1*ffae97bbSchristos /* $NetBSD: xmss_fast.h,v 1.2 2018/04/06 18:59:00 christos Exp $ */ 2ad340bdfSchristos /* $OpenBSD: xmss_fast.h,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ 3ad340bdfSchristos /* 4ad340bdfSchristos xmss_fast.h version 20160722 5ad340bdfSchristos Andreas Hülsing 6ad340bdfSchristos Joost Rijneveld 7ad340bdfSchristos Public domain. 8ad340bdfSchristos */ 9ad340bdfSchristos 10ad340bdfSchristos #include "xmss_wots.h" 11ad340bdfSchristos 12ad340bdfSchristos #ifndef XMSS_H 13ad340bdfSchristos #define XMSS_H 14ad340bdfSchristos typedef struct{ 15ad340bdfSchristos unsigned int level; 16ad340bdfSchristos unsigned long long subtree; 17ad340bdfSchristos unsigned int subleaf; 18ad340bdfSchristos } leafaddr; 19ad340bdfSchristos 20ad340bdfSchristos typedef struct{ 21ad340bdfSchristos wots_params wots_par; 22ad340bdfSchristos unsigned int n; 23ad340bdfSchristos unsigned int h; 24ad340bdfSchristos unsigned int k; 25ad340bdfSchristos } xmss_params; 26ad340bdfSchristos 27ad340bdfSchristos typedef struct{ 28ad340bdfSchristos xmss_params xmss_par; 29ad340bdfSchristos unsigned int n; 30ad340bdfSchristos unsigned int h; 31ad340bdfSchristos unsigned int d; 32ad340bdfSchristos unsigned int index_len; 33ad340bdfSchristos } xmssmt_params; 34ad340bdfSchristos 35ad340bdfSchristos typedef struct{ 36ad340bdfSchristos unsigned int h; 37ad340bdfSchristos unsigned int next_idx; 38ad340bdfSchristos unsigned int stackusage; 39ad340bdfSchristos unsigned char completed; 40ad340bdfSchristos unsigned char *node; 41ad340bdfSchristos } treehash_inst; 42ad340bdfSchristos 43ad340bdfSchristos typedef struct { 44ad340bdfSchristos unsigned char *stack; 45ad340bdfSchristos unsigned int stackoffset; 46ad340bdfSchristos unsigned char *stacklevels; 47ad340bdfSchristos unsigned char *auth; 48ad340bdfSchristos unsigned char *keep; 49ad340bdfSchristos treehash_inst *treehash; 50ad340bdfSchristos unsigned char *retain; 51ad340bdfSchristos unsigned int next_leaf; 52ad340bdfSchristos } bds_state; 53ad340bdfSchristos 54ad340bdfSchristos /** 55ad340bdfSchristos * Initialize BDS state struct 56ad340bdfSchristos * parameter names are the same as used in the description of the BDS traversal 57ad340bdfSchristos */ 58ad340bdfSchristos void xmss_set_bds_state(bds_state *state, unsigned char *stack, int stackoffset, unsigned char *stacklevels, unsigned char *auth, unsigned char *keep, treehash_inst *treehash, unsigned char *retain, int next_leaf); 59ad340bdfSchristos /** 60ad340bdfSchristos * Initializes parameter set. 61ad340bdfSchristos * Needed, for any of the other methods. 62ad340bdfSchristos */ 63ad340bdfSchristos int xmss_set_params(xmss_params *params, int n, int h, int w, int k); 64ad340bdfSchristos /** 65ad340bdfSchristos * Initialize xmssmt_params struct 66ad340bdfSchristos * parameter names are the same as in the draft 67ad340bdfSchristos * 68ad340bdfSchristos * Especially h is the total tree height, i.e. the XMSS trees have height h/d 69ad340bdfSchristos */ 70ad340bdfSchristos int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k); 71ad340bdfSchristos /** 72ad340bdfSchristos * Generates a XMSS key pair for a given parameter set. 73ad340bdfSchristos * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] 74ad340bdfSchristos * Format pk: [root || PUB_SEED] omitting algo oid. 75ad340bdfSchristos */ 76ad340bdfSchristos int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state, xmss_params *params); 77ad340bdfSchristos /** 78ad340bdfSchristos * Signs a message. 79ad340bdfSchristos * Returns 80ad340bdfSchristos * 1. an array containing the signature followed by the message AND 81ad340bdfSchristos * 2. an updated secret key! 82ad340bdfSchristos * 83ad340bdfSchristos */ 84ad340bdfSchristos int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg,unsigned long long msglen, const xmss_params *params); 85ad340bdfSchristos /** 86ad340bdfSchristos * Verifies a given message signature pair under a given public key. 87ad340bdfSchristos * 88ad340bdfSchristos * Note: msg and msglen are pure outputs which carry the message in case verification succeeds. The (input) message is assumed to be within sig_msg which has the form (sig||msg). 89ad340bdfSchristos */ 90ad340bdfSchristos int xmss_sign_open(unsigned char *msg,unsigned long long *msglen, const unsigned char *sig_msg,unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params); 91ad340bdfSchristos 92ad340bdfSchristos /* 93ad340bdfSchristos * Generates a XMSSMT key pair for a given parameter set. 94ad340bdfSchristos * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] 95ad340bdfSchristos * Format pk: [root || PUB_SEED] omitting algo oid. 96ad340bdfSchristos */ 97ad340bdfSchristos int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs, xmssmt_params *params); 98ad340bdfSchristos /** 99ad340bdfSchristos * Signs a message. 100ad340bdfSchristos * Returns 101ad340bdfSchristos * 1. an array containing the signature followed by the message AND 102ad340bdfSchristos * 2. an updated secret key! 103ad340bdfSchristos * 104ad340bdfSchristos */ 105ad340bdfSchristos int xmssmt_sign(unsigned char *sk, bds_state *state, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params); 106ad340bdfSchristos /** 107ad340bdfSchristos * Verifies a given message signature pair under a given public key. 108ad340bdfSchristos */ 109ad340bdfSchristos int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params); 110ad340bdfSchristos #endif 111ad340bdfSchristos 112