From: Niels Möller Date: Thu, 11 Sep 2025 20:18:32 +0000 (+0200) Subject: Move allocation of tree_ctx to top-level. X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2be416737633a061c62f318ecd13d55fde88d127;p=thirdparty%2Fnettle.git Move allocation of tree_ctx to top-level. --- diff --git a/slh-dsa-internal.h b/slh-dsa-internal.h index 98ead698..899fd44f 100644 --- a/slh-dsa-internal.h +++ b/slh-dsa-internal.h @@ -253,8 +253,8 @@ _fors_verify (const struct slh_merkle_ctx_public *ctx, void _xmss_gen (const struct slh_hash *hash, const uint8_t *public_seed, const uint8_t *secret_seed, - const struct slh_xmss_params *xmss, - uint8_t *scratch, uint8_t *root); + const struct slh_xmss_params *xmss, uint8_t *root, + void *tree_ctx, uint8_t *scratch); /* Signs using wots, then signs wots public key using xmss. Also returns the xmss public key (i.e., root hash).*/ @@ -284,12 +284,14 @@ void _slh_dsa_sign (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, const uint8_t *priv, - const uint8_t *digest, uint8_t *signature); + const uint8_t *digest, uint8_t *signature, + void *tree_ctx); int _slh_dsa_verify (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, - const uint8_t *digest, const uint8_t *signature); + const uint8_t *digest, const uint8_t *signature, + void *tree_ctx); #endif /* NETTLE_SLH_DSA_INTERNAL_H_INCLUDED */ diff --git a/slh-dsa-sha2-128f.c b/slh-dsa-sha2-128f.c index 1a56da95..78967aa8 100644 --- a/slh-dsa-sha2-128f.c +++ b/slh-dsa-sha2-128f.c @@ -38,6 +38,8 @@ #include "slh-dsa.h" #include "slh-dsa-internal.h" +#include "sha2.h" + #define SLH_DSA_M 34 #define XMSS_H 3 @@ -46,9 +48,11 @@ void slh_dsa_sha2_128f_root (const uint8_t *public_seed, const uint8_t *private_seed, uint8_t *root) { + struct sha256_ctx tree_ctx; uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE]; _xmss_gen (&_slh_hash_sha256, public_seed, private_seed, - &_slh_dsa_128f_params.xmss, scratch, root); + &_slh_dsa_128f_params.xmss, root, + &tree_ctx, scratch); } void @@ -66,12 +70,14 @@ slh_dsa_sha2_128f_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature) { + struct sha256_ctx tree_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_rdigest (&_slh_hash_sha256, pub, priv + _SLH_DSA_128_SIZE, length, msg, signature, sizeof (digest), digest); _slh_dsa_sign (&_slh_dsa_128f_params, &_slh_hash_sha256, - pub, priv, digest, signature + _SLH_DSA_128_SIZE); + pub, priv, digest, signature + _SLH_DSA_128_SIZE, + &tree_ctx); } int @@ -79,9 +85,11 @@ slh_dsa_sha2_128f_verify (const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature) { + struct sha256_ctx tree_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_digest (&_slh_hash_sha256, pub, length, msg, signature, sizeof (digest), digest); return _slh_dsa_verify (&_slh_dsa_128f_params, &_slh_hash_sha256, - pub, digest, signature + _SLH_DSA_128_SIZE); + pub, digest, signature + _SLH_DSA_128_SIZE, + &tree_ctx); } diff --git a/slh-dsa-sha2-128s.c b/slh-dsa-sha2-128s.c index b338529e..fb8f4550 100644 --- a/slh-dsa-sha2-128s.c +++ b/slh-dsa-sha2-128s.c @@ -38,6 +38,8 @@ #include "slh-dsa.h" #include "slh-dsa-internal.h" +#include "sha2.h" + #define SLH_DSA_M 30 #define XMSS_H 9 @@ -46,14 +48,16 @@ void slh_dsa_sha2_128s_root (const uint8_t *public_seed, const uint8_t *private_seed, uint8_t *root) { + struct sha256_ctx tree_ctx; uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE]; _xmss_gen (&_slh_hash_sha256, public_seed, private_seed, - &_slh_dsa_128s_params.xmss, scratch, root); + &_slh_dsa_128s_params.xmss, root, + &tree_ctx, scratch); } void slh_dsa_sha2_128s_generate_keypair (uint8_t *pub, uint8_t *priv, - void *random_ctx, nettle_random_func *random) + void *random_ctx, nettle_random_func *random) { random (random_ctx, SLH_DSA_128_SEED_SIZE, pub); random (random_ctx, 2*SLH_DSA_128_SEED_SIZE, priv); @@ -66,12 +70,14 @@ slh_dsa_sha2_128s_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature) { + struct sha256_ctx tree_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_rdigest (&_slh_hash_sha256, pub, priv + _SLH_DSA_128_SIZE, length, msg, signature, sizeof (digest), digest); _slh_dsa_sign (&_slh_dsa_128s_params, &_slh_hash_sha256, - pub, priv, digest, signature + _SLH_DSA_128_SIZE); + pub, priv, digest, signature + _SLH_DSA_128_SIZE, + &tree_ctx); } int @@ -79,9 +85,11 @@ slh_dsa_sha2_128s_verify (const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature) { + struct sha256_ctx tree_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_digest (&_slh_hash_sha256, pub, length, msg, signature, sizeof (digest), digest); return _slh_dsa_verify (&_slh_dsa_128s_params, &_slh_hash_sha256, - pub, digest, signature + _SLH_DSA_128_SIZE); + pub, digest, signature + _SLH_DSA_128_SIZE, + &tree_ctx); } diff --git a/slh-dsa-shake-128f.c b/slh-dsa-shake-128f.c index 37b84795..bdb2b20e 100644 --- a/slh-dsa-shake-128f.c +++ b/slh-dsa-shake-128f.c @@ -38,6 +38,8 @@ #include "slh-dsa.h" #include "slh-dsa-internal.h" +#include "sha3.h" + #define SLH_DSA_M 34 #define XMSS_H 3 @@ -46,9 +48,11 @@ void slh_dsa_shake_128f_root (const uint8_t *public_seed, const uint8_t *private_seed, uint8_t *root) { + struct sha3_ctx tree_ctx; uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE]; _xmss_gen (&_slh_hash_shake, public_seed, private_seed, - &_slh_dsa_128f_params.xmss, scratch, root); + &_slh_dsa_128f_params.xmss, root, + &tree_ctx, scratch); } void @@ -66,12 +70,14 @@ slh_dsa_shake_128f_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature) { + struct sha3_ctx tree_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_rdigest (&_slh_hash_shake, pub, priv + _SLH_DSA_128_SIZE, length, msg, signature, sizeof (digest), digest); _slh_dsa_sign (&_slh_dsa_128f_params, &_slh_hash_shake, - pub, priv, digest, signature + _SLH_DSA_128_SIZE); + pub, priv, digest, signature + _SLH_DSA_128_SIZE, + &tree_ctx); } int @@ -79,9 +85,11 @@ slh_dsa_shake_128f_verify (const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature) { + struct sha3_ctx tree_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_digest (&_slh_hash_shake, pub, length, msg, signature, sizeof (digest), digest); return _slh_dsa_verify (&_slh_dsa_128f_params, &_slh_hash_shake, - pub, digest, signature + _SLH_DSA_128_SIZE); + pub, digest, signature + _SLH_DSA_128_SIZE, + &tree_ctx); } diff --git a/slh-dsa-shake-128s.c b/slh-dsa-shake-128s.c index ed400727..c64e7899 100644 --- a/slh-dsa-shake-128s.c +++ b/slh-dsa-shake-128s.c @@ -38,6 +38,8 @@ #include "slh-dsa.h" #include "slh-dsa-internal.h" +#include "sha3.h" + #define SLH_DSA_M 30 #define XMSS_H 9 @@ -46,9 +48,11 @@ void slh_dsa_shake_128s_root (const uint8_t *public_seed, const uint8_t *private_seed, uint8_t *root) { + struct sha3_ctx tree_ctx; uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE]; _xmss_gen (&_slh_hash_shake, public_seed, private_seed, - &_slh_dsa_128s_params.xmss, scratch, root); + &_slh_dsa_128s_params.xmss, root, + &tree_ctx, scratch); } void @@ -66,12 +70,14 @@ slh_dsa_shake_128s_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature) { + struct sha3_ctx tree_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_rdigest (&_slh_hash_shake, pub, priv + _SLH_DSA_128_SIZE, length, msg, signature, sizeof (digest), digest); _slh_dsa_sign (&_slh_dsa_128s_params, &_slh_hash_shake, - pub, priv, digest, signature + _SLH_DSA_128_SIZE); + pub, priv, digest, signature + _SLH_DSA_128_SIZE, + &tree_ctx); } int @@ -79,9 +85,11 @@ slh_dsa_shake_128s_verify (const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature) { + struct sha3_ctx tree_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_digest (&_slh_hash_shake, pub, length, msg, signature, sizeof (digest), digest); return _slh_dsa_verify (&_slh_dsa_128s_params, &_slh_hash_shake, - pub, digest, signature + _SLH_DSA_128_SIZE); + pub, digest, signature + _SLH_DSA_128_SIZE, + &tree_ctx); } diff --git a/slh-dsa.c b/slh-dsa.c index db511555..4facc39f 100644 --- a/slh-dsa.c +++ b/slh-dsa.c @@ -69,21 +69,22 @@ void _slh_dsa_sign (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, const uint8_t *priv, - const uint8_t *digest, uint8_t *signature) + const uint8_t *digest, uint8_t *signature, + void *tree_ctx) { uint64_t tree_idx; unsigned leaf_idx; params->parse_digest (digest + params->fors.msg_size, &tree_idx, &leaf_idx); - union slh_hash_ctx tree_ctx; union slh_hash_ctx scratch_ctx; const struct slh_merkle_ctx_secret merkle_ctx = { - { hash, &tree_ctx, leaf_idx }, + { hash, tree_ctx, leaf_idx }, priv, &scratch_ctx, }; - hash->init_tree (&tree_ctx, pub, 0, tree_idx); + + hash->init_tree (tree_ctx, pub, 0, tree_idx); uint8_t root[_SLH_DSA_128_SIZE]; @@ -99,7 +100,7 @@ _slh_dsa_sign (const struct slh_dsa_params *params, leaf_idx = tree_idx & ((1 << params->xmss.h) - 1); tree_idx >>= params->xmss.h; - hash->init_tree (&tree_ctx, pub, i, tree_idx); + hash->init_tree (tree_ctx, pub, i, tree_idx); _xmss_sign (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root); } @@ -110,18 +111,18 @@ int _slh_dsa_verify (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, - const uint8_t *digest, const uint8_t *signature) + const uint8_t *digest, const uint8_t *signature, + void *tree_ctx) { uint64_t tree_idx; unsigned leaf_idx; params->parse_digest (digest + params->fors.msg_size, &tree_idx, &leaf_idx); - union slh_hash_ctx tree_ctx; const struct slh_merkle_ctx_public merkle_ctx = - { hash, &tree_ctx, leaf_idx }; + { hash, tree_ctx, leaf_idx }; - hash->init_tree (&tree_ctx, pub, 0, tree_idx); + hash->init_tree (tree_ctx, pub, 0, tree_idx); uint8_t root[_SLH_DSA_128_SIZE]; @@ -138,7 +139,7 @@ _slh_dsa_verify (const struct slh_dsa_params *params, leaf_idx = tree_idx & ((1 << params->xmss.h) - 1); tree_idx >>= params->xmss.h; - hash->init_tree (&tree_ctx, pub, i, tree_idx); + hash->init_tree (tree_ctx, pub, i, tree_idx); _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root, &scratch_ctx); } diff --git a/slh-xmss.c b/slh-xmss.c index 4b8271d4..4564cf36 100644 --- a/slh-xmss.c +++ b/slh-xmss.c @@ -61,17 +61,16 @@ xmss_node (const struct slh_merkle_ctx_public *ctx, unsigned height, unsigned in void _xmss_gen (const struct slh_hash *hash, const uint8_t *public_seed, const uint8_t *secret_seed, - const struct slh_xmss_params *xmss, - uint8_t *scratch, uint8_t *root) + const struct slh_xmss_params *xmss, uint8_t *root, + void *tree_ctx, uint8_t *scratch) { - union slh_hash_ctx tree_ctx; union slh_hash_ctx scratch_ctx; const struct slh_merkle_ctx_secret ctx = { - { hash, &tree_ctx, 0 }, + { hash, tree_ctx, 0 }, secret_seed, &scratch_ctx, }; - hash->init_tree (&tree_ctx, public_seed, xmss->d - 1, 0); + hash->init_tree (tree_ctx, public_seed, xmss->d - 1, 0); _merkle_root (&ctx, xmss_leaf, xmss_node, xmss->h, 0, root, scratch); }