/src/boringssl/crypto/fipsmodule/slhdsa/address.h
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright 2024 The BoringSSL Authors |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_SLHDSA_ADDRESS_H |
16 | | #define OPENSSL_HEADER_CRYPTO_FIPSMODULE_SLHDSA_ADDRESS_H |
17 | | |
18 | | #include <openssl/mem.h> |
19 | | |
20 | | #include "../../internal.h" |
21 | | |
22 | | #if defined(__cplusplus) |
23 | | extern "C" { |
24 | | #endif |
25 | | |
26 | | |
27 | | // Offsets of various fields in the address structure for SLH-DSA-SHA2-128s. |
28 | | |
29 | | // The byte used to specify the Merkle tree layer. |
30 | 0 | #define SLHDSA_SHA2_128S_OFFSET_LAYER 0 |
31 | | |
32 | | // The start of the 8 byte field used to specify the tree. |
33 | 0 | #define SLHDSA_SHA2_128S_OFFSET_TREE 1 |
34 | | |
35 | | // The byte used to specify the hash type (reason). |
36 | 0 | #define SLHDSA_SHA2_128S_OFFSET_TYPE 9 |
37 | | |
38 | | // The high byte used to specify the key pair (which one-time signature). |
39 | 0 | #define SLHDSA_SHA2_128S_OFFSET_KP_ADDR2 12 |
40 | | |
41 | | // The low byte used to specific the key pair. |
42 | 0 | #define SLHDSA_SHA2_128S_OFFSET_KP_ADDR1 13 |
43 | | |
44 | | // The byte used to specify the chain address (which Winternitz chain). |
45 | 0 | #define SLHDSA_SHA2_128S_OFFSET_CHAIN_ADDR 17 |
46 | | |
47 | | // The byte used to specify the hash address (where in the Winternitz chain). |
48 | 0 | #define SLHDSA_SHA2_128S_OFFSET_HASH_ADDR 21 |
49 | | |
50 | | // The byte used to specify the height of this node in the FORS or Merkle tree. |
51 | 0 | #define SLHDSA_SHA2_128S_OFFSET_TREE_HGT 17 |
52 | | |
53 | | // The start of the 4 byte field used to specify the node in the FORS or Merkle |
54 | | // tree. |
55 | 0 | #define SLHDSA_SHA2_128S_OFFSET_TREE_INDEX 18 |
56 | | |
57 | | |
58 | 0 | inline void slhdsa_set_chain_addr(uint8_t addr[32], uint32_t chain) { |
59 | 0 | addr[SLHDSA_SHA2_128S_OFFSET_CHAIN_ADDR] = (uint8_t)chain; |
60 | 0 | } |
61 | | |
62 | 0 | inline void slhdsa_set_hash_addr(uint8_t addr[32], uint32_t hash) { |
63 | 0 | addr[SLHDSA_SHA2_128S_OFFSET_HASH_ADDR] = (uint8_t)hash; |
64 | 0 | } |
65 | | |
66 | 0 | inline void slhdsa_set_keypair_addr(uint8_t addr[32], uint32_t keypair) { |
67 | 0 | addr[SLHDSA_SHA2_128S_OFFSET_KP_ADDR2] = (uint8_t)(keypair >> 8); |
68 | 0 | addr[SLHDSA_SHA2_128S_OFFSET_KP_ADDR1] = (uint8_t)keypair; |
69 | 0 | } |
70 | | |
71 | 0 | inline void slhdsa_copy_keypair_addr(uint8_t out[32], const uint8_t in[32]) { |
72 | 0 | OPENSSL_memcpy(out, in, SLHDSA_SHA2_128S_OFFSET_TREE + 8); |
73 | 0 | out[SLHDSA_SHA2_128S_OFFSET_KP_ADDR2] = in[SLHDSA_SHA2_128S_OFFSET_KP_ADDR2]; |
74 | 0 | out[SLHDSA_SHA2_128S_OFFSET_KP_ADDR1] = in[SLHDSA_SHA2_128S_OFFSET_KP_ADDR1]; |
75 | 0 | } |
76 | | |
77 | 0 | inline void slhdsa_set_layer_addr(uint8_t addr[32], uint32_t layer) { |
78 | 0 | addr[SLHDSA_SHA2_128S_OFFSET_LAYER] = (uint8_t)layer; |
79 | 0 | } |
80 | | |
81 | 0 | inline void slhdsa_set_tree_addr(uint8_t addr[32], uint64_t tree) { |
82 | 0 | CRYPTO_store_u64_be(&addr[SLHDSA_SHA2_128S_OFFSET_TREE], tree); |
83 | 0 | } |
84 | | |
85 | 0 | #define SLHDSA_SHA2_128S_ADDR_TYPE_WOTS 0 |
86 | 0 | #define SLHDSA_SHA2_128S_ADDR_TYPE_WOTSPK 1 |
87 | 0 | #define SLHDSA_SHA2_128S_ADDR_TYPE_HASHTREE 2 |
88 | 0 | #define SLHDSA_SHA2_128S_ADDR_TYPE_FORSTREE 3 |
89 | 0 | #define SLHDSA_SHA2_128S_ADDR_TYPE_FORSPK 4 |
90 | 0 | #define SLHDSA_SHA2_128S_ADDR_TYPE_WOTSPRF 5 |
91 | 0 | #define SLHDSA_SHA2_128S_ADDR_TYPE_FORSPRF 6 |
92 | | |
93 | 0 | inline void slhdsa_set_type(uint8_t addr[32], uint32_t type) { |
94 | | // FIPS 205 relies on this setting parts of the address to 0, so we do it |
95 | | // here to avoid confusion. |
96 | | // |
97 | | // The behavior here is only correct for the SHA-2 instantiations. |
98 | 0 | OPENSSL_memset(addr + 10, 0, 12); |
99 | 0 | addr[SLHDSA_SHA2_128S_OFFSET_TYPE] = (uint8_t)type; |
100 | 0 | } |
101 | | |
102 | 0 | inline void slhdsa_set_tree_height(uint8_t addr[32], uint32_t tree_height) { |
103 | 0 | addr[SLHDSA_SHA2_128S_OFFSET_TREE_HGT] = (uint8_t)tree_height; |
104 | 0 | } |
105 | | |
106 | 0 | inline void slhdsa_set_tree_index(uint8_t addr[32], uint32_t tree_index) { |
107 | 0 | CRYPTO_store_u32_be(&addr[SLHDSA_SHA2_128S_OFFSET_TREE_INDEX], tree_index); |
108 | 0 | } |
109 | | |
110 | 0 | inline uint32_t slhdsa_get_tree_index(uint8_t addr[32]) { |
111 | 0 | return CRYPTO_load_u32_be(addr + SLHDSA_SHA2_128S_OFFSET_TREE_INDEX); |
112 | 0 | } |
113 | | |
114 | | |
115 | | #if defined(__cplusplus) |
116 | | } // extern C |
117 | | #endif |
118 | | |
119 | | #endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_SLHDSA_ADDRESS_H |