From d4bc8656e30a44eaf53f2475f21f17c8867586c5 Mon Sep 17 00:00:00 2001 From: Joost Rijneveld Date: Wed, 31 May 2017 16:43:12 +0200 Subject: [PATCH] Fix bug in addressing during fast xmssmt key gen --- test/test_xmssmt_fast.c | 2 +- xmss_fast.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/test/test_xmssmt_fast.c b/test/test_xmssmt_fast.c index b4aba60..fc0f057 100644 --- a/test/test_xmssmt_fast.c +++ b/test/test_xmssmt_fast.c @@ -68,7 +68,7 @@ int main() // check pub_seed in SK for (i = 0; i < n; i++) { if (pk[n+i] != sk[params->index_len+2*n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); - if (pk[i] != sk[4+3*n+i]) printf("pk.root != sk.root %llu",i); + if (pk[i] != sk[params->index_len+3*n+i]) printf("pk.root != sk.root %llu",i); } printf("pk checked\n"); diff --git a/xmss_fast.c b/xmss_fast.c index 53ea3eb..53e146d 100644 --- a/xmss_fast.c +++ b/xmss_fast.c @@ -753,9 +753,9 @@ int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsi // Copy PUB_SEED to public key memcpy(pk+n, sk+params->index_len+2*n, n); - // Set address to point on the single tree on layer d-1 uint32_t addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; - setLayerADRS(addr, (params->d-1)); + // Start with the bottom-most layer + setLayerADRS(addr, 0); // Set up state and compute wots signatures for all but topmost tree root for (i = 0; i < params->d - 1; i++) { // Compute seed for OTS key pair @@ -764,6 +764,7 @@ int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsi get_seed(ots_seed, sk+params->index_len, n, addr); wots_sign(wots_sigs + i*params->xmss_par.wots_par.keysize, pk, ots_seed, &(params->xmss_par.wots_par), pk+n, addr); } + // Address now points to the single tree on layer d-1 treehash_setup(pk, params->xmss_par.h, 0, states + i, sk+params->index_len, &(params->xmss_par), pk+n, addr); memcpy(sk+params->index_len+3*n, pk, n); return 0;