diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h index becfb89e31..23c5ebdf46 100644 --- a/include/mbedtls/lms.h +++ b/include/mbedtls/lms.h @@ -68,7 +68,8 @@ extern "C" { #endif -/* https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml +/** The Identifier of the LMS parameter set, as per + * https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml * We are only implementing a subset of the types, particularly H10, for the sake of simplicty. */ typedef enum { diff --git a/library/lmots.c b/library/lmots.c index 41ca0422bf..82da4c1391 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -44,13 +44,18 @@ #include "psa/crypto.h" -#define MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET (MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) -#define MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(type) (MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET + MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(type)) +#define MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET (MBEDTLS_LMOTS_SIG_TYPE_OFFSET + \ + MBEDTLS_LMOTS_TYPE_LEN) +#define MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(type) (MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET + \ + MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(type)) -#define MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET (0) -#define MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) -#define MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET + MBEDTLS_LMOTS_I_KEY_ID_LEN) -#define MBEDTLS_LMOTS_PUBLIC_KEY_KEY_HASH_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET + MBEDTLS_LMOTS_Q_LEAF_ID_LEN) +#define MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET (0) +#define MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET + \ + MBEDTLS_LMOTS_TYPE_LEN) +#define MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET + \ + MBEDTLS_LMOTS_I_KEY_ID_LEN) +#define MBEDTLS_LMOTS_PUBLIC_KEY_KEY_HASH_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET + \ + MBEDTLS_LMOTS_Q_LEAF_ID_LEN) /* We only support parameter sets that use 8-bit digits, as it does not require * translation logic between digits and bytes */ @@ -69,7 +74,8 @@ static const unsigned char D_PUBLIC_CONSTANT_BYTES[D_CONST_LEN] = {0x80, 0x80}; static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = {0x81, 0x81}; -void unsigned_int_to_network_bytes(unsigned int val, size_t len, unsigned char *bytes) +void unsigned_int_to_network_bytes(unsigned int val, size_t len, + unsigned char *bytes) { size_t idx; @@ -78,7 +84,8 @@ void unsigned_int_to_network_bytes(unsigned int val, size_t len, unsigned char * } } -unsigned int network_bytes_to_unsigned_int(size_t len, const unsigned char *bytes) +unsigned int network_bytes_to_unsigned_int(size_t len, + const unsigned char *bytes) { size_t idx; unsigned int val = 0; @@ -195,13 +202,18 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params, i_digit_idx++ ) { - memcpy( tmp_hash, &x_digit_array[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)], + memcpy( tmp_hash, + &x_digit_array[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)], MBEDTLS_LMOTS_N_HASH_LEN(params->type) ); - j_hash_idx_min = hash_idx_min_values != NULL ? hash_idx_min_values[i_digit_idx] : 0; - j_hash_idx_max = hash_idx_max_values != NULL ? hash_idx_max_values[i_digit_idx] : DIGIT_MAX_VALUE; + j_hash_idx_min = hash_idx_min_values != NULL ? + hash_idx_min_values[i_digit_idx] : 0; + j_hash_idx_max = hash_idx_max_values != NULL ? + hash_idx_max_values[i_digit_idx] : DIGIT_MAX_VALUE; - for ( j_hash_idx = (unsigned char)j_hash_idx_min; j_hash_idx < j_hash_idx_max; j_hash_idx++ ) + for ( j_hash_idx = (unsigned char)j_hash_idx_min; + j_hash_idx < j_hash_idx_max; + j_hash_idx++ ) { status = psa_hash_setup( &op, PSA_ALG_SHA_256 ); ret = mbedtls_lms_error_from_psa( status ); @@ -222,13 +234,15 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params, if ( ret != 0 ) goto exit; - unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN, i_digit_idx_bytes ); + unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN, + i_digit_idx_bytes ); status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN ); ret = mbedtls_lms_error_from_psa( status ); if ( ret != 0 ) goto exit; - unsigned_int_to_network_bytes( j_hash_idx, J_HASH_IDX_LEN, j_hash_idx_bytes ); + unsigned_int_to_network_bytes( j_hash_idx, J_HASH_IDX_LEN, + j_hash_idx_bytes ); status = psa_hash_update( &op, j_hash_idx_bytes, J_HASH_IDX_LEN ); ret = mbedtls_lms_error_from_psa( status ); if ( ret != 0 ) @@ -240,7 +254,8 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params, if ( ret != 0 ) goto exit; - status = psa_hash_finish( &op, tmp_hash, sizeof( tmp_hash ), &output_hash_len ); + status = psa_hash_finish( &op, tmp_hash, sizeof( tmp_hash ), + &output_hash_len ); ret = mbedtls_lms_error_from_psa( status ); if ( ret != 0 ) goto exit; @@ -248,8 +263,8 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params, psa_hash_abort( &op ); } - memcpy( &output[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)], tmp_hash, - MBEDTLS_LMOTS_N_HASH_LEN(params->type) ); + memcpy( &output[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)], + tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN(params->type) ); } exit: @@ -304,7 +319,8 @@ static int public_key_from_hashed_digit_array( const mbedtls_lmots_parameters_t if ( ret != 0 ) goto exit; - status = psa_hash_finish( &op, pub_key, MBEDTLS_LMOTS_N_HASH_LEN(params->type), + status = psa_hash_finish( &op, pub_key, + MBEDTLS_LMOTS_N_HASH_LEN(params->type), &output_hash_len ); ret = mbedtls_lms_error_from_psa( status ); @@ -354,10 +370,12 @@ int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx, } memcpy( ctx->params.I_key_identifier, - key + MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET, MBEDTLS_LMOTS_I_KEY_ID_LEN ); + key + MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET, + MBEDTLS_LMOTS_I_KEY_ID_LEN ); memcpy( ctx->params.q_leaf_identifier, - key + MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET, MBEDTLS_LMOTS_Q_LEAF_ID_LEN ); + key + MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET, + MBEDTLS_LMOTS_Q_LEAF_ID_LEN ); memcpy( ctx->public_key, key + MBEDTLS_LMOTS_PUBLIC_KEY_KEY_HASH_OFFSET, @@ -448,7 +466,7 @@ int mbedtls_lmots_verify( mbedtls_lmots_public_t *ctx, const unsigned char *msg, } if ( network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, - sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 ) + sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 ) { return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); } @@ -545,7 +563,8 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx, if ( ret ) goto exit; - unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN, i_digit_idx_bytes ); + unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN, + i_digit_idx_bytes ); status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN ); ret = mbedtls_lms_error_from_psa( status ); if ( ret ) @@ -691,7 +710,8 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx, return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } - ret = f_rng( p_rng, tmp_c_random, MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) ); + ret = f_rng( p_rng, tmp_c_random, + MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) ); if ( ret ) { return( ret ); diff --git a/library/lmots.h b/library/lmots.h index 6ada0bad64..46e03d6f52 100644 --- a/library/lmots.h +++ b/library/lmots.h @@ -59,8 +59,9 @@ extern "C" { #endif -/* https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml - * We are only implementing a subset of the types, particularly n32_w8, for the sake of simplicty. +/** The Identifier of the LMS parameter set, as per + * https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml. + * We are only implementing a subset of the types, particularly N32_W8, for the sake of simplicty. */ typedef enum { MBEDTLS_LMOTS_SHA256_N32_W8 = 4 @@ -144,7 +145,8 @@ typedef struct { * * \return The corresponding LMS error code. */ -void unsigned_int_to_network_bytes(unsigned int val, size_t len, unsigned char *bytes); +void unsigned_int_to_network_bytes(unsigned int val, size_t len, + unsigned char *bytes); /** * \brief This function converts a network-byte-order @@ -155,7 +157,8 @@ void unsigned_int_to_network_bytes(unsigned int val, size_t len, unsigned char * * * \return The corresponding LMS error code. */ -unsigned int network_bytes_to_unsigned_int(size_t len, const unsigned char *bytes); +unsigned int network_bytes_to_unsigned_int(size_t len, + const unsigned char *bytes); /** * \brief This function converts a \ref psa_status_t to a @@ -196,8 +199,8 @@ void mbedtls_lmots_free_public( mbedtls_lmots_public_t *ctx ); * * \param ctx The initialized LMOTS context store the key in. * \param key The buffer from which the key will be read. - * #MBEDTLS_LMOTS_PUBLIC_KEY_LEN bytes will be read from - * this. + * #MBEDTLS_LMOTS_PUBLIC_KEY_LEN bytes will be read + * from this. * * \return \c 0 on success. * \return A non-zero error code on failure. @@ -221,7 +224,8 @@ int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx, * \param msg The buffer from which the message will be read. * \param msg_size The size of the message that will be read. * \param sig The buffer from which the signature will be read. - * #MBEDTLS_LMOTS_SIG_LEN bytes will be read from this. + * #MBEDTLS_LMOTS_SIG_LEN bytes will be read from + * this. * \param out The buffer where the candidate public key will be * stored. Must be at least #MBEDTLS_LMOTS_N_HASH_LEN * bytes in size. @@ -248,7 +252,8 @@ int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters * * \note Before this function is called, the context must * have been initialized and must contain a public key - * (either by import or calculation from a private key). + * (either by import or calculation from a private + * key). * * \param ctx The initialized LMOTS context from which the public * key will be read. diff --git a/library/lms.c b/library/lms.c index 71921f7cb5..a1e4c243a8 100644 --- a/library/lms.c +++ b/library/lms.c @@ -55,14 +55,20 @@ #endif #define MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET (0) -#define MBEDTLS_LMS_SIG_OTS_SIG_OFFSET (MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET + MBEDTLS_LMOTS_Q_LEAF_ID_LEN) -#define MBEDTLS_LMS_SIG_TYPE_OFFSET(otstype) (MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_LEN(otstype)) -#define MBEDTLS_LMS_SIG_PATH_OFFSET(otstype) (MBEDTLS_LMS_SIG_TYPE_OFFSET(otstype) + MBEDTLS_LMS_TYPE_LEN) +#define MBEDTLS_LMS_SIG_OTS_SIG_OFFSET (MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET + \ + MBEDTLS_LMOTS_Q_LEAF_ID_LEN) +#define MBEDTLS_LMS_SIG_TYPE_OFFSET(otstype) (MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + \ + MBEDTLS_LMOTS_SIG_LEN(otstype)) +#define MBEDTLS_LMS_SIG_PATH_OFFSET(otstype) (MBEDTLS_LMS_SIG_TYPE_OFFSET(otstype) + \ + MBEDTLS_LMS_TYPE_LEN) #define MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET (0) -#define MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET + MBEDTLS_LMS_TYPE_LEN) -#define MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) -#define MBEDTLS_LMS_PUBLIC_KEY_ROOT_NODE_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET + MBEDTLS_LMOTS_I_KEY_ID_LEN) +#define MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET + \ + MBEDTLS_LMS_TYPE_LEN) +#define MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET + \ + MBEDTLS_LMOTS_TYPE_LEN) +#define MBEDTLS_LMS_PUBLIC_KEY_ROOT_NODE_OFFSET (MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET + \ + MBEDTLS_LMOTS_I_KEY_ID_LEN) /* Currently only support H=10 */ @@ -208,7 +214,8 @@ int mbedtls_lms_import_public_key( mbedtls_lms_public_t *ctx, return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL ); } - type = network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET ); + type = network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, + key + MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET ); if( type != MBEDTLS_LMS_SHA256_M32_H10 ) { return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); @@ -216,7 +223,7 @@ int mbedtls_lms_import_public_key( mbedtls_lms_public_t *ctx, ctx->params.type = type; otstype = network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, - key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET ); + key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET ); if( otstype != MBEDTLS_LMOTS_SHA256_N32_W8 ) { return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); @@ -272,14 +279,14 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, } if( network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, - sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET) + sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET) != MBEDTLS_LMOTS_SHA256_N32_W8 ) { return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); } if( network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, - sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype)) + sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype)) != MBEDTLS_LMS_SHA256_M32_H10 ) { return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); @@ -287,7 +294,7 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, q_leaf_identifier = network_bytes_to_unsigned_int( MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET ); + sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET ); if( q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type) ) { @@ -302,12 +309,10 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, ots_params.q_leaf_identifier ); ots_params.type = ctx->params.otstype; - ret = mbedtls_lmots_calculate_public_key_candidate( &ots_params, msg, msg_size, - sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET, - MBEDTLS_LMOTS_SIG_LEN(ctx->params.otstype), - Kc_candidate_ots_pub_key, - sizeof(Kc_candidate_ots_pub_key), - NULL ); + ret = mbedtls_lmots_calculate_public_key_candidate( &ots_params, msg, + msg_size, sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET, + MBEDTLS_LMOTS_SIG_LEN(ctx->params.otstype), Kc_candidate_ots_pub_key, + sizeof(Kc_candidate_ots_pub_key), NULL ); if( ret ) { return( ret ); @@ -319,7 +324,8 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier, Tc_candidate_root_node ); - curr_node_id = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier; + curr_node_id = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + + q_leaf_identifier; for( height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type); height++ ) @@ -389,7 +395,8 @@ static int calculate_merkle_tree( mbedtls_lms_private_t *ctx, ret = create_merkle_internal_value( &ctx->params, &tree[(r_node_idx * 2) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], &tree[(r_node_idx * 2 + 1) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], - r_node_idx, &tree[r_node_idx * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)] ); + r_node_idx, + &tree[r_node_idx * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)] ); if( ret ) { return( ret ); @@ -587,7 +594,8 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx, } -int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, unsigned char *key, +int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, + unsigned char *key, size_t key_size, size_t *key_len ) { if( key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type) ) { @@ -602,9 +610,8 @@ int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, unsigned char *key unsigned_int_to_network_bytes( ctx->params.type, MBEDTLS_LMS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET ); - unsigned_int_to_network_bytes( - ctx->params.otstype, - MBEDTLS_LMOTS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET ); + unsigned_int_to_network_bytes( ctx->params.otstype, MBEDTLS_LMOTS_TYPE_LEN, + key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET ); memcpy( key + MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET, ctx->params.I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN ); @@ -671,15 +678,14 @@ int mbedtls_lms_sign( mbedtls_lms_private_t *ctx, return( ret ); } - unsigned_int_to_network_bytes( ctx->params.type, - MBEDTLS_LMS_TYPE_LEN, - sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype) ); + unsigned_int_to_network_bytes( ctx->params.type, MBEDTLS_LMS_TYPE_LEN, + sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype) ); unsigned_int_to_network_bytes( q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN, sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET); ret = get_merkle_path( ctx, - MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier, - sig + MBEDTLS_LMS_SIG_PATH_OFFSET(ctx->params.otstype) ); + MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier, + sig + MBEDTLS_LMS_SIG_PATH_OFFSET(ctx->params.otstype) ); if( ret ) { return( ret );