Merge branch 'master' of bitbucket.org:ahuelsing/xmss_ref
Conflicts: Makefile test/test_chacha test/test_wots test/test_xmss
This commit is contained in:
commit
ed18e56412
7
.gitignore
vendored
Normal file
7
.gitignore
vendored
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
test/test_chacha
|
||||||
|
test/test_wots
|
||||||
|
test/test_horst
|
||||||
|
test/test_xmss
|
||||||
|
test/test_xmssmt
|
||||||
|
test/speed
|
||||||
|
test/gen_testvectors
|
2
Makefile
2
Makefile
@ -26,3 +26,5 @@ clean:
|
|||||||
-rm test/test_wots
|
-rm test/test_wots
|
||||||
-rm test/test_xmss
|
-rm test/test_xmss
|
||||||
-rm test/test_xmssmt
|
-rm test/test_xmssmt
|
||||||
|
|
||||||
|
|
||||||
|
4
prg.c
4
prg.c
@ -13,7 +13,7 @@ const unsigned char zero_nonce[12] = {0};
|
|||||||
/**
|
/**
|
||||||
* Generates rlen output bytes using ChaCha20 with a zero nonce and counter = 0
|
* Generates rlen output bytes using ChaCha20 with a zero nonce and counter = 0
|
||||||
*/
|
*/
|
||||||
void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, uint key_len)
|
void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len)
|
||||||
{
|
{
|
||||||
CRYPTO_chacha_20_keystream(r, rlen, key, zero_nonce, 0);
|
CRYPTO_chacha_20_keystream(r, rlen, key, zero_nonce, 0);
|
||||||
}
|
}
|
||||||
@ -22,7 +22,7 @@ void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, ui
|
|||||||
* Generates rlen output bytes using ChaCha20.
|
* Generates rlen output bytes using ChaCha20.
|
||||||
* Nonce and counter are set depending on the address addr.
|
* Nonce and counter are set depending on the address addr.
|
||||||
*/
|
*/
|
||||||
void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned char *key, uint key_len, const unsigned char addr[16])
|
void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len, const unsigned char addr[16])
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
unsigned char nonce[12];
|
unsigned char nonce[12];
|
||||||
|
4
prg.h
4
prg.h
@ -12,11 +12,11 @@ Public domain.
|
|||||||
* Generates rlen output bytes using key_len-byte key and places them in r.
|
* Generates rlen output bytes using key_len-byte key and places them in r.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, uint key_len);
|
void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generates rlen output bytes using key_len-byte key and hash address addr and places them in r.
|
* Generates rlen output bytes using key_len-byte key and hash address addr and places them in r.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned char *key, uint key_len, const unsigned char addr[16]);
|
void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len, const unsigned char addr[16]);
|
||||||
#endif
|
#endif
|
||||||
|
98
test/test_xmssmt.c
Normal file
98
test/test_xmssmt.c
Normal file
@ -0,0 +1,98 @@
|
|||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "../xmss.h"
|
||||||
|
|
||||||
|
#define MLEN 3491
|
||||||
|
#define SIGNATURES 1024
|
||||||
|
|
||||||
|
|
||||||
|
unsigned char mi[MLEN];
|
||||||
|
unsigned long long smlen;
|
||||||
|
unsigned long long mlen;
|
||||||
|
|
||||||
|
int main()
|
||||||
|
{
|
||||||
|
int r;
|
||||||
|
unsigned long long i,j;
|
||||||
|
int m = 32;
|
||||||
|
int n = 32;
|
||||||
|
int h = 10;
|
||||||
|
int d = 2;
|
||||||
|
int w = 16;
|
||||||
|
|
||||||
|
xmssmt_params p;
|
||||||
|
xmssmt_params *params = &p;
|
||||||
|
xmssmt_set_params(params, m, n, h, d, w);
|
||||||
|
|
||||||
|
unsigned char sk[(params->index_len+2*n+m)];
|
||||||
|
unsigned char pk[2*n];
|
||||||
|
|
||||||
|
unsigned long long signature_length = params->index_len + m + (d*params->xmss_par.wots_par.keysize) + h*n;
|
||||||
|
unsigned char mo[MLEN+signature_length];
|
||||||
|
unsigned char sm[MLEN+signature_length];
|
||||||
|
|
||||||
|
FILE *urandom = fopen("/dev/urandom", "r");
|
||||||
|
for(i=0;i<MLEN;i++) mi[i] = fgetc(urandom);
|
||||||
|
|
||||||
|
printf("keypair\n");
|
||||||
|
xmssmt_keypair(pk, sk, params);
|
||||||
|
// check pub_seed in SK
|
||||||
|
for(i=0;i<n;i++)
|
||||||
|
{
|
||||||
|
if(pk[n+i] != sk[params->index_len+m+n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
|
||||||
|
}
|
||||||
|
printf("pk checked\n");
|
||||||
|
|
||||||
|
unsigned int idx_len = params->index_len;
|
||||||
|
// check index
|
||||||
|
unsigned long long idx = 0;
|
||||||
|
for(i = 0; i < idx_len; i++){
|
||||||
|
idx |= ((unsigned long long)sk[i]) << 8*(idx_len - 1 - i);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(idx) printf("\nidx != 0: %llu\n",idx);
|
||||||
|
|
||||||
|
for(i=0;i<SIGNATURES;i++){
|
||||||
|
printf("sign\n");
|
||||||
|
xmssmt_sign(sk, sm, &smlen, mi, MLEN, params);
|
||||||
|
idx = 0;
|
||||||
|
for(j = 0; j < idx_len; j++){
|
||||||
|
idx += ((unsigned long long)sm[j]) << 8*(idx_len - 1 - j);
|
||||||
|
}
|
||||||
|
printf("\nidx = %llu\n",idx);
|
||||||
|
r = memcmp(mi, sm+signature_length,MLEN);
|
||||||
|
printf("%d\n", r);
|
||||||
|
|
||||||
|
/* Test valid signature */
|
||||||
|
printf("verify\n");
|
||||||
|
r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk, params);
|
||||||
|
printf("%d\n", r);
|
||||||
|
r = memcmp(mi,mo,MLEN);
|
||||||
|
printf("%d\n", r);
|
||||||
|
printf("%llu\n", MLEN-mlen);
|
||||||
|
|
||||||
|
/* Test with modified message */
|
||||||
|
sm[52] ^= 1;
|
||||||
|
r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk, params);
|
||||||
|
printf("%d\n", r+1);
|
||||||
|
r = memcmp(mi,mo,MLEN);
|
||||||
|
printf("%d\n", (r!=0) - 1);
|
||||||
|
printf("%llu\n", mlen+1);
|
||||||
|
|
||||||
|
/* Test with modified signature */
|
||||||
|
sm[260] ^= 1;
|
||||||
|
sm[52] ^= 1;
|
||||||
|
sm[2] ^= 1;
|
||||||
|
r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk, params);
|
||||||
|
printf("%d\n", r+1);
|
||||||
|
r = memcmp(mi,mo,MLEN);
|
||||||
|
printf("%d\n", (r!=0) - 1);
|
||||||
|
printf("%llu\n", mlen+1);
|
||||||
|
|
||||||
|
}
|
||||||
|
fclose(urandom);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
10
wots.c
10
wots.c
@ -57,7 +57,7 @@ static void expand_seed(unsigned char *outseeds, const unsigned char *inseed, co
|
|||||||
*/
|
*/
|
||||||
static void gen_chain(unsigned char *out, const unsigned char *in, int start, int steps, const wots_params *params, const unsigned char *pub_seed, unsigned char addr[16])
|
static void gen_chain(unsigned char *out, const unsigned char *in, int start, int steps, const wots_params *params, const unsigned char *pub_seed, unsigned char addr[16])
|
||||||
{
|
{
|
||||||
uint i,j;
|
unsigned int i,j;
|
||||||
for(j=0;j<params->n;j++)
|
for(j=0;j<params->n;j++)
|
||||||
out[j] = in[j];
|
out[j] = in[j];
|
||||||
|
|
||||||
@ -101,7 +101,7 @@ static void base_w(int *output, const unsigned char *input, int in_len, const wo
|
|||||||
*/
|
*/
|
||||||
static void base_w_alternative(int *output, unsigned char *input, int in_len, const wots_params *params)
|
static void base_w_alternative(int *output, unsigned char *input, int in_len, const wots_params *params)
|
||||||
{
|
{
|
||||||
uint i = 0;
|
unsigned int i = 0;
|
||||||
for(i = 0; i < in_len; i += 2)
|
for(i = 0; i < in_len; i += 2)
|
||||||
{
|
{
|
||||||
output[i] = input[in_len - 1 - (i / 2)] >> 4;
|
output[i] = input[in_len - 1 - (i / 2)] >> 4;
|
||||||
@ -111,7 +111,7 @@ static void base_w_alternative(int *output, unsigned char *input, int in_len, co
|
|||||||
|
|
||||||
void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, unsigned char addr[16])
|
void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, unsigned char addr[16])
|
||||||
{
|
{
|
||||||
uint i;
|
unsigned int i;
|
||||||
expand_seed(pk, sk, params);
|
expand_seed(pk, sk, params);
|
||||||
for(i=0;i<params->len;i++){
|
for(i=0;i<params->len;i++){
|
||||||
SET_CHAIN_ADDRESS(addr,i);
|
SET_CHAIN_ADDRESS(addr,i);
|
||||||
@ -127,7 +127,7 @@ void wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char
|
|||||||
{
|
{
|
||||||
int basew[params->len];
|
int basew[params->len];
|
||||||
int csum = 0;
|
int csum = 0;
|
||||||
uint i=0;
|
unsigned int i=0;
|
||||||
|
|
||||||
base_w(basew, msg, params->m, params);
|
base_w(basew, msg, params->m, params);
|
||||||
|
|
||||||
@ -166,7 +166,7 @@ void wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned
|
|||||||
{
|
{
|
||||||
int basew[params->len];
|
int basew[params->len];
|
||||||
int csum = 0;
|
int csum = 0;
|
||||||
uint i=0;
|
unsigned int i=0;
|
||||||
|
|
||||||
base_w(basew, msg, params->m, params);
|
base_w(basew, msg, params->m, params);
|
||||||
|
|
||||||
|
50
xmss.c
50
xmss.c
@ -132,10 +132,10 @@ void xmssmt_set_params(xmssmt_params *params, int m, int n, int h, int d, int w)
|
|||||||
*/
|
*/
|
||||||
static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_params *params, const unsigned char *pub_seed, unsigned char addr[16])
|
static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_params *params, const unsigned char *pub_seed, unsigned char addr[16])
|
||||||
{
|
{
|
||||||
uint l = params->wots_par.len;
|
unsigned int l = params->wots_par.len;
|
||||||
uint n = params->n;
|
unsigned int n = params->n;
|
||||||
unsigned long i = 0;
|
unsigned long i = 0;
|
||||||
uint height = 0;
|
unsigned int height = 0;
|
||||||
|
|
||||||
//ADRS.setTreeHeight(0);
|
//ADRS.setTreeHeight(0);
|
||||||
SET_LTREE_TREE_HEIGHT(addr,height);
|
SET_LTREE_TREE_HEIGHT(addr,height);
|
||||||
@ -192,8 +192,8 @@ static void gen_leaf_wots(unsigned char *leaf, const unsigned char *sk_seed, con
|
|||||||
static void treehash(unsigned char *node, int height, int index, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const unsigned char addr[16])
|
static void treehash(unsigned char *node, int height, int index, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const unsigned char addr[16])
|
||||||
{
|
{
|
||||||
|
|
||||||
uint idx = index;
|
unsigned int idx = index;
|
||||||
uint n = params->n;
|
unsigned int n = params->n;
|
||||||
// use three different addresses because at this point we use all three formats in parallel
|
// use three different addresses because at this point we use all three formats in parallel
|
||||||
unsigned char ots_addr[16];
|
unsigned char ots_addr[16];
|
||||||
unsigned char ltree_addr[16];
|
unsigned char ltree_addr[16];
|
||||||
@ -240,7 +240,7 @@ static void treehash(unsigned char *node, int height, int index, const unsigned
|
|||||||
*/
|
*/
|
||||||
static void validate_authpath(unsigned char *root, const unsigned char *leaf, unsigned long leafidx, const unsigned char *authpath, const xmss_params *params, const unsigned char *pub_seed, unsigned char addr[16])
|
static void validate_authpath(unsigned char *root, const unsigned char *leaf, unsigned long leafidx, const unsigned char *authpath, const xmss_params *params, const unsigned char *pub_seed, unsigned char addr[16])
|
||||||
{
|
{
|
||||||
uint n = params->n;
|
unsigned int n = params->n;
|
||||||
|
|
||||||
int i,j;
|
int i,j;
|
||||||
unsigned char buffer[2*n];
|
unsigned char buffer[2*n];
|
||||||
@ -295,7 +295,7 @@ static void validate_authpath(unsigned char *root, const unsigned char *leaf, un
|
|||||||
*/
|
*/
|
||||||
static void compute_authpath_wots(unsigned char *root, unsigned char *authpath, unsigned long leaf_idx, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, unsigned char addr[16])
|
static void compute_authpath_wots(unsigned char *root, unsigned char *authpath, unsigned long leaf_idx, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, unsigned char addr[16])
|
||||||
{
|
{
|
||||||
uint i, j, level;
|
unsigned int i, j, level;
|
||||||
int n = params->n;
|
int n = params->n;
|
||||||
int h = params->h;
|
int h = params->h;
|
||||||
|
|
||||||
@ -355,8 +355,8 @@ static void compute_authpath_wots(unsigned char *root, unsigned char *authpath,
|
|||||||
*/
|
*/
|
||||||
int xmss_keypair(unsigned char *pk, unsigned char *sk, xmss_params *params)
|
int xmss_keypair(unsigned char *pk, unsigned char *sk, xmss_params *params)
|
||||||
{
|
{
|
||||||
uint n = params->n;
|
unsigned int n = params->n;
|
||||||
uint m = params->m;
|
unsigned int m = params->m;
|
||||||
// Set idx = 0
|
// Set idx = 0
|
||||||
sk[0] = 0;
|
sk[0] = 0;
|
||||||
sk[1] = 0;
|
sk[1] = 0;
|
||||||
@ -382,8 +382,8 @@ int xmss_keypair(unsigned char *pk, unsigned char *sk, xmss_params *params)
|
|||||||
*/
|
*/
|
||||||
int xmss_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmss_params *params)
|
int xmss_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmss_params *params)
|
||||||
{
|
{
|
||||||
uint n = params->n;
|
unsigned int n = params->n;
|
||||||
uint m = params->m;
|
unsigned int m = params->m;
|
||||||
|
|
||||||
// Extract SK
|
// Extract SK
|
||||||
unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3];
|
unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3];
|
||||||
@ -474,8 +474,8 @@ int xmss_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *sig
|
|||||||
*/
|
*/
|
||||||
int xmss_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params)
|
int xmss_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params)
|
||||||
{
|
{
|
||||||
uint n = params->n;
|
unsigned int n = params->n;
|
||||||
uint m = params->m;
|
unsigned int m = params->m;
|
||||||
|
|
||||||
unsigned long long i, m_len;
|
unsigned long long i, m_len;
|
||||||
unsigned long idx=0;
|
unsigned long idx=0;
|
||||||
@ -564,9 +564,9 @@ fail:
|
|||||||
*/
|
*/
|
||||||
int xmssmt_keypair(unsigned char *pk, unsigned char *sk, xmssmt_params *params)
|
int xmssmt_keypair(unsigned char *pk, unsigned char *sk, xmssmt_params *params)
|
||||||
{
|
{
|
||||||
uint n = params->n;
|
unsigned int n = params->n;
|
||||||
uint m = params->m;
|
unsigned int m = params->m;
|
||||||
uint i;
|
unsigned int i;
|
||||||
// Set idx = 0
|
// Set idx = 0
|
||||||
for (i = 0; i < params->index_len; i++){
|
for (i = 0; i < params->index_len; i++){
|
||||||
sk[i] = 0;
|
sk[i] = 0;
|
||||||
@ -594,10 +594,10 @@ int xmssmt_keypair(unsigned char *pk, unsigned char *sk, xmssmt_params *params)
|
|||||||
*/
|
*/
|
||||||
int xmssmt_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params)
|
int xmssmt_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params)
|
||||||
{
|
{
|
||||||
uint n = params->n;
|
unsigned int n = params->n;
|
||||||
uint m = params->m;
|
unsigned int m = params->m;
|
||||||
uint tree_h = params->xmss_par.h;
|
unsigned int tree_h = params->xmss_par.h;
|
||||||
uint idx_len = params->index_len;
|
unsigned int idx_len = params->index_len;
|
||||||
unsigned long long idx_tree;
|
unsigned long long idx_tree;
|
||||||
unsigned long long idx_leaf;
|
unsigned long long idx_leaf;
|
||||||
unsigned long long i;
|
unsigned long long i;
|
||||||
@ -686,7 +686,7 @@ int xmssmt_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *s
|
|||||||
*sig_msg_len += tree_h*n;
|
*sig_msg_len += tree_h*n;
|
||||||
|
|
||||||
// Now loop over remaining layers...
|
// Now loop over remaining layers...
|
||||||
uint j;
|
unsigned int j;
|
||||||
for(j = 1; j < params->d; j++){
|
for(j = 1; j < params->d; j++){
|
||||||
// Prepare Address
|
// Prepare Address
|
||||||
idx_leaf = (idx_tree & ((1 << tree_h)-1));
|
idx_leaf = (idx_tree & ((1 << tree_h)-1));
|
||||||
@ -723,11 +723,11 @@ int xmssmt_sign(unsigned char *sk, unsigned char *sig_msg, unsigned long long *s
|
|||||||
*/
|
*/
|
||||||
int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params)
|
int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params)
|
||||||
{
|
{
|
||||||
uint n = params->n;
|
unsigned int n = params->n;
|
||||||
uint m = params->m;
|
unsigned int m = params->m;
|
||||||
|
|
||||||
uint tree_h = params->xmss_par.h;
|
unsigned int tree_h = params->xmss_par.h;
|
||||||
uint idx_len = params->index_len;
|
unsigned int idx_len = params->index_len;
|
||||||
unsigned long long idx_tree;
|
unsigned long long idx_tree;
|
||||||
unsigned long long idx_leaf;
|
unsigned long long idx_leaf;
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ Public domain.
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
void to_byte(unsigned char *out, uint in, int bytes)
|
void to_byte(unsigned char *out, unsigned int in, int bytes)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
for(i = 0; i < bytes; i++){
|
for(i = 0; i < bytes; i++){
|
||||||
|
@ -8,6 +8,6 @@ Public domain.
|
|||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
void to_byte(unsigned char *output, uint in, int bytes);
|
void to_byte(unsigned char *output, unsigned int in, int bytes);
|
||||||
void hexdump(const unsigned char *a, size_t len);
|
void hexdump(const unsigned char *a, size_t len);
|
||||||
#endif
|
#endif
|
Loading…
Reference in New Issue
Block a user