diff options
Diffstat (limited to 'hashsig.c')
-rw-r--r-- | hashsig.c | 60 |
1 files changed, 30 insertions, 30 deletions
@@ -139,13 +139,13 @@ static inline hal_error_t hal_xdr_decode_bytestring16(const uint8_t ** const inb typedef const struct lmots_parameter_set { lmots_algorithm_t type; - size_t n, w, w2, p, ls; + size_t n, w, p, ls; } lmots_parameter_t; static lmots_parameter_t lmots_parameters[] = { - { lmots_sha256_n32_w1, 32, 1, 2, 265, 7 }, - { lmots_sha256_n32_w2, 32, 2, 4, 133, 6 }, - { lmots_sha256_n32_w4, 32, 4, 16, 67, 4 }, - { lmots_sha256_n32_w8, 32, 8, 256, 34, 0 }, + { lmots_sha256_n32_w1, 32, 1, 265, 7 }, + { lmots_sha256_n32_w2, 32, 2, 133, 6 }, + { lmots_sha256_n32_w4, 32, 4, 67, 4 }, + { lmots_sha256_n32_w8, 32, 8, 34, 0 }, }; typedef struct lmots_key { @@ -199,7 +199,7 @@ static hal_error_t lmots_generate(lmots_key_t * const key) size_t n = key->lmots->n; size_t p = key->lmots->p; - size_t w2 = key->lmots->w2; + size_t w = key->lmots->w; // 4. compute the array x as follows: // for ( i = 0; i < p; i = i + 1 ) { @@ -229,7 +229,7 @@ static hal_error_t lmots_generate(lmots_key_t * const key) memcpy(&tmp, &key->x[i], sizeof(tmp)); // for ( j = 0; j < 2^w - 1; j = j + 1 ) { - for (size_t j = 0; j < w2 - 1; ++j) { + for (size_t j = 0; j < (1U << w) - 1; ++j) { // tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) check(hal_hash_initialize(NULL, hal_hash_sha256, &state, statebuf, sizeof(statebuf))); @@ -282,7 +282,7 @@ static uint16_t Cksm(const uint8_t * const S, lmots_parameter_t *lmots) uint16_t sum = 0; for (size_t i = 0; i < (lmots->n * 8 / lmots->w); ++i) - sum += (lmots->w2 - 1) - coef(S, i, lmots->w); + sum += ((1 << lmots->w) - 1) - coef(S, i, lmots->w); return (sum << lmots->ls); } @@ -415,7 +415,6 @@ static hal_error_t lmots_public_key_candidate(const lmots_key_t * const key, size_t n = key->lmots->n; size_t p = key->lmots->p; size_t w = key->lmots->w; - size_t w2 = key->lmots->w2; // d. C = next n bytes of signature @@ -465,7 +464,7 @@ static hal_error_t lmots_public_key_candidate(const lmots_key_t * const key, memcpy(&tmp, &y[i], sizeof(tmp)); // for ( j = a; j < 2^w - 1; j = j + 1 ) { - for (size_t j = (size_t)a; j < w2 - 1; ++j) { + for (size_t j = (size_t)a; j < (1U << w) - 1; ++j) { // tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) check(hal_hash_initialize(NULL, hal_hash_sha256, &state, statebuf, sizeof(statebuf))); @@ -608,14 +607,14 @@ static hal_error_t lmots_private_key_from_der(lmots_key_t *key, typedef const struct lms_parameter_set { lms_algorithm_t type; - size_t m, h, h2; + size_t m, h; } lms_parameter_t; static lms_parameter_t lms_parameters[] = { - { lms_sha256_n32_h5, 32, 5, 32 }, - { lms_sha256_n32_h10, 32, 10, 1024 }, - { lms_sha256_n32_h15, 32, 15, 32768 }, - { lms_sha256_n32_h20, 32, 20, 1048576 }, - { lms_sha256_n32_h25, 32, 25, 33554432 }, + { lms_sha256_n32_h5, 32, 5 }, + { lms_sha256_n32_h10, 32, 10 }, + { lms_sha256_n32_h15, 32, 15 }, + { lms_sha256_n32_h20, 32, 20 }, + { lms_sha256_n32_h25, 32, 25 }, }; typedef struct lms_key { @@ -686,8 +685,7 @@ static hal_error_t lms_generate(lms_key_t *key) hal_hash_state_t *state = NULL; uint32_t l; uint16_t s; - - size_t h2 = key->lms->h2; + size_t h2 = (1 << key->lms->h); /* private key - array of lmots key names */ for (size_t q = 0; q < h2; ++q) { @@ -755,7 +753,7 @@ static hal_error_t lms_delete(const lms_key_t * const key) hal_ks_t *ks = (key->level == 0) ? hal_ks_token : hal_ks_volatile; /* delete the lmots keys */ - for (size_t i = 0; i < key->lms->h2; ++i) { + for (size_t i = 0; i < (1U << key->lms->h); ++i) { memcpy(&slot.name, &key->lmots_keys[i], sizeof(slot.name)); check(hal_ks_delete(ks, &slot)); } @@ -775,7 +773,7 @@ static hal_error_t lms_sign(lms_key_t * const key, if (key == NULL || key->type != HAL_KEY_TYPE_HASHSIG_LMS || msg == NULL || sig == NULL) return HAL_ERROR_BAD_ARGUMENTS; - if (key->q >= key->lms->h2) + if (key->q >= (1U << key->lms->h)) return HAL_ERROR_HASHSIG_KEY_EXHAUSTED; if (sig_max < lms_signature_len(key->lms, key->lmots)) @@ -817,7 +815,7 @@ static hal_error_t lms_sign(lms_key_t * const key, check(hal_xdr_encode_int(&sigptr, siglim, key->lms->type)); /* generate the path array */ - for (size_t r = key->lms->h2 + key->q; r > 1; r /= 2) + for (size_t r = (1 << key->lms->h) + key->q; r > 1; r /= 2) check(hal_xdr_encode_bytestring32(&sigptr, siglim, ((r & 1) ? &key->T[r-1] : &key->T[r+1]))); if (sig_len != NULL) @@ -946,7 +944,7 @@ static hal_error_t lms_public_key_candidate(const lms_key_t * const key, size_t m = key->lms->m; size_t h = key->lms->h; - size_t h2 = key->lms->h2; + size_t h2 = (1 << key->lms->h); // h. if q >= 2^h or the signature is not exactly 12 + n * (p + 1) + m * h bytes long, return INVALID @@ -1214,6 +1212,7 @@ hal_error_t hal_hashsig_key_gen(hal_core_t *core, lms_parameter_t *lms = lms_select_parameter_set(lms_type); if (lms == NULL) return HAL_ERROR_BAD_ARGUMENTS; + size_t h2 = (1 << lms->h); lmots_parameter_t *lmots = lmots_select_parameter_set(lmots_type); if (lmots == NULL) @@ -1236,12 +1235,12 @@ hal_error_t hal_hashsig_key_gen(hal_core_t *core, /* check flash keystore for space to store the root tree */ size_t available; check(hal_ks_available(hal_ks_token, &available)); - if (available < lms->h2 + 2) + if (available < h2 + 2) return HAL_ERROR_NO_KEY_INDEX_SLOTS; /* check volatile keystore for space to store the lower-level trees */ check(hal_ks_available(hal_ks_volatile, &available)); - if (available < (L - 1) * (lms->h2 + 1)) + if (available < (L - 1) * (h2 + 1)) return HAL_ERROR_NO_KEY_INDEX_SLOTS; size_t lms_sig_len = lms_signature_len(lms, lmots); @@ -1252,8 +1251,8 @@ hal_error_t hal_hashsig_key_gen(hal_core_t *core, L * sizeof(lms_key_t) + L * lms_sig_len + L * lms_pub_len + - L * lms->h2 * sizeof(hal_uuid_t) + - L * (2 * lms->h2 - 1) * sizeof(bytestring32)); + L * h2 * sizeof(hal_uuid_t) + + L * (2 * h2 - 1) * sizeof(bytestring32)); uint8_t *mem = hal_allocate_static_memory(len); if (mem == NULL) return HAL_ERROR_ALLOCATION_FAILURE; @@ -1280,8 +1279,8 @@ hal_error_t hal_hashsig_key_gen(hal_core_t *core, lms_key->lms = lms; lms_key->lmots = lmots; lms_key->level = i; - lms_key->lmots_keys = (hal_uuid_t *)gnaw(&mem, &len, lms->h2 * sizeof(hal_uuid_t)); - lms_key->T = gnaw(&mem, &len, (2 * lms->h2 - 1) * sizeof(bytestring32)); + lms_key->lmots_keys = (hal_uuid_t *)gnaw(&mem, &len, h2 * sizeof(hal_uuid_t)); + lms_key->T = gnaw(&mem, &len, (2 * h2 - 1) * sizeof(bytestring32)); lms_key->signature = gnaw(&mem, &len, lms_sig_len); lms_key->signature_len = lms_sig_len; lms_key->pubkey = gnaw(&mem, &len, lms_pub_len); @@ -1373,9 +1372,10 @@ hal_error_t hal_hashsig_sign(hal_core_t *core, // values, then the public key pub[i] is signed with prv[i-1], and // sig[i-1] is set to the resulting value. - if (key->lms_keys[key->L-1].q >= key->lms->h2) { + size_t h2 = (1 << key->lms->h); + if (key->lms_keys[key->L-1].q >= h2) { size_t d; - for (d = key->L-1; d > 0 && key->lms_keys[d-1].q >= key->lms->h2; --d) { + for (d = key->L-1; d > 0 && key->lms_keys[d-1].q >= h2; --d) { } if (d == 0) return HAL_ERROR_HASHSIG_KEY_EXHAUSTED; |