Merge branch 'master' into ml-dsa

.github/workflows/slh-dsa.yml

@@ -17,6 +17,24 @@ env:
   RUSTFLAGS: "-Dwarnings"
 
 jobs:
+  no_std:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+        rust:
+          - 1.81.0 # MSRV
+          - stable
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      - run: cargo build --target ${{ matrix.target }} --no-default-features
+
   test:
     runs-on: ubuntu-latest
     strategy:

lms/src/lms/private.rs

@@ -176,7 +176,7 @@ impl<'a, Mode: LmsMode> TryFrom<&'a [u8]> for SigningKey<Mode> {
             Ordering::Greater => Err(LmsDeserializeError::TooLong),
             Ordering::Equal => {
                 // pk is now guaranteed to be of the form otstype || q || id || seed
-                let (otstype, qk) = pk.split_at(ID_LEN);
+                let (otstype, qk) = pk.split_at(4);
                 let (q, idseed) = qk.split_at(4);
                 let (id, seed) = idseed.split_at(ID_LEN);
 
@@ -200,10 +200,11 @@ impl<'a, Mode: LmsMode> TryFrom<&'a [u8]> for SigningKey<Mode> {
 
 #[cfg(test)]
 mod tests {
-    use super::SigningKey;
+    use super::{SigningKey, VerifyingKey};
     use crate::lms::modes::{LmsSha256M32H10, LmsSha256M32H5};
     use crate::ots::modes::{LmsOtsSha256N32W4, LmsOtsSha256N32W8};
     use hex_literal::hex;
+    use hybrid_array::Array;
     use signature::{RandomizedSignerMut, SignatureEncoding};
 
     // Known-Answer Test vectors from <https://datatracker.ietf.org/doc/html/rfc8554#appendix-F>
@@ -359,4 +360,43 @@ mod tests {
         assert_eq!(sig.len(), expected_signature.len());
         assert_eq!(sig, expected_signature)
     }
+
+    #[test]
+    fn test_signing_key_to_bytes_and_back() {
+        let seed = hex!("558b8966c48ae9cb898b423c83443aae014a72f1b1ab5cc85cf1d892903b5439");
+        let id = hex!("d08fabd4a2091ff0a8cb4ed834e74534");
+        let expected_k = hex!("32a58885cd9ba0431235466bff9651c6c92124404d45fa53cf161c28f1ad5a8e");
+
+        let lms_priv =
+            SigningKey::<LmsSha256M32H10<LmsOtsSha256N32W4>>::new_from_seed(id, seed).unwrap();
+
+        let lms_priv_bytes: Array<_, _> = lms_priv.into();
+        let lms_priv_bytes: &[u8] = &*lms_priv_bytes;
+        let lms_priv: SigningKey<LmsSha256M32H10<LmsOtsSha256N32W4>> =
+            lms_priv_bytes.try_into().unwrap();
+
+        let lms_pub = lms_priv.public();
+        assert_eq!(lms_pub.k(), expected_k);
+        assert_eq!(lms_pub.id(), &id);
+    }
+
+    #[test]
+    fn test_public_key_to_bytes_and_back() {
+        let seed = hex!("558b8966c48ae9cb898b423c83443aae014a72f1b1ab5cc85cf1d892903b5439");
+        let id = hex!("d08fabd4a2091ff0a8cb4ed834e74534");
+        let expected_k = hex!("32a58885cd9ba0431235466bff9651c6c92124404d45fa53cf161c28f1ad5a8e");
+
+        let lms_priv =
+            SigningKey::<LmsSha256M32H10<LmsOtsSha256N32W4>>::new_from_seed(id, seed).unwrap();
+
+        let lms_pub = lms_priv.public();
+
+        let lms_pub_bytes: Array<_, _> = lms_pub.into();
+        let lms_pub_bytes: &[u8] = &*lms_pub_bytes;
+        let lms_pub: VerifyingKey<LmsSha256M32H10<LmsOtsSha256N32W4>> =
+            lms_pub_bytes.try_into().unwrap();
+
+        assert_eq!(lms_pub.k(), expected_k);
+        assert_eq!(lms_pub.id(), &id);
+    }
 }

slh-dsa/src/util.rs

@@ -49,6 +49,7 @@ pub fn split_digest<P: ForsParams>(digest: &Array<u8, P::M>) -> (&Array<u8, P::M
 
 #[cfg(test)]
 pub mod macros {
+    /// Generate a test case
     #[macro_export]
     macro_rules! gen_test {
         ($name:ident, $t:ty) => {