From: Niels Möller Date: Wed, 10 Sep 2025 07:23:27 +0000 (+0200) Subject: Change back to hash ctx pointer in merkle ctx. X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f1fea37ff6e614c8089ce386a381ab146b521d78;p=thirdparty%2Fnettle.git Change back to hash ctx pointer in merkle ctx. --- diff --git a/slh-dsa-internal.h b/slh-dsa-internal.h index e67e8eb6..1d680136 100644 --- a/slh-dsa-internal.h +++ b/slh-dsa-internal.h @@ -133,8 +133,8 @@ extern const struct slh_hash _slh_hash_sha256; struct slh_merkle_ctx_public { const struct slh_hash *hash; - /* Initialized using hash->init_tree. */ - union slh_hash_ctx tree_ctx; + /* Initialized based on public seed and slh_address_tree. */ + const void *tree_ctx; unsigned keypair; /* Used only by fors_leaf and fors_node. */ }; diff --git a/slh-dsa.c b/slh-dsa.c index 5414991b..edc239fe 100644 --- a/slh-dsa.c +++ b/slh-dsa.c @@ -65,31 +65,26 @@ _slh_dsa_pure_rdigest (const struct slh_hash *hash, _slh_dsa_pure_digest (hash, pub, length, msg, randomizer, digest_size, digest); } -static void -merkle_ctx_secret_init (struct slh_merkle_ctx_secret *ctx, - const struct slh_hash *hash, unsigned keypair, - const uint8_t *secret_seed) -{ - ctx->pub.hash = hash; - ctx->pub.keypair = keypair; - ctx->secret_seed = secret_seed; -} - void _slh_dsa_sign (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, const uint8_t *priv, const uint8_t *digest, uint8_t *signature) { - struct slh_merkle_ctx_secret merkle_ctx; - uint8_t root[_SLH_DSA_128_SIZE]; uint64_t tree_idx; unsigned leaf_idx; params->parse_digest (digest + params->fors.msg_size, &tree_idx, &leaf_idx); - merkle_ctx_secret_init (&merkle_ctx, hash, leaf_idx, priv); - hash->init_tree (&merkle_ctx.pub.tree_ctx, pub, 0, tree_idx); + union slh_hash_ctx tree_ctx; + const struct slh_merkle_ctx_secret merkle_ctx = + { + { hash, &tree_ctx, leaf_idx }, + priv, + }; + hash->init_tree (&tree_ctx, pub, 0, tree_idx); + + uint8_t root[_SLH_DSA_128_SIZE]; _fors_sign (&merkle_ctx, ¶ms->fors, digest, signature, root); signature += params->fors.signature_size; @@ -103,37 +98,31 @@ _slh_dsa_sign (const struct slh_dsa_params *params, leaf_idx = tree_idx & ((1 << params->xmss.h) - 1); tree_idx >>= params->xmss.h; - hash->init_tree (&merkle_ctx.pub.tree_ctx, pub, i, tree_idx); + hash->init_tree (&tree_ctx, pub, i, tree_idx); _xmss_sign (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root); } assert (memeql_sec (root, pub + _SLH_DSA_128_SIZE, sizeof (root))); } - -static void -merkle_ctx_public_init (struct slh_merkle_ctx_public *ctx, - const struct slh_hash *hash, unsigned keypair) -{ - ctx->hash = hash; - ctx->keypair = keypair; -} - int _slh_dsa_verify (const struct slh_dsa_params *params, const struct slh_hash *hash, const uint8_t *pub, const uint8_t *digest, const uint8_t *signature) { - struct slh_merkle_ctx_public merkle_ctx; - uint8_t root[_SLH_DSA_128_SIZE]; uint64_t tree_idx; unsigned leaf_idx; params->parse_digest (digest + params->fors.msg_size, &tree_idx, &leaf_idx); - merkle_ctx_public_init (&merkle_ctx, hash, leaf_idx); - hash->init_tree (&merkle_ctx.tree_ctx, pub, 0, tree_idx); + union slh_hash_ctx tree_ctx; + const struct slh_merkle_ctx_public merkle_ctx = + { hash, &tree_ctx, leaf_idx }; + + hash->init_tree (&tree_ctx, pub, 0, tree_idx); + + uint8_t root[_SLH_DSA_128_SIZE]; _fors_verify (&merkle_ctx, ¶ms->fors, digest, signature, root); signature += params->fors.signature_size; @@ -147,7 +136,7 @@ _slh_dsa_verify (const struct slh_dsa_params *params, leaf_idx = tree_idx & ((1 << params->xmss.h) - 1); tree_idx >>= params->xmss.h; - hash->init_tree (&merkle_ctx.tree_ctx, pub, i, tree_idx); + hash->init_tree (&tree_ctx, pub, i, tree_idx); _xmss_verify (&merkle_ctx, params->xmss.h, leaf_idx, root, signature, root); } diff --git a/slh-fors.c b/slh-fors.c index 0c20df56..e9906436 100644 --- a/slh-fors.c +++ b/slh-fors.c @@ -50,10 +50,10 @@ _fors_gen (const struct slh_merkle_ctx_secret *ctx, bswap32_if_le (idx), }; - ctx->pub.hash->secret (&ctx->pub.tree_ctx, &ah, ctx->secret_seed, sk); + ctx->pub.hash->secret (ctx->pub.tree_ctx, &ah, ctx->secret_seed, sk); ah.type = bswap32_if_le (SLH_FORS_TREE); - ctx->pub.hash->secret (&ctx->pub.tree_ctx, &ah, sk, leaf); + ctx->pub.hash->secret (ctx->pub.tree_ctx, &ah, sk, leaf); } static void @@ -73,7 +73,7 @@ fors_node (const struct slh_merkle_ctx_public *ctx, unsigned height, unsigned in bswap32_if_le (height), bswap32_if_le (index), }; - ctx->hash->node (&ctx->tree_ctx, &ah, left, right, out); + ctx->hash->node (ctx->tree_ctx, &ah, left, right, out); } static void @@ -106,7 +106,7 @@ _fors_sign (const struct slh_merkle_ctx_secret *ctx, unsigned i, w, bits; unsigned mask = (1 << fors->a) - 1; - ctx->pub.hash->init_hash (&ctx->pub.tree_ctx, &pub_ctx, &ah); + ctx->pub.hash->init_hash (ctx->pub.tree_ctx, &pub_ctx, &ah); for (i = w = bits = 0; i < fors->k; i++, signature += (fors->a + 1) * _SLH_DSA_128_SIZE) { @@ -133,7 +133,7 @@ fors_verify_one (const struct slh_merkle_ctx_public *ctx, unsigned a, bswap32_if_le (idx), }; - ctx->hash->secret (&ctx->tree_ctx, &ah, signature, root); + ctx->hash->secret (ctx->tree_ctx, &ah, signature, root); _merkle_verify (ctx, fors_node, a, idx, signature + _SLH_DSA_128_SIZE, root); ctx->hash->update (pub, _SLH_DSA_128_SIZE, root); @@ -154,7 +154,7 @@ _fors_verify (const struct slh_merkle_ctx_public *ctx, unsigned i, w, bits; unsigned mask = (1 << fors->a) - 1; - ctx->hash->init_hash (&ctx->tree_ctx, &pub_ctx, &ah); + ctx->hash->init_hash (ctx->tree_ctx, &pub_ctx, &ah); for (i = w = bits = 0; i < fors->k; i++, signature += (fors->a + 1) * _SLH_DSA_128_SIZE) { diff --git a/slh-xmss.c b/slh-xmss.c index 42b9cb47..e88c0d83 100644 --- a/slh-xmss.c +++ b/slh-xmss.c @@ -41,7 +41,7 @@ static void xmss_leaf (const struct slh_merkle_ctx_secret *ctx, unsigned idx, uint8_t *leaf) { - _wots_gen (ctx->pub.hash, &ctx->pub.tree_ctx, ctx->secret_seed, idx, leaf); + _wots_gen (ctx->pub.hash, ctx->pub.tree_ctx, ctx->secret_seed, idx, leaf); } static void @@ -55,7 +55,7 @@ xmss_node (const struct slh_merkle_ctx_public *ctx, unsigned height, unsigned in bswap32_if_le (height), bswap32_if_le (index), }; - ctx->hash->node (&ctx->tree_ctx, &ah, left, right, out); + ctx->hash->node (ctx->tree_ctx, &ah, left, right, out); } void @@ -64,12 +64,13 @@ _xmss_gen (const struct slh_hash *hash, const struct slh_xmss_params *xmss, uint8_t *scratch, uint8_t *root) { - struct slh_merkle_ctx_secret ctx = + union slh_hash_ctx tree_ctx; + const struct slh_merkle_ctx_secret ctx = { - { hash, {}, 0 }, + { hash, &tree_ctx, 0 }, secret_seed }; - hash->init_tree (&ctx.pub.tree_ctx, public_seed, xmss->d - 1, 0); + hash->init_tree (&tree_ctx, public_seed, xmss->d - 1, 0); _merkle_root (&ctx, xmss_leaf, xmss_node, xmss->h, 0, root, scratch); } @@ -77,7 +78,7 @@ void _xmss_sign (const struct slh_merkle_ctx_secret *ctx, unsigned h, unsigned idx, const uint8_t *msg, uint8_t *signature, uint8_t *pub) { - _wots_sign (ctx->pub.hash, &ctx->pub.tree_ctx, ctx->secret_seed, idx, msg, signature, pub); + _wots_sign (ctx->pub.hash, ctx->pub.tree_ctx, ctx->secret_seed, idx, msg, signature, pub); signature += WOTS_SIGNATURE_SIZE; _merkle_sign (ctx, xmss_leaf, xmss_node, h, idx, signature); @@ -88,7 +89,7 @@ void _xmss_verify (const struct slh_merkle_ctx_public *ctx, unsigned h, unsigned idx, const uint8_t *msg, const uint8_t *signature, uint8_t *pub) { - _wots_verify (ctx->hash, &ctx->tree_ctx, idx, msg, signature, pub); + _wots_verify (ctx->hash, ctx->tree_ctx, idx, msg, signature, pub); signature += WOTS_SIGNATURE_SIZE; _merkle_verify (ctx, xmss_node, h, idx, signature, pub); diff --git a/testsuite/slh-dsa-test.c b/testsuite/slh-dsa-test.c index 585aa791..2367dfdd 100644 --- a/testsuite/slh-dsa-test.c +++ b/testsuite/slh-dsa-test.c @@ -147,7 +147,7 @@ test_wots_sign (const struct tstring *public_seed, const struct tstring *secret_ static void xmss_leaf (const struct slh_merkle_ctx_secret *ctx, unsigned idx, uint8_t *leaf) { - _wots_gen (ctx->pub.hash, &ctx->pub.tree_ctx, ctx->secret_seed, idx, leaf); + _wots_gen (ctx->pub.hash, ctx->pub.tree_ctx, ctx->secret_seed, idx, leaf); mark_bytes_defined (SLH_DSA_128_SEED_SIZE, leaf); } @@ -163,7 +163,7 @@ xmss_node (const struct slh_merkle_ctx_public *ctx, unsigned height, unsigned in bswap32_if_le (index), }; - ctx->hash->node (&ctx->tree_ctx, &ah, left, right, out); + ctx->hash->node (ctx->tree_ctx, &ah, left, right, out); } static void @@ -172,9 +172,10 @@ test_merkle (const struct tstring *public_seed, const struct tstring *secret_see unsigned layer, uint64_t tree_idx, uint32_t idx, const struct tstring *msg, const struct tstring *exp_pub, const struct tstring *exp_sig) { - struct slh_merkle_ctx_secret ctx = + union slh_hash_ctx tree_ctx; + const struct slh_merkle_ctx_secret ctx = { - { &_slh_hash_shake, {}, 0 }, + { &_slh_hash_shake, &tree_ctx, 0 }, secret_seed->data, }; @@ -187,7 +188,7 @@ test_merkle (const struct tstring *public_seed, const struct tstring *secret_see ASSERT (exp_pub->length == _SLH_DSA_128_SIZE); ASSERT (exp_sig->length == XMSS_AUTH_SIZE (h)); - _slh_hash_shake.init_tree (&ctx.pub.tree_ctx, public_seed->data, layer, tree_idx); + _slh_hash_shake.init_tree (&tree_ctx, public_seed->data, layer, tree_idx); _merkle_sign (&ctx, xmss_leaf, xmss_node, h, idx, sig); ASSERT (MEMEQ (exp_sig->length, sig, exp_sig->data)); @@ -203,9 +204,10 @@ test_fors_gen (const struct tstring *public_seed, const struct tstring *secret_s unsigned layer, uint64_t tree_idx, unsigned keypair, unsigned idx, const struct tstring *exp_sk, const struct tstring *exp_leaf) { - struct slh_merkle_ctx_secret ctx = + union slh_hash_ctx tree_ctx; + const struct slh_merkle_ctx_secret ctx = { - { &_slh_hash_shake, {}, keypair }, + { &_slh_hash_shake, &tree_ctx, keypair }, secret_seed->data, }; uint8_t sk[_SLH_DSA_128_SIZE]; @@ -215,7 +217,7 @@ test_fors_gen (const struct tstring *public_seed, const struct tstring *secret_s ASSERT (exp_sk->length == _SLH_DSA_128_SIZE); ASSERT (exp_leaf->length == _SLH_DSA_128_SIZE); - _slh_hash_shake.init_tree (&ctx.pub.tree_ctx, public_seed->data, layer, tree_idx); + _slh_hash_shake.init_tree (&tree_ctx, public_seed->data, layer, tree_idx); _fors_gen (&ctx, idx, sk, leaf); mark_bytes_defined (sizeof (sk), sk); @@ -230,9 +232,10 @@ test_fors_sign (const struct tstring *public_seed, const struct tstring *secret_ unsigned layer, uint64_t tree_idx, unsigned keypair, const struct tstring *msg, const struct tstring *exp_pub, const struct tstring *exp_sig) { - struct slh_merkle_ctx_secret ctx = + union slh_hash_ctx tree_ctx; + const struct slh_merkle_ctx_secret ctx = { - { &_slh_hash_shake, {}, keypair }, + { &_slh_hash_shake, &tree_ctx, keypair }, secret_seed->data, }; uint8_t pub[_SLH_DSA_128_SIZE]; @@ -243,7 +246,7 @@ test_fors_sign (const struct tstring *public_seed, const struct tstring *secret_ ASSERT (exp_pub->length == _SLH_DSA_128_SIZE); ASSERT (exp_sig->length == fors->signature_size); - _slh_hash_shake.init_tree (&ctx.pub.tree_ctx, public_seed->data, layer, tree_idx); + _slh_hash_shake.init_tree (&tree_ctx, public_seed->data, layer, tree_idx); _fors_sign (&ctx, fors, msg->data, sig, pub); mark_bytes_defined (exp_sig->length, sig); @@ -263,9 +266,10 @@ test_xmss_sign (const struct tstring *public_seed, const struct tstring *secret_ unsigned layer, uint64_t tree_idx, uint32_t idx, const struct tstring *msg, const struct tstring *exp_pub, const struct tstring *exp_sig) { - struct slh_merkle_ctx_secret ctx = + union slh_hash_ctx tree_ctx; + const struct slh_merkle_ctx_secret ctx = { - { &_slh_hash_shake, {}, 0 }, + { &_slh_hash_shake, &tree_ctx, 0 }, secret_seed->data, }; @@ -277,7 +281,7 @@ test_xmss_sign (const struct tstring *public_seed, const struct tstring *secret_ ASSERT (exp_pub->length == _SLH_DSA_128_SIZE); ASSERT (exp_sig->length == XMSS_SIGNATURE_SIZE (xmss_h)); - _slh_hash_shake.init_tree (&ctx.pub.tree_ctx, public_seed->data, layer, tree_idx); + _slh_hash_shake.init_tree (&tree_ctx, public_seed->data, layer, tree_idx); _xmss_sign (&ctx, xmss_h, idx, msg->data, sig, pub); mark_bytes_defined (sizeof (pub), pub);