RubyGems - grpc - Versions diffs - 1.69.0 → 1.70.1 - Mend

grpc 1.69.0 → 1.70.1

Files changed (640) hide show

data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c DELETED Viewed

@@ -1,140 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/base.h>
-#include <string.h>
-#define OPENSSL_UNSTABLE_EXPERIMENTAL_SPX
-#include <openssl/experimental/spx.h>
-#include <openssl/rand.h>
-#include "./address.h"
-#include "./fors.h"
-#include "./merkle.h"
-#include "./params.h"
-#include "./spx_util.h"
-#include "./thash.h"
-void SPX_generate_key(uint8_t out_public_key[SPX_PUBLIC_KEY_BYTES],
-                      uint8_t out_secret_key[SPX_SECRET_KEY_BYTES]) {
-  uint8_t seed[3 * SPX_N];
-  RAND_bytes(seed, 3 * SPX_N);
-  SPX_generate_key_from_seed(out_public_key, out_secret_key, seed);
-}
-void SPX_generate_key_from_seed(uint8_t out_public_key[SPX_PUBLIC_KEY_BYTES],
-                                uint8_t out_secret_key[SPX_SECRET_KEY_BYTES],
-                                const uint8_t seed[3 * SPX_N]) {
-  // Initialize SK.seed || SK.prf || PK.seed from seed.
-  memcpy(out_secret_key, seed, 3 * SPX_N);
-  // Initialize PK.seed from seed.
-  memcpy(out_public_key, seed + 2 * SPX_N, SPX_N);
-  uint8_t addr[32] = {0};
-  spx_set_layer_addr(addr, SPX_D - 1);
-  // Set PK.root
-  spx_treehash(out_public_key + SPX_N, out_secret_key, 0, SPX_TREE_HEIGHT,
-               out_public_key, addr);
-  memcpy(out_secret_key + 3 * SPX_N, out_public_key + SPX_N, SPX_N);
-}
-void SPX_sign(uint8_t out_signature[SPX_SIGNATURE_BYTES],
-              const uint8_t secret_key[SPX_SECRET_KEY_BYTES],
-              const uint8_t *msg, size_t msg_len, int randomized) {
-  uint8_t addr[32] = {0};
-  const uint8_t *sk_seed = secret_key;
-  const uint8_t *sk_prf = secret_key + SPX_N;
-  const uint8_t *pk_seed = secret_key + 2 * SPX_N;
-  const uint8_t *pk_root = secret_key + 3 * SPX_N;
-  uint8_t opt_rand[SPX_N] = {0};
-  if (randomized) {
-    RAND_bytes(opt_rand, SPX_N);
-  } else {
-    memcpy(opt_rand, pk_seed, SPX_N);
-  }
-  // Derive randomizer r and copy it to signature.
-  uint8_t r[SPX_N];
-  spx_thash_prfmsg(r, sk_prf, opt_rand, msg, msg_len);
-  memcpy(out_signature, r, SPX_N);
-  uint8_t digest[SPX_DIGEST_SIZE];
-  spx_thash_hmsg(digest, r, pk_seed, pk_root, msg, msg_len);
-  uint8_t fors_digest[SPX_FORS_MSG_BYTES];
-  memcpy(fors_digest, digest, SPX_FORS_MSG_BYTES);
-  uint8_t *tmp_idx_tree = digest + SPX_FORS_MSG_BYTES;
-  uint8_t *tmp_idx_leaf = tmp_idx_tree + SPX_TREE_BYTES;
-  uint64_t idx_tree = spx_to_uint64(tmp_idx_tree, SPX_TREE_BYTES);
-  idx_tree &= (~(uint64_t)0) >> (64 - SPX_TREE_BITS);
-  uint32_t idx_leaf = (uint32_t)spx_to_uint64(tmp_idx_leaf, SPX_LEAF_BYTES);
-  idx_leaf &= (~(uint32_t)0) >> (32 - SPX_LEAF_BITS);
-  spx_set_tree_addr(addr, idx_tree);
-  spx_set_type(addr, SPX_ADDR_TYPE_FORSTREE);
-  spx_set_keypair_addr(addr, idx_leaf);
-  spx_fors_sign(out_signature + SPX_N, fors_digest, sk_seed, pk_seed, addr);
-  uint8_t pk_fors[SPX_N];
-  spx_fors_pk_from_sig(pk_fors, out_signature + SPX_N, fors_digest, pk_seed,
-                       addr);
-  spx_ht_sign(out_signature + SPX_N + SPX_FORS_BYTES, pk_fors, idx_tree,
-              idx_leaf, sk_seed, pk_seed);
-}
-int SPX_verify(const uint8_t signature[SPX_SIGNATURE_BYTES],
-               const uint8_t public_key[SPX_SECRET_KEY_BYTES],
-               const uint8_t *msg, size_t msg_len) {
-  uint8_t addr[32] = {0};
-  const uint8_t *pk_seed = public_key;
-  const uint8_t *pk_root = public_key + SPX_N;
-  const uint8_t *r = signature;
-  const uint8_t *sig_fors = signature + SPX_N;
-  const uint8_t *sig_ht = sig_fors + SPX_FORS_BYTES;
-  uint8_t digest[SPX_DIGEST_SIZE];
-  spx_thash_hmsg(digest, r, pk_seed, pk_root, msg, msg_len);
-  uint8_t fors_digest[SPX_FORS_MSG_BYTES];
-  memcpy(fors_digest, digest, SPX_FORS_MSG_BYTES);
-  uint8_t *tmp_idx_tree = digest + SPX_FORS_MSG_BYTES;
-  uint8_t *tmp_idx_leaf = tmp_idx_tree + SPX_TREE_BYTES;
-  uint64_t idx_tree = spx_to_uint64(tmp_idx_tree, SPX_TREE_BYTES);
-  idx_tree &= (~(uint64_t)0) >> (64 - SPX_TREE_BITS);
-  uint32_t idx_leaf = (uint32_t)spx_to_uint64(tmp_idx_leaf, SPX_LEAF_BYTES);
-  idx_leaf &= (~(uint32_t)0) >> (32 - SPX_LEAF_BITS);
-  spx_set_tree_addr(addr, idx_tree);
-  spx_set_type(addr, SPX_ADDR_TYPE_FORSTREE);
-  spx_set_keypair_addr(addr, idx_leaf);
-  uint8_t pk_fors[SPX_N];
-  spx_fors_pk_from_sig(pk_fors, sig_fors, fors_digest, pk_seed, addr);
-  return spx_ht_verify(sig_ht, pk_fors, idx_tree, idx_leaf, pk_root, pk_seed);
-}

data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c DELETED Viewed

@@ -1,53 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/base.h>
-#include <assert.h>
-#include "./spx_util.h"
-void spx_uint64_to_len_bytes(uint8_t *output, size_t out_len, uint64_t input) {
-  for (size_t i = out_len; i > 0; --i) {
-    output[i - 1] = input & 0xff;
-    input = input >> 8;
-  }
-}
-uint64_t spx_to_uint64(const uint8_t *input, size_t input_len) {
-  uint64_t tmp = 0;
-  for (size_t i = 0; i < input_len; ++i) {
-    tmp = 256 * tmp + input[i];
-  }
-  return tmp;
-}
-void spx_base_b(uint32_t *output, size_t out_len, const uint8_t *input,
-                unsigned int log2_b) {
-  int in = 0;
-  uint32_t out = 0;
-  uint32_t bits = 0;
-  uint32_t total = 0;
-  uint32_t base = UINT32_C(1) << log2_b;
-  for (out = 0; out < out_len; ++out) {
-    while (bits < log2_b) {
-      total = (total << 8) + input[in];
-      in++;
-      bits = bits + 8;
-    }
-    bits -= log2_b;
-    output[out] = (total >> bits) % base;
-  }
-}

data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h DELETED Viewed

@@ -1,44 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#ifndef OPENSSL_HEADER_CRYPTO_SPX_UTIL_H
-#define OPENSSL_HEADER_CRYPTO_SPX_UTIL_H
-#include <openssl/base.h>
-#if defined(__cplusplus)
-extern "C" {
-#endif
-// Encodes the integer value of input to out_len bytes in big-endian order.
-// Note that input < 2^(8*out_len), as otherwise this function will truncate
-// the least significant bytes of the integer representation.
-void spx_uint64_to_len_bytes(uint8_t *output, size_t out_len, uint64_t input);
-uint64_t spx_to_uint64(const uint8_t *input, size_t input_len);
-// Compute the base 2^log2_b representation of X.
-//
-// As some of the parameter sets in https://eprint.iacr.org/2022/1725.pdf use
-// a FORS height > 16 we use a uint32_t to store the output.
-void spx_base_b(uint32_t *output, size_t out_len, const uint8_t *input,
-                unsigned int log2_b);
-#if defined(__cplusplus)
-}  // extern C
-#endif
-#endif  // OPENSSL_HEADER_CRYPTO_SPX_UTIL_H

data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c DELETED Viewed

@@ -1,136 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/base.h>
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-#include <openssl/sha.h>
-#include "./params.h"
-#include "./spx_util.h"
-#include "./thash.h"
-static void spx_thash(uint8_t *output, const uint8_t *input,
-                      size_t input_blocks, const uint8_t pk_seed[SPX_N],
-                      uint8_t addr[32]) {
-  uint8_t hash[32];
-  SHA256_CTX sha256;
-  SHA256_Init(&sha256);
-  // Process pubseed with padding to full block.
-  // TODO: This could be precomputed instead as it will be the same across all
-  // hash calls.
-  uint8_t padded_pk_seed[64] = {0};
-  memcpy(padded_pk_seed, pk_seed, SPX_N);
-  SHA256_Update(&sha256, padded_pk_seed, sizeof(padded_pk_seed));
-  SHA256_Update(&sha256, addr, SPX_SHA256_ADDR_BYTES);
-  SHA256_Update(&sha256, input, input_blocks * SPX_N);
-  SHA256_Final(hash, &sha256);
-  memcpy(output, hash, SPX_N);
-}
-void spx_thash_f(uint8_t *output, const uint8_t input[SPX_N],
-                 const uint8_t pk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, input, 1, pk_seed, addr);
-}
-void spx_thash_h(uint8_t *output, const uint8_t input[2 * SPX_N],
-                 const uint8_t pk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, input, 2, pk_seed, addr);
-}
-void spx_thash_hmsg(uint8_t *output, const uint8_t r[SPX_N],
-                    const uint8_t pk_seed[SPX_N], const uint8_t pk_root[SPX_N],
-                    const uint8_t *msg, size_t msg_len) {
-  // MGF1-SHA-256(R || PK.seed || SHA-256(R || PK.seed || PK.root || M), m)
-  // input_buffer stores R || PK_SEED || SHA256(..) || 4-byte index
-  uint8_t input_buffer[2 * SPX_N + 32 + 4] = {0};
-  memcpy(input_buffer, r, SPX_N);
-  memcpy(input_buffer + SPX_N, pk_seed, SPX_N);
-  // Inner hash
-  SHA256_CTX ctx;
-  SHA256_Init(&ctx);
-  SHA256_Update(&ctx, r, SPX_N);
-  SHA256_Update(&ctx, pk_seed, SPX_N);
-  SHA256_Update(&ctx, pk_root, SPX_N);
-  SHA256_Update(&ctx, msg, msg_len);
-  // Write directly into the input buffer
-  SHA256_Final(input_buffer + 2 * SPX_N, &ctx);
-  // MGF1-SHA-256
-  uint8_t output_buffer[3 * 32];
-  // Need to call SHA256 3 times for message digest.
-  static_assert(SPX_DIGEST_SIZE <= sizeof(output_buffer),
-                "not enough room for hashes");
-  SHA256(input_buffer, sizeof(input_buffer), output_buffer);
-  input_buffer[2 * SPX_N + 32 + 3] = 1;
-  SHA256(input_buffer, sizeof(input_buffer), output_buffer + 32);
-  input_buffer[2 * SPX_N + 32 + 3] = 2;
-  SHA256(input_buffer, sizeof(input_buffer), output_buffer + 64);
-  memcpy(output, output_buffer, SPX_DIGEST_SIZE);
-}
-void spx_thash_prf(uint8_t *output, const uint8_t pk_seed[SPX_N],
-                   const uint8_t sk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, sk_seed, 1, pk_seed, addr);
-}
-void spx_thash_prfmsg(uint8_t *output, const uint8_t sk_prf[SPX_N],
-                      const uint8_t opt_rand[SPX_N], const uint8_t *msg,
-                      size_t msg_len) {
-  // Compute HMAC-SHA256(sk_prf, opt_rand || msg). We inline HMAC to avoid an
-  // allocation.
-  uint8_t hmac_key[SHA256_CBLOCK] = {0};
-  static_assert(SPX_N <= SHA256_CBLOCK, "HMAC key is larger than block size");
-  memcpy(hmac_key, sk_prf, SPX_N);
-  for (size_t i = 0; i < sizeof(hmac_key); i++) {
-    hmac_key[i] ^= 0x36;
-  }
-  uint8_t hash[SHA256_DIGEST_LENGTH];
-  SHA256_CTX ctx;
-  SHA256_Init(&ctx);
-  SHA256_Update(&ctx, hmac_key, sizeof(hmac_key));
-  SHA256_Update(&ctx, opt_rand, SPX_N);
-  SHA256_Update(&ctx, msg, msg_len);
-  SHA256_Final(hash, &ctx);
-  for (size_t i = 0; i < sizeof(hmac_key); i++) {
-    hmac_key[i] ^= 0x36 ^ 0x5c;
-  }
-  SHA256_Init(&ctx);
-  SHA256_Update(&ctx, hmac_key, sizeof(hmac_key));
-  SHA256_Update(&ctx, hash, sizeof(hash));
-  SHA256_Final(hash, &ctx);
-  // Truncate to SPX_N bytes
-  memcpy(output, hash, SPX_N);
-}
-void spx_thash_tl(uint8_t *output, const uint8_t input[SPX_WOTS_BYTES],
-                  const uint8_t pk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, input, SPX_WOTS_LEN, pk_seed, addr);
-}
-void spx_thash_tk(uint8_t *output, const uint8_t input[SPX_FORS_TREES * SPX_N],
-                  const uint8_t pk_seed[SPX_N], uint8_t addr[32]) {
-  spx_thash(output, input, SPX_FORS_TREES, pk_seed, addr);
-}

data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h DELETED Viewed

@@ -1,70 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#ifndef OPENSSL_HEADER_CRYPTO_SPX_THASH_H
-#define OPENSSL_HEADER_CRYPTO_SPX_THASH_H
-#include <openssl/base.h>
-#include "./params.h"
-#if defined(__cplusplus)
-extern "C" {
-#endif
-// Implements F: a hash function takes an n-byte message as input and produces
-// an n-byte output.
-void spx_thash_f(uint8_t *output, const uint8_t input[SPX_N],
-                 const uint8_t pk_seed[SPX_N], uint8_t addr[32]);
-// Implements H: a hash function takes a 2*n-byte message as input and produces
-// an n-byte output.
-void spx_thash_h(uint8_t *output, const uint8_t input[2 * SPX_N],
-                 const uint8_t pk_seed[SPX_N], uint8_t addr[32]);
-// Implements Hmsg: a hash function used to generate the digest of the message
-// to be signed.
-void spx_thash_hmsg(uint8_t *output, const uint8_t r[SPX_N],
-                    const uint8_t pk_seed[SPX_N], const uint8_t pk_root[SPX_N],
-                    const uint8_t *msg, size_t msg_len);
-// Implements PRF: a pseudo-random function that is used to generate the secret
-// values in WOTS+ and FORS private keys.
-void spx_thash_prf(uint8_t *output, const uint8_t pk_seed[SPX_N],
-                   const uint8_t sk_seed[SPX_N], uint8_t addr[32]);
-// Implements PRF: a pseudo-random function that is used to generate the
-// randomizer r for the randomized hashing of the message to be signed. values
-// in WOTS+ and FORS private keys.
-void spx_thash_prfmsg(uint8_t *output, const uint8_t sk_prf[SPX_N],
-                      const uint8_t opt_rand[SPX_N], const uint8_t *msg,
-                      size_t msg_len);
-// Implements Tl: a hash function that maps an l*n-byte message to an n-byte
-// message.
-void spx_thash_tl(uint8_t *output, const uint8_t input[SPX_WOTS_BYTES],
-                  const uint8_t pk_seed[SPX_N], uint8_t addr[32]);
-// Implements Tk: a hash function that maps a k*n-byte message to an n-byte
-// message.
-void spx_thash_tk(uint8_t *output, const uint8_t input[SPX_FORS_TREES * SPX_N],
-                  const uint8_t pk_seed[SPX_N], uint8_t addr[32]);
-#if defined(__cplusplus)
-}  // extern C
-#endif
-#endif  // OPENSSL_HEADER_CRYPTO_SPX_THASH_H

data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c DELETED Viewed

@@ -1,135 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <openssl/base.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <string.h>
-#include "./address.h"
-#include "./params.h"
-#include "./spx_util.h"
-#include "./thash.h"
-#include "./wots.h"
-// Chaining function used in WOTS+.
-static void chain(uint8_t *output, const uint8_t *input, uint32_t start,
-                  uint32_t steps, const uint8_t *pub_seed, uint8_t addr[32]) {
-  memcpy(output, input, SPX_N);
-  for (size_t i = start; i < (start + steps) && i < SPX_WOTS_W; ++i) {
-    spx_set_hash_addr(addr, i);
-    spx_thash_f(output, output, pub_seed, addr);
-  }
-}
-void spx_wots_pk_from_sig(uint8_t *pk, const uint8_t *sig, const uint8_t *msg,
-                          const uint8_t pub_seed[SPX_N], uint8_t addr[32]) {
-  uint8_t tmp[SPX_WOTS_BYTES];
-  uint8_t wots_pk_addr[32];
-  memcpy(wots_pk_addr, addr, sizeof(wots_pk_addr));
-  // Convert message to base w
-  uint32_t base_w_msg[SPX_WOTS_LEN];
-  spx_base_b(base_w_msg, SPX_WOTS_LEN1, msg, /*log2_b=*/SPX_WOTS_LOG_W);
-  // Compute checksum
-  uint64_t csum = 0;
-  for (size_t i = 0; i < SPX_WOTS_LEN1; ++i) {
-    csum += SPX_WOTS_W - 1 - base_w_msg[i];
-  }
-  // Convert csum to base w as in Algorithm 7, Line 9
-  uint8_t csum_bytes[(SPX_WOTS_LEN2 * SPX_WOTS_LOG_W + 7) / 8];
-  csum = csum << ((8 - ((SPX_WOTS_LEN2 * SPX_WOTS_LOG_W)) % 8) % 8);
-  spx_uint64_to_len_bytes(csum_bytes, sizeof(csum_bytes), csum);
-  // Write the base w representation of csum to the end of the message.
-  spx_base_b(base_w_msg + SPX_WOTS_LEN1, SPX_WOTS_LEN2, csum_bytes,
-             /*log2_b=*/SPX_WOTS_LOG_W);
-  // Compute chains
-  for (size_t i = 0; i < SPX_WOTS_LEN; ++i) {
-    spx_set_chain_addr(addr, i);
-    chain(tmp + i * SPX_N, sig + i * SPX_N, base_w_msg[i],
-          SPX_WOTS_W - 1 - base_w_msg[i], pub_seed, addr);
-  }
-  // Compress pk
-  spx_set_type(wots_pk_addr, SPX_ADDR_TYPE_WOTSPK);
-  spx_copy_keypair_addr(wots_pk_addr, addr);
-  spx_thash_tl(pk, tmp, pub_seed, wots_pk_addr);
-}
-void spx_wots_pk_gen(uint8_t *pk, const uint8_t sk_seed[SPX_N],
-                     const uint8_t pub_seed[SPX_N], uint8_t addr[32]) {
-  uint8_t tmp[SPX_WOTS_BYTES];
-  uint8_t tmp_sk[SPX_N];
-  uint8_t wots_pk_addr[32], sk_addr[32];
-  memcpy(wots_pk_addr, addr, sizeof(wots_pk_addr));
-  memcpy(sk_addr, addr, sizeof(sk_addr));
-  spx_set_type(sk_addr, SPX_ADDR_TYPE_WOTSPRF);
-  spx_copy_keypair_addr(sk_addr, addr);
-  for (size_t i = 0; i < SPX_WOTS_LEN; ++i) {
-    spx_set_chain_addr(sk_addr, i);
-    spx_thash_prf(tmp_sk, pub_seed, sk_seed, sk_addr);
-    spx_set_chain_addr(addr, i);
-    chain(tmp + i * SPX_N, tmp_sk, 0, SPX_WOTS_W - 1, pub_seed, addr);
-  }
-  // Compress pk
-  spx_set_type(wots_pk_addr, SPX_ADDR_TYPE_WOTSPK);
-  spx_copy_keypair_addr(wots_pk_addr, addr);
-  spx_thash_tl(pk, tmp, pub_seed, wots_pk_addr);
-}
-void spx_wots_sign(uint8_t *sig, const uint8_t msg[SPX_N],
-                   const uint8_t sk_seed[SPX_N], const uint8_t pub_seed[SPX_N],
-                   uint8_t addr[32]) {
-  // Convert message to base w
-  uint32_t base_w_msg[SPX_WOTS_LEN];
-  spx_base_b(base_w_msg, SPX_WOTS_LEN1, msg, /*log2_b=*/SPX_WOTS_LOG_W);
-  // Compute checksum
-  uint64_t csum = 0;
-  for (size_t i = 0; i < SPX_WOTS_LEN1; ++i) {
-    csum += SPX_WOTS_W - 1 - base_w_msg[i];
-  }
-  // Convert csum to base w as in Algorithm 6, Line 9
-  uint8_t csum_bytes[(SPX_WOTS_LEN2 * SPX_WOTS_LOG_W + 7) / 8];
-  csum = csum << ((8 - ((SPX_WOTS_LEN2 * SPX_WOTS_LOG_W)) % 8) % 8);
-  spx_uint64_to_len_bytes(csum_bytes, sizeof(csum_bytes), csum);
-  // Write the base w representation of csum to the end of the message.
-  spx_base_b(base_w_msg + SPX_WOTS_LEN1, SPX_WOTS_LEN2, csum_bytes,
-             /*log2_b=*/SPX_WOTS_LOG_W);
-  // Compute chains
-  uint8_t tmp_sk[SPX_N];
-  uint8_t sk_addr[32];
-  memcpy(sk_addr, addr, sizeof(sk_addr));
-  spx_set_type(sk_addr, SPX_ADDR_TYPE_WOTSPRF);
-  spx_copy_keypair_addr(sk_addr, addr);
-  for (size_t i = 0; i < SPX_WOTS_LEN; ++i) {
-    spx_set_chain_addr(sk_addr, i);
-    spx_thash_prf(tmp_sk, pub_seed, sk_seed, sk_addr);
-    spx_set_chain_addr(addr, i);
-    chain(sig + i * SPX_N, tmp_sk, 0, base_w_msg[i], pub_seed, addr);
-  }
-}

data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h DELETED Viewed

@@ -1,45 +0,0 @@
-/* Copyright (c) 2023, Google LLC
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#ifndef OPENSSL_HEADER_CRYPTO_SPX_WOTS_H
-#define OPENSSL_HEADER_CRYPTO_SPX_WOTS_H
-#include <openssl/base.h>
-#include "./params.h"
-#if defined(__cplusplus)
-extern "C" {
-#endif
-// Algorithm 5: Generate a WOTS+ public key.
-void spx_wots_pk_gen(uint8_t *pk, const uint8_t sk_seed[SPX_N],
-                     const uint8_t pub_seed[SPX_N], uint8_t addr[32]);
-// Algorithm 6: Generate a WOTS+ signature on an n-byte message.
-void spx_wots_sign(uint8_t *sig, const uint8_t msg[SPX_N],
-                   const uint8_t sk_seed[SPX_N], const uint8_t pub_seed[SPX_N],
-                   uint8_t addr[32]);
-// Algorithm 7: Compute a WOTS+ public key from a message and its signature.
-void spx_wots_pk_from_sig(uint8_t *pk, const uint8_t *sig, const uint8_t *msg,
-                          const uint8_t pub_seed[SPX_N], uint8_t addr[32]);
-#if defined(__cplusplus)
-}  // extern C
-#endif
-#endif  // OPENSSL_HEADER_CRYPTO_SPX_WOTS_H