diff options
-rw-r--r-- | hal.h | 2 | ||||
-rw-r--r-- | hashsig.c | 45 |
2 files changed, 26 insertions, 21 deletions
@@ -1023,6 +1023,8 @@ extern hal_error_t hal_hashsig_private_key_from_der(hal_hashsig_key_t **key_, void *keybuf, const size_t keybuf_len, const uint8_t *der, const size_t der_len); +extern size_t hal_hashsig_public_key_len(const hal_lms_algorithm_t lms_type); + extern hal_error_t hal_hashsig_public_key_to_der(const hal_hashsig_key_t * const key, uint8_t *der, size_t *der_len, const size_t der_max); @@ -1,9 +1,11 @@ /* * hashsig.c * --------- - * Implementation of draft-mcgrew-hash-sigs-15.txt + * Implementation of RFC 8554 Leighton-Micali Hash-Based Signatures * * Copyright (c) 2018, NORDUnet A/S All rights reserved. + * Copyright: 2020, The Commons Conservancy Cryptech Project + * SPDX-License-Identifier: BSD-3-Clause * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are @@ -15,9 +17,9 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * - Neither the name of the NORDUnet nor the names of its contributors may - * be used to endorse or promote products derived from this software - * without specific prior written permission. + * - Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED @@ -230,9 +232,15 @@ static hal_error_t lmots_generate(lmots_key_t * const key, bytestring32 *seed) if (key == NULL || key->type != HAL_KEY_TYPE_HASHSIG_LMOTS || key->lmots == NULL || key->x == NULL) return HAL_ERROR_BAD_ARGUMENTS; - size_t n = key->lmots->n; - size_t p = key->lmots->p; - size_t w = key->lmots->w; + const size_t n = key->lmots->n; + const size_t p = key->lmots->p; + const size_t w = key->lmots->w; + + uint8_t statebuf[512]; + hal_hash_state_t *state = NULL; + uint32_t l; + uint16_t s; + uint8_t b; /* generate the private key */ @@ -245,12 +253,6 @@ static hal_error_t lmots_generate(lmots_key_t * const key, bytestring32 *seed) else { /* use the pseudorandom key generation scheme */ for (size_t i = 0; i < p; ++i) { - uint8_t statebuf[512]; - hal_hash_state_t *state = NULL; - uint32_t l; - uint16_t s; - uint8_t b; - /* x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED) */ check(hal_hash_initialize(NULL, hal_hash_sha256, &state, statebuf, sizeof(statebuf))); check(hal_hash_update(state, (const uint8_t *)&key->I, sizeof(key->I))); @@ -264,13 +266,7 @@ static hal_error_t lmots_generate(lmots_key_t * const key, bytestring32 *seed) /* generate the public key */ - uint8_t statebuf[512]; - hal_hash_state_t *state = NULL; bytestring32 y[p]; - uint32_t l; - uint16_t s; - uint8_t b; - for (size_t i = 0; i < p; ++i) { y[i] = key->x[i]; for (size_t j = 0; j < (1U << w) - 1; ++j) { @@ -1091,13 +1087,20 @@ static hss_key_t *hss_find(hal_uuid_t *I) return NULL; } -#if 0 /* currently unused */ static inline size_t hss_public_key_len(lms_parameter_t * const lms) { /* L || pub[0] */ return sizeof(uint32_t) + lms_public_key_len(lms); } -#endif + +size_t hal_hashsig_public_key_len(const hal_lms_algorithm_t lms_type) +{ + lms_parameter_t * const lms = lms_select_parameter_set(lms_type); + if (lms == NULL) + return 0; + + return hss_public_key_len(lms); +} static inline size_t hss_signature_len(const size_t L, lms_parameter_t * const lms, lmots_parameter_t * const lmots) { |