diff --git a/library/lmots.c b/library/lmots.c index bdcd44570e..6846d4cde4 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -73,8 +73,8 @@ static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = {0x81, 0x81}; int( *mbedtls_lmots_sign_private_key_invalidated_hook )( unsigned char * ) = NULL; #endif /* defined(MBEDTLS_TEST_HOOKS) */ -void unsigned_int_to_network_bytes( unsigned int val, size_t len, - unsigned char *bytes ) +void mbedtls_lms_unsigned_int_to_network_bytes( unsigned int val, size_t len, + unsigned char *bytes ) { size_t idx; @@ -84,8 +84,8 @@ void unsigned_int_to_network_bytes( unsigned int val, size_t len, } } -unsigned int network_bytes_to_unsigned_int( size_t len, - const unsigned char *bytes ) +unsigned int mbedtls_lms_network_bytes_to_unsigned_int( size_t len, + const unsigned char *bytes ) { size_t idx; unsigned int val = 0; @@ -200,8 +200,8 @@ static int create_digit_array_with_checksum( const mbedtls_lmots_parameters_t *p goto exit; checksum = lmots_checksum_calculate( params, out ); - unsigned_int_to_network_bytes( checksum, CHECKSUM_LEN, - out + MBEDTLS_LMOTS_N_HASH_LEN(params->type) ); + mbedtls_lms_unsigned_int_to_network_bytes( checksum, CHECKSUM_LEN, + out + MBEDTLS_LMOTS_N_HASH_LEN(params->type) ); exit: psa_hash_abort( &op ); @@ -295,15 +295,17 @@ static int hash_digit_array( const mbedtls_lmots_parameters_t *params, if( ret != 0 ) goto exit; - unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN, - i_digit_idx_bytes ); + mbedtls_lms_unsigned_int_to_network_bytes( i_digit_idx, + I_DIGIT_IDX_LEN, + i_digit_idx_bytes ); status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN ); ret = mbedtls_lms_error_from_psa( status ); if( ret != 0 ) goto exit; - unsigned_int_to_network_bytes( j_hash_idx, J_HASH_IDX_LEN, - j_hash_idx_bytes ); + mbedtls_lms_unsigned_int_to_network_bytes( j_hash_idx, + J_HASH_IDX_LEN, + j_hash_idx_bytes ); status = psa_hash_update( &op, j_hash_idx_bytes, J_HASH_IDX_LEN ); ret = mbedtls_lms_error_from_psa( status ); if( ret != 0 ) @@ -438,8 +440,8 @@ int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx, const unsigned char *key, size_t key_len ) { ctx->params.type = - network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, - key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ); + mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, + key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ); if( key_len < MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type) ) { @@ -541,7 +543,7 @@ int mbedtls_lmots_verify( mbedtls_lmots_public_t *ctx, const unsigned char *msg, return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } - if( network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, + if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 ) { return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); @@ -611,11 +613,12 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx, I_key_identifier, sizeof( ctx->params.I_key_identifier ) ); - unsigned_int_to_network_bytes( q_leaf_identifier, - MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - ctx->params.q_leaf_identifier ); + mbedtls_lms_unsigned_int_to_network_bytes( q_leaf_identifier, + MBEDTLS_LMOTS_Q_LEAF_ID_LEN, + ctx->params.q_leaf_identifier ); - unsigned_int_to_network_bytes( 0xFF, sizeof( const_bytes ), const_bytes ); + mbedtls_lms_unsigned_int_to_network_bytes( 0xFF, sizeof( const_bytes ), + const_bytes ); for ( i_digit_idx = 0; i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type); @@ -640,8 +643,8 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx, if( ret ) goto exit; - unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN, - i_digit_idx_bytes ); + mbedtls_lms_unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN, + i_digit_idx_bytes ); status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN ); ret = mbedtls_lms_error_from_psa( status ); if( ret ) @@ -731,9 +734,9 @@ int mbedtls_lmots_export_public_key( mbedtls_lmots_public_t *ctx, return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } - unsigned_int_to_network_bytes( ctx->params.type, - MBEDTLS_LMOTS_TYPE_LEN, - key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ); + mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type, + MBEDTLS_LMOTS_TYPE_LEN, + key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ); memcpy( key + MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET, ctx->params.I_key_identifier, @@ -810,9 +813,9 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx, return( ret ); } - unsigned_int_to_network_bytes( ctx->params.type, - MBEDTLS_LMOTS_TYPE_LEN, - sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ); + mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type, + MBEDTLS_LMOTS_TYPE_LEN, + sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ); /* Test hook to check if sig is being written to before we invalidate the * private key. diff --git a/library/lmots.h b/library/lmots.h index d0379e3a2d..05bd55a70b 100644 --- a/library/lmots.h +++ b/library/lmots.h @@ -151,8 +151,8 @@ extern int( *mbedtls_lmots_sign_private_key_invalidated_hook )( unsigned char * * \param len The length of the string. * \param bytes The string to output into. */ -void unsigned_int_to_network_bytes( unsigned int val, size_t len, - unsigned char *bytes ); +void mbedtls_lms_unsigned_int_to_network_bytes( unsigned int val, size_t len, + unsigned char *bytes ); /** * \brief This function converts a network-byte-order @@ -163,8 +163,8 @@ void unsigned_int_to_network_bytes( unsigned int val, size_t len, * * \return The corresponding LMS error code. */ -unsigned int network_bytes_to_unsigned_int( size_t len, - const unsigned char *bytes ); +unsigned int mbedtls_lms_network_bytes_to_unsigned_int( size_t len, + const unsigned char *bytes ); /** * \brief This function converts a \ref psa_status_t to a diff --git a/library/lms.c b/library/lms.c index 653530c75d..cd39502a62 100644 --- a/library/lms.c +++ b/library/lms.c @@ -124,7 +124,7 @@ static int create_merkle_leaf_value( const mbedtls_lms_parameters_t *params, if( ret != 0 ) goto exit; - unsigned_int_to_network_bytes( r_node_idx, 4, r_node_idx_bytes ); + mbedtls_lms_unsigned_int_to_network_bytes( r_node_idx, 4, r_node_idx_bytes ); status = psa_hash_update( &op, r_node_idx_bytes, 4 ); ret = mbedtls_lms_error_from_psa( status ); if( ret != 0 ) @@ -199,7 +199,7 @@ static int create_merkle_internal_value( const mbedtls_lms_parameters_t *params, if( ret != 0 ) goto exit; - unsigned_int_to_network_bytes( r_node_idx, 4, r_node_idx_bytes ); + mbedtls_lms_unsigned_int_to_network_bytes( r_node_idx, 4, r_node_idx_bytes ); status = psa_hash_update( &op, r_node_idx_bytes, 4 ); ret = mbedtls_lms_error_from_psa( status ); if( ret != 0 ) @@ -255,7 +255,7 @@ int mbedtls_lms_import_public_key( mbedtls_lms_public_t *ctx, return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL ); } - type = network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, + type = mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET ); if( type != MBEDTLS_LMS_SHA256_M32_H10 ) { @@ -263,7 +263,7 @@ int mbedtls_lms_import_public_key( mbedtls_lms_public_t *ctx, } ctx->params.type = type; - otstype = network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, + otstype = mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET ); if( otstype != MBEDTLS_LMOTS_SHA256_N32_W8 ) { @@ -319,14 +319,14 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } - if( network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, + if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN, sig + MBEDTLS_LMS_SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 ) { return( MBEDTLS_ERR_LMS_VERIFY_FAILED ); } - if( network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, + if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN, sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype)) != MBEDTLS_LMS_SHA256_M32_H10 ) { @@ -334,8 +334,8 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, } - q_leaf_identifier = network_bytes_to_unsigned_int( MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET ); + q_leaf_identifier = mbedtls_lms_network_bytes_to_unsigned_int( + MBEDTLS_LMOTS_Q_LEAF_ID_LEN, sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET ); if( q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type) ) { @@ -345,9 +345,9 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx, memcpy( ots_params.I_key_identifier, ctx->params.I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN ); - unsigned_int_to_network_bytes( q_leaf_identifier, - MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - ots_params.q_leaf_identifier ); + mbedtls_lms_unsigned_int_to_network_bytes( q_leaf_identifier, + MBEDTLS_LMOTS_Q_LEAF_ID_LEN, + ots_params.q_leaf_identifier ); ots_params.type = ctx->params.otstype; ret = mbedtls_lmots_calculate_public_key_candidate( &ots_params, msg, @@ -676,10 +676,11 @@ int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA ); } - unsigned_int_to_network_bytes( + mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type, MBEDTLS_LMS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_TYPE_OFFSET ); - unsigned_int_to_network_bytes( ctx->params.otstype, MBEDTLS_LMOTS_TYPE_LEN, + mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.otstype, + MBEDTLS_LMOTS_TYPE_LEN, key + MBEDTLS_LMS_PUBLIC_KEY_OTSTYPE_OFFSET ); memcpy( key + MBEDTLS_LMS_PUBLIC_KEY_I_KEY_ID_OFFSET, ctx->params.I_key_identifier, @@ -748,10 +749,12 @@ int mbedtls_lms_sign( mbedtls_lms_private_t *ctx, return( ret ); } - unsigned_int_to_network_bytes( ctx->params.type, MBEDTLS_LMS_TYPE_LEN, + mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type, + MBEDTLS_LMS_TYPE_LEN, sig + MBEDTLS_LMS_SIG_TYPE_OFFSET(ctx->params.otstype) ); - unsigned_int_to_network_bytes( q_leaf_identifier, MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET ); + mbedtls_lms_unsigned_int_to_network_bytes( q_leaf_identifier, + MBEDTLS_LMOTS_Q_LEAF_ID_LEN, + sig + MBEDTLS_LMS_SIG_Q_LEAF_ID_OFFSET ); ret = get_merkle_path( ctx, MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,