kris
/
xmss-KAT-generator
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
142 Commits
1 Branch
488 KiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
xmss-KAT-generator/test/acvpkat.c

308 lines
11 KiB
Raw Permalink Blame History 

  1. /* 

  2.  * Generate intermediate test vectors useful to test implementations.

  3.  */

  4. 

  5. // Number of sample vectors to be generated

  6. #include <stdint.h>

  7. #include <stdio.h>

  8. #include <string.h>

  9. 

  10. #include "../fips202.h"

  11. #include "../params.h"

  12. #include "../randombytes.h"

  13. #include "../utils.h"

  14. #include "../wots.h"

  15. #include "../xmss_commons.h"

  16. #include "../xmss_core.h"

  17. 

  18. #include <sys/random.h>

  19. #include <sys/stat.h>

  20. 

  21. #include <json.h>

  22. 

  23. #define MESSAGE_LEN 128u

  24. 

  25. struct param_t {

  26.     uint8_t oid;

  27.     const char *name;

  28.     const char *hash;

  29.     unsigned height;

  30.     unsigned n_samples;

  31. };

  32. 

  33. void sprint_hex(char *sbuf, unsigned char *buf, int len) {

  34.     for (int i = 0; i < len; i++) { 

  35.         sprintf(&sbuf[2*i], "%02X", buf[i]); 

  36.     }

  37.     sbuf[2*len] = '\0';

  38. }

  39. 

  40. void vectors_keygen(uint32_t oid, json_object *jreq, json_object *jres, uint32_t n_samples) {

  41.     xmss_params params;

  42.     struct json_object *tc_req, *tcs_req, *tc_res, *tcs_res;

  43.     

  44.     xmss_parse_oid(&params, oid);

  45. 

  46.     unsigned char seed[params.n * 3];

  47.     unsigned char pk[params.pk_bytes + XMSS_OID_LEN];

  48.     unsigned char sk[params.sk_bytes + XMSS_OID_LEN];

  49.     char *sbuf;

  50.     unsigned i;

  51. 

  52.     tcs_req = json_object_new_array();

  53.     tcs_res = json_object_new_array();

  54. 

  55.     for (i = 0; i < XMSS_OID_LEN; i++) {

  56.         pk[XMSS_OID_LEN - i - 1] = (oid >> (8 * i)) & 0xFF;

  57.         sk[XMSS_OID_LEN - i - 1] = (oid >> (8 * i)) & 0xFF;

  58.     }

  59. 

  60.     for (size_t i=0; i<n_samples; i++) {

  61.         tc_req = json_object_new_object();

  62.         tc_res = json_object_new_object();

  63. 

  64.         randombytes(seed, 3*params.n);

  65.         xmssmt_core_seed_keypair(&params, &pk[XMSS_OID_LEN], &sk[XMSS_OID_LEN], seed);

  66. 

  67.         json_object_object_add(tc_req, "tcId", json_object_new_int(i+1));

  68.         sbuf = malloc(2*params.n + 1);

  69.         sprint_hex(sbuf, seed, params.n);

  70.         json_object_object_add(tc_req, "S_XMSS", json_object_new_string(sbuf));

  71.         sprint_hex(sbuf, &seed[params.n], params.n);

  72.         json_object_object_add(tc_req, "SK_PRF", json_object_new_string(sbuf));

  73.         sprint_hex(sbuf, &seed[2*params.n], params.n);

  74.         json_object_object_add(tc_req, "I", json_object_new_string(sbuf));

  75.         free(sbuf);

  76. 

  77.         json_object_object_add(tc_res, "tcId", json_object_new_int(i+1));

  78.         sbuf = malloc(2*(params.pk_bytes + XMSS_OID_LEN) + 1);

  79.         sprint_hex(sbuf, pk, params.pk_bytes + XMSS_OID_LEN);

  80.         json_object_object_add(tc_res, "publicKey", json_object_new_string(sbuf));

  81.         free(sbuf);

  82. 

  83.         sbuf = malloc(2*(params.sk_bytes + XMSS_OID_LEN) + 1);

  84.         sprint_hex(sbuf, sk, params.sk_bytes + XMSS_OID_LEN);

  85.         json_object_object_add(tc_res, "secretKey", json_object_new_string(sbuf));

  86.         free(sbuf);

  87. 

  88.         json_object_array_add(tcs_req,tc_req);

  89.         json_object_array_add(tcs_res,tc_res);

  90.     }

  91.     json_object_object_add(jreq, "tests", tcs_req);

  92.     json_object_object_add(jres, "tests", tcs_res);

  93. }

  94. 

  95. void json_header_keygen(json_object *jobj) {

  96.     json_object_object_add(jobj, "vsId", json_object_new_int(0));

  97.     json_object_object_add(jobj, "algorithm", json_object_new_string("XMSS"));

  98.     json_object_object_add(jobj, "mode", json_object_new_string("keyGen"));

  99.     json_object_object_add(jobj, "revision", json_object_new_string("1.0"));

  100.     json_object_object_add(jobj, "isSample", json_object_new_boolean(1));

  101. }

  102. 

  103. void keygen_KAT(const struct param_t *h) {

  104.     struct json_object *jres, *jreq, *tgs_req, *tgs_res, *tg_req, *tg_res;

  105.     char buf[256];

  106. 

  107.     jreq = json_object_new_object();

  108.     jres = json_object_new_object();

  109. 

  110.     json_header_keygen(jreq);

  111.     json_header_keygen(jres);

  112. 

  113.     tgs_req = json_object_new_array();

  114.     tgs_res = json_object_new_array();

  115. 

  116.     tg_req = json_object_new_object();

  117.     tg_res = json_object_new_object();

  118. 

  119.     // Request file

  120.     json_object_object_add(tg_req, "tgId", json_object_new_int(1));

  121.     json_object_object_add(tg_req, "testType", json_object_new_string("AFT"));

  122.     json_object_object_add(tg_req, "OID", json_object_new_int(h->oid));

  123.     json_object_object_add(tg_req, "param", json_object_new_string(h->name));

  124. 

  125.     // Response file

  126.     json_object_object_add(tg_res, "tgId", json_object_new_int(1));

  127.     json_object_object_add(tg_req, "OID", json_object_new_int(h->oid));

  128. 

  129.     vectors_keygen(h->oid, tg_req, tg_res, h->n_samples); 

  130. 

  131.     json_object_array_add(tgs_req, tg_req);

  132.     json_object_array_add(tgs_res, tg_res);

  133. 

  134.     json_object_object_add(jreq, "testGroups", tgs_req);

  135.     json_object_object_add(jres, "testGroups", tgs_res);

  136.     

  137.     sprintf(buf, "XMSS-%s-%s-H%u", "keyGen", h->hash, h->height);

  138.     mkdir(buf, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);

  139.     sprintf(buf, "XMSS-%s-%s-H%u/%s", "keyGen", h->hash, h->height, "prompt.json");

  140.     json_object_to_file_ext(buf, jreq, JSON_C_TO_STRING_SPACED | JSON_C_TO_STRING_PRETTY);

  141.     sprintf(buf, "XMSS-%s-%s-H%u/%s", "keyGen", h->hash, h->height, "expectedResults.json");

  142.     json_object_to_file_ext(buf, jres, JSON_C_TO_STRING_SPACED | JSON_C_TO_STRING_PRETTY);

  143. 

  144.     json_object_put(jres);

  145.     json_object_put(jreq);

  146. }

  147. 

  148. void json_header_siggen(json_object *jobj) {

  149.     json_object_object_add(jobj, "vsId", json_object_new_int(0));

  150.     json_object_object_add(jobj, "algorithm", json_object_new_string("XMSS"));

  151.     json_object_object_add(jobj, "mode", json_object_new_string("sigGen"));

  152.     json_object_object_add(jobj, "revision", json_object_new_string("1.0"));

  153.     json_object_object_add(jobj, "isSample", json_object_new_boolean(1));

  154. }

  155. 

  156. void vectors_siggen(uint32_t oid, unsigned char *sk, json_object *jreq, json_object *jres, uint32_t n_samples) {

  157.     xmss_params params;

  158.     struct json_object *tc_req, *tcs_req, *tc_res, *tcs_res;

  159.     

  160.     xmss_parse_oid(&params, oid);

  161.     unsigned char sm[params.sig_bytes + MESSAGE_LEN];

  162.     unsigned long long smlen = 0;

  163.     unsigned char msg[MESSAGE_LEN];

  164.     unsigned q;

  165.     unsigned height = 1u << (params.full_height);

  166.     char *sbuf;

  167. 

  168.     tcs_req = json_object_new_array();

  169.     tcs_res = json_object_new_array();

  170. 

  171.     for (size_t i=0; i<n_samples; i++) {

  172.         tc_req = json_object_new_object();

  173.         tc_res = json_object_new_object();

  174. 

  175.         randombytes(msg, MESSAGE_LEN);

  176.         randombytes((void*)&q, sizeof(q));

  177.         q = q % height;

  178.         smlen = 0;

  179. 

  180.         ull_to_bytes(sk, params.index_bytes, q);

  181.         xmss_core_sign(&params, sk, sm, &smlen, msg, MESSAGE_LEN);

  182. 

  183.         json_object_object_add(tc_res, "tcId", json_object_new_int(i+1));

  184.         json_object_object_add(tc_req, "tcId", json_object_new_int(i+1));

  185. 

  186.         sbuf = malloc(2*MESSAGE_LEN + 1);

  187.         sprint_hex(sbuf, msg, MESSAGE_LEN);

  188.         json_object_object_add(tc_req, "message", json_object_new_string(sbuf));

  189.         free(sbuf);

  190. 

  191.         sbuf = malloc(2*smlen + 1);

  192.         sprint_hex(sbuf, sm, smlen);

  193.         json_object_object_add(tc_res, "signature", json_object_new_string(sbuf));

  194.         free(sbuf);

  195. 

  196.         json_object_object_add(tc_req, "q", json_object_new_int(q));

  197.         json_object_array_add(tcs_req, tc_req);

  198.         json_object_array_add(tcs_res, tc_res);

  199.     }

  200.     json_object_object_add(jreq, "tests", tcs_req);

  201.     json_object_object_add(jres, "tests", tcs_res);

  202. }

  203. 

  204. void siggen_KAT(const struct param_t *h) {

  205.     xmss_params params;

  206.     struct json_object *jres, *jreq, *tgs_req, *tgs_res, *tg_req, *tg_res;

  207.     xmss_parse_oid(&params, h->oid);

  208. 

  209.     char buf[256], *sbuf;

  210.     unsigned char seed[params.n * 3];

  211.     unsigned char pk[params.pk_bytes + XMSS_OID_LEN];

  212.     unsigned char sk[params.sk_bytes + XMSS_OID_LEN];

  213.     size_t i;

  214. 

  215.     jreq = json_object_new_object();

  216.     jres = json_object_new_object();

  217. 

  218.     json_header_siggen(jreq);

  219.     json_header_siggen(jres);

  220. 

  221.     tgs_req = json_object_new_array();

  222.     tgs_res = json_object_new_array();

  223. 

  224.     tg_req = json_object_new_object();

  225.     tg_res = json_object_new_object();

  226. 

  227.     // Store key OIDs

  228.     for (i = 0; i < XMSS_OID_LEN; i++) {

  229.         pk[XMSS_OID_LEN - i - 1] = (h->oid >> (8 * i)) & 0xFF;

  230.         sk[XMSS_OID_LEN - i - 1] = (h->oid >> (8 * i)) & 0xFF;

  231.     }

  232. 

  233.     // Request file

  234.     json_object_object_add(tg_req, "tgId", json_object_new_int(1));

  235.     json_object_object_add(tg_req, "testType", json_object_new_string("AFT"));

  236.     json_object_object_add(tg_req, "OID", json_object_new_int(h->oid));

  237.     json_object_object_add(tg_req, "param", json_object_new_string(h->name));

  238. 

  239.     // Response file

  240.     json_object_object_add(tg_res, "tgId", json_object_new_int(1));

  241.     json_object_object_add(tg_res, "OID", json_object_new_int(h->oid));

  242. 

  243.     randombytes(seed, 3*params.n);

  244.     xmssmt_core_seed_keypair(&params, pk + XMSS_OID_LEN, sk + XMSS_OID_LEN, seed);

  245. 

  246.     sbuf = malloc(2*params.n + 1);

  247.     sprint_hex(sbuf, seed, params.n);

  248.     json_object_object_add(tg_req, "S_XMSS", json_object_new_string(sbuf));

  249.     sprint_hex(sbuf, &seed[params.n], params.n);

  250.     json_object_object_add(tg_req, "SK_PRF", json_object_new_string(sbuf));

  251.     sprint_hex(sbuf, &seed[2*params.n], params.n);

  252.     json_object_object_add(tg_req, "I", json_object_new_string(sbuf));

  253.     free(sbuf);

  254. 

  255.     sbuf = malloc(2*params.n + 1);

  256.     // Store 'root' from the public key (same as in the secret key)

  257.     sprint_hex(sbuf, pk + XMSS_OID_LEN, params.n);

  258.     json_object_object_add(tg_req, "PK_root", json_object_new_string(sbuf));

  259.     free(sbuf);

  260. 

  261.     sbuf = malloc(2*(params.pk_bytes + XMSS_OID_LEN) + 1);

  262.     sprint_hex(sbuf, pk, params.pk_bytes  + XMSS_OID_LEN);

  263.     json_object_object_add(tg_res, "publicKey", json_object_new_string(sbuf));

  264.     free(sbuf);

  265. 

  266.     vectors_siggen(h->oid, sk + XMSS_OID_LEN, tg_req, tg_res, h->n_samples);

  267. 

  268.     json_object_array_add(tgs_req, tg_req);

  269.     json_object_array_add(tgs_res, tg_res);

  270. 

  271.     json_object_object_add(jreq, "testGroups", tgs_req);

  272.     json_object_object_add(jres, "testGroups", tgs_res);

  273.     

  274.     sprintf(buf, "XMSS-%s-%s-H%u", "sigGen", h->hash, h->height);

  275.     mkdir(buf, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);

  276.     sprintf(buf, "XMSS-%s-%s-H%u/%s", "sigGen", h->hash, h->height, "prompt.json");

  277.     json_object_to_file_ext(buf, jreq, JSON_C_TO_STRING_SPACED | JSON_C_TO_STRING_PRETTY);

  278.     sprintf(buf, "XMSS-%s-%s-H%u/%s", "sigGen", h->hash, h->height, "expectedResults.json");

  279.     json_object_to_file_ext(buf, jres, JSON_C_TO_STRING_SPACED | JSON_C_TO_STRING_PRETTY);

  280. 

  281.     json_object_put(jreq);

  282.     json_object_put(jres);

  283. }

  284. 

  285. int main() {

  286.     const struct param_t OIDs[] = {

  287.         {0x01, "XMSS-SHA2_10_256", "SHA256-N32", 10, 10},   // H10

  288.         {0x0D, "XMSS-SHA2_10_192", "SHA256-N24", 10, 10},   // H10

  289.         {0x10, "XMSS-SHAKE256_10_256", "SHAKE256-N32", 10, 10}, // H10

  290.         {0x13, "XMSS-SHAKE256_10_192", "SHAKE256-N24", 10, 10}, // H10

  291. 

  292.         {0x02, "XMSS-SHA2_16_256", "SHA256-N32", 16, 5},    // H16

  293.         {0x0E, "XMSS-SHA2_16_192", "SHA256-N24", 16, 5},    // H16

  294.         {0x11, "XMSS-SHAKE256_16_256", "SHAKE256-N32", 16, 5},  // H16

  295.         {0x14, "XMSS-SHAKE256_16_192", "SHAKE256-N24", 16, 5},  // H16

  296. 

  297.         {0x03, "XMSS-SHA2_20_256", "SHA256-N32", 20, 3},    // H20

  298.         {0x0F, "XMSS-SHA2_20_192", "SHA256-N24", 20, 3},    // H20

  299.         {0x12, "XMSS-SHAKE256_20_256", "SHAKE256-N32", 20, 3},  // H20

  300.         {0x15, "XMSS-SHAKE256_20_192", "SHAKE256-N24", 20, 3}   // H20

  301.     };

  302.     

  303.     for (size_t i=0; i<sizeof(OIDs)/sizeof(OIDs[0]); i++) {

  304.         keygen_KAT(&OIDs[i]);

  305.         siggen_KAT(&OIDs[i]);

  306.     }

  307. }