Merge branch 'master' of bitbucket.org:ahuelsing/xmss_ref

Conflicts:
	Makefile
	test/test_chacha
	test/test_wots
	test/test_xmss

.gitignore

@@ -0,0 +1,7 @@
+test/test_chacha
+test/test_wots
+test/test_horst
+test/test_xmss
+test/test_xmssmt
+test/speed
+test/gen_testvectors

Makefile

@@ -25,4 +25,6 @@ clean:
 	-rm test/test_chacha
 	-rm test/test_wots
 	-rm test/test_xmss
-	-rm test/test_xmssmt
+	-rm test/test_xmssmt
+
+

prg.c

@@ -13,7 +13,7 @@ const unsigned char zero_nonce[12] = {0};
 /**
  * Generates rlen output bytes using ChaCha20 with a zero nonce and counter = 0
  */
-void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, uint key_len)
+void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len)
 {  
   CRYPTO_chacha_20_keystream(r, rlen, key, zero_nonce, 0);
 }
@@ -22,7 +22,7 @@ void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, ui
  * Generates rlen output bytes using ChaCha20.
  * Nonce and counter are set depending on the address addr.
  */
-void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned char *key, uint key_len, const unsigned char addr[16])
+void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len, const unsigned char addr[16])
 {
   int i;
   unsigned char nonce[12];

prg.h

@@ -12,11 +12,11 @@ Public domain.
  * Generates rlen output bytes using key_len-byte key and places them in r.
  * 
  */
-void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, uint key_len);
+void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len);
 
 /**
  * Generates rlen output bytes using key_len-byte key and hash address addr and places them in r.
  * 
  */
-void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned char *key, uint key_len, const unsigned char addr[16]);
+void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len, const unsigned char addr[16]);
 #endif

test/test_xmssmt.c

@@ -0,0 +1,98 @@
+#include <stdio.h>
+#include <string.h>
+
+#include "../xmss.h"
+
+#define MLEN 3491
+#define SIGNATURES 1024
+
+
+unsigned char mi[MLEN];
+unsigned long long smlen;
+unsigned long long mlen;
+
+int main()
+{
+  int r;
+  unsigned long long i,j;
+  int m = 32;
+  int n = 32;
+  int h = 10;
+  int d = 2;
+  int w = 16;
+  
+  xmssmt_params p;
+  xmssmt_params *params = &p;
+  xmssmt_set_params(params, m, n, h, d, w);
+  
+  unsigned char sk[(params->index_len+2*n+m)];
+  unsigned char pk[2*n];
+  
+  unsigned long long signature_length = params->index_len + m + (d*params->xmss_par.wots_par.keysize) + h*n;
+  unsigned char mo[MLEN+signature_length];
+  unsigned char sm[MLEN+signature_length];
+
+  FILE *urandom = fopen("/dev/urandom", "r");
+  for(i=0;i<MLEN;i++) mi[i] = fgetc(urandom);
+
+  printf("keypair\n");
+  xmssmt_keypair(pk, sk, params);
+  // check pub_seed in SK
+  for(i=0;i<n;i++)
+  {
+    if(pk[n+i] != sk[params->index_len+m+n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
+  }
+  printf("pk checked\n");
+
+  unsigned int idx_len = params->index_len;
+  // check index
+  unsigned long long idx = 0;
+  for(i = 0; i < idx_len; i++){
+    idx |= ((unsigned long long)sk[i]) << 8*(idx_len - 1 - i);
+  }
+
+  if(idx) printf("\nidx != 0: %llu\n",idx);
+  
+  for(i=0;i<SIGNATURES;i++){
+    printf("sign\n");
+    xmssmt_sign(sk, sm, &smlen, mi, MLEN, params);
+    idx = 0;
+    for(j = 0; j < idx_len; j++){
+      idx += ((unsigned long long)sm[j]) << 8*(idx_len - 1 - j);
+    }
+    printf("\nidx = %llu\n",idx);
+    r = memcmp(mi, sm+signature_length,MLEN);
+    printf("%d\n", r);
+    
+    /* Test valid signature */
+    printf("verify\n");
+    r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk, params);
+    printf("%d\n", r);
+    r = memcmp(mi,mo,MLEN);
+    printf("%d\n", r);
+    printf("%llu\n", MLEN-mlen);
+
+    /* Test with modified message */
+    sm[52] ^= 1;
+    r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk, params);
+    printf("%d\n", r+1);
+    r = memcmp(mi,mo,MLEN);
+    printf("%d\n", (r!=0) - 1);
+    printf("%llu\n", mlen+1);
+
+    /* Test with modified signature */
+    sm[260] ^= 1;
+    sm[52] ^= 1;
+    sm[2] ^= 1;
+    r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk, params);
+    printf("%d\n", r+1);
+    r = memcmp(mi,mo,MLEN);
+    printf("%d\n", (r!=0) - 1);
+    printf("%llu\n", mlen+1);
+    
+  }
+  fclose(urandom);
+  return 0;
+}
+
+

wots.c

@@ -57,7 +57,7 @@ static void expand_seed(unsigned char *outseeds, const unsigned char *inseed, co
  */
 static void gen_chain(unsigned char *out, const unsigned char *in, int start, int steps, const wots_params *params, const unsigned char *pub_seed, unsigned char addr[16])
 {
-  uint i,j;
+  unsigned int i,j;
   for(j=0;j<params->n;j++) 
     out[j] = in[j];
 
@@ -101,7 +101,7 @@ static void base_w(int *output, const unsigned char *input, int in_len, const wo
  */
 static void base_w_alternative(int *output, unsigned char *input, int in_len, const wots_params *params)
 {
-  uint i = 0; 
+  unsigned int i = 0;
   for(i = 0; i < in_len; i += 2)
   {
     output[i] = input[in_len - 1 - (i / 2)] >> 4;
@@ -111,7 +111,7 @@ static void base_w_alternative(int *output, unsigned char *input, int in_len, co
 
 void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, unsigned char addr[16])
 {
-  uint i;
+  unsigned int i;
   expand_seed(pk, sk, params);
   for(i=0;i<params->len;i++){
     SET_CHAIN_ADDRESS(addr,i);
@@ -127,7 +127,7 @@ void wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char
 {
   int basew[params->len];
   int csum = 0;
-  uint i=0;
+  unsigned int i=0;
 
   base_w(basew, msg, params->m, params);
   
@@ -166,7 +166,7 @@ void wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned
 {
   int basew[params->len];
   int csum = 0;
-  uint i=0;
+  unsigned int i=0;
 
   base_w(basew, msg, params->m, params);
   

xmss.c

@@ -132,10 +132,10 @@ void xmssmt_set_params(xmssmt_params *params, int m, int n, int h, int d, int w)
  */
 static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_params *params, const unsigned char *pub_seed, unsigned char addr[16])
 { 
-  uint l = params->wots_par.len;
-  uint n = params->n;
+  unsigned int l = params->wots_par.len;
+  unsigned int n = params->n;
   unsigned long i = 0;
-  uint height = 0;
+  unsigned int height = 0;
   
   //ADRS.setTreeHeight(0);
   SET_LTREE_TREE_HEIGHT(addr,height);
@@ -192,8 +192,8 @@ static void gen_leaf_wots(unsigned char *leaf, const unsigned char *sk_seed, con
 static void treehash(unsigned char *node, int height, int index, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const unsigned char addr[16])
 {
 
-  uint idx = index;
-  uint n = params->n;
+  unsigned int idx = index;
+  unsigned int n = params->n;
   // use three different addresses because at this point we use all three formats in parallel
   unsigned char ots_addr[16];
   unsigned char ltree_addr[16];
@@ -240,7 +240,7 @@ static void treehash(unsigned char *node, int height, int index, const unsigned
  */
 static void validate_authpath(unsigned char *root, const unsigned char *leaf, unsigned long leafidx, const unsigned char *authpath, const xmss_params *params, const unsigned char *pub_seed, unsigned char addr[16])
 {
-  uint n = params->n;
+  unsigned int n = params->n;
   
   int i,j;
   unsigned char buffer[2*n];
@@ -295,7 +295,7 @@ static void validate_authpath(unsigned char *root, const unsigned char *leaf, un
  */
 static void compute_authpath_wots(unsigned char *root, unsigned char *authpath, unsigned long leaf_idx, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, unsigned char addr[16])
 {
-  uint i, j, level;
+  unsigned int i, j, level;
   int n = params->n;
   int h = params->h;
   
@@ -355,8 +355,8 @@ static void compute_authpath_wots(unsigned char *root, unsigned char *authpath,
  */
 int xmss_keypair(unsigned char *pk, unsigned char *sk, xmss_params *params)
 {
-  uint n = params->n;
-  uint m = params->m;
+  unsigned int n = params->n;
+  unsigned int m = params->m;
   // Set idx = 0
   sk[0] = 0;
   sk[1] = 0;
@@ -382,8 +382,8 @@ int xmss_keypair(unsigned char *pk, unsigned char *sk, xmss_params *params)
  */
 int xmss_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmss_params *params)
 {
-  uint n = params->n;
-  uint m = params->m;
+  unsigned int n = params->n;
+  unsigned int m = params->m;
   
   // Extract SK
   unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3];
@@ -474,8 +474,8 @@ int xmss_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *sig
  */
 int xmss_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params)
 {
-  uint n = params->n;
-  uint m = params->m;
+  unsigned int n = params->n;
+  unsigned int m = params->m;
     
   unsigned long long i, m_len;
   unsigned long idx=0;
@@ -564,9 +564,9 @@ fail:
  */
 int xmssmt_keypair(unsigned char *pk, unsigned char *sk, xmssmt_params *params)
 {
-  uint n = params->n;
-  uint m = params->m;
-  uint i;
+  unsigned int n = params->n;
+  unsigned int m = params->m;
+  unsigned int i;
   // Set idx = 0
   for (i = 0; i < params->index_len; i++){
     sk[i] = 0;
@@ -594,10 +594,10 @@ int xmssmt_keypair(unsigned char *pk, unsigned char *sk, xmssmt_params *params)
  */
 int xmssmt_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params)
 {
-  uint n = params->n;
-  uint m = params->m;
-  uint tree_h = params->xmss_par.h;
-  uint idx_len = params->index_len;
+  unsigned int n = params->n;
+  unsigned int m = params->m;
+  unsigned int tree_h = params->xmss_par.h;
+  unsigned int idx_len = params->index_len;
   unsigned long long idx_tree;
   unsigned long long idx_leaf;
   unsigned long long i;
@@ -686,7 +686,7 @@ int xmssmt_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *s
   *sig_msg_len += tree_h*n;
   
   // Now loop over remaining layers...
-  uint j;
+  unsigned int j;
   for(j = 1; j < params->d; j++){
     // Prepare Address
     idx_leaf = (idx_tree & ((1 << tree_h)-1));
@@ -723,11 +723,11 @@ int xmssmt_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *s
  */
 int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params)
 {
-  uint n = params->n;
-  uint m = params->m;
+  unsigned int n = params->n;
+  unsigned int m = params->m;
   
-  uint tree_h = params->xmss_par.h;
-  uint idx_len = params->index_len;
+  unsigned int tree_h = params->xmss_par.h;
+  unsigned int idx_len = params->index_len;
   unsigned long long idx_tree;
   unsigned long long idx_leaf;
   

xmss_commons.c

@@ -8,7 +8,7 @@ Public domain.
 #include <stdlib.h>
 #include <stdio.h>
 
-void to_byte(unsigned char *out, uint in, int bytes)
+void to_byte(unsigned char *out, unsigned int in, int bytes)
 {
   int i;
   for(i = 0; i < bytes; i++){

xmss_commons.h

@@ -8,6 +8,6 @@ Public domain.
 
 #include <stdlib.h>
 
-void to_byte(unsigned char *output, uint in, int bytes);
+void to_byte(unsigned char *output, unsigned int in, int bytes);
 void hexdump(const unsigned char *a, size_t len);
 #endif