Support SHA256/192 parameter sets#17
Merged
tob-scott-a merged 7 commits intotrailofbits:mainfrom Feb 18, 2025
Merged
Conversation
This commit replaces lms_type_code (which was used for typecodes for both LMS and LM-OTS) with two types: lmsTypecode (for LMS typecodes) and lmotsTypecode (for LM-OTS typecodes). While the typecodes for both LMS and LM-OTS parameter sets are both uint32 values, and the original sets in RFC8554 didn't overlap, the namespaces are distinct: see https://www.iana.org/assignments/leighton-micali-signatures/leighton-micali-signatures.xhtml Separating the types also allows greater clarity of code: the expected type of a typecode is explicit now, and type safety will reduce future bugs. The new type names use camelCase instead of snake_case. This is idiomatic for Go: https://google.github.io/styleguide/go/decisions#underscores The original choice not to export lms_type_code is respected by this change. Not making the type public is an uncommon choice, but it does allow internal refactors like this one to avoid breaking callers.
This commit updates TestOtsSignVerify and TestOtsSignVerifyFail to be table-driven tests. This is more idiomatic for Go, and will allow us to add more OTS parameter sets later easily.
This commit merges the Verify and VerifyFail tests into one table-driven test, with subtests for the OK and fail cases.
This commit factors out hash_write into common.HashWrite, and replaces usage of hash.Hash.Sum with a new helper called common.HashSum, which takes care of the hash truncation for cases when params.N is less than the size of the hash.
This commit incorporates the known-answer test for SHA256/192 from https://datatracker.ietf.org/doc/draft-fluhrer-lms-more-parm-sets/19/
|
|
tob-scott-a
approved these changes
Feb 18, 2025
Contributor
|
These changes look good to me. I think SHAKE256-based parameters are also worth supporting in the future (although they're currently not in the standard library crypto module--only vanilla SHA3 is). |
Contributor
Author
|
Thank you for the extremely quick turnaround, @tob-scott-a! Re: SHAKE256 - I may find some time to follow up on this. |
Contributor
Author
@tob-scott-a it looks like go 1.24 has it: golang/go#70701. How open are you to updating the required Go version for this module as part of the introduction of SHAKE256-based LMS parameters? |
Contributor
|
Go 1.24 has SHA3, but SHAKE requires x/crypto. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is intended to partly address #16. A future PR could add the SHAKE256-based parameter sets from https://datatracker.ietf.org/doc/draft-fluhrer-lms-more-parm-sets/19/
This change is organized into several commits:
9fec504 breaks up
lms_type_codeintolmsTypecodeandlmotsTypecode597ce9e refactors the main
ots_testtest cases into two table-driven testsdd44552 merges the two table-driven tests in
ots_testand adds better negative coverage toots_testa661817 moves the existing
hash_writehelper intocommonand adds ahashSumhelper as well, to deal with the truncation of hashes for some parameter sets. It updates some internal code to useparams.Nwhere before it assumedNwas the same as the size of the hash output.761b8aa adds support for SHA256/192 based LMS and LM-OTS parameter sets
3ce0165 adds the KAT from the RFC that introduces SHA256/192 based parameter sets