Fix prefix space for hash_message wrt padding_len

Padding_len was introduced in 7793c40c07, but not fixed in the calls hash_message. Resolves #12
2020-05-25 20:36:50 +02:00 · 2020-05-25 20:36:50 +02:00 · 4ae726a82b
commit 4ae726a82b
parent e6b20992a2
4 changed files with 12 additions and 7 deletions
--- a/hash.c
+++ b/hash.c
@ -91,9 +91,10 @@ int prf_keygen(const xmss_params *params,

 /*
 * Computes the message hash using R, the public root, the index of the leaf
- * node, and the message. Notably, it requires m_with_prefix to have 4*n bytes
- * of space before the message, to use for the prefix. This is necessary to
- * prevent having to move the message around (and thus allocate memory for it).
+ * node, and the message. Notably, it requires m_with_prefix to have 3*n plus
+ * the length of the padding as free space available before the message,
+ * to use for the prefix. This is necessary to prevent having to move the
+ * message around (and thus allocate memory for it).
 */
 int hash_message(const xmss_params *params, unsigned char *out,
                 const unsigned char *R, const unsigned char *root,
--- a/xmss_commons.c
+++ b/xmss_commons.c
@ -167,7 +167,8 @@ int xmssmt_core_sign_open(const xmss_params *params,

    /* Compute the message hash. */
    hash_message(params, mhash, sm + params->index_bytes, pk, idx,
-                 m + params->sig_bytes - 4*params->n, *mlen);
+                 m + params->sig_bytes - params->padding_len - 3*params->n,
+                 *mlen);
    sm += params->index_bytes + params->n;

    /* For each subtree.. */
--- a/xmss_core.c
+++ b/xmss_core.c
@ -221,7 +221,8 @@ int xmssmt_core_sign(const xmss_params *params,

    /* Compute the message hash. */
    hash_message(params, mhash, sm + params->index_bytes, pub_root, idx,
-                 sm + params->sig_bytes - 4*params->n, mlen);
+                 sm + params->sig_bytes - params->padding_len - 3*params->n,
+                 mlen);
    sm += params->index_bytes + params->n;

    set_type(ots_addr, XMSS_ADDR_TYPE_OTS);
--- a/xmss_core_fast.c
+++ b/xmss_core_fast.c
@ -639,7 +639,8 @@ int xmss_core_sign(const xmss_params *params,

    /* Compute the message hash. */
    hash_message(params, msg_h, R, pub_root, idx,
-                 sm + params->sig_bytes - 4*params->n, mlen);
+                 sm + params->sig_bytes - params->padding_len - 3*params->n,
+                 mlen);

    // Start collecting signature
    *smlen = 0;
@ -825,7 +826,8 @@ int xmssmt_core_sign(const xmss_params *params,

    /* Compute the message hash. */
    hash_message(params, msg_h, R, pub_root, idx,
-                 sm + params->sig_bytes - 4*params->n, mlen);
+                 sm + params->sig_bytes - params->padding_len - 3*params->n,
+                 mlen);

    // Start collecting signature
    *smlen = 0;