kris/xmss-KAT-generator
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make codestyle more consistent, fix -Wextra warns

Browse Source
This commit is contained in:
Joost Rijneveld 2016-02-02 14:06:43 +01:00
parent 719cb467df
commit 1e503b665e
19 changed files with 722 additions and 810 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -1,5 +1,5 @@
CC = /usr/bin/gcc
CFLAGS = -Wall -g -O3
CFLAGS = -Wall -g -O3 -Wextra
all: test/test_chacha \
test/test_wots \

10
chacha.c
View File

@ -89,8 +89,7 @@ static void chacha_core(unsigned char output[64], const uint32_t input[16],
int i;
memcpy(x, input, sizeof(uint32_t) * 16);
for (i = 20; i > 0; i -= 2)
{
for (i = num_rounds; i > 0; i -= 2) {
QUARTERROUND( 0, 4, 8,12)
QUARTERROUND( 1, 5, 9,13)
QUARTERROUND( 2, 6,10,14)
@ -137,8 +136,7 @@ void CRYPTO_chacha_20(unsigned char *out,
input[14] = U8TO32_LITTLE(nonce + 4);
input[15] = U8TO32_LITTLE(nonce + 8);
while (in_len > 0)
{
while (in_len > 0) {
todo = sizeof(buf);
if (in_len < todo)
todo = in_len;
@ -187,8 +185,7 @@ void CRYPTO_chacha_20_keystream(unsigned char *out,
input[14] = U8TO32_LITTLE(nonce + 4);
input[15] = U8TO32_LITTLE(nonce + 8);
while (out_len > 0)
{
while (out_len > 0) {
todo = sizeof(buf);
if (out_len < todo)
todo = out_len;
@ -205,4 +202,3 @@ void CRYPTO_chacha_20_keystream(unsigned char *out,
input[13]++;
}
}

68
hash.c
View File

@ -7,7 +7,8 @@ Public domain.
#include "prg.h"
#include <stddef.h>
#include "stdio.h"
#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
@ -22,24 +23,20 @@ Public domain.
/**
* Implements PRF_m
*/
int prf_m(unsigned char *out, const unsigned char *in, size_t inlen, const unsigned char *key, int keylen)
int prf_m(unsigned char *out, const unsigned char *in, size_t inlen, const unsigned char *key, unsigned int keylen)
{
unsigned int length;
if (keylen == 32) {
HMAC(EVP_sha256(), key, keylen, in, inlen, out, &length);
if(length != 32)
{
if (length != 32) {
fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);
}
return 0;
}
else
{
if(keylen == 64)
{
else {
if (keylen == 64) {
HMAC(EVP_sha512(), key, keylen, in, inlen, out, &length);
if(length != 64)
{
if (length != 64) {
fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);
}
return 0;
@ -51,36 +48,31 @@ int prf_m(unsigned char *out, const unsigned char *in, size_t inlen, const unsig
/*
* Implemts H_m
*/
int hash_m(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *key, const int keylen, const int m)
int hash_m(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int m)
{
unsigned int i;
unsigned char buf[inlen + keylen + m];
if (keylen != m){
fprintf(stderr, "H_m takes m-bit keys, we got m=%d but a keylength of %d.\n", m, keylen);
return 1;
}
unsigned long long i;
unsigned char buf[inlen +keylen+m];
for(i=0;i<m;i++)
{
for (i=0; i < m; i++) {
buf[i] = 0x00;
}
for(i=0;i <keylen;i++)
{
for (i=0; i < keylen; i++) {
buf[m + i] = key[i];
}
for(i=0;i <inlen;i++)
{
for (i=0; i < inlen; i++) {
buf[m + keylen + i] = in[i];
}
if(m == 32)
{
if (m == 32) {
SHA256(buf, inlen + keylen + m, out);
return 0;
}
else
{
if(m == 64)
{
else {
if (m == 64) {
SHA512(buf, inlen + keylen + m, out);
return 0;
}
@ -91,13 +83,13 @@ int hash_m(unsigned char *out,const unsigned char *in,unsigned long long inlen,c
/**
* We assume the left half is in in[0]...in[n-1]
*/
int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
int hash_2n_n(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const unsigned int n)
{
unsigned char buf[4*n];
unsigned char key[n];
unsigned char bitmask[2*n];
int i;
unsigned int i;
SET_KEY_BIT(addr, 1);
SET_BLOCK_BIT(addr, 0);
@ -107,8 +99,7 @@ int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *p
prg_with_counter(bitmask, pub_seed, n, addr);
SET_BLOCK_BIT(addr, 1);
prg_with_counter(bitmask+n, pub_seed, n, addr);
for(i=0;i<n;i++)
{
for (i = 0; i < n; i++) {
buf[i] = 0x00;
buf[n+i] = key[i];
buf[2*n+i] = in[i] ^ bitmask[i];
@ -117,30 +108,31 @@ int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *p
if (n == 32) {
SHA256(buf, 4*n, out);
return 0;
} else {
}
else {
if (n == 64) {
SHA512(buf, 4*n, out);
return 0;
} else {
}
else {
fprintf(stderr, "Hash.c:hash_2n_n: Code only supports n=32 or n=64");
return -1;
}
}
}
int hash_n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
int hash_n_n(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const unsigned int n)
{
unsigned char buf[3*n];
unsigned char key[n];
unsigned char bitmask[n];
int i;
unsigned int i;
WOTS_SELECT_KEY(addr);
prg_with_counter(key, pub_seed, n, addr);
WOTS_SELECT_BLOCK(addr);
prg_with_counter(bitmask, pub_seed, n, addr);
for(i=0;i<n;i++)
{
for (i = 0; i < n; i++) {
buf[i] = 0x00;
buf[n+i] = key[i];
buf[2*n+i] = in[i] ^ bitmask[i];
@ -148,11 +140,13 @@ int hash_n_n(unsigned char *out,const unsigned char *in, const unsigned char *pu
if (n == 32) {
SHA256(buf, 3*n, out);
return 0;
} else {
}
else {
if (n == 64) {
SHA512(buf, 3*n, out);
return 0;
} else {
}
else {
fprintf(stderr, "Hash.c:hash_n_n: Code only supports n=32 or n=64");
return -1;
}

30
prg.c
View File

@ -20,25 +20,20 @@ void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, un
if (key_len == 32) {
CRYPTO_chacha_20_keystream(r, rlen, key, zero_nonce, 0);
}
else
{
if(key_len == 64)
{
else {
if (key_len == 64) {
unsigned long long left = rlen;
u_int32_t counter = 0;
unsigned char *c = (unsigned char*)&counter;
unsigned int length;
unsigned int i = 0;
unsigned char tmp[64];
while(left > 0)
{
while (left > 0) {
HMAC(EVP_sha512(), key, key_len, c , 4, tmp, &length);
if(length != 64)
{
if (length != 64) {
fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);
}
for(i = 0; ((i < length) && (i < left));i++)
{
for (i = 0; ((i < length) && (i < left)); i++) {
r[rlen-left+i] = tmp[i];
}
left -= length;
@ -61,8 +56,7 @@ void prg_with_counter(unsigned char *r, const unsigned char *key, unsigned int n
int i;
unsigned char nonce[12];
if (n == 32) {
for(i = 0; i < 12; i++)
{
for (i = 0; i < 12; i++) {
nonce[i] = addr[i];
}
uint32_t counter;
@ -70,17 +64,15 @@ void prg_with_counter(unsigned char *r, const unsigned char *key, unsigned int n
// TODO: Check address handling. Endianess?
CRYPTO_chacha_20_keystream(r, n, key, nonce, counter);
}
else
{
if(n == 64)
{
else {
if (n == 64) {
unsigned int length;
HMAC(EVP_sha512(), key, n, addr, 16, r, &length);
if(length != 64)
{
if (length != 64) {
fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);
}
} else {
}
else {
fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");
}
}

3
test/test_wots.c
View File

@ -37,8 +37,7 @@ int main()
wots_pkFromSig(pk2, sig, msg, &params, pub_seed, addr);
for (i = 0; i < sig_len; i++)
if(pk1[i] != pk2[i])
{
if (pk1[i] != pk2[i]) {
printf("pk1 != pk2 %d\n",i);
return -1;
}

15
test/test_xmss.c
View File

@ -6,8 +6,6 @@
#define MLEN 3491
#define SIGNATURES 50
unsigned char mi[MLEN];
unsigned long long smlen;
unsigned long long mlen;
@ -16,10 +14,10 @@ int main()
{
int r;
unsigned long long i;
int m = 64;
int n = 64;
int h = 8;
int w = 16;
unsigned int m = 64;
unsigned int n = 64;
unsigned int h = 8;
unsigned int w = 16;
unsigned long errors = 0;
@ -39,8 +37,7 @@ int main()
printf("keypair\n");
xmss_keypair(pk, sk, params);
// check pub_seed in SK
for(i=0;i<n;i++)
{
for (i = 0; i < n; i++) {
if (pk[n+i] != sk[4+m+n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
}
@ -48,7 +45,7 @@ int main()
unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3];
if (idx) printf("\nidx != 0 %lu\n",idx);
for(i=0;i<(1<<h);i++){
for (i = 0; i < SIGNATURES; i++) {
printf("sign\n");
xmss_sign(sk, sm, &smlen, mi, MLEN, params);
idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3];

19
test/test_xmss_fast.c
View File

@ -7,8 +7,6 @@
#define MLEN 3491
#define SIGNATURES 256
unsigned char mi[MLEN];
unsigned long long smlen;
unsigned long long mlen;
@ -17,11 +15,11 @@ int main()
{
int r;
unsigned long long i;
int m = 32;
int n = 32;
int h = 8;
int w = 16;
int k = 2;
unsigned int m = 32;
unsigned int n = 32;
unsigned int h = 8;
unsigned int w = 16;
unsigned int k = 2;
unsigned long errors = 0;
@ -57,8 +55,7 @@ int main()
printf("keypair\n");
xmss_keypair(pk, sk, state, params);
// check pub_seed in SK
for(i=0;i<n;i++)
{
for (i = 0; i < n; i++) {
if (pk[n+i] != sk[4+m+n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
}
@ -66,7 +63,7 @@ int main()
unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3];
if (idx) printf("\nidx != 0 %lu\n",idx);
for(i=0;i<((1<<h));i++){
for (i = 0; i < SIGNATURES; i++) {
printf("sign\n");
xmss_sign(sk, state, sm, &smlen, mi, MLEN, params);
idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3];
@ -141,5 +138,3 @@ int main()
printf("closed urandom\n");
return 0;
}

17
test/test_xmssmt.c
View File

@ -6,7 +6,6 @@
#define MLEN 3491
#define SIGNATURES 1024
unsigned char mi[MLEN];
unsigned long long smlen;
unsigned long long mlen;
@ -15,11 +14,11 @@ int main()
{
int r;
unsigned long long i,j;
int m = 32;
int n = 32;
int h = 20;
int d = 5;
int w = 16;
unsigned int m = 32;
unsigned int n = 32;
unsigned int h = 20;
unsigned int d = 5;
unsigned int w = 16;
xmssmt_params p;
xmssmt_params *params = &p;
@ -38,8 +37,7 @@ int main()
printf("keypair\n");
xmssmt_keypair(pk, sk, params);
// check pub_seed in SK
for(i=0;i<n;i++)
{
for (i = 0; i < n; i++) {
if (pk[n+i] != sk[params->index_len+m+n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
}
printf("pk checked\n");
@ -53,7 +51,7 @@ int main()
if (idx) printf("\nidx != 0: %llu\n",idx);
for(i=0;i<(1<<h);i++){
for (i = 0; i < SIGNATURES; i++) {
printf("sign\n");
xmssmt_sign(sk, sm, &smlen, mi, MLEN, params);
idx = 0;
@ -89,7 +87,6 @@ int main()
r = memcmp(mi,mo,MLEN);
printf("%d\n", (r!=0) - 1);
printf("%llu\n", mlen+1);
}
fclose(urandom);
return 0;

16
test/test_xmssmt_fast.c
View File

@ -6,7 +6,6 @@
#define MLEN 3491
#define SIGNATURES 4096
unsigned char mi[MLEN];
unsigned long long smlen;
unsigned long long mlen;
@ -15,12 +14,12 @@ int main()
{
int r;
unsigned long long i,j;
int m = 32;
int n = 32;
int h = 12;
int d = 2;
int w = 16;
int k = 2;
unsigned int m = 32;
unsigned int n = 32;
unsigned int h = 12;
unsigned int d = 3;
unsigned int w = 16;
unsigned int k = 2;
xmssmt_params p;
xmssmt_params *params = &p;
@ -68,8 +67,7 @@ int main()
printf("keypair\n");
xmssmt_keypair(pk, sk, states, wots_sigs, params);
// check pub_seed in SK
for(i=0;i<n;i++)
{
for (i = 0; i < n; i++) {
if (pk[n+i] != sk[params->index_len+m+n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
}
printf("pk checked\n");

45
wots.c
View File

@ -40,7 +40,7 @@ void wots_set_params(wots_params *params, int m, int n, int w)
/**
* Helper method for pseudorandom key generation
* Expands a 32 byte array into a len*n byte array
* Expands an n-byte array into a len*n byte array
* this is done using chacha20 with nonce 0 and counter 0
*/
static void expand_seed(unsigned char *outseeds, const unsigned char *inseed, const wots_params *params)
@ -55,7 +55,7 @@ static void expand_seed(unsigned char *outseeds, const unsigned char *inseed, co
* interpretes in as start-th value of the chain
* addr has to contain the address of the chain
*/
static void gen_chain(unsigned char *out, const unsigned char *in, int start, int steps, const wots_params *params, const unsigned char *pub_seed, unsigned char addr[16])
static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, unsigned char addr[16])
{
unsigned int i, j;
for (j = 0; j < params->n; j++)
@ -63,9 +63,6 @@ static void gen_chain(unsigned char *out, const unsigned char *in, int start, in
for (i = start; i < (start+steps) && i < params->w; i++) {
SET_HASH_ADDRESS(addr, i);
// printf("Hash %d:",i);
// hexdump(addr,16);
// printf("\n");
hash_n_n(out, out, pub_seed, addr, params->n);
}
}
@ -83,8 +80,7 @@ static void base_w(int *output, const unsigned char *input, int in_len, const wo
int bits = 0;
int consumed = 0;
for(consumed = 0; consumed < 8 * in_len; consumed += params->log_w)
{
for (consumed = 0; consumed < 8 * in_len; consumed += params->log_w) {
if (bits == 0) {
total = input[in_len - 1 - in];
in++;
@ -96,28 +92,12 @@ static void base_w(int *output, const unsigned char *input, int in_len, const wo
}
}
/**
* Alternative base w algorithm for w = 16 to check...
*/
static void base_w_alternative(int *output, unsigned char *input, int in_len, const wots_params *params)
{
unsigned int i = 0;
for(i = 0; i < in_len; i += 2)
{
output[i] = input[in_len - 1 - (i / 2)] >> 4;
output[i+1] = input[in_len - 1 - (i / 2)] & 0xf;
}
}
void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, unsigned char addr[16])
{
unsigned int i;
expand_seed(pk, sk, params);
for (i=0; i < params->len; i++) {
SET_CHAIN_ADDRESS(addr, i);
// printf("Chain: %d\n",i);
// hexdump(addr,16);
// printf("\n");
gen_chain(pk+i*params->n, pk+i*params->n, 0, params->w-1, params, pub_seed, addr);
}
}
@ -131,8 +111,7 @@ void wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char
base_w(basew, msg, params->m, params);
for(i=0;i<params->len_1;i++)
{
for (i=0; i < params->len_1; i++) {
csum += params->w - 1 - basew[i];
}
@ -146,8 +125,7 @@ void wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char
int csum_basew[len_2_bytes / params->log_w];
base_w(csum_basew, csum_bytes, len_2_bytes, params);
for(i = 0; i < params->len_2; i++)
{
for (i = 0; i < params->len_2; i++) {
basew[params->len_1 + i] = csum_basew[i];
}
@ -155,9 +133,6 @@ void wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char
for (i = 0; i < params->len; i++) {
SET_CHAIN_ADDRESS(addr, i);
// printf("Chain: %d\n",i);
// hexdump(addr,16);
// printf("\n");
gen_chain(sig+i*params->n, sig+i*params->n, 0, basew[i], params, pub_seed, addr);
}
}
@ -170,8 +145,7 @@ void wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned
base_w(basew, msg, params->m, params);
for(i=0;i<params->len_1;i++)
{
for (i=0; i < params->len_1; i++) {
csum += params->w - 1 - basew[i];
}
@ -185,16 +159,11 @@ void wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned
int csum_basew[len_2_bytes / params->log_w];
base_w(csum_basew, csum_bytes, len_2_bytes, params);
for(i = 0; i < params->len_2; i++)
{
for (i = 0; i < params->len_2; i++) {
basew[params->len_1 + i] = csum_basew[i];
}
for (i=0; i < params->len; i++) {
SET_CHAIN_ADDRESS(addr, i);
// printf("Chain: %d\n",i);
// hexdump(addr,16);
// printf("\n");
gen_chain(pk+i*params->n, sig+i*params->n, basew[i], params->w-1-basew[i], params, pub_seed, addr);
}
}

16
wots.h
View File

@ -13,14 +13,14 @@ Public domain.
* Meaning as defined in draft-irtf-cfrg-xmss-hash-based-signatures-02
*/
typedef struct {
int len_1;
int len_2;
int len;
int m;
int n;
int w;
int log_w;
int keysize;
unsigned int len_1;
unsigned int len_2;
unsigned int len;
unsigned int m;
unsigned int n;
unsigned int w;
unsigned int log_w;
unsigned int keysize;
} wots_params;
/**

49
xmss.c
View File

@ -142,25 +142,22 @@ static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_param
//ADRS.setTreeHeight(0);
SET_LTREE_TREE_HEIGHT(addr, height);
unsigned long bound;
while ( l > 1 )
{
while (l > 1) {
bound = l >> 1; //floor(l / 2);
for ( i = 0; i < bound; i = i + 1 ) {
for (i = 0; i < bound; i++) {
//ADRS.setTreeIndex(i);
SET_LTREE_TREE_INDEX(addr, i);
//wots_pk[i] = RAND_HASH(pk[2i], pk[2i + 1], SEED, ADRS);
hash_2n_n(wots_pk+i*n, wots_pk+i*2*n, pub_seed, addr, n);
}
//if ( l % 2 == 1 ) {
if(l&1)
{
if (l & 1) {
//pk[floor(l / 2) + 1] = pk[l];
memcpy(wots_pk+(l>>1)*n, wots_pk+(l-1)*n, n);
//l = ceil(l / 2);
l=(l>>1)+1;
}
else
{
else {
//l = ceil(l / 2);
l=(l>>1);
}
@ -209,22 +206,20 @@ static void treehash(unsigned char *node, int height, int index, const unsigned
SET_LTREE_BIT(node_addr, 0);
SET_NODE_PADDING(node_addr);
int lastnode,i;
unsigned int lastnode, i;
unsigned char stack[(height+1)*n];
unsigned int stacklevels[height+1];
unsigned int stackoffset=0;
lastnode = idx+(1 << height);
for(;idx<lastnode;idx++)
{
for (; idx < lastnode; idx++) {
SET_LTREE_ADDRESS(ltree_addr, idx);
SET_OTS_ADDRESS(ots_addr, idx);
gen_leaf_wots(stack+stackoffset*n, sk_seed, params, pub_seed, ltree_addr, ots_addr);
stacklevels[stackoffset] = 0;
stackoffset++;
while(stackoffset>1 && stacklevels[stackoffset-1] == stacklevels[stackoffset-2])
{
while (stackoffset>1 && stacklevels[stackoffset-1] == stacklevels[stackoffset-2]) {
SET_NODE_TREE_HEIGHT(node_addr, stacklevels[stackoffset-1]);
SET_NODE_TREE_INDEX(node_addr, (idx >> (stacklevels[stackoffset-1]+1)));
hash_2n_n(stack+(stackoffset-2)*n, stack+(stackoffset-2)*n, pub_seed,
@ -244,20 +239,18 @@ static void validate_authpath(unsigned char *root, const unsigned char *leaf, un
{
unsigned int n = params->n;
int i,j;
unsigned int i, j;
unsigned char buffer[2*n];
// If leafidx is odd (last bit = 1), current path element is a right child and authpath has to go to the left.
// Otherwise, it is the other way around
if(leafidx&1)
{
if (leafidx & 1) {
for (j = 0; j < n; j++)
buffer[n+j] = leaf[j];
for (j = 0; j < n; j++)
buffer[j] = authpath[j];
}
else
{
else {
for (j = 0; j < n; j++)
buffer[j] = leaf[j];
for (j = 0; j < n; j++)
@ -265,19 +258,16 @@ static void validate_authpath(unsigned char *root, const unsigned char *leaf, un
}
authpath += n;
for(i=0;i<params->h-1;i++)
{
for (i=0; i < params->h-1; i++) {
SET_NODE_TREE_HEIGHT(addr, i);
leafidx >>= 1;
SET_NODE_TREE_INDEX(addr, leafidx);
if(leafidx&1)
{
if (leafidx&1) {
hash_2n_n(buffer+n, buffer, pub_seed, addr, n);
for (j = 0; j < n; j++)
buffer[j] = authpath[j];
}
else
{
else {
hash_2n_n(buffer, buffer, pub_seed, addr, n);
for (j = 0; j < n; j++)
buffer[j+n] = authpath[j];
@ -298,8 +288,8 @@ static void validate_authpath(unsigned char *root, const unsigned char *leaf, un
static void compute_authpath_wots(unsigned char *root, unsigned char *authpath, unsigned long leaf_idx, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, unsigned char addr[16])
{
unsigned int i, j, level;
int n = params->n;
int h = params->h;
unsigned int n = params->n;
unsigned int h = params->h;
unsigned char tree[2*(1<<h)*n];
@ -318,8 +308,7 @@ static void compute_authpath_wots(unsigned char *root, unsigned char *authpath,
// Compute all leaves
for(i = 0; i < (1<<h); i++)
{
for (i = 0; i < (1U << h); i++) {
SET_LTREE_ADDRESS(ltree_addr, i);
SET_OTS_ADDRESS(ots_addr, i);
gen_leaf_wots(tree+((1<<h)*n + i*n), sk_seed, params, pub_seed, ltree_addr, ots_addr);
@ -329,12 +318,10 @@ static void compute_authpath_wots(unsigned char *root, unsigned char *authpath,
level = 0;
// Compute tree:
// Outer loop: For each inner layer
for (i = (1<<h); i > 1; i>>=1)
{
for (i = (1<<h); i > 1; i>>=1) {
SET_NODE_TREE_HEIGHT(node_addr, level);
// Inner loop: for each pair of sibling nodes
for (j = 0; j < i; j+=2)
{
for (j = 0; j < i; j+=2) {
SET_NODE_TREE_INDEX(node_addr, j>>1);
hash_2n_n(tree + (i>>1)*n + (j>>1) * n, tree + i*n + j*n, pub_seed, node_addr, n);
}

20
xmss.h
View File

@ -9,25 +9,25 @@ Public domain.
#ifndef XMSS_H
#define XMSS_H
typedef struct{
int level;
unsigned int level;
unsigned long long subtree;
int subleaf;
unsigned int subleaf;
} leafaddr;
typedef struct{
wots_params wots_par;
int n;
int m;
int h;
unsigned int n;
unsigned int m;
unsigned int h;
} xmss_params;
typedef struct{
xmss_params xmss_par;
int n;
int m;
int h;
int d;
int index_len;
unsigned int n;
unsigned int m;
unsigned int h;
unsigned int d;
unsigned int index_len;
} xmssmt_params;
/**
* Initializes parameter set.

64
xmss_fast.c
View File

@ -167,8 +167,7 @@ static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_param
//ADRS.setTreeHeight(0);
SET_LTREE_TREE_HEIGHT(addr, height);
unsigned long bound;
while ( l > 1 )
{
while (l > 1) {
bound = l >> 1; //floor(l / 2);
for (i = 0; i < bound; i = i + 1) {
//ADRS.setTreeIndex(i);
@ -177,8 +176,7 @@ static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_param
hash_2n_n(wots_pk+i*n, wots_pk+i*2*n, pub_seed, addr, n);
}
//if ( l % 2 == 1 ) {
if(l&1)
{
if (l & 1) {
//pk[floor(l / 2) + 1] = pk[l];
memcpy(wots_pk+(l>>1)*n, wots_pk+(l-1)*n, n);
//l = ceil(l / 2);
@ -212,7 +210,7 @@ static void gen_leaf_wots(unsigned char *leaf, const unsigned char *sk_seed, con
}
static int treehash_minheight_on_stack(bds_state* state, const xmss_params *params, const treehash_inst *treehash) {
int r = params->h, i;
unsigned int r = params->h, i;
for (i = 0; i < treehash->stackusage; i++) {
if (state->stacklevels[state->stackoffset - i - 1] < r) {
r = state->stacklevels[state->stackoffset - i - 1];
@ -245,12 +243,11 @@ static void treehash_setup(unsigned char *node, int height, int index, bds_state
SET_LTREE_BIT(node_addr, 0);
SET_NODE_PADDING(node_addr);
int lastnode,i;
unsigned int lastnode, i;
unsigned char stack[(height+1)*n];
unsigned int stacklevels[height+1];
unsigned int stackoffset=0;
int nodeh;
unsigned int nodeh;
lastnode = idx+(1<<height);
@ -261,8 +258,7 @@ static void treehash_setup(unsigned char *node, int height, int index, bds_state
}
i = 0;
for(;idx<lastnode;idx++)
{
for (; idx < lastnode; idx++) {
SET_LTREE_ADDRESS(ltree_addr, idx);
SET_OTS_ADDRESS(ots_addr, idx);
gen_leaf_wots(stack+stackoffset*n, sk_seed, params, pub_seed, ltree_addr, ots_addr);
@ -351,20 +347,18 @@ static void validate_authpath(unsigned char *root, const unsigned char *leaf, un
{
unsigned int n = params->n;
int i,j;
unsigned int i, j;
unsigned char buffer[2*n];
// If leafidx is odd (last bit = 1), current path element is a right child and authpath has to go to the left.
// Otherwise, it is the other way around
if(leafidx&1)
{
if (leafidx & 1) {
for (j = 0; j < n; j++)
buffer[n+j] = leaf[j];
for (j = 0; j < n; j++)
buffer[j] = authpath[j];
}
else
{
else {
for (j = 0; j < n; j++)
buffer[j] = leaf[j];
for (j = 0; j < n; j++)
@ -372,19 +366,16 @@ static void validate_authpath(unsigned char *root, const unsigned char *leaf, un
}
authpath += n;
for(i=0;i<params->h-1;i++)
{
for (i = 0; i < params->h-1; i++) {
SET_NODE_TREE_HEIGHT(addr, i);
leafidx >>= 1;
SET_NODE_TREE_INDEX(addr, leafidx);
if(leafidx&1)
{
if (leafidx & 1) {
hash_2n_n(buffer+n, buffer, pub_seed, addr, n);
for (j = 0; j < n; j++)
buffer[j] = authpath[j];
}
else
{
else {
hash_2n_n(buffer, buffer, pub_seed, addr, n);
for (j = 0; j < n; j++)
buffer[j+n] = authpath[j];
@ -403,10 +394,10 @@ static void validate_authpath(unsigned char *root, const unsigned char *leaf, un
**/
static char bds_treehash_update(bds_state *state, unsigned int updates, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const unsigned char addr[16]) {
unsigned int i, j;
int level, l_min, low;
int h = params->h;
int k = params->k;
int used = 0;
unsigned int level, l_min, low;
unsigned int h = params->h;
unsigned int k = params->k;
unsigned int used = 0;
for (j = 0; j < updates; j++) {
l_min = h;
@ -429,7 +420,6 @@ static char bds_treehash_update(bds_state *state, unsigned int updates, const un
if (level == h - k) {
break;
}
// printf("Updated treehash instance on level %d\n", level);
treehash_update(&(state->treehash[level]), state, sk_seed, params, pub_seed, addr);
used++;
}
@ -476,8 +466,7 @@ static char bds_state_update(bds_state *state, const unsigned char *sk_seed, con
if (h - k > 0 && idx == 3) {
memcpy(state->treehash[0].node, state->stack+state->stackoffset*n, n);
}
while(state->stackoffset>1 && state->stacklevels[state->stackoffset-1] == state->stacklevels[state->stackoffset-2])
{
while (state->stackoffset>1 && state->stacklevels[state->stackoffset-1] == state->stacklevels[state->stackoffset-2]) {
nodeh = state->stacklevels[state->stackoffset-1];
if (idx >> nodeh == 1) {
memcpy(state->auth + nodeh*n, state->stack+(state->stackoffset-1)*n, n);
@ -508,15 +497,14 @@ static char bds_state_update(bds_state *state, const unsigned char *sk_seed, con
*/
static void bds_round(bds_state *state, const unsigned long leaf_idx, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, unsigned char addr[16])
{
// printf("COMPUTING %llu\n", leaf_idx);
unsigned int i;
int n = params->n;
int h = params->h;
int k = params->k;
unsigned int n = params->n;
unsigned int h = params->h;
unsigned int k = params->k;
int tau = h;
int startidx;
int offset, rowidx;
unsigned int tau = h;
unsigned int startidx;
unsigned int offset, rowidx;
unsigned char buf[2 * n];
unsigned char ots_addr[16];
@ -569,7 +557,7 @@ static void bds_round(bds_state *state, const unsigned long leaf_idx, const unsi
for (i = 0; i < ((tau < h - k) ? tau : (h - k)); i++) {
startidx = leaf_idx + 1 + 3 * (1 << i);
if (startidx < 1 << h) {
if (startidx < 1U << h) {
state->treehash[i].h = i;
state->treehash[i].next_idx = startidx;
state->treehash[i].completed = 0;
@ -691,7 +679,7 @@ int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsig
// the auth path was already computed during the previous round
memcpy(sig_msg, state->auth, h*n);
if (idx < (1 << h) - 1) {
if (idx < (1U << h) - 1) {
bds_round(state, idx, sk_seed, params, pub_seed, ots_addr);
bds_treehash_update(state, (h - k) >> 1, sk_seed, params, pub_seed, ots_addr);
}
@ -970,7 +958,7 @@ int xmssmt_sign(unsigned char *sk, bds_state *states, unsigned char *wots_sigs,
idx_tree = (idx >> (tree_h * (i+1)));
SET_LAYER_ADDRESS(addr, i);
SET_TREE_ADDRESS(addr, idx_tree);
if (i == needswap_upto+1) {
if (i == (unsigned int) (needswap_upto + 1)) {
bds_round(&states[i], idx_leaf, sk_seed, &(params->xmss_par), pub_seed, addr);
}
updates = bds_treehash_update(&states[i], updates, sk_seed, &(params->xmss_par), pub_seed, addr);

32
xmss_fast.h
View File

@ -9,45 +9,45 @@ Public domain.
#ifndef XMSS_H
#define XMSS_H
typedef struct{
int level;
unsigned int level;
unsigned long long subtree;
int subleaf;
unsigned int subleaf;
} leafaddr;
typedef struct{
wots_params wots_par;
int n;
int m;
int h;
int k;
unsigned int n;
unsigned int m;
unsigned int h;
unsigned int k;
} xmss_params;
typedef struct{
xmss_params xmss_par;
int n;
int m;
int h;
int d;
int index_len;
unsigned int n;
unsigned int m;
unsigned int h;
unsigned int d;
unsigned int index_len;
} xmssmt_params;
typedef struct{
int h;
int next_idx;
int stackusage;
unsigned int h;
unsigned int next_idx;
unsigned int stackusage;
unsigned char completed;
unsigned char *node;
} treehash_inst;
typedef struct {
unsigned char *stack;
int stackoffset;
unsigned int stackoffset;
unsigned char *stacklevels;
unsigned char *auth;
unsigned char *keep;
treehash_inst *treehash;
unsigned char *retain;
int next_leaf;
unsigned int next_leaf;
} bds_state;
/**