Padding_len was introduced in 7793c40c07483dd3efed0a27a85922ed5c7f0cee, but not fixed in the calls hash_message. Resolves #12master
@@ -91,9 +91,10 @@ int prf_keygen(const xmss_params *params, | |||||
/* | /* | ||||
* Computes the message hash using R, the public root, the index of the leaf | * Computes the message hash using R, the public root, the index of the leaf | ||||
* node, and the message. Notably, it requires m_with_prefix to have 4*n bytes | |||||
* of space before the message, to use for the prefix. This is necessary to | |||||
* prevent having to move the message around (and thus allocate memory for it). | |||||
* node, and the message. Notably, it requires m_with_prefix to have 3*n plus | |||||
* the length of the padding as free space available before the message, | |||||
* to use for the prefix. This is necessary to prevent having to move the | |||||
* message around (and thus allocate memory for it). | |||||
*/ | */ | ||||
int hash_message(const xmss_params *params, unsigned char *out, | int hash_message(const xmss_params *params, unsigned char *out, | ||||
const unsigned char *R, const unsigned char *root, | const unsigned char *R, const unsigned char *root, | ||||
@@ -167,7 +167,8 @@ int xmssmt_core_sign_open(const xmss_params *params, | |||||
/* Compute the message hash. */ | /* Compute the message hash. */ | ||||
hash_message(params, mhash, sm + params->index_bytes, pk, idx, | hash_message(params, mhash, sm + params->index_bytes, pk, idx, | ||||
m + params->sig_bytes - 4*params->n, *mlen); | |||||
m + params->sig_bytes - params->padding_len - 3*params->n, | |||||
*mlen); | |||||
sm += params->index_bytes + params->n; | sm += params->index_bytes + params->n; | ||||
/* For each subtree.. */ | /* For each subtree.. */ | ||||
@@ -221,7 +221,8 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
/* Compute the message hash. */ | /* Compute the message hash. */ | ||||
hash_message(params, mhash, sm + params->index_bytes, pub_root, idx, | hash_message(params, mhash, sm + params->index_bytes, pub_root, idx, | ||||
sm + params->sig_bytes - 4*params->n, mlen); | |||||
sm + params->sig_bytes - params->padding_len - 3*params->n, | |||||
mlen); | |||||
sm += params->index_bytes + params->n; | sm += params->index_bytes + params->n; | ||||
set_type(ots_addr, XMSS_ADDR_TYPE_OTS); | set_type(ots_addr, XMSS_ADDR_TYPE_OTS); | ||||
@@ -639,7 +639,8 @@ int xmss_core_sign(const xmss_params *params, | |||||
/* Compute the message hash. */ | /* Compute the message hash. */ | ||||
hash_message(params, msg_h, R, pub_root, idx, | hash_message(params, msg_h, R, pub_root, idx, | ||||
sm + params->sig_bytes - 4*params->n, mlen); | |||||
sm + params->sig_bytes - params->padding_len - 3*params->n, | |||||
mlen); | |||||
// Start collecting signature | // Start collecting signature | ||||
*smlen = 0; | *smlen = 0; | ||||
@@ -825,7 +826,8 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
/* Compute the message hash. */ | /* Compute the message hash. */ | ||||
hash_message(params, msg_h, R, pub_root, idx, | hash_message(params, msg_h, R, pub_root, idx, | ||||
sm + params->sig_bytes - 4*params->n, mlen); | |||||
sm + params->sig_bytes - params->padding_len - 3*params->n, | |||||
mlen); | |||||
// Start collecting signature | // Start collecting signature | ||||
*smlen = 0; | *smlen = 0; | ||||