kris
/
xmss-KAT-generator
1
0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
43 提交
1 分支
488 KiB
 
 
目录树: 880cfaa2d3
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '880cfaa2d3'
${ noResults }
xmss-KAT-generator/test/test_xmss_fast.c

157 行
4.2 KiB
原始文件 Blame 文件历史 

  1. #include <stdio.h>

  2. #include <string.h>

  3. #include <stdlib.h>

  4. 

  5. #include "../xmss_fast.h"

  6. 

  7. #define MLEN 3491

  8. #define SIGNATURES 256

  9. 

  10. unsigned char mi[MLEN];

  11. unsigned long long smlen;

  12. unsigned long long mlen;

  13. 

  14. unsigned long long t1, t2;

  15. 

  16. unsigned long long cpucycles(void)

  17. {

  18.   unsigned long long result;

  19.   asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" : "=a" (result) ::  "%rdx");

  20.   return result;

  21. }

  22. 

  23. int main()

  24. {

  25.   int r;

  26.   unsigned long long i;

  27.   unsigned int n = 32;

  28.   unsigned int h = 20;

  29.   unsigned int w = 16;

  30.   unsigned int k = 2;

  31. 

  32.   unsigned long errors = 0;

  33. 

  34.   unsigned char sk[4*n+4];

  35.   unsigned char pk[2*n];

  36. 

  37.   xmss_params p;

  38.   xmss_params *params = &p;

  39.   xmss_set_params(params, n, h, w, k);

  40. 

  41.   // TODO should we hide this into xmss_fast.c and just allocate a large enough chunk of memory here?

  42.   unsigned char stack[(h+1)*n];

  43.   unsigned int stackoffset = 0;

  44.   unsigned char stacklevels[h+1];

  45.   unsigned char auth[(h)*n];

  46.   unsigned char keep[(h >> 1)*n];

  47.   treehash_inst treehash[h-k];

  48.   unsigned char th_nodes[(h-k)*n];

  49.   unsigned char retain[((1 << k) - k - 1)*n];

  50.   bds_state s;

  51.   bds_state *state = &s;

  52.   for (i = 0; i < h-k; i++)

  53.     treehash[i].node = &th_nodes[n*i];

  54.   xmss_set_bds_state(state, stack, stackoffset, stacklevels, auth, keep, treehash, retain, 0);

  55. 

  56.   unsigned long long signature_length = 4+n+params->wots_par.keysize+h*n;

  57.   unsigned char mo[MLEN+signature_length];

  58.   unsigned char sm[MLEN+signature_length];

  59. 

  60.   FILE *urandom = fopen("/dev/urandom", "r");

  61.   for (i = 0; i < MLEN; i++) mi[i] = fgetc(urandom);

  62. 

  63.   printf("keypair\n");

  64.   t1 = cpucycles();

  65.   xmss_keypair(pk, sk, state, params);

  66.   t2 = cpucycles();

  67.   printf("cycles = %llu\n", (t2-t1));

  68.   double sec = (t2-t1)/3500000;

  69.   printf("ms = %f\n", sec);

  70.   int read;

  71.   read = fgetc(stdin);

  72.   // check pub_seed in SK

  73.   for (i = 0; i < n; i++) {

  74.     if (pk[n+i] != sk[4+2*n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);

  75.     if (pk[i] != sk[4+3*n+i]) printf("pk.root != sk.root %llu",i);

  76.   }

  77. 

  78.   // check index

  79.   unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3];

  80.   if (idx) printf("\nidx != 0 %lu\n",idx);

  81. 

  82.   for (i = 0; i < SIGNATURES; i++) {

  83.     printf("sign\n");

  84.     xmss_sign(sk, state, sm, &smlen, mi, MLEN, params);

  85.     idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3];

  86.     printf("\nidx = %lu\n",idx);

  87. 

  88.     r = memcmp(mi, sm+signature_length,MLEN);

  89.     printf("%d\n", r);

  90. 

  91.         /* Test valid signature */

  92.     printf("verify\n");

  93.     r = xmss_sign_open(mo, &mlen, sm, smlen, pk, params);

  94.     printf("%d\n", r);

  95.     if (r != 0) errors++;

  96.     r = memcmp(mi,mo,MLEN);

  97.     printf("%d\n", r);

  98.     printf("%llu\n", MLEN-mlen);

  99. 

  100.     /* Test with modified message */

  101.     sm[signature_length+10] ^= 1;

  102.     r = xmss_sign_open(mo, &mlen, sm, smlen, pk, params);

  103.     printf("%d\n", r+1);

  104.     if (r == 0) errors++;

  105.     r = memcmp(mi,mo,MLEN);

  106.     printf("%d\n", (r!=0) - 1);

  107.     printf("%llu\n", mlen+1);

  108. 

  109.     /* Test with modified signature */

  110.     /* Modified index */

  111.     sm[signature_length+10] ^= 1;

  112.     sm[2] ^= 1;

  113.     r = xmss_sign_open(mo, &mlen, sm, smlen, pk, params);

  114.     printf("%d\n", r+1);

  115.     if (r == 0) errors++;

  116.     r = memcmp(mi,mo,MLEN);

  117.     printf("%d\n", (r!=0) - 1);

  118.     printf("%llu\n", mlen+1);

  119. 

  120.     /* Modified R */

  121.     sm[2] ^= 1;

  122.     sm[5] ^= 1;

  123.     r = xmss_sign_open(mo, &mlen, sm, smlen, pk, params);

  124.     printf("%d\n", r+1);

  125.     if (r == 0) errors++;

  126.     r = memcmp(mi,mo,MLEN);

  127.     printf("%d\n", (r!=0) - 1);

  128.     printf("%llu\n", mlen+1);

  129. 

  130.     /* Modified OTS sig */

  131.     sm[5] ^= 1;

  132.     sm[240] ^= 1;

  133.     r = xmss_sign_open(mo, &mlen, sm, smlen, pk, params);

  134.     printf("%d\n", r+1);

  135.     if (r == 0) errors++;

  136.     r = memcmp(mi,mo,MLEN);

  137.     printf("%d\n", (r!=0) - 1);

  138.     printf("%llu\n", mlen+1);

  139. 

  140.     /* Modified AUTH */

  141.     sm[240] ^= 1;

  142.     sm[signature_length - 10] ^= 1;

  143.     r = xmss_sign_open(mo, &mlen, sm, smlen, pk, params);

  144.     printf("%d\n", r+1);

  145.     if (r == 0) errors++;

  146.     r = memcmp(mi,mo,MLEN);

  147.     printf("%d\n", (r!=0) - 1);

  148.     printf("%llu\n", mlen+1);

  149.   }

  150. 

  151.   printf("#errors = %lu\n", errors);

  152.   printf("finished loop\n");

  153.   fclose(urandom);

  154.   printf("closed urandom\n");

  155.   return 0;

  156. }