slhdsa: clang-format
After renaming from `SLHDSA_128sSHA2` to `SLHDSA_SHA2_128S`, I forgot to
run clang-format. This change is purely the result of doing so.
Change-Id: I133c417170a4350c129bb5391fd5c8ebb408c1bf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71327
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/slhdsa/fors.c b/crypto/slhdsa/fors.c
index eb6ba11..080231f 100644
--- a/crypto/slhdsa/fors.c
+++ b/crypto/slhdsa/fors.c
@@ -24,8 +24,9 @@
#include "./thash.h"
// Compute the base 2^12 representation of `message` (algorithm 4, page 16).
-static void fors_base_b(uint16_t indices[SLHDSA_SHA2_128S_FORS_TREES],
- const uint8_t message[SLHDSA_SHA2_128S_FORS_MSG_BYTES]) {
+static void fors_base_b(
+ uint16_t indices[SLHDSA_SHA2_128S_FORS_TREES],
+ const uint8_t message[SLHDSA_SHA2_128S_FORS_MSG_BYTES]) {
static_assert(SLHDSA_SHA2_128S_FORS_HEIGHT == 12, "");
static_assert((SLHDSA_SHA2_128S_FORS_TREES & 1) == 0, "");
diff --git a/crypto/slhdsa/internal.h b/crypto/slhdsa/internal.h
index d59f48d..339f018 100644
--- a/crypto/slhdsa/internal.h
+++ b/crypto/slhdsa/internal.h
@@ -45,8 +45,8 @@
size_t context_len, const uint8_t *msg, size_t msg_len,
const uint8_t entropy[SLHDSA_SHA2_128S_N]);
-// SLHDSA_SHA2_128S_verify_internal acts like |SLHDSA_SHA2_128S_verify| but takes
-// the input message in three parts so that the "internal" version of the
+// SLHDSA_SHA2_128S_verify_internal acts like |SLHDSA_SHA2_128S_verify| but
+// takes the input message in three parts so that the "internal" version of the
// verification function, from section 9.3, can be implemented. The |header|
// argument may be NULL to omit it.
OPENSSL_EXPORT int SLHDSA_SHA2_128S_verify_internal(
diff --git a/crypto/slhdsa/params.h b/crypto/slhdsa/params.h
index a194351..7e7c5ed 100644
--- a/crypto/slhdsa/params.h
+++ b/crypto/slhdsa/params.h
@@ -35,7 +35,7 @@
// Total number of FORS tree used.
#define SLHDSA_SHA2_128S_FORS_TREES 14
// Size of a FORS signature
-#define SLHDSA_SHA2_128S_FORS_BYTES \
+#define SLHDSA_SHA2_128S_FORS_BYTES \
((SLHDSA_SHA2_128S_FORS_HEIGHT + 1) * SLHDSA_SHA2_128S_FORS_TREES * \
SLHDSA_SHA2_128S_N)
// The number of bytes at the beginning of M', the augmented message, before the
@@ -58,7 +58,7 @@
// Size of the message digest (NOTE: This is only correct for the SHA-256 params
// here)
-#define SLHDSA_SHA2_128S_DIGEST_SIZE \
+#define SLHDSA_SHA2_128S_DIGEST_SIZE \
(((SLHDSA_SHA2_128S_FORS_TREES * SLHDSA_SHA2_128S_FORS_HEIGHT) / 8) + \
(((SLHDSA_SHA2_128S_FULL_HEIGHT - SLHDSA_SHA2_128S_TREE_HEIGHT) / 8) + 1) + \
(SLHDSA_SHA2_128S_TREE_HEIGHT / 8) + 1)
diff --git a/crypto/slhdsa/slhdsa.c b/crypto/slhdsa/slhdsa.c
index c724a86..ca04c3d 100644
--- a/crypto/slhdsa/slhdsa.c
+++ b/crypto/slhdsa/slhdsa.c
@@ -118,8 +118,9 @@
slhdsa_fors_pk_from_sig(pk_fors, out_signature + SLHDSA_SHA2_128S_N,
fors_digest, pk_seed, addr);
- slhdsa_ht_sign(out_signature + SLHDSA_SHA2_128S_N + SLHDSA_SHA2_128S_FORS_BYTES,
- pk_fors, idx_tree, idx_leaf, sk_seed, pk_seed);
+ slhdsa_ht_sign(
+ out_signature + SLHDSA_SHA2_128S_N + SLHDSA_SHA2_128S_FORS_BYTES, pk_fors,
+ idx_tree, idx_leaf, sk_seed, pk_seed);
}
int SLHDSA_SHA2_128S_sign(
@@ -139,7 +140,7 @@
uint8_t entropy[SLHDSA_SHA2_128S_N];
RAND_bytes(entropy, sizeof(entropy));
SLHDSA_SHA2_128S_sign_internal(out_signature, private_key, M_prime_header,
- context, context_len, msg, msg_len, entropy);
+ context, context_len, msg, msg_len, entropy);
return 1;
}
@@ -159,8 +160,8 @@
M_prime_header[1] = (uint8_t)context_len;
return SLHDSA_SHA2_128S_verify_internal(signature, signature_len, public_key,
- M_prime_header, context, context_len,
- msg, msg_len);
+ M_prime_header, context, context_len,
+ msg, msg_len);
}
int SLHDSA_SHA2_128S_verify_internal(
diff --git a/crypto/slhdsa/slhdsa_test.cc b/crypto/slhdsa/slhdsa_test.cc
index 0864bbc..fe70fbd 100644
--- a/crypto/slhdsa/slhdsa_test.cc
+++ b/crypto/slhdsa/slhdsa_test.cc
@@ -65,21 +65,21 @@
uint8_t kContext[256] = {0};
uint8_t signature[SLHDSA_SHA2_128S_SIGNATURE_BYTES];
ASSERT_TRUE(SLHDSA_SHA2_128S_sign(signature, priv, kMessage, sizeof(kMessage),
- nullptr, 0));
+ nullptr, 0));
EXPECT_EQ(SLHDSA_SHA2_128S_verify(signature, sizeof(signature), pub, kMessage,
- sizeof(kMessage), nullptr, 0),
+ sizeof(kMessage), nullptr, 0),
1);
EXPECT_EQ(SLHDSA_SHA2_128S_verify(signature, sizeof(signature), pub, kMessage,
- sizeof(kMessage), kContext, 1),
+ sizeof(kMessage), kContext, 1),
0);
EXPECT_EQ(SLHDSA_SHA2_128S_verify(signature, sizeof(signature), pub, kMessage,
- sizeof(kMessage), kContext, 256),
+ sizeof(kMessage), kContext, 256),
0);
ASSERT_TRUE(SLHDSA_SHA2_128S_sign(signature, priv, kMessage, sizeof(kMessage),
- kContext, 1));
+ kContext, 1));
EXPECT_EQ(SLHDSA_SHA2_128S_verify(signature, sizeof(signature), pub, kMessage,
- sizeof(kMessage), kContext, 1),
+ sizeof(kMessage), kContext, 1),
1);
}
@@ -114,7 +114,7 @@
uint8_t sig[SLHDSA_SHA2_128S_SIGNATURE_BYTES];
SLHDSA_SHA2_128S_sign_internal(sig, priv.data(), nullptr, nullptr, 0,
- msg.data(), msg.size(), entropy.data());
+ msg.data(), msg.size(), entropy.data());
EXPECT_EQ(Bytes(sig), Bytes(expected_sig));
}
@@ -134,8 +134,8 @@
ASSERT_TRUE(t->GetAttribute(&valid, "valid"));
int ok = SLHDSA_SHA2_128S_verify_internal(sig.data(), sig.size(), pub.data(),
- nullptr, nullptr, 0, msg.data(),
- msg.size());
+ nullptr, nullptr, 0, msg.data(),
+ msg.size());
EXPECT_EQ(ok, valid == "true");
}
diff --git a/crypto/slhdsa/thash.c b/crypto/slhdsa/thash.c
index 7715c30..a717de2 100644
--- a/crypto/slhdsa/thash.c
+++ b/crypto/slhdsa/thash.c
@@ -105,7 +105,8 @@
// index
uint8_t input_buffer[2 * SLHDSA_SHA2_128S_N + 32 + 4] = {0};
OPENSSL_memcpy(input_buffer, r, SLHDSA_SHA2_128S_N);
- OPENSSL_memcpy(input_buffer + SLHDSA_SHA2_128S_N, pk_seed, SLHDSA_SHA2_128S_N);
+ OPENSSL_memcpy(input_buffer + SLHDSA_SHA2_128S_N, pk_seed,
+ SLHDSA_SHA2_128S_N);
// Inner hash
SHA256_CTX sha_ctx;
diff --git a/crypto/slhdsa/thash.h b/crypto/slhdsa/thash.h
index 03c99c9..19d9cd3 100644
--- a/crypto/slhdsa/thash.h
+++ b/crypto/slhdsa/thash.h
@@ -60,13 +60,15 @@
// produces an n-byte output. (Section 4.1, page 11)
void slhdsa_thash_h(uint8_t output[SLHDSA_SHA2_128S_N],
const uint8_t input[2 * SLHDSA_SHA2_128S_N],
- const uint8_t pk_seed[SLHDSA_SHA2_128S_N], uint8_t addr[32]);
+ const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
+ uint8_t addr[32]);
// Implements F: a hash function that takes an n-byte message as input and
// produces an n-byte output. (Section 4.1, page 11)
void slhdsa_thash_f(uint8_t output[SLHDSA_SHA2_128S_N],
const uint8_t input[SLHDSA_SHA2_128S_N],
- const uint8_t pk_seed[SLHDSA_SHA2_128S_N], uint8_t addr[32]);
+ const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
+ uint8_t addr[32]);
// Implements T_k: a hash function that maps a k*n-byte message to an n-byte
// message. Used for FORS public key compression. (Section 4.1, page 11)
diff --git a/include/openssl/slhdsa.h b/include/openssl/slhdsa.h
index 85edf50..2f807b3 100644
--- a/include/openssl/slhdsa.h
+++ b/include/openssl/slhdsa.h
@@ -50,9 +50,9 @@
// using |private_key| and writes it to |out_signature|. The |context| argument
// is also signed over and can be used to include implicit contextual
// information that isn't included in |msg|. The same value of |context| must be
-// presented to |SLHDSA_SHA2_128S_verify| in order for the generated signature to
-// be considered valid. |context| and |context_len| may be |NULL| and 0 to use
-// an empty context (this is common). It returns 1 on success and 0 if
+// presented to |SLHDSA_SHA2_128S_verify| in order for the generated signature
+// to be considered valid. |context| and |context_len| may be |NULL| and 0 to
+// use an empty context (this is common). It returns 1 on success and 0 if
// |context_len| is larger than 255.
OPENSSL_EXPORT int SLHDSA_SHA2_128S_sign(
uint8_t out_signature[SLHDSA_SHA2_128S_SIGNATURE_BYTES],
@@ -60,10 +60,11 @@
const uint8_t *msg, size_t msg_len, const uint8_t *context,
size_t context_len);
-// SLHDSA_SHA2_128S_verify verifies that |signature| is a valid SLH-DSA-SHA2-128s
-// signature of |msg| by |public_key|. The value of |context| must equal the
-// value that was passed to |SLHDSA_SHA2_128S_sign| when the signature was
-// generated. It returns 1 if the signature is valid and 0 otherwise.
+// SLHDSA_SHA2_128S_verify verifies that |signature| is a valid
+// SLH-DSA-SHA2-128s signature of |msg| by |public_key|. The value of |context|
+// must equal the value that was passed to |SLHDSA_SHA2_128S_sign| when the
+// signature was generated. It returns 1 if the signature is valid and 0
+// otherwise.
OPENSSL_EXPORT int SLHDSA_SHA2_128S_verify(
const uint8_t *signature, size_t signature_len,
const uint8_t public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],