Skip to content

Commit dff009f

Browse files
davidthomaswooddavidthomaswood
authored
lms: fix size of otstype (#875)
`otstype` is converted as a `u32` below, panics if it is `ID_LEN` (16) bytes long. With this change, the `SigningKey` can be correctly converted to bytes and back.
1 parent 85c984b commit dff009f

File tree

1 file changed

+42
-2
lines changed

1 file changed

+42
-2
lines changed

lms/src/lms/private.rs

Lines changed: 42 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -176,7 +176,7 @@ impl<'a, Mode: LmsMode> TryFrom<&'a [u8]> for SigningKey<Mode> {
176176
Ordering::Greater => Err(LmsDeserializeError::TooLong),
177177
Ordering::Equal => {
178178
// pk is now guaranteed to be of the form otstype || q || id || seed
179-
let (otstype, qk) = pk.split_at(ID_LEN);
179+
let (otstype, qk) = pk.split_at(4);
180180
let (q, idseed) = qk.split_at(4);
181181
let (id, seed) = idseed.split_at(ID_LEN);
182182

@@ -200,10 +200,11 @@ impl<'a, Mode: LmsMode> TryFrom<&'a [u8]> for SigningKey<Mode> {
200200

201201
#[cfg(test)]
202202
mod tests {
203-
use super::SigningKey;
203+
use super::{SigningKey, VerifyingKey};
204204
use crate::lms::modes::{LmsSha256M32H10, LmsSha256M32H5};
205205
use crate::ots::modes::{LmsOtsSha256N32W4, LmsOtsSha256N32W8};
206206
use hex_literal::hex;
207+
use hybrid_array::Array;
207208
use signature::{RandomizedSignerMut, SignatureEncoding};
208209

209210
// Known-Answer Test vectors from <https://datatracker.ietf.org/doc/html/rfc8554#appendix-F>
@@ -359,4 +360,43 @@ mod tests {
359360
assert_eq!(sig.len(), expected_signature.len());
360361
assert_eq!(sig, expected_signature)
361362
}
363+
364+
#[test]
365+
fn test_signing_key_to_bytes_and_back() {
366+
let seed = hex!("558b8966c48ae9cb898b423c83443aae014a72f1b1ab5cc85cf1d892903b5439");
367+
let id = hex!("d08fabd4a2091ff0a8cb4ed834e74534");
368+
let expected_k = hex!("32a58885cd9ba0431235466bff9651c6c92124404d45fa53cf161c28f1ad5a8e");
369+
370+
let lms_priv =
371+
SigningKey::<LmsSha256M32H10<LmsOtsSha256N32W4>>::new_from_seed(id, seed).unwrap();
372+
373+
let lms_priv_bytes: Array<_, _> = lms_priv.into();
374+
let lms_priv_bytes: &[u8] = &*lms_priv_bytes;
375+
let lms_priv: SigningKey<LmsSha256M32H10<LmsOtsSha256N32W4>> =
376+
lms_priv_bytes.try_into().unwrap();
377+
378+
let lms_pub = lms_priv.public();
379+
assert_eq!(lms_pub.k(), expected_k);
380+
assert_eq!(lms_pub.id(), &id);
381+
}
382+
383+
#[test]
384+
fn test_public_key_to_bytes_and_back() {
385+
let seed = hex!("558b8966c48ae9cb898b423c83443aae014a72f1b1ab5cc85cf1d892903b5439");
386+
let id = hex!("d08fabd4a2091ff0a8cb4ed834e74534");
387+
let expected_k = hex!("32a58885cd9ba0431235466bff9651c6c92124404d45fa53cf161c28f1ad5a8e");
388+
389+
let lms_priv =
390+
SigningKey::<LmsSha256M32H10<LmsOtsSha256N32W4>>::new_from_seed(id, seed).unwrap();
391+
392+
let lms_pub = lms_priv.public();
393+
394+
let lms_pub_bytes: Array<_, _> = lms_pub.into();
395+
let lms_pub_bytes: &[u8] = &*lms_pub_bytes;
396+
let lms_pub: VerifyingKey<LmsSha256M32H10<LmsOtsSha256N32W4>> =
397+
lms_pub_bytes.try_into().unwrap();
398+
399+
assert_eq!(lms_pub.k(), expected_k);
400+
assert_eq!(lms_pub.id(), &id);
401+
}
362402
}

0 commit comments

Comments
 (0)