summaryrefslogtreecommitdiffstats
path: root/xmss_fast.h
diff options
context:
space:
mode:
authormarkus@openbsd.org <markus@openbsd.org>2018-02-23 16:58:37 +0100
committerDamien Miller <djm@mindrot.org>2018-02-26 01:40:41 +0100
commit1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 (patch)
tree7e96cb41b5234b9d327f7c8f41392f09aed0994e /xmss_fast.h
parentupstream: some cleanup for BindInterface and ssh-keyscan; (diff)
downloadopenssh-1b11ea7c58cd5c59838b5fa574cd456d6047b2d4.tar.xz
openssh-1b11ea7c58cd5c59838b5fa574cd456d6047b2d4.zip
upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
Diffstat (limited to 'xmss_fast.h')
-rw-r--r--xmss_fast.h109
1 files changed, 109 insertions, 0 deletions
diff --git a/xmss_fast.h b/xmss_fast.h
new file mode 100644
index 000000000..657cd27f4
--- /dev/null
+++ b/xmss_fast.h
@@ -0,0 +1,109 @@
+/*
+xmss_fast.h version 20160722
+Andreas Hülsing
+Joost Rijneveld
+Public domain.
+*/
+
+#include "xmss_wots.h"
+
+#ifndef XMSS_H
+#define XMSS_H
+typedef struct{
+ unsigned int level;
+ unsigned long long subtree;
+ unsigned int subleaf;
+} leafaddr;
+
+typedef struct{
+ wots_params wots_par;
+ unsigned int n;
+ unsigned int h;
+ unsigned int k;
+} xmss_params;
+
+typedef struct{
+ xmss_params xmss_par;
+ unsigned int n;
+ unsigned int h;
+ unsigned int d;
+ unsigned int index_len;
+} xmssmt_params;
+
+typedef struct{
+ unsigned int h;
+ unsigned int next_idx;
+ unsigned int stackusage;
+ unsigned char completed;
+ unsigned char *node;
+} treehash_inst;
+
+typedef struct {
+ unsigned char *stack;
+ unsigned int stackoffset;
+ unsigned char *stacklevels;
+ unsigned char *auth;
+ unsigned char *keep;
+ treehash_inst *treehash;
+ unsigned char *retain;
+ unsigned int next_leaf;
+} bds_state;
+
+/**
+ * Initialize BDS state struct
+ * parameter names are the same as used in the description of the BDS traversal
+ */
+void xmss_set_bds_state(bds_state *state, unsigned char *stack, int stackoffset, unsigned char *stacklevels, unsigned char *auth, unsigned char *keep, treehash_inst *treehash, unsigned char *retain, int next_leaf);
+/**
+ * Initializes parameter set.
+ * Needed, for any of the other methods.
+ */
+int xmss_set_params(xmss_params *params, int n, int h, int w, int k);
+/**
+ * Initialize xmssmt_params struct
+ * parameter names are the same as in the draft
+ *
+ * Especially h is the total tree height, i.e. the XMSS trees have height h/d
+ */
+int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k);
+/**
+ * Generates a XMSS key pair for a given parameter set.
+ * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root]
+ * Format pk: [root || PUB_SEED] omitting algo oid.
+ */
+int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state, xmss_params *params);
+/**
+ * Signs a message.
+ * Returns
+ * 1. an array containing the signature followed by the message AND
+ * 2. an updated secret key!
+ *
+ */
+int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg,unsigned long long msglen, const xmss_params *params);
+/**
+ * Verifies a given message signature pair under a given public key.
+ *
+ * Note: msg and msglen are pure outputs which carry the message in case verification succeeds. The (input) message is assumed to be within sig_msg which has the form (sig||msg).
+ */
+int xmss_sign_open(unsigned char *msg,unsigned long long *msglen, const unsigned char *sig_msg,unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params);
+
+/*
+ * Generates a XMSSMT key pair for a given parameter set.
+ * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root]
+ * Format pk: [root || PUB_SEED] omitting algo oid.
+ */
+int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs, xmssmt_params *params);
+/**
+ * Signs a message.
+ * Returns
+ * 1. an array containing the signature followed by the message AND
+ * 2. an updated secret key!
+ *
+ */
+int xmssmt_sign(unsigned char *sk, bds_state *state, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params);
+/**
+ * Verifies a given message signature pair under a given public key.
+ */
+int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params);
+#endif
+