Lines Matching +full:- +full:- +full:exit +full:- +full:status
2 * The LMS stateful-hash public-key signature scheme
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
16 * [2] NIST Special Publication 800-208
18 * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf
39 static int local_err_translation(psa_status_t status) in local_err_translation() argument
41 return psa_status_to_mbedtls(status, psa_to_lms_errors, in local_err_translation()
45 #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) argument
89 * 1-indexed.
99 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in create_merkle_leaf_value() local
104 status = psa_hash_setup(&op, PSA_ALG_SHA_256); in create_merkle_leaf_value()
105 if (status != PSA_SUCCESS) { in create_merkle_leaf_value()
106 goto exit; in create_merkle_leaf_value()
109 status = psa_hash_update(&op, params->I_key_identifier, in create_merkle_leaf_value()
111 if (status != PSA_SUCCESS) { in create_merkle_leaf_value()
112 goto exit; in create_merkle_leaf_value()
116 status = psa_hash_update(&op, r_node_idx_bytes, 4); in create_merkle_leaf_value()
117 if (status != PSA_SUCCESS) { in create_merkle_leaf_value()
118 goto exit; in create_merkle_leaf_value()
121 status = psa_hash_update(&op, D_LEAF_CONSTANT_BYTES, D_CONST_LEN); in create_merkle_leaf_value()
122 if (status != PSA_SUCCESS) { in create_merkle_leaf_value()
123 goto exit; in create_merkle_leaf_value()
126 status = psa_hash_update(&op, pub_key, in create_merkle_leaf_value()
127 MBEDTLS_LMOTS_N_HASH_LEN(params->otstype)); in create_merkle_leaf_value()
128 if (status != PSA_SUCCESS) { in create_merkle_leaf_value()
129 goto exit; in create_merkle_leaf_value()
132 status = psa_hash_finish(&op, out, MBEDTLS_LMS_M_NODE_BYTES(params->type), in create_merkle_leaf_value()
134 if (status != PSA_SUCCESS) { in create_merkle_leaf_value()
135 goto exit; in create_merkle_leaf_value()
138 exit: in create_merkle_leaf_value()
141 return PSA_TO_MBEDTLS_ERR(status); in create_merkle_leaf_value()
153 * the left-hand side. As with all nodes on the
157 * the right-hand side. As with all nodes on the
162 * 1-indexed.
173 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; in create_merkle_internal_value() local
178 status = psa_hash_setup(&op, PSA_ALG_SHA_256); in create_merkle_internal_value()
179 if (status != PSA_SUCCESS) { in create_merkle_internal_value()
180 goto exit; in create_merkle_internal_value()
183 status = psa_hash_update(&op, params->I_key_identifier, in create_merkle_internal_value()
185 if (status != PSA_SUCCESS) { in create_merkle_internal_value()
186 goto exit; in create_merkle_internal_value()
190 status = psa_hash_update(&op, r_node_idx_bytes, 4); in create_merkle_internal_value()
191 if (status != PSA_SUCCESS) { in create_merkle_internal_value()
192 goto exit; in create_merkle_internal_value()
195 status = psa_hash_update(&op, D_INTR_CONSTANT_BYTES, D_CONST_LEN); in create_merkle_internal_value()
196 if (status != PSA_SUCCESS) { in create_merkle_internal_value()
197 goto exit; in create_merkle_internal_value()
200 status = psa_hash_update(&op, left_node, in create_merkle_internal_value()
201 MBEDTLS_LMS_M_NODE_BYTES(params->type)); in create_merkle_internal_value()
202 if (status != PSA_SUCCESS) { in create_merkle_internal_value()
203 goto exit; in create_merkle_internal_value()
206 status = psa_hash_update(&op, right_node, in create_merkle_internal_value()
207 MBEDTLS_LMS_M_NODE_BYTES(params->type)); in create_merkle_internal_value()
208 if (status != PSA_SUCCESS) { in create_merkle_internal_value()
209 goto exit; in create_merkle_internal_value()
212 status = psa_hash_finish(&op, out, MBEDTLS_LMS_M_NODE_BYTES(params->type), in create_merkle_internal_value()
214 if (status != PSA_SUCCESS) { in create_merkle_internal_value()
215 goto exit; in create_merkle_internal_value()
218 exit: in create_merkle_internal_value()
221 return PSA_TO_MBEDTLS_ERR(status); in create_merkle_internal_value()
247 ctx->params.type = type; in mbedtls_lms_import_public_key()
249 if (key_size != MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type)) { in mbedtls_lms_import_public_key()
260 ctx->params.otstype = otstype; in mbedtls_lms_import_public_key()
262 memcpy(ctx->params.I_key_identifier, in mbedtls_lms_import_public_key()
265 memcpy(ctx->T_1_pub_key, key + PUBLIC_KEY_ROOT_NODE_OFFSET, in mbedtls_lms_import_public_key()
266 MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)); in mbedtls_lms_import_public_key()
268 ctx->have_public_key = 1; in mbedtls_lms_import_public_key()
277 if (key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type)) { in mbedtls_lms_export_public_key()
281 if (!ctx->have_public_key) { in mbedtls_lms_export_public_key()
286 ctx->params.type, in mbedtls_lms_export_public_key()
288 mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.otstype, in mbedtls_lms_export_public_key()
292 ctx->params.I_key_identifier, in mbedtls_lms_export_public_key()
295 ctx->T_1_pub_key, in mbedtls_lms_export_public_key()
296 MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)); in mbedtls_lms_export_public_key()
299 *key_len = MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type); in mbedtls_lms_export_public_key()
320 if (!ctx->have_public_key) { in mbedtls_lms_verify()
324 if (ctx->params.type in mbedtls_lms_verify()
329 if (ctx->params.otstype in mbedtls_lms_verify()
334 if (sig_size != MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype)) { in mbedtls_lms_verify()
349 if (sig_size < SIG_TYPE_OFFSET(ctx->params.otstype) + MBEDTLS_LMS_TYPE_LEN) { in mbedtls_lms_verify()
354 sig + SIG_TYPE_OFFSET(ctx->params.otstype)) in mbedtls_lms_verify()
363 if (q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type)) { in mbedtls_lms_verify()
368 ctx->params.I_key_identifier, in mbedtls_lms_verify()
373 ots_params.type = ctx->params.otstype; in mbedtls_lms_verify()
379 MBEDTLS_LMOTS_SIG_LEN(ctx->params.otstype), in mbedtls_lms_verify()
388 &ctx->params, in mbedtls_lms_verify()
390 MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier, in mbedtls_lms_verify()
393 curr_node_id = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + in mbedtls_lms_verify()
396 for (height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type); in mbedtls_lms_verify()
402 left_node = sig + SIG_PATH_OFFSET(ctx->params.otstype) + in mbedtls_lms_verify()
403 height * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type); in mbedtls_lms_verify()
407 right_node = sig + SIG_PATH_OFFSET(ctx->params.otstype) + in mbedtls_lms_verify()
408 height * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type); in mbedtls_lms_verify()
411 create_merkle_internal_value(&ctx->params, left_node, right_node, in mbedtls_lms_verify()
417 if (memcmp(Tc_candidate_root_node, ctx->T_1_pub_key, in mbedtls_lms_verify()
418 MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type))) { in mbedtls_lms_verify()
438 * because the Merkle tree root is 1-indexed, the 0
450 priv_key_idx < MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type); in calculate_merkle_tree()
452 r_node_idx = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + priv_key_idx; in calculate_merkle_tree()
454 ret = create_merkle_leaf_value(&ctx->params, in calculate_merkle_tree()
455 ctx->ots_public_keys[priv_key_idx].public_key, in calculate_merkle_tree()
458 ctx->params.type)]); in calculate_merkle_tree()
466 for (r_node_idx = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) - 1; in calculate_merkle_tree()
468 r_node_idx--) { in calculate_merkle_tree()
469 ret = create_merkle_internal_value(&ctx->params, in calculate_merkle_tree()
471 MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], in calculate_merkle_tree()
473 MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], in calculate_merkle_tree()
476 MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)]); in calculate_merkle_tree()
501 const size_t node_bytes = MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type); in get_merkle_path()
508 tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(ctx->params.type), in get_merkle_path()
516 goto exit; in get_merkle_path()
519 for (height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type); in get_merkle_path()
531 exit: in get_merkle_path()
533 MERKLE_TREE_NODE_AM(ctx->params.type)); in get_merkle_path()
547 if (ctx->have_private_key) { in mbedtls_lms_private_free()
548 if (ctx->ots_private_keys != NULL) { in mbedtls_lms_private_free()
549 for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) { in mbedtls_lms_private_free()
550 mbedtls_lmots_private_free(&ctx->ots_private_keys[idx]); in mbedtls_lms_private_free()
554 if (ctx->ots_public_keys != NULL) { in mbedtls_lms_private_free()
555 for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) { in mbedtls_lms_private_free()
556 mbedtls_lmots_public_free(&ctx->ots_public_keys[idx]); in mbedtls_lms_private_free()
560 mbedtls_free(ctx->ots_private_keys); in mbedtls_lms_private_free()
561 mbedtls_free(ctx->ots_public_keys); in mbedtls_lms_private_free()
586 if (ctx->have_private_key) { in mbedtls_lms_generate_private_key()
590 ctx->params.type = type; in mbedtls_lms_generate_private_key()
591 ctx->params.otstype = otstype; in mbedtls_lms_generate_private_key()
592 ctx->have_private_key = 1; in mbedtls_lms_generate_private_key()
595 ctx->params.I_key_identifier, in mbedtls_lms_generate_private_key()
598 goto exit; in mbedtls_lms_generate_private_key()
603 ctx->ots_private_keys = mbedtls_calloc((size_t) MERKLE_TREE_LEAF_NODE_AM(ctx->params.type), in mbedtls_lms_generate_private_key()
604 sizeof(*ctx->ots_private_keys)); in mbedtls_lms_generate_private_key()
605 if (ctx->ots_private_keys == NULL) { in mbedtls_lms_generate_private_key()
607 goto exit; in mbedtls_lms_generate_private_key()
612 ctx->ots_public_keys = mbedtls_calloc((size_t) MERKLE_TREE_LEAF_NODE_AM(ctx->params.type), in mbedtls_lms_generate_private_key()
613 sizeof(*ctx->ots_public_keys)); in mbedtls_lms_generate_private_key()
614 if (ctx->ots_public_keys == NULL) { in mbedtls_lms_generate_private_key()
616 goto exit; in mbedtls_lms_generate_private_key()
619 for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) { in mbedtls_lms_generate_private_key()
620 mbedtls_lmots_private_init(&ctx->ots_private_keys[idx]); in mbedtls_lms_generate_private_key()
621 mbedtls_lmots_public_init(&ctx->ots_public_keys[idx]); in mbedtls_lms_generate_private_key()
625 for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) { in mbedtls_lms_generate_private_key()
626 ret = mbedtls_lmots_generate_private_key(&ctx->ots_private_keys[idx], in mbedtls_lms_generate_private_key()
628 ctx->params.I_key_identifier, in mbedtls_lms_generate_private_key()
631 goto exit; in mbedtls_lms_generate_private_key()
634 ret = mbedtls_lmots_calculate_public_key(&ctx->ots_public_keys[idx], in mbedtls_lms_generate_private_key()
635 &ctx->ots_private_keys[idx]); in mbedtls_lms_generate_private_key()
637 goto exit; in mbedtls_lms_generate_private_key()
641 ctx->q_next_usable_key = 0; in mbedtls_lms_generate_private_key()
643 exit: in mbedtls_lms_generate_private_key()
654 const size_t node_bytes = MBEDTLS_LMS_M_NODE_BYTES(priv_ctx->params.type); in mbedtls_lms_calculate_public_key()
658 if (!priv_ctx->have_private_key) { in mbedtls_lms_calculate_public_key()
662 if (priv_ctx->params.type in mbedtls_lms_calculate_public_key()
667 if (priv_ctx->params.otstype in mbedtls_lms_calculate_public_key()
672 tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(priv_ctx->params.type), in mbedtls_lms_calculate_public_key()
678 memcpy(&ctx->params, &priv_ctx->params, in mbedtls_lms_calculate_public_key()
683 goto exit; in mbedtls_lms_calculate_public_key()
686 /* Root node is always at position 1, due to 1-based indexing */ in mbedtls_lms_calculate_public_key()
687 memcpy(ctx->T_1_pub_key, &tree[node_bytes], node_bytes); in mbedtls_lms_calculate_public_key()
689 ctx->have_public_key = 1; in mbedtls_lms_calculate_public_key()
693 exit: in mbedtls_lms_calculate_public_key()
695 MERKLE_TREE_NODE_AM(priv_ctx->params.type)); in mbedtls_lms_calculate_public_key()
710 if (!ctx->have_private_key) { in mbedtls_lms_sign()
714 if (sig_size < MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype)) { in mbedtls_lms_sign()
718 if (ctx->params.type != MBEDTLS_LMS_SHA256_M32_H10) { in mbedtls_lms_sign()
722 if (ctx->params.otstype in mbedtls_lms_sign()
727 if (ctx->q_next_usable_key >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type)) { in mbedtls_lms_sign()
732 q_leaf_identifier = ctx->q_next_usable_key; in mbedtls_lms_sign()
736 ctx->q_next_usable_key += 1; in mbedtls_lms_sign()
738 if (MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype) in mbedtls_lms_sign()
743 ret = mbedtls_lmots_sign(&ctx->ots_private_keys[q_leaf_identifier], in mbedtls_lms_sign()
749 MBEDTLS_LMS_SIG_LEN(ctx->params.type, in mbedtls_lms_sign()
750 ctx->params.otstype) - SIG_OTS_SIG_OFFSET, in mbedtls_lms_sign()
756 mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type, in mbedtls_lms_sign()
758 sig + SIG_TYPE_OFFSET(ctx->params.otstype)); in mbedtls_lms_sign()
764 MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier, in mbedtls_lms_sign()
765 sig + SIG_PATH_OFFSET(ctx->params.otstype)); in mbedtls_lms_sign()
771 *sig_len = MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype); in mbedtls_lms_sign()