Skip to content

Commit afcccfc

Browse files
committed
Composite sigs: Consolidate code and make it consistent with latest draft
The change removes duplicate domain separation code and makes sure that the stream and one-shot APIs behave identically. Tests are added to ensure and verify that. Signed-off-by: Stephan Mueller <smueller@chronox.de>
1 parent 0a2a6fd commit afcccfc

20 files changed

+415
-547
lines changed

asn1/src/asym_key_dilithium_ed25519.c

Lines changed: 5 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -266,13 +266,7 @@ static int lc_xof_authattr(const struct lc_hash *xof, const uint8_t *in,
266266
sizeof(lc_pkcs7_authattr_tag));
267267
}
268268
lc_hash_update(hash_ctx, in, inlen);
269-
lc_hash_set_digestsize(hash_ctx, digestlen);
270-
if (lc_hash_digestsize(hash_ctx) != digestlen) {
271-
/* Safety check in case function is called with hash */
272-
lc_memset_secure(digest, 0, digestlen);
273-
ret = -EFAULT;
274-
goto out;
275-
}
269+
CKINT(lc_hash_set_digestsize(hash_ctx, digestlen));
276270
lc_hash_final(hash_ctx, digest);
277271

278272
out:
@@ -293,7 +287,6 @@ int public_key_verify_signature_dilithium_ed25519(
293287
const uint8_t *dilithium_src, *ed25519_src, *data_ptr;
294288
size_t dilithium_src_len, ed25519_src_len, data_len;
295289
int ret, authattrs_tag;
296-
LC_DILITHIUM_ED25519_CTX_ON_STACK(ctx);
297290
LC_DECLARE_MEM(ws, struct workspace, sizeof(uint64_t));
298291

299292
/* A signature verification does not work with a private key */
@@ -334,21 +327,14 @@ int public_key_verify_signature_dilithium_ed25519(
334327
CKINT(lc_xof_authattr(hash_algo, data_ptr, data_len, ws->ph_message,
335328
sizeof(ws->ph_message), authattrs_tag));
336329

337-
/*
338-
* TODO currently no ctx is supported. This implies that ctx == NULL.
339-
* Yet, the ctx can be added to struct lc_public_key_signature.
340-
*/
341-
lc_dilithium_ed25519_ctx_userctx(ctx, NULL, 0);
342-
343330
/*
344331
* Verify the signature using Composite-ML-DSA
345332
*/
346-
CKINT(lc_dilithium_ed25519_verify_ctx(
347-
&ws->dilithium_sig, ctx, ws->ph_message, sizeof(ws->ph_message),
333+
CKINT(lc_dilithium_ed25519_verify(
334+
&ws->dilithium_sig, ws->ph_message, sizeof(ws->ph_message),
348335
&ws->dilithium_pk));
349336

350337
out:
351-
lc_dilithium_ed25519_ctx_zero(ctx);
352338
LC_RELEASE_MEM(ws);
353339
return ret;
354340
}
@@ -370,7 +356,6 @@ int public_key_generate_signature_dilithium_ed25519(
370356
const uint8_t *data_ptr;
371357
uint8_t *ml_dsa_ptr, *ed25519_ptr;
372358
int ret;
373-
LC_DILITHIUM_ED25519_CTX_ON_STACK(ctx);
374359
LC_DECLARE_MEM(ws, struct workspace, sizeof(uint64_t));
375360

376361
CKINT(public_key_dilithium_ed25519_get_data(&data_ptr, &data_len, NULL,
@@ -381,15 +366,9 @@ int public_key_generate_signature_dilithium_ed25519(
381366
CKINT(lc_xof(hash_algo, data_ptr, data_len, ws->ph_message,
382367
sizeof(ws->ph_message)));
383368

384-
/*
385-
* TODO currently no ctx is supported. This implies that ctx == NULL.
386-
* Yet, the ctx can be added to struct lc_public_key_signature.
387-
*/
388-
lc_dilithium_ed25519_ctx_userctx(ctx, NULL, 0);
389-
390369
/* Sign the signature using Composite-ML-DSA */
391-
CKINT(lc_dilithium_ed25519_sign_ctx(
392-
&ws->dilithium_ed25519_sig, ctx, ws->ph_message,
370+
CKINT(lc_dilithium_ed25519_sign(
371+
&ws->dilithium_ed25519_sig, ws->ph_message,
393372
sizeof(ws->ph_message), dilithium_ed25519_sk, lc_seeded_rng));
394373

395374
CKINT(lc_dilithium_ed25519_sig_ptr(&ml_dsa_ptr, &ml_dsa_siglen,
@@ -408,7 +387,6 @@ int public_key_generate_signature_dilithium_ed25519(
408387
ml_dsa_siglen + ed25519_siglen);
409388

410389
out:
411-
lc_dilithium_ed25519_ctx_zero(ctx);
412390
LC_RELEASE_MEM(ws);
413391
return ret;
414392
#else

asn1/src/asym_key_dilithium_ed448.c

Lines changed: 5 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -268,13 +268,7 @@ static int lc_xof_authattr(const struct lc_hash *xof, const uint8_t *in,
268268
sizeof(lc_pkcs7_authattr_tag));
269269
}
270270
lc_hash_update(hash_ctx, in, inlen);
271-
lc_hash_set_digestsize(hash_ctx, digestlen);
272-
if (lc_hash_digestsize(hash_ctx) != digestlen) {
273-
/* Safety check in case function is called with hash */
274-
lc_memset_secure(digest, 0, digestlen);
275-
ret = -EFAULT;
276-
goto out;
277-
}
271+
CKINT(lc_hash_set_digestsize(hash_ctx, digestlen));
278272
lc_hash_final(hash_ctx, digest);
279273

280274
out:
@@ -295,7 +289,6 @@ int public_key_verify_signature_dilithium_ed448(
295289
const uint8_t *dilithium_src, *ed448_src, *data_ptr;
296290
size_t dilithium_src_len, ed448_src_len, data_len;
297291
int ret, authattrs_tag;
298-
LC_DILITHIUM_ED448_CTX_ON_STACK(ctx);
299292
LC_DECLARE_MEM(ws, struct workspace, sizeof(uint64_t));
300293

301294
/* A signature verification does not work with a private key */
@@ -336,21 +329,14 @@ int public_key_verify_signature_dilithium_ed448(
336329
CKINT(lc_xof_authattr(hash_algo, data_ptr, data_len, ws->ph_message,
337330
sizeof(ws->ph_message), authattrs_tag));
338331

339-
/*
340-
* TODO currently no ctx is supported. This implies that ctx == NULL.
341-
* Yet, the ctx can be added to struct lc_public_key_signature.
342-
*/
343-
lc_dilithium_ed448_ctx_userctx(ctx, NULL, 0);
344-
345332
/*
346333
* Verify the signature using Composite-ML-DSA
347334
*/
348-
CKINT(lc_dilithium_ed448_verify_ctx(
349-
&ws->dilithium_sig, ctx, ws->ph_message, sizeof(ws->ph_message),
335+
CKINT(lc_dilithium_ed448_verify(
336+
&ws->dilithium_sig, ws->ph_message, sizeof(ws->ph_message),
350337
&ws->dilithium_pk));
351338

352339
out:
353-
lc_dilithium_ed448_ctx_zero(ctx);
354340
LC_RELEASE_MEM(ws);
355341
return ret;
356342
}
@@ -372,7 +358,6 @@ int public_key_generate_signature_dilithium_ed448(
372358
const uint8_t *data_ptr;
373359
uint8_t *ml_dsa_ptr, *ed448_ptr;
374360
int ret;
375-
LC_DILITHIUM_ED448_CTX_ON_STACK(ctx);
376361
LC_DECLARE_MEM(ws, struct workspace, sizeof(uint64_t));
377362

378363
CKINT(public_key_dilithium_ed448_get_data(&data_ptr, &data_len, NULL,
@@ -383,15 +368,9 @@ int public_key_generate_signature_dilithium_ed448(
383368
CKINT(lc_xof(hash_algo, data_ptr, data_len, ws->ph_message,
384369
sizeof(ws->ph_message)));
385370

386-
/*
387-
* TODO currently no ctx is supported. This implies that ctx == NULL.
388-
* Yet, the ctx can be added to struct lc_public_key_signature.
389-
*/
390-
lc_dilithium_ed448_ctx_userctx(ctx, NULL, 0);
391-
392371
/* Sign the signature using Composite-ML-DSA */
393-
CKINT(lc_dilithium_ed448_sign_ctx(
394-
&ws->dilithium_ed448_sig, ctx, ws->ph_message,
372+
CKINT(lc_dilithium_ed448_sign(
373+
&ws->dilithium_ed448_sig, ws->ph_message,
395374
sizeof(ws->ph_message), dilithium_ed448_sk, lc_seeded_rng));
396375

397376
CKINT(lc_dilithium_ed448_sig_ptr(&ml_dsa_ptr, &ml_dsa_siglen,
@@ -411,7 +390,6 @@ int public_key_generate_signature_dilithium_ed448(
411390
ml_dsa_siglen + ed448_siglen);
412391

413392
out:
414-
lc_dilithium_ed448_ctx_zero(ctx);
415393
LC_RELEASE_MEM(ws);
416394
return ret;
417395
#else

asn1/src/x509_public_key.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@
3838
int lc_x509_set_digestsize(size_t *digestsize, struct lc_hash_ctx *hash_ctx)
3939
{
4040
size_t found_digestsize = lc_hash_digestsize(hash_ctx);
41+
int ret = 0;
4142

4243
/* This can happen for a SHAKE-algorithm */
4344
if (!found_digestsize) {
@@ -50,14 +51,15 @@ int lc_x509_set_digestsize(size_t *digestsize, struct lc_hash_ctx *hash_ctx)
5051
else
5152
found_digestsize = LC_SHA_MAX_SIZE_DIGEST;
5253

53-
lc_hash_set_digestsize(hash_ctx, found_digestsize);
54+
CKINT(lc_hash_set_digestsize(hash_ctx, found_digestsize));
5455
}
5556
if (*digestsize < found_digestsize)
5657
return -ENOMEM;
5758

5859
*digestsize = found_digestsize;
5960

60-
return 0;
61+
out:
62+
return ret;
6163
}
6264

6365
/* No pre-hashed signatures */
0 Bytes
Binary file not shown.
0 Bytes
Binary file not shown.
0 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)