xref: /third_party/mbedtls/library/lms.c

225 void mbedtls_lms_public_init(mbedtls_lms_public_t *ctx)
227     memset(ctx, 0, sizeof(*ctx));
230 void mbedtls_lms_public_free(mbedtls_lms_public_t *ctx)
232     mbedtls_platform_zeroize(ctx, sizeof(*ctx));
235 int mbedtls_lms_import_public_key(mbedtls_lms_public_t *ctx,
245     ctx->params.type = type;
247     if (key_size != MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type)) {
256     ctx->params.otstype = otstype;
258     memcpy(ctx->params.I_key_identifier,
261     memcpy(ctx->T_1_pub_key, key + PUBLIC_KEY_ROOT_NODE_OFFSET,
262            MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type));
264     ctx->have_public_key = 1;
269 int mbedtls_lms_export_public_key(const mbedtls_lms_public_t *ctx,
273     if (key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type)) {
277     if (!ctx->have_public_key) {
281     MBEDTLS_PUT_UINT32_BE(ctx->params.type, key, PUBLIC_KEY_TYPE_OFFSET);
282     MBEDTLS_PUT_UINT32_BE(ctx->params.otstype, key, PUBLIC_KEY_OTSTYPE_OFFSET);
284            ctx->params.I_key_identifier,
287            ctx->T_1_pub_key,
288            MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type));
291         *key_len = MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type);
297 int mbedtls_lms_verify(const mbedtls_lms_public_t *ctx,
312     if (!ctx->have_public_key) {
316     if (ctx->params.type
321     if (ctx->params.otstype
326     if (sig_size != MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype)) {
339     if (sig_size < SIG_TYPE_OFFSET(ctx->params.otstype) + MBEDTLS_LMS_TYPE_LEN) {
343     if (MBEDTLS_GET_UINT32_BE(sig, SIG_TYPE_OFFSET(ctx->params.otstype))
351     if (q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type)) {
356            ctx->params.I_key_identifier,
359     ots_params.type = ctx->params.otstype;
365                                                        MBEDTLS_LMOTS_SIG_LEN(ctx->params.otstype),
374         &ctx->params,
376         MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,
379     curr_node_id = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) +
382     for (height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type);
388             left_node = sig + SIG_PATH_OFFSET(ctx->params.otstype) +
389                         height * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type);
393             right_node = sig + SIG_PATH_OFFSET(ctx->params.otstype) +
394                          height * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type);
397         create_merkle_internal_value(&ctx->params, left_node, right_node,
403     if (memcmp(Tc_candidate_root_node, ctx->T_1_pub_key,
404                MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type))) {
417  *  ctx                 The LMS private context, containing a parameter
427 static int calculate_merkle_tree(const mbedtls_lms_private_t *ctx,
436          priv_key_idx < MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type);
438         r_node_idx = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + priv_key_idx;
440         ret = create_merkle_leaf_value(&ctx->params,
441                                        ctx->ots_public_keys[priv_key_idx].public_key,
444                                                  ctx->params.type)]);
452     for (r_node_idx = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) - 1;
455         ret = create_merkle_internal_value(&ctx->params,
457                                                  MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)],
459                                                  MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)],
462                                                  MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)]);
475  *  ctx                 The LMS private context, containing a parameter
483 static int get_merkle_path(mbedtls_lms_private_t *ctx,
487     const size_t node_bytes = MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type);
494     tree = mbedtls_calloc((size_t) MERKLE_TREE_NODE_AM(ctx->params.type),
500     ret = calculate_merkle_tree(ctx, tree);
505     for (height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type);
519                              (size_t) MERKLE_TREE_NODE_AM(ctx->params.type));
524 void mbedtls_lms_private_init(mbedtls_lms_private_t *ctx)
526     memset(ctx, 0, sizeof(*ctx));
529 void mbedtls_lms_private_free(mbedtls_lms_private_t *ctx)
533     if (ctx->have_private_key) {
534         if (ctx->ots_private_keys != NULL) {
535             for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) {
536                 mbedtls_lmots_private_free(&ctx->ots_private_keys[idx]);
540         if (ctx->ots_public_keys != NULL) {
541             for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) {
542                 mbedtls_lmots_public_free(&ctx->ots_public_keys[idx]);
546         mbedtls_free(ctx->ots_private_keys);
547         mbedtls_free(ctx->ots_public_keys);
550     mbedtls_platform_zeroize(ctx, sizeof(*ctx));
554 int mbedtls_lms_generate_private_key(mbedtls_lms_private_t *ctx,
572     if (ctx->have_private_key) {
576     ctx->params.type = type;
577     ctx->params.otstype = otstype;
578     ctx->have_private_key = 1;
581                 ctx->params.I_key_identifier,
589     ctx->ots_private_keys = mbedtls_calloc((size_t) MERKLE_TREE_LEAF_NODE_AM(ctx->params.type),
590                                            sizeof(*ctx->ots_private_keys));
591     if (ctx->ots_private_keys == NULL) {
598     ctx->ots_public_keys = mbedtls_calloc((size_t) MERKLE_TREE_LEAF_NODE_AM(ctx->params.type),
599                                           sizeof(*ctx->ots_public_keys));
600     if (ctx->ots_public_keys == NULL) {
605     for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) {
606         mbedtls_lmots_private_init(&ctx->ots_private_keys[idx]);
607         mbedtls_lmots_public_init(&ctx->ots_public_keys[idx]);
611     for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) {
612         ret = mbedtls_lmots_generate_private_key(&ctx->ots_private_keys[idx],
614                                                  ctx->params.I_key_identifier,
620         ret = mbedtls_lmots_calculate_public_key(&ctx->ots_public_keys[idx],
621                                                  &ctx->ots_private_keys[idx]);
627     ctx->q_next_usable_key = 0;
631         mbedtls_lms_private_free(ctx);
637 int mbedtls_lms_calculate_public_key(mbedtls_lms_public_t *ctx,
664     memcpy(&ctx->params, &priv_ctx->params,
673     memcpy(ctx->T_1_pub_key, &tree[node_bytes], node_bytes);
675     ctx->have_public_key = 1;
687 int mbedtls_lms_sign(mbedtls_lms_private_t *ctx,
696     if (!ctx->have_private_key) {
700     if (sig_size < MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype)) {
704     if (ctx->params.type != MBEDTLS_LMS_SHA256_M32_H10) {
708     if (ctx->params.otstype
713     if (ctx->q_next_usable_key >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type)) {
718     q_leaf_identifier = ctx->q_next_usable_key;
722     ctx->q_next_usable_key += 1;
724     if (MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype)
729     ret = mbedtls_lmots_sign(&ctx->ots_private_keys[q_leaf_identifier],
735                              MBEDTLS_LMS_SIG_LEN(ctx->params.type,
736                                                  ctx->params.otstype) - SIG_OTS_SIG_OFFSET,
742     MBEDTLS_PUT_UINT32_BE(ctx->params.type, sig, SIG_TYPE_OFFSET(ctx->params.otstype));
745     ret = get_merkle_path(ctx,
746                           MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,
747                           sig + SIG_PATH_OFFSET(ctx->params.otstype));
753         *sig_len = MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype);

Indexes created Thu Nov 07 10:32:03 CST 2024