You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

83 rivejä
2.7 KiB

  1. /*
  2. xmss_fast.h version 20160722
  3. Andreas Hülsing
  4. Joost Rijneveld
  5. Public domain.
  6. */
  7. #include "wots.h"
  8. #ifndef XMSS_H
  9. #define XMSS_H
  10. typedef struct{
  11. unsigned int level;
  12. unsigned long long subtree;
  13. unsigned int subleaf;
  14. } leafaddr;
  15. typedef struct{
  16. unsigned int h;
  17. unsigned int next_idx;
  18. unsigned int stackusage;
  19. unsigned char completed;
  20. unsigned char *node;
  21. } treehash_inst;
  22. typedef struct {
  23. unsigned char *stack;
  24. unsigned int stackoffset;
  25. unsigned char *stacklevels;
  26. unsigned char *auth;
  27. unsigned char *keep;
  28. treehash_inst *treehash;
  29. unsigned char *retain;
  30. unsigned int next_leaf;
  31. } bds_state;
  32. /**
  33. * Initialize BDS state struct
  34. * parameter names are the same as used in the description of the BDS traversal
  35. */
  36. void xmss_set_bds_state(bds_state *state, unsigned char *stack, int stackoffset, unsigned char *stacklevels, unsigned char *auth, unsigned char *keep, treehash_inst *treehash, unsigned char *retain, int next_leaf);
  37. /**
  38. * Generates a XMSS key pair for a given parameter set.
  39. * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root]
  40. * Format pk: [root || PUB_SEED] omitting algo oid.
  41. */
  42. int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state);
  43. /**
  44. * Signs a message.
  45. * Returns
  46. * 1. an array containing the signature followed by the message AND
  47. * 2. an updated secret key!
  48. *
  49. */
  50. int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg,unsigned long long msglen);
  51. /**
  52. * Verifies a given message signature pair under a given public key.
  53. *
  54. * Note: msg and msglen are pure outputs which carry the message in case verification succeeds. The (input) message is assumed to be within sig_msg which has the form (sig||msg).
  55. */
  56. int xmss_sign_open(unsigned char *msg,unsigned long long *msglen, const unsigned char *sig_msg,unsigned long long sig_msg_len, const unsigned char *pk);
  57. /*
  58. * Generates a XMSSMT key pair for a given parameter set.
  59. * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root]
  60. * Format pk: [root || PUB_SEED] omitting algo oid.
  61. */
  62. int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs);
  63. /**
  64. * Signs a message.
  65. * Returns
  66. * 1. an array containing the signature followed by the message AND
  67. * 2. an updated secret key!
  68. *
  69. */
  70. int xmssmt_sign(unsigned char *sk, bds_state *state, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen);
  71. /**
  72. * Verifies a given message signature pair under a given public key.
  73. */
  74. int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk);
  75. #endif