瀏覽代碼

Make XMSS sign/open functions instances of XMSSMT

This removes a lot of code duplication.
master
Joost Rijneveld 7 年之前
父節點
當前提交
94a92ed2b1
沒有發現已知的金鑰在資料庫的簽署中 GPG Key ID: A4FE39CF49CBC553
共有 2 個文件被更改,包括 10 次插入100 次删除
  1. +5
    -50
      xmss_commons.c
  2. +5
    -50
      xmss_core.c

+ 5
- 50
xmss_commons.c 查看文件

@@ -190,56 +190,11 @@ int xmss_core_sign_open(const xmss_params *params,
const unsigned char *sm, unsigned long long smlen,
const unsigned char *pk)
{
const unsigned char *pub_seed = pk + params->n;
unsigned char wots_pk[params->wots_sig_bytes];
unsigned char leaf[params->n];
unsigned char root[params->n];
unsigned char mhash[params->n];
unsigned long idx;

uint32_t ots_addr[8] = {0};
uint32_t ltree_addr[8] = {0};
uint32_t node_addr[8] = {0};

set_type(ots_addr, XMSS_ADDR_TYPE_OTS);
set_type(ltree_addr, XMSS_ADDR_TYPE_LTREE);
set_type(node_addr, XMSS_ADDR_TYPE_HASHTREE);

*mlen = smlen - params->sig_bytes;

/* Convert the index bytes from the signature to an integer. */
idx = (unsigned long)bytes_to_ull(sm, params->index_bytes);

/* Compute the message hash. */
hash_message(params, mhash, sm + params->index_bytes, pk, idx,
sm + params->sig_bytes, *mlen);
sm += params->index_bytes + params->n;

/* The WOTS public key is only correct if the signature was correct. */
set_ots_addr(ots_addr, idx);
wots_pk_from_sig(params, wots_pk, sm, mhash, pub_seed, ots_addr);
sm += params->wots_sig_bytes;

/* Compute the leaf node using the WOTS public key. */
set_ltree_addr(ltree_addr, idx);
l_tree(params, leaf, wots_pk, pub_seed, ltree_addr);

/* Compute the root node. */
compute_root(params, root, leaf, idx, sm, pub_seed, node_addr);
sm += params->tree_height*params->n;

/* Check if the root node equals the root node in the public key. */
if (memcmp(root, pk, params->n)) {
/* If not, zero the message */
memset(m, 0, *mlen);
*mlen = -1;
return -1;
}

/* If verification was successful, copy the message from the signature. */
memcpy(m, sm, *mlen);

return 0;
/* XMSS signatures are fundamentally an instance of XMSSMT signatures.
For d=1, as is the case with XMSS, some of the calls in the XMSSMT
routine become vacuous (i.e. the loop only iterates once, and address
management can be simplified a bit).*/
return xmssmt_core_sign_open(params, m, mlen, sm, smlen, pk);
}

/**


+ 5
- 50
xmss_core.c 查看文件

@@ -107,56 +107,11 @@ int xmss_core_sign(const xmss_params *params,
unsigned char *sm, unsigned long long *smlen,
const unsigned char *m, unsigned long long mlen)
{
const unsigned char *sk_seed = sk + params->index_bytes;
const unsigned char *sk_prf = sk + params->index_bytes + params->n;
const unsigned char *pub_seed = sk + params->index_bytes + 2*params->n;
const unsigned char *pub_root = sk + params->index_bytes + 3*params->n;

unsigned char root[params->n];
unsigned char mhash[params->n];
unsigned char ots_seed[params->n];
unsigned long idx;
unsigned char idx_bytes_32[32];

uint32_t ots_addr[8] = {0};
set_type(ots_addr, XMSS_ADDR_TYPE_OTS);

/* Read and use the current index from the secret key. */
idx = (unsigned long)bytes_to_ull(sk, params->index_bytes);
memcpy(sm, sk, params->index_bytes);
sm += params->index_bytes;

/*************************************************************************
* THIS IS WHERE PRODUCTION IMPLEMENTATIONS WOULD UPDATE THE SECRET KEY. *
*************************************************************************/
/* Increment the index in the secret key. */
ull_to_bytes(sk, params->index_bytes, idx + 1);

/* Compute the digest randomization value. */
ull_to_bytes(idx_bytes_32, 32, idx);
prf(params, sm, idx_bytes_32, sk_prf, params->n);

/* Compute the message hash. */
hash_message(params, mhash, sm, pub_root, idx, m, mlen);
sm += params->n;

set_ots_addr(ots_addr, idx);

/* Get a seed for the WOTS keypair. */
get_seed(params, ots_seed, sk_seed, ots_addr);

/* Compute a WOTS signature on the message hash. */
wots_sign(params, sm, mhash, ots_seed, pub_seed, ots_addr);
sm += params->wots_sig_bytes;

/* Compute the authentication path for the used WOTS leaf. */
treehash(params, root, sm, sk_seed, pub_seed, idx, ots_addr);
sm += params->tree_height*params->n;

memcpy(sm, m, mlen);
*smlen = params->sig_bytes + mlen;

return 0;
/* XMSS signatures are fundamentally an instance of XMSSMT signatures.
For d=1, as is the case with XMSS, some of the calls in the XMSSMT
routine become vacuous (i.e. the loop only iterates once, and address
management can be simplified a bit).*/
return xmssmt_core_sign(params, sk, sm, smlen, m, mlen);
}

/*


Loading…
取消
儲存