diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h index 23c5ebdf46..3e84ce0575 100644 --- a/include/mbedtls/lms.h +++ b/include/mbedtls/lms.h @@ -344,7 +344,7 @@ int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, unsigned char *key int mbedtls_lms_sign( mbedtls_lms_private_t *ctx, int (*f_rng)(void *, unsigned char *, size_t), void* p_rng, unsigned char *msg, unsigned int msg_size, - unsigned char *sig, size_t sig_size, size_t *sig_len); + unsigned char *sig, size_t sig_size, size_t *sig_len ); #endif /* MBEDTLS_LMS_PRIVATE */ #ifdef __cplusplus diff --git a/library/lmots.c b/library/lmots.c index 82da4c1391..fe78894f4c 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -68,30 +68,32 @@ /* Currently only defined for SHA256, 32 is the max hash output size */ #define MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN_MAX (MBEDTLS_LMOTS_N_HASH_LEN_MAX) -#define DIGIT_MAX_VALUE ((1u << W_WINTERNITZ_PARAMETER) - 1u) +#define DIGIT_MAX_VALUE ((1u << W_WINTERNITZ_PARAMETER) - 1u) -#define D_CONST_LEN (2) +#define D_CONST_LEN (2) static const unsigned char D_PUBLIC_CONSTANT_BYTES[D_CONST_LEN] = {0x80, 0x80}; static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = {0x81, 0x81}; -void unsigned_int_to_network_bytes(unsigned int val, size_t len, - unsigned char *bytes) +void unsigned_int_to_network_bytes( unsigned int val, size_t len, + unsigned char *bytes ) { size_t idx; - for (idx = 0; idx < len; idx++) { - bytes[idx] = (val >> ((len - 1 - idx) * 8)) & 0xFF; + for ( idx = 0; idx < len; idx++ ) + { + bytes[idx] = ( val >> ( ( len - 1 - idx ) * 8 ) ) & 0xFF; } } -unsigned int network_bytes_to_unsigned_int(size_t len, - const unsigned char *bytes) +unsigned int network_bytes_to_unsigned_int( size_t len, + const unsigned char *bytes ) { size_t idx; unsigned int val = 0; - for (idx = 0; idx < len; idx++) { - val |= ((unsigned int)bytes[idx]) << (8 * (len - 1 - idx)); + for ( idx = 0; idx < len; idx++ ) + { + val |= ( ( unsigned int )bytes[idx] ) << (8 * ( len - 1 - idx ) ); } return val; @@ -123,7 +125,7 @@ static int create_digit_array_with_checksum( const mbedtls_lmots_parameters_t *p unsigned short checksum; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - op = psa_hash_operation_init(); + op = psa_hash_operation_init( ); status = psa_hash_setup( &op, PSA_ALG_SHA_256 ); ret = mbedtls_lms_error_from_psa( status ); if ( ret != 0 ) @@ -195,7 +197,7 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params, unsigned char tmp_hash[MBEDTLS_LMOTS_N_HASH_LEN_MAX]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - op = psa_hash_operation_init(); + op = psa_hash_operation_init( ); for ( i_digit_idx = 0; i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type); @@ -211,7 +213,7 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params, j_hash_idx_max = hash_idx_max_values != NULL ? hash_idx_max_values[i_digit_idx] : DIGIT_MAX_VALUE; - for ( j_hash_idx = (unsigned char)j_hash_idx_min; + for ( j_hash_idx = ( unsigned char )j_hash_idx_min; j_hash_idx < j_hash_idx_max; j_hash_idx++ ) { @@ -329,9 +331,10 @@ exit: return( ret ); } -int mbedtls_lms_error_from_psa(psa_status_t status) +int mbedtls_lms_error_from_psa( psa_status_t status ) { - switch( status ) { + switch( status ) + { case PSA_SUCCESS: return( 0 ); case PSA_ERROR_HARDWARE_FAILURE: @@ -393,7 +396,7 @@ int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters size_t sig_size, unsigned char *out, size_t out_size, - size_t *out_len) + size_t *out_len ) { unsigned char tmp_digit_array[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX]; unsigned char y_hashed_digits[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX][MBEDTLS_LMOTS_N_HASH_LEN_MAX]; @@ -420,14 +423,14 @@ int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters ret = hash_digit_array( params, sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(params->type), - tmp_digit_array, NULL, (unsigned char *)y_hashed_digits ); + tmp_digit_array, NULL, ( unsigned char * )y_hashed_digits ); if ( ret ) { return ( ret ); } ret = public_key_from_hashed_digit_array( params, - (unsigned char *)y_hashed_digits, + ( unsigned char * )y_hashed_digits, out ); if ( ret ) { @@ -459,8 +462,7 @@ int mbedtls_lmots_verify( mbedtls_lmots_public_t *ctx, const unsigned char *msg, return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } - if( ctx->params.MBEDTLS_PRIVATE( type ) - != MBEDTLS_LMOTS_SHA256_N32_W8 ) + if( ctx->params.type != MBEDTLS_LMOTS_SHA256_N32_W8 ) { return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } @@ -475,7 +477,7 @@ int mbedtls_lmots_verify( mbedtls_lmots_public_t *ctx, const unsigned char *msg, msg, msg_size, sig, sig_size, Kc_public_key_candidate, MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type), - NULL); + NULL ); if ( ret ) { return( ret ); @@ -522,7 +524,8 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx, return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } - if ( type != MBEDTLS_LMOTS_SHA256_N32_W8 ) { + if ( type != MBEDTLS_LMOTS_SHA256_N32_W8 ) + { return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } @@ -534,9 +537,9 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx, I_key_identifier, sizeof( ctx->params.I_key_identifier ) ); - unsigned_int_to_network_bytes(q_leaf_identifier, - MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - ctx->params.q_leaf_identifier ); + unsigned_int_to_network_bytes( q_leaf_identifier, + MBEDTLS_LMOTS_Q_LEAF_ID_LEN, + ctx->params.q_leaf_identifier ); unsigned_int_to_network_bytes( 0xFF, sizeof( const_bytes ), const_bytes ); @@ -570,7 +573,7 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx, if ( ret ) goto exit; - status = psa_hash_update( &op, const_bytes, sizeof( const_bytes) ); + status = psa_hash_update( &op, const_bytes, sizeof( const_bytes ) ); ret = mbedtls_lms_error_from_psa( status ); if ( ret ) goto exit; @@ -604,7 +607,7 @@ exit: } int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx, - mbedtls_lmots_private_t *priv_ctx) + mbedtls_lmots_private_t *priv_ctx ) { unsigned char y_hashed_digits[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX][MBEDTLS_LMOTS_N_HASH_LEN_MAX]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -616,15 +619,15 @@ int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx, } ret = hash_digit_array( &priv_ctx->params, - (unsigned char *)priv_ctx->private_key, NULL, - NULL, (unsigned char *)y_hashed_digits ); + ( unsigned char * )priv_ctx->private_key, NULL, + NULL, ( unsigned char * )y_hashed_digits ); if ( ret ) { return( ret ); } ret = public_key_from_hashed_digit_array( &priv_ctx->params, - (unsigned char *)y_hashed_digits, + ( unsigned char * )y_hashed_digits, ctx->public_key ); if ( ret ) { @@ -634,7 +637,7 @@ int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx, memcpy( &ctx->params, &priv_ctx->params, sizeof( ctx->params ) ); - ctx->MBEDTLS_PRIVATE(have_public_key = 1); + ctx->have_public_key = 1; return( ret ); } @@ -662,9 +665,9 @@ int mbedtls_lmots_export_public_key( mbedtls_lmots_public_t *ctx, ctx->params.I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN ); - memcpy(key + MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET, - ctx->params.q_leaf_identifier, - MBEDTLS_LMOTS_Q_LEAF_ID_LEN); + memcpy( key + MBEDTLS_LMOTS_PUBLIC_KEY_Q_LEAF_ID_OFFSET, + ctx->params.q_leaf_identifier, + MBEDTLS_LMOTS_Q_LEAF_ID_LEN ); memcpy( key + MBEDTLS_LMOTS_PUBLIC_KEY_KEY_HASH_OFFSET, ctx->public_key, MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) ); @@ -726,8 +729,8 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx, return( ret ); } - ret = hash_digit_array( &ctx->params, (unsigned char *)ctx->private_key, - NULL, tmp_digit_array, (unsigned char *)tmp_sig ); + ret = hash_digit_array( &ctx->params, ( unsigned char * )ctx->private_key, + NULL, tmp_digit_array, ( unsigned char * )tmp_sig ); if ( ret ) { return( ret ); @@ -741,8 +744,8 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx, * key can't be reused. */ ctx->have_private_key = 0; - mbedtls_platform_zeroize(ctx->private_key, - sizeof(ctx->private_key)); + mbedtls_platform_zeroize( ctx->private_key, + sizeof( ctx->private_key ) ); memcpy( sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET, tmp_c_random, MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(ctx->params.type) ); diff --git a/library/lmots.h b/library/lmots.h index 46e03d6f52..03e44af00a 100644 --- a/library/lmots.h +++ b/library/lmots.h @@ -145,8 +145,8 @@ typedef struct { * * \return The corresponding LMS error code. */ -void unsigned_int_to_network_bytes(unsigned int val, size_t len, - unsigned char *bytes); +void unsigned_int_to_network_bytes( unsigned int val, size_t len, + unsigned char *bytes ); /** * \brief This function converts a network-byte-order @@ -157,8 +157,8 @@ void unsigned_int_to_network_bytes(unsigned int val, size_t len, * * \return The corresponding LMS error code. */ -unsigned int network_bytes_to_unsigned_int(size_t len, - const unsigned char *bytes); +unsigned int network_bytes_to_unsigned_int( size_t len, + const unsigned char *bytes ); /** * \brief This function converts a \ref psa_status_t to a @@ -168,7 +168,7 @@ unsigned int network_bytes_to_unsigned_int(size_t len, * * \return The corresponding LMS error code. */ -int mbedtls_lms_error_from_psa(psa_status_t status); +int mbedtls_lms_error_from_psa( psa_status_t status ); /** @@ -240,7 +240,7 @@ int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters size_t sig_size, unsigned char *out, size_t out_size, - size_t *out_len); + size_t *out_len ); /** * \brief This function verifies a LMOTS signature, using a @@ -333,7 +333,7 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx, * \return A non-zero error code on failure. */ int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx, - mbedtls_lmots_private_t *priv_ctx); + mbedtls_lmots_private_t *priv_ctx ); /** diff --git a/library/lms.c b/library/lms.c index a1e4c243a8..2ff8946c90 100644 --- a/library/lms.c +++ b/library/lms.c @@ -123,7 +123,7 @@ static int create_merkle_leaf_value( const mbedtls_lms_parameters_t *params, goto exit; status = psa_hash_finish( &op, out, MBEDTLS_LMS_M_NODE_BYTES(params->type), - &output_hash_len); + &output_hash_len ); ret = mbedtls_lms_error_from_psa( status ); if( ret ) goto exit; @@ -182,7 +182,7 @@ static int create_merkle_internal_value( const mbedtls_lms_parameters_t *params, goto exit; ret = psa_hash_finish( &op, out, MBEDTLS_LMS_M_NODE_BYTES(params->type), - &output_hash_len); + &output_hash_len ); ret = mbedtls_lms_error_from_psa( status ); if( ret ) goto exit; @@ -279,7 +279,7 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, } if( network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, - sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET) + sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 ) { return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); @@ -301,9 +301,9 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); } - memcpy(ots_params.I_key_identifier, - ctx->params.I_key_identifier, - MBEDTLS_LMOTS_I_KEY_ID_LEN); + memcpy( ots_params.I_key_identifier, + ctx->params.I_key_identifier, + MBEDTLS_LMOTS_I_KEY_ID_LEN ); unsigned_int_to_network_bytes( q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN, ots_params.q_leaf_identifier ); @@ -312,7 +312,7 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, ret = mbedtls_lmots_calculate_public_key_candidate( &ots_params, msg, msg_size, sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET, MBEDTLS_LMOTS_SIG_LEN(ctx->params.otstype), Kc_candidate_ots_pub_key, - sizeof(Kc_candidate_ots_pub_key), NULL ); + sizeof( Kc_candidate_ots_pub_key ), NULL ); if( ret ) { return( ret ); @@ -393,8 +393,8 @@ static int calculate_merkle_tree( mbedtls_lms_private_t *ctx, r_node_idx-- ) { ret = create_merkle_internal_value( &ctx->params, - &tree[(r_node_idx * 2) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], - &tree[(r_node_idx * 2 + 1) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], + &tree[( r_node_idx * 2 ) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], + &tree[( r_node_idx * 2 + 1 ) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)], r_node_idx, &tree[r_node_idx * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)] ); if( ret ) @@ -416,7 +416,7 @@ static int get_merkle_path( mbedtls_lms_private_t *ctx, unsigned int height; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = calculate_merkle_tree( ctx, (unsigned char *)tree); + ret = calculate_merkle_tree( ctx, ( unsigned char * )tree ); if( ret ) { return( ret ); @@ -496,7 +496,7 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx, MBEDTLS_LMOTS_I_KEY_ID_LEN ); ctx->ots_private_keys = mbedtls_calloc( MERKLE_TREE_LEAF_NODE_AM(ctx->params.type), - sizeof( mbedtls_lmots_private_t)); + sizeof( mbedtls_lmots_private_t ) ); if( ctx->ots_private_keys == NULL ) { ret = MBEDTLS_ERR_LMS_ALLOC_FAILED; @@ -504,7 +504,7 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx, } ctx->ots_public_keys = mbedtls_calloc( MERKLE_TREE_LEAF_NODE_AM(ctx->params.type), - sizeof( mbedtls_lmots_public_t)); + sizeof( mbedtls_lmots_public_t ) ); if( ctx->ots_public_keys == NULL ) { ret = MBEDTLS_ERR_LMS_ALLOC_FAILED; @@ -524,12 +524,12 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx, otstype, ctx->params.I_key_identifier, idx, seed, seed_size ); - if( ret) + if( ret ) goto exit; ret = mbedtls_lmots_calculate_public_key( &ctx->ots_public_keys[idx], &ctx->ots_private_keys[idx] ); - if( ret) + if( ret ) goto exit; } @@ -539,7 +539,8 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx, exit: if( ret ) { - for ( free_idx = 0; free_idx < idx; free_idx++ ) { + for ( free_idx = 0; free_idx < idx; free_idx++ ) + { mbedtls_lmots_free_private( &ctx->ots_private_keys[free_idx] ); mbedtls_lmots_free_public( &ctx->ots_public_keys[free_idx] ); } @@ -558,7 +559,7 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx, unsigned char tree[MERKLE_TREE_NODE_AM_MAX][MBEDTLS_LMS_M_NODE_BYTES_MAX]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ! priv_ctx->MBEDTLS_PRIVATE( have_private_key ) ) + if( ! priv_ctx->have_private_key ) { return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } @@ -576,9 +577,9 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx, } memcpy( &ctx->params, &priv_ctx->params, - sizeof(mbedtls_lmots_parameters_t) ); + sizeof( mbedtls_lmots_parameters_t ) ); - ret = calculate_merkle_tree( priv_ctx, (unsigned char *)tree); + ret = calculate_merkle_tree( priv_ctx, ( unsigned char * )tree ); if( ret ) { return( ret ); @@ -586,7 +587,7 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx, /* Root node is always at position 1, due to 1-based indexing */ memcpy( ctx->T_1_pub_key, &tree[1], - MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)); + MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type) ); ctx->have_public_key = 1; @@ -598,7 +599,8 @@ int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, unsigned char *key, size_t key_size, size_t *key_len ) { - if( key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type) ) { + if( key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type) ) + { return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL ); } @@ -619,7 +621,8 @@ int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, ctx->T_1_pub_key, MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type) ); - if( key_len != NULL ) { + if( key_len != NULL ) + { *key_len = MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type); } @@ -630,7 +633,7 @@ int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, int mbedtls_lms_sign( mbedtls_lms_private_t *ctx, int (*f_rng)(void *, unsigned char *, size_t), void* p_rng, unsigned char *msg, unsigned int msg_size, - unsigned char *sig, size_t sig_size, size_t *sig_len) + unsigned char *sig, size_t sig_size, size_t *sig_len ) { uint32_t q_leaf_identifier; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -681,7 +684,7 @@ int mbedtls_lms_sign( mbedtls_lms_private_t *ctx, unsigned_int_to_network_bytes( ctx->params.type, MBEDTLS_LMS_TYPE_LEN, sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype) ); unsigned_int_to_network_bytes( q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET); + sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET ); ret = get_merkle_path( ctx, MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier, @@ -691,7 +694,8 @@ int mbedtls_lms_sign( mbedtls_lms_private_t *ctx, return( ret ); } - if( sig_len != NULL ) { + if( sig_len != NULL ) + { *sig_len = MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype); }