44  * Initialize xmss params struct
48 int xmss_set_params(xmss_params *params, int n, int h, int w, int k)
54   params->h = h;
55   params->n = n;
56   params->k = k;
59   params->wots_par = wots_par;
85 int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k)
91   params->h = h;
92   params->d = d;
93   params->n = n;
94   params->index_len = (h + 7) / 8;
99   params->xmss_par = xmss_par;
106 static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8])
108   unsigned int l = params->wots_par.len;
109   unsigned int n = params->n;
147 static void gen_leaf_wots(unsigned char *leaf, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, uint32_t ltree_addr[8], uint32_t ots_addr[8])
149   unsigned char seed[params->n];
150   unsigned char pk[params->wots_par.keysize];
152   get_seed(seed, sk_seed, params->n, ots_addr);
153   wots_pkgen(pk, seed, &(params->wots_par), pub_seed, ots_addr);
155   l_tree(leaf, pk, params, pub_seed, ltree_addr);
158 static int treehash_minheight_on_stack(bds_state* state, const xmss_params *params, const treehash_inst *treehash) {
159   unsigned int r = params->h, i;
173 static void treehash_setup(unsigned char *node, int height, int index, bds_state *state, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const uint32_t addr[8])
176   unsigned int n = params->n;
177   unsigned int h = params->h;
178   unsigned int k = params->k;
210     gen_leaf_wots(stack+stackoffset*n, sk_seed, params, pub_seed, ltree_addr, ots_addr);
244 static void treehash_update(treehash_inst *treehash, bds_state *state, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const uint32_t addr[8]) {
245   int n = params->n;
264   gen_leaf_wots(nodebuffer, sk_seed, params, pub_seed, ltree_addr, ots_addr);
291 static void validate_authpath(unsigned char *root, const unsigned char *leaf, unsigned long leafidx, const unsigned char *authpath, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8])
293   unsigned int n = params->n;
314   for (i=0; i < params->h-1; i++) {
330   setTreeHeight(addr, (params->h-1));
340 static char bds_treehash_update(bds_state *state, unsigned int updates, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) {
343   unsigned int h = params->h;
344   unsigned int k = params->k;
358         low = treehash_minheight_on_stack(state, params, &(state->treehash[i]));
368     treehash_update(&(state->treehash[level]), state, sk_seed, params, pub_seed, addr);
378 static char bds_state_update(bds_state *state, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) {
383   int n = params->n;
384   int h = params->h;
385   int k = params->k;
405   gen_leaf_wots(state->stack+state->stackoffset*n, sk_seed, params, pub_seed, ltree_addr, ots_addr);
441 static void bds_round(bds_state *state, const unsigned long leaf_idx, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, uint32_t addr[8])
444   unsigned int n = params->n;
445   unsigned int h = params->h;
446   unsigned int k = params->k;
483     gen_leaf_wots(state->auth, sk_seed, params, pub_seed, ltree_addr, ots_addr);
517 int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state, xmss_params *params)
519   unsigned int n = params->n;
533   treehash_setup(pk, params->h, 0, state, sk+4, params, sk+4+2*n, addr);
546 int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmss_params *params)
548   unsigned int h = params->h;
549   unsigned int n = params->n;
550   unsigned int k = params->k;
576   // Init working params
627   wots_sign(sig_msg, msg_h, ots_seed, &(params->wots_par), pub_seed, ots_addr);
629   sig_msg += params->wots_par.keysize;
630   *sig_msg_len += params->wots_par.keysize;
636     bds_round(state, idx, sk_seed, params, pub_seed, ots_addr);
637     bds_treehash_update(state, (h - k) >> 1, sk_seed, params, pub_seed, ots_addr);
642   sig_msg += params->h*n;
643   *sig_msg_len += params->h*n;
658 int xmss_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params)
660   unsigned int n = params->n;
664   unsigned char wots_pk[params->wots_par.keysize];
695   unsigned long long tmp_sig_len = params->wots_par.keysize+params->h*n;
706   wots_pkFromSig(wots_pk, sig_msg, msg_h, &(params->wots_par), pub_seed, ots_addr);
708   sig_msg += params->wots_par.keysize;
709   sig_msg_len -= params->wots_par.keysize;
713   l_tree(pkhash, wots_pk, params, pub_seed, ltree_addr);
716   validate_authpath(root, pkhash, idx, sig_msg, params, pub_seed, node_addr);
718   sig_msg += params->h*n;
719   sig_msg_len -= params->h*n;
745 int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs, xmssmt_params *params)
747   unsigned int n = params->n;
749   unsigned char ots_seed[params->n];
751   for (i = 0; i < params->index_len; i++) {
755   randombytes(sk+params->index_len, 3*n);
757   memcpy(pk+n, sk+params->index_len+2*n, n);
761   setLayerADRS(addr, (params->d-1));
763   for (i = 0; i < params->d - 1; i++) {
765     treehash_setup(pk, params->xmss_par.h, 0, states + i, sk+params->index_len, &(params->xmss_par), pk+n, addr);
767     get_seed(ots_seed, sk+params->index_len, n, addr);
768     wots_sign(wots_sigs + i*params->xmss_par.wots_par.keysize, pk, ots_seed, &(params->xmss_par.wots_par), pk+n, addr);
770   treehash_setup(pk, params->xmss_par.h, 0, states + i, sk+params->index_len, &(params->xmss_par), pk+n, addr);
771   memcpy(sk+params->index_len+3*n, pk, n);
782 int xmssmt_sign(unsigned char *sk, bds_state *states, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params)
784   unsigned int n = params->n;
786   unsigned int tree_h = params->xmss_par.h;
787   unsigned int h = params->h;
788   unsigned int k = params->xmss_par.k;
789   unsigned int idx_len = params->index_len;
799   // Init working params
879   wots_sign(sig_msg, msg_h, ots_seed, &(params->xmss_par.wots_par), pub_seed, ots_addr);
881   sig_msg += params->xmss_par.wots_par.keysize;
882   *sig_msg_len += params->xmss_par.wots_par.keysize;
889   for (i = 1; i < params->d; i++) {
891     memcpy(sig_msg, wots_sigs + (i-1)*params->xmss_par.wots_par.keysize, params->xmss_par.wots_par.keysize);
893     sig_msg += params->xmss_par.wots_par.keysize;
894     *sig_msg_len += params->xmss_par.wots_par.keysize;
907     bds_state_update(&states[params->d], sk_seed, &(params->xmss_par), pub_seed, addr);
910   for (i = 0; i < params->d; i++) {
918         bds_round(&states[i], idx_leaf, sk_seed, &(params->xmss_par), pub_seed, addr);
920       updates = bds_treehash_update(&states[i], updates, sk_seed, &(params->xmss_par), pub_seed, addr);
924         if (i > 0 && updates > 0 && states[params->d + i].next_leaf < (1ULL << h)) {
925           bds_state_update(&states[params->d + i], sk_seed, &(params->xmss_par), pub_seed, addr);
931       memcpy(&tmp, states+params->d + i, sizeof(bds_state));
932       memcpy(states+params->d + i, states + i, sizeof(bds_state));
939       get_seed(ots_seed, sk+params->index_len, n, ots_addr);
940       wots_sign(wots_sigs + i*params->xmss_par.wots_par.keysize, states[i].stack, ots_seed, &(params->xmss_par.wots_par), pub_seed, ots_addr);
942       states[params->d + i].stackoffset = 0;
943       states[params->d + i].next_leaf = 0;
965 int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params)
967   unsigned int n = params->n;
969   unsigned int tree_h = params->xmss_par.h;
970   unsigned int idx_len = params->index_len;
976   unsigned char wots_pk[params->xmss_par.wots_par.keysize];
1008   unsigned long long tmp_sig_len = (params->d * params->xmss_par.wots_par.keysize) + (params->h * n);
1033   wots_pkFromSig(wots_pk, sig_msg, msg_h, &(params->xmss_par.wots_par), pub_seed, ots_addr);
1035   sig_msg += params->xmss_par.wots_par.keysize;
1036   sig_msg_len -= params->xmss_par.wots_par.keysize;
1040   l_tree(pkhash, wots_pk, &(params->xmss_par), pub_seed, ltree_addr);
1043   validate_authpath(root, pkhash, idx_leaf, sig_msg, &(params->xmss_par), pub_seed, node_addr);
1048   for (i = 1; i < params->d; i++) {
1066     wots_pkFromSig(wots_pk, sig_msg, root, &(params->xmss_par.wots_par), pub_seed, ots_addr);
1068     sig_msg += params->xmss_par.wots_par.keysize;
1069     sig_msg_len -= params->xmss_par.wots_par.keysize;
1073     l_tree(pkhash, wots_pk, &(params->xmss_par), pub_seed, ltree_addr);
1076     validate_authpath(root, pkhash, idx_leaf, sig_msg, &(params->xmss_par), pub_seed, node_addr);

Indexes created Sun Aug 25 13:10:05 MDT 2024