purecrypto 0.6.19

A pure-Rust cryptography toolkit with no foreign-code dependencies, from constant-time primitives up to keys, X.509 and TLS.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

//! Unified [`key`](crate::key) trait impls for the stateful LMS / HSS keys.
//!
//! Like XMSS, these are *stateful* one-time-key signers, but their `sign`
//! additionally consumes randomness for the per-message LM-OTS randomizer, so
//! [`StatefulSigner::sign`] threads the supplied `rng` through. Each signature
//! consumes a state index that must be persisted before reuse. The private
//! keys implement only [`StatefulSigner`] — they are deliberately **not**
//! [`PrivateKey`](crate::key::PrivateKey)s, since the facade's
//! shared-reference `sign` cannot advance the state. The public keys verify
//! fine through a shared reference and implement [`PublicKey`].

use alloc::vec::Vec;

use crate::key::{Algorithm, Error, PublicKey, SignParams, StatefulSigner};
use crate::rng::CryptoRngCore;

use super::{HssPrivateKey, HssPublicKey, LmsPrivateKey, LmsPublicKey};

// ----------------------------------------------------------------------------
// LMS single-level
// ----------------------------------------------------------------------------

impl StatefulSigner for LmsPrivateKey {
    fn sign(&mut self, msg: &[u8], rng: &mut dyn CryptoRngCore) -> Result<Vec<u8>, Error> {
        let mut rng = rng;
        self.sign(&mut rng, msg).map_err(|_| Error::Signature)
    }

    fn remaining(&self) -> u64 {
        self.remaining()
    }
}

impl PublicKey for LmsPublicKey {
    fn algorithm(&self) -> Algorithm {
        Algorithm::Lms
    }
    fn as_any(&self) -> &dyn core::any::Any {
        self
    }
    fn verify(&self, msg: &[u8], sig: &[u8], params: &SignParams<'_>) -> Result<(), Error> {
        params.reader().finish()?;
        if self.verify(msg, sig) {
            Ok(())
        } else {
            Err(Error::Signature)
        }
    }
}

// ----------------------------------------------------------------------------
// HSS hierarchical LMS
// ----------------------------------------------------------------------------

impl StatefulSigner for HssPrivateKey {
    fn sign(&mut self, msg: &[u8], rng: &mut dyn CryptoRngCore) -> Result<Vec<u8>, Error> {
        let mut rng = rng;
        self.sign(&mut rng, msg).map_err(|_| Error::Signature)
    }

    fn remaining(&self) -> u64 {
        self.remaining()
    }
}

impl PublicKey for HssPublicKey {
    fn algorithm(&self) -> Algorithm {
        Algorithm::Hss
    }
    fn as_any(&self) -> &dyn core::any::Any {
        self
    }
    fn verify(&self, msg: &[u8], sig: &[u8], params: &SignParams<'_>) -> Result<(), Error> {
        params.reader().finish()?;
        if self.verify(msg, sig) {
            Ok(())
        } else {
            Err(Error::Signature)
        }
    }
}