Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/lmots.c b/library/lmots.c
index 788063c..c6b45ed 100644
--- a/library/lmots.c
+++ b/library/lmots.c
@@ -63,36 +63,34 @@
#define DIGIT_MAX_VALUE ((1u << W_WINTERNITZ_PARAMETER) - 1u)
#define D_CONST_LEN (2)
-static const unsigned char D_PUBLIC_CONSTANT_BYTES[D_CONST_LEN] = {0x80, 0x80};
-static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = {0x81, 0x81};
+static const unsigned char D_PUBLIC_CONSTANT_BYTES[D_CONST_LEN] = { 0x80, 0x80 };
+static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = { 0x81, 0x81 };
#if defined(MBEDTLS_TEST_HOOKS)
-int( *mbedtls_lmots_sign_private_key_invalidated_hook )( unsigned char * ) = NULL;
+int (*mbedtls_lmots_sign_private_key_invalidated_hook)(unsigned char *) = NULL;
#endif /* defined(MBEDTLS_TEST_HOOKS) */
-void mbedtls_lms_unsigned_int_to_network_bytes( unsigned int val, size_t len,
- unsigned char *bytes )
+void mbedtls_lms_unsigned_int_to_network_bytes(unsigned int val, size_t len,
+ unsigned char *bytes)
{
size_t idx;
- for ( idx = 0; idx < len; idx++ )
- {
- bytes[idx] = ( val >> ( ( len - 1 - idx ) * 8 ) ) & 0xFF;
+ for (idx = 0; idx < len; idx++) {
+ bytes[idx] = (val >> ((len - 1 - idx) * 8)) & 0xFF;
}
}
-unsigned int mbedtls_lms_network_bytes_to_unsigned_int( size_t len,
- const unsigned char *bytes )
+unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len,
+ const unsigned char *bytes)
{
size_t idx;
unsigned int val = 0;
- for ( idx = 0; idx < len; idx++ )
- {
- val |= ( ( unsigned int )bytes[idx] ) << (8 * ( len - 1 - idx ) );
+ for (idx = 0; idx < len; idx++) {
+ val |= ((unsigned int) bytes[idx]) << (8 * (len - 1 - idx));
}
- return ( val );
+ return val;
}
/* Calculate the checksum digits that are appended to the end of the LMOTS digit
@@ -106,18 +104,17 @@
* this does not contain a checksum, it is the same
* size as a hash output.
*/
-static unsigned short lmots_checksum_calculate( const mbedtls_lmots_parameters_t *params,
- const unsigned char* digest )
+static unsigned short lmots_checksum_calculate(const mbedtls_lmots_parameters_t *params,
+ const unsigned char *digest)
{
size_t idx;
unsigned sum = 0;
- for ( idx = 0; idx < MBEDTLS_LMOTS_N_HASH_LEN(params->type); idx++ )
- {
+ for (idx = 0; idx < MBEDTLS_LMOTS_N_HASH_LEN(params->type); idx++) {
sum += DIGIT_MAX_VALUE - digest[idx];
}
- return ( sum );
+ return sum;
}
/* Create the string of digest digits (in the base determined by the Winternitz
@@ -143,58 +140,65 @@
* MBEDTLS_LMOTS_SHA256_N32_W8, this means it is of
* size P bytes).
*/
-static int create_digit_array_with_checksum( const mbedtls_lmots_parameters_t *params,
- const unsigned char *msg,
- size_t msg_len,
- const unsigned char *C_random_value,
- unsigned char *out )
+static int create_digit_array_with_checksum(const mbedtls_lmots_parameters_t *params,
+ const unsigned char *msg,
+ size_t msg_len,
+ const unsigned char *C_random_value,
+ unsigned char *out)
{
psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t output_hash_len;
unsigned short checksum;
- status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
- if( status != PSA_SUCCESS )
+ status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, params->I_key_identifier,
- MBEDTLS_LMOTS_I_KEY_ID_LEN );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, params->I_key_identifier,
+ MBEDTLS_LMOTS_I_KEY_ID_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, params->q_leaf_identifier,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, params->q_leaf_identifier,
+ MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, D_MESSAGE_CONSTANT_BYTES, D_CONST_LEN );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, D_MESSAGE_CONSTANT_BYTES, D_CONST_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, C_random_value,
- MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(params->type) );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, C_random_value,
+ MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(params->type));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, msg, msg_len );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, msg, msg_len);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_finish( &op, out,
- MBEDTLS_LMOTS_N_HASH_LEN(params->type),
- &output_hash_len );
- if( status != PSA_SUCCESS )
+ status = psa_hash_finish(&op, out,
+ MBEDTLS_LMOTS_N_HASH_LEN(params->type),
+ &output_hash_len);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- checksum = lmots_checksum_calculate( params, out );
- mbedtls_lms_unsigned_int_to_network_bytes( checksum, CHECKSUM_LEN,
- out + MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
+ checksum = lmots_checksum_calculate(params, out);
+ mbedtls_lms_unsigned_int_to_network_bytes(checksum, CHECKSUM_LEN,
+ out + MBEDTLS_LMOTS_N_HASH_LEN(params->type));
exit:
- psa_hash_abort( &op );
+ psa_hash_abort(&op);
- return( mbedtls_lms_error_from_psa( status ) );
+ return mbedtls_lms_error_from_psa(status);
}
/* Hash each element of the string of digits (+ checksum), producing a hash
@@ -226,11 +230,11 @@
* MBEDTLS_LMOTS_SHA256_N32_W8, this is of size 32 *
* 34.
*/
-static int hash_digit_array( const mbedtls_lmots_parameters_t *params,
- const unsigned char *x_digit_array,
- const unsigned char *hash_idx_min_values,
- const unsigned char *hash_idx_max_values,
- unsigned char *output )
+static int hash_digit_array(const mbedtls_lmots_parameters_t *params,
+ const unsigned char *x_digit_array,
+ const unsigned char *hash_idx_min_values,
+ const unsigned char *hash_idx_max_values,
+ unsigned char *output)
{
unsigned int i_digit_idx;
unsigned char i_digit_idx_bytes[I_DIGIT_IDX_LEN];
@@ -243,76 +247,81 @@
size_t output_hash_len;
unsigned char tmp_hash[MBEDTLS_LMOTS_N_HASH_LEN_MAX];
- for ( i_digit_idx = 0;
- i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type);
- i_digit_idx++ )
- {
+ for (i_digit_idx = 0;
+ i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type);
+ i_digit_idx++) {
- memcpy( tmp_hash,
- &x_digit_array[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
- MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
+ memcpy(tmp_hash,
+ &x_digit_array[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
+ MBEDTLS_LMOTS_N_HASH_LEN(params->type));
j_hash_idx_min = hash_idx_min_values != NULL ?
- hash_idx_min_values[i_digit_idx] : 0;
+ hash_idx_min_values[i_digit_idx] : 0;
j_hash_idx_max = hash_idx_max_values != NULL ?
- hash_idx_max_values[i_digit_idx] : DIGIT_MAX_VALUE;
+ hash_idx_max_values[i_digit_idx] : DIGIT_MAX_VALUE;
- for ( j_hash_idx = j_hash_idx_min;
- j_hash_idx < j_hash_idx_max;
- j_hash_idx++ )
- {
- status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
- if( status != PSA_SUCCESS )
+ for (j_hash_idx = j_hash_idx_min;
+ j_hash_idx < j_hash_idx_max;
+ j_hash_idx++) {
+ status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op,
- params->I_key_identifier,
- MBEDTLS_LMOTS_I_KEY_ID_LEN );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op,
+ params->I_key_identifier,
+ MBEDTLS_LMOTS_I_KEY_ID_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op,
- params->q_leaf_identifier,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op,
+ params->q_leaf_identifier,
+ MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- mbedtls_lms_unsigned_int_to_network_bytes( i_digit_idx,
- I_DIGIT_IDX_LEN,
- i_digit_idx_bytes );
- status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN );
- if( status != PSA_SUCCESS )
+ mbedtls_lms_unsigned_int_to_network_bytes(i_digit_idx,
+ I_DIGIT_IDX_LEN,
+ i_digit_idx_bytes);
+ status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- mbedtls_lms_unsigned_int_to_network_bytes( j_hash_idx,
- J_HASH_IDX_LEN,
- j_hash_idx_bytes );
- status = psa_hash_update( &op, j_hash_idx_bytes, J_HASH_IDX_LEN );
- if( status != PSA_SUCCESS )
+ mbedtls_lms_unsigned_int_to_network_bytes(j_hash_idx,
+ J_HASH_IDX_LEN,
+ j_hash_idx_bytes);
+ status = psa_hash_update(&op, j_hash_idx_bytes, J_HASH_IDX_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, tmp_hash,
- MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, tmp_hash,
+ MBEDTLS_LMOTS_N_HASH_LEN(params->type));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_finish( &op, tmp_hash, sizeof( tmp_hash ),
- &output_hash_len );
- if( status != PSA_SUCCESS )
+ status = psa_hash_finish(&op, tmp_hash, sizeof(tmp_hash),
+ &output_hash_len);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- psa_hash_abort( &op );
+ psa_hash_abort(&op);
}
- memcpy( &output[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
- tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
+ memcpy(&output[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
+ tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN(params->type));
}
exit:
- psa_hash_abort( &op );
- mbedtls_platform_zeroize( tmp_hash, sizeof( tmp_hash ) );
+ psa_hash_abort(&op);
+ mbedtls_platform_zeroize(tmp_hash, sizeof(tmp_hash));
- return( mbedtls_lms_error_from_psa( status ) );
+ return mbedtls_lms_error_from_psa(status);
}
/* Combine the hashes of the digit array into a public key. This is used in
@@ -330,276 +339,265 @@
* case this is being run as part of signature
* verification), in the form of a hash output.
*/
-static int public_key_from_hashed_digit_array( const mbedtls_lmots_parameters_t *params,
- const unsigned char *y_hashed_digits,
- unsigned char *pub_key )
+static int public_key_from_hashed_digit_array(const mbedtls_lmots_parameters_t *params,
+ const unsigned char *y_hashed_digits,
+ unsigned char *pub_key)
{
psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t output_hash_len;
- status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
- if( status != PSA_SUCCESS )
+ status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op,
- params->I_key_identifier,
- MBEDTLS_LMOTS_I_KEY_ID_LEN );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op,
+ params->I_key_identifier,
+ MBEDTLS_LMOTS_I_KEY_ID_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, params->q_leaf_identifier,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, params->q_leaf_identifier,
+ MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, D_PUBLIC_CONSTANT_BYTES, D_CONST_LEN );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, D_PUBLIC_CONSTANT_BYTES, D_CONST_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, y_hashed_digits,
- MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type) *
- MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, y_hashed_digits,
+ MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type) *
+ MBEDTLS_LMOTS_N_HASH_LEN(params->type));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_finish( &op, pub_key,
- MBEDTLS_LMOTS_N_HASH_LEN(params->type),
- &output_hash_len );
- if( status != PSA_SUCCESS )
+ status = psa_hash_finish(&op, pub_key,
+ MBEDTLS_LMOTS_N_HASH_LEN(params->type),
+ &output_hash_len);
+ if (status != PSA_SUCCESS) {
exit:
- psa_hash_abort( &op );
+ psa_hash_abort(&op);
+ }
- return( mbedtls_lms_error_from_psa( status ) );
+ return mbedtls_lms_error_from_psa(status);
}
-int mbedtls_lms_error_from_psa( psa_status_t status )
+int mbedtls_lms_error_from_psa(psa_status_t status)
{
- switch( status )
- {
+ switch (status) {
case PSA_SUCCESS:
- return( 0 );
+ return 0;
case PSA_ERROR_HARDWARE_FAILURE:
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+ return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
case PSA_ERROR_NOT_SUPPORTED:
- return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
+ return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
case PSA_ERROR_BUFFER_TOO_SMALL:
- return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
+ return MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL;
case PSA_ERROR_INVALID_ARGUMENT:
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
default:
- return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+ return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
}
}
-void mbedtls_lmots_public_init( mbedtls_lmots_public_t *ctx )
+void mbedtls_lmots_public_init(mbedtls_lmots_public_t *ctx)
{
- memset( ctx, 0, sizeof( *ctx ) ) ;
+ memset(ctx, 0, sizeof(*ctx));
}
-void mbedtls_lmots_public_free( mbedtls_lmots_public_t *ctx )
+void mbedtls_lmots_public_free(mbedtls_lmots_public_t *ctx)
{
- mbedtls_platform_zeroize( ctx, sizeof( *ctx ) ) ;
+ mbedtls_platform_zeroize(ctx, sizeof(*ctx));
}
-int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx,
- const unsigned char *key, size_t key_len )
+int mbedtls_lmots_import_public_key(mbedtls_lmots_public_t *ctx,
+ const unsigned char *key, size_t key_len)
{
- if( key_len < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (key_len < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
ctx->params.type =
- mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
- key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET );
+ mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN,
+ key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
- if( key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type) )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- memcpy( ctx->params.I_key_identifier,
- key + PUBLIC_KEY_I_KEY_ID_OFFSET,
- MBEDTLS_LMOTS_I_KEY_ID_LEN );
+ memcpy(ctx->params.I_key_identifier,
+ key + PUBLIC_KEY_I_KEY_ID_OFFSET,
+ MBEDTLS_LMOTS_I_KEY_ID_LEN);
- memcpy( ctx->params.q_leaf_identifier,
- key + PUBLIC_KEY_Q_LEAF_ID_OFFSET,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
+ memcpy(ctx->params.q_leaf_identifier,
+ key + PUBLIC_KEY_Q_LEAF_ID_OFFSET,
+ MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
- memcpy( ctx->public_key,
- key + PUBLIC_KEY_KEY_HASH_OFFSET,
- MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) );
+ memcpy(ctx->public_key,
+ key + PUBLIC_KEY_KEY_HASH_OFFSET,
+ MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type));
ctx->have_public_key = 1;
- return( 0 );
+ return 0;
}
-int mbedtls_lmots_export_public_key( const mbedtls_lmots_public_t *ctx,
- unsigned char *key, size_t key_size,
- size_t *key_len )
+int mbedtls_lmots_export_public_key(const mbedtls_lmots_public_t *ctx,
+ unsigned char *key, size_t key_size,
+ size_t *key_len)
{
- if( key_size < MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type) )
- {
- return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
+ if (key_size < MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) {
+ return MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL;
}
- if( ! ctx->have_public_key )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (!ctx->have_public_key) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type,
- MBEDTLS_LMOTS_TYPE_LEN,
- key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET );
+ mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type,
+ MBEDTLS_LMOTS_TYPE_LEN,
+ key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
- memcpy( key + PUBLIC_KEY_I_KEY_ID_OFFSET,
- ctx->params.I_key_identifier,
- MBEDTLS_LMOTS_I_KEY_ID_LEN );
+ memcpy(key + PUBLIC_KEY_I_KEY_ID_OFFSET,
+ ctx->params.I_key_identifier,
+ MBEDTLS_LMOTS_I_KEY_ID_LEN);
- memcpy( key + PUBLIC_KEY_Q_LEAF_ID_OFFSET,
- ctx->params.q_leaf_identifier,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
+ memcpy(key + PUBLIC_KEY_Q_LEAF_ID_OFFSET,
+ ctx->params.q_leaf_identifier,
+ MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
- memcpy( key + PUBLIC_KEY_KEY_HASH_OFFSET, ctx->public_key,
- MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) );
+ memcpy(key + PUBLIC_KEY_KEY_HASH_OFFSET, ctx->public_key,
+ MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type));
- if( key_len != NULL )
- {
+ if (key_len != NULL) {
*key_len = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type);
}
- return( 0 );
+ return 0;
}
-int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters_t *params,
- const unsigned char *msg,
- size_t msg_size,
- const unsigned char *sig,
- size_t sig_size,
- unsigned char *out,
- size_t out_size,
- size_t *out_len )
+int mbedtls_lmots_calculate_public_key_candidate(const mbedtls_lmots_parameters_t *params,
+ const unsigned char *msg,
+ size_t msg_size,
+ const unsigned char *sig,
+ size_t sig_size,
+ unsigned char *out,
+ size_t out_size,
+ size_t *out_len)
{
unsigned char tmp_digit_array[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX];
unsigned char y_hashed_digits[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX][MBEDTLS_LMOTS_N_HASH_LEN_MAX];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( msg == NULL && msg_size != 0 )
- {
- return ( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (msg == NULL && msg_size != 0) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- if( sig_size != MBEDTLS_LMOTS_SIG_LEN(params->type) ||
- out_size < MBEDTLS_LMOTS_N_HASH_LEN(params->type) )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (sig_size != MBEDTLS_LMOTS_SIG_LEN(params->type) ||
+ out_size < MBEDTLS_LMOTS_N_HASH_LEN(params->type)) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- ret = create_digit_array_with_checksum( params, msg, msg_size,
- sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET,
- tmp_digit_array );
- if( ret )
- {
- return ( ret );
+ ret = create_digit_array_with_checksum(params, msg, msg_size,
+ sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET,
+ tmp_digit_array);
+ if (ret) {
+ return ret;
}
- ret = hash_digit_array( params,
- sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(params->type),
- tmp_digit_array, NULL, ( unsigned char * )y_hashed_digits );
- if( ret )
- {
- return ( ret );
+ ret = hash_digit_array(params,
+ sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(params->type),
+ tmp_digit_array, NULL, (unsigned char *) y_hashed_digits);
+ if (ret) {
+ return ret;
}
- ret = public_key_from_hashed_digit_array( params,
- ( unsigned char * )y_hashed_digits,
- out );
- if( ret )
- {
- return ( ret );
+ ret = public_key_from_hashed_digit_array(params,
+ (unsigned char *) y_hashed_digits,
+ out);
+ if (ret) {
+ return ret;
}
- if( out_len != NULL )
- {
+ if (out_len != NULL) {
*out_len = MBEDTLS_LMOTS_N_HASH_LEN(params->type);
}
- return( 0 );
+ return 0;
}
-int mbedtls_lmots_verify( const mbedtls_lmots_public_t *ctx,
- const unsigned char *msg, size_t msg_size,
- const unsigned char *sig, size_t sig_size )
+int mbedtls_lmots_verify(const mbedtls_lmots_public_t *ctx,
+ const unsigned char *msg, size_t msg_size,
+ const unsigned char *sig, size_t sig_size)
{
unsigned char Kc_public_key_candidate[MBEDTLS_LMOTS_N_HASH_LEN_MAX];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( msg == NULL && msg_size != 0 )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (msg == NULL && msg_size != 0) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- if( !ctx->have_public_key )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (!ctx->have_public_key) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- if( ctx->params.type != MBEDTLS_LMOTS_SHA256_N32_W8 )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (ctx->params.type != MBEDTLS_LMOTS_SHA256_N32_W8) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- if( sig_size < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN )
- {
- return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+ if (sig_size < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) {
+ return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
- if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
- sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 )
- {
- return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+ if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN,
+ sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET) !=
+ MBEDTLS_LMOTS_SHA256_N32_W8) {
+ return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
- ret = mbedtls_lmots_calculate_public_key_candidate( &ctx->params,
- msg, msg_size, sig, sig_size,
- Kc_public_key_candidate,
- MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type),
- NULL );
- if( ret )
- {
- return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+ ret = mbedtls_lmots_calculate_public_key_candidate(&ctx->params,
+ msg, msg_size, sig, sig_size,
+ Kc_public_key_candidate,
+ MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type),
+ NULL);
+ if (ret) {
+ return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
- if( memcmp( &Kc_public_key_candidate, ctx->public_key,
- sizeof( ctx->public_key ) ) )
- {
- return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+ if (memcmp(&Kc_public_key_candidate, ctx->public_key,
+ sizeof(ctx->public_key))) {
+ return MBEDTLS_ERR_LMS_VERIFY_FAILED;
}
- return( 0 );
+ return 0;
}
#if defined(MBEDTLS_LMS_PRIVATE)
-void mbedtls_lmots_private_init( mbedtls_lmots_private_t *ctx )
+void mbedtls_lmots_private_init(mbedtls_lmots_private_t *ctx)
{
- memset( ctx, 0, sizeof( *ctx ) ) ;
+ memset(ctx, 0, sizeof(*ctx));
}
-void mbedtls_lmots_private_free( mbedtls_lmots_private_t *ctx )
+void mbedtls_lmots_private_free(mbedtls_lmots_private_t *ctx)
{
- mbedtls_platform_zeroize( ctx, sizeof( *ctx ) ) ;
+ mbedtls_platform_zeroize(ctx,
+ sizeof(*ctx));
}
-int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx,
- mbedtls_lmots_algorithm_type_t type,
- const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
- uint32_t q_leaf_identifier,
- const unsigned char *seed,
- size_t seed_size )
+int mbedtls_lmots_generate_private_key(mbedtls_lmots_private_t *ctx,
+ mbedtls_lmots_algorithm_type_t type,
+ const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
+ uint32_t q_leaf_identifier,
+ const unsigned char *seed,
+ size_t seed_size)
{
psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -608,124 +606,125 @@
unsigned char i_digit_idx_bytes[2];
unsigned char const_bytes[1];
- if( ctx->have_private_key )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (ctx->have_private_key) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- if( type != MBEDTLS_LMOTS_SHA256_N32_W8 )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (type != MBEDTLS_LMOTS_SHA256_N32_W8) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
ctx->params.type = type;
- memcpy( ctx->params.I_key_identifier,
- I_key_identifier,
- sizeof( ctx->params.I_key_identifier ) );
+ memcpy(ctx->params.I_key_identifier,
+ I_key_identifier,
+ sizeof(ctx->params.I_key_identifier));
- mbedtls_lms_unsigned_int_to_network_bytes( q_leaf_identifier,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
- ctx->params.q_leaf_identifier );
+ mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier,
+ MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
+ ctx->params.q_leaf_identifier);
- mbedtls_lms_unsigned_int_to_network_bytes( 0xFF, sizeof( const_bytes ),
- const_bytes );
+ mbedtls_lms_unsigned_int_to_network_bytes(0xFF, sizeof(const_bytes),
+ const_bytes);
- for ( i_digit_idx = 0;
- i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type);
- i_digit_idx++ )
- {
- status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
- if( status != PSA_SUCCESS )
+ for (i_digit_idx = 0;
+ i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type);
+ i_digit_idx++) {
+ status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op,
- ctx->params.I_key_identifier,
- sizeof( ctx->params.I_key_identifier ) );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op,
+ ctx->params.I_key_identifier,
+ sizeof(ctx->params.I_key_identifier));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op,
- ctx->params.q_leaf_identifier,
- MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op,
+ ctx->params.q_leaf_identifier,
+ MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- mbedtls_lms_unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN,
- i_digit_idx_bytes );
- status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN );
- if( status != PSA_SUCCESS )
+ mbedtls_lms_unsigned_int_to_network_bytes(i_digit_idx, I_DIGIT_IDX_LEN,
+ i_digit_idx_bytes);
+ status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, const_bytes, sizeof( const_bytes ) );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, const_bytes, sizeof(const_bytes));
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_update( &op, seed, seed_size );
- if( status != PSA_SUCCESS )
+ status = psa_hash_update(&op, seed, seed_size);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- status = psa_hash_finish( &op,
- ctx->private_key[i_digit_idx],
- MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type),
- &output_hash_len );
- if( status != PSA_SUCCESS )
+ status = psa_hash_finish(&op,
+ ctx->private_key[i_digit_idx],
+ MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type),
+ &output_hash_len);
+ if (status != PSA_SUCCESS) {
goto exit;
+ }
- psa_hash_abort( &op );
+ psa_hash_abort(&op);
}
ctx->have_private_key = 1;
exit:
- psa_hash_abort( &op );
+ psa_hash_abort(&op);
- return ( mbedtls_lms_error_from_psa( status ) );
+ return mbedtls_lms_error_from_psa(status);
}
-int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
- const mbedtls_lmots_private_t *priv_ctx )
+int mbedtls_lmots_calculate_public_key(mbedtls_lmots_public_t *ctx,
+ const mbedtls_lmots_private_t *priv_ctx)
{
unsigned char y_hashed_digits[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX][MBEDTLS_LMOTS_N_HASH_LEN_MAX];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Check that a private key is loaded */
- if( !priv_ctx->have_private_key )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (!priv_ctx->have_private_key) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- ret = hash_digit_array( &priv_ctx->params,
- ( unsigned char * )priv_ctx->private_key, NULL,
- NULL, ( unsigned char * )y_hashed_digits );
- if( ret )
- {
+ ret = hash_digit_array(&priv_ctx->params,
+ (unsigned char *) priv_ctx->private_key, NULL,
+ NULL, (unsigned char *) y_hashed_digits);
+ if (ret) {
goto exit;
}
- ret = public_key_from_hashed_digit_array( &priv_ctx->params,
- ( unsigned char * )y_hashed_digits,
- ctx->public_key );
- if( ret )
- {
+ ret = public_key_from_hashed_digit_array(&priv_ctx->params,
+ (unsigned char *) y_hashed_digits,
+ ctx->public_key);
+ if (ret) {
goto exit;
}
- memcpy( &ctx->params, &priv_ctx->params,
- sizeof( ctx->params ) );
+ memcpy(&ctx->params, &priv_ctx->params,
+ sizeof(ctx->params));
ctx->have_public_key = 1;
exit:
- mbedtls_platform_zeroize( y_hashed_digits, sizeof( y_hashed_digits ) );
+ mbedtls_platform_zeroize(y_hashed_digits, sizeof(y_hashed_digits));
- return( ret );
+ return ret;
}
-int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng, const unsigned char *msg, size_t msg_size,
- unsigned char *sig, size_t sig_size, size_t* sig_len )
+int mbedtls_lmots_sign(mbedtls_lmots_private_t *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng, const unsigned char *msg, size_t msg_size,
+ unsigned char *sig, size_t sig_size, size_t *sig_len)
{
unsigned char tmp_digit_array[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX];
/* Create a temporary buffer to prepare the signature in. This allows us to
@@ -739,58 +738,52 @@
unsigned char tmp_c_random[MBEDTLS_LMOTS_N_HASH_LEN_MAX];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( msg == NULL && msg_size != 0 )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (msg == NULL && msg_size != 0) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- if( sig_size < MBEDTLS_LMOTS_SIG_LEN(ctx->params.type) )
- {
- return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
+ if (sig_size < MBEDTLS_LMOTS_SIG_LEN(ctx->params.type)) {
+ return MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL;
}
/* Check that a private key is loaded */
- if( !ctx->have_private_key )
- {
- return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+ if (!ctx->have_private_key) {
+ return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
}
- ret = f_rng( p_rng, tmp_c_random,
- MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) );
- if( ret )
- {
- return( ret );
+ ret = f_rng(p_rng, tmp_c_random,
+ MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type));
+ if (ret) {
+ return ret;
}
- ret = create_digit_array_with_checksum( &ctx->params,
- msg, msg_size,
- tmp_c_random,
- tmp_digit_array );
- if( ret )
- {
+ ret = create_digit_array_with_checksum(&ctx->params,
+ msg, msg_size,
+ tmp_c_random,
+ tmp_digit_array);
+ if (ret) {
goto exit;
}
- ret = hash_digit_array( &ctx->params, ( unsigned char * )ctx->private_key,
- NULL, tmp_digit_array, ( unsigned char * )tmp_sig );
- if( ret )
- {
+ ret = hash_digit_array(&ctx->params, (unsigned char *) ctx->private_key,
+ NULL, tmp_digit_array, (unsigned char *) tmp_sig);
+ if (ret) {
goto exit;
}
- mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type,
- MBEDTLS_LMOTS_TYPE_LEN,
- sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET );
+ mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type,
+ MBEDTLS_LMOTS_TYPE_LEN,
+ sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
/* Test hook to check if sig is being written to before we invalidate the
* private key.
*/
#if defined(MBEDTLS_TEST_HOOKS)
- if( mbedtls_lmots_sign_private_key_invalidated_hook != NULL )
- {
- ret = ( *mbedtls_lmots_sign_private_key_invalidated_hook )( sig );
- if( ret != 0 )
- return( ret );
+ if (mbedtls_lmots_sign_private_key_invalidated_hook != NULL) {
+ ret = (*mbedtls_lmots_sign_private_key_invalidated_hook)(sig);
+ if (ret != 0) {
+ return ret;
+ }
}
#endif /* defined(MBEDTLS_TEST_HOOKS) */
@@ -798,28 +791,27 @@
* key can't be reused.
*/
ctx->have_private_key = 0;
- mbedtls_platform_zeroize( ctx->private_key,
- sizeof( ctx->private_key ) );
+ mbedtls_platform_zeroize(ctx->private_key,
+ sizeof(ctx->private_key));
- memcpy( sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET, tmp_c_random,
- MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(ctx->params.type) );
+ memcpy(sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET, tmp_c_random,
+ MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(ctx->params.type));
- memcpy( sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(ctx->params.type), tmp_sig,
- MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type)
- * MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) );
+ memcpy(sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(ctx->params.type), tmp_sig,
+ MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type)
+ * MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type));
- if( sig_len != NULL )
- {
+ if (sig_len != NULL) {
*sig_len = MBEDTLS_LMOTS_SIG_LEN(ctx->params.type);
}
ret = 0;
exit:
- mbedtls_platform_zeroize( tmp_digit_array, sizeof( tmp_digit_array ) );
- mbedtls_platform_zeroize( tmp_sig, sizeof( tmp_sig ) );
+ mbedtls_platform_zeroize(tmp_digit_array, sizeof(tmp_digit_array));
+ mbedtls_platform_zeroize(tmp_sig, sizeof(tmp_sig));
- return ( ret );
+ return ret;
}
#endif /* defined(MBEDTLS_LMS_PRIVATE) */