Lines Matching full:state
52 /* opaque internal XMSS state */
53 #define XMSS_MAGIC "xmss-state-v1"
69 u_int32_t idx; /* state read from file */
71 int have_state; /* .state file exists */
74 char *enc_ciphername;/* encrypt state with cipher */
75 u_char *enc_keyiv; /* encrypt state with key */
97 struct ssh_xmss_state *state; in sshkey_xmss_init() local
103 state = calloc(sizeof(struct ssh_xmss_state), 1); in sshkey_xmss_init()
104 if (state == NULL) in sshkey_xmss_init()
107 state->n = 32; in sshkey_xmss_init()
108 state->w = 16; in sshkey_xmss_init()
109 state->h = 10; in sshkey_xmss_init()
111 state->n = 32; in sshkey_xmss_init()
112 state->w = 16; in sshkey_xmss_init()
113 state->h = 16; in sshkey_xmss_init()
115 state->n = 32; in sshkey_xmss_init()
116 state->w = 16; in sshkey_xmss_init()
117 state->h = 20; in sshkey_xmss_init()
119 free(state); in sshkey_xmss_init()
123 free(state); in sshkey_xmss_init()
126 state->k = 2; /* XXX hardcoded */ in sshkey_xmss_init()
127 state->lockfd = -1; in sshkey_xmss_init()
128 if (xmss_set_params(&state->params, state->n, state->h, state->w, in sshkey_xmss_init()
129 state->k) != 0) { in sshkey_xmss_init()
130 free(state); in sshkey_xmss_init()
133 key->xmss_state = state; in sshkey_xmss_init()
140 struct ssh_xmss_state *state = key->xmss_state; in sshkey_xmss_free_state() local
143 if (state) { in sshkey_xmss_free_state()
144 if (state->enc_keyiv) { in sshkey_xmss_free_state()
145 explicit_bzero(state->enc_keyiv, state->enc_keyiv_len); in sshkey_xmss_free_state()
146 free(state->enc_keyiv); in sshkey_xmss_free_state()
148 free(state->enc_ciphername); in sshkey_xmss_free_state()
149 free(state); in sshkey_xmss_free_state()
166 struct ssh_xmss_state *state = key->xmss_state; in sshkey_xmss_init_bds_state() local
169 state->stackoffset = 0; in sshkey_xmss_init_bds_state()
170 if ((state->stack = calloc(num_stack(state), 1)) == NULL || in sshkey_xmss_init_bds_state()
171 (state->stacklevels = calloc(num_stacklevels(state), 1))== NULL || in sshkey_xmss_init_bds_state()
172 (state->auth = calloc(num_auth(state), 1)) == NULL || in sshkey_xmss_init_bds_state()
173 (state->keep = calloc(num_keep(state), 1)) == NULL || in sshkey_xmss_init_bds_state()
174 (state->th_nodes = calloc(num_th_nodes(state), 1)) == NULL || in sshkey_xmss_init_bds_state()
175 (state->retain = calloc(num_retain(state), 1)) == NULL || in sshkey_xmss_init_bds_state()
176 (state->treehash = calloc(num_treehash(state), in sshkey_xmss_init_bds_state()
181 for (i = 0; i < state->h - state->k; i++) in sshkey_xmss_init_bds_state()
182 state->treehash[i].node = &state->th_nodes[state->n*i]; in sshkey_xmss_init_bds_state()
183 xmss_set_bds_state(&state->bds, state->stack, state->stackoffset, in sshkey_xmss_init_bds_state()
184 state->stacklevels, state->auth, state->keep, state->treehash, in sshkey_xmss_init_bds_state()
185 state->retain, 0); in sshkey_xmss_init_bds_state()
192 struct ssh_xmss_state *state = key->xmss_state; in sshkey_xmss_free_bds() local
194 if (state == NULL) in sshkey_xmss_free_bds()
196 free(state->stack); in sshkey_xmss_free_bds()
197 free(state->stacklevels); in sshkey_xmss_free_bds()
198 free(state->auth); in sshkey_xmss_free_bds()
199 free(state->keep); in sshkey_xmss_free_bds()
200 free(state->th_nodes); in sshkey_xmss_free_bds()
201 free(state->retain); in sshkey_xmss_free_bds()
202 free(state->treehash); in sshkey_xmss_free_bds()
203 state->stack = NULL; in sshkey_xmss_free_bds()
204 state->stacklevels = NULL; in sshkey_xmss_free_bds()
205 state->auth = NULL; in sshkey_xmss_free_bds()
206 state->keep = NULL; in sshkey_xmss_free_bds()
207 state->th_nodes = NULL; in sshkey_xmss_free_bds()
208 state->retain = NULL; in sshkey_xmss_free_bds()
209 state->treehash = NULL; in sshkey_xmss_free_bds()
215 struct ssh_xmss_state *state = key->xmss_state; in sshkey_xmss_params() local
217 if (state == NULL) in sshkey_xmss_params()
219 return &state->params; in sshkey_xmss_params()
225 struct ssh_xmss_state *state = key->xmss_state; in sshkey_xmss_bds_state() local
227 if (state == NULL) in sshkey_xmss_bds_state()
229 return &state->bds; in sshkey_xmss_bds_state()
235 struct ssh_xmss_state *state = key->xmss_state; in sshkey_xmss_siglen() local
239 if (state == NULL) in sshkey_xmss_siglen()
241 *lenp = 4 + state->n + in sshkey_xmss_siglen()
242 state->params.wots_par.keysize + in sshkey_xmss_siglen()
243 state->h * state->n; in sshkey_xmss_siglen()
250 struct ssh_xmss_state *state = key->xmss_state; in sshkey_xmss_pklen() local
252 if (state == NULL) in sshkey_xmss_pklen()
254 return state->n * 2; in sshkey_xmss_pklen()
260 struct ssh_xmss_state *state = key->xmss_state; in sshkey_xmss_sklen() local
262 if (state == NULL) in sshkey_xmss_sklen()
264 return state->n * 4 + 4; in sshkey_xmss_sklen()
270 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_init_enc_key() local
274 if (state == NULL) in sshkey_xmss_init_enc_key()
278 if ((state->enc_ciphername = strdup(ciphername)) == NULL) in sshkey_xmss_init_enc_key()
282 state->enc_keyiv_len = keylen + ivlen; in sshkey_xmss_init_enc_key()
283 if ((state->enc_keyiv = calloc(state->enc_keyiv_len, 1)) == NULL) { in sshkey_xmss_init_enc_key()
284 free(state->enc_ciphername); in sshkey_xmss_init_enc_key()
285 state->enc_ciphername = NULL; in sshkey_xmss_init_enc_key()
288 arc4random_buf(state->enc_keyiv, state->enc_keyiv_len); in sshkey_xmss_init_enc_key()
295 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_serialize_enc_key() local
298 if (state == NULL || state->enc_keyiv == NULL || in sshkey_xmss_serialize_enc_key()
299 state->enc_ciphername == NULL) in sshkey_xmss_serialize_enc_key()
301 if ((r = sshbuf_put_cstring(b, state->enc_ciphername)) != 0 || in sshkey_xmss_serialize_enc_key()
302 (r = sshbuf_put_string(b, state->enc_keyiv, in sshkey_xmss_serialize_enc_key()
303 state->enc_keyiv_len)) != 0) in sshkey_xmss_serialize_enc_key()
311 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_deserialize_enc_key() local
315 if (state == NULL) in sshkey_xmss_deserialize_enc_key()
317 if ((r = sshbuf_get_cstring(b, &state->enc_ciphername, NULL)) != 0 || in sshkey_xmss_deserialize_enc_key()
318 (r = sshbuf_get_string(b, &state->enc_keyiv, &len)) != 0) in sshkey_xmss_deserialize_enc_key()
320 state->enc_keyiv_len = len; in sshkey_xmss_deserialize_enc_key()
328 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_serialize_pk_info() local
333 if (state == NULL) in sshkey_xmss_serialize_pk_info()
337 idx = k->xmss_sk ? PEEK_U32(k->xmss_sk) : state->idx; in sshkey_xmss_serialize_pk_info()
340 (r = sshbuf_put_u32(b, state->maxidx)) != 0) in sshkey_xmss_serialize_pk_info()
348 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_deserialize_pk_info() local
352 if (state == NULL) in sshkey_xmss_deserialize_pk_info()
361 if ((r = sshbuf_get_u32(b, &state->idx)) != 0 || in sshkey_xmss_deserialize_pk_info()
362 (r = sshbuf_get_u32(b, &state->maxidx)) != 0) in sshkey_xmss_deserialize_pk_info()
408 PRINT("corrupt state file: %s", filename); in sshkey_xmss_get_state_from_file()
447 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_get_state() local
454 if (state == NULL) in sshkey_xmss_get_state()
459 * Otherwise we need to deal with the on-disk state. in sshkey_xmss_get_state()
461 if (state->maxidx) { in sshkey_xmss_get_state()
462 /* xmss_sk always contains the current state */ in sshkey_xmss_get_state()
464 if (idx < state->maxidx) { in sshkey_xmss_get_state()
465 state->allow_update = 1; in sshkey_xmss_get_state()
473 asprintf(&statefile, "%s.state", filename) == -1 || in sshkey_xmss_get_state()
501 state->allow_update = 1; in sshkey_xmss_get_state()
503 state->idx = PEEK_U32(k->xmss_sk); in sshkey_xmss_get_state()
504 state->allow_update = 0; in sshkey_xmss_get_state()
508 /* check that bds state is initialized */ in sshkey_xmss_get_state()
509 if (state->bds.auth == NULL) in sshkey_xmss_get_state()
511 PRINT("start from scratch idx 0: %u", state->idx); in sshkey_xmss_get_state()
516 if (state->idx + 1 < state->idx) { in sshkey_xmss_get_state()
517 PRINT("state wrap: %u", state->idx); in sshkey_xmss_get_state()
520 state->have_state = have_state; in sshkey_xmss_get_state()
521 state->lockfd = lockfd; in sshkey_xmss_get_state()
522 state->allow_update = 1; in sshkey_xmss_get_state()
537 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_forward_state() local
544 if (state == NULL || !state->allow_update) in sshkey_xmss_forward_state()
548 if (state->idx + reserve <= state->idx) in sshkey_xmss_forward_state()
555 state->idx = PEEK_U32(k->xmss_sk); in sshkey_xmss_forward_state()
570 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_update_state() local
579 if (state == NULL || !state->allow_update) in sshkey_xmss_update_state()
581 if (state->maxidx) { in sshkey_xmss_update_state()
587 if (idx == state->idx) { in sshkey_xmss_update_state()
591 } else if (idx != state->idx + 1) { in sshkey_xmss_update_state()
592 PRINT("more than one signature happened: idx %u state %u", in sshkey_xmss_update_state()
593 idx, state->idx); in sshkey_xmss_update_state()
596 state->idx = idx; in sshkey_xmss_update_state()
599 if (asprintf(&statefile, "%s.state", filename) == -1 || in sshkey_xmss_update_state()
620 PRINT("open new state file: %s", nstatefile); in sshkey_xmss_update_state()
626 PRINT("write new state file hdr: %s", nstatefile); in sshkey_xmss_update_state()
633 PRINT("write new state file data: %s", nstatefile); in sshkey_xmss_update_state()
639 PRINT("sync new state file: %s", nstatefile); in sshkey_xmss_update_state()
645 PRINT("close new state file: %s", nstatefile); in sshkey_xmss_update_state()
648 if (state->have_state) { in sshkey_xmss_update_state()
652 PRINT("backup state %s to %s", statefile, ostatefile); in sshkey_xmss_update_state()
663 if (state->lockfd != -1) { in sshkey_xmss_update_state()
664 close(state->lockfd); in sshkey_xmss_update_state()
665 state->lockfd = -1; in sshkey_xmss_update_state()
680 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_serialize_state() local
685 if (state == NULL) in sshkey_xmss_serialize_state()
687 if (state->stack == NULL) in sshkey_xmss_serialize_state()
689 state->stackoffset = state->bds.stackoffset; /* copy back */ in sshkey_xmss_serialize_state()
691 (r = sshbuf_put_u32(b, state->idx)) != 0 || in sshkey_xmss_serialize_state()
692 (r = sshbuf_put_string(b, state->stack, num_stack(state))) != 0 || in sshkey_xmss_serialize_state()
693 (r = sshbuf_put_u32(b, state->stackoffset)) != 0 || in sshkey_xmss_serialize_state()
694 (r = sshbuf_put_string(b, state->stacklevels, num_stacklevels(state))) != 0 || in sshkey_xmss_serialize_state()
695 (r = sshbuf_put_string(b, state->auth, num_auth(state))) != 0 || in sshkey_xmss_serialize_state()
696 (r = sshbuf_put_string(b, state->keep, num_keep(state))) != 0 || in sshkey_xmss_serialize_state()
697 (r = sshbuf_put_string(b, state->th_nodes, num_th_nodes(state))) != 0 || in sshkey_xmss_serialize_state()
698 (r = sshbuf_put_string(b, state->retain, num_retain(state))) != 0 || in sshkey_xmss_serialize_state()
699 (r = sshbuf_put_u32(b, num_treehash(state))) != 0) in sshkey_xmss_serialize_state()
701 for (i = 0; i < num_treehash(state); i++) { in sshkey_xmss_serialize_state()
702 th = &state->treehash[i]; in sshkey_xmss_serialize_state()
703 node = th->node - state->th_nodes; in sshkey_xmss_serialize_state()
718 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_serialize_state_opt() local
722 if (state == NULL) in sshkey_xmss_serialize_state_opt()
737 have_stack = state->stack != NULL; in sshkey_xmss_serialize_state_opt()
741 state->idx = PEEK_U32(k->xmss_sk); /* update */ in sshkey_xmss_serialize_state_opt()
751 have_enc = state->enc_keyiv != NULL; in sshkey_xmss_serialize_state_opt()
757 if ((r = sshbuf_put_u32(b, state->maxidx)) != 0 || in sshkey_xmss_serialize_state_opt()
758 (r = sshbuf_put_u8(b, state->allow_update)) != 0) in sshkey_xmss_serialize_state_opt()
774 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_deserialize_state() local
781 if (state == NULL) in sshkey_xmss_deserialize_state()
785 if ((state->treehash = calloc(num_treehash(state), in sshkey_xmss_deserialize_state()
789 (r = sshbuf_get_u32(b, &state->idx)) != 0 || in sshkey_xmss_deserialize_state()
790 (r = sshbuf_get_string(b, &state->stack, &ls)) != 0 || in sshkey_xmss_deserialize_state()
791 (r = sshbuf_get_u32(b, &state->stackoffset)) != 0 || in sshkey_xmss_deserialize_state()
792 (r = sshbuf_get_string(b, &state->stacklevels, &lsl)) != 0 || in sshkey_xmss_deserialize_state()
793 (r = sshbuf_get_string(b, &state->auth, &la)) != 0 || in sshkey_xmss_deserialize_state()
794 (r = sshbuf_get_string(b, &state->keep, &lk)) != 0 || in sshkey_xmss_deserialize_state()
795 (r = sshbuf_get_string(b, &state->th_nodes, &ln)) != 0 || in sshkey_xmss_deserialize_state()
796 (r = sshbuf_get_string(b, &state->retain, &lr)) != 0 || in sshkey_xmss_deserialize_state()
804 if (ls != num_stack(state) || in sshkey_xmss_deserialize_state()
805 lsl != num_stacklevels(state) || in sshkey_xmss_deserialize_state()
806 la != num_auth(state) || in sshkey_xmss_deserialize_state()
807 lk != num_keep(state) || in sshkey_xmss_deserialize_state()
808 ln != num_th_nodes(state) || in sshkey_xmss_deserialize_state()
809 lr != num_retain(state) || in sshkey_xmss_deserialize_state()
810 lh != num_treehash(state)) { in sshkey_xmss_deserialize_state()
814 for (i = 0; i < num_treehash(state); i++) { in sshkey_xmss_deserialize_state()
815 th = &state->treehash[i]; in sshkey_xmss_deserialize_state()
822 if (node < num_th_nodes(state)) in sshkey_xmss_deserialize_state()
823 th->node = &state->th_nodes[node]; in sshkey_xmss_deserialize_state()
825 POKE_U32(k->xmss_sk, state->idx); in sshkey_xmss_deserialize_state()
826 xmss_set_bds_state(&state->bds, state->stack, state->stackoffset, in sshkey_xmss_deserialize_state()
827 state->stacklevels, state->auth, state->keep, state->treehash, in sshkey_xmss_deserialize_state()
828 state->retain, 0); in sshkey_xmss_deserialize_state()
839 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_deserialize_state_opt() local
868 if ((r = sshbuf_get_u32(b, &state->maxidx)) != 0 || in sshkey_xmss_deserialize_state_opt()
869 (r = sshbuf_get_u8(b, &state->allow_update)) != 0) in sshkey_xmss_deserialize_state_opt()
892 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_encrypt_state() local
902 if (state == NULL || in sshkey_xmss_encrypt_state()
903 state->enc_keyiv == NULL || in sshkey_xmss_encrypt_state()
904 state->enc_ciphername == NULL) in sshkey_xmss_encrypt_state()
906 if ((cipher = cipher_by_name(state->enc_ciphername)) == NULL) { in sshkey_xmss_encrypt_state()
914 if (state->enc_keyiv_len != keylen + ivlen) { in sshkey_xmss_encrypt_state()
918 key = state->enc_keyiv; in sshkey_xmss_encrypt_state()
929 POKE_U32(iv, state->idx); in sshkey_xmss_encrypt_state()
932 (r = sshbuf_put_u32(encoded, state->idx)) != 0) in sshkey_xmss_encrypt_state()
935 /* padded state will be encrypted */ in sshkey_xmss_encrypt_state()
945 /* header including the length of state is used as AAD */ in sshkey_xmss_encrypt_state()
950 /* concat header and state */ in sshkey_xmss_encrypt_state()
983 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_decrypt_state() local
994 if (state == NULL || in sshkey_xmss_decrypt_state()
995 state->enc_keyiv == NULL || in sshkey_xmss_decrypt_state()
996 state->enc_ciphername == NULL) in sshkey_xmss_decrypt_state()
998 if ((cipher = cipher_by_name(state->enc_ciphername)) == NULL) { in sshkey_xmss_decrypt_state()
1006 if (state->enc_keyiv_len != keylen + ivlen) { in sshkey_xmss_decrypt_state()
1010 key = state->enc_keyiv; in sshkey_xmss_decrypt_state()
1049 /* decrypt private state of key */ in sshkey_xmss_decrypt_state()
1087 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_signatures_left() local
1090 if (sshkey_type_plain(k->type) == KEY_XMSS && state && in sshkey_xmss_signatures_left()
1091 state->maxidx) { in sshkey_xmss_signatures_left()
1092 idx = k->xmss_sk ? PEEK_U32(k->xmss_sk) : state->idx; in sshkey_xmss_signatures_left()
1093 if (idx < state->maxidx) in sshkey_xmss_signatures_left()
1094 return state->maxidx - idx; in sshkey_xmss_signatures_left()
1102 struct ssh_xmss_state *state = k->xmss_state; in sshkey_xmss_enable_maxsign() local
1108 if (state->idx + maxsign < state->idx) in sshkey_xmss_enable_maxsign()
1110 state->maxidx = state->idx + maxsign; in sshkey_xmss_enable_maxsign()