7793c40c07
The reference implemention of XMSS currently assumes that n bytes of padding is used for the prefix in the functions prf, hash_message, thash_h, and thash_f. While this is the case for all of the parameter sets in RFC 8391, the draft version of NIST Special Publication 800-208 specifies paramter sets in which the amount of padding is different than n. This commit allows for the padding length for a parameter set to be specified separately from n.
72 lignes
2.2 KiB
C
72 lignes
2.2 KiB
C
#ifndef XMSS_PARAMS_H
|
|
#define XMSS_PARAMS_H
|
|
|
|
#include <stdint.h>
|
|
|
|
/* These are merely internal identifiers for the supported hash functions. */
|
|
#define XMSS_SHA2 0
|
|
#define XMSS_SHAKE 1
|
|
|
|
/* This is a result of the OID definitions in the draft; needed for parsing. */
|
|
#define XMSS_OID_LEN 4
|
|
|
|
/* This structure will be populated when calling xmss[mt]_parse_oid. */
|
|
typedef struct {
|
|
unsigned int func;
|
|
unsigned int n;
|
|
unsigned int padding_len;
|
|
unsigned int wots_w;
|
|
unsigned int wots_log_w;
|
|
unsigned int wots_len1;
|
|
unsigned int wots_len2;
|
|
unsigned int wots_len;
|
|
unsigned int wots_sig_bytes;
|
|
unsigned int full_height;
|
|
unsigned int tree_height;
|
|
unsigned int d;
|
|
unsigned int index_bytes;
|
|
unsigned int sig_bytes;
|
|
unsigned int pk_bytes;
|
|
unsigned long long sk_bytes;
|
|
unsigned int bds_k;
|
|
} xmss_params;
|
|
|
|
/**
|
|
* Accepts strings such as "XMSS-SHA2_10_256"
|
|
* and outputs OIDs such as 0x01000001.
|
|
* Returns -1 when the parameter set is not found, 0 otherwise
|
|
*/
|
|
int xmss_str_to_oid(uint32_t *oid, const char *s);
|
|
|
|
/**
|
|
* Accepts takes strings such as "XMSSMT-SHA2_20/2_256"
|
|
* and outputs OIDs such as 0x01000001.
|
|
* Returns -1 when the parameter set is not found, 0 otherwise
|
|
*/
|
|
int xmssmt_str_to_oid(uint32_t *oid, const char *s);
|
|
|
|
/**
|
|
* Accepts OIDs such as 0x01000001, and configures params accordingly.
|
|
* Returns -1 when the OID is not found, 0 otherwise.
|
|
*/
|
|
int xmss_parse_oid(xmss_params *params, const uint32_t oid);
|
|
|
|
/**
|
|
* Accepts OIDs such as 0x01000001, and configures params accordingly.
|
|
* Returns -1 when the OID is not found, 0 otherwise.
|
|
*/
|
|
int xmssmt_parse_oid(xmss_params *params, const uint32_t oid);
|
|
|
|
|
|
/* Given a params struct where the following properties have been initialized;
|
|
- full_height; the height of the complete (hyper)tree
|
|
- n; the number of bytes of hash function output
|
|
- d; the number of layers (d > 1 implies XMSSMT)
|
|
- func; one of {XMSS_SHA2, XMSS_SHAKE}
|
|
- wots_w; the Winternitz parameter
|
|
- optionally, bds_k; the BDS traversal trade-off parameter,
|
|
this function initializes the remainder of the params structure. */
|
|
int xmss_xmssmt_initialize_params(xmss_params *params);
|
|
|
|
#endif
|