You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

173 line
9.1 KiB

  1. #! /usr/bin/env python3
  2. # This script generates params.h files for the XMSS and XMSSMT parameter sets.
  3. # It takes a single parameter, namely the name of the parameter set.
  4. # Its output matches the following parameter tables.
  5. # +-----------------------+-----------+----+----+-----+----+
  6. # | Name | Functions | n | w | len | h |
  7. # +-----------------------+-----------+----+----+-----+----+
  8. # | REQUIRED: | | | | | |
  9. # | | | | | | |
  10. # | XMSS_SHA2-256_W16_H10 | SHA2-256 | 32 | 16 | 67 | 10 |
  11. # | | | | | | |
  12. # | XMSS_SHA2-256_W16_H16 | SHA2-256 | 32 | 16 | 67 | 16 |
  13. # | | | | | | |
  14. # | XMSS_SHA2-256_W16_H20 | SHA2-256 | 32 | 16 | 67 | 20 |
  15. # | | | | | | |
  16. # | OPTIONAL: | | | | | |
  17. # | | | | | | |
  18. # | XMSS_SHA2-512_W16_H10 | SHA2-512 | 64 | 16 | 131 | 10 |
  19. # | | | | | | |
  20. # | XMSS_SHA2-512_W16_H16 | SHA2-512 | 64 | 16 | 131 | 16 |
  21. # | | | | | | |
  22. # | XMSS_SHA2-512_W16_H20 | SHA2-512 | 64 | 16 | 131 | 20 |
  23. # | | | | | | |
  24. # | XMSS_SHAKE128_W16_H10 | SHAKE128 | 32 | 16 | 67 | 10 |
  25. # | | | | | | |
  26. # | XMSS_SHAKE128_W16_H16 | SHAKE128 | 32 | 16 | 67 | 16 |
  27. # | | | | | | |
  28. # | XMSS_SHAKE128_W16_H20 | SHAKE128 | 32 | 16 | 67 | 20 |
  29. # | | | | | | |
  30. # | XMSS_SHAKE256_W16_H10 | SHAKE256 | 64 | 16 | 131 | 10 |
  31. # | | | | | | |
  32. # | XMSS_SHAKE256_W16_H16 | SHAKE256 | 64 | 16 | 131 | 16 |
  33. # | | | | | | |
  34. # | XMSS_SHAKE256_W16_H20 | SHAKE256 | 64 | 16 | 131 | 20 |
  35. # +-----------------------+-----------+----+----+-----+----+
  36. # +-----------------------------+-----------+----+----+-----+----+----+
  37. # | Name | Functions | n | w | len | h | d |
  38. # +-----------------------------+-----------+----+----+-----+----+----+
  39. # | REQUIRED: | | | | | | |
  40. # | | | | | | | |
  41. # | XMSSMT_SHA2-256_W16_H20_D2 | SHA2-256 | 32 | 16 | 67 | 20 | 2 |
  42. # | | | | | | | |
  43. # | XMSSMT_SHA2-256_W16_H20_D4 | SHA2-256 | 32 | 16 | 67 | 20 | 4 |
  44. # | | | | | | | |
  45. # | XMSSMT_SHA2-256_W16_H40_D2 | SHA2-256 | 32 | 16 | 67 | 40 | 2 |
  46. # | | | | | | | |
  47. # | XMSSMT_SHA2-256_W16_H40_D4 | SHA2-256 | 32 | 16 | 67 | 40 | 4 |
  48. # | | | | | | | |
  49. # | XMSSMT_SHA2-256_W16_H40_D8 | SHA2-256 | 32 | 16 | 67 | 40 | 8 |
  50. # | | | | | | | |
  51. # | XMSSMT_SHA2-256_W16_H60_D3 | SHA2-256 | 32 | 16 | 67 | 60 | 3 |
  52. # | | | | | | | |
  53. # | XMSSMT_SHA2-256_W16_H60_D6 | SHA2-256 | 32 | 16 | 67 | 60 | 6 |
  54. # | | | | | | | |
  55. # | XMSSMT_SHA2-256_W16_H60_D12 | SHA2-256 | 32 | 16 | 67 | 60 | 12 |
  56. # | | | | | | | |
  57. # | OPTIONAL: | | | | | | |
  58. # | | | | | | | |
  59. # | XMSSMT_SHA2-512_W16_H20_D2 | SHA2-512 | 64 | 16 | 131 | 20 | 2 |
  60. # | | | | | | | |
  61. # | XMSSMT_SHA2-512_W16_H20_D4 | SHA2-512 | 64 | 16 | 131 | 20 | 4 |
  62. # | | | | | | | |
  63. # | XMSSMT_SHA2-512_W16_H40_D2 | SHA2-512 | 64 | 16 | 131 | 40 | 2 |
  64. # | | | | | | | |
  65. # | XMSSMT_SHA2-512_W16_H40_D4 | SHA2-512 | 64 | 16 | 131 | 40 | 4 |
  66. # | | | | | | | |
  67. # | XMSSMT_SHA2-512_W16_H40_D8 | SHA2-512 | 64 | 16 | 131 | 40 | 8 |
  68. # | | | | | | | |
  69. # | XMSSMT_SHA2-512_W16_H60_D3 | SHA2-512 | 64 | 16 | 131 | 60 | 3 |
  70. # | | | | | | | |
  71. # | XMSSMT_SHA2-512_W16_H60_D6 | SHA2-512 | 64 | 16 | 131 | 60 | 6 |
  72. # | | | | | | | |
  73. # | XMSSMT_SHA2-512_W16_H60_D12 | SHA2-512 | 64 | 16 | 131 | 60 | 12 |
  74. # | | | | | | | |
  75. # | XMSSMT_SHAKE128_W16_H20_D2 | SHAKE128 | 32 | 16 | 67 | 20 | 2 |
  76. # | | | | | | | |
  77. # | XMSSMT_SHAKE128_W16_H20_D4 | SHAKE128 | 32 | 16 | 67 | 20 | 4 |
  78. # | | | | | | | |
  79. # | XMSSMT_SHAKE128_W16_H40_D2 | SHAKE128 | 32 | 16 | 67 | 40 | 2 |
  80. # | | | | | | | |
  81. # | XMSSMT_SHAKE128_W16_H40_D4 | SHAKE128 | 32 | 16 | 67 | 40 | 4 |
  82. # | | | | | | | |
  83. # | XMSSMT_SHAKE128_W16_H40_D8 | SHAKE128 | 32 | 16 | 67 | 40 | 8 |
  84. # | | | | | | | |
  85. # | XMSSMT_SHAKE128_W16_H60_D3 | SHAKE128 | 32 | 16 | 67 | 60 | 3 |
  86. # | | | | | | | |
  87. # | XMSSMT_SHAKE128_W16_H60_D6 | SHAKE128 | 32 | 16 | 67 | 60 | 6 |
  88. # | | | | | | | |
  89. # | XMSSMT_SHAKE128_W16_H60_D12 | SHAKE128 | 32 | 16 | 67 | 60 | 12 |
  90. # | | | | | | | |
  91. # | XMSSMT_SHAKE256_W16_H20_D2 | SHAKE256 | 64 | 16 | 131 | 20 | 2 |
  92. # | | | | | | | |
  93. # | XMSSMT_SHAKE256_W16_H20_D4 | SHAKE256 | 64 | 16 | 131 | 20 | 4 |
  94. # | | | | | | | |
  95. # | XMSSMT_SHAKE256_W16_H40_D2 | SHAKE256 | 64 | 16 | 131 | 40 | 2 |
  96. # | | | | | | | |
  97. # | XMSSMT_SHAKE256_W16_H40_D4 | SHAKE256 | 64 | 16 | 131 | 40 | 4 |
  98. # | | | | | | | |
  99. # | XMSSMT_SHAKE256_W16_H40_D8 | SHAKE256 | 64 | 16 | 131 | 40 | 8 |
  100. # | | | | | | | |
  101. # | XMSSMT_SHAKE256_W16_H60_D3 | SHAKE256 | 64 | 16 | 131 | 60 | 3 |
  102. # | | | | | | | |
  103. # | XMSSMT_SHAKE256_W16_H60_D6 | SHAKE256 | 64 | 16 | 131 | 60 | 6 |
  104. # | | | | | | | |
  105. # | XMSSMT_SHAKE256_W16_H60_D12 | SHAKE256 | 64 | 16 | 131 | 60 | 12 |
  106. # +-----------------------------+-----------+----+----+-----+----+----+
  107. import sys
  108. from math import log2, ceil, floor
  109. if len(sys.argv) != 2:
  110. print("Please supply a parameter identifier.", file=sys.stderr)
  111. sys.exit(1)
  112. param = sys.argv[1].split('_')
  113. print("#ifndef PARAMS_H")
  114. print("#define PARAMS_H")
  115. print("")
  116. print("// This file was automatically generated using params.h.py.")
  117. print("// It matches the parameter set defined as", sys.argv[1], end=".\n")
  118. functions = ["SHA2-256", "SHA2-512", "SHAKE128", "SHAKE256"]
  119. nvalues = {
  120. "SHA2-256": 32,
  121. "SHA2-512": 64,
  122. "SHAKE128": 32,
  123. "SHAKE256": 64,
  124. }
  125. for i, func in enumerate(functions):
  126. print("#define XMSS_{} {}".format(func.replace('-', '_'), i))
  127. print("#define XMSS_FUNC", functions.index(param[1]))
  128. XMSS_N = int(nvalues[param[1]])
  129. print("#define XMSS_N", XMSS_N)
  130. XMSS_WOTS_W = int(param[2][1:])
  131. print("#define XMSS_WOTS_W", XMSS_WOTS_W)
  132. WOTS_LOG_W = int(log2(int(param[2][1:])))
  133. WOTS_LEN1 = ceil(((8*XMSS_N) / WOTS_LOG_W))
  134. WOTS_LEN2 = floor(log2(WOTS_LEN1*(XMSS_WOTS_W-1)) / WOTS_LOG_W) + 1
  135. print("#define XMSS_WOTS_LOG_W", WOTS_LOG_W)
  136. print("#define XMSS_WOTS_LEN1", WOTS_LEN1)
  137. print("#define XMSS_WOTS_LEN2", WOTS_LEN2)
  138. print("#define XMSS_WOTS_LEN", WOTS_LEN1 + WOTS_LEN2)
  139. WOTS_KEYSIZE = (WOTS_LEN1 + WOTS_LEN2) * XMSS_N
  140. print("#define XMSS_WOTS_KEYSIZE", WOTS_KEYSIZE)
  141. XMSS_H = int(param[3][1:])
  142. print("#define XMSS_FULLHEIGHT", XMSS_H)
  143. if param[0] == 'XMSSMT':
  144. XMSS_D = int(param[4][1:])
  145. XMSS_INDEX_LEN = floor((XMSS_H + 7) / 8)
  146. else:
  147. XMSS_INDEX_LEN = 4 # TODO fix this in the xmss code
  148. XMSS_D = 1
  149. if int(param[3][1:]) % XMSS_D != 0:
  150. print("Make sure that d divides h!", file=sys.stderr)
  151. sys.exit(1)
  152. print("#define XMSS_TREEHEIGHT", XMSS_H // XMSS_D)
  153. print("#define XMSS_D", XMSS_D)
  154. print("#define XMSS_INDEX_LEN", XMSS_INDEX_LEN)
  155. XMSS_BYTES = XMSS_INDEX_LEN + XMSS_N + XMSS_D*WOTS_KEYSIZE + XMSS_H*XMSS_N;
  156. print("#define XMSS_BYTES", XMSS_BYTES)
  157. print("#define XMSS_PUBLICKEY_BYTES", 2*XMSS_N)
  158. print("#define XMSS_PRIVATEKEY_BYTES", 4*XMSS_N + XMSS_INDEX_LEN)
  159. print("#define XMSS_BDS_K", 2 + ((XMSS_H // XMSS_D) % 2)) # TODO figure out what we should do here
  160. print("#endif")