1e00c92c18
This starts a cleanup / refactor, but there is still some low-hanging fruit.
173 rader
9.1 KiB
Python
173 rader
9.1 KiB
Python
#! /usr/bin/env python3
|
|
|
|
# This script generates params.h files for the XMSS and XMSSMT parameter sets.
|
|
# It takes a single parameter, namely the name of the parameter set.
|
|
# Its output matches the following parameter tables.
|
|
|
|
# +-----------------------+-----------+----+----+-----+----+
|
|
# | Name | Functions | n | w | len | h |
|
|
# +-----------------------+-----------+----+----+-----+----+
|
|
# | REQUIRED: | | | | | |
|
|
# | | | | | | |
|
|
# | XMSS_SHA2-256_W16_H10 | SHA2-256 | 32 | 16 | 67 | 10 |
|
|
# | | | | | | |
|
|
# | XMSS_SHA2-256_W16_H16 | SHA2-256 | 32 | 16 | 67 | 16 |
|
|
# | | | | | | |
|
|
# | XMSS_SHA2-256_W16_H20 | SHA2-256 | 32 | 16 | 67 | 20 |
|
|
# | | | | | | |
|
|
# | OPTIONAL: | | | | | |
|
|
# | | | | | | |
|
|
# | XMSS_SHA2-512_W16_H10 | SHA2-512 | 64 | 16 | 131 | 10 |
|
|
# | | | | | | |
|
|
# | XMSS_SHA2-512_W16_H16 | SHA2-512 | 64 | 16 | 131 | 16 |
|
|
# | | | | | | |
|
|
# | XMSS_SHA2-512_W16_H20 | SHA2-512 | 64 | 16 | 131 | 20 |
|
|
# | | | | | | |
|
|
# | XMSS_SHAKE128_W16_H10 | SHAKE128 | 32 | 16 | 67 | 10 |
|
|
# | | | | | | |
|
|
# | XMSS_SHAKE128_W16_H16 | SHAKE128 | 32 | 16 | 67 | 16 |
|
|
# | | | | | | |
|
|
# | XMSS_SHAKE128_W16_H20 | SHAKE128 | 32 | 16 | 67 | 20 |
|
|
# | | | | | | |
|
|
# | XMSS_SHAKE256_W16_H10 | SHAKE256 | 64 | 16 | 131 | 10 |
|
|
# | | | | | | |
|
|
# | XMSS_SHAKE256_W16_H16 | SHAKE256 | 64 | 16 | 131 | 16 |
|
|
# | | | | | | |
|
|
# | XMSS_SHAKE256_W16_H20 | SHAKE256 | 64 | 16 | 131 | 20 |
|
|
# +-----------------------+-----------+----+----+-----+----+
|
|
|
|
# +-----------------------------+-----------+----+----+-----+----+----+
|
|
# | Name | Functions | n | w | len | h | d |
|
|
# +-----------------------------+-----------+----+----+-----+----+----+
|
|
# | REQUIRED: | | | | | | |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-256_W16_H20_D2 | SHA2-256 | 32 | 16 | 67 | 20 | 2 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-256_W16_H20_D4 | SHA2-256 | 32 | 16 | 67 | 20 | 4 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-256_W16_H40_D2 | SHA2-256 | 32 | 16 | 67 | 40 | 2 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-256_W16_H40_D4 | SHA2-256 | 32 | 16 | 67 | 40 | 4 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-256_W16_H40_D8 | SHA2-256 | 32 | 16 | 67 | 40 | 8 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-256_W16_H60_D3 | SHA2-256 | 32 | 16 | 67 | 60 | 3 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-256_W16_H60_D6 | SHA2-256 | 32 | 16 | 67 | 60 | 6 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-256_W16_H60_D12 | SHA2-256 | 32 | 16 | 67 | 60 | 12 |
|
|
# | | | | | | | |
|
|
# | OPTIONAL: | | | | | | |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-512_W16_H20_D2 | SHA2-512 | 64 | 16 | 131 | 20 | 2 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-512_W16_H20_D4 | SHA2-512 | 64 | 16 | 131 | 20 | 4 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-512_W16_H40_D2 | SHA2-512 | 64 | 16 | 131 | 40 | 2 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-512_W16_H40_D4 | SHA2-512 | 64 | 16 | 131 | 40 | 4 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-512_W16_H40_D8 | SHA2-512 | 64 | 16 | 131 | 40 | 8 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-512_W16_H60_D3 | SHA2-512 | 64 | 16 | 131 | 60 | 3 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-512_W16_H60_D6 | SHA2-512 | 64 | 16 | 131 | 60 | 6 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHA2-512_W16_H60_D12 | SHA2-512 | 64 | 16 | 131 | 60 | 12 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE128_W16_H20_D2 | SHAKE128 | 32 | 16 | 67 | 20 | 2 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE128_W16_H20_D4 | SHAKE128 | 32 | 16 | 67 | 20 | 4 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE128_W16_H40_D2 | SHAKE128 | 32 | 16 | 67 | 40 | 2 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE128_W16_H40_D4 | SHAKE128 | 32 | 16 | 67 | 40 | 4 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE128_W16_H40_D8 | SHAKE128 | 32 | 16 | 67 | 40 | 8 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE128_W16_H60_D3 | SHAKE128 | 32 | 16 | 67 | 60 | 3 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE128_W16_H60_D6 | SHAKE128 | 32 | 16 | 67 | 60 | 6 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE128_W16_H60_D12 | SHAKE128 | 32 | 16 | 67 | 60 | 12 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE256_W16_H20_D2 | SHAKE256 | 64 | 16 | 131 | 20 | 2 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE256_W16_H20_D4 | SHAKE256 | 64 | 16 | 131 | 20 | 4 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE256_W16_H40_D2 | SHAKE256 | 64 | 16 | 131 | 40 | 2 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE256_W16_H40_D4 | SHAKE256 | 64 | 16 | 131 | 40 | 4 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE256_W16_H40_D8 | SHAKE256 | 64 | 16 | 131 | 40 | 8 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE256_W16_H60_D3 | SHAKE256 | 64 | 16 | 131 | 60 | 3 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE256_W16_H60_D6 | SHAKE256 | 64 | 16 | 131 | 60 | 6 |
|
|
# | | | | | | | |
|
|
# | XMSSMT_SHAKE256_W16_H60_D12 | SHAKE256 | 64 | 16 | 131 | 60 | 12 |
|
|
# +-----------------------------+-----------+----+----+-----+----+----+
|
|
|
|
import sys
|
|
from math import log2, ceil, floor
|
|
|
|
if len(sys.argv) != 2:
|
|
print("Please supply a parameter identifier.", file=sys.stderr)
|
|
sys.exit(1)
|
|
|
|
param = sys.argv[1].split('_')
|
|
|
|
print("#ifndef PARAMS_H")
|
|
print("#define PARAMS_H")
|
|
print("")
|
|
print("// This file was automatically generated using params.h.py.")
|
|
print("// It matches the parameter set defined as", sys.argv[1], end=".\n")
|
|
|
|
functions = ["SHA2-256", "SHA2-512", "SHAKE128", "SHAKE256"]
|
|
nvalues = {
|
|
"SHA2-256": 32,
|
|
"SHA2-512": 64,
|
|
"SHAKE128": 32,
|
|
"SHAKE256": 64,
|
|
}
|
|
|
|
for i, func in enumerate(functions):
|
|
print("#define XMSS_{} {}".format(func.replace('-', '_'), i))
|
|
print("#define XMSS_FUNC", functions.index(param[1]))
|
|
|
|
XMSS_N = int(nvalues[param[1]])
|
|
print("#define XMSS_N", XMSS_N)
|
|
XMSS_WOTS_W = int(param[2][1:])
|
|
print("#define XMSS_WOTS_W", XMSS_WOTS_W)
|
|
WOTS_LOG_W = int(log2(int(param[2][1:])))
|
|
WOTS_LEN1 = ceil(((8*XMSS_N) / WOTS_LOG_W))
|
|
WOTS_LEN2 = floor(log2(WOTS_LEN1*(XMSS_WOTS_W-1)) / WOTS_LOG_W) + 1
|
|
print("#define XMSS_WOTS_LOG_W", WOTS_LOG_W)
|
|
print("#define XMSS_WOTS_LEN1", WOTS_LEN1)
|
|
print("#define XMSS_WOTS_LEN2", WOTS_LEN2)
|
|
print("#define XMSS_WOTS_LEN", WOTS_LEN1 + WOTS_LEN2)
|
|
WOTS_KEYSIZE = (WOTS_LEN1 + WOTS_LEN2) * XMSS_N
|
|
print("#define XMSS_WOTS_KEYSIZE", WOTS_KEYSIZE)
|
|
XMSS_H = int(param[3][1:])
|
|
print("#define XMSS_FULLHEIGHT", XMSS_H)
|
|
if param[0] == 'XMSSMT':
|
|
XMSS_D = int(param[4][1:])
|
|
XMSS_INDEX_LEN = floor((XMSS_H + 7) / 8)
|
|
else:
|
|
XMSS_INDEX_LEN = 4 # TODO fix this in the xmss code
|
|
XMSS_D = 1
|
|
if int(param[3][1:]) % XMSS_D != 0:
|
|
print("Make sure that d divides h!", file=sys.stderr)
|
|
sys.exit(1)
|
|
print("#define XMSS_TREEHEIGHT", XMSS_H // XMSS_D)
|
|
print("#define XMSS_D", XMSS_D)
|
|
print("#define XMSS_INDEX_LEN", XMSS_INDEX_LEN)
|
|
XMSS_BYTES = XMSS_INDEX_LEN + XMSS_N + XMSS_D*WOTS_KEYSIZE + XMSS_H*XMSS_N;
|
|
print("#define XMSS_BYTES", XMSS_BYTES)
|
|
print("#define XMSS_PUBLICKEY_BYTES", 2*XMSS_N)
|
|
print("#define XMSS_PRIVATEKEY_BYTES", 4*XMSS_N + XMSS_INDEX_LEN)
|
|
|
|
print("#define XMSS_BDS_K", 2 + ((XMSS_H // XMSS_D) % 2)) # TODO figure out what we should do here
|
|
|
|
print("#endif")
|