Commit Graph

108 Commits

Author SHA1 Message Date
Joost Rijneveld
42a2e8aa83
Make addr type switching not zero out remainder
This behavior was completely unpredictable from the function name,
in particular when comparing it to other set_*_addr functions.
2017-11-01 16:49:52 +01:00
Joost Rijneveld
51790b9d57
Fix prf when n != 32
It wrongfully assumed that 2n + 32 = 3n
2017-11-01 16:07:06 +01:00
Joost Rijneveld
daa4e2d6db
Rename hash functions to tweaked hashes
Since there's a tweak being introduced, this should be reflected
in the name of the functions.
2017-11-01 15:16:17 +01:00
Joost Rijneveld
fe252b8093
Move ull-byte-conversions to separate utils file 2017-11-01 14:59:33 +01:00
Joost Rijneveld
b9b84b9f9e
Consistently return -1 on failure 2017-11-01 14:33:07 +01:00
Joost Rijneveld
a95aaf0b37
Fix typo in WOTS comments: n-byte messages, not m 2017-11-01 13:35:58 +01:00
Joost Rijneveld
e5fceef2e2
Add TravisCI badge 2017-10-31 17:38:20 +01:00
Joost Rijneveld
0ad434698c
Add TravisCI configuration 2017-10-31 17:32:05 +01:00
Joost Rijneveld
b78d0756d0
Make return code of test/xmss meaningful 2017-10-31 17:24:06 +01:00
Joost Rijneveld
a234427390
Explicitly parse XMSS_VARIANT to get OID for tests 2017-10-31 17:23:37 +01:00
Joost Rijneveld
c248911178
Optionally specify number of test sigs in Makefile
This is relevant because of the enormous difference in signing
speed between the regular and BDS-traversal-based xmss core.
2017-10-31 17:23:28 +01:00
Joost Rijneveld
1cba1e7be8
Make core_fast use the secret key for the state
This ensures that xmss_core and xmss_core_fast offer the same API.
Note that xmss_core_fast still needs a major refactor, and this
wrapper is not exactly very clean. There is a considerable chance
this refactor will change the format of the state in the secret key.
2017-10-31 17:21:29 +01:00
Joost Rijneveld
2e96b03106
Clean up and simplify hash function definitions 2017-10-31 17:21:29 +01:00
Joost Rijneveld
384b228c58
Support messages that exceed the stack size
Previous code allocated an array on the stack of mlen bytes, but
it should be possible to also sign heap-space messages. By relying
on the fact that sm and m fit the message + signature, we move
the message so that 4*n bytes of prefix can be added.
2017-10-31 17:21:27 +01:00
Joost Rijneveld
f5d53b252e
Fix failing verification test formatting 2017-10-30 16:36:08 +01:00
Joost Rijneveld
df9fe909fc
Compute sk size after defining BDS k parameter 2017-10-30 13:11:22 +01:00
Joost Rijneveld
ac55d2ccf2
Make XMSSMT WOTS memory usage more accurate 2017-10-30 12:31:33 +01:00
Joost Rijneveld
59d304027c
Let xmss_core decide on secret key size
This allows different backends to store additional state information
in the secret key while the rest of the codebase remains agnostic.

In particular, this prepares for a common xmss_core.h API for both
the standard and the BDS-traversal-based implementations.
2017-10-26 18:06:17 +02:00
Joost Rijneveld
1b16921e3e
Clarify current BDS traversal support 2017-10-26 18:06:17 +02:00
Joost Rijneveld
5ce8fc402b
Clean up tests 2017-10-26 18:06:15 +02:00
Joost Rijneveld
d340e0700d
Remove fixed message length from UI 2017-10-26 14:47:34 +02:00
Joost Rijneveld
dd1ae2a6aa
Adapt UI to abstract from core functions 2017-10-26 14:24:10 +02:00
Joost Rijneveld
3c802756aa
Separate UI and test files 2017-10-26 14:13:28 +02:00
Joost Rijneveld
342dc1c50c
Clean up xmss_core header file 2017-10-26 12:10:17 +02:00
Joost Rijneveld
94a92ed2b1
Make XMSS sign/open functions instances of XMSSMT
This removes a lot of code duplication.
2017-10-26 12:07:57 +02:00
Joost Rijneveld
7c6354f762
Rename parameters for readability and consistency 2017-10-24 17:51:56 +02:00
Joost Rijneveld
bbbb95e869
Fix erroneous index length for XMSSMT
This produced repeated indices when reaching 2^32 signatures.
This was introduced in 9b35b00d98
with the re-introduction of runtime parameters. Compile-time parameters
did not contain this error.
2017-10-24 17:40:21 +02:00
Joost Rijneveld
4111393912
Abstract address types into macro constants 2017-10-24 16:23:57 +02:00
Joost Rijneveld
ae49c04807
Clean up signing functions
As a result, performs various refactors that also impact the verification
function, since cleaner signing functions exposed more overlap.
2017-10-24 16:23:51 +02:00
Joost Rijneveld
d794ae30ee
Deduplicate XMSS/XMSSMT key generation 2017-10-24 12:02:42 +02:00
Joost Rijneveld
d9a9723125
Combine auth path and keygen root functions
This greatly reduces the memory comsumption of the auth path
computation, since it now also uses treehash. It prevents
duplicate code by re-using the treehash function.

A downside is that it does also pick out the authentication path
during key generation (while it is not used), but this cost is
negligible.
2017-10-24 11:53:45 +02:00
Joost Rijneveld
9ac634762f
Also fix underflow for XMSSMT
This is the same fix as 998137622a
2017-10-24 09:37:57 +02:00
Joost Rijneveld
a9fe0e43fe
Clean up key generation 2017-10-24 09:37:49 +02:00
Joost Rijneveld
270e6cd753
Reorder ull_to_bytes parameters to group output 2017-10-23 16:19:16 +02:00
Joost Rijneveld
cd8e621dac
Refactor and deduplicate WOTS 2017-10-23 15:54:14 +02:00
Joost Rijneveld
c4d4e93bbd
Add test to check deterministic signatures
Wrote this to find what turned out to be an external error when
using the interfacing programs, but felt like it might as well be added.

Under the same key and message, the signature is expected to be identical.
However, as the index changes, this case will not happen in real use.
2017-10-23 14:52:33 +02:00
Joost Rijneveld
305bd614bb
Perform various reformatting / renaming 2017-10-23 14:10:39 +02:00
Joost Rijneveld
998137622a
Fix integer underflow when writing updated sk
This caused secret key files to become close to MAXINT bytes, as
the unsigned int that is the private key size would be subtracted
from MAXINT when its negative was used as offset.
2017-10-23 13:25:01 +02:00
Joost Rijneveld
8970c4933c
Document and simplify library usage 2017-10-23 13:03:44 +02:00
Joost Rijneveld
138a380a26
Remove unnecessary endianness difference
The current code results in the same output regardless of endianness.
Verified using a QEMU VM to emulate MIPS.
2017-10-19 18:11:52 +02:00
Joost Rijneveld
2a89ca2874
Resolve comparison warnings 2017-10-19 17:38:34 +02:00
Joost Rijneveld
f3bad4a272
Simplify licensing using LICENSE file 2017-10-19 17:38:34 +02:00
Joost Rijneveld
dce1a1acda
Clean up includes 2017-10-19 17:38:26 +02:00
Joost Rijneveld
c803860cf8
Fix file IO ambiguity for UI scripts
The variable sm should contain the signature and the message,
not the message and the signature (i.e. the order is crucial).
2017-10-19 16:08:50 +02:00
Joost Rijneveld
2c976d5268
Unify header guards
By prefixing with XMSS_, we hopefully prevent conflicts
2017-10-19 16:04:42 +02:00
Joost Rijneveld
b8eb8c44a1
Add UI test files to create sample signatures
This makes it easier to mix and match with other implementations
for compatibility testing.
2017-10-17 17:11:18 +02:00
Joost Rijneveld
a926fce0bd
Clean up stray params.h generator 2017-10-16 15:29:17 +02:00
Joost Rijneveld
1a7df37f59
Add accidentally omitted params.h
Previously this was generated and thus gitignored
2017-10-16 15:17:35 +02:00
Joost Rijneveld
6a8571d880
Revert to using runtime-only parameter struct
Using global defines for parameters (as seems to be typical in
academic crypto code) does not play nice with multithreading at all.
2017-10-16 12:09:07 +02:00
Joost Rijneveld
2f87bf5a1f
Simplify runtime parameter globals 2017-08-24 14:59:14 +02:00