1 /* $OpenBSD: xmss_fast.h,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ 2 /* 3 xmss_fast.h version 20160722 4 Andreas Hülsing 5 Joost Rijneveld 6 Public domain. 7 */ 8 9 #include "xmss_wots.h" 10 11 #ifndef XMSS_H 12 #define XMSS_H 13 typedef struct{ 14 unsigned int level; 15 unsigned long long subtree; 16 unsigned int subleaf; 17 } leafaddr; 18 19 typedef struct{ 20 wots_params wots_par; 21 unsigned int n; 22 unsigned int h; 23 unsigned int k; 24 } xmss_params; 25 26 typedef struct{ 27 xmss_params xmss_par; 28 unsigned int n; 29 unsigned int h; 30 unsigned int d; 31 unsigned int index_len; 32 } xmssmt_params; 33 34 typedef struct{ 35 unsigned int h; 36 unsigned int next_idx; 37 unsigned int stackusage; 38 unsigned char completed; 39 unsigned char *node; 40 } treehash_inst; 41 42 typedef struct { 43 unsigned char *stack; 44 unsigned int stackoffset; 45 unsigned char *stacklevels; 46 unsigned char *auth; 47 unsigned char *keep; 48 treehash_inst *treehash; 49 unsigned char *retain; 50 unsigned int next_leaf; 51 } bds_state; 52 53 /** 54 * Initialize BDS state struct 55 * parameter names are the same as used in the description of the BDS traversal 56 */ 57 void xmss_set_bds_state(bds_state *state, unsigned char *stack, int stackoffset, unsigned char *stacklevels, unsigned char *auth, unsigned char *keep, treehash_inst *treehash, unsigned char *retain, int next_leaf); 58 /** 59 * Initializes parameter set. 60 * Needed, for any of the other methods. 61 */ 62 int xmss_set_params(xmss_params *params, int n, int h, int w, int k); 63 /** 64 * Initialize xmssmt_params struct 65 * parameter names are the same as in the draft 66 * 67 * Especially h is the total tree height, i.e. the XMSS trees have height h/d 68 */ 69 int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k); 70 /** 71 * Generates a XMSS key pair for a given parameter set. 72 * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] 73 * Format pk: [root || PUB_SEED] omitting algo oid. 74 */ 75 int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state, xmss_params *params); 76 /** 77 * Signs a message. 78 * Returns 79 * 1. an array containing the signature followed by the message AND 80 * 2. an updated secret key! 81 * 82 */ 83 int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg,unsigned long long msglen, const xmss_params *params); 84 /** 85 * Verifies a given message signature pair under a given public key. 86 * 87 * Note: msg and msglen are pure outputs which carry the message in case verification succeeds. The (input) message is assumed to be within sig_msg which has the form (sig||msg). 88 */ 89 int xmss_sign_open(unsigned char *msg,unsigned long long *msglen, const unsigned char *sig_msg,unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params); 90 91 /* 92 * Generates a XMSSMT key pair for a given parameter set. 93 * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] 94 * Format pk: [root || PUB_SEED] omitting algo oid. 95 */ 96 int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs, xmssmt_params *params); 97 /** 98 * Signs a message. 99 * Returns 100 * 1. an array containing the signature followed by the message AND 101 * 2. an updated secret key! 102 * 103 */ 104 int xmssmt_sign(unsigned char *sk, bds_state *state, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params); 105 /** 106 * Verifies a given message signature pair under a given public key. 107 */ 108 int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params); 109 #endif 110 111