From: Niels Möller Date: Thu, 11 Sep 2025 20:28:59 +0000 (+0200) Subject: Move allocation of scratch_ctx to top-level. X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=32b6e83bb513f0db4c2a229353c9564f92192cfc;p=thirdparty%2Fnettle.git Move allocation of scratch_ctx to top-level. --- diff --git a/slh-dsa-internal.h b/slh-dsa-internal.h index 899fd44f..cc239250 100644 --- a/slh-dsa-internal.h +++ b/slh-dsa-internal.h @@ -35,8 +35,6 @@ #include #include "nettle-types.h" -#include "sha2.h" -#include "sha3.h" /* Name mangling */ #define _wots_gen _nettle_wots_gen @@ -87,12 +85,6 @@ enum slh_addr_type SLH_FORS_PRF = 6, }; -union slh_hash_ctx -{ - struct sha256_ctx sha256; - struct sha3_ctx sha3; -}; - typedef void slh_hash_randomizer_func (const uint8_t *public_seed, const uint8_t *secret_prf, size_t prefix_length, const uint8_t *prefix, size_t msg_length, const uint8_t *msg, @@ -254,7 +246,7 @@ void _xmss_gen (const struct slh_hash *hash, const uint8_t *public_seed, const uint8_t *secret_seed, const struct slh_xmss_params *xmss, uint8_t *root, - void *tree_ctx, uint8_t *scratch); + void *tree_ctx, void *scratch_ctx, uint8_t *scratch); /* Signs using wots, then signs wots public key using xmss. Also returns the xmss public key (i.e., root hash).*/ @@ -285,13 +277,13 @@ _slh_dsa_sign (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, const uint8_t *priv, const uint8_t *digest, uint8_t *signature, - void *tree_ctx); + void *tree_ctx, void *scratch_ctx); int _slh_dsa_verify (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, const uint8_t *digest, const uint8_t *signature, - void *tree_ctx); + void *tree_ctx, void *scratch_ctx); #endif /* NETTLE_SLH_DSA_INTERNAL_H_INCLUDED */ diff --git a/slh-dsa-sha2-128f.c b/slh-dsa-sha2-128f.c index 78967aa8..a121bba5 100644 --- a/slh-dsa-sha2-128f.c +++ b/slh-dsa-sha2-128f.c @@ -48,11 +48,11 @@ void slh_dsa_sha2_128f_root (const uint8_t *public_seed, const uint8_t *private_seed, uint8_t *root) { - struct sha256_ctx tree_ctx; + struct sha256_ctx tree_ctx, scratch_ctx; uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE]; _xmss_gen (&_slh_hash_sha256, public_seed, private_seed, &_slh_dsa_128f_params.xmss, root, - &tree_ctx, scratch); + &tree_ctx, &scratch_ctx, scratch); } void @@ -70,14 +70,14 @@ slh_dsa_sha2_128f_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature) { - struct sha256_ctx tree_ctx; + struct sha256_ctx tree_ctx, scratch_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_rdigest (&_slh_hash_sha256, pub, priv + _SLH_DSA_128_SIZE, length, msg, signature, sizeof (digest), digest); _slh_dsa_sign (&_slh_dsa_128f_params, &_slh_hash_sha256, pub, priv, digest, signature + _SLH_DSA_128_SIZE, - &tree_ctx); + &tree_ctx, &scratch_ctx); } int @@ -85,11 +85,11 @@ slh_dsa_sha2_128f_verify (const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature) { - struct sha256_ctx tree_ctx; + struct sha256_ctx tree_ctx, scratch_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_digest (&_slh_hash_sha256, pub, length, msg, signature, sizeof (digest), digest); return _slh_dsa_verify (&_slh_dsa_128f_params, &_slh_hash_sha256, pub, digest, signature + _SLH_DSA_128_SIZE, - &tree_ctx); + &tree_ctx, &scratch_ctx); } diff --git a/slh-dsa-sha2-128s.c b/slh-dsa-sha2-128s.c index fb8f4550..7dafd17f 100644 --- a/slh-dsa-sha2-128s.c +++ b/slh-dsa-sha2-128s.c @@ -48,11 +48,11 @@ void slh_dsa_sha2_128s_root (const uint8_t *public_seed, const uint8_t *private_seed, uint8_t *root) { - struct sha256_ctx tree_ctx; + struct sha256_ctx tree_ctx, scratch_ctx; uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE]; _xmss_gen (&_slh_hash_sha256, public_seed, private_seed, &_slh_dsa_128s_params.xmss, root, - &tree_ctx, scratch); + &tree_ctx, &scratch_ctx, scratch); } void @@ -70,14 +70,14 @@ slh_dsa_sha2_128s_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature) { - struct sha256_ctx tree_ctx; + struct sha256_ctx tree_ctx, scratch_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_rdigest (&_slh_hash_sha256, pub, priv + _SLH_DSA_128_SIZE, length, msg, signature, sizeof (digest), digest); _slh_dsa_sign (&_slh_dsa_128s_params, &_slh_hash_sha256, pub, priv, digest, signature + _SLH_DSA_128_SIZE, - &tree_ctx); + &tree_ctx, &scratch_ctx); } int @@ -85,11 +85,11 @@ slh_dsa_sha2_128s_verify (const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature) { - struct sha256_ctx tree_ctx; + struct sha256_ctx tree_ctx, scratch_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_digest (&_slh_hash_sha256, pub, length, msg, signature, sizeof (digest), digest); return _slh_dsa_verify (&_slh_dsa_128s_params, &_slh_hash_sha256, pub, digest, signature + _SLH_DSA_128_SIZE, - &tree_ctx); + &tree_ctx, &scratch_ctx); } diff --git a/slh-dsa-shake-128f.c b/slh-dsa-shake-128f.c index bdb2b20e..a0901f69 100644 --- a/slh-dsa-shake-128f.c +++ b/slh-dsa-shake-128f.c @@ -48,11 +48,11 @@ void slh_dsa_shake_128f_root (const uint8_t *public_seed, const uint8_t *private_seed, uint8_t *root) { - struct sha3_ctx tree_ctx; + struct sha3_ctx tree_ctx, scratch_ctx; uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE]; _xmss_gen (&_slh_hash_shake, public_seed, private_seed, &_slh_dsa_128f_params.xmss, root, - &tree_ctx, scratch); + &tree_ctx, &scratch_ctx, scratch); } void @@ -70,14 +70,14 @@ slh_dsa_shake_128f_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature) { - struct sha3_ctx tree_ctx; + struct sha3_ctx tree_ctx, scratch_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_rdigest (&_slh_hash_shake, pub, priv + _SLH_DSA_128_SIZE, length, msg, signature, sizeof (digest), digest); _slh_dsa_sign (&_slh_dsa_128f_params, &_slh_hash_shake, pub, priv, digest, signature + _SLH_DSA_128_SIZE, - &tree_ctx); + &tree_ctx, &scratch_ctx); } int @@ -85,11 +85,11 @@ slh_dsa_shake_128f_verify (const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature) { - struct sha3_ctx tree_ctx; + struct sha3_ctx tree_ctx, scratch_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_digest (&_slh_hash_shake, pub, length, msg, signature, sizeof (digest), digest); return _slh_dsa_verify (&_slh_dsa_128f_params, &_slh_hash_shake, pub, digest, signature + _SLH_DSA_128_SIZE, - &tree_ctx); + &tree_ctx, &scratch_ctx); } diff --git a/slh-dsa-shake-128s.c b/slh-dsa-shake-128s.c index c64e7899..8dd0d2fe 100644 --- a/slh-dsa-shake-128s.c +++ b/slh-dsa-shake-128s.c @@ -48,11 +48,11 @@ void slh_dsa_shake_128s_root (const uint8_t *public_seed, const uint8_t *private_seed, uint8_t *root) { - struct sha3_ctx tree_ctx; + struct sha3_ctx tree_ctx, scratch_ctx; uint8_t scratch[(XMSS_H + 1)*_SLH_DSA_128_SIZE]; _xmss_gen (&_slh_hash_shake, public_seed, private_seed, &_slh_dsa_128s_params.xmss, root, - &tree_ctx, scratch); + &tree_ctx, &scratch_ctx, scratch); } void @@ -70,14 +70,14 @@ slh_dsa_shake_128s_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature) { - struct sha3_ctx tree_ctx; + struct sha3_ctx tree_ctx, scratch_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_rdigest (&_slh_hash_shake, pub, priv + _SLH_DSA_128_SIZE, length, msg, signature, sizeof (digest), digest); _slh_dsa_sign (&_slh_dsa_128s_params, &_slh_hash_shake, pub, priv, digest, signature + _SLH_DSA_128_SIZE, - &tree_ctx); + &tree_ctx, &scratch_ctx); } int @@ -85,11 +85,11 @@ slh_dsa_shake_128s_verify (const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature) { - struct sha3_ctx tree_ctx; + struct sha3_ctx tree_ctx, scratch_ctx; uint8_t digest[SLH_DSA_M]; _slh_dsa_pure_digest (&_slh_hash_shake, pub, length, msg, signature, sizeof (digest), digest); return _slh_dsa_verify (&_slh_dsa_128s_params, &_slh_hash_shake, pub, digest, signature + _SLH_DSA_128_SIZE, - &tree_ctx); + &tree_ctx, &scratch_ctx); } diff --git a/slh-dsa.c b/slh-dsa.c index 4facc39f..f1b517a2 100644 --- a/slh-dsa.c +++ b/slh-dsa.c @@ -70,25 +70,24 @@ _slh_dsa_sign (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, const uint8_t *priv, const uint8_t *digest, uint8_t *signature, - void *tree_ctx) + void *tree_ctx, void *scratch_ctx) { uint64_t tree_idx; unsigned leaf_idx; params->parse_digest (digest + params->fors.msg_size, &tree_idx, &leaf_idx); - union slh_hash_ctx scratch_ctx; const struct slh_merkle_ctx_secret merkle_ctx = { { hash, tree_ctx, leaf_idx }, - priv, &scratch_ctx, + priv, scratch_ctx, }; hash->init_tree (tree_ctx, pub, 0, tree_idx); uint8_t root[_SLH_DSA_128_SIZE]; - _fors_sign (&merkle_ctx, ¶ms->fors, digest, signature, root, &scratch_ctx); + _fors_sign (&merkle_ctx, ¶ms->fors, digest, signature, root, scratch_ctx); signature += params->fors.signature_size; _xmss_sign (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root); @@ -112,7 +111,7 @@ _slh_dsa_verify (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, const uint8_t *digest, const uint8_t *signature, - void *tree_ctx) + void *tree_ctx, void *scratch_ctx) { uint64_t tree_idx; unsigned leaf_idx; @@ -126,11 +125,10 @@ _slh_dsa_verify (const struct slh_dsa_params *params, uint8_t root[_SLH_DSA_128_SIZE]; - union slh_hash_ctx scratch_ctx; - _fors_verify (&merkle_ctx, ¶ms->fors, digest, signature, root, &scratch_ctx); + _fors_verify (&merkle_ctx, ¶ms->fors, digest, signature, root, scratch_ctx); signature += params->fors.signature_size; - _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root, &scratch_ctx); + _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root, scratch_ctx); for (unsigned i = 1; i < params->xmss.d; i++) { @@ -141,7 +139,7 @@ _slh_dsa_verify (const struct slh_dsa_params *params, hash->init_tree (tree_ctx, pub, i, tree_idx); - _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root, &scratch_ctx); + _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root, scratch_ctx); } return memcmp (root, pub + _SLH_DSA_128_SIZE, sizeof (root)) == 0; } diff --git a/slh-xmss.c b/slh-xmss.c index 4564cf36..a992a14e 100644 --- a/slh-xmss.c +++ b/slh-xmss.c @@ -62,13 +62,12 @@ void _xmss_gen (const struct slh_hash *hash, const uint8_t *public_seed, const uint8_t *secret_seed, const struct slh_xmss_params *xmss, uint8_t *root, - void *tree_ctx, uint8_t *scratch) + void *tree_ctx, void *scratch_ctx, uint8_t *scratch) { - union slh_hash_ctx scratch_ctx; const struct slh_merkle_ctx_secret ctx = { { hash, tree_ctx, 0 }, - secret_seed, &scratch_ctx, + secret_seed, scratch_ctx, }; hash->init_tree (tree_ctx, public_seed, xmss->d - 1, 0); _merkle_root (&ctx, xmss_leaf, xmss_node, xmss->h, 0, root, scratch);