upstream: Add experimental support for PQC XMSS keys (Extended

Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
author: markus@openbsd.org <markus@openbsd.org> 2018-02-23 15:58:37 +0000
committer: Damien Miller <djm@mindrot.org> 2018-02-26 11:40:41 +1100
commit: 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 (patch)
tree: 7e96cb41b5234b9d327f7c8f41392f09aed0994e /xmss_fast.h
parent: 7d330a1ac02076de98cfc8fda05353d57b603755 (diff)
1 files changed, 109 insertions, 0 deletions
diff --git a/xmss_fast.h b/xmss_fast.h
new file mode 100644
index 000000000..657cd27f4
--- /dev/null
+++ b/xmss_fast.h
@@ -0,0 +1,109 @@
+/*
+xmss_fast.h version 20160722
+Andreas Hülsing
+Joost Rijneveld
+Public domain.
+*/
+#include "xmss_wots.h"
+#ifndef XMSS_H
+#define XMSS_H
+typedef struct{
+  unsigned int level;
+  unsigned long long subtree;
+  unsigned int subleaf;
+} leafaddr;
+typedef struct{
+  wots_params wots_par;
+  unsigned int n;
+  unsigned int h;
+  unsigned int k;
+} xmss_params;
+typedef struct{
+  xmss_params xmss_par;
+  unsigned int n;
+  unsigned int h;
+  unsigned int d;
+  unsigned int index_len;
+} xmssmt_params;
+typedef struct{
+  unsigned int h;
+  unsigned int next_idx;
+  unsigned int stackusage;
+  unsigned char completed;
+  unsigned char *node;
+} treehash_inst;
+typedef struct {
+  unsigned char *stack;
+  unsigned int stackoffset;
+  unsigned char *stacklevels;
+  unsigned char *auth;
+  unsigned char *keep;
+  treehash_inst *treehash;
+  unsigned char *retain;
+  unsigned int next_leaf;
+} bds_state;
+/**
+ * Initialize BDS state struct
+ * parameter names are the same as used in the description of the BDS traversal
+ */
+void xmss_set_bds_state(bds_state *state, unsigned char *stack, int stackoffset, unsigned char *stacklevels, unsigned char *auth, unsigned char *keep, treehash_inst *treehash, unsigned char *retain, int next_leaf);
+/**
+ * Initializes parameter set.
+ * Needed, for any of the other methods.
+ */
+int xmss_set_params(xmss_params *params, int n, int h, int w, int k);
+/**
+ * Initialize xmssmt_params struct
+ * parameter names are the same as in the draft
+ * 
+ * Especially h is the total tree height, i.e. the XMSS trees have height h/d
+ */
+int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k);
+/**
+ * Generates a XMSS key pair for a given parameter set.
+ * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root]
+ * Format pk: [root || PUB_SEED] omitting algo oid.
+ */
+int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state, xmss_params *params);
+/**
+ * Signs a message.
+ * Returns 
+ * 1. an array containing the signature followed by the message AND
+ * 2. an updated secret key!
+ * 
+ */
+int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg,unsigned long long msglen, const xmss_params *params);
+/**
+ * Verifies a given message signature pair under a given public key.
+ * 
+ * Note: msg and msglen are pure outputs which carry the message in case verification succeeds. The (input) message is assumed to be within sig_msg which has the form (sig||msg). 
+ */
+int xmss_sign_open(unsigned char *msg,unsigned long long *msglen, const unsigned char *sig_msg,unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params);
+/*
+ * Generates a XMSSMT key pair for a given parameter set.
+ * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root]
+ * Format pk: [root || PUB_SEED] omitting algo oid.
+ */
+int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs, xmssmt_params *params);
+/**
+ * Signs a message.
+ * Returns 
+ * 1. an array containing the signature followed by the message AND
+ * 2. an updated secret key!
+ * 
+ */
+int xmssmt_sign(unsigned char *sk, bds_state *state, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params);
+/**
+ * Verifies a given message signature pair under a given public key.
+ */
+int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params);
+#endif
author	markus@openbsd.org <markus@openbsd.org>	2018-02-23 15:58:37 +0000
committer	Damien Miller <djm@mindrot.org>	2018-02-26 11:40:41 +1100
commit	1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 (patch)
tree	7e96cb41b5234b9d327f7c8f41392f09aed0994e /xmss_fast.h
parent	7d330a1ac02076de98cfc8fda05353d57b603755 (diff)

diff --git a/xmss_fast.h b/xmss_fast.h new file mode 100644 index 000000000..657cd27f4 --- /dev/null +++ b/xmss_fast.h
@@ -0,0 +1,109 @@
	1	/*
	2	xmss_fast.h version 20160722
	3	Andreas Hülsing
	4	Joost Rijneveld
	5	Public domain.
	6	*/
	7
	8	#include "xmss_wots.h"
	9
	10	#ifndef XMSS_H
	11	#define XMSS_H
	12	typedef struct{
	13	unsigned int level;
	14	unsigned long long subtree;
	15	unsigned int subleaf;
	16	} leafaddr;
	17
	18	typedef struct{
	19	wots_params wots_par;
	20	unsigned int n;
	21	unsigned int h;
	22	unsigned int k;
	23	} xmss_params;
	24
	25	typedef struct{
	26	xmss_params xmss_par;
	27	unsigned int n;
	28	unsigned int h;
	29	unsigned int d;
	30	unsigned int index_len;
	31	} xmssmt_params;
	32
	33	typedef struct{
	34	unsigned int h;
	35	unsigned int next_idx;
	36	unsigned int stackusage;
	37	unsigned char completed;
	38	unsigned char *node;
	39	} treehash_inst;
	40
	41	typedef struct {
	42	unsigned char *stack;
	43	unsigned int stackoffset;
	44	unsigned char *stacklevels;
	45	unsigned char *auth;
	46	unsigned char *keep;
	47	treehash_inst *treehash;
	48	unsigned char *retain;
	49	unsigned int next_leaf;
	50	} bds_state;
	51
	52	/**
	53	* Initialize BDS state struct
	54	* parameter names are the same as used in the description of the BDS traversal
	55	*/
	56	void xmss_set_bds_state(bds_state state, unsigned char stack, int stackoffset, unsigned char stacklevels, unsigned char auth, unsigned char keep, treehash_inst treehash, unsigned char *retain, int next_leaf);
	57	/**
	58	* Initializes parameter set.
	59	* Needed, for any of the other methods.
	60	*/
	61	int xmss_set_params(xmss_params *params, int n, int h, int w, int k);
	62	/**
	63	* Initialize xmssmt_params struct
	64	* parameter names are the same as in the draft
	65	*
	66	* Especially h is the total tree height, i.e. the XMSS trees have height h/d
	67	*/
	68	int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k);
	69	/**
	70	* Generates a XMSS key pair for a given parameter set.
	71	* Format sk: [(32bit) idx \|\| SK_SEED \|\| SK_PRF \|\| PUB_SEED \|\| root]
	72	* Format pk: [root \|\| PUB_SEED] omitting algo oid.
	73	*/
	74	int xmss_keypair(unsigned char pk, unsigned char sk, bds_state state, xmss_params params);
	75	/**
	76	* Signs a message.
	77	* Returns
	78	* 1. an array containing the signature followed by the message AND
	79	* 2. an updated secret key!
	80	*
	81	*/
	82	int xmss_sign(unsigned char sk, bds_state state, unsigned char sig_msg, unsigned long long sig_msg_len, const unsigned char msg,unsigned long long msglen, const xmss_params params);
	83	/**
	84	* Verifies a given message signature pair under a given public key.
	85	*
	86	* Note: msg and msglen are pure outputs which carry the message in case verification succeeds. The (input) message is assumed to be within sig_msg which has the form (sig\|\|msg).
	87	*/
	88	int xmss_sign_open(unsigned char msg,unsigned long long msglen, const unsigned char sig_msg,unsigned long long sig_msg_len, const unsigned char pk, const xmss_params *params);
	89
	90	/*
	91	* Generates a XMSSMT key pair for a given parameter set.
	92	* Format sk: [(ceil(h/8) bit) idx \|\| SK_SEED \|\| SK_PRF \|\| PUB_SEED \|\| root]
	93	* Format pk: [root \|\| PUB_SEED] omitting algo oid.
	94	*/
	95	int xmssmt_keypair(unsigned char pk, unsigned char sk, bds_state states, unsigned char wots_sigs, xmssmt_params *params);
	96	/**
	97	* Signs a message.
	98	* Returns
	99	* 1. an array containing the signature followed by the message AND
	100	* 2. an updated secret key!
	101	*
	102	*/
	103	int xmssmt_sign(unsigned char sk, bds_state state, unsigned char wots_sigs, unsigned char sig_msg, unsigned long long sig_msg_len, const unsigned char msg, unsigned long long msglen, const xmssmt_params *params);
	104	/**
	105	* Verifies a given message signature pair under a given public key.
	106	*/
	107	int xmssmt_sign_open(unsigned char msg, unsigned long long msglen, const unsigned char sig_msg, unsigned long long sig_msg_len, const unsigned char pk, const xmssmt_params *params);
	108	#endif
	109