markus@openbsd.org | 1b11ea7 | 2018-02-23 15:58:37 +0000 | [diff] [blame^] | 1 | /* |
| 2 | xmss_fast.h version 20160722 |
| 3 | Andreas Hülsing |
| 4 | Joost Rijneveld |
| 5 | Public domain. |
| 6 | */ |
| 7 | |
| 8 | #include "xmss_wots.h" |
| 9 | |
| 10 | #ifndef XMSS_H |
| 11 | #define XMSS_H |
| 12 | typedef struct{ |
| 13 | unsigned int level; |
| 14 | unsigned long long subtree; |
| 15 | unsigned int subleaf; |
| 16 | } leafaddr; |
| 17 | |
| 18 | typedef struct{ |
| 19 | wots_params wots_par; |
| 20 | unsigned int n; |
| 21 | unsigned int h; |
| 22 | unsigned int k; |
| 23 | } xmss_params; |
| 24 | |
| 25 | typedef struct{ |
| 26 | xmss_params xmss_par; |
| 27 | unsigned int n; |
| 28 | unsigned int h; |
| 29 | unsigned int d; |
| 30 | unsigned int index_len; |
| 31 | } xmssmt_params; |
| 32 | |
| 33 | typedef struct{ |
| 34 | unsigned int h; |
| 35 | unsigned int next_idx; |
| 36 | unsigned int stackusage; |
| 37 | unsigned char completed; |
| 38 | unsigned char *node; |
| 39 | } treehash_inst; |
| 40 | |
| 41 | typedef struct { |
| 42 | unsigned char *stack; |
| 43 | unsigned int stackoffset; |
| 44 | unsigned char *stacklevels; |
| 45 | unsigned char *auth; |
| 46 | unsigned char *keep; |
| 47 | treehash_inst *treehash; |
| 48 | unsigned char *retain; |
| 49 | unsigned int next_leaf; |
| 50 | } bds_state; |
| 51 | |
| 52 | /** |
| 53 | * Initialize BDS state struct |
| 54 | * parameter names are the same as used in the description of the BDS traversal |
| 55 | */ |
| 56 | void xmss_set_bds_state(bds_state *state, unsigned char *stack, int stackoffset, unsigned char *stacklevels, unsigned char *auth, unsigned char *keep, treehash_inst *treehash, unsigned char *retain, int next_leaf); |
| 57 | /** |
| 58 | * Initializes parameter set. |
| 59 | * Needed, for any of the other methods. |
| 60 | */ |
| 61 | int xmss_set_params(xmss_params *params, int n, int h, int w, int k); |
| 62 | /** |
| 63 | * Initialize xmssmt_params struct |
| 64 | * parameter names are the same as in the draft |
| 65 | * |
| 66 | * Especially h is the total tree height, i.e. the XMSS trees have height h/d |
| 67 | */ |
| 68 | int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k); |
| 69 | /** |
| 70 | * Generates a XMSS key pair for a given parameter set. |
| 71 | * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] |
| 72 | * Format pk: [root || PUB_SEED] omitting algo oid. |
| 73 | */ |
| 74 | int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state, xmss_params *params); |
| 75 | /** |
| 76 | * Signs a message. |
| 77 | * Returns |
| 78 | * 1. an array containing the signature followed by the message AND |
| 79 | * 2. an updated secret key! |
| 80 | * |
| 81 | */ |
| 82 | int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg,unsigned long long msglen, const xmss_params *params); |
| 83 | /** |
| 84 | * Verifies a given message signature pair under a given public key. |
| 85 | * |
| 86 | * Note: msg and msglen are pure outputs which carry the message in case verification succeeds. The (input) message is assumed to be within sig_msg which has the form (sig||msg). |
| 87 | */ |
| 88 | int xmss_sign_open(unsigned char *msg,unsigned long long *msglen, const unsigned char *sig_msg,unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params); |
| 89 | |
| 90 | /* |
| 91 | * Generates a XMSSMT key pair for a given parameter set. |
| 92 | * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] |
| 93 | * Format pk: [root || PUB_SEED] omitting algo oid. |
| 94 | */ |
| 95 | int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs, xmssmt_params *params); |
| 96 | /** |
| 97 | * Signs a message. |
| 98 | * Returns |
| 99 | * 1. an array containing the signature followed by the message AND |
| 100 | * 2. an updated secret key! |
| 101 | * |
| 102 | */ |
| 103 | int xmssmt_sign(unsigned char *sk, bds_state *state, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params); |
| 104 | /** |
| 105 | * Verifies a given message signature pair under a given public key. |
| 106 | */ |
| 107 | int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params); |
| 108 | #endif |
| 109 | |