Joost Rijneveld
0d019ddc9f
Change order of SK elements to match RFC
The RFC suggests root||pubseed (in algorithm 10); note that
this choice does not influence interoperability.
Thanks go to Rafael Misoczki for bringing this up.
6 years ago
Joost Rijneveld
75a42a86a6
Allow more flexible parameter selection
This also reduces some duplication between XMSS and XMSSMT
6 years ago
Joost Rijneveld
fd49bbbfe0
Fix pointer type codestyle inconsistency
6 years ago
Joost Rijneveld
42a2e8aa83
Make addr type switching not zero out remainder
This behavior was completely unpredictable from the function name,
in particular when comparing it to other set_*_addr functions.
7 years ago
Joost Rijneveld
daa4e2d6db
Rename hash functions to tweaked hashes
Since there's a tweak being introduced, this should be reflected
in the name of the functions.
7 years ago
Joost Rijneveld
fe252b8093
Move ull-byte-conversions to separate utils file
7 years ago
Joost Rijneveld
b9b84b9f9e
Consistently return -1 on failure
7 years ago
Joost Rijneveld
1cba1e7be8
Make core_fast use the secret key for the state
This ensures that xmss_core and xmss_core_fast offer the same API.
Note that xmss_core_fast still needs a major refactor, and this
wrapper is not exactly very clean. There is a considerable chance
this refactor will change the format of the state in the secret key.
7 years ago
Joost Rijneveld
2e96b03106
Clean up and simplify hash function definitions
7 years ago
Joost Rijneveld
384b228c58
Support messages that exceed the stack size
Previous code allocated an array on the stack of mlen bytes, but
it should be possible to also sign heap-space messages. By relying
on the fact that sm and m fit the message + signature, we move
the message so that 4*n bytes of prefix can be added.
7 years ago
Joost Rijneveld
59d304027c
Let xmss_core decide on secret key size
This allows different backends to store additional state information
in the secret key while the rest of the codebase remains agnostic.
In particular, this prepares for a common xmss_core.h API for both
the standard and the BDS-traversal-based implementations.
7 years ago
Joost Rijneveld
7c6354f762
Rename parameters for readability and consistency
7 years ago
Joost Rijneveld
270e6cd753
Reorder ull_to_bytes parameters to group output
7 years ago
Joost Rijneveld
305bd614bb
Perform various reformatting / renaming
7 years ago
Joost Rijneveld
2a89ca2874
Resolve comparison warnings
7 years ago
Joost Rijneveld
f3bad4a272
Simplify licensing using LICENSE file
7 years ago
Joost Rijneveld
6a8571d880
Revert to using runtime-only parameter struct
Using global defines for parameters (as seems to be typical in
academic crypto code) does not play nice with multithreading at all.
7 years ago
Joost Rijneveld
9d5884e120
Refactor for more consistent style and readability
7 years ago
Joost Rijneveld
65ee8202d8
Refactor to prepare for runtime parameters
7 years ago
Joost Rijneveld
3c0f6668ef
Add parameter for hash alg family, support SHAKE
7 years ago
Joost Rijneveld
8befb0d550
Add SHAKE128 and SHAKE256
This also performs numerous consistency fixes
7 years ago
Joost Rijneveld
5122ac6f73
Reduce code duplication
A large number of functions was repeated in xmss_fast; these are now
shared between the two implementations via the xmss_commons file.
Notably, we ensure compatability by sharing the verification functions.
7 years ago
Joost Rijneveld
1e00c92c18
Refactor to use compile-time parameter sets
This starts a cleanup / refactor, but there is still some low-hanging fruit.
7 years ago
Joost Rijneveld
d4bc8656e3
Fix bug in addressing during fast xmssmt key gen
7 years ago
Andreas
9f512fa8dc
v06
8 years ago
Andreas
ddddfd9739
handle that most machines are little endian but addresses here are big endian...
8 years ago
Andreas
2c290d39be
upgraded to draft-06
8 years ago
Andreas
c37b9dcfca
SWITCH from v01 to v03
Versions are incompatible due to different address formats and differing message compression!
8 years ago
Andreas
622a9513b1
local changes
8 years ago
Joost Rijneveld
c1f0721f4a
Also fix int overflow for systems with 4-byte ULs
8 years ago
Joost Rijneveld
951848fe89
Remove redundant address changes
8 years ago
Joost Rijneveld
e2f1cee548
Fix error for d=1 cases as introduced by 719cb46
8 years ago
Joost Rijneveld
1e503b665e
Make codestyle more consistent, fix -Wextra warns
8 years ago
Joost Rijneveld
719cb467df
Prevent allocating for a 'next' tree on top layer
8 years ago
Joost Rijneveld
8cbbfe0f05
Prevent int overflow for h >= 32
8 years ago
Joost Rijneveld
97331f09c0
Fix update bug (partially re-implement BDS)
The bug occured for cases where d=3 and indicated
a lack of updates. Re-implementing the higher-level
structure of BDS resolved this.
8 years ago
Joost Rijneveld
17c5b2842f
Make address masks more explicit and strict
8 years ago
Andreas
9d9b782ff9
added support for n = m = 64
9 years ago
Joost Rijneveld
f5a5231c72
Do not perform bds_round for the last leaf
9 years ago
Joost Rijneveld
2af61cea82
Check if a NEXT-tree exists before updating it
9 years ago
Joost Rijneveld
4c19fe61e4
Make XMSSMT also use BDS tree traversal
9 years ago
Joost Rijneveld
a075747462
Store BDS state in passable struct, not in globals
9 years ago
Joost Rijneveld
a33aef699c
Adhere to more strict storage bounds
9 years ago
Joost Rijneveld
5d469d118f
Use BDS for auth paths in XMSS (but not XMSSMT yet)
9 years ago
Joost Rijneveld
1511c0bdf7
Add xmss_fast starting point before BDS
9 years ago
Andreas
136f10dae0
Added support for n=m=64
9 years ago
Joost Rijneveld
71da95c8b4
Change 'uint' to standard 'unsigned int'
9 years ago
Andreas
481cc106b6
finished xmssmt
9 years ago
Andreas
d80a463e53
added copyright notes for publishing. Removed unused file.
9 years ago
Andreas
1826fb26ff
Initial commit
9 years ago