@@ -59,12 +59,12 @@ void set_ltree_addr(uint32_t addr[8], uint32_t ltree) | |||||
/* These functions are used for hash tree addresses. */ | /* These functions are used for hash tree addresses. */ | ||||
void set_tree_height(uint32_t addr[8], uint32_t treeHeight) | |||||
void set_tree_height(uint32_t addr[8], uint32_t tree_height) | |||||
{ | { | ||||
addr[5] = treeHeight; | |||||
addr[5] = tree_height; | |||||
} | } | ||||
void set_tree_index(uint32_t addr[8], uint32_t treeIndex) | |||||
void set_tree_index(uint32_t addr[8], uint32_t tree_index) | |||||
{ | { | ||||
addr[6] = treeIndex; | |||||
addr[6] = tree_index; | |||||
} | } |
@@ -32,8 +32,8 @@ void set_ltree_addr(uint32_t addr[8], uint32_t ltree); | |||||
/* These functions are used for hash tree addresses. */ | /* These functions are used for hash tree addresses. */ | ||||
void set_tree_height(uint32_t addr[8], uint32_t treeHeight); | |||||
void set_tree_height(uint32_t addr[8], uint32_t tree_height); | |||||
void set_tree_index(uint32_t addr[8], uint32_t treeIndex); | |||||
void set_tree_index(uint32_t addr[8], uint32_t tree_index); | |||||
#endif | #endif |
@@ -227,20 +227,17 @@ int xmss_parse_oid(xmss_params *params, const uint32_t oid) | |||||
params->tree_height = params->full_height / params->d; | params->tree_height = params->full_height / params->d; | ||||
params->wots_w = 16; | params->wots_w = 16; | ||||
params->wots_log_w = 4; | params->wots_log_w = 4; | ||||
if (params->n == 32) { | |||||
params->wots_len1 = 64; | |||||
} | |||||
else { | |||||
params->wots_len1 = 128; | |||||
} | |||||
params->wots_len1 = 8 * params->n / params->wots_log_w; | |||||
/* len_2 = floor(log(len_1 * (w - 1)) / log(w)) + 1 */ | |||||
params->wots_len2 = 3; | params->wots_len2 = 3; | ||||
params->wots_len = params->wots_len1 + params->wots_len2; | params->wots_len = params->wots_len1 + params->wots_len2; | ||||
params->wots_keysize = params->wots_len * params->n; | |||||
params->index_len = 4; | |||||
params->bytes = (params->index_len + params->n + params->d*params->wots_keysize | |||||
+ params->full_height *params->n); | |||||
params->publickey_bytes = 2*params->n; | |||||
params->privatekey_bytes = 4*params->n + params->index_len; | |||||
params->wots_sig_bytes = params->wots_len * params->n; | |||||
params->index_bytes = 4; | |||||
params->sig_bytes = (params->index_bytes + params->n | |||||
+ params->d * params->wots_sig_bytes | |||||
+ params->full_height * params->n); | |||||
params->pk_bytes = 2 * params->n; | |||||
params->sk_bytes = 4 * params->n + params->index_bytes; | |||||
// TODO figure out sensible and legal values for this based on the above | // TODO figure out sensible and legal values for this based on the above | ||||
params->bds_k = 0; | params->bds_k = 0; | ||||
@@ -447,21 +444,18 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid) | |||||
params->tree_height = params->full_height / params->d; | params->tree_height = params->full_height / params->d; | ||||
params->wots_w = 16; | params->wots_w = 16; | ||||
params->wots_log_w = 4; | params->wots_log_w = 4; | ||||
if (params->n == 32) { | |||||
params->wots_len1 = 64; | |||||
} | |||||
else { | |||||
params->wots_len1 = 128; | |||||
} | |||||
params->wots_len1 = 8 * params->n / params->wots_log_w; | |||||
/* len_2 = floor(log(len_1 * (w - 1)) / log(w)) + 1 */ | |||||
params->wots_len2 = 3; | params->wots_len2 = 3; | ||||
params->wots_len = params->wots_len1 + params->wots_len2; | params->wots_len = params->wots_len1 + params->wots_len2; | ||||
params->wots_keysize = params->wots_len * params->n; | |||||
/* Round index_len up to nearest byte. */ | |||||
params->index_len = (params->full_height + 7) / 8; | |||||
params->bytes = (params->index_len + params->n + params->d*params->wots_keysize | |||||
+ params->full_height *params->n); | |||||
params->publickey_bytes = 2*params->n; | |||||
params->privatekey_bytes = 4*params->n + params->index_len; | |||||
params->wots_sig_bytes = params->wots_len * params->n; | |||||
/* Round index_bytes up to nearest byte. */ | |||||
params->index_bytes = (params->full_height + 7) / 8; | |||||
params->sig_bytes = (params->index_bytes + params->n | |||||
+ params->d * params->wots_sig_bytes | |||||
+ params->full_height * params->n); | |||||
params->pk_bytes = 2 * params->n; | |||||
params->sk_bytes = 4 * params->n + params->index_bytes; | |||||
// TODO figure out sensible and legal values for this based on the above | // TODO figure out sensible and legal values for this based on the above | ||||
params->bds_k = 0; | params->bds_k = 0; | ||||
@@ -19,14 +19,14 @@ typedef struct { | |||||
unsigned int wots_len1; | unsigned int wots_len1; | ||||
unsigned int wots_len2; | unsigned int wots_len2; | ||||
unsigned int wots_len; | unsigned int wots_len; | ||||
unsigned int wots_keysize; | |||||
unsigned int wots_sig_bytes; | |||||
unsigned int full_height; | unsigned int full_height; | ||||
unsigned int tree_height; | unsigned int tree_height; | ||||
unsigned int d; | unsigned int d; | ||||
unsigned int index_len; | |||||
unsigned int bytes; | |||||
unsigned int publickey_bytes; | |||||
unsigned int privatekey_bytes; | |||||
unsigned int index_bytes; | |||||
unsigned int sig_bytes; | |||||
unsigned int pk_bytes; | |||||
unsigned int sk_bytes; | |||||
unsigned int bds_k; | unsigned int bds_k; | ||||
} xmss_params; | } xmss_params; | ||||
@@ -20,19 +20,19 @@ int main() | |||||
xmss_str_to_oid(&oid, oidstr); | xmss_str_to_oid(&oid, oidstr); | ||||
xmss_parse_oid(¶ms, oid); | xmss_parse_oid(¶ms, oid); | ||||
unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; | |||||
unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; | |||||
unsigned char sk2[XMSS_OID_LEN + params.privatekey_bytes]; | |||||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; | |||||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; | |||||
unsigned char sk2[XMSS_OID_LEN + params.sk_bytes]; | |||||
unsigned char m[MLEN]; | unsigned char m[MLEN]; | ||||
unsigned char sm[params.bytes + MLEN]; | |||||
unsigned char sm2[params.bytes + MLEN]; | |||||
unsigned char sm[params.sig_bytes + MLEN]; | |||||
unsigned char sm2[params.sig_bytes + MLEN]; | |||||
unsigned long long smlen; | unsigned long long smlen; | ||||
xmss_keypair(pk, sk, oid); | xmss_keypair(pk, sk, oid); | ||||
/* Duplicate the key, because the original will be modified. */ | /* Duplicate the key, because the original will be modified. */ | ||||
memcpy(sk2, sk, XMSS_OID_LEN + params.privatekey_bytes); | |||||
memcpy(sk2, sk, XMSS_OID_LEN + params.sk_bytes); | |||||
/* Sign a random message (but twice the same one). */ | /* Sign a random message (but twice the same one). */ | ||||
randombytes(m, MLEN); | randombytes(m, MLEN); | ||||
@@ -41,9 +41,9 @@ int main() | |||||
xmss_sign(sk2, sm2, &smlen, m, MLEN); | xmss_sign(sk2, sm2, &smlen, m, MLEN); | ||||
/* Compare signature, and, if applicable, print the differences. */ | /* Compare signature, and, if applicable, print the differences. */ | ||||
if (memcmp(sm, sm2, params.bytes + MLEN)) { | |||||
if (memcmp(sm, sm2, params.sig_bytes + MLEN)) { | |||||
fprintf(stderr, "signatures differ!\n"); | fprintf(stderr, "signatures differ!\n"); | ||||
for (i = 0; i < params.bytes + MLEN; i++) { | |||||
for (i = 0; i < params.sig_bytes + MLEN; i++) { | |||||
fprintf(stderr, (sm[i] != sm2[i] ? "x" : ".")); | fprintf(stderr, (sm[i] != sm2[i] ? "x" : ".")); | ||||
} | } | ||||
fprintf(stderr, "\n"); | fprintf(stderr, "\n"); | ||||
@@ -24,18 +24,18 @@ int main() | |||||
unsigned long long i, j; | unsigned long long i, j; | ||||
unsigned long errors = 0; | unsigned long errors = 0; | ||||
unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; | |||||
unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; | |||||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; | |||||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; | |||||
unsigned char mo[MLEN+params.bytes]; | |||||
unsigned char sm[MLEN+params.bytes]; | |||||
unsigned char mo[MLEN+params.sig_bytes]; | |||||
unsigned char sm[MLEN+params.sig_bytes]; | |||||
printf("keypair\n"); | printf("keypair\n"); | ||||
xmss_keypair(pk, sk, oid); | xmss_keypair(pk, sk, oid); | ||||
// check pub_seed in SK | // check pub_seed in SK | ||||
for (i = 0; i < params.n; i++) { | for (i = 0; i < params.n; i++) { | ||||
if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_len+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||||
if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_len+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||||
if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||||
if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||||
} | } | ||||
// check index | // check index | ||||
@@ -55,7 +55,7 @@ int main() | |||||
} | } | ||||
printf("\n"); | printf("\n"); | ||||
r = memcmp(mi, sm+params.bytes,MLEN); | |||||
r = memcmp(mi, sm+params.sig_bytes,MLEN); | |||||
printf("%d\n", r); | printf("%d\n", r); | ||||
/* Test valid signature */ | /* Test valid signature */ | ||||
@@ -68,7 +68,7 @@ int main() | |||||
printf("%llu\n", MLEN-mlen); | printf("%llu\n", MLEN-mlen); | ||||
/* Test with modified message */ | /* Test with modified message */ | ||||
sm[params.bytes+10] ^= 1; | |||||
sm[params.sig_bytes+10] ^= 1; | |||||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | ||||
printf("%d\n", r+1); | printf("%d\n", r+1); | ||||
if (r == 0) errors++; | if (r == 0) errors++; | ||||
@@ -78,7 +78,7 @@ int main() | |||||
/* Test with modified signature */ | /* Test with modified signature */ | ||||
/* Modified index */ | /* Modified index */ | ||||
sm[params.bytes+10] ^= 1; | |||||
sm[params.sig_bytes+10] ^= 1; | |||||
sm[2] ^= 1; | sm[2] ^= 1; | ||||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | ||||
printf("%d\n", r+1); | printf("%d\n", r+1); | ||||
@@ -109,7 +109,7 @@ int main() | |||||
/* Modified AUTH */ | /* Modified AUTH */ | ||||
sm[240] ^= 1; | sm[240] ^= 1; | ||||
sm[params.bytes - 10] ^= 1; | |||||
sm[params.sig_bytes - 10] ^= 1; | |||||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | ||||
printf("%d\n", r+1); | printf("%d\n", r+1); | ||||
if (r == 0) errors++; | if (r == 0) errors++; | ||||
@@ -26,7 +26,7 @@ int main() | |||||
unsigned char sk[4*params.n+4]; | unsigned char sk[4*params.n+4]; | ||||
unsigned char pk[2*params.n]; | unsigned char pk[2*params.n]; | ||||
unsigned long long signature_length = 4+params.n+params.wots_keysize+params.tree_height*params.n; | |||||
unsigned long long signature_length = 4+params.n+params.wots_sig_bytes+params.tree_height*params.n; | |||||
unsigned char mo[MLEN+signature_length]; | unsigned char mo[MLEN+signature_length]; | ||||
unsigned char sm[MLEN+signature_length]; | unsigned char sm[MLEN+signature_length]; | ||||
@@ -49,7 +49,7 @@ int main() | |||||
treehash[i].node = &th_nodes[params.n*i]; | treehash[i].node = &th_nodes[params.n*i]; | ||||
xmss_set_bds_state(state, stack, stackoffset, stacklevels, auth, keep, treehash, retain, 0); | xmss_set_bds_state(state, stack, stackoffset, stacklevels, auth, keep, treehash, retain, 0); | ||||
unsigned long long signature_length = 4+params.n+params.wots_keysize+params.tree_height*params.n; | |||||
unsigned long long signature_length = 4+params.n+params.wots_sig_bytes+params.tree_height*params.n; | |||||
unsigned char mi[MLEN]; | unsigned char mi[MLEN]; | ||||
unsigned char mo[MLEN+signature_length]; | unsigned char mo[MLEN+signature_length]; | ||||
unsigned char sm[MLEN+signature_length]; | unsigned char sm[MLEN+signature_length]; | ||||
@@ -23,26 +23,26 @@ int main() | |||||
int r; | int r; | ||||
unsigned long long i,j; | unsigned long long i,j; | ||||
unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; | |||||
unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; | |||||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; | |||||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; | |||||
unsigned char mo[MLEN+params.bytes]; | |||||
unsigned char sm[MLEN+params.bytes]; | |||||
unsigned char mo[MLEN+params.sig_bytes]; | |||||
unsigned char sm[MLEN+params.sig_bytes]; | |||||
printf("keypair\n"); | printf("keypair\n"); | ||||
xmssmt_keypair(pk, sk, oid); | xmssmt_keypair(pk, sk, oid); | ||||
// check pub_seed in SK | // check pub_seed in SK | ||||
for (i = 0; i < params.n; i++) { | for (i = 0; i < params.n; i++) { | ||||
if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_len+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||||
if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_len+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||||
if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||||
if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||||
} | } | ||||
printf("pk checked\n"); | printf("pk checked\n"); | ||||
// check index | // check index | ||||
unsigned long long idx = 0; | unsigned long long idx = 0; | ||||
for (i = 0; i < params.index_len; i++) { | |||||
idx |= ((unsigned long long)sk[i + XMSS_OID_LEN]) << 8*(params.index_len - 1 - i); | |||||
for (i = 0; i < params.index_bytes; i++) { | |||||
idx |= ((unsigned long long)sk[i + XMSS_OID_LEN]) << 8*(params.index_bytes - 1 - i); | |||||
} | } | ||||
if (idx) printf("\nidx != 0: %llu\n",idx); | if (idx) printf("\nidx != 0: %llu\n",idx); | ||||
@@ -53,11 +53,11 @@ int main() | |||||
printf("sign\n"); | printf("sign\n"); | ||||
xmssmt_sign(sk, sm, &smlen, mi, MLEN); | xmssmt_sign(sk, sm, &smlen, mi, MLEN); | ||||
idx = 0; | idx = 0; | ||||
for (j = 0; j < params.index_len; j++) { | |||||
idx += ((unsigned long long)sm[j]) << 8*(params.index_len - 1 - j); | |||||
for (j = 0; j < params.index_bytes; j++) { | |||||
idx += ((unsigned long long)sm[j]) << 8*(params.index_bytes - 1 - j); | |||||
} | } | ||||
printf("\nidx = %llu\n",idx); | printf("\nidx = %llu\n",idx); | ||||
r = memcmp(mi, sm+params.bytes,MLEN); | |||||
r = memcmp(mi, sm+params.sig_bytes,MLEN); | |||||
printf("%d\n", r); | printf("%d\n", r); | ||||
for (j = 0; j < smlen; j++) { | for (j = 0; j < smlen; j++) { | ||||
@@ -22,10 +22,10 @@ int main() | |||||
int r; | int r; | ||||
unsigned long long i,j; | unsigned long long i,j; | ||||
unsigned char sk[(params.index_len+4*params.n)]; | |||||
unsigned char sk[(params.index_bytes+4*params.n)]; | |||||
unsigned char pk[2*params.n]; | unsigned char pk[2*params.n]; | ||||
unsigned long long signature_length = params.index_len + params.n + (params.d*params.wots_keysize) + params.full_height*params.n; | |||||
unsigned long long signature_length = params.index_bytes + params.n + (params.d*params.wots_sig_bytes) + params.full_height*params.n; | |||||
unsigned char mo[MLEN+signature_length]; | unsigned char mo[MLEN+signature_length]; | ||||
unsigned char sm[MLEN+signature_length]; | unsigned char sm[MLEN+signature_length]; | ||||
@@ -33,12 +33,12 @@ int main() | |||||
xmssmt_core_keypair(¶ms, pk, sk); | xmssmt_core_keypair(¶ms, pk, sk); | ||||
// check pub_seed in SK | // check pub_seed in SK | ||||
for (i = 0; i < params.n; i++) { | for (i = 0; i < params.n; i++) { | ||||
if (pk[params.n+i] != sk[params.index_len+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||||
if (pk[i] != sk[params.index_len+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||||
if (pk[params.n+i] != sk[params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||||
if (pk[i] != sk[params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||||
} | } | ||||
printf("pk checked\n"); | printf("pk checked\n"); | ||||
unsigned int idx_len = params.index_len; | |||||
unsigned int idx_len = params.index_bytes; | |||||
// check index | // check index | ||||
unsigned long long idx = 0; | unsigned long long idx = 0; | ||||
for (i = 0; i < idx_len; i++) { | for (i = 0; i < idx_len; i++) { | ||||
@@ -45,7 +45,7 @@ int main() | |||||
treehash_inst treehash[(2*d-1) * (tree_h-k)]; | treehash_inst treehash[(2*d-1) * (tree_h-k)]; | ||||
unsigned char th_nodes[(2*d-1) * (tree_h-k)*n]; | unsigned char th_nodes[(2*d-1) * (tree_h-k)*n]; | ||||
unsigned char retain[(2*d-1) * ((1 << k) - k - 1)*n]; | unsigned char retain[(2*d-1) * ((1 << k) - k - 1)*n]; | ||||
unsigned char wots_sigs[d * params.wots_keysize]; | |||||
unsigned char wots_sigs[d * params.wots_sig_bytes]; | |||||
// first d are 'regular' states, second d are 'next'; top tree has no 'next' | // first d are 'regular' states, second d are 'next'; top tree has no 'next' | ||||
bds_state states[2*d-1]; | bds_state states[2*d-1]; | ||||
@@ -62,10 +62,10 @@ int main() | |||||
); | ); | ||||
} | } | ||||
unsigned char sk[(params.index_len+4*n)]; | |||||
unsigned char sk[(params.index_bytes+4*n)]; | |||||
unsigned char pk[2*n]; | unsigned char pk[2*n]; | ||||
unsigned long long signature_length = params.index_len + n + (d*params.wots_keysize) + h*n; | |||||
unsigned long long signature_length = params.index_bytes + n + (d*params.wots_sig_bytes) + h*n; | |||||
unsigned char mo[MLEN+signature_length]; | unsigned char mo[MLEN+signature_length]; | ||||
unsigned char sm[MLEN+signature_length]; | unsigned char sm[MLEN+signature_length]; | ||||
@@ -75,12 +75,12 @@ int main() | |||||
xmssmt_core_keypair(¶ms, pk, sk, states, wots_sigs); | xmssmt_core_keypair(¶ms, pk, sk, states, wots_sigs); | ||||
// check pub_seed in SK | // check pub_seed in SK | ||||
for (i = 0; i < n; i++) { | for (i = 0; i < n; i++) { | ||||
if (pk[n+i] != sk[params.index_len+2*n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||||
if (pk[i] != sk[params.index_len+3*n+i]) printf("pk.root != sk.root %llu",i); | |||||
if (pk[n+i] != sk[params.index_bytes+2*n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||||
if (pk[i] != sk[params.index_bytes+3*n+i]) printf("pk.root != sk.root %llu",i); | |||||
} | } | ||||
printf("pk checked\n"); | printf("pk checked\n"); | ||||
unsigned int idx_len = params.index_len; | |||||
unsigned int idx_len = params.index_bytes; | |||||
// check index | // check index | ||||
unsigned long long idx = 0; | unsigned long long idx = 0; | ||||
for (i = 0; i < idx_len; i++) { | for (i = 0; i < idx_len; i++) { | ||||
@@ -18,13 +18,13 @@ int main(int argc, char **argv) | |||||
xmss_str_to_oid(&oid, argv[1]); | xmss_str_to_oid(&oid, argv[1]); | ||||
xmss_parse_oid(¶ms, oid); | xmss_parse_oid(¶ms, oid); | ||||
unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; | |||||
unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; | |||||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; | |||||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; | |||||
xmss_keypair(pk, sk, oid); | xmss_keypair(pk, sk, oid); | ||||
fwrite(pk, 1, XMSS_OID_LEN + params.publickey_bytes, stdout); | |||||
fwrite(sk, 1, XMSS_OID_LEN + params.privatekey_bytes, stdout); | |||||
fwrite(pk, 1, XMSS_OID_LEN + params.pk_bytes, stdout); | |||||
fwrite(sk, 1, XMSS_OID_LEN + params.sk_bytes, stdout); | |||||
fclose(stdout); | fclose(stdout); | ||||
} | } |
@@ -26,15 +26,15 @@ int main(int argc, char **argv) { | |||||
fread(&oid, 1, XMSS_OID_LEN, keypair); | fread(&oid, 1, XMSS_OID_LEN, keypair); | ||||
xmss_parse_oid(¶ms, oid); | xmss_parse_oid(¶ms, oid); | ||||
unsigned char pk[params.publickey_bytes]; | |||||
unsigned char sm[params.bytes + MLEN]; | |||||
unsigned char m[params.bytes + MLEN]; | |||||
unsigned char pk[params.pk_bytes]; | |||||
unsigned char sm[params.sig_bytes + MLEN]; | |||||
unsigned char m[params.sig_bytes + MLEN]; | |||||
unsigned long long mlen; | unsigned long long mlen; | ||||
fread(pk, 1, params.publickey_bytes, keypair); | |||||
fread(sm, 1, params.bytes + MLEN, stdin); | |||||
fread(pk, 1, params.pk_bytes, keypair); | |||||
fread(sm, 1, params.sig_bytes + MLEN, stdin); | |||||
ret = xmss_core_sign_open(¶ms, m, &mlen, sm, params.bytes + MLEN, pk); | |||||
ret = xmss_core_sign_open(¶ms, m, &mlen, sm, params.sig_bytes + MLEN, pk); | |||||
if (ret) { | if (ret) { | ||||
printf("Verification failed!\n"); | printf("Verification failed!\n"); | ||||
@@ -29,23 +29,23 @@ int main(int argc, char **argv) { | |||||
xmss_parse_oid(¶ms, oid_pk); | xmss_parse_oid(¶ms, oid_pk); | ||||
/* fseek past the public key */ | /* fseek past the public key */ | ||||
fseek(keypair, params.publickey_bytes, SEEK_CUR); | |||||
fseek(keypair, params.pk_bytes, SEEK_CUR); | |||||
/* This is the OID we're actually going to use. Likely the same, but still. */ | /* This is the OID we're actually going to use. Likely the same, but still. */ | ||||
fread(&oid_sk, 1, XMSS_OID_LEN, keypair); | fread(&oid_sk, 1, XMSS_OID_LEN, keypair); | ||||
xmss_parse_oid(¶ms, oid_sk); | xmss_parse_oid(¶ms, oid_sk); | ||||
unsigned char sk[params.privatekey_bytes]; | |||||
unsigned char sk[params.sk_bytes]; | |||||
unsigned char m[MLEN]; | unsigned char m[MLEN]; | ||||
unsigned char sm[params.bytes + MLEN]; | |||||
unsigned char sm[params.sig_bytes + MLEN]; | |||||
unsigned long long smlen; | unsigned long long smlen; | ||||
fread(sk, 1, params.privatekey_bytes, keypair); | |||||
fread(sk, 1, params.sk_bytes, keypair); | |||||
fread(m, 1, MLEN, stdin); | fread(m, 1, MLEN, stdin); | ||||
xmss_core_sign(¶ms, sk, sm, &smlen, m, MLEN); | xmss_core_sign(¶ms, sk, sm, &smlen, m, MLEN); | ||||
fseek(keypair, -((long int)params.privatekey_bytes), SEEK_CUR); | |||||
fwrite(sk, 1, params.privatekey_bytes, keypair); | |||||
fwrite(sm, 1, params.bytes + MLEN, stdout); | |||||
fseek(keypair, -((long int)params.sk_bytes), SEEK_CUR); | |||||
fwrite(sk, 1, params.sk_bytes, keypair); | |||||
fwrite(sm, 1, params.sig_bytes + MLEN, stdout); | |||||
fclose(keypair); | fclose(keypair); | ||||
fclose(stdout); | fclose(stdout); | ||||
@@ -18,13 +18,13 @@ int main(int argc, char **argv) | |||||
xmssmt_str_to_oid(&oid, argv[1]); | xmssmt_str_to_oid(&oid, argv[1]); | ||||
xmssmt_parse_oid(¶ms, oid); | xmssmt_parse_oid(¶ms, oid); | ||||
unsigned char pk[XMSS_OID_LEN + params.publickey_bytes]; | |||||
unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes]; | |||||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; | |||||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; | |||||
xmssmt_keypair(pk, sk, oid); | xmssmt_keypair(pk, sk, oid); | ||||
fwrite(pk, 1, XMSS_OID_LEN + params.publickey_bytes, stdout); | |||||
fwrite(sk, 1, XMSS_OID_LEN + params.privatekey_bytes, stdout); | |||||
fwrite(pk, 1, XMSS_OID_LEN + params.pk_bytes, stdout); | |||||
fwrite(sk, 1, XMSS_OID_LEN + params.sk_bytes, stdout); | |||||
fclose(stdout); | fclose(stdout); | ||||
} | } |
@@ -26,15 +26,15 @@ int main(int argc, char **argv) { | |||||
fread(&oid, 1, XMSS_OID_LEN, keypair); | fread(&oid, 1, XMSS_OID_LEN, keypair); | ||||
xmssmt_parse_oid(¶ms, oid); | xmssmt_parse_oid(¶ms, oid); | ||||
unsigned char pk[params.publickey_bytes]; | |||||
unsigned char sm[params.bytes + MLEN]; | |||||
unsigned char m[params.bytes + MLEN]; | |||||
unsigned char pk[params.pk_bytes]; | |||||
unsigned char sm[params.sig_bytes + MLEN]; | |||||
unsigned char m[params.sig_bytes + MLEN]; | |||||
unsigned long long mlen; | unsigned long long mlen; | ||||
fread(pk, 1, params.publickey_bytes, keypair); | |||||
fread(sm, 1, params.bytes + MLEN, stdin); | |||||
fread(pk, 1, params.pk_bytes, keypair); | |||||
fread(sm, 1, params.sig_bytes + MLEN, stdin); | |||||
ret = xmssmt_core_sign_open(¶ms, m, &mlen, sm, params.bytes + MLEN, pk); | |||||
ret = xmssmt_core_sign_open(¶ms, m, &mlen, sm, params.sig_bytes + MLEN, pk); | |||||
if (ret) { | if (ret) { | ||||
printf("Verification failed!\n"); | printf("Verification failed!\n"); | ||||
@@ -29,23 +29,23 @@ int main(int argc, char **argv) { | |||||
xmssmt_parse_oid(¶ms, oid_pk); | xmssmt_parse_oid(¶ms, oid_pk); | ||||
/* fseek past the public key. */ | /* fseek past the public key. */ | ||||
fseek(keypair, params.publickey_bytes, SEEK_CUR); | |||||
fseek(keypair, params.pk_bytes, SEEK_CUR); | |||||
/* This is the OID we're actually going to use. Likely the same, but still.. */ | /* This is the OID we're actually going to use. Likely the same, but still.. */ | ||||
fread(&oid_sk, 1, XMSS_OID_LEN, keypair); | fread(&oid_sk, 1, XMSS_OID_LEN, keypair); | ||||
xmssmt_parse_oid(¶ms, oid_sk); | xmssmt_parse_oid(¶ms, oid_sk); | ||||
unsigned char sk[params.privatekey_bytes]; | |||||
unsigned char sk[params.sk_bytes]; | |||||
unsigned char m[MLEN]; | unsigned char m[MLEN]; | ||||
unsigned char sm[params.bytes + MLEN]; | |||||
unsigned char sm[params.sig_bytes + MLEN]; | |||||
unsigned long long smlen; | unsigned long long smlen; | ||||
fread(sk, 1, params.privatekey_bytes, keypair); | |||||
fread(sk, 1, params.sk_bytes, keypair); | |||||
fread(m, 1, MLEN, stdin); | fread(m, 1, MLEN, stdin); | ||||
xmssmt_core_sign(¶ms, sk, sm, &smlen, m, MLEN); | xmssmt_core_sign(¶ms, sk, sm, &smlen, m, MLEN); | ||||
fseek(keypair, -((long int)params.privatekey_bytes), SEEK_CUR); | |||||
fwrite(sk, 1, params.privatekey_bytes, keypair); | |||||
fwrite(sm, 1, params.bytes + MLEN, stdout); | |||||
fseek(keypair, -((long int)params.sk_bytes), SEEK_CUR); | |||||
fwrite(sk, 1, params.sk_bytes, keypair); | |||||
fwrite(sm, 1, params.sig_bytes + MLEN, stdout); | |||||
fclose(keypair); | fclose(keypair); | ||||
fclose(stdout); | fclose(stdout); | ||||
@@ -47,7 +47,7 @@ void gen_leaf_wots(const xmss_params *params, unsigned char *leaf, | |||||
uint32_t ltree_addr[8], uint32_t ots_addr[8]) | uint32_t ltree_addr[8], uint32_t ots_addr[8]) | ||||
{ | { | ||||
unsigned char seed[params->n]; | unsigned char seed[params->n]; | ||||
unsigned char pk[params->wots_keysize]; | |||||
unsigned char pk[params->wots_sig_bytes]; | |||||
get_seed(params, seed, sk_seed, ots_addr); | get_seed(params, seed, sk_seed, ots_addr); | ||||
wots_pkgen(params, pk, seed, pub_seed, ots_addr); | wots_pkgen(params, pk, seed, pub_seed, ots_addr); | ||||
@@ -191,7 +191,7 @@ int xmss_core_sign_open(const xmss_params *params, | |||||
const unsigned char *pk) | const unsigned char *pk) | ||||
{ | { | ||||
const unsigned char *pub_seed = pk + params->n; | const unsigned char *pub_seed = pk + params->n; | ||||
unsigned char wots_pk[params->wots_keysize]; | |||||
unsigned char wots_pk[params->wots_sig_bytes]; | |||||
unsigned char leaf[params->n]; | unsigned char leaf[params->n]; | ||||
unsigned char root[params->n]; | unsigned char root[params->n]; | ||||
unsigned char mhash[params->n]; | unsigned char mhash[params->n]; | ||||
@@ -205,20 +205,20 @@ int xmss_core_sign_open(const xmss_params *params, | |||||
set_type(ltree_addr, XMSS_ADDR_TYPE_LTREE); | set_type(ltree_addr, XMSS_ADDR_TYPE_LTREE); | ||||
set_type(node_addr, XMSS_ADDR_TYPE_HASHTREE); | set_type(node_addr, XMSS_ADDR_TYPE_HASHTREE); | ||||
*mlen = smlen - params->bytes; | |||||
*mlen = smlen - params->sig_bytes; | |||||
/* Convert the index bytes from the signature to an integer. */ | /* Convert the index bytes from the signature to an integer. */ | ||||
idx = (unsigned long)bytes_to_ull(sm, params->index_len); | |||||
idx = (unsigned long)bytes_to_ull(sm, params->index_bytes); | |||||
/* Compute the message hash. */ | /* Compute the message hash. */ | ||||
hash_message(params, mhash, sm + params->index_len, pk, idx, | |||||
sm + params->bytes, *mlen); | |||||
sm += params->index_len + params->n; | |||||
hash_message(params, mhash, sm + params->index_bytes, pk, idx, | |||||
sm + params->sig_bytes, *mlen); | |||||
sm += params->index_bytes + params->n; | |||||
/* The WOTS public key is only correct if the signature was correct. */ | /* The WOTS public key is only correct if the signature was correct. */ | ||||
set_ots_addr(ots_addr, idx); | set_ots_addr(ots_addr, idx); | ||||
wots_pk_from_sig(params, wots_pk, sm, mhash, pub_seed, ots_addr); | wots_pk_from_sig(params, wots_pk, sm, mhash, pub_seed, ots_addr); | ||||
sm += params->wots_keysize; | |||||
sm += params->wots_sig_bytes; | |||||
/* Compute the leaf node using the WOTS public key. */ | /* Compute the leaf node using the WOTS public key. */ | ||||
set_ltree_addr(ltree_addr, idx); | set_ltree_addr(ltree_addr, idx); | ||||
@@ -252,7 +252,7 @@ int xmssmt_core_sign_open(const xmss_params *params, | |||||
const unsigned char *pk) | const unsigned char *pk) | ||||
{ | { | ||||
const unsigned char *pub_seed = pk + params->n; | const unsigned char *pub_seed = pk + params->n; | ||||
unsigned char wots_pk[params->wots_keysize]; | |||||
unsigned char wots_pk[params->wots_sig_bytes]; | |||||
unsigned char leaf[params->n]; | unsigned char leaf[params->n]; | ||||
unsigned char root[params->n]; | unsigned char root[params->n]; | ||||
unsigned char *mhash = root; | unsigned char *mhash = root; | ||||
@@ -268,15 +268,15 @@ int xmssmt_core_sign_open(const xmss_params *params, | |||||
set_type(ltree_addr, XMSS_ADDR_TYPE_LTREE); | set_type(ltree_addr, XMSS_ADDR_TYPE_LTREE); | ||||
set_type(node_addr, XMSS_ADDR_TYPE_HASHTREE); | set_type(node_addr, XMSS_ADDR_TYPE_HASHTREE); | ||||
*mlen = smlen - params->bytes; | |||||
*mlen = smlen - params->sig_bytes; | |||||
/* Convert the index bytes from the signature to an integer. */ | /* Convert the index bytes from the signature to an integer. */ | ||||
idx = bytes_to_ull(sm, params->index_len); | |||||
idx = bytes_to_ull(sm, params->index_bytes); | |||||
/* Compute the message hash. */ | /* Compute the message hash. */ | ||||
hash_message(params, mhash, sm + params->index_len, pk, idx, | |||||
sm + params->bytes, *mlen); | |||||
sm += params->index_len + params->n; | |||||
hash_message(params, mhash, sm + params->index_bytes, pk, idx, | |||||
sm + params->sig_bytes, *mlen); | |||||
sm += params->index_bytes + params->n; | |||||
/* For each subtree.. */ | /* For each subtree.. */ | ||||
for (i = 0; i < params->d; i++) { | for (i = 0; i < params->d; i++) { | ||||
@@ -296,7 +296,7 @@ int xmssmt_core_sign_open(const xmss_params *params, | |||||
/* Initially, root = mhash, but on subsequent iterations it is the root | /* Initially, root = mhash, but on subsequent iterations it is the root | ||||
of the subtree below the currently processed subtree. */ | of the subtree below the currently processed subtree. */ | ||||
wots_pk_from_sig(params, wots_pk, sm, root, pub_seed, ots_addr); | wots_pk_from_sig(params, wots_pk, sm, root, pub_seed, ots_addr); | ||||
sm += params->wots_keysize; | |||||
sm += params->wots_sig_bytes; | |||||
/* Compute the leaf node using the WOTS public key. */ | /* Compute the leaf node using the WOTS public key. */ | ||||
set_ltree_addr(ltree_addr, idx_leaf); | set_ltree_addr(ltree_addr, idx_leaf); | ||||
@@ -107,10 +107,10 @@ int xmss_core_sign(const xmss_params *params, | |||||
unsigned char *sm, unsigned long long *smlen, | unsigned char *sm, unsigned long long *smlen, | ||||
const unsigned char *m, unsigned long long mlen) | const unsigned char *m, unsigned long long mlen) | ||||
{ | { | ||||
const unsigned char *sk_seed = sk + params->index_len; | |||||
const unsigned char *sk_prf = sk + params->index_len + params->n; | |||||
const unsigned char *pub_seed = sk + params->index_len + 2*params->n; | |||||
const unsigned char *pub_root = sk + params->index_len + 3*params->n; | |||||
const unsigned char *sk_seed = sk + params->index_bytes; | |||||
const unsigned char *sk_prf = sk + params->index_bytes + params->n; | |||||
const unsigned char *pub_seed = sk + params->index_bytes + 2*params->n; | |||||
const unsigned char *pub_root = sk + params->index_bytes + 3*params->n; | |||||
unsigned char root[params->n]; | unsigned char root[params->n]; | ||||
unsigned char mhash[params->n]; | unsigned char mhash[params->n]; | ||||
@@ -122,15 +122,15 @@ int xmss_core_sign(const xmss_params *params, | |||||
set_type(ots_addr, XMSS_ADDR_TYPE_OTS); | set_type(ots_addr, XMSS_ADDR_TYPE_OTS); | ||||
/* Read and use the current index from the secret key. */ | /* Read and use the current index from the secret key. */ | ||||
idx = (unsigned long)bytes_to_ull(sk, params->index_len); | |||||
memcpy(sm, sk, params->index_len); | |||||
sm += params->index_len; | |||||
idx = (unsigned long)bytes_to_ull(sk, params->index_bytes); | |||||
memcpy(sm, sk, params->index_bytes); | |||||
sm += params->index_bytes; | |||||
/************************************************************************* | /************************************************************************* | ||||
* THIS IS WHERE PRODUCTION IMPLEMENTATIONS WOULD UPDATE THE SECRET KEY. * | * THIS IS WHERE PRODUCTION IMPLEMENTATIONS WOULD UPDATE THE SECRET KEY. * | ||||
*************************************************************************/ | *************************************************************************/ | ||||
/* Increment the index in the secret key. */ | /* Increment the index in the secret key. */ | ||||
ull_to_bytes(sk, params->index_len, idx + 1); | |||||
ull_to_bytes(sk, params->index_bytes, idx + 1); | |||||
/* Compute the digest randomization value. */ | /* Compute the digest randomization value. */ | ||||
ull_to_bytes(idx_bytes_32, 32, idx); | ull_to_bytes(idx_bytes_32, 32, idx); | ||||
@@ -147,14 +147,14 @@ int xmss_core_sign(const xmss_params *params, | |||||
/* Compute a WOTS signature on the message hash. */ | /* Compute a WOTS signature on the message hash. */ | ||||
wots_sign(params, sm, mhash, ots_seed, pub_seed, ots_addr); | wots_sign(params, sm, mhash, ots_seed, pub_seed, ots_addr); | ||||
sm += params->wots_keysize; | |||||
sm += params->wots_sig_bytes; | |||||
/* Compute the authentication path for the used WOTS leaf. */ | /* Compute the authentication path for the used WOTS leaf. */ | ||||
treehash(params, root, sm, sk_seed, pub_seed, idx, ots_addr); | treehash(params, root, sm, sk_seed, pub_seed, idx, ots_addr); | ||||
sm += params->tree_height*params->n; | sm += params->tree_height*params->n; | ||||
memcpy(sm, m, mlen); | memcpy(sm, m, mlen); | ||||
*smlen = params->bytes + mlen; | |||||
*smlen = params->sig_bytes + mlen; | |||||
return 0; | return 0; | ||||
} | } | ||||
@@ -175,8 +175,8 @@ int xmssmt_core_keypair(const xmss_params *params, | |||||
set_layer_addr(top_tree_addr, params->d - 1); | set_layer_addr(top_tree_addr, params->d - 1); | ||||
/* Initialize index to 0. */ | /* Initialize index to 0. */ | ||||
memset(sk, 0, params->index_len); | |||||
sk += params->index_len; | |||||
memset(sk, 0, params->index_bytes); | |||||
sk += params->index_bytes; | |||||
/* Initialize SK_SEED, SK_PRF and PUB_SEED. */ | /* Initialize SK_SEED, SK_PRF and PUB_SEED. */ | ||||
randombytes(sk, 3 * params->n); | randombytes(sk, 3 * params->n); | ||||
@@ -198,10 +198,10 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
unsigned char *sm, unsigned long long *smlen, | unsigned char *sm, unsigned long long *smlen, | ||||
const unsigned char *m, unsigned long long mlen) | const unsigned char *m, unsigned long long mlen) | ||||
{ | { | ||||
const unsigned char *sk_seed = sk + params->index_len; | |||||
const unsigned char *sk_prf = sk + params->index_len + params->n; | |||||
const unsigned char *pub_seed = sk + params->index_len + 2*params->n; | |||||
const unsigned char *pub_root = sk + params->index_len + 3*params->n; | |||||
const unsigned char *sk_seed = sk + params->index_bytes; | |||||
const unsigned char *sk_prf = sk + params->index_bytes + params->n; | |||||
const unsigned char *pub_seed = sk + params->index_bytes + 2*params->n; | |||||
const unsigned char *pub_root = sk + params->index_bytes + 3*params->n; | |||||
unsigned char root[params->n]; | unsigned char root[params->n]; | ||||
unsigned char *mhash = root; | unsigned char *mhash = root; | ||||
@@ -215,15 +215,15 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
set_type(ots_addr, XMSS_ADDR_TYPE_OTS); | set_type(ots_addr, XMSS_ADDR_TYPE_OTS); | ||||
/* Read and use the current index from the secret key. */ | /* Read and use the current index from the secret key. */ | ||||
idx = (unsigned long)bytes_to_ull(sk, params->index_len); | |||||
memcpy(sm, sk, params->index_len); | |||||
sm += params->index_len; | |||||
idx = (unsigned long)bytes_to_ull(sk, params->index_bytes); | |||||
memcpy(sm, sk, params->index_bytes); | |||||
sm += params->index_bytes; | |||||
/************************************************************************* | /************************************************************************* | ||||
* THIS IS WHERE PRODUCTION IMPLEMENTATIONS WOULD UPDATE THE SECRET KEY. * | * THIS IS WHERE PRODUCTION IMPLEMENTATIONS WOULD UPDATE THE SECRET KEY. * | ||||
*************************************************************************/ | *************************************************************************/ | ||||
/* Increment the index in the secret key. */ | /* Increment the index in the secret key. */ | ||||
ull_to_bytes(sk, params->index_len, idx + 1); | |||||
ull_to_bytes(sk, params->index_bytes, idx + 1); | |||||
/* Compute the digest randomization value. */ | /* Compute the digest randomization value. */ | ||||
ull_to_bytes(idx_bytes_32, 32, idx); | ull_to_bytes(idx_bytes_32, 32, idx); | ||||
@@ -250,7 +250,7 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
/* Initially, root = mhash, but on subsequent iterations it is the root | /* Initially, root = mhash, but on subsequent iterations it is the root | ||||
of the subtree below the currently processed subtree. */ | of the subtree below the currently processed subtree. */ | ||||
wots_sign(params, sm, root, ots_seed, pub_seed, ots_addr); | wots_sign(params, sm, root, ots_seed, pub_seed, ots_addr); | ||||
sm += params->wots_keysize; | |||||
sm += params->wots_sig_bytes; | |||||
/* Compute the authentication path for the used WOTS leaf. */ | /* Compute the authentication path for the used WOTS leaf. */ | ||||
treehash(params, root, sm, sk_seed, pub_seed, idx_leaf, ots_addr); | treehash(params, root, sm, sk_seed, pub_seed, idx_leaf, ots_addr); | ||||
@@ -258,7 +258,7 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
} | } | ||||
memcpy(sm, m, mlen); | memcpy(sm, m, mlen); | ||||
*smlen = params->bytes + mlen; | |||||
*smlen = params->sig_bytes + mlen; | |||||
return 0; | return 0; | ||||
} | } |
@@ -360,14 +360,14 @@ int xmss_core_keypair(const xmss_params *params, | |||||
sk[2] = 0; | sk[2] = 0; | ||||
sk[3] = 0; | sk[3] = 0; | ||||
// Init SK_SEED (n byte), SK_PRF (n byte), and PUB_SEED (n byte) | // Init SK_SEED (n byte), SK_PRF (n byte), and PUB_SEED (n byte) | ||||
randombytes(sk + params->index_len, 3*params->n); | |||||
randombytes(sk + params->index_bytes, 3*params->n); | |||||
// Copy PUB_SEED to public key | // Copy PUB_SEED to public key | ||||
memcpy(pk + params->n, sk + params->index_len + 2*params->n, params->n); | |||||
memcpy(pk + params->n, sk + params->index_bytes + 2*params->n, params->n); | |||||
// Compute root | // Compute root | ||||
treehash_init(params, pk, params->tree_height, 0, state, sk + params->index_len, sk + params->index_len + 2*params->n, addr); | |||||
treehash_init(params, pk, params->tree_height, 0, state, sk + params->index_bytes, sk + params->index_bytes + 2*params->n, addr); | |||||
// copy root o sk | // copy root o sk | ||||
memcpy(sk + params->index_len + 3*params->n, pk, params->n); | |||||
memcpy(sk + params->index_bytes + 3*params->n, pk, params->n); | |||||
return 0; | return 0; | ||||
} | } | ||||
@@ -388,11 +388,11 @@ int xmss_core_sign(const xmss_params *params, | |||||
// Extract SK | // Extract SK | ||||
unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3]; | unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3]; | ||||
unsigned char sk_seed[params->n]; | unsigned char sk_seed[params->n]; | ||||
memcpy(sk_seed, sk + params->index_len, params->n); | |||||
memcpy(sk_seed, sk + params->index_bytes, params->n); | |||||
unsigned char sk_prf[params->n]; | unsigned char sk_prf[params->n]; | ||||
memcpy(sk_prf, sk + params->index_len + params->n, params->n); | |||||
memcpy(sk_prf, sk + params->index_bytes + params->n, params->n); | |||||
unsigned char pub_seed[params->n]; | unsigned char pub_seed[params->n]; | ||||
memcpy(pub_seed, sk + params->index_len + 2*params->n, params->n); | |||||
memcpy(pub_seed, sk + params->index_bytes + 2*params->n, params->n); | |||||
// index as 32 bytes string | // index as 32 bytes string | ||||
unsigned char idx_bytes_32[32]; | unsigned char idx_bytes_32[32]; | ||||
@@ -463,8 +463,8 @@ int xmss_core_sign(const xmss_params *params, | |||||
// Compute WOTS signature | // Compute WOTS signature | ||||
wots_sign(params, sm, msg_h, ots_seed, pub_seed, ots_addr); | wots_sign(params, sm, msg_h, ots_seed, pub_seed, ots_addr); | ||||
sm += params->wots_keysize; | |||||
*smlen += params->wots_keysize; | |||||
sm += params->wots_sig_bytes; | |||||
*smlen += params->wots_sig_bytes; | |||||
// the auth path was already computed during the previous round | // the auth path was already computed during the previous round | ||||
memcpy(sm, state->auth, params->tree_height*params->n); | memcpy(sm, state->auth, params->tree_height*params->n); | ||||
@@ -497,27 +497,27 @@ int xmssmt_core_keypair(const xmss_params *params, | |||||
unsigned int i; | unsigned int i; | ||||
// Set idx = 0 | // Set idx = 0 | ||||
for (i = 0; i < params->index_len; i++) { | |||||
for (i = 0; i < params->index_bytes; i++) { | |||||
sk[i] = 0; | sk[i] = 0; | ||||
} | } | ||||
// Init SK_SEED (params->n byte), SK_PRF (params->n byte), and PUB_SEED (params->n byte) | // Init SK_SEED (params->n byte), SK_PRF (params->n byte), and PUB_SEED (params->n byte) | ||||
randombytes(sk+params->index_len, 3*params->n); | |||||
randombytes(sk+params->index_bytes, 3*params->n); | |||||
// Copy PUB_SEED to public key | // Copy PUB_SEED to public key | ||||
memcpy(pk+params->n, sk+params->index_len+2*params->n, params->n); | |||||
memcpy(pk+params->n, sk+params->index_bytes+2*params->n, params->n); | |||||
// Start with the bottom-most layer | // Start with the bottom-most layer | ||||
set_layer_addr(addr, 0); | set_layer_addr(addr, 0); | ||||
// Set up state and compute wots signatures for all but topmost tree root | // Set up state and compute wots signatures for all but topmost tree root | ||||
for (i = 0; i < params->d - 1; i++) { | for (i = 0; i < params->d - 1; i++) { | ||||
// Compute seed for OTS key pair | // Compute seed for OTS key pair | ||||
treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_len, pk+params->n, addr); | |||||
treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_bytes, pk+params->n, addr); | |||||
set_layer_addr(addr, (i+1)); | set_layer_addr(addr, (i+1)); | ||||
get_seed(params, ots_seed, sk + params->index_len, addr); | |||||
wots_sign(params, wots_sigs + i*params->wots_keysize, pk, ots_seed, pk+params->n, addr); | |||||
get_seed(params, ots_seed, sk + params->index_bytes, addr); | |||||
wots_sign(params, wots_sigs + i*params->wots_sig_bytes, pk, ots_seed, pk+params->n, addr); | |||||
} | } | ||||
// Address now points to the single tree on layer d-1 | // Address now points to the single tree on layer d-1 | ||||
treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_len, pk+params->n, addr); | |||||
memcpy(sk + params->index_len + 3*params->n, pk, params->n); | |||||
treehash_init(params, pk, params->tree_height, 0, states + i, sk+params->index_bytes, pk+params->n, addr); | |||||
memcpy(sk + params->index_bytes + 3*params->n, pk, params->n); | |||||
return 0; | return 0; | ||||
} | } | ||||
@@ -555,17 +555,17 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
// Extract SK | // Extract SK | ||||
unsigned long long idx = 0; | unsigned long long idx = 0; | ||||
for (i = 0; i < params->index_len; i++) { | |||||
idx |= ((unsigned long long)sk[i]) << 8*(params->index_len - 1 - i); | |||||
for (i = 0; i < params->index_bytes; i++) { | |||||
idx |= ((unsigned long long)sk[i]) << 8*(params->index_bytes - 1 - i); | |||||
} | } | ||||
memcpy(sk_seed, sk+params->index_len, params->n); | |||||
memcpy(sk_prf, sk+params->index_len+params->n, params->n); | |||||
memcpy(pub_seed, sk+params->index_len+2*params->n, params->n); | |||||
memcpy(sk_seed, sk+params->index_bytes, params->n); | |||||
memcpy(sk_prf, sk+params->index_bytes+params->n, params->n); | |||||
memcpy(pub_seed, sk+params->index_bytes+2*params->n, params->n); | |||||
// Update SK | // Update SK | ||||
for (i = 0; i < params->index_len; i++) { | |||||
sk[i] = ((idx + 1) >> 8*(params->index_len - 1 - i)) & 255; | |||||
for (i = 0; i < params->index_bytes; i++) { | |||||
sk[i] = ((idx + 1) >> 8*(params->index_bytes - 1 - i)) & 255; | |||||
} | } | ||||
// Secret key for this non-forward-secure version is now updated. | // Secret key for this non-forward-secure version is now updated. | ||||
// A production implementation should consider using a file handle instead, | // A production implementation should consider using a file handle instead, | ||||
@@ -581,7 +581,7 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
prf(params, R, idx_bytes_32, sk_prf, params->n); | prf(params, R, idx_bytes_32, sk_prf, params->n); | ||||
// Generate hash key (R || root || idx) | // Generate hash key (R || root || idx) | ||||
memcpy(hash_key, R, params->n); | memcpy(hash_key, R, params->n); | ||||
memcpy(hash_key+params->n, sk+params->index_len+3*params->n, params->n); | |||||
memcpy(hash_key+params->n, sk+params->index_bytes+3*params->n, params->n); | |||||
ull_to_bytes(hash_key+2*params->n, params->n, idx); | ull_to_bytes(hash_key+2*params->n, params->n, idx); | ||||
// Then use it for message digest | // Then use it for message digest | ||||
@@ -591,12 +591,12 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
*smlen = 0; | *smlen = 0; | ||||
// Copy index to signature | // Copy index to signature | ||||
for (i = 0; i < params->index_len; i++) { | |||||
sm[i] = (idx >> 8*(params->index_len - 1 - i)) & 255; | |||||
for (i = 0; i < params->index_bytes; i++) { | |||||
sm[i] = (idx >> 8*(params->index_bytes - 1 - i)) & 255; | |||||
} | } | ||||
sm += params->index_len; | |||||
*smlen += params->index_len; | |||||
sm += params->index_bytes; | |||||
*smlen += params->index_bytes; | |||||
// Copy R to signature | // Copy R to signature | ||||
for (i = 0; i < params->n; i++) { | for (i = 0; i < params->n; i++) { | ||||
@@ -626,8 +626,8 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
// Compute WOTS signature | // Compute WOTS signature | ||||
wots_sign(params, sm, msg_h, ots_seed, pub_seed, ots_addr); | wots_sign(params, sm, msg_h, ots_seed, pub_seed, ots_addr); | ||||
sm += params->wots_keysize; | |||||
*smlen += params->wots_keysize; | |||||
sm += params->wots_sig_bytes; | |||||
*smlen += params->wots_sig_bytes; | |||||
memcpy(sm, states[0].auth, params->tree_height*params->n); | memcpy(sm, states[0].auth, params->tree_height*params->n); | ||||
sm += params->tree_height*params->n; | sm += params->tree_height*params->n; | ||||
@@ -636,10 +636,10 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
// prepare signature of remaining layers | // prepare signature of remaining layers | ||||
for (i = 1; i < params->d; i++) { | for (i = 1; i < params->d; i++) { | ||||
// put WOTS signature in place | // put WOTS signature in place | ||||
memcpy(sm, wots_sigs + (i-1)*params->wots_keysize, params->wots_keysize); | |||||
memcpy(sm, wots_sigs + (i-1)*params->wots_sig_bytes, params->wots_sig_bytes); | |||||
sm += params->wots_keysize; | |||||
*smlen += params->wots_keysize; | |||||
sm += params->wots_sig_bytes; | |||||
*smlen += params->wots_sig_bytes; | |||||
// put AUTH nodes in place | // put AUTH nodes in place | ||||
memcpy(sm, states[i].auth, params->tree_height*params->n); | memcpy(sm, states[i].auth, params->tree_height*params->n); | ||||
@@ -684,8 +684,8 @@ int xmssmt_core_sign(const xmss_params *params, | |||||
set_tree_addr(ots_addr, ((idx + 1) >> ((i+2) * params->tree_height))); | set_tree_addr(ots_addr, ((idx + 1) >> ((i+2) * params->tree_height))); | ||||
set_ots_addr(ots_addr, (((idx >> ((i+1) * params->tree_height)) + 1) & ((1 << params->tree_height)-1))); | set_ots_addr(ots_addr, (((idx >> ((i+1) * params->tree_height)) + 1) & ((1 << params->tree_height)-1))); | ||||
get_seed(params, ots_seed, sk+params->index_len, ots_addr); | |||||
wots_sign(params, wots_sigs + i*params->wots_keysize, states[i].stack, ots_seed, pub_seed, ots_addr); | |||||
get_seed(params, ots_seed, sk+params->index_bytes, ots_addr); | |||||
wots_sign(params, wots_sigs + i*params->wots_sig_bytes, states[i].stack, ots_seed, pub_seed, ots_addr); | |||||
states[params->d + i].stackoffset = 0; | states[params->d + i].stackoffset = 0; | ||||
states[params->d + i].next_leaf = 0; | states[params->d + i].next_leaf = 0; | ||||