Lines Matching +full:- +full:- +full:exit +full:- +full:status
2 * The LM-OTS one-time public-key signature scheme
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
10 * of the LM-OTS algorithm:
16 * [2] NIST Special Publication 800-208
18 * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf
38 static int local_err_translation(psa_status_t status) in local_err_translation() argument
40 return psa_status_to_mbedtls(status, psa_to_lms_errors, in local_err_translation()
44 #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) argument
54 /* We only support parameter sets that use 8-bit digits, as it does not require
62 #define DIGIT_MAX_VALUE ((1u << W_WINTERNITZ_PARAMETER) - 1u)
78 bytes[idx] = (val >> ((len - 1 - idx) * 8)) & 0xFF; in mbedtls_lms_unsigned_int_to_network_bytes()
89 val |= ((unsigned int) bytes[idx]) << (8 * (len - 1 - idx)); in mbedtls_lms_network_bytes_to_unsigned_int()
96 * string. See NIST SP800-208 section 3.1 or RFC8554 Algorithm 2 for details of
112 for (idx = 0; idx < MBEDTLS_LMOTS_N_HASH_LEN(params->type); idx++) { in lmots_checksum_calculate()
113 sum += DIGIT_MAX_VALUE - digest[idx]; in lmots_checksum_calculate()
121 * SP800-208 section 3.1 or RFC8554 Algorithm 3 step 5 (also used in Algorithm
149 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in create_digit_array_with_checksum() local
153 status = psa_hash_setup(&op, PSA_ALG_SHA_256); in create_digit_array_with_checksum()
154 if (status != PSA_SUCCESS) { in create_digit_array_with_checksum()
155 goto exit; in create_digit_array_with_checksum()
158 status = psa_hash_update(&op, params->I_key_identifier, in create_digit_array_with_checksum()
160 if (status != PSA_SUCCESS) { in create_digit_array_with_checksum()
161 goto exit; in create_digit_array_with_checksum()
164 status = psa_hash_update(&op, params->q_leaf_identifier, in create_digit_array_with_checksum()
166 if (status != PSA_SUCCESS) { in create_digit_array_with_checksum()
167 goto exit; in create_digit_array_with_checksum()
170 status = psa_hash_update(&op, D_MESSAGE_CONSTANT_BYTES, D_CONST_LEN); in create_digit_array_with_checksum()
171 if (status != PSA_SUCCESS) { in create_digit_array_with_checksum()
172 goto exit; in create_digit_array_with_checksum()
175 status = psa_hash_update(&op, C_random_value, in create_digit_array_with_checksum()
176 MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(params->type)); in create_digit_array_with_checksum()
177 if (status != PSA_SUCCESS) { in create_digit_array_with_checksum()
178 goto exit; in create_digit_array_with_checksum()
181 status = psa_hash_update(&op, msg, msg_len); in create_digit_array_with_checksum()
182 if (status != PSA_SUCCESS) { in create_digit_array_with_checksum()
183 goto exit; in create_digit_array_with_checksum()
186 status = psa_hash_finish(&op, out, in create_digit_array_with_checksum()
187 MBEDTLS_LMOTS_N_HASH_LEN(params->type), in create_digit_array_with_checksum()
189 if (status != PSA_SUCCESS) { in create_digit_array_with_checksum()
190 goto exit; in create_digit_array_with_checksum()
195 out + MBEDTLS_LMOTS_N_HASH_LEN(params->type)); in create_digit_array_with_checksum()
197 exit: in create_digit_array_with_checksum()
200 return PSA_TO_MBEDTLS_ERR(status); in create_digit_array_with_checksum()
224 * bounded to be less than 2^w - 1 (255 in the case
245 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in hash_digit_array() local
250 i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type); in hash_digit_array()
254 &x_digit_array[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)], in hash_digit_array()
255 MBEDTLS_LMOTS_N_HASH_LEN(params->type)); in hash_digit_array()
265 status = psa_hash_setup(&op, PSA_ALG_SHA_256); in hash_digit_array()
266 if (status != PSA_SUCCESS) { in hash_digit_array()
267 goto exit; in hash_digit_array()
270 status = psa_hash_update(&op, in hash_digit_array()
271 params->I_key_identifier, in hash_digit_array()
273 if (status != PSA_SUCCESS) { in hash_digit_array()
274 goto exit; in hash_digit_array()
277 status = psa_hash_update(&op, in hash_digit_array()
278 params->q_leaf_identifier, in hash_digit_array()
280 if (status != PSA_SUCCESS) { in hash_digit_array()
281 goto exit; in hash_digit_array()
287 status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN); in hash_digit_array()
288 if (status != PSA_SUCCESS) { in hash_digit_array()
289 goto exit; in hash_digit_array()
295 status = psa_hash_update(&op, j_hash_idx_bytes, J_HASH_IDX_LEN); in hash_digit_array()
296 if (status != PSA_SUCCESS) { in hash_digit_array()
297 goto exit; in hash_digit_array()
300 status = psa_hash_update(&op, tmp_hash, in hash_digit_array()
301 MBEDTLS_LMOTS_N_HASH_LEN(params->type)); in hash_digit_array()
302 if (status != PSA_SUCCESS) { in hash_digit_array()
303 goto exit; in hash_digit_array()
306 status = psa_hash_finish(&op, tmp_hash, sizeof(tmp_hash), in hash_digit_array()
308 if (status != PSA_SUCCESS) { in hash_digit_array()
309 goto exit; in hash_digit_array()
315 memcpy(&output[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)], in hash_digit_array()
316 tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN(params->type)); in hash_digit_array()
319 exit: in hash_digit_array()
323 return PSA_TO_MBEDTLS_ERR(status); in hash_digit_array()
346 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in public_key_from_hashed_digit_array() local
349 status = psa_hash_setup(&op, PSA_ALG_SHA_256); in public_key_from_hashed_digit_array()
350 if (status != PSA_SUCCESS) { in public_key_from_hashed_digit_array()
351 goto exit; in public_key_from_hashed_digit_array()
354 status = psa_hash_update(&op, in public_key_from_hashed_digit_array()
355 params->I_key_identifier, in public_key_from_hashed_digit_array()
357 if (status != PSA_SUCCESS) { in public_key_from_hashed_digit_array()
358 goto exit; in public_key_from_hashed_digit_array()
361 status = psa_hash_update(&op, params->q_leaf_identifier, in public_key_from_hashed_digit_array()
363 if (status != PSA_SUCCESS) { in public_key_from_hashed_digit_array()
364 goto exit; in public_key_from_hashed_digit_array()
367 status = psa_hash_update(&op, D_PUBLIC_CONSTANT_BYTES, D_CONST_LEN); in public_key_from_hashed_digit_array()
368 if (status != PSA_SUCCESS) { in public_key_from_hashed_digit_array()
369 goto exit; in public_key_from_hashed_digit_array()
372 status = psa_hash_update(&op, y_hashed_digits, in public_key_from_hashed_digit_array()
373 MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type) * in public_key_from_hashed_digit_array()
374 MBEDTLS_LMOTS_N_HASH_LEN(params->type)); in public_key_from_hashed_digit_array()
375 if (status != PSA_SUCCESS) { in public_key_from_hashed_digit_array()
376 goto exit; in public_key_from_hashed_digit_array()
379 status = psa_hash_finish(&op, pub_key, in public_key_from_hashed_digit_array()
380 MBEDTLS_LMOTS_N_HASH_LEN(params->type), in public_key_from_hashed_digit_array()
382 if (status != PSA_SUCCESS) { in public_key_from_hashed_digit_array()
384 exit: in public_key_from_hashed_digit_array()
388 return PSA_TO_MBEDTLS_ERR(status); in public_key_from_hashed_digit_array()
392 int mbedtls_lms_error_from_psa(psa_status_t status) in mbedtls_lms_error_from_psa() argument
394 switch (status) { in mbedtls_lms_error_from_psa()
428 ctx->params.type = in mbedtls_lmots_import_public_key()
434 if (key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) { in mbedtls_lmots_import_public_key()
438 memcpy(ctx->params.I_key_identifier, in mbedtls_lmots_import_public_key()
442 memcpy(ctx->params.q_leaf_identifier, in mbedtls_lmots_import_public_key()
446 memcpy(ctx->public_key, in mbedtls_lmots_import_public_key()
448 MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type)); in mbedtls_lmots_import_public_key()
450 ctx->have_public_key = 1; in mbedtls_lmots_import_public_key()
459 if (key_size < MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) { in mbedtls_lmots_export_public_key()
463 if (!ctx->have_public_key) { in mbedtls_lmots_export_public_key()
467 mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type, in mbedtls_lmots_export_public_key()
472 ctx->params.I_key_identifier, in mbedtls_lmots_export_public_key()
476 ctx->params.q_leaf_identifier, in mbedtls_lmots_export_public_key()
479 memcpy(key + PUBLIC_KEY_KEY_HASH_OFFSET, ctx->public_key, in mbedtls_lmots_export_public_key()
480 MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type)); in mbedtls_lmots_export_public_key()
483 *key_len = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type); in mbedtls_lmots_export_public_key()
506 if (sig_size != MBEDTLS_LMOTS_SIG_LEN(params->type) || in mbedtls_lmots_calculate_public_key_candidate()
507 out_size < MBEDTLS_LMOTS_N_HASH_LEN(params->type)) { in mbedtls_lmots_calculate_public_key_candidate()
519 sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(params->type), in mbedtls_lmots_calculate_public_key_candidate()
533 *out_len = MBEDTLS_LMOTS_N_HASH_LEN(params->type); in mbedtls_lmots_calculate_public_key_candidate()
550 if (!ctx->have_public_key) { in mbedtls_lmots_verify()
554 if (ctx->params.type != MBEDTLS_LMOTS_SHA256_N32_W8) { in mbedtls_lmots_verify()
568 ret = mbedtls_lmots_calculate_public_key_candidate(&ctx->params, in mbedtls_lmots_verify()
571 MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type), in mbedtls_lmots_verify()
577 if (memcmp(&Kc_public_key_candidate, ctx->public_key, in mbedtls_lmots_verify()
578 sizeof(ctx->public_key))) { in mbedtls_lmots_verify()
606 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in mbedtls_lmots_generate_private_key() local
612 if (ctx->have_private_key) { in mbedtls_lmots_generate_private_key()
620 ctx->params.type = type; in mbedtls_lmots_generate_private_key()
622 memcpy(ctx->params.I_key_identifier, in mbedtls_lmots_generate_private_key()
624 sizeof(ctx->params.I_key_identifier)); in mbedtls_lmots_generate_private_key()
628 ctx->params.q_leaf_identifier); in mbedtls_lmots_generate_private_key()
634 i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type); in mbedtls_lmots_generate_private_key()
636 status = psa_hash_setup(&op, PSA_ALG_SHA_256); in mbedtls_lmots_generate_private_key()
637 if (status != PSA_SUCCESS) { in mbedtls_lmots_generate_private_key()
638 goto exit; in mbedtls_lmots_generate_private_key()
641 status = psa_hash_update(&op, in mbedtls_lmots_generate_private_key()
642 ctx->params.I_key_identifier, in mbedtls_lmots_generate_private_key()
643 sizeof(ctx->params.I_key_identifier)); in mbedtls_lmots_generate_private_key()
644 if (status != PSA_SUCCESS) { in mbedtls_lmots_generate_private_key()
645 goto exit; in mbedtls_lmots_generate_private_key()
648 status = psa_hash_update(&op, in mbedtls_lmots_generate_private_key()
649 ctx->params.q_leaf_identifier, in mbedtls_lmots_generate_private_key()
651 if (status != PSA_SUCCESS) { in mbedtls_lmots_generate_private_key()
652 goto exit; in mbedtls_lmots_generate_private_key()
657 status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN); in mbedtls_lmots_generate_private_key()
658 if (status != PSA_SUCCESS) { in mbedtls_lmots_generate_private_key()
659 goto exit; in mbedtls_lmots_generate_private_key()
662 status = psa_hash_update(&op, const_bytes, sizeof(const_bytes)); in mbedtls_lmots_generate_private_key()
663 if (status != PSA_SUCCESS) { in mbedtls_lmots_generate_private_key()
664 goto exit; in mbedtls_lmots_generate_private_key()
667 status = psa_hash_update(&op, seed, seed_size); in mbedtls_lmots_generate_private_key()
668 if (status != PSA_SUCCESS) { in mbedtls_lmots_generate_private_key()
669 goto exit; in mbedtls_lmots_generate_private_key()
672 status = psa_hash_finish(&op, in mbedtls_lmots_generate_private_key()
673 ctx->private_key[i_digit_idx], in mbedtls_lmots_generate_private_key()
674 MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type), in mbedtls_lmots_generate_private_key()
676 if (status != PSA_SUCCESS) { in mbedtls_lmots_generate_private_key()
677 goto exit; in mbedtls_lmots_generate_private_key()
683 ctx->have_private_key = 1; in mbedtls_lmots_generate_private_key()
685 exit: in mbedtls_lmots_generate_private_key()
688 return PSA_TO_MBEDTLS_ERR(status); in mbedtls_lmots_generate_private_key()
698 if (!priv_ctx->have_private_key) { in mbedtls_lmots_calculate_public_key()
702 ret = hash_digit_array(&priv_ctx->params, in mbedtls_lmots_calculate_public_key()
703 (unsigned char *) priv_ctx->private_key, NULL, in mbedtls_lmots_calculate_public_key()
706 goto exit; in mbedtls_lmots_calculate_public_key()
709 ret = public_key_from_hashed_digit_array(&priv_ctx->params, in mbedtls_lmots_calculate_public_key()
711 ctx->public_key); in mbedtls_lmots_calculate_public_key()
713 goto exit; in mbedtls_lmots_calculate_public_key()
716 memcpy(&ctx->params, &priv_ctx->params, in mbedtls_lmots_calculate_public_key()
717 sizeof(ctx->params)); in mbedtls_lmots_calculate_public_key()
719 ctx->have_public_key = 1; in mbedtls_lmots_calculate_public_key()
721 exit: in mbedtls_lmots_calculate_public_key()
748 if (sig_size < MBEDTLS_LMOTS_SIG_LEN(ctx->params.type)) { in mbedtls_lmots_sign()
753 if (!ctx->have_private_key) { in mbedtls_lmots_sign()
758 MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type)); in mbedtls_lmots_sign()
763 ret = create_digit_array_with_checksum(&ctx->params, in mbedtls_lmots_sign()
768 goto exit; in mbedtls_lmots_sign()
771 ret = hash_digit_array(&ctx->params, (unsigned char *) ctx->private_key, in mbedtls_lmots_sign()
774 goto exit; in mbedtls_lmots_sign()
777 mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type, in mbedtls_lmots_sign()
796 ctx->have_private_key = 0; in mbedtls_lmots_sign()
797 mbedtls_platform_zeroize(ctx->private_key, in mbedtls_lmots_sign()
798 sizeof(ctx->private_key)); in mbedtls_lmots_sign()
801 MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(ctx->params.type)); in mbedtls_lmots_sign()
803 memcpy(sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(ctx->params.type), tmp_sig, in mbedtls_lmots_sign()
804 MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type) in mbedtls_lmots_sign()
805 * MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type)); in mbedtls_lmots_sign()
808 *sig_len = MBEDTLS_LMOTS_SIG_LEN(ctx->params.type); in mbedtls_lmots_sign()
813 exit: in mbedtls_lmots_sign()