Browse Source

Merge pull request #10 from dcooper16/sp800-208_parameter_sets

Add NIST Special Publication 800-208 parameter sets
master
Joost Rijneveld 4 years ago
committed by GitHub
parent
commit
89c2ab99f3
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 307 additions and 8 deletions
  1. +15
    -3
      hash.c
  2. +256
    -3
      params.c
  3. +3
    -2
      params.h
  4. +33
    -0
      test/oid.c

+ 15
- 3
hash.c View File

@@ -26,16 +26,28 @@ static int core_hash(const xmss_params *params,
unsigned char *out, unsigned char *out,
const unsigned char *in, unsigned long long inlen) const unsigned char *in, unsigned long long inlen)
{ {
if (params->n == 32 && params->func == XMSS_SHA2) {
unsigned char buf[64];

if (params->n == 24 && params->func == XMSS_SHA2) {
SHA256(in, inlen, buf);
memcpy(out, buf, 24);
}
else if (params->n == 24 && params->func == XMSS_SHAKE256) {
shake256(out, 24, in, inlen);
}
else if (params->n == 32 && params->func == XMSS_SHA2) {
SHA256(in, inlen, out); SHA256(in, inlen, out);
} }
else if (params->n == 32 && params->func == XMSS_SHAKE) {
else if (params->n == 32 && params->func == XMSS_SHAKE128) {
shake128(out, 32, in, inlen); shake128(out, 32, in, inlen);
} }
else if (params->n == 32 && params->func == XMSS_SHAKE256) {
shake256(out, 32, in, inlen);
}
else if (params->n == 64 && params->func == XMSS_SHA2) { else if (params->n == 64 && params->func == XMSS_SHA2) {
SHA512(in, inlen, out); SHA512(in, inlen, out);
} }
else if (params->n == 64 && params->func == XMSS_SHAKE) {
else if (params->n == 64 && params->func == XMSS_SHAKE256) {
shake256(out, 64, in, inlen); shake256(out, 64, in, inlen);
} }
else { else {


+ 256
- 3
params.c View File

@@ -42,6 +42,33 @@ int xmss_str_to_oid(uint32_t *oid, const char *s)
else if (!strcmp(s, "XMSS-SHAKE_20_512")) { else if (!strcmp(s, "XMSS-SHAKE_20_512")) {
*oid = 0x0000000c; *oid = 0x0000000c;
} }
else if (!strcmp(s, "XMSS-SHA2_10_192")) {
*oid = 0x0000000d;
}
else if (!strcmp(s, "XMSS-SHA2_16_192")) {
*oid = 0x0000000e;
}
else if (!strcmp(s, "XMSS-SHA2_20_192")) {
*oid = 0x0000000f;
}
else if (!strcmp(s, "XMSS-SHAKE256_10_256")) {
*oid = 0x00000010;
}
else if (!strcmp(s, "XMSS-SHAKE256_16_256")) {
*oid = 0x00000011;
}
else if (!strcmp(s, "XMSS-SHAKE256_20_256")) {
*oid = 0x00000012;
}
else if (!strcmp(s, "XMSS-SHAKE256_10_192")) {
*oid = 0x00000013;
}
else if (!strcmp(s, "XMSS-SHAKE256_16_192")) {
*oid = 0x00000014;
}
else if (!strcmp(s, "XMSS-SHAKE256_20_192")) {
*oid = 0x00000015;
}
else { else {
return -1; return -1;
} }
@@ -146,6 +173,78 @@ int xmssmt_str_to_oid(uint32_t *oid, const char *s)
else if (!strcmp(s, "XMSSMT-SHAKE_60/12_512")) { else if (!strcmp(s, "XMSSMT-SHAKE_60/12_512")) {
*oid = 0x00000020; *oid = 0x00000020;
} }
else if (!strcmp(s, "XMSSMT-SHA2_20/2_192")) {
*oid = 0x00000021;
}
else if (!strcmp(s, "XMSSMT-SHA2_20/4_192")) {
*oid = 0x00000022;
}
else if (!strcmp(s, "XMSSMT-SHA2_40/2_192")) {
*oid = 0x00000023;
}
else if (!strcmp(s, "XMSSMT-SHA2_40/4_192")) {
*oid = 0x00000024;
}
else if (!strcmp(s, "XMSSMT-SHA2_40/8_192")) {
*oid = 0x00000025;
}
else if (!strcmp(s, "XMSSMT-SHA2_60/3_192")) {
*oid = 0x00000026;
}
else if (!strcmp(s, "XMSSMT-SHA2_60/6_192")) {
*oid = 0x00000027;
}
else if (!strcmp(s, "XMSSMT-SHA2_60/12_192")) {
*oid = 0x00000028;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_20/2_256")) {
*oid = 0x00000029;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_20/4_256")) {
*oid = 0x0000002a;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_40/2_256")) {
*oid = 0x0000002b;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_40/4_256")) {
*oid = 0x0000002c;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_40/8_256")) {
*oid = 0x0000002d;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_60/3_256")) {
*oid = 0x0000002e;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_60/6_256")) {
*oid = 0x0000002f;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_60/12_256")) {
*oid = 0x00000030;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_20/2_192")) {
*oid = 0x00000031;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_20/4_192")) {
*oid = 0x00000032;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_40/2_192")) {
*oid = 0x00000033;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_40/4_192")) {
*oid = 0x00000034;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_40/8_192")) {
*oid = 0x00000035;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_60/3_192")) {
*oid = 0x00000036;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_60/6_192")) {
*oid = 0x00000037;
}
else if (!strcmp(s, "XMSSMT-SHAKE256_60/12_192")) {
*oid = 0x00000038;
}
else { else {
return -1; return -1;
} }
@@ -161,22 +260,47 @@ int xmss_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000004: case 0x00000004:
case 0x00000005: case 0x00000005:
case 0x00000006: case 0x00000006:

case 0x0000000d:
case 0x0000000e:
case 0x0000000f:
params->func = XMSS_SHA2; params->func = XMSS_SHA2;
break; break;


case 0x00000007: case 0x00000007:
case 0x00000008: case 0x00000008:
case 0x00000009: case 0x00000009:
params->func = XMSS_SHAKE128;
break;

case 0x0000000a: case 0x0000000a:
case 0x0000000b: case 0x0000000b:
case 0x0000000c: case 0x0000000c:
params->func = XMSS_SHAKE;

case 0x00000010:
case 0x00000011:
case 0x00000012:
case 0x00000013:
case 0x00000014:
case 0x00000015:
params->func = XMSS_SHAKE256;
break; break;


default: default:
return -1; return -1;
} }
switch (oid) { switch (oid) {
case 0x0000000d:
case 0x0000000e:
case 0x0000000f:

case 0x00000013:
case 0x00000014:
case 0x00000015:
params->n = 24;
params->padding_len = 4;
break;

case 0x00000001: case 0x00000001:
case 0x00000002: case 0x00000002:
case 0x00000003: case 0x00000003:
@@ -184,6 +308,10 @@ int xmss_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000007: case 0x00000007:
case 0x00000008: case 0x00000008:
case 0x00000009: case 0x00000009:

case 0x00000010:
case 0x00000011:
case 0x00000012:
params->n = 32; params->n = 32;
params->padding_len = 32; params->padding_len = 32;
break; break;
@@ -207,6 +335,9 @@ int xmss_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000004: case 0x00000004:
case 0x00000007: case 0x00000007:
case 0x0000000a: case 0x0000000a:
case 0x0000000d:
case 0x00000010:
case 0x00000013:
params->full_height = 10; params->full_height = 10;
break; break;


@@ -214,6 +345,9 @@ int xmss_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000005: case 0x00000005:
case 0x00000008: case 0x00000008:
case 0x0000000b: case 0x0000000b:
case 0x0000000e:
case 0x00000011:
case 0x00000014:
params->full_height = 16; params->full_height = 16;
break; break;


@@ -221,6 +355,9 @@ int xmss_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000006: case 0x00000006:
case 0x00000009: case 0x00000009:
case 0x0000000c: case 0x0000000c:
case 0x0000000f:
case 0x00000012:
case 0x00000015:
params->full_height = 20; params->full_height = 20;


break; break;
@@ -256,6 +393,15 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x0000000e: case 0x0000000e:
case 0x0000000f: case 0x0000000f:
case 0x00000010: case 0x00000010:

case 0x00000021:
case 0x00000022:
case 0x00000023:
case 0x00000024:
case 0x00000025:
case 0x00000026:
case 0x00000027:
case 0x00000028:
params->func = XMSS_SHA2; params->func = XMSS_SHA2;
break; break;


@@ -267,6 +413,9 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000016: case 0x00000016:
case 0x00000017: case 0x00000017:
case 0x00000018: case 0x00000018:
params->func = XMSS_SHAKE128;
break;

case 0x00000019: case 0x00000019:
case 0x0000001a: case 0x0000001a:
case 0x0000001b: case 0x0000001b:
@@ -275,13 +424,51 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x0000001d: case 0x0000001d:
case 0x0000001f: case 0x0000001f:
case 0x00000020: case 0x00000020:
params->func = XMSS_SHAKE;

case 0x00000029:
case 0x0000002a:
case 0x0000002b:
case 0x0000002c:
case 0x0000002d:
case 0x0000002e:
case 0x0000002f:
case 0x00000030:
case 0x00000031:
case 0x00000032:
case 0x00000033:
case 0x00000034:
case 0x00000035:
case 0x00000036:
case 0x00000037:
case 0x00000038:
params->func = XMSS_SHAKE256;
break; break;


default: default:
return -1; return -1;
} }
switch (oid) { switch (oid) {
case 0x00000021:
case 0x00000022:
case 0x00000023:
case 0x00000024:
case 0x00000025:
case 0x00000026:
case 0x00000027:
case 0x00000028:

case 0x00000031:
case 0x00000032:
case 0x00000033:
case 0x00000034:
case 0x00000035:
case 0x00000036:
case 0x00000037:
case 0x00000038:
params->n = 24;
params->padding_len = 4;
break;

case 0x00000001: case 0x00000001:
case 0x00000002: case 0x00000002:
case 0x00000003: case 0x00000003:
@@ -299,6 +486,15 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000016: case 0x00000016:
case 0x00000017: case 0x00000017:
case 0x00000018: case 0x00000018:

case 0x00000029:
case 0x0000002a:
case 0x0000002b:
case 0x0000002c:
case 0x0000002d:
case 0x0000002e:
case 0x0000002f:
case 0x00000030:
params->n = 32; params->n = 32;
params->padding_len = 32; params->padding_len = 32;
break; break;
@@ -339,6 +535,15 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)


case 0x00000019: case 0x00000019:
case 0x0000001a: case 0x0000001a:

case 0x00000021:
case 0x00000022:

case 0x00000029:
case 0x0000002a:

case 0x00000031:
case 0x00000032:
params->full_height = 20; params->full_height = 20;
break; break;


@@ -357,6 +562,18 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x0000001b: case 0x0000001b:
case 0x0000001c: case 0x0000001c:
case 0x0000001d: case 0x0000001d:

case 0x00000023:
case 0x00000024:
case 0x00000025:

case 0x0000002b:
case 0x0000002c:
case 0x0000002d:

case 0x00000033:
case 0x00000034:
case 0x00000035:
params->full_height = 40; params->full_height = 40;
break; break;


@@ -375,6 +592,18 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x0000001e: case 0x0000001e:
case 0x0000001f: case 0x0000001f:
case 0x00000020: case 0x00000020:

case 0x00000026:
case 0x00000027:
case 0x00000028:

case 0x0000002e:
case 0x0000002f:
case 0x00000030:

case 0x00000036:
case 0x00000037:
case 0x00000038:
params->full_height = 60; params->full_height = 60;
break; break;


@@ -390,6 +619,12 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000013: case 0x00000013:
case 0x00000019: case 0x00000019:
case 0x0000001b: case 0x0000001b:
case 0x00000021:
case 0x00000023:
case 0x00000029:
case 0x0000002b:
case 0x00000031:
case 0x00000033:
params->d = 2; params->d = 2;
break; break;


@@ -401,6 +636,12 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000014: case 0x00000014:
case 0x0000001a: case 0x0000001a:
case 0x0000001c: case 0x0000001c:
case 0x00000022:
case 0x00000024:
case 0x0000002a:
case 0x0000002c:
case 0x00000032:
case 0x00000034:
params->d = 4; params->d = 4;
break; break;


@@ -408,6 +649,9 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x0000000d: case 0x0000000d:
case 0x00000015: case 0x00000015:
case 0x0000001d: case 0x0000001d:
case 0x00000025:
case 0x0000002d:
case 0x00000035:
params->d = 8; params->d = 8;
break; break;


@@ -415,6 +659,9 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x0000000e: case 0x0000000e:
case 0x00000016: case 0x00000016:
case 0x0000001e: case 0x0000001e:
case 0x00000026:
case 0x0000002e:
case 0x00000036:
params->d = 3; params->d = 3;
break; break;


@@ -422,6 +669,9 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x0000000f: case 0x0000000f:
case 0x00000017: case 0x00000017:
case 0x0000001f: case 0x0000001f:
case 0x00000027:
case 0x0000002f:
case 0x00000037:
params->d = 6; params->d = 6;
break; break;


@@ -429,6 +679,9 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
case 0x00000010: case 0x00000010:
case 0x00000018: case 0x00000018:
case 0x00000020: case 0x00000020:
case 0x00000028:
case 0x00000030:
case 0x00000038:
params->d = 12; params->d = 12;
break; break;


@@ -449,7 +702,7 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
* - full_height; the height of the complete (hyper)tree * - full_height; the height of the complete (hyper)tree
* - n; the number of bytes of hash function output * - n; the number of bytes of hash function output
* - d; the number of layers (d > 1 implies XMSSMT) * - d; the number of layers (d > 1 implies XMSSMT)
* - func; one of {XMSS_SHA2, XMSS_SHAKE}
* - func; one of {XMSS_SHA2, XMSS_SHAKE128, XMSS_SHAKE256}
* - wots_w; the Winternitz parameter * - wots_w; the Winternitz parameter
* - optionally, bds_k; the BDS traversal trade-off parameter, * - optionally, bds_k; the BDS traversal trade-off parameter,
* this function initializes the remainder of the params structure. * this function initializes the remainder of the params structure.


+ 3
- 2
params.h View File

@@ -5,7 +5,8 @@


/* These are merely internal identifiers for the supported hash functions. */ /* These are merely internal identifiers for the supported hash functions. */
#define XMSS_SHA2 0 #define XMSS_SHA2 0
#define XMSS_SHAKE 1
#define XMSS_SHAKE128 1
#define XMSS_SHAKE256 2


/* This is a result of the OID definitions in the draft; needed for parsing. */ /* This is a result of the OID definitions in the draft; needed for parsing. */
#define XMSS_OID_LEN 4 #define XMSS_OID_LEN 4
@@ -62,7 +63,7 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid);
- full_height; the height of the complete (hyper)tree - full_height; the height of the complete (hyper)tree
- n; the number of bytes of hash function output - n; the number of bytes of hash function output
- d; the number of layers (d > 1 implies XMSSMT) - d; the number of layers (d > 1 implies XMSSMT)
- func; one of {XMSS_SHA2, XMSS_SHAKE}
- func; one of {XMSS_SHA2, XMSS_SHAKE128, XMSS_SHAKE256}
- wots_w; the Winternitz parameter - wots_w; the Winternitz parameter
- optionally, bds_k; the BDS traversal trade-off parameter, - optionally, bds_k; the BDS traversal trade-off parameter,
this function initializes the remainder of the params structure. */ this function initializes the remainder of the params structure. */


+ 33
- 0
test/oid.c View File

@@ -40,6 +40,15 @@ int main()
CHECK_OID_XMSS("XMSS-SHAKE_10_512"); CHECK_OID_XMSS("XMSS-SHAKE_10_512");
CHECK_OID_XMSS("XMSS-SHAKE_16_512"); CHECK_OID_XMSS("XMSS-SHAKE_16_512");
CHECK_OID_XMSS("XMSS-SHAKE_20_512"); CHECK_OID_XMSS("XMSS-SHAKE_20_512");
CHECK_OID_XMSS("XMSS-SHA2_10_192");
CHECK_OID_XMSS("XMSS-SHA2_16_192");
CHECK_OID_XMSS("XMSS-SHA2_20_192");
CHECK_OID_XMSS("XMSS-SHAKE256_10_256");
CHECK_OID_XMSS("XMSS-SHAKE256_16_256");
CHECK_OID_XMSS("XMSS-SHAKE256_20_256");
CHECK_OID_XMSS("XMSS-SHAKE256_10_192");
CHECK_OID_XMSS("XMSS-SHAKE256_16_192");
CHECK_OID_XMSS("XMSS-SHAKE256_20_192");
printf("successful.\n"); printf("successful.\n");


printf("Testing if all expected XMSSMT parameter sets are recognized.. "); printf("Testing if all expected XMSSMT parameter sets are recognized.. ");
@@ -75,6 +84,30 @@ int main()
CHECK_OID_XMSSMT("XMSSMT-SHAKE_60/3_512"); CHECK_OID_XMSSMT("XMSSMT-SHAKE_60/3_512");
CHECK_OID_XMSSMT("XMSSMT-SHAKE_60/6_512"); CHECK_OID_XMSSMT("XMSSMT-SHAKE_60/6_512");
CHECK_OID_XMSSMT("XMSSMT-SHAKE_60/12_512"); CHECK_OID_XMSSMT("XMSSMT-SHAKE_60/12_512");
CHECK_OID_XMSSMT("XMSSMT-SHA2_20/2_192");
CHECK_OID_XMSSMT("XMSSMT-SHA2_20/4_192");
CHECK_OID_XMSSMT("XMSSMT-SHA2_40/2_192");
CHECK_OID_XMSSMT("XMSSMT-SHA2_40/4_192");
CHECK_OID_XMSSMT("XMSSMT-SHA2_40/8_192");
CHECK_OID_XMSSMT("XMSSMT-SHA2_60/3_192");
CHECK_OID_XMSSMT("XMSSMT-SHA2_60/6_192");
CHECK_OID_XMSSMT("XMSSMT-SHA2_60/12_192");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_20/2_256");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_20/4_256");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_40/2_256");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_40/4_256");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_40/8_256");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_60/3_256");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_60/6_256");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_60/12_256");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_20/2_192");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_20/4_192");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_40/2_192");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_40/4_192");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_40/8_192");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_60/3_192");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_60/6_192");
CHECK_OID_XMSSMT("XMSSMT-SHAKE256_60/12_192");
printf("successful.\n"); printf("successful.\n");


return 0; return 0;


Loading…
Cancel
Save