aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Gierlings <[email protected]>2018-05-25 21:05:11 +0200
committerMatthias Gierlings <[email protected]>2018-05-25 22:55:06 +0200
commit154b1cb7326f70ad5f9692c004f0711ca0c4e2b1 (patch)
tree3154d61f79a6eb830197227b698dc778e95bcf72
parentaeda0592a42fa52bc5db21cf9064b19c3b4ab1a9 (diff)
Fixes XMSS leaf index bounds sanity check
Prior to this patch the sanity check for XMSS leaf indices was wrongly based on the tree height. As a result only half of the one-time keys could be used. Instead base leaf index sanity check on the number of levels in a tree which equals tree height + 1. (see also: https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12#section-4.1.1)
-rw-r--r--src/lib/pubkey/xmss/xmss_privatekey.cpp3
-rw-r--r--src/lib/pubkey/xmss/xmss_privatekey.h4
-rw-r--r--src/lib/pubkey/xmss/xmss_signature.cpp2
3 files changed, 4 insertions, 5 deletions
diff --git a/src/lib/pubkey/xmss/xmss_privatekey.cpp b/src/lib/pubkey/xmss/xmss_privatekey.cpp
index 37dbd61e3..426ebeb61 100644
--- a/src/lib/pubkey/xmss/xmss_privatekey.cpp
+++ b/src/lib/pubkey/xmss/xmss_privatekey.cpp
@@ -50,8 +50,7 @@ XMSS_PrivateKey::XMSS_PrivateKey(const secure_vector<uint8_t>& raw_key)
unused_leaf = ((unused_leaf << 8) | *i);
}
- if(unused_leaf >= (1ull << (XMSS_PublicKey::m_xmss_params.tree_height() -
- 1)))
+ if(unused_leaf >= (1ull << XMSS_PublicKey::m_xmss_params.tree_height()))
{
throw Integrity_Failure("XMSS private key leaf index out of "
"bounds.");
diff --git a/src/lib/pubkey/xmss/xmss_privatekey.h b/src/lib/pubkey/xmss/xmss_privatekey.h
index 3cd9f75f4..d66933724 100644
--- a/src/lib/pubkey/xmss/xmss_privatekey.h
+++ b/src/lib/pubkey/xmss/xmss_privatekey.h
@@ -113,7 +113,7 @@ class BOTAN_PUBLIC_API(2,0) XMSS_PrivateKey final : public virtual XMSS_PublicKe
**/
void set_unused_leaf_index(size_t idx)
{
- if(idx >= (1ull << (XMSS_PublicKey::m_xmss_params.tree_height() - 1)))
+ if(idx >= (1ull << XMSS_PublicKey::m_xmss_params.tree_height()))
{
throw Integrity_Failure("XMSS private key leaf index out of "
"bounds.");
@@ -138,7 +138,7 @@ class BOTAN_PUBLIC_API(2,0) XMSS_PrivateKey final : public virtual XMSS_PublicKe
{
size_t idx = (static_cast<std::atomic<size_t>&>(
*recover_global_leaf_index())).fetch_add(1);
- if(idx >= (1ull << (XMSS_PublicKey::m_xmss_params.tree_height() - 1)))
+ if(idx >= (1ull << XMSS_PublicKey::m_xmss_params.tree_height()))
{
throw Integrity_Failure("XMSS private key, one time signatures "
"exhausted.");
diff --git a/src/lib/pubkey/xmss/xmss_signature.cpp b/src/lib/pubkey/xmss/xmss_signature.cpp
index 88809cf7b..f2d1ba4f1 100644
--- a/src/lib/pubkey/xmss/xmss_signature.cpp
+++ b/src/lib/pubkey/xmss/xmss_signature.cpp
@@ -25,7 +25,7 @@ XMSS_Signature::XMSS_Signature(XMSS_Parameters::xmss_algorithm_t oid,
for(size_t i = 0; i < 8; i++)
{ m_leaf_idx = ((m_leaf_idx << 8) | raw_sig[i]); }
- if(m_leaf_idx >= (1ull << (xmss_params.tree_height() - 1)))
+ if(m_leaf_idx >= (1ull << xmss_params.tree_height()))
{
throw Integrity_Failure("XMSS signature leaf index out of bounds.");
}