• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 
16 #ifndef SLH_DSA_LOCAL_H
17 #define SLH_DSA_LOCAL_H
18 
19 #include "hitls_build.h"
20 #ifdef HITLS_CRYPTO_SLH_DSA
21 
22 #include <stdint.h>
23 #include "bsl_params.h"
24 #include "crypt_algid.h"
25 #include "crypt_types.h"
26 #include "crypt_utils.h"
27 #include "slh_dsa_hash.h"
28 #include "crypt_types.h"
29 
30 #define SLH_DSA_ADRS_LEN            32
31 #define SLH_DSA_ADRS_COMPRESSED_LEN 22
32 #define SLH_DSA_MAX_N               32 // Security parameter (hash output length)
33 #define SLH_DSA_MAX_M               49
34 #define SLH_DSA_LGW                 4
35 #define SLH_DSA_W                   16 // 2^SLH_DSA_LGW
36 
37 typedef enum {
38     WOTS_HASH,
39     WOTS_PK,
40     TREE,
41     FORS_TREE,
42     FORS_ROOTS,
43     WOTS_PRF,
44     FORS_PRF,
45 } AdrsType;
46 
47 /**
48  * @brief Address structure definition
49  *
50  *  all the address is big-endian
51  *  it can be a address or a compressed address
52  *  Address:
53  *  | layer address | 4 bytes
54  *  | tree address  | 12 bytes
55  *  | type          | 4 bytes
56  *  | padding       | 12 bytes
57  *
58  *  Compressed Address:
59  *  | layer address | 1 bytes
60  *  | tree address  | 8 bytes
61  *  | type          | 1 bytes
62  *  | padding       | 12 bytes
63  *  | hole          | 10 bytes
64  */
65 union Adrs {
66     struct {
67         uint8_t layerAddr[4];
68         uint8_t treeAddr[12];
69         uint8_t type[4];
70         uint8_t padding[12];
71     } uc;
72     struct {
73         uint8_t layerAddr;
74         uint8_t treeAddr[8];
75         uint8_t type;
76         uint8_t padding[12];
77     } c;
78     uint8_t bytes[SLH_DSA_ADRS_LEN];
79 };
80 
81 // adrs operations functions
82 typedef void (*AdrsSetLayerAddr)(SlhDsaAdrs *adrs, uint32_t layer);
83 typedef void (*AdrsSetTreeAddr)(SlhDsaAdrs *adrs, uint64_t tree);
84 typedef void (*AdrsSetType)(SlhDsaAdrs *adrs, AdrsType type);
85 typedef void (*AdrsSetKeyPairAddr)(SlhDsaAdrs *adrs, uint32_t keyPair);
86 typedef void (*AdrsSetChainAddr)(SlhDsaAdrs *adrs, uint32_t chain);
87 typedef void (*AdrsSetTreeHeight)(SlhDsaAdrs *adrs, uint32_t height);
88 typedef void (*AdrsSetHashAddr)(SlhDsaAdrs *adrs, uint32_t hash);
89 typedef void (*AdrsSetTreeIndex)(SlhDsaAdrs *adrs, uint32_t index);
90 typedef uint32_t (*AdrsGetTreeHeight)(const SlhDsaAdrs *adrs);
91 typedef uint32_t (*AdrsGetTreeIndex)(const SlhDsaAdrs *adrs);
92 typedef void (*AdrsCopyKeyPairAddr)(SlhDsaAdrs *adrs, const SlhDsaAdrs *adrs2);
93 typedef uint32_t (*AdrsGetAdrsLen)(void);
94 
95 typedef struct {
96     AdrsSetLayerAddr setLayerAddr;
97     AdrsSetTreeAddr setTreeAddr;
98     AdrsSetType setType;
99     AdrsSetKeyPairAddr setKeyPairAddr;
100     AdrsSetChainAddr setChainAddr;
101     AdrsSetTreeHeight setTreeHeight;
102     AdrsSetHashAddr setHashAddr;
103     AdrsSetTreeIndex setTreeIndex;
104     AdrsGetTreeHeight getTreeHeight;
105     AdrsGetTreeIndex getTreeIndex;
106     AdrsCopyKeyPairAddr copyKeyPairAddr;
107     AdrsGetAdrsLen getAdrsLen;
108 } AdrsOps;
109 
110 // b can be 4, 6, 8, 9, 12, 14
111 // so use uint32_t to receive the BaseB value
112 void BaseB(const uint8_t *x, uint32_t xLen, uint32_t b, uint32_t *out, uint32_t outLen);
113 
114 typedef struct {
115     CRYPT_SLH_DSA_AlgId algId;
116     bool isCompressed;
117     uint32_t n;
118     uint32_t h;
119     uint32_t d;
120     uint32_t hp;
121     uint32_t a;
122     uint32_t k;
123     uint32_t m;
124     uint32_t secCategory;
125     uint32_t pkBytes;
126     uint32_t sigBytes;
127 } SlhDsaPara;
128 
129 typedef struct {
130     uint8_t seed[SLH_DSA_MAX_N]; // pubkey seed for generating keys
131     uint8_t root[SLH_DSA_MAX_N]; // pubkey root for generating keys
132 } SlhDsaPubKey;
133 /**
134  * @brief SLH-DSA private key structure
135  */
136 typedef struct {
137     uint8_t seed[SLH_DSA_MAX_N]; // prvkey seed for generating keys
138     uint8_t prf[SLH_DSA_MAX_N]; // prvkey prf for generating keys
139     SlhDsaPubKey pub;
140 } SlhDsaPrvKey;
141 
142 struct SlhDsaCtx {
143     SlhDsaPara para;
144     uint8_t *context; // user specific context
145     uint32_t contextLen; // length of the user specific context
146     bool isDeterministic;
147     uint8_t *addrand; // optional random bytes, can be set through CTRL interface, or comes from RNG
148     uint32_t addrandLen; // length of the optional random bytes
149     bool isPrehash;
150     SlhDsaPrvKey prvKey;
151     SlhDsaHashFuncs hashFuncs;
152     AdrsOps adrsOps;
153     void *libCtx;
154 };
155 
156 #endif // HITLS_CRYPTO_SLH_DSA
157 #endif // SLH_DSA_LOCAL_H