1 /* Copyright (c) 2023, Google LLC
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <openssl/base.h>
16
17 #include <string.h>
18
19 #include "../internal.h"
20 #include "./address.h"
21 #include "./spx_util.h"
22
23
24 // Offsets of various fields in the address structure for SPHINCS+-SHA2-128s.
25
26 // The byte used to specify the Merkle tree layer.
27 #define SPX_OFFSET_LAYER 0
28
29 // The start of the 8 byte field used to specify the tree.
30 #define SPX_OFFSET_TREE 1
31
32 // The byte used to specify the hash type (reason).
33 #define SPX_OFFSET_TYPE 9
34
35 // The high byte used to specify the key pair (which one-time signature).
36 #define SPX_OFFSET_KP_ADDR2 12
37
38 // The low byte used to specific the key pair.
39 #define SPX_OFFSET_KP_ADDR1 13
40
41 // The byte used to specify the chain address (which Winternitz chain).
42 #define SPX_OFFSET_CHAIN_ADDR 17
43
44 // The byte used to specify the hash address (where in the Winternitz chain).
45 #define SPX_OFFSET_HASH_ADDR 21
46
47 // The byte used to specify the height of this node in the FORS or Merkle tree.
48 #define SPX_OFFSET_TREE_HGT 17
49
50 // The start of the 4 byte field used to specify the node in the FORS or Merkle
51 // tree.
52 #define SPX_OFFSET_TREE_INDEX 18
53
54
spx_set_chain_addr(uint8_t addr[32],uint32_t chain)55 void spx_set_chain_addr(uint8_t addr[32], uint32_t chain) {
56 addr[SPX_OFFSET_CHAIN_ADDR] = (uint8_t)chain;
57 }
58
spx_set_hash_addr(uint8_t addr[32],uint32_t hash)59 void spx_set_hash_addr(uint8_t addr[32], uint32_t hash) {
60 addr[SPX_OFFSET_HASH_ADDR] = (uint8_t)hash;
61 }
62
spx_set_keypair_addr(uint8_t addr[32],uint32_t keypair)63 void spx_set_keypair_addr(uint8_t addr[32], uint32_t keypair) {
64 addr[SPX_OFFSET_KP_ADDR2] = (uint8_t)(keypair >> 8);
65 addr[SPX_OFFSET_KP_ADDR1] = (uint8_t)keypair;
66 }
67
spx_copy_keypair_addr(uint8_t out[32],const uint8_t in[32])68 void spx_copy_keypair_addr(uint8_t out[32], const uint8_t in[32]) {
69 memcpy(out, in, SPX_OFFSET_TREE + 8);
70 out[SPX_OFFSET_KP_ADDR2] = in[SPX_OFFSET_KP_ADDR2];
71 out[SPX_OFFSET_KP_ADDR1] = in[SPX_OFFSET_KP_ADDR1];
72 }
73
spx_set_layer_addr(uint8_t addr[32],uint32_t layer)74 void spx_set_layer_addr(uint8_t addr[32], uint32_t layer) {
75 addr[SPX_OFFSET_LAYER] = (uint8_t)layer;
76 }
77
spx_set_tree_addr(uint8_t addr[32],uint64_t tree)78 void spx_set_tree_addr(uint8_t addr[32], uint64_t tree) {
79 spx_uint64_to_len_bytes(&addr[SPX_OFFSET_TREE], 8, tree);
80 }
81
spx_set_type(uint8_t addr[32],uint32_t type)82 void spx_set_type(uint8_t addr[32], uint32_t type) {
83 // NIST draft relies on this setting parts of the address to 0, so we do it
84 // here to avoid confusion.
85 //
86 // The behavior here is only correct for the SHA2 instantiations.
87 memset(addr + 10, 0, 12);
88 addr[SPX_OFFSET_TYPE] = (uint8_t)type;
89 }
90
spx_set_tree_height(uint8_t addr[32],uint32_t tree_height)91 void spx_set_tree_height(uint8_t addr[32], uint32_t tree_height) {
92 addr[SPX_OFFSET_TREE_HGT] = (uint8_t)tree_height;
93 }
94
spx_set_tree_index(uint8_t addr[32],uint32_t tree_index)95 void spx_set_tree_index(uint8_t addr[32], uint32_t tree_index) {
96 CRYPTO_store_u32_be(&addr[SPX_OFFSET_TREE_INDEX], tree_index);
97 }
98
spx_get_tree_index(uint8_t addr[32])99 uint32_t spx_get_tree_index(uint8_t addr[32]) {
100 return CRYPTO_load_u32_be(addr + SPX_OFFSET_TREE_INDEX);
101 }
102