Bladeren bron
Change order of SK elements to match RFC
The RFC suggests root||pubseed (in algorithm 10); note that this choice does not influence interoperability. Thanks go to Rafael Misoczki for bringing this up.master
Joost Rijneveld
6 jaren geleden
Geen bekende sleutel gevonden voor deze handtekening in de database
GPG sleutel-ID: A4FE39CF49CBC553
2 gewijzigde bestanden met toevoegingen van 33 en 24 verwijderingen
-
+11 -8xmss_core.c
-
+22 -16xmss_core_fast.c
+ 11
- 8
xmss_core.c
Bestand weergeven
| @@ -97,7 +97,7 @@ unsigned long long xmss_xmssmt_core_sk_bytes(const xmss_params *params) | |||
| /* | |||
| * Generates a XMSS key pair for a given parameter set. | |||
| * Format sk: [(32bit) index || SK_SEED || SK_PRF || PUB_SEED || root] | |||
| * Format sk: [(32bit) index || SK_SEED || SK_PRF || root || PUB_SEED] | |||
| * Format pk: [root || PUB_SEED], omitting algorithm OID. | |||
| */ | |||
| int xmss_core_keypair(const xmss_params *params, | |||
| @@ -127,7 +127,7 @@ int xmss_core_sign(const xmss_params *params, | |||
| /* | |||
| * Generates a XMSSMT key pair for a given parameter set. | |||
| * Format sk: [(ceil(h/8) bit) index || SK_SEED || SK_PRF || PUB_SEED || root] | |||
| * Format sk: [(ceil(h/8) bit) index || SK_SEED || SK_PRF || root || PUB_SEED] | |||
| * Format pk: [root || PUB_SEED] omitting algorithm OID. | |||
| */ | |||
| int xmssmt_core_keypair(const xmss_params *params, | |||
| @@ -144,13 +144,16 @@ int xmssmt_core_keypair(const xmss_params *params, | |||
| memset(sk, 0, params->index_bytes); | |||
| sk += params->index_bytes; | |||
| /* Initialize SK_SEED, SK_PRF and PUB_SEED. */ | |||
| randombytes(sk, 3 * params->n); | |||
| memcpy(pk + params->n, sk + 2*params->n, params->n); | |||
| /* Initialize SK_SEED and SK_PRF. */ | |||
| randombytes(sk, 2 * params->n); | |||
| /* Initialize PUB_SEED. */ | |||
| randombytes(sk + 3 * params->n, params->n); | |||
| memcpy(pk + params->n, sk + 3*params->n, params->n); | |||
| /* Compute root node of the top-most subtree. */ | |||
| treehash(params, pk, auth_path, sk, pk + params->n, 0, top_tree_addr); | |||
| memcpy(sk + 3*params->n, pk, params->n); | |||
| memcpy(sk + 2*params->n, pk, params->n); | |||
| return 0; | |||
| } | |||
| @@ -166,8 +169,8 @@ int xmssmt_core_sign(const xmss_params *params, | |||
| { | |||
| const unsigned char *sk_seed = sk + params->index_bytes; | |||
| const unsigned char *sk_prf = sk + params->index_bytes + params->n; | |||
| const unsigned char *pub_seed = sk + params->index_bytes + 2*params->n; | |||
| const unsigned char *pub_root = sk + params->index_bytes + 3*params->n; | |||
| const unsigned char *pub_root = sk + params->index_bytes + 2*params->n; | |||
| const unsigned char *pub_seed = sk + params->index_bytes + 3*params->n; | |||
| unsigned char root[params->n]; | |||
| unsigned char *mhash = root; | |||
+ 22
- 16
xmss_core_fast.c
Bestand weergeven
| @@ -532,7 +532,7 @@ unsigned long long xmss_xmssmt_core_sk_bytes(const xmss_params *params) | |||
| /* | |||
| * Generates a XMSS key pair for a given parameter set. | |||
| * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] | |||
| * Format sk: [(32bit) idx || SK_SEED || SK_PRF || root || PUB_SEED] | |||
| * Format pk: [root || PUB_SEED] omitting algo oid. | |||
| */ | |||
| int xmss_core_keypair(const xmss_params *params, | |||
| @@ -555,15 +555,18 @@ int xmss_core_keypair(const xmss_params *params, | |||
| sk[1] = 0; | |||
| sk[2] = 0; | |||
| sk[3] = 0; | |||
| // Init SK_SEED (n byte), SK_PRF (n byte), and PUB_SEED (n byte) | |||
| randombytes(sk + params->index_bytes, 3*params->n); | |||
| // Init SK_SEED (n byte) and SK_PRF (n byte) | |||
| randombytes(sk + params->index_bytes, 2*params->n); | |||
| // Init PUB_SEED (n byte) | |||
| randombytes(sk + params->index_bytes + 3*params->n, params->n); | |||
| // Copy PUB_SEED to public key | |||
| memcpy(pk + params->n, sk + params->index_bytes + 2*params->n, params->n); | |||
| memcpy(pk + params->n, sk + params->index_bytes + 3*params->n, params->n); | |||
| // Compute root | |||
| treehash_init(params, pk, params->tree_height, 0, &state, sk + params->index_bytes, sk + params->index_bytes + 2*params->n, addr); | |||
| // copy root o sk | |||
| memcpy(sk + params->index_bytes + 3*params->n, pk, params->n); | |||
| treehash_init(params, pk, params->tree_height, 0, &state, sk + params->index_bytes, sk + params->index_bytes + 3*params->n, addr); | |||
| // copy root to sk | |||
| memcpy(sk + params->index_bytes + 2*params->n, pk, params->n); | |||
| /* Write the BDS state into sk. */ | |||
| xmss_serialize_state(params, sk, &state); | |||
| @@ -583,7 +586,7 @@ int xmss_core_sign(const xmss_params *params, | |||
| unsigned char *sm, unsigned long long *smlen, | |||
| const unsigned char *m, unsigned long long mlen) | |||
| { | |||
| const unsigned char *pub_root = sk + params->index_bytes + 3*params->n; | |||
| const unsigned char *pub_root = sk + params->index_bytes + 2*params->n; | |||
| uint16_t i = 0; | |||
| @@ -602,7 +605,7 @@ int xmss_core_sign(const xmss_params *params, | |||
| unsigned char sk_prf[params->n]; | |||
| memcpy(sk_prf, sk + params->index_bytes + params->n, params->n); | |||
| unsigned char pub_seed[params->n]; | |||
| memcpy(pub_seed, sk + params->index_bytes + 2*params->n, params->n); | |||
| memcpy(pub_seed, sk + params->index_bytes + 3*params->n, params->n); | |||
| // index as 32 bytes string | |||
| unsigned char idx_bytes_32[32]; | |||
| @@ -698,7 +701,7 @@ int xmss_core_sign(const xmss_params *params, | |||
| /* | |||
| * Generates a XMSSMT key pair for a given parameter set. | |||
| * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] | |||
| * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || root || PUB_SEED] | |||
| * Format pk: [root || PUB_SEED] omitting algo oid. | |||
| */ | |||
| int xmssmt_core_keypair(const xmss_params *params, | |||
| @@ -727,10 +730,13 @@ int xmssmt_core_keypair(const xmss_params *params, | |||
| for (i = 0; i < params->index_bytes; i++) { | |||
| sk[i] = 0; | |||
| } | |||
| // Init SK_SEED (params->n byte), SK_PRF (params->n byte), and PUB_SEED (params->n byte) | |||
| randombytes(sk+params->index_bytes, 3*params->n); | |||
| // Init SK_SEED (params->n byte) and SK_PRF (params->n byte) | |||
| randombytes(sk+params->index_bytes, 2*params->n); | |||
| // Init PUB_SEED (params->n byte) | |||
| randombytes(sk+params->index_bytes + 3*params->n, params->n); | |||
| // Copy PUB_SEED to public key | |||
| memcpy(pk+params->n, sk+params->index_bytes+2*params->n, params->n); | |||
| memcpy(pk+params->n, sk+params->index_bytes+3*params->n, params->n); | |||
| // Start with the bottom-most layer | |||
| set_layer_addr(addr, 0); | |||
| @@ -744,7 +750,7 @@ int xmssmt_core_keypair(const xmss_params *params, | |||
| } | |||
| // Address now points to the single tree on layer d-1 | |||
| treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_bytes, pk+params->n, addr); | |||
| memcpy(sk + params->index_bytes + 3*params->n, pk, params->n); | |||
| memcpy(sk + params->index_bytes + 2*params->n, pk, params->n); | |||
| xmssmt_serialize_state(params, sk, states); | |||
| @@ -763,7 +769,7 @@ int xmssmt_core_sign(const xmss_params *params, | |||
| unsigned char *sm, unsigned long long *smlen, | |||
| const unsigned char *m, unsigned long long mlen) | |||
| { | |||
| const unsigned char *pub_root = sk + params->index_bytes + 3*params->n; | |||
| const unsigned char *pub_root = sk + params->index_bytes + 2*params->n; | |||
| uint64_t idx_tree; | |||
| uint32_t idx_leaf; | |||
| @@ -801,7 +807,7 @@ int xmssmt_core_sign(const xmss_params *params, | |||
| memcpy(sk_seed, sk+params->index_bytes, params->n); | |||
| memcpy(sk_prf, sk+params->index_bytes+params->n, params->n); | |||
| memcpy(pub_seed, sk+params->index_bytes+2*params->n, params->n); | |||
| memcpy(pub_seed, sk+params->index_bytes+3*params->n, params->n); | |||
| // Update SK | |||
| for (i = 0; i < params->index_bytes; i++) { | |||