From 7c6354f762c0f5e76d0fa66d2265b55a7382a661 Mon Sep 17 00:00:00 2001 From: Joost Rijneveld Date: Tue, 24 Oct 2017 17:51:56 +0200 Subject: [PATCH] Rename parameters for readability and consistency --- hash_address.c | 8 ++-- hash_address.h | 4 +- params.c | 44 ++++++++++------------ params.h | 10 ++--- test/test_determinism.c | 16 ++++---- test/test_xmss.c | 20 +++++----- test/test_xmss_core.c | 2 +- test/test_xmss_core_fast.c | 2 +- test/test_xmssmt.c | 22 +++++------ test/test_xmssmt_core.c | 10 ++--- test/test_xmssmt_core_fast.c | 12 +++--- test/xmss_keypair.c | 8 ++-- test/xmss_open.c | 12 +++--- test/xmss_sign.c | 14 +++---- test/xmssmt_keypair.c | 8 ++-- test/xmssmt_open.c | 12 +++--- test/xmssmt_sign.c | 14 +++---- xmss_commons.c | 30 +++++++-------- xmss_core.c | 44 +++++++++++----------- xmss_core_fast.c | 72 ++++++++++++++++++------------------ 20 files changed, 179 insertions(+), 185 deletions(-) diff --git a/hash_address.c b/hash_address.c index a004fc9..0e23419 100644 --- a/hash_address.c +++ b/hash_address.c @@ -59,12 +59,12 @@ void set_ltree_addr(uint32_t addr[8], uint32_t ltree) /* These functions are used for hash tree addresses. */ -void set_tree_height(uint32_t addr[8], uint32_t treeHeight) +void set_tree_height(uint32_t addr[8], uint32_t tree_height) { - addr[5] = treeHeight; + addr[5] = tree_height; } -void set_tree_index(uint32_t addr[8], uint32_t treeIndex) +void set_tree_index(uint32_t addr[8], uint32_t tree_index) { - addr[6] = treeIndex; + addr[6] = tree_index; } diff --git a/hash_address.h b/hash_address.h index ed3d55b..97ef763 100644 --- a/hash_address.h +++ b/hash_address.h @@ -32,8 +32,8 @@ void set_ltree_addr(uint32_t addr[8], uint32_t ltree); /* These functions are used for hash tree addresses. */ -void set_tree_height(uint32_t addr[8], uint32_t treeHeight); +void set_tree_height(uint32_t addr[8], uint32_t tree_height); -void set_tree_index(uint32_t addr[8], uint32_t treeIndex); +void set_tree_index(uint32_t addr[8], uint32_t tree_index); #endif diff --git a/params.c b/params.c index 4e0f484..1053301 100644 --- a/params.c +++ b/params.c @@ -227,20 +227,17 @@ int xmss_parse_oid(xmss_params *params, const uint32_t oid) params->tree_height = params->full_height / params->d; params->wots_w = 16; params->wots_log_w = 4; - if (params->n == 32) { - params->wots_len1 = 64; - } - else { - params->wots_len1 = 128; - } + params->wots_len1 = 8 * params->n / params->wots_log_w; + /* len_2 = floor(log(len_1 * (w - 1)) / log(w)) + 1 */ params->wots_len2 = 3; params->wots_len = params->wots_len1 + params->wots_len2; - params->wots_keysize = params->wots_len * params->n; - params->index_len = 4; - params->bytes = (params->index_len + params->n + params->d*params->wots_keysize - + params->full_height *params->n); - params->publickey_bytes = 2*params->n; - params->privatekey_bytes = 4*params->n + params->index_len; + params->wots_sig_bytes = params->wots_len * params->n; + params->index_bytes = 4; + params->sig_bytes = (params->index_bytes + params->n + + params->d * params->wots_sig_bytes + + params->full_height * params->n); + params->pk_bytes = 2 * params->n; + params->sk_bytes = 4 * params->n + params->index_bytes; // TODO figure out sensible and legal values for this based on the above params->bds_k = 0; @@ -447,21 +444,18 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid) params->tree_height = params->full_height / params->d; params->wots_w = 16; params->wots_log_w = 4; - if (params->n == 32) { - params->wots_len1 = 64; - } - else { - params->wots_len1 = 128; - } + params->wots_len1 = 8 * params->n / params->wots_log_w; + /* len_2 = floor(log(len_1 * (w - 1)) / log(w)) + 1 */ params->wots_len2 = 3; params->wots_len = params->wots_len1 + params->wots_len2; - params->wots_keysize = params->wots_len * params->n; - /* Round index_len up to nearest byte. */ - params->index_len = (params->full_height + 7) / 8; - params->bytes = (params->index_len + params->n + params->d*params->wots_keysize - + params->full_height *params->n); - params->publickey_bytes = 2*params->n; - params->privatekey_bytes = 4*params->n + params->index_len; + params->wots_sig_bytes = params->wots_len * params->n; + /* Round index_bytes up to nearest byte. */ + params->index_bytes = (params->full_height + 7) / 8; + params->sig_bytes = (params->index_bytes + params->n + + params->d * params->wots_sig_bytes + + params->full_height * params->n); + params->pk_bytes = 2 * params->n; + params->sk_bytes = 4 * params->n + params->index_bytes; // TODO figure out sensible and legal values for this based on the above params->bds_k = 0; diff --git a/params.h b/params.h index 002e957..9155bcb 100644 --- a/params.h +++ b/params.h @@ -19,14 +19,14 @@ typedef struct { unsigned int wots_len1; unsigned int wots_len2; unsigned int wots_len; - unsigned int wots_keysize; + unsigned int wots_sig_bytes; unsigned int full_height; unsigned int tree_height; unsigned int d; - unsigned int index_len; - unsigned int bytes; - unsigned int publickey_bytes; - unsigned int privatekey_bytes; + unsigned int index_bytes; + unsigned int sig_bytes; + unsigned int pk_bytes; + unsigned int sk_bytes; unsigned int bds_k; } xmss_params; diff --git a/test/test_determinism.c b/test/test_determinism.c index a54d5c5..c772c8d 100644 --- a/test/test_determinism.c +++ b/test/test_determinism.c @@ -20,19 +20,19 @@ int main() xmss_str_to_oid(&oid, oidstr); xmss_parse_oid(¶ms, oid); - unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; - unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; - unsigned char sk2[XMSS_OID_LEN + params.privatekey_bytes]; + unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; + unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; + unsigned char sk2[XMSS_OID_LEN + params.sk_bytes]; unsigned char m[MLEN]; - unsigned char sm[params.bytes + MLEN]; - unsigned char sm2[params.bytes + MLEN]; + unsigned char sm[params.sig_bytes + MLEN]; + unsigned char sm2[params.sig_bytes + MLEN]; unsigned long long smlen; xmss_keypair(pk, sk, oid); /* Duplicate the key, because the original will be modified. */ - memcpy(sk2, sk, XMSS_OID_LEN + params.privatekey_bytes); + memcpy(sk2, sk, XMSS_OID_LEN + params.sk_bytes); /* Sign a random message (but twice the same one). */ randombytes(m, MLEN); @@ -41,9 +41,9 @@ int main() xmss_sign(sk2, sm2, &smlen, m, MLEN); /* Compare signature, and, if applicable, print the differences. */ - if (memcmp(sm, sm2, params.bytes + MLEN)) { + if (memcmp(sm, sm2, params.sig_bytes + MLEN)) { fprintf(stderr, "signatures differ!\n"); - for (i = 0; i < params.bytes + MLEN; i++) { + for (i = 0; i < params.sig_bytes + MLEN; i++) { fprintf(stderr, (sm[i] != sm2[i] ? "x" : ".")); } fprintf(stderr, "\n"); diff --git a/test/test_xmss.c b/test/test_xmss.c index d2911ad..1159824 100644 --- a/test/test_xmss.c +++ b/test/test_xmss.c @@ -24,18 +24,18 @@ int main() unsigned long long i, j; unsigned long errors = 0; - unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; - unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; + unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; + unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; - unsigned char mo[MLEN+params.bytes]; - unsigned char sm[MLEN+params.bytes]; + unsigned char mo[MLEN+params.sig_bytes]; + unsigned char sm[MLEN+params.sig_bytes]; printf("keypair\n"); xmss_keypair(pk, sk, oid); // check pub_seed in SK for (i = 0; i < params.n; i++) { - if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_len+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); - if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_len+3*params.n+i]) printf("pk.root != sk.root %llu",i); + if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); + if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); } // check index @@ -55,7 +55,7 @@ int main() } printf("\n"); - r = memcmp(mi, sm+params.bytes,MLEN); + r = memcmp(mi, sm+params.sig_bytes,MLEN); printf("%d\n", r); /* Test valid signature */ @@ -68,7 +68,7 @@ int main() printf("%llu\n", MLEN-mlen); /* Test with modified message */ - sm[params.bytes+10] ^= 1; + sm[params.sig_bytes+10] ^= 1; r = xmss_sign_open(mo, &mlen, sm, smlen, pk); printf("%d\n", r+1); if (r == 0) errors++; @@ -78,7 +78,7 @@ int main() /* Test with modified signature */ /* Modified index */ - sm[params.bytes+10] ^= 1; + sm[params.sig_bytes+10] ^= 1; sm[2] ^= 1; r = xmss_sign_open(mo, &mlen, sm, smlen, pk); printf("%d\n", r+1); @@ -109,7 +109,7 @@ int main() /* Modified AUTH */ sm[240] ^= 1; - sm[params.bytes - 10] ^= 1; + sm[params.sig_bytes - 10] ^= 1; r = xmss_sign_open(mo, &mlen, sm, smlen, pk); printf("%d\n", r+1); if (r == 0) errors++; diff --git a/test/test_xmss_core.c b/test/test_xmss_core.c index 65cbd06..f5c211d 100644 --- a/test/test_xmss_core.c +++ b/test/test_xmss_core.c @@ -26,7 +26,7 @@ int main() unsigned char sk[4*params.n+4]; unsigned char pk[2*params.n]; - unsigned long long signature_length = 4+params.n+params.wots_keysize+params.tree_height*params.n; + unsigned long long signature_length = 4+params.n+params.wots_sig_bytes+params.tree_height*params.n; unsigned char mo[MLEN+signature_length]; unsigned char sm[MLEN+signature_length]; diff --git a/test/test_xmss_core_fast.c b/test/test_xmss_core_fast.c index 150a517..6ac8205 100644 --- a/test/test_xmss_core_fast.c +++ b/test/test_xmss_core_fast.c @@ -49,7 +49,7 @@ int main() treehash[i].node = &th_nodes[params.n*i]; xmss_set_bds_state(state, stack, stackoffset, stacklevels, auth, keep, treehash, retain, 0); - unsigned long long signature_length = 4+params.n+params.wots_keysize+params.tree_height*params.n; + unsigned long long signature_length = 4+params.n+params.wots_sig_bytes+params.tree_height*params.n; unsigned char mi[MLEN]; unsigned char mo[MLEN+signature_length]; unsigned char sm[MLEN+signature_length]; diff --git a/test/test_xmssmt.c b/test/test_xmssmt.c index 8218a70..cc677b4 100644 --- a/test/test_xmssmt.c +++ b/test/test_xmssmt.c @@ -23,26 +23,26 @@ int main() int r; unsigned long long i,j; - unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; - unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; + unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; + unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; - unsigned char mo[MLEN+params.bytes]; - unsigned char sm[MLEN+params.bytes]; + unsigned char mo[MLEN+params.sig_bytes]; + unsigned char sm[MLEN+params.sig_bytes]; printf("keypair\n"); xmssmt_keypair(pk, sk, oid); // check pub_seed in SK for (i = 0; i < params.n; i++) { - if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_len+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); - if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_len+3*params.n+i]) printf("pk.root != sk.root %llu",i); + if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); + if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); } printf("pk checked\n"); // check index unsigned long long idx = 0; - for (i = 0; i < params.index_len; i++) { - idx |= ((unsigned long long)sk[i + XMSS_OID_LEN]) << 8*(params.index_len - 1 - i); + for (i = 0; i < params.index_bytes; i++) { + idx |= ((unsigned long long)sk[i + XMSS_OID_LEN]) << 8*(params.index_bytes - 1 - i); } if (idx) printf("\nidx != 0: %llu\n",idx); @@ -53,11 +53,11 @@ int main() printf("sign\n"); xmssmt_sign(sk, sm, &smlen, mi, MLEN); idx = 0; - for (j = 0; j < params.index_len; j++) { - idx += ((unsigned long long)sm[j]) << 8*(params.index_len - 1 - j); + for (j = 0; j < params.index_bytes; j++) { + idx += ((unsigned long long)sm[j]) << 8*(params.index_bytes - 1 - j); } printf("\nidx = %llu\n",idx); - r = memcmp(mi, sm+params.bytes,MLEN); + r = memcmp(mi, sm+params.sig_bytes,MLEN); printf("%d\n", r); for (j = 0; j < smlen; j++) { diff --git a/test/test_xmssmt_core.c b/test/test_xmssmt_core.c index 000906d..9f32cfc 100644 --- a/test/test_xmssmt_core.c +++ b/test/test_xmssmt_core.c @@ -22,10 +22,10 @@ int main() int r; unsigned long long i,j; - unsigned char sk[(params.index_len+4*params.n)]; + unsigned char sk[(params.index_bytes+4*params.n)]; unsigned char pk[2*params.n]; - unsigned long long signature_length = params.index_len + params.n + (params.d*params.wots_keysize) + params.full_height*params.n; + unsigned long long signature_length = params.index_bytes + params.n + (params.d*params.wots_sig_bytes) + params.full_height*params.n; unsigned char mo[MLEN+signature_length]; unsigned char sm[MLEN+signature_length]; @@ -33,12 +33,12 @@ int main() xmssmt_core_keypair(¶ms, pk, sk); // check pub_seed in SK for (i = 0; i < params.n; i++) { - if (pk[params.n+i] != sk[params.index_len+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); - if (pk[i] != sk[params.index_len+3*params.n+i]) printf("pk.root != sk.root %llu",i); + if (pk[params.n+i] != sk[params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); + if (pk[i] != sk[params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); } printf("pk checked\n"); - unsigned int idx_len = params.index_len; + unsigned int idx_len = params.index_bytes; // check index unsigned long long idx = 0; for (i = 0; i < idx_len; i++) { diff --git a/test/test_xmssmt_core_fast.c b/test/test_xmssmt_core_fast.c index 653db48..549429a 100644 --- a/test/test_xmssmt_core_fast.c +++ b/test/test_xmssmt_core_fast.c @@ -45,7 +45,7 @@ int main() treehash_inst treehash[(2*d-1) * (tree_h-k)]; unsigned char th_nodes[(2*d-1) * (tree_h-k)*n]; unsigned char retain[(2*d-1) * ((1 << k) - k - 1)*n]; - unsigned char wots_sigs[d * params.wots_keysize]; + unsigned char wots_sigs[d * params.wots_sig_bytes]; // first d are 'regular' states, second d are 'next'; top tree has no 'next' bds_state states[2*d-1]; @@ -62,10 +62,10 @@ int main() ); } - unsigned char sk[(params.index_len+4*n)]; + unsigned char sk[(params.index_bytes+4*n)]; unsigned char pk[2*n]; - unsigned long long signature_length = params.index_len + n + (d*params.wots_keysize) + h*n; + unsigned long long signature_length = params.index_bytes + n + (d*params.wots_sig_bytes) + h*n; unsigned char mo[MLEN+signature_length]; unsigned char sm[MLEN+signature_length]; @@ -75,12 +75,12 @@ int main() xmssmt_core_keypair(¶ms, pk, sk, states, wots_sigs); // check pub_seed in SK for (i = 0; i < n; i++) { - if (pk[n+i] != sk[params.index_len+2*n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); - if (pk[i] != sk[params.index_len+3*n+i]) printf("pk.root != sk.root %llu",i); + if (pk[n+i] != sk[params.index_bytes+2*n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); + if (pk[i] != sk[params.index_bytes+3*n+i]) printf("pk.root != sk.root %llu",i); } printf("pk checked\n"); - unsigned int idx_len = params.index_len; + unsigned int idx_len = params.index_bytes; // check index unsigned long long idx = 0; for (i = 0; i < idx_len; i++) { diff --git a/test/xmss_keypair.c b/test/xmss_keypair.c index d36c5ba..1d505d5 100644 --- a/test/xmss_keypair.c +++ b/test/xmss_keypair.c @@ -18,13 +18,13 @@ int main(int argc, char **argv) xmss_str_to_oid(&oid, argv[1]); xmss_parse_oid(¶ms, oid); - unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; - unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; + unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; + unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; xmss_keypair(pk, sk, oid); - fwrite(pk, 1, XMSS_OID_LEN + params.publickey_bytes, stdout); - fwrite(sk, 1, XMSS_OID_LEN + params.privatekey_bytes, stdout); + fwrite(pk, 1, XMSS_OID_LEN + params.pk_bytes, stdout); + fwrite(sk, 1, XMSS_OID_LEN + params.sk_bytes, stdout); fclose(stdout); } diff --git a/test/xmss_open.c b/test/xmss_open.c index a809514..fd41210 100644 --- a/test/xmss_open.c +++ b/test/xmss_open.c @@ -26,15 +26,15 @@ int main(int argc, char **argv) { fread(&oid, 1, XMSS_OID_LEN, keypair); xmss_parse_oid(¶ms, oid); - unsigned char pk[params.publickey_bytes]; - unsigned char sm[params.bytes + MLEN]; - unsigned char m[params.bytes + MLEN]; + unsigned char pk[params.pk_bytes]; + unsigned char sm[params.sig_bytes + MLEN]; + unsigned char m[params.sig_bytes + MLEN]; unsigned long long mlen; - fread(pk, 1, params.publickey_bytes, keypair); - fread(sm, 1, params.bytes + MLEN, stdin); + fread(pk, 1, params.pk_bytes, keypair); + fread(sm, 1, params.sig_bytes + MLEN, stdin); - ret = xmss_core_sign_open(¶ms, m, &mlen, sm, params.bytes + MLEN, pk); + ret = xmss_core_sign_open(¶ms, m, &mlen, sm, params.sig_bytes + MLEN, pk); if (ret) { printf("Verification failed!\n"); diff --git a/test/xmss_sign.c b/test/xmss_sign.c index e2e75eb..c4132f5 100644 --- a/test/xmss_sign.c +++ b/test/xmss_sign.c @@ -29,23 +29,23 @@ int main(int argc, char **argv) { xmss_parse_oid(¶ms, oid_pk); /* fseek past the public key */ - fseek(keypair, params.publickey_bytes, SEEK_CUR); + fseek(keypair, params.pk_bytes, SEEK_CUR); /* This is the OID we're actually going to use. Likely the same, but still. */ fread(&oid_sk, 1, XMSS_OID_LEN, keypair); xmss_parse_oid(¶ms, oid_sk); - unsigned char sk[params.privatekey_bytes]; + unsigned char sk[params.sk_bytes]; unsigned char m[MLEN]; - unsigned char sm[params.bytes + MLEN]; + unsigned char sm[params.sig_bytes + MLEN]; unsigned long long smlen; - fread(sk, 1, params.privatekey_bytes, keypair); + fread(sk, 1, params.sk_bytes, keypair); fread(m, 1, MLEN, stdin); xmss_core_sign(¶ms, sk, sm, &smlen, m, MLEN); - fseek(keypair, -((long int)params.privatekey_bytes), SEEK_CUR); - fwrite(sk, 1, params.privatekey_bytes, keypair); - fwrite(sm, 1, params.bytes + MLEN, stdout); + fseek(keypair, -((long int)params.sk_bytes), SEEK_CUR); + fwrite(sk, 1, params.sk_bytes, keypair); + fwrite(sm, 1, params.sig_bytes + MLEN, stdout); fclose(keypair); fclose(stdout); diff --git a/test/xmssmt_keypair.c b/test/xmssmt_keypair.c index 6e2982f..375356e 100644 --- a/test/xmssmt_keypair.c +++ b/test/xmssmt_keypair.c @@ -18,13 +18,13 @@ int main(int argc, char **argv) xmssmt_str_to_oid(&oid, argv[1]); xmssmt_parse_oid(¶ms, oid); - unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; - unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; + unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; + unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; xmssmt_keypair(pk, sk, oid); - fwrite(pk, 1, XMSS_OID_LEN + params.publickey_bytes, stdout); - fwrite(sk, 1, XMSS_OID_LEN + params.privatekey_bytes, stdout); + fwrite(pk, 1, XMSS_OID_LEN + params.pk_bytes, stdout); + fwrite(sk, 1, XMSS_OID_LEN + params.sk_bytes, stdout); fclose(stdout); } diff --git a/test/xmssmt_open.c b/test/xmssmt_open.c index 323eaac..821f517 100644 --- a/test/xmssmt_open.c +++ b/test/xmssmt_open.c @@ -26,15 +26,15 @@ int main(int argc, char **argv) { fread(&oid, 1, XMSS_OID_LEN, keypair); xmssmt_parse_oid(¶ms, oid); - unsigned char pk[params.publickey_bytes]; - unsigned char sm[params.bytes + MLEN]; - unsigned char m[params.bytes + MLEN]; + unsigned char pk[params.pk_bytes]; + unsigned char sm[params.sig_bytes + MLEN]; + unsigned char m[params.sig_bytes + MLEN]; unsigned long long mlen; - fread(pk, 1, params.publickey_bytes, keypair); - fread(sm, 1, params.bytes + MLEN, stdin); + fread(pk, 1, params.pk_bytes, keypair); + fread(sm, 1, params.sig_bytes + MLEN, stdin); - ret = xmssmt_core_sign_open(¶ms, m, &mlen, sm, params.bytes + MLEN, pk); + ret = xmssmt_core_sign_open(¶ms, m, &mlen, sm, params.sig_bytes + MLEN, pk); if (ret) { printf("Verification failed!\n"); diff --git a/test/xmssmt_sign.c b/test/xmssmt_sign.c index ecb23f3..6e29517 100644 --- a/test/xmssmt_sign.c +++ b/test/xmssmt_sign.c @@ -29,23 +29,23 @@ int main(int argc, char **argv) { xmssmt_parse_oid(¶ms, oid_pk); /* fseek past the public key. */ - fseek(keypair, params.publickey_bytes, SEEK_CUR); + fseek(keypair, params.pk_bytes, SEEK_CUR); /* This is the OID we're actually going to use. Likely the same, but still.. */ fread(&oid_sk, 1, XMSS_OID_LEN, keypair); xmssmt_parse_oid(¶ms, oid_sk); - unsigned char sk[params.privatekey_bytes]; + unsigned char sk[params.sk_bytes]; unsigned char m[MLEN]; - unsigned char sm[params.bytes + MLEN]; + unsigned char sm[params.sig_bytes + MLEN]; unsigned long long smlen; - fread(sk, 1, params.privatekey_bytes, keypair); + fread(sk, 1, params.sk_bytes, keypair); fread(m, 1, MLEN, stdin); xmssmt_core_sign(¶ms, sk, sm, &smlen, m, MLEN); - fseek(keypair, -((long int)params.privatekey_bytes), SEEK_CUR); - fwrite(sk, 1, params.privatekey_bytes, keypair); - fwrite(sm, 1, params.bytes + MLEN, stdout); + fseek(keypair, -((long int)params.sk_bytes), SEEK_CUR); + fwrite(sk, 1, params.sk_bytes, keypair); + fwrite(sm, 1, params.sig_bytes + MLEN, stdout); fclose(keypair); fclose(stdout); diff --git a/xmss_commons.c b/xmss_commons.c index c207752..7b1ce42 100644 --- a/xmss_commons.c +++ b/xmss_commons.c @@ -47,7 +47,7 @@ void gen_leaf_wots(const xmss_params *params, unsigned char *leaf, uint32_t ltree_addr[8], uint32_t ots_addr[8]) { unsigned char seed[params->n]; - unsigned char pk[params->wots_keysize]; + unsigned char pk[params->wots_sig_bytes]; get_seed(params, seed, sk_seed, ots_addr); wots_pkgen(params, pk, seed, pub_seed, ots_addr); @@ -191,7 +191,7 @@ int xmss_core_sign_open(const xmss_params *params, const unsigned char *pk) { const unsigned char *pub_seed = pk + params->n; - unsigned char wots_pk[params->wots_keysize]; + unsigned char wots_pk[params->wots_sig_bytes]; unsigned char leaf[params->n]; unsigned char root[params->n]; unsigned char mhash[params->n]; @@ -205,20 +205,20 @@ int xmss_core_sign_open(const xmss_params *params, set_type(ltree_addr, XMSS_ADDR_TYPE_LTREE); set_type(node_addr, XMSS_ADDR_TYPE_HASHTREE); - *mlen = smlen - params->bytes; + *mlen = smlen - params->sig_bytes; /* Convert the index bytes from the signature to an integer. */ - idx = (unsigned long)bytes_to_ull(sm, params->index_len); + idx = (unsigned long)bytes_to_ull(sm, params->index_bytes); /* Compute the message hash. */ - hash_message(params, mhash, sm + params->index_len, pk, idx, - sm + params->bytes, *mlen); - sm += params->index_len + params->n; + hash_message(params, mhash, sm + params->index_bytes, pk, idx, + sm + params->sig_bytes, *mlen); + sm += params->index_bytes + params->n; /* The WOTS public key is only correct if the signature was correct. */ set_ots_addr(ots_addr, idx); wots_pk_from_sig(params, wots_pk, sm, mhash, pub_seed, ots_addr); - sm += params->wots_keysize; + sm += params->wots_sig_bytes; /* Compute the leaf node using the WOTS public key. */ set_ltree_addr(ltree_addr, idx); @@ -252,7 +252,7 @@ int xmssmt_core_sign_open(const xmss_params *params, const unsigned char *pk) { const unsigned char *pub_seed = pk + params->n; - unsigned char wots_pk[params->wots_keysize]; + unsigned char wots_pk[params->wots_sig_bytes]; unsigned char leaf[params->n]; unsigned char root[params->n]; unsigned char *mhash = root; @@ -268,15 +268,15 @@ int xmssmt_core_sign_open(const xmss_params *params, set_type(ltree_addr, XMSS_ADDR_TYPE_LTREE); set_type(node_addr, XMSS_ADDR_TYPE_HASHTREE); - *mlen = smlen - params->bytes; + *mlen = smlen - params->sig_bytes; /* Convert the index bytes from the signature to an integer. */ - idx = bytes_to_ull(sm, params->index_len); + idx = bytes_to_ull(sm, params->index_bytes); /* Compute the message hash. */ - hash_message(params, mhash, sm + params->index_len, pk, idx, - sm + params->bytes, *mlen); - sm += params->index_len + params->n; + hash_message(params, mhash, sm + params->index_bytes, pk, idx, + sm + params->sig_bytes, *mlen); + sm += params->index_bytes + params->n; /* For each subtree.. */ for (i = 0; i < params->d; i++) { @@ -296,7 +296,7 @@ int xmssmt_core_sign_open(const xmss_params *params, /* Initially, root = mhash, but on subsequent iterations it is the root of the subtree below the currently processed subtree. */ wots_pk_from_sig(params, wots_pk, sm, root, pub_seed, ots_addr); - sm += params->wots_keysize; + sm += params->wots_sig_bytes; /* Compute the leaf node using the WOTS public key. */ set_ltree_addr(ltree_addr, idx_leaf); diff --git a/xmss_core.c b/xmss_core.c index 2410d57..5dfa541 100644 --- a/xmss_core.c +++ b/xmss_core.c @@ -107,10 +107,10 @@ int xmss_core_sign(const xmss_params *params, unsigned char *sm, unsigned long long *smlen, const unsigned char *m, unsigned long long mlen) { - const unsigned char *sk_seed = sk + params->index_len; - const unsigned char *sk_prf = sk + params->index_len + params->n; - const unsigned char *pub_seed = sk + params->index_len + 2*params->n; - const unsigned char *pub_root = sk + params->index_len + 3*params->n; + const unsigned char *sk_seed = sk + params->index_bytes; + const unsigned char *sk_prf = sk + params->index_bytes + params->n; + const unsigned char *pub_seed = sk + params->index_bytes + 2*params->n; + const unsigned char *pub_root = sk + params->index_bytes + 3*params->n; unsigned char root[params->n]; unsigned char mhash[params->n]; @@ -122,15 +122,15 @@ int xmss_core_sign(const xmss_params *params, set_type(ots_addr, XMSS_ADDR_TYPE_OTS); /* Read and use the current index from the secret key. */ - idx = (unsigned long)bytes_to_ull(sk, params->index_len); - memcpy(sm, sk, params->index_len); - sm += params->index_len; + idx = (unsigned long)bytes_to_ull(sk, params->index_bytes); + memcpy(sm, sk, params->index_bytes); + sm += params->index_bytes; /************************************************************************* * THIS IS WHERE PRODUCTION IMPLEMENTATIONS WOULD UPDATE THE SECRET KEY. * *************************************************************************/ /* Increment the index in the secret key. */ - ull_to_bytes(sk, params->index_len, idx + 1); + ull_to_bytes(sk, params->index_bytes, idx + 1); /* Compute the digest randomization value. */ ull_to_bytes(idx_bytes_32, 32, idx); @@ -147,14 +147,14 @@ int xmss_core_sign(const xmss_params *params, /* Compute a WOTS signature on the message hash. */ wots_sign(params, sm, mhash, ots_seed, pub_seed, ots_addr); - sm += params->wots_keysize; + sm += params->wots_sig_bytes; /* Compute the authentication path for the used WOTS leaf. */ treehash(params, root, sm, sk_seed, pub_seed, idx, ots_addr); sm += params->tree_height*params->n; memcpy(sm, m, mlen); - *smlen = params->bytes + mlen; + *smlen = params->sig_bytes + mlen; return 0; } @@ -175,8 +175,8 @@ int xmssmt_core_keypair(const xmss_params *params, set_layer_addr(top_tree_addr, params->d - 1); /* Initialize index to 0. */ - memset(sk, 0, params->index_len); - sk += params->index_len; + memset(sk, 0, params->index_bytes); + sk += params->index_bytes; /* Initialize SK_SEED, SK_PRF and PUB_SEED. */ randombytes(sk, 3 * params->n); @@ -198,10 +198,10 @@ int xmssmt_core_sign(const xmss_params *params, unsigned char *sm, unsigned long long *smlen, const unsigned char *m, unsigned long long mlen) { - const unsigned char *sk_seed = sk + params->index_len; - const unsigned char *sk_prf = sk + params->index_len + params->n; - const unsigned char *pub_seed = sk + params->index_len + 2*params->n; - const unsigned char *pub_root = sk + params->index_len + 3*params->n; + const unsigned char *sk_seed = sk + params->index_bytes; + const unsigned char *sk_prf = sk + params->index_bytes + params->n; + const unsigned char *pub_seed = sk + params->index_bytes + 2*params->n; + const unsigned char *pub_root = sk + params->index_bytes + 3*params->n; unsigned char root[params->n]; unsigned char *mhash = root; @@ -215,15 +215,15 @@ int xmssmt_core_sign(const xmss_params *params, set_type(ots_addr, XMSS_ADDR_TYPE_OTS); /* Read and use the current index from the secret key. */ - idx = (unsigned long)bytes_to_ull(sk, params->index_len); - memcpy(sm, sk, params->index_len); - sm += params->index_len; + idx = (unsigned long)bytes_to_ull(sk, params->index_bytes); + memcpy(sm, sk, params->index_bytes); + sm += params->index_bytes; /************************************************************************* * THIS IS WHERE PRODUCTION IMPLEMENTATIONS WOULD UPDATE THE SECRET KEY. * *************************************************************************/ /* Increment the index in the secret key. */ - ull_to_bytes(sk, params->index_len, idx + 1); + ull_to_bytes(sk, params->index_bytes, idx + 1); /* Compute the digest randomization value. */ ull_to_bytes(idx_bytes_32, 32, idx); @@ -250,7 +250,7 @@ int xmssmt_core_sign(const xmss_params *params, /* Initially, root = mhash, but on subsequent iterations it is the root of the subtree below the currently processed subtree. */ wots_sign(params, sm, root, ots_seed, pub_seed, ots_addr); - sm += params->wots_keysize; + sm += params->wots_sig_bytes; /* Compute the authentication path for the used WOTS leaf. */ treehash(params, root, sm, sk_seed, pub_seed, idx_leaf, ots_addr); @@ -258,7 +258,7 @@ int xmssmt_core_sign(const xmss_params *params, } memcpy(sm, m, mlen); - *smlen = params->bytes + mlen; + *smlen = params->sig_bytes + mlen; return 0; } diff --git a/xmss_core_fast.c b/xmss_core_fast.c index 84ffa00..9971805 100644 --- a/xmss_core_fast.c +++ b/xmss_core_fast.c @@ -360,14 +360,14 @@ int xmss_core_keypair(const xmss_params *params, sk[2] = 0; sk[3] = 0; // Init SK_SEED (n byte), SK_PRF (n byte), and PUB_SEED (n byte) - randombytes(sk + params->index_len, 3*params->n); + randombytes(sk + params->index_bytes, 3*params->n); // Copy PUB_SEED to public key - memcpy(pk + params->n, sk + params->index_len + 2*params->n, params->n); + memcpy(pk + params->n, sk + params->index_bytes + 2*params->n, params->n); // Compute root - treehash_init(params, pk, params->tree_height, 0, state, sk + params->index_len, sk + params->index_len + 2*params->n, addr); + treehash_init(params, pk, params->tree_height, 0, state, sk + params->index_bytes, sk + params->index_bytes + 2*params->n, addr); // copy root o sk - memcpy(sk + params->index_len + 3*params->n, pk, params->n); + memcpy(sk + params->index_bytes + 3*params->n, pk, params->n); return 0; } @@ -388,11 +388,11 @@ int xmss_core_sign(const xmss_params *params, // Extract SK unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3]; unsigned char sk_seed[params->n]; - memcpy(sk_seed, sk + params->index_len, params->n); + memcpy(sk_seed, sk + params->index_bytes, params->n); unsigned char sk_prf[params->n]; - memcpy(sk_prf, sk + params->index_len + params->n, params->n); + memcpy(sk_prf, sk + params->index_bytes + params->n, params->n); unsigned char pub_seed[params->n]; - memcpy(pub_seed, sk + params->index_len + 2*params->n, params->n); + memcpy(pub_seed, sk + params->index_bytes + 2*params->n, params->n); // index as 32 bytes string unsigned char idx_bytes_32[32]; @@ -463,8 +463,8 @@ int xmss_core_sign(const xmss_params *params, // Compute WOTS signature wots_sign(params, sm, msg_h, ots_seed, pub_seed, ots_addr); - sm += params->wots_keysize; - *smlen += params->wots_keysize; + sm += params->wots_sig_bytes; + *smlen += params->wots_sig_bytes; // the auth path was already computed during the previous round memcpy(sm, state->auth, params->tree_height*params->n); @@ -497,27 +497,27 @@ int xmssmt_core_keypair(const xmss_params *params, unsigned int i; // Set idx = 0 - for (i = 0; i < params->index_len; i++) { + for (i = 0; i < params->index_bytes; i++) { sk[i] = 0; } // Init SK_SEED (params->n byte), SK_PRF (params->n byte), and PUB_SEED (params->n byte) - randombytes(sk+params->index_len, 3*params->n); + randombytes(sk+params->index_bytes, 3*params->n); // Copy PUB_SEED to public key - memcpy(pk+params->n, sk+params->index_len+2*params->n, params->n); + memcpy(pk+params->n, sk+params->index_bytes+2*params->n, params->n); // Start with the bottom-most layer set_layer_addr(addr, 0); // Set up state and compute wots signatures for all but topmost tree root for (i = 0; i < params->d - 1; i++) { // Compute seed for OTS key pair - treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_len, pk+params->n, addr); + treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_bytes, pk+params->n, addr); set_layer_addr(addr, (i+1)); - get_seed(params, ots_seed, sk + params->index_len, addr); - wots_sign(params, wots_sigs + i*params->wots_keysize, pk, ots_seed, pk+params->n, addr); + get_seed(params, ots_seed, sk + params->index_bytes, addr); + wots_sign(params, wots_sigs + i*params->wots_sig_bytes, pk, ots_seed, pk+params->n, addr); } // Address now points to the single tree on layer d-1 - treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_len, pk+params->n, addr); - memcpy(sk + params->index_len + 3*params->n, pk, params->n); + treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_bytes, pk+params->n, addr); + memcpy(sk + params->index_bytes + 3*params->n, pk, params->n); return 0; } @@ -555,17 +555,17 @@ int xmssmt_core_sign(const xmss_params *params, // Extract SK unsigned long long idx = 0; - for (i = 0; i < params->index_len; i++) { - idx |= ((unsigned long long)sk[i]) << 8*(params->index_len - 1 - i); + for (i = 0; i < params->index_bytes; i++) { + idx |= ((unsigned long long)sk[i]) << 8*(params->index_bytes - 1 - i); } - memcpy(sk_seed, sk+params->index_len, params->n); - memcpy(sk_prf, sk+params->index_len+params->n, params->n); - memcpy(pub_seed, sk+params->index_len+2*params->n, params->n); + memcpy(sk_seed, sk+params->index_bytes, params->n); + memcpy(sk_prf, sk+params->index_bytes+params->n, params->n); + memcpy(pub_seed, sk+params->index_bytes+2*params->n, params->n); // Update SK - for (i = 0; i < params->index_len; i++) { - sk[i] = ((idx + 1) >> 8*(params->index_len - 1 - i)) & 255; + for (i = 0; i < params->index_bytes; i++) { + sk[i] = ((idx + 1) >> 8*(params->index_bytes - 1 - i)) & 255; } // Secret key for this non-forward-secure version is now updated. // A production implementation should consider using a file handle instead, @@ -581,7 +581,7 @@ int xmssmt_core_sign(const xmss_params *params, prf(params, R, idx_bytes_32, sk_prf, params->n); // Generate hash key (R || root || idx) memcpy(hash_key, R, params->n); - memcpy(hash_key+params->n, sk+params->index_len+3*params->n, params->n); + memcpy(hash_key+params->n, sk+params->index_bytes+3*params->n, params->n); ull_to_bytes(hash_key+2*params->n, params->n, idx); // Then use it for message digest @@ -591,12 +591,12 @@ int xmssmt_core_sign(const xmss_params *params, *smlen = 0; // Copy index to signature - for (i = 0; i < params->index_len; i++) { - sm[i] = (idx >> 8*(params->index_len - 1 - i)) & 255; + for (i = 0; i < params->index_bytes; i++) { + sm[i] = (idx >> 8*(params->index_bytes - 1 - i)) & 255; } - sm += params->index_len; - *smlen += params->index_len; + sm += params->index_bytes; + *smlen += params->index_bytes; // Copy R to signature for (i = 0; i < params->n; i++) { @@ -626,8 +626,8 @@ int xmssmt_core_sign(const xmss_params *params, // Compute WOTS signature wots_sign(params, sm, msg_h, ots_seed, pub_seed, ots_addr); - sm += params->wots_keysize; - *smlen += params->wots_keysize; + sm += params->wots_sig_bytes; + *smlen += params->wots_sig_bytes; memcpy(sm, states[0].auth, params->tree_height*params->n); sm += params->tree_height*params->n; @@ -636,10 +636,10 @@ int xmssmt_core_sign(const xmss_params *params, // prepare signature of remaining layers for (i = 1; i < params->d; i++) { // put WOTS signature in place - memcpy(sm, wots_sigs + (i-1)*params->wots_keysize, params->wots_keysize); + memcpy(sm, wots_sigs + (i-1)*params->wots_sig_bytes, params->wots_sig_bytes); - sm += params->wots_keysize; - *smlen += params->wots_keysize; + sm += params->wots_sig_bytes; + *smlen += params->wots_sig_bytes; // put AUTH nodes in place memcpy(sm, states[i].auth, params->tree_height*params->n); @@ -684,8 +684,8 @@ int xmssmt_core_sign(const xmss_params *params, set_tree_addr(ots_addr, ((idx + 1) >> ((i+2) * params->tree_height))); set_ots_addr(ots_addr, (((idx >> ((i+1) * params->tree_height)) + 1) & ((1 << params->tree_height)-1))); - get_seed(params, ots_seed, sk+params->index_len, ots_addr); - wots_sign(params, wots_sigs + i*params->wots_keysize, states[i].stack, ots_seed, pub_seed, ots_addr); + get_seed(params, ots_seed, sk+params->index_bytes, ots_addr); + wots_sign(params, wots_sigs + i*params->wots_sig_bytes, states[i].stack, ots_seed, pub_seed, ots_addr); states[params->d + i].stackoffset = 0; states[params->d + i].next_leaf = 0;