Skip to content

Commit a212b17

Browse files
guanzhiguanzhi
committed
Update LMS/HSS
Set SHA-256/SM3 independently.
1 parent 02d3d02 commit a212b17

File tree

3 files changed

+202
-178
lines changed

3 files changed

+202
-178
lines changed

include/gmssl/lms.h

Lines changed: 39 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@
1515
#include <string.h>
1616
#include <stdint.h>
1717
#include <gmssl/sm3.h>
18-
#include <gmssl/hash256.h>
1918
#ifdef ENABLE_SHA2
2019
#include <gmssl/sha2.h>
2120
#endif
@@ -30,12 +29,24 @@ extern "C" {
3029
#define LMS_MAX_HEIGHT 25
3130

3231

32+
typedef uint8_t lms_hash256_t[32];
33+
34+
3335
// Crosscheck with data from LMS-reference (SHA-256), except the LMS signature.
36+
#if defined(ENABLE_LMS_CROSSCHECK) && defined(ENABLE_SHA2) && !defined(LMS_HASH256_CTX)
37+
# define LMS_HASH256_CTX SHA256_CTX
38+
# define lms_hash256_init sha256_init
39+
# define lms_hash256_update sha256_update
40+
# define lms_hash256_finish sha256_finish
41+
#else
42+
# define LMS_HASH256_CTX SM3_CTX
43+
# define lms_hash256_init sm3_init
44+
# define lms_hash256_update sm3_update
45+
# define lms_hash256_finish sm3_finish
46+
#endif
47+
48+
3449
#if defined(ENABLE_LMS_CROSSCHECK) && defined(ENABLE_SHA2)
35-
# define HASH256_CTX SHA256_CTX
36-
# define hash256_init sha256_init
37-
# define hash256_update sha256_update
38-
# define hash256_finish sha256_finish
3950
# define LMOTS_HASH256_N32_W8 LMOTS_SHA256_N32_W8
4051
# define LMOTS_HASH256_N32_W8_NAME "LMOTS_SHA256_N32_W8"
4152
# define LMS_HASH256_M32_H5 LMS_SHA256_M32_H5
@@ -49,10 +60,6 @@ extern "C" {
4960
# define LMS_HASH256_M32_H20_NAME "LMS_SHA256_M32_H20"
5061
# define LMS_HASH256_M32_H25_NAME "LMS_SHA256_M32_H25"
5162
#else
52-
# define HASH256_CTX SM3_CTX
53-
# define hash256_init sm3_init
54-
# define hash256_update sm3_update
55-
# define hash256_finish sm3_finish
5663
# define LMOTS_HASH256_N32_W8 LMOTS_SM3_N32_W8
5764
# define LMOTS_HASH256_N32_W8_NAME "LMOTS_SM3_N32_W8"
5865
# define LMS_HASH256_M32_H5 LMS_SM3_M32_H5
@@ -67,6 +74,7 @@ extern "C" {
6774
# define LMS_HASH256_M32_H25_NAME "LMS_SM3_M32_H25"
6875
#endif
6976

77+
7078
enum {
7179
LMOTS_RESERVED = 0,
7280
LMOTS_SHA256_N32_W1 = 1,
@@ -98,50 +106,51 @@ enum {
98106

99107

100108
char *lmots_type_name(int lmots_type);
101-
void lmots_derive_secrets(const hash256_t seed, const uint8_t I[16], int q, hash256_t x[34]);
102-
void lmots_secrets_to_public_hash(const uint8_t I[16], int q, const hash256_t x[34], hash256_t pub);
103-
void lmots_compute_signature(const uint8_t I[16], int q, const hash256_t dgst, const hash256_t x[34], hash256_t y[34]);
104-
void lmots_signature_to_public_hash(const uint8_t I[16], int q, const hash256_t y[34], const hash256_t dgst, hash256_t pub);
109+
void lmots_derive_secrets(const lms_hash256_t seed, const uint8_t I[16], int q, lms_hash256_t x[34]);
110+
void lmots_secrets_to_public_hash(const uint8_t I[16], int q, const lms_hash256_t x[34], lms_hash256_t pub);
111+
void lmots_compute_signature(const uint8_t I[16], int q, const lms_hash256_t dgst, const lms_hash256_t x[34], lms_hash256_t y[34]);
112+
void lmots_signature_to_public_hash(const uint8_t I[16], int q, const lms_hash256_t y[34], const lms_hash256_t dgst, lms_hash256_t pub);
105113

106114

107115
char *lms_type_name(int lms_type);
108116
int lms_type_from_name(const char *name);
109117
int lms_type_to_height(int type, size_t *height);
110-
void lms_derive_merkle_tree(const hash256_t seed, const uint8_t I[16], int height, hash256_t *tree);
111-
void lms_derive_merkle_root(const hash256_t seed, const uint8_t I[16], int height, hash256_t root);
118+
void lms_derive_merkle_tree(const lms_hash256_t seed, const uint8_t I[16], int height, lms_hash256_t *tree);
119+
void lms_derive_merkle_root(const lms_hash256_t seed, const uint8_t I[16], int height, lms_hash256_t root);
112120

113121

114122
typedef struct {
115123
int lms_type;
116124
int lmots_type;
117125
uint8_t I[16]; // lms key identifier
118-
hash256_t root; // merkle tree root
126+
lms_hash256_t root; // merkle tree root
119127
} LMS_PUBLIC_KEY;
120128

121129
#define LMS_PUBLIC_KEY_SIZE (4 + 4 + 16 + 32) // = 56 bytes
122130

123131
typedef struct {
124132
LMS_PUBLIC_KEY public_key;
125-
hash256_t *tree;
126-
hash256_t seed;
127-
uint32_t q; // in [0, 2^h - 1], q++ after every sign
133+
lms_hash256_t *tree;
134+
lms_hash256_t seed;
135+
uint32_t q; // in [0, 2^h - 1], q++ after every sign // 应该改为index
128136
} LMS_KEY;
129137

130138
#define LMS_PRIVATE_KEY_SIZE (LMS_PUBLIC_KEY_SIZE + 32 + 4) // = 92 bytes
131139

132140
// FIXME: do we need a function to update lms_key->q ?
133141

134-
int lms_key_generate_ex(LMS_KEY *key, int lms_type, const hash256_t seed, const uint8_t I[16], int cache_tree);
142+
int lms_key_generate_ex(LMS_KEY *key, int lms_type, const lms_hash256_t seed, const uint8_t I[16], int cache_tree);
135143
int lms_key_generate(LMS_KEY *key, int lms_type);
136144
int lms_key_check(const LMS_KEY *key, const LMS_PUBLIC_KEY *pub);
137145
int lms_key_remaining_signs(const LMS_KEY *key, size_t *count);
146+
138147
int lms_public_key_to_bytes(const LMS_KEY *key, uint8_t **out, size_t *outlen);
139-
int lms_public_key_from_bytes_ex(const LMS_PUBLIC_KEY **key, const uint8_t **in, size_t *inlen);
148+
int lms_public_key_from_bytes_ex(const LMS_PUBLIC_KEY **key, const uint8_t **in, size_t *inlen); // 这个函数需要修改
140149
int lms_public_key_from_bytes(LMS_KEY *key, const uint8_t **in, size_t *inlen);
141150
int lms_private_key_to_bytes(const LMS_KEY *key, uint8_t **out, size_t *outlen);
142151
int lms_private_key_from_bytes(LMS_KEY *key, const uint8_t **in, size_t *inlen);
143152
int lms_public_key_print(FILE *fp, int fmt, int ind, const char *label, const LMS_PUBLIC_KEY *pub);
144-
int lms_key_print(FILE *fp, int fmt, int ind, const char *label, const LMS_KEY *key);
153+
int lms_key_print(FILE *fp, int fmt, int ind, const char *label, const LMS_KEY *key); //
145154
void lms_key_cleanup(LMS_KEY *key);
146155

147156

@@ -150,11 +159,11 @@ typedef struct {
150159
int q; // index of LMS tree leaf, in [0, 2^h - 1]
151160
struct {
152161
int lmots_type; // LMOTS_SM3_N32_W8 or LMOTS_SHA256_N32_W8 in compile time
153-
hash256_t C; // randomness of every LMOTS signature
154-
hash256_t y[34]; // for w = 8 and hash256, 34 winternitz chains
162+
lms_hash256_t C; // randomness of every LMOTS signature
163+
lms_hash256_t y[34]; // for w = 8 and hash256, 34 winternitz chains
155164
} lmots_sig;
156165
int lms_type;
157-
hash256_t path[25]; // max tree height = 25 when LMS_SM3_M32_H25
166+
lms_hash256_t path[25]; // max tree height = 25 when LMS_SM3_M32_H25
158167
} LMS_SIGNATURE;
159168

160169
// encoded size, SHOULD be changed when supporting text/der encoding
@@ -163,8 +172,8 @@ typedef struct {
163172

164173

165174
int lms_signature_to_merkle_root(const uint8_t I[16], size_t h, int q,
166-
const hash256_t y[34], const hash256_t *path,
167-
const hash256_t dgst, hash256_t root);
175+
const lms_hash256_t y[34], const lms_hash256_t *path,
176+
const lms_hash256_t dgst, lms_hash256_t root);
168177

169178

170179
/*
@@ -178,22 +187,22 @@ int lms_signature_size(int lms_type, size_t *siglen);
178187
int lms_key_get_signature_size(const LMS_KEY *key, size_t *siglen);
179188

180189
int lms_signature_to_bytes(const LMS_SIGNATURE *sig, uint8_t **out, size_t *outlen);
181-
int lms_signature_from_bytes_ex(const LMS_SIGNATURE **sig, size_t *siglen, const uint8_t **in, size_t *inlen);
190+
int lms_signature_from_bytes_ex(const LMS_SIGNATURE **sig, size_t *siglen, const uint8_t **in, size_t *inlen);// 这个接口有点奇怪,siglen?
182191
int lms_signature_from_bytes(LMS_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
183192
int lms_signature_print_ex(FILE *fp, int fmt, int ind, const char *label, const LMS_SIGNATURE *sig);
184193
int lms_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
185194

186195

187196
typedef struct {
188-
HASH256_CTX hash256_ctx;
197+
LMS_HASH256_CTX lms_hash256_ctx;
189198
LMS_PUBLIC_KEY lms_public_key; // FIXME: or use LMS_PUBLIC_KEY to re-use tree?
190199
LMS_SIGNATURE lms_sig;
191200
} LMS_SIGN_CTX;
192201

193202
int lms_sign_init(LMS_SIGN_CTX *ctx, LMS_KEY *key);
194203
int lms_sign_update(LMS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
195-
int lms_sign_finish(LMS_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
196204
int lms_sign_finish_ex(LMS_SIGN_CTX *ctx, LMS_SIGNATURE *sig);
205+
int lms_sign_finish(LMS_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
197206
int lms_verify_init_ex(LMS_SIGN_CTX *ctx, const LMS_KEY *key, const LMS_SIGNATURE *sig);
198207
int lms_verify_init(LMS_SIGN_CTX *ctx, const LMS_KEY *key, const uint8_t *sigbuf, size_t siglen);
199208
int lms_verify_update(LMS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
@@ -204,13 +213,11 @@ int lms_verify_finish(LMS_SIGN_CTX *ctx);
204213
void lms_sign_ctx_cleanup(LMS_SIGN_CTX *ctx);
205214

206215

207-
/*
208216
// just for reference, HSS_PUBLIC_KEY memory layout might not compatible with HSS_KEY
209217
typedef struct {
210218
uint32_t levels;
211219
LMS_PUBLIC_KEY lms_public_key;
212220
} HSS_PUBLIC_KEY;
213-
*/
214221

215222
// HSS_PUBLIC_KEY: { level, lms_key[0].public_key }
216223
#define HSS_PUBLIC_KEY_SIZE (4 + LMS_PUBLIC_KEY_SIZE)

0 commit comments

Comments
 (0)