SIZE);
 
-  _slh_hash_shake.init_tree (&ctx.pub.tree_ctx, public_seed->data, layer, tree_idx);
+  _slh_hash_shake.init_tree (&tree_ctx, public_seed->data, layer, tree_idx);
 
   _fors_gen (&ctx, idx, sk, leaf);
   mark_bytes_defined (sizeof (sk), sk);
@@ -230,9 +232,10 @@ test_fors_sign (const struct tstring *public_seed, const struct tstring *secret_
                unsigned layer, uint64_t tree_idx, unsigned keypair, const struct tstring *msg,
                const struct tstring *exp_pub, const struct tstring *exp_sig)
 {
-  struct slh_merkle_ctx_secret ctx =
+  union slh_hash_ctx tree_ctx;
+  const struct slh_merkle_ctx_secret ctx =
     {
-      { &_slh_hash_shake, {}, keypair },
+      { &_slh_hash_shake, &tree_ctx, keypair },
       secret_seed->data,
     };
   uint8_t pub[_SLH_DSA_128_SIZE];
@@ -243,7 +246,7 @@ test_fors_sign (const struct tstring *public_seed, const struct tstring *secret_
   ASSERT (exp_pub->length == _SLH_DSA_128_SIZE);
   ASSERT (exp_sig->length == fors->signature_size);
 
-  _slh_hash_shake.init_tree (&ctx.pub.tree_ctx, public_seed->data, layer, tree_idx);
+  _slh_hash_shake.init_tree (&tree_ctx, public_seed->data, layer, tree_idx);
 
   _fors_sign (&ctx, fors, msg->data, sig, pub);
   mark_bytes_defined (exp_sig->length, sig);
@@ -263,9 +266,10 @@ test_xmss_sign (const struct tstring *public_seed, const struct tstring *secret_
                unsigned layer, uint64_t tree_idx, uint32_t idx, const struct tstring *msg,
                const struct tstring *exp_pub, const struct tstring *exp_sig)
 {
-  struct slh_merkle_ctx_secret ctx =
+  union slh_hash_ctx tree_ctx;
+  const struct slh_merkle_ctx_secret ctx =
     {
-      { &_slh_hash_shake, {}, 0 },
+      { &_slh_hash_shake, &tree_ctx, 0 },
       secret_seed->data,
     };
 
@@ -277,7 +281,7 @@ test_xmss_sign (const struct tstring *public_seed, const struct tstring *secret_
   ASSERT (exp_pub->length == _SLH_DSA_128_SIZE);
   ASSERT (exp_sig->length == XMSS_SIGNATURE_SIZE (xmss_h));
 
-  _slh_hash_shake.init_tree (&ctx.pub.tree_ctx, public_seed->data, layer, tree_idx);
+  _slh_hash_shake.init_tree (&tree_ctx, public_seed->data, layer, tree_idx);
 
   _xmss_sign (&ctx, xmss_h, idx, msg->data, sig, pub);
   mark_bytes_defined (sizeof (pub), pub);