aboutsummaryrefslogtreecommitdiff
path: root/hashsig.c
AgeCommit message (Collapse)Author
2019-03-31Hashsig cleanup.Paul Selkirk
- Move hashsig.h contents into hal.h. - Uppercase lmots and lms algorithm types, because we have a convention that enum values are uppercase. - Change all I to hal_uuid_t, because that how we're using them, and it seems silly to have two different 16-byte array types. - Change all "memcpy(&this, &that, sizeof(this))" to "this = that", because it's more succinct, more type-safe, and harder to get wrong. - Slightly tighten up lmots_generate, lmots_sign, and lmots_public_key_candidate. - Remove verbatim draft text, now that I'm pretty sure I implemented it correctly.
2019-03-31Add support for hashsig key export/import.Paul Selkirk
2019-03-04On device restart, if a hashsig key was generated using the pseudorandomPaul Selkirk
method, and it's missing one or more lmots keys, those keys can be regenerated. OTOH, if an lms key is damaged or missing, it's still a fatal error, because that's the only place we record the current q value.
2019-03-04Use the hashsig pseudorandom key generation method if the key is exportable.Paul Selkirk
2018-11-14Add some yields to hal_hashsig_ks_init, so other tasks can run while we're ↵Paul Selkirk
rebuilding the hash tree.
2018-08-12Clean up builds for *BSD/clang.Paul Selkirk
Move lm[ot]s_algorithm_t definitions to hal.h, prefix all public symbols with 'hal_'. Remove some unused functions. Wrap hal_pkey_slot_t initializers in an extra set of curly braces. Remove an unused-argument kludge (x=x;) because gcc doesn't care, and clang complains. Make timersub a proper macro. Add some casts to printf arguments, because !@#$ printf formats.
2018-07-24Change the rest of the hashsig ASN.1 wrapper functions to static inline, for ↵Paul Selkirk
consistency.
2018-07-24A recent(?) version of arm-none-eabi-gcc decided to make storage for enumsPaul Selkirk
the minimum size necessary, so hal_asn1_decode_lms_algorithm and hal_asn1_decode_lmots_algorithm were writing 4 bytes of data into 1-byte variables. Hilarity ensued. Yes, I already knew that conflating enum with uint32_t was a bad idea, I was just being lazy. For that matter, sizeof(size_t) isn't guaranteed either, although arm-none-eabi-gcc treats it as 32 bits on this 32-bit target (for now), so exercise proper data hygiene in hal_asn1_decode_size_t as well.
2018-07-24Add protection against trying to use hashsig while the restart mechanism is ↵Paul Selkirk
rebuilding the tree.
2018-05-01Add some yields to try to improve responsiveness during hashsig key ↵Paul Selkirk
generation and deletion.
2018-04-19Reconstruct the hashsig hash tree(s) on device restart.Paul Selkirk
2018-04-19Update to draft-10: clarifications and Test Case 2;Paul Selkirk
add ability to export public key to xdr for interop testing
2018-04-19For 2^w and 2^h, replace hard-coded w2 and h2 values with 1<<w and 1<<h.Paul Selkirk
2018-04-19Fold the coef* functions into a single function, because that really was ↵Paul Selkirk
premature optimization.
2018-04-19Fix coef4, which was swapping digitsPaul Selkirk
2018-04-19Implement hash-based signatures, per draft-mcgrew-hash-sigs-08.txtPaul Selkirk