RubyGems - grpc - Versions diffs - 1.69.0 → 1.70.1 - Mend

grpc 1.69.0 → 1.70.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (640) hide show

data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c DELETED Viewed

@@ -1,140 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/base.h>
-#include <string.h>
-#define OPENSSL_UNSTABLE_EXPERIMENTAL_SPX
-#include <openssl/experimental/spx.h>
-#include <openssl/rand.h>
-#include "./address.h"
-#include "./fors.h"
-#include "./merkle.h"
-#include "./params.h"
-#include "./spx_util.h"
-#include "./thash.h"
-void SPX_generate_key(uint8_t out_public_key[SPX_PUBLIC_KEY_BYTES],
-                      uint8_t out_secret_key[SPX_SECRET_KEY_BYTES]) {
-  uint8_t seed[3 * SPX_N];
-  RAND_bytes(seed, 3 * SPX_N);
-  SPX_generate_key_from_seed(out_public_key, out_secret_key, seed);
-}
-void SPX_generate_key_from_seed(uint8_t out_public_key[SPX_PUBLIC_KEY_BYTES],
-                                uint8_t out_secret_key[SPX_SECRET_KEY_BYTES],
-                                const uint8_t seed[3 * SPX_N]) {
-  // Initialize SK.seed || SK.prf || PK.seed from seed.
-  memcpy(out_secret_key, seed, 3 * SPX_N);
-  // Initialize PK.seed from seed.
-  memcpy(out_public_key, seed + 2 * SPX_N, SPX_N);
-  uint8_t addr[32] = {0};
-  spx_set_layer_addr(addr, SPX_D - 1);
-  // Set PK.root
-  spx_treehash(out_public_key + SPX_N, out_secret_key, 0, SPX_TREE_HEIGHT,
-               out_public_key, addr);
-  memcpy(out_secret_key + 3 * SPX_N, out_public_key + SPX_N, SPX_N);
-}
-void SPX_sign(uint8_t out_signature[SPX_SIGNATURE_BYTES],
-              const uint8_t secret_key[SPX_SECRET_KEY_BYTES],
-              const uint8_t *msg, size_t msg_len, int randomized) {
-  uint8_t addr[32] = {0};
-  const uint8_t *sk_seed = secret_key;
-  const uint8_t *sk_prf = secret_key + SPX_N;
-  const uint8_t *pk_seed = secret_key + 2 * SPX_N;
-  const uint8_t *pk_root = secret_key + 3 * SPX_N;
-  uint8_t opt_rand[SPX_N] = {0};
-  if (randomized) {
-    RAND_bytes(opt_rand, SPX_N);
-  } else {
-    memcpy(opt_rand, pk_seed, SPX_N);
-  }
-  // Derive randomizer r and copy it to signature.
-  uint8_t r[SPX_N];
-  spx_thash_prfmsg(r, sk_prf, opt_rand, msg, msg_len);
-  memcpy(out_signature, r, SPX_N);
-  uint8_t digest[SPX_DIGEST_SIZE];
-  spx_thash_hmsg(digest, r, pk_seed, pk_root, msg, msg_len);
-  uint8_t fors_digest[SPX_FORS_MSG_BYTES];
-  memcpy(fors_digest, digest, SPX_FORS_MSG_BYTES);
-  uint8_t *tmp_idx_tree = digest + SPX_FORS_MSG_BYTES;
-  uint8_t *tmp_idx_leaf = tmp_idx_tree + SPX_TREE_BYTES;
-  uint64_t idx_tree = spx_to_uint64(tmp_idx_tree, SPX_TREE_BYTES);
-  idx_tree &= (~(uint64_t)0) >> (64 - SPX_TREE_BITS);
-  uint32_t idx_leaf = (uint32_t)spx_to_uint64(tmp_idx_leaf, SPX_LEAF_BYTES);
-  idx_leaf &= (~(uint32_t)0) >> (32 - SPX_LEAF_BITS);
-  spx_set_tree_addr(addr, idx_tree);
-  spx_set_type(addr, SPX_ADDR_TYPE_FORSTREE);
-  spx_set_keypair_addr(addr, idx_leaf);
-  spx_fors_sign(out_signature + SPX_N, fors_digest, sk_seed, pk_seed, addr);
-  uint8_t pk_fors[SPX_N];
-  spx_fors_pk_from_sig(pk_fors, out_signature + SPX_N, fors_digest, pk_seed,
-                       addr);
-  spx_ht_sign(out_signature + SPX_N + SPX_FORS_BYTES, pk_fors, idx_tree,
-              idx_leaf, sk_seed, pk_seed);
-}
-int SPX_verify(const uint8_t signature[SPX_SIGNATURE_BYTES],
-               const uint8_t public_key[SPX_SECRET_KEY_BYTES],
-               const uint8_t *msg, size_t msg_len) {
-  uint8_t addr[32] = {0};
-  const uint8_t *pk_seed = public_key;
-  const uint8_t *pk_root = public_key + SPX_N;
-  const uint8_t *r = signature;
-  const uint8_t *sig_fors = signature + SPX_N;
-  const uint8_t *sig_ht = sig_fors + SPX_FORS_BYTES;
-  uint8_t digest[SPX_DIGEST_SIZE];
-  spx_thash_hmsg(digest, r, pk_seed, pk_root, msg, msg_len);
-  uint8_t fors_digest[SPX_FORS_MSG_BYTES];
-  memcpy(fors_digest, digest, SPX_FORS_MSG_BYTES);
-  uint8_t *tmp_idx_tree = digest + SPX_FORS_MSG_BYTES;
-  uint8_t *tmp_idx_leaf = tmp_idx_tree + SPX_TREE_BYTES;
-  uint64_t idx_tree = spx_to_uint64(tmp_idx_tree, SPX_TREE_BYTES);
-  idx_tree &= (~(uint64_t)0) >> (64 - SPX_TREE_BITS);
-  uint32_t idx_leaf = (uint32_t)spx_to_uint64(tmp_idx_leaf, SPX_LEAF_BYTES);
-  idx_leaf &= (~(uint32_t)0) >> (32 - SPX_LEAF_BITS);
-  spx_set_tree_addr(addr, idx_tree);
-  spx_set_type(addr, SPX_ADDR_TYPE_FORSTREE);
-  spx_set_keypair_addr(addr, idx_leaf);
-  uint8_t pk_fors[SPX_N];
-  spx_fors_pk_from_sig(pk_fors, sig_fors, fors_digest, pk_seed, addr);
-  return spx_ht_verify(sig_ht, pk_fors, idx_tree, idx_leaf, pk_root, pk_seed);
-}

data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c DELETED Viewed

@@ -1,53 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/base.h>
-#include <assert.h>
-#include "./spx_util.h"
-void spx_uint64_to_len_bytes(uint8_t *output, size_t out_len, uint64_t input) {
-  for (size_t i = out_len; i > 0; --i) {
-    output[i - 1] = input & 0xff;
-    input = input >> 8;
-  }
-}
-uint64_t spx_to_uint64(const uint8_t *input, size_t input_len) {
-  uint64_t tmp = 0;
-  for (size_t i = 0; i < input_len; ++i) {
-    tmp = 256 * tmp + input[i];
-  }
-  return tmp;
-}
-void spx_base_b(uint32_t *output, size_t out_len, const uint8_t *input,
-                unsigned int log2_b) {
-  int in = 0;
-  uint32_t out = 0;
-  uint32_t bits = 0;
-  uint32_t total = 0;
-  uint32_t base = UINT32_C(1) << log2_b;
-  for (out = 0; out < out_len; ++out) {
-    while (bits < log2_b) {
-      total = (total << 8) + input[in];
-      in++;
-      bits = bits + 8;
-    }
-    bits -= log2_b;
-    output[out] = (total >> bits) % base;
-  }
-}

data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h DELETED Viewed

@@ -1,44 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#ifndef OPENSSL_HEADER_CRYPTO_SPX_UTIL_H
-#define OPENSSL_HEADER_CRYPTO_SPX_UTIL_H
-#include <openssl/base.h>
-#if defined(__cplusplus)
-extern "C" {
-#endif
-// Encodes the integer value of input to out_len bytes in big-endian order.
-// Note that input < 2^(8*out_len), as otherwise this function will truncate
-// the least significant bytes of the integer representation.
-void spx_uint64_to_len_bytes(uint8_t *output, size_t out_len, uint64_t input);
-uint64_t spx_to_uint64(const uint8_t *input, size_t input_len);
-// Compute the base 2^log2_b representation of X.
-//
-// As some of the parameter sets in https://eprint.iacr.org/2022/1725.pdf use
-// a FORS height > 16 we use a uint32_t to store the output.
-void spx_base_b(uint32_t *output, size_t out_len, const uint8_t *input,
-                unsigned int log2_b);
-#if defined(__cplusplus)
-}  // extern C
-#endif
-#endif  // OPENSSL_HEADER_CRYPTO_SPX_UTIL_H

data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c DELETED Viewed

@@ -1,136 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/base.h>
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-#include <openssl/sha.h>
-#include "./params.h"
-#include "./spx_util.h"
-#include "./thash.h"
-static void spx_thash(uint8_t *output, const uint8_t *input,
-                      size_t input_blocks, const uint8_t pk_seed[SPX_N],
-                      uint8_t addr[32]) {
-  uint8_t hash[32];
-  SHA256_CTX sha256;
-  SHA256_Init(&sha256);
-  // Process pubseed with padding to full block.
-  // TODO: This could be precomputed instead as it will be the same across all
-  // hash calls.
-  uint8_t padded_pk_seed[64] = {0};
-  memcpy(padded_pk_seed, pk_seed, SPX_N);
-  SHA256_Update(&sha256, padded_pk_seed, sizeof(padded_pk_seed));
-  SHA256_Update(&sha256, addr, SPX_SHA256_ADDR_BYTES);
-  SHA256_Update(&sha256, input, input_blocks * SPX_N);
-  SHA256_Final(hash, &sha256);
-  memcpy(output, hash, SPX_N);
-}
-void spx_thash_f(uint8_t *output, const uint8_t input[SPX_N],
-                 const uint8_t pk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, input, 1, pk_seed, addr);
-}
-void spx_thash_h(uint8_t *output, const uint8_t input[2 * SPX_N],
-                 const uint8_t pk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, input, 2, pk_seed, addr);
-}
-void spx_thash_hmsg(uint8_t *output, const uint8_t r[SPX_N],
-                    const uint8_t pk_seed[SPX_N], const uint8_t pk_root[SPX_N],
-                    const uint8_t *msg, size_t msg_len) {
-  // MGF1-SHA-256(R || PK.seed || SHA-256(R || PK.seed || PK.root || M), m)
-  // input_buffer stores R || PK_SEED || SHA256(..) || 4-byte index
-  uint8_t input_buffer[2 * SPX_N + 32 + 4] = {0};
-  memcpy(input_buffer, r, SPX_N);
-  memcpy(input_buffer + SPX_N, pk_seed, SPX_N);
-  // Inner hash
-  SHA256_CTX ctx;
-  SHA256_Init(&ctx);
-  SHA256_Update(&ctx, r, SPX_N);
-  SHA256_Update(&ctx, pk_seed, SPX_N);
-  SHA256_Update(&ctx, pk_root, SPX_N);
-  SHA256_Update(&ctx, msg, msg_len);
-  // Write directly into the input buffer
-  SHA256_Final(input_buffer + 2 * SPX_N, &ctx);
-  // MGF1-SHA-256
-  uint8_t output_buffer[3 * 32];
-  // Need to call SHA256 3 times for message digest.
-  static_assert(SPX_DIGEST_SIZE <= sizeof(output_buffer),
-                "not enough room for hashes");
-  SHA256(input_buffer, sizeof(input_buffer), output_buffer);
-  input_buffer[2 * SPX_N + 32 + 3] = 1;
-  SHA256(input_buffer, sizeof(input_buffer), output_buffer + 32);
-  input_buffer[2 * SPX_N + 32 + 3] = 2;
-  SHA256(input_buffer, sizeof(input_buffer), output_buffer + 64);
-  memcpy(output, output_buffer, SPX_DIGEST_SIZE);
-}
-void spx_thash_prf(uint8_t *output, const uint8_t pk_seed[SPX_N],
-                   const uint8_t sk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, sk_seed, 1, pk_seed, addr);
-}
-void spx_thash_prfmsg(uint8_t *output, const uint8_t sk_prf[SPX_N],
-                      const uint8_t opt_rand[SPX_N], const uint8_t *msg,
-                      size_t msg_len) {
-  // Compute HMAC-SHA256(sk_prf, opt_rand || msg). We inline HMAC to avoid an
-  // allocation.
-  uint8_t hmac_key[SHA256_CBLOCK] = {0};
-  static_assert(SPX_N <= SHA256_CBLOCK, "HMAC key is larger than block size");
-  memcpy(hmac_key, sk_prf, SPX_N);
-  for (size_t i = 0; i < sizeof(hmac_key); i++) {
-    hmac_key[i] ^= 0x36;
-  }
-  uint8_t hash[SHA256_DIGEST_LENGTH];
-  SHA256_CTX ctx;
-  SHA256_Init(&ctx);
-  SHA256_Update(&ctx, hmac_key, sizeof(hmac_key));
-  SHA256_Update(&ctx, opt_rand, SPX_N);
-  SHA256_Update(&ctx, msg, msg_len);
-  SHA256_Final(hash, &ctx);
-  for (size_t i = 0; i < sizeof(hmac_key); i++) {
-    hmac_key[i] ^= 0x36 ^ 0x5c;
-  }
-  SHA256_Init(&ctx);
-  SHA256_Update(&ctx, hmac_key, sizeof(hmac_key));
-  SHA256_Update(&ctx, hash, sizeof(hash));
-  SHA256_Final(hash, &ctx);
-  // Truncate to SPX_N bytes
-  memcpy(output, hash, SPX_N);
-}
-void spx_thash_tl(uint8_t *output, const uint8_t input[SPX_WOTS_BYTES],
-                  const uint8_t pk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, input, SPX_WOTS_LEN, pk_seed, addr);
-}
-void spx_thash_tk(uint8_t *output, const uint8_t input[SPX_FORS_TREES * SPX_N],
-                  const uint8_t pk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, input, SPX_FORS_TREES, pk_seed, addr);
-}

data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h DELETED Viewed

@@ -1,70 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#ifndef OPENSSL_HEADER_CRYPTO_SPX_THASH_H
-#define OPENSSL_HEADER_CRYPTO_SPX_THASH_H
-#include <openssl/base.h>
-#include "./params.h"
-#if defined(__cplusplus)
-extern "C" {
-#endif
-// Implements F: a hash function takes an n-byte message as input and produces
-// an n-byte output.
-void spx_thash_f(uint8_t *output, const uint8_t input[SPX_N],
-                 const uint8_t pk_seed[SPX_N], uint8_t addr[32]);
-// Implements H: a hash function takes a 2*n-byte message as input and produces
-// an n-byte output.
-void spx_thash_h(uint8_t *output, const uint8_t input[2 * SPX_N],
-                 const uint8_t pk_seed[SPX_N], uint8_t addr[32]);
-// Implements Hmsg: a hash function used to generate the digest of the message
-// to be signed.
-void spx_thash_hmsg(uint8_t *output, const uint8_t r[SPX_N],
-                    const uint8_t pk_seed[SPX_N], const uint8_t pk_root[SPX_N],
-                    const uint8_t *msg, size_t msg_len);
-// Implements PRF: a pseudo-random function that is used to generate the secret
-// values in WOTS+ and FORS private keys.
-void spx_thash_prf(uint8_t *output, const uint8_t pk_seed[SPX_N],
-                   const uint8_t sk_seed[SPX_N], uint8_t addr[32]);
-// Implements PRF: a pseudo-random function that is used to generate the
-// randomizer r for the randomized hashing of the message to be signed. values
-// in WOTS+ and FORS private keys.
-void spx_thash_prfmsg(uint8_t *output, const uint8_t sk_prf[SPX_N],
-                      const uint8_t opt_rand[SPX_N], const uint8_t *msg,
-                      size_t msg_len);
-// Implements Tl: a hash function that maps an l*n-byte message to an n-byte
-// message.
-void spx_thash_tl(uint8_t *output, const uint8_t input[SPX_WOTS_BYTES],
-                  const uint8_t pk_seed[SPX_N], uint8_t addr[32]);
-// Implements Tk: a hash function that maps a k*n-byte message to an n-byte
-// message.
-void spx_thash_tk(uint8_t *output, const uint8_t input[SPX_FORS_TREES * SPX_N],
-                  const uint8_t pk_seed[SPX_N], uint8_t addr[32]);
-#if defined(__cplusplus)
-}  // extern C
-#endif
-#endif  // OPENSSL_HEADER_CRYPTO_SPX_THASH_H

data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c DELETED Viewed

@@ -1,135 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/base.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <string.h>
-#include "./address.h"
-#include "./params.h"
-#include "./spx_util.h"
-#include "./thash.h"
-#include "./wots.h"
-// Chaining function used in WOTS+.
-static void chain(uint8_t *output, const uint8_t *input, uint32_t start,
-                  uint32_t steps, const uint8_t *pub_seed, uint8_t addr[32]) {
-  memcpy(output, input, SPX_N);
-  for (size_t i = start; i < (start + steps) && i < SPX_WOTS_W; ++i) {
-    spx_set_hash_addr(addr, i);
-    spx_thash_f(output, output, pub_seed, addr);
-  }
-}
-void spx_wots_pk_from_sig(uint8_t *pk, const uint8_t *sig, const uint8_t *msg,
-                          const uint8_t pub_seed[SPX_N], uint8_t addr[32]) {
-  uint8_t tmp[SPX_WOTS_BYTES];
-  uint8_t wots_pk_addr[32];
-  memcpy(wots_pk_addr, addr, sizeof(wots_pk_addr));
-  // Convert message to base w
-  uint32_t base_w_msg[SPX_WOTS_LEN];
-  spx_base_b(base_w_msg, SPX_WOTS_LEN1, msg, /*log2_b=*/SPX_WOTS_LOG_W);
-  // Compute checksum
-  uint64_t csum = 0;
-  for (size_t i = 0; i < SPX_WOTS_LEN1; ++i) {
-    csum += SPX_WOTS_W - 1 - base_w_msg[i];
-  }
-  // Convert csum to base w as in Algorithm 7, Line 9
-  uint8_t csum_bytes[(SPX_WOTS_LEN2 * SPX_WOTS_LOG_W + 7) / 8];
-  csum = csum << ((8 - ((SPX_WOTS_LEN2 * SPX_WOTS_LOG_W)) % 8) % 8);
-  spx_uint64_to_len_bytes(csum_bytes, sizeof(csum_bytes), csum);
-  // Write the base w representation of csum to the end of the message.
-  spx_base_b(base_w_msg + SPX_WOTS_LEN1, SPX_WOTS_LEN2, csum_bytes,
-             /*log2_b=*/SPX_WOTS_LOG_W);
-  // Compute chains
-  for (size_t i = 0; i < SPX_WOTS_LEN; ++i) {
-    spx_set_chain_addr(addr, i);
-    chain(tmp + i * SPX_N, sig + i * SPX_N, base_w_msg[i],
-          SPX_WOTS_W - 1 - base_w_msg[i], pub_seed, addr);
-  }
-  // Compress pk
-  spx_set_type(wots_pk_addr, SPX_ADDR_TYPE_WOTSPK);
-  spx_copy_keypair_addr(wots_pk_addr, addr);
-  spx_thash_tl(pk, tmp, pub_seed, wots_pk_addr);
-}
-void spx_wots_pk_gen(uint8_t *pk, const uint8_t sk_seed[SPX_N],
-                     const uint8_t pub_seed[SPX_N], uint8_t addr[32]) {
-  uint8_t tmp[SPX_WOTS_BYTES];
-  uint8_t tmp_sk[SPX_N];
-  uint8_t wots_pk_addr[32], sk_addr[32];
-  memcpy(wots_pk_addr, addr, sizeof(wots_pk_addr));
-  memcpy(sk_addr, addr, sizeof(sk_addr));
-  spx_set_type(sk_addr, SPX_ADDR_TYPE_WOTSPRF);
-  spx_copy_keypair_addr(sk_addr, addr);
-  for (size_t i = 0; i < SPX_WOTS_LEN; ++i) {
-    spx_set_chain_addr(sk_addr, i);
-    spx_thash_prf(tmp_sk, pub_seed, sk_seed, sk_addr);
-    spx_set_chain_addr(addr, i);
-    chain(tmp + i * SPX_N, tmp_sk, 0, SPX_WOTS_W - 1, pub_seed, addr);
-  }
-  // Compress pk
-  spx_set_type(wots_pk_addr, SPX_ADDR_TYPE_WOTSPK);
-  spx_copy_keypair_addr(wots_pk_addr, addr);
-  spx_thash_tl(pk, tmp, pub_seed, wots_pk_addr);
-}
-void spx_wots_sign(uint8_t *sig, const uint8_t msg[SPX_N],
-                   const uint8_t sk_seed[SPX_N], const uint8_t pub_seed[SPX_N],
-                   uint8_t addr[32]) {
-  // Convert message to base w
-  uint32_t base_w_msg[SPX_WOTS_LEN];
-  spx_base_b(base_w_msg, SPX_WOTS_LEN1, msg, /*log2_b=*/SPX_WOTS_LOG_W);
-  // Compute checksum
-  uint64_t csum = 0;
-  for (size_t i = 0; i < SPX_WOTS_LEN1; ++i) {
-    csum += SPX_WOTS_W - 1 - base_w_msg[i];
-  }
-  // Convert csum to base w as in Algorithm 6, Line 9
-  uint8_t csum_bytes[(SPX_WOTS_LEN2 * SPX_WOTS_LOG_W + 7) / 8];
-  csum = csum << ((8 - ((SPX_WOTS_LEN2 * SPX_WOTS_LOG_W)) % 8) % 8);
-  spx_uint64_to_len_bytes(csum_bytes, sizeof(csum_bytes), csum);
-  // Write the base w representation of csum to the end of the message.
-  spx_base_b(base_w_msg + SPX_WOTS_LEN1, SPX_WOTS_LEN2, csum_bytes,
-             /*log2_b=*/SPX_WOTS_LOG_W);
-  // Compute chains
-  uint8_t tmp_sk[SPX_N];
-  uint8_t sk_addr[32];
-  memcpy(sk_addr, addr, sizeof(sk_addr));
-  spx_set_type(sk_addr, SPX_ADDR_TYPE_WOTSPRF);
-  spx_copy_keypair_addr(sk_addr, addr);
-  for (size_t i = 0; i < SPX_WOTS_LEN; ++i) {
-    spx_set_chain_addr(sk_addr, i);
-    spx_thash_prf(tmp_sk, pub_seed, sk_seed, sk_addr);
-    spx_set_chain_addr(addr, i);
-    chain(sig + i * SPX_N, tmp_sk, 0, base_w_msg[i], pub_seed, addr);
-  }
-}

data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h DELETED Viewed

@@ -1,45 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#ifndef OPENSSL_HEADER_CRYPTO_SPX_WOTS_H
-#define OPENSSL_HEADER_CRYPTO_SPX_WOTS_H
-#include <openssl/base.h>
-#include "./params.h"
-#if defined(__cplusplus)
-extern "C" {
-#endif
-// Algorithm 5: Generate a WOTS+ public key.
-void spx_wots_pk_gen(uint8_t *pk, const uint8_t sk_seed[SPX_N],
-                     const uint8_t pub_seed[SPX_N], uint8_t addr[32]);
-// Algorithm 6: Generate a WOTS+ signature on an n-byte message.
-void spx_wots_sign(uint8_t *sig, const uint8_t msg[SPX_N],
-                   const uint8_t sk_seed[SPX_N], const uint8_t pub_seed[SPX_N],
-                   uint8_t addr[32]);
-// Algorithm 7: Compute a WOTS+ public key from a message and its signature.
-void spx_wots_pk_from_sig(uint8_t *pk, const uint8_t *sig, const uint8_t *msg,
-                          const uint8_t pub_seed[SPX_N], uint8_t addr[32]);
-#if defined(__cplusplus)
-}  // extern C
-#endif
-#endif  // OPENSSL_HEADER_CRYPTO_SPX_WOTS_H