1
0

Change order of SK elements to match RFC

The RFC suggests root||pubseed (in algorithm 10); note that
this choice does not influence interoperability.

Thanks go to Rafael Misoczki for bringing this up.
Dieser Commit ist enthalten in:
Joost Rijneveld 2018-12-17 16:25:08 +01:00
Ursprung bb2d285814
Commit 0d019ddc9f
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: A4FE39CF49CBC553
2 geänderte Dateien mit 33 neuen und 24 gelöschten Zeilen

Datei anzeigen

@ -97,7 +97,7 @@ unsigned long long xmss_xmssmt_core_sk_bytes(const xmss_params *params)
/*
* Generates a XMSS key pair for a given parameter set.
* Format sk: [(32bit) index || SK_SEED || SK_PRF || PUB_SEED || root]
* Format sk: [(32bit) index || SK_SEED || SK_PRF || root || PUB_SEED]
* Format pk: [root || PUB_SEED], omitting algorithm OID.
*/
int xmss_core_keypair(const xmss_params *params,
@ -127,7 +127,7 @@ int xmss_core_sign(const xmss_params *params,
/*
* Generates a XMSSMT key pair for a given parameter set.
* Format sk: [(ceil(h/8) bit) index || SK_SEED || SK_PRF || PUB_SEED || root]
* Format sk: [(ceil(h/8) bit) index || SK_SEED || SK_PRF || root || PUB_SEED]
* Format pk: [root || PUB_SEED] omitting algorithm OID.
*/
int xmssmt_core_keypair(const xmss_params *params,
@ -144,13 +144,16 @@ int xmssmt_core_keypair(const xmss_params *params,
memset(sk, 0, params->index_bytes);
sk += params->index_bytes;
/* Initialize SK_SEED, SK_PRF and PUB_SEED. */
randombytes(sk, 3 * params->n);
memcpy(pk + params->n, sk + 2*params->n, params->n);
/* Initialize SK_SEED and SK_PRF. */
randombytes(sk, 2 * params->n);
/* Initialize PUB_SEED. */
randombytes(sk + 3 * params->n, params->n);
memcpy(pk + params->n, sk + 3*params->n, params->n);
/* Compute root node of the top-most subtree. */
treehash(params, pk, auth_path, sk, pk + params->n, 0, top_tree_addr);
memcpy(sk + 3*params->n, pk, params->n);
memcpy(sk + 2*params->n, pk, params->n);
return 0;
}
@ -166,8 +169,8 @@ int xmssmt_core_sign(const xmss_params *params,
{
const unsigned char *sk_seed = sk + params->index_bytes;
const unsigned char *sk_prf = sk + params->index_bytes + params->n;
const unsigned char *pub_seed = sk + params->index_bytes + 2*params->n;
const unsigned char *pub_root = sk + params->index_bytes + 3*params->n;
const unsigned char *pub_root = sk + params->index_bytes + 2*params->n;
const unsigned char *pub_seed = sk + params->index_bytes + 3*params->n;
unsigned char root[params->n];
unsigned char *mhash = root;

Datei anzeigen

@ -532,7 +532,7 @@ unsigned long long xmss_xmssmt_core_sk_bytes(const xmss_params *params)
/*
* Generates a XMSS key pair for a given parameter set.
* Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root]
* Format sk: [(32bit) idx || SK_SEED || SK_PRF || root || PUB_SEED]
* Format pk: [root || PUB_SEED] omitting algo oid.
*/
int xmss_core_keypair(const xmss_params *params,
@ -555,15 +555,18 @@ int xmss_core_keypair(const xmss_params *params,
sk[1] = 0;
sk[2] = 0;
sk[3] = 0;
// Init SK_SEED (n byte), SK_PRF (n byte), and PUB_SEED (n byte)
randombytes(sk + params->index_bytes, 3*params->n);
// Init SK_SEED (n byte) and SK_PRF (n byte)
randombytes(sk + params->index_bytes, 2*params->n);
// Init PUB_SEED (n byte)
randombytes(sk + params->index_bytes + 3*params->n, params->n);
// Copy PUB_SEED to public key
memcpy(pk + params->n, sk + params->index_bytes + 2*params->n, params->n);
memcpy(pk + params->n, sk + params->index_bytes + 3*params->n, params->n);
// Compute root
treehash_init(params, pk, params->tree_height, 0, &state, sk + params->index_bytes, sk + params->index_bytes + 2*params->n, addr);
// copy root o sk
memcpy(sk + params->index_bytes + 3*params->n, pk, params->n);
treehash_init(params, pk, params->tree_height, 0, &state, sk + params->index_bytes, sk + params->index_bytes + 3*params->n, addr);
// copy root to sk
memcpy(sk + params->index_bytes + 2*params->n, pk, params->n);
/* Write the BDS state into sk. */
xmss_serialize_state(params, sk, &state);
@ -583,7 +586,7 @@ int xmss_core_sign(const xmss_params *params,
unsigned char *sm, unsigned long long *smlen,
const unsigned char *m, unsigned long long mlen)
{
const unsigned char *pub_root = sk + params->index_bytes + 3*params->n;
const unsigned char *pub_root = sk + params->index_bytes + 2*params->n;
uint16_t i = 0;
@ -602,7 +605,7 @@ int xmss_core_sign(const xmss_params *params,
unsigned char sk_prf[params->n];
memcpy(sk_prf, sk + params->index_bytes + params->n, params->n);
unsigned char pub_seed[params->n];
memcpy(pub_seed, sk + params->index_bytes + 2*params->n, params->n);
memcpy(pub_seed, sk + params->index_bytes + 3*params->n, params->n);
// index as 32 bytes string
unsigned char idx_bytes_32[32];
@ -698,7 +701,7 @@ int xmss_core_sign(const xmss_params *params,
/*
* Generates a XMSSMT key pair for a given parameter set.
* Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root]
* Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || root || PUB_SEED]
* Format pk: [root || PUB_SEED] omitting algo oid.
*/
int xmssmt_core_keypair(const xmss_params *params,
@ -727,10 +730,13 @@ int xmssmt_core_keypair(const xmss_params *params,
for (i = 0; i < params->index_bytes; i++) {
sk[i] = 0;
}
// Init SK_SEED (params->n byte), SK_PRF (params->n byte), and PUB_SEED (params->n byte)
randombytes(sk+params->index_bytes, 3*params->n);
// Init SK_SEED (params->n byte) and SK_PRF (params->n byte)
randombytes(sk+params->index_bytes, 2*params->n);
// Init PUB_SEED (params->n byte)
randombytes(sk+params->index_bytes + 3*params->n, params->n);
// Copy PUB_SEED to public key
memcpy(pk+params->n, sk+params->index_bytes+2*params->n, params->n);
memcpy(pk+params->n, sk+params->index_bytes+3*params->n, params->n);
// Start with the bottom-most layer
set_layer_addr(addr, 0);
@ -744,7 +750,7 @@ int xmssmt_core_keypair(const xmss_params *params,
}
// Address now points to the single tree on layer d-1
treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_bytes, pk+params->n, addr);
memcpy(sk + params->index_bytes + 3*params->n, pk, params->n);
memcpy(sk + params->index_bytes + 2*params->n, pk, params->n);
xmssmt_serialize_state(params, sk, states);
@ -763,7 +769,7 @@ int xmssmt_core_sign(const xmss_params *params,
unsigned char *sm, unsigned long long *smlen,
const unsigned char *m, unsigned long long mlen)
{
const unsigned char *pub_root = sk + params->index_bytes + 3*params->n;
const unsigned char *pub_root = sk + params->index_bytes + 2*params->n;
uint64_t idx_tree;
uint32_t idx_leaf;
@ -801,7 +807,7 @@ int xmssmt_core_sign(const xmss_params *params,
memcpy(sk_seed, sk+params->index_bytes, params->n);
memcpy(sk_prf, sk+params->index_bytes+params->n, params->n);
memcpy(pub_seed, sk+params->index_bytes+2*params->n, params->n);
memcpy(pub_seed, sk+params->index_bytes+3*params->n, params->n);
// Update SK
for (i = 0; i < params->index_bytes; i++) {