From 370cc436300fde6eab6789233ccaf693e13f5e85 Mon Sep 17 00:00:00 2001 From: Raef Coles Date: Fri, 7 Oct 2022 16:07:33 +0100 Subject: [PATCH] Make LMS public key export part of public key api Signed-off-by: Raef Coles --- include/mbedtls/lms.h | 54 +++++++++---------- library/lmots.c | 75 +++++++++++++------------- library/lmots.h | 46 ++++++++-------- library/lms.c | 71 ++++++++++++------------ tests/suites/test_suite_lmots.function | 2 +- tests/suites/test_suite_lms.function | 2 +- 6 files changed, 124 insertions(+), 126 deletions(-) diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h index c68f7271a0..15a1a1b281 100644 --- a/include/mbedtls/lms.h +++ b/include/mbedtls/lms.h @@ -274,6 +274,33 @@ void mbedtls_lms_public_free( mbedtls_lms_public_t *ctx ); int mbedtls_lms_import_public_key( mbedtls_lms_public_t *ctx, const unsigned char *key, size_t key_size ); +/** + * \brief This function exports an LMS public key from a + * LMS public context that already contains a public + * key. + * + * \note Before this function is called, the context must + * have been initialized and the context must contain + * a public key. + * + * \note See IETF RFC8554 for details of the encoding of + * this public key. + * + * \param ctx The initialized LMS public context that contains + * the public key. + * \param key The buffer into which the key will be output. Must + * be at least #MBEDTLS_LMS_PUBLIC_KEY_LEN in size. + * \param key_size The size of the key buffer. + * \param key_len If not NULL, will be written with the size of the + * key. + * + * \return \c 0 on success. + * \return A non-zero error code on failure. + */ +int mbedtls_lms_export_public_key( const mbedtls_lms_public_t *ctx, + unsigned char *key, size_t key_size, + size_t *key_len ); + /** * \brief This function verifies a LMS signature, using a * LMS context that contains a public key. @@ -365,33 +392,6 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx, int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx, const mbedtls_lms_private_t *priv_ctx ); -/** - * \brief This function exports an LMS public key from a - * LMS public context that already contains a public - * key. - * - * \note Before this function is called, the context must - * have been initialized and the context must contain - * a public key. - * - * \note See IETF RFC8554 for details of the encoding of - * this public key. - * - * \param ctx The initialized LMS public context that contains - * the public key. - * \param key The buffer into which the key will be output. Must - * be at least #MBEDTLS_LMS_PUBLIC_KEY_LEN in size. - * \param key_size The size of the key buffer. - * \param key_len If not NULL, will be written with the size of the - * key. - * - * \return \c 0 on success. - * \return A non-zero error code on failure. - */ -int mbedtls_lms_export_public_key( const mbedtls_lms_public_t *ctx, - unsigned char *key, size_t key_size, - size_t *key_len ); - /** * \brief This function creates a LMS signature, using a * LMS context that contains unused private keys. diff --git a/library/lmots.c b/library/lmots.c index 9168ef189d..bb4326e374 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -440,6 +440,43 @@ int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx, return( 0 ); } +int mbedtls_lmots_export_public_key( const mbedtls_lmots_public_t *ctx, + unsigned char *key, size_t key_size, + size_t *key_len ) +{ + if( key_size < MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type) ) + { + return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL ); + } + + if( ! ctx->have_public_key ) + { + return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); + } + + mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type, + MBEDTLS_LMOTS_TYPE_LEN, + key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ); + + memcpy( key + PUBLIC_KEY_I_KEY_ID_OFFSET, + ctx->params.I_key_identifier, + MBEDTLS_LMOTS_I_KEY_ID_LEN ); + + memcpy( key + PUBLIC_KEY_Q_LEAF_ID_OFFSET, + ctx->params.q_leaf_identifier, + MBEDTLS_LMOTS_Q_LEAF_ID_LEN ); + + memcpy( key + PUBLIC_KEY_KEY_HASH_OFFSET, ctx->public_key, + MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) ); + + if( key_len != NULL ) + { + *key_len = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type); + } + + return( 0 ); +} + int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters_t *params, const unsigned char *msg, size_t msg_size, @@ -680,44 +717,6 @@ int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx, return( ret ); } - -int mbedtls_lmots_export_public_key( const mbedtls_lmots_public_t *ctx, - unsigned char *key, size_t key_size, - size_t *key_len ) -{ - if( key_size < MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type) ) - { - return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL ); - } - - if( ! ctx->have_public_key ) - { - return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); - } - - mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type, - MBEDTLS_LMOTS_TYPE_LEN, - key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ); - - memcpy( key + PUBLIC_KEY_I_KEY_ID_OFFSET, - ctx->params.I_key_identifier, - MBEDTLS_LMOTS_I_KEY_ID_LEN ); - - memcpy( key + PUBLIC_KEY_Q_LEAF_ID_OFFSET, - ctx->params.q_leaf_identifier, - MBEDTLS_LMOTS_Q_LEAF_ID_LEN ); - - memcpy( key + PUBLIC_KEY_KEY_HASH_OFFSET, ctx->public_key, - MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) ); - - if( key_len != NULL ) - { - *key_len = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type); - } - - return( 0 ); -} - int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, const unsigned char *msg, size_t msg_size, diff --git a/library/lmots.h b/library/lmots.h index 05bd96703a..2c65714800 100644 --- a/library/lmots.h +++ b/library/lmots.h @@ -127,6 +127,29 @@ void mbedtls_lmots_public_free( mbedtls_lmots_public_t *ctx ); int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx, const unsigned char *key, size_t key_size ); +/** + * \brief This function exports an LMOTS public key from a + * LMOTS context that already contains a public key. + * + * \note Before this function is called, the context must + * have been initialized and the context must contain + * a public key. + * + * \note See IETF RFC8554 for details of the encoding of + * this public key. + * + * \param ctx The initialized LMOTS context that contains the + * publc key. + * \param key The buffer into which the key will be output. Must + * be at least #MBEDTLS_LMOTS_PUBLIC_KEY_LEN in size. + * + * \return \c 0 on success. + * \return A non-zero error code on failure. + */ +int mbedtls_lmots_export_public_key( const mbedtls_lmots_public_t *ctx, + unsigned char *key, size_t key_size, + size_t *key_len ); + /** * \brief This function creates a candidate public key from * an LMOTS signature. This can then be compared to @@ -255,29 +278,6 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx, int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx, const mbedtls_lmots_private_t *priv_ctx ); - -/** - * \brief This function exports an LMOTS public key from a - * LMOTS context that already contains a public key. - * - * \note Before this function is called, the context must - * have been initialized and the context must contain - * a public key. - * - * \note See IETF RFC8554 for details of the encoding of - * this public key. - * - * \param ctx The initialized LMOTS context that contains the - * publc key. - * \param key The buffer into which the key will be output. Must - * be at least #MBEDTLS_LMOTS_PUBLIC_KEY_LEN in size. - * - * \return \c 0 on success. - * \return A non-zero error code on failure. - */ -int mbedtls_lmots_export_public_key( const mbedtls_lmots_public_t *ctx, - unsigned char *key, size_t key_size, - size_t *key_len ); /** * \brief This function creates a LMOTS signature, using a * LMOTS context that contains a private key. diff --git a/library/lms.c b/library/lms.c index fba5d88480..e7ae5081c2 100644 --- a/library/lms.c +++ b/library/lms.c @@ -267,6 +267,41 @@ int mbedtls_lms_import_public_key( mbedtls_lms_public_t *ctx, return( 0 ); } +int mbedtls_lms_export_public_key( const mbedtls_lms_public_t *ctx, + unsigned char *key, + size_t key_size, size_t *key_len ) +{ + if( key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type) ) + { + return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL ); + } + + if( ! ctx->have_public_key ) + { + return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); + } + + mbedtls_lms_unsigned_int_to_network_bytes( + ctx->params.type, + MBEDTLS_LMS_TYPE_LEN, key + PUBLIC_KEY_TYPE_OFFSET ); + mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.otstype, + MBEDTLS_LMOTS_TYPE_LEN, + key + PUBLIC_KEY_OTSTYPE_OFFSET ); + memcpy( key + PUBLIC_KEY_I_KEY_ID_OFFSET, + ctx->params.I_key_identifier, + MBEDTLS_LMOTS_I_KEY_ID_LEN ); + memcpy( key +PUBLIC_KEY_ROOT_NODE_OFFSET, + ctx->T_1_pub_key, + MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type) ); + + if( key_len != NULL ) + { + *key_len = MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type); + } + + return( 0 ); +} + int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, const unsigned char *msg, size_t msg_size, const unsigned char *sig, size_t sig_size ) @@ -656,42 +691,6 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx, } -int mbedtls_lms_export_public_key( const mbedtls_lms_public_t *ctx, - unsigned char *key, - size_t key_size, size_t *key_len ) -{ - if( key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type) ) - { - return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL ); - } - - if( ! ctx->have_public_key ) - { - return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); - } - - mbedtls_lms_unsigned_int_to_network_bytes( - ctx->params.type, - MBEDTLS_LMS_TYPE_LEN, key + PUBLIC_KEY_TYPE_OFFSET ); - mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.otstype, - MBEDTLS_LMOTS_TYPE_LEN, - key + PUBLIC_KEY_OTSTYPE_OFFSET ); - memcpy( key + PUBLIC_KEY_I_KEY_ID_OFFSET, - ctx->params.I_key_identifier, - MBEDTLS_LMOTS_I_KEY_ID_LEN ); - memcpy( key +PUBLIC_KEY_ROOT_NODE_OFFSET, - ctx->T_1_pub_key, - MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type) ); - - if( key_len != NULL ) - { - *key_len = MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type); - } - - return( 0 ); -} - - int mbedtls_lms_sign( mbedtls_lms_private_t *ctx, int (*f_rng)(void *, unsigned char *, size_t), void* p_rng, const unsigned char *msg, diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function index de1cf2c683..0d2aece443 100644 --- a/tests/suites/test_suite_lmots.function +++ b/tests/suites/test_suite_lmots.function @@ -92,7 +92,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */ +/* BEGIN_CASE */ void lmots_import_export_test ( data_t * pub_key ) { mbedtls_lmots_public_t ctx; diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function index 425e994de4..e4c4b911b4 100644 --- a/tests/suites/test_suite_lms.function +++ b/tests/suites/test_suite_lms.function @@ -97,7 +97,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */ +/* BEGIN_CASE */ void lms_import_export_test ( data_t * pub_key ) { mbedtls_lms_public_t ctx;