abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update XMSS

Browse Source 
Functions and types with prefix `xmss`
Set SM3 or SHA256 independently.
This commit is contained in:
Zhi Guan
2026-01-15 18:22:11 +08:00
parent f22d654109
commit 02d3d0224e
3 changed files with 735 additions and 704 deletions
Download Patch File Download Diff File Expand all files Collapse all files

310
tests/xmsstest.c
View File

@@ -23,13 +23,13 @@ static int test_xmss_adrs(void)
xmss_adrs_t adrs;
adrs_set_layer_address(adrs, 0);
adrs_set_tree_address(adrs, 1);
adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
adrs_set_ots_address(adrs, 0);
adrs_set_chain_address(adrs, 1);
adrs_set_hash_address(adrs, 12);
adrs_set_key_and_mask(adrs, 0);
xmss_adrs_set_layer_address(adrs, 0);
xmss_adrs_set_tree_address(adrs, 1);
xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
xmss_adrs_set_ots_address(adrs, 0);
xmss_adrs_set_chain_address(adrs, 1);
xmss_adrs_set_hash_address(adrs, 12);
xmss_adrs_set_key_and_mask(adrs, 0);
xmss_adrs_print(stderr, 0, 4, "ADRS", adrs);
@@ -41,11 +41,11 @@ static int test_xmss_adrs(void)
#if defined(ENABLE_XMSS_CROSSCHECK) && defined(ENABLE_SHA2)
static int test_wots_derive_sk(void)
{
hash256_t secret = {0};
hash256_t seed = {0};
xmss_hash256_t secret = {0};
xmss_hash256_t seed = {0};
xmss_adrs_t adrs = {0};
wots_key_t wots_sk;
wots_key_t test_sk;
xmss_wots_key_t wots_sk;
xmss_wots_key_t test_sk;
size_t len;
// sha256 test 1
@@ -56,7 +56,7 @@ static int test_wots_derive_sk(void)
hex_to_bytes("382c16f94b77905d4a6f78e1f38faf5ef914ac42324e356aeede056d356a5eeb", 64, test_sk[1], &len);
hex_to_bytes("ab08e768529903e533c9bf8b3ea8c69d36aedcee5ac78801f92d23ef758cfe03", 64, test_sk[66], &len);
wots_derive_sk(secret, seed, adrs, wots_sk);
xmss_wots_derive_sk(secret, seed, adrs, wots_sk);
if (memcmp(wots_sk[0], test_sk[0], 32)
|| memcmp(wots_sk[1], test_sk[1], 32)
@@ -73,7 +73,7 @@ static int test_wots_derive_sk(void)
hex_to_bytes("e45dad76c1b23975e898a365b8c73d13695a887ba2ba2377f840d3a3b7bf806c", 64, test_sk[1], &len);
hex_to_bytes("aaad735aa51662b8a48258561fb857b3f2b12a5802593522145b3b68355abf3b", 64, test_sk[66], &len);
wots_derive_sk(secret, seed, adrs, wots_sk);
xmss_wots_derive_sk(secret, seed, adrs, wots_sk);
if (memcmp(wots_sk[0], test_sk[0], 32)
|| memcmp(wots_sk[1], test_sk[1], 32)
@@ -88,12 +88,12 @@ static int test_wots_derive_sk(void)
static int test_wots_sk_to_pk(void)
{
hash256_t secret = {0};
hash256_t seed = {0};
xmss_hash256_t secret = {0};
xmss_hash256_t seed = {0};
xmss_adrs_t adrs = {0};
wots_key_t wots_sk;
wots_key_t wots_pk;
wots_key_t test_pk;
xmss_wots_key_t wots_sk;
xmss_wots_key_t wots_pk;
xmss_wots_key_t test_pk;
size_t len;
// sha256 test 2
@@ -104,9 +104,9 @@ static int test_wots_sk_to_pk(void)
hex_to_bytes("acf6be724d4b074d67330559ec24b3d42c9b9d87fa103e7f6be402ec3a2d41c1", 64, test_pk[1], &len);
hex_to_bytes("98691d83a657840d4b6f410e25fcd9a6480670ac9c090d3b79bc904ba7e131aa", 64, test_pk[66], &len);
wots_derive_sk(secret, seed, adrs, wots_sk);
xmss_wots_derive_sk(secret, seed, adrs, wots_sk);
wots_sk_to_pk(wots_sk, seed, adrs, wots_pk);
xmss_wots_sk_to_pk(wots_sk, seed, adrs, wots_pk);
if (memcmp(wots_pk[0], test_pk[0], 32)
|| memcmp(wots_pk[1], test_pk[1], 32)
@@ -121,15 +121,15 @@ static int test_wots_sk_to_pk(void)
static int test_wots_sign(void)
{
hash256_t secret = {0};
hash256_t seed = {0};
xmss_hash256_t secret = {0};
xmss_hash256_t seed = {0};
xmss_adrs_t adrs = {0};
hash256_t dgst = {0};
wots_key_t wots_sk;
wots_key_t wots_pk;
wots_sig_t wots_sig;
wots_sig_t test_sig;
wots_key_t sig_pk;
xmss_hash256_t dgst = {0};
xmss_wots_key_t wots_sk;
xmss_wots_key_t wots_pk;
xmss_wots_sig_t wots_sig;
xmss_wots_sig_t test_sig;
xmss_wots_key_t sig_pk;
size_t len;
int i;
@@ -144,23 +144,23 @@ static int test_wots_sign(void)
hex_to_bytes("75d2cfddd6ca9773fb9d0d17efe5c731c1a44f4b31352e26767623abf52911f9", 64, test_sig[15], &len);
hex_to_bytes("aaad735aa51662b8a48258561fb857b3f2b12a5802593522145b3b68355abf3b", 64, test_sig[66], &len);
wots_derive_sk(secret, seed, adrs, wots_sk);
xmss_wots_derive_sk(secret, seed, adrs, wots_sk);
wots_sk_to_pk(wots_sk, seed, adrs, wots_pk);
xmss_wots_sk_to_pk(wots_sk, seed, adrs, wots_pk);
wots_sign(wots_sk, seed, adrs, dgst, wots_sig);
xmss_wots_sign(wots_sk, seed, adrs, dgst, wots_sig);
if (memcmp(wots_sig[0], test_sig[0], sizeof(hash256_t))
|| memcmp(wots_sig[1], test_sig[1], sizeof(hash256_t))
|| memcmp(wots_sig[15], test_sig[15], sizeof(hash256_t))
|| memcmp(wots_sig[66], test_sig[66], sizeof(hash256_t))) {
if (memcmp(wots_sig[0], test_sig[0], sizeof(xmss_hash256_t))
|| memcmp(wots_sig[1], test_sig[1], sizeof(xmss_hash256_t))
|| memcmp(wots_sig[15], test_sig[15], sizeof(xmss_hash256_t))
|| memcmp(wots_sig[66], test_sig[66], sizeof(xmss_hash256_t))) {
error_print();
return -1;
}
wots_sig_to_pk(wots_sig, seed, adrs, dgst, sig_pk);
xmss_wots_sig_to_pk(wots_sig, seed, adrs, dgst, sig_pk);
if (memcmp(sig_pk ,wots_pk, sizeof(wots_key_t))) {
if (memcmp(sig_pk ,wots_pk, sizeof(xmss_wots_key_t))) {
error_print();
return -1;
}
@@ -171,39 +171,39 @@ static int test_wots_sign(void)
static int test_wots_derive_root(void)
{
hash256_t secret;
hash256_t seed;
xmss_hash256_t secret;
xmss_hash256_t seed;
xmss_adrs_t adrs;
hash256_t root;
hash256_t wots_0_root;
hash256_t wots_1023_root;
xmss_hash256_t root;
xmss_hash256_t wots_0_root;
xmss_hash256_t wots_1023_root;
size_t len;
memset(secret, 0x12, sizeof(hash256_t));
memset(seed, 0xab, sizeof(hash256_t));
memset(secret, 0x12, sizeof(xmss_hash256_t));
memset(seed, 0xab, sizeof(xmss_hash256_t));
hex_to_bytes("7A968C5F9AE4D2B781872B4E6EE851D55CC02F0AB9196701580D6F503D35DB68", 64, wots_0_root, &len);
hex_to_bytes("939E10CD44769D4D9853F7CF5612D6D83B3AA140A8867CCF34A1DBCC66FC4333", 64, wots_1023_root, &len);
// wots index is 0
adrs_set_layer_address(adrs, 0);
adrs_set_tree_address(adrs, 0);
adrs_set_ots_address(adrs, 0);
xmss_adrs_set_layer_address(adrs, 0);
xmss_adrs_set_tree_address(adrs, 0);
xmss_adrs_set_ots_address(adrs, 0);
wots_derive_root(secret, seed, adrs, root);
xmss_wots_derive_root(secret, seed, adrs, root);
if (memcmp(root, wots_0_root, sizeof(hash256_t)) != 0) {
if (memcmp(root, wots_0_root, sizeof(xmss_hash256_t)) != 0) {
error_print();
return -1;
}
// wots index is 1023
adrs_set_layer_address(adrs, 0);
adrs_set_tree_address(adrs, 0);
adrs_set_ots_address(adrs, 1023);
xmss_adrs_set_layer_address(adrs, 0);
xmss_adrs_set_tree_address(adrs, 0);
xmss_adrs_set_ots_address(adrs, 1023);
wots_derive_root(secret, seed, adrs, root);
xmss_wots_derive_root(secret, seed, adrs, root);
if (memcmp(root, wots_1023_root, sizeof(hash256_t)) != 0) {
if (memcmp(root, wots_1023_root, sizeof(xmss_hash256_t)) != 0) {
error_print();
return -1;
}
@@ -215,25 +215,25 @@ static int test_wots_derive_root(void)
static int test_wots_verify(void)
{
uint32_t index = 0;
hash256_t secret;
hash256_t seed;
xmss_hash256_t secret;
xmss_hash256_t seed;
xmss_adrs_t adrs;
wots_key_t sk;
hash256_t dgst;
wots_sig_t sig;
hash256_t root;
xmss_wots_key_t sk;
xmss_hash256_t dgst;
xmss_wots_sig_t sig;
xmss_hash256_t root;
adrs_set_layer_address(adrs, 0);
adrs_set_tree_address(adrs, 0);
adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
adrs_set_ots_address(adrs, index);
xmss_adrs_set_layer_address(adrs, 0);
xmss_adrs_set_tree_address(adrs, 0);
xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
xmss_adrs_set_ots_address(adrs, index);
wots_derive_sk(secret, seed, adrs, sk);
wots_sign(sk, seed, adrs, dgst, sig);
wots_derive_root(secret, seed, adrs, root);
xmss_wots_derive_sk(secret, seed, adrs, sk);
xmss_wots_sign(sk, seed, adrs, dgst, sig);
xmss_wots_derive_root(secret, seed, adrs, root);
if (wots_verify(root, seed, adrs, dgst, sig) != 1) {
if (xmss_wots_verify(root, seed, adrs, dgst, sig) != 1) {
error_print();
return -1;
}
@@ -247,26 +247,26 @@ static int test_wots_verify(void)
static int test_xmss_build_tree(void)
{
hash256_t xmss_secret;
hash256_t seed;
xmss_hash256_t xmss_secret;
xmss_hash256_t seed;
xmss_adrs_t adrs;
int height = 10;
hash256_t *tree = malloc(32 * (1<<height) * 2);
hash256_t xmss_root;
hash256_t test_root;
xmss_hash256_t *tree = malloc(32 * (1<<height) * 2);
xmss_hash256_t xmss_root;
xmss_hash256_t test_root;
size_t len;
memset(xmss_secret, 0x12, sizeof(hash256_t));
memset(seed, 0xab, sizeof(hash256_t));
memset(xmss_secret, 0x12, sizeof(xmss_hash256_t));
memset(seed, 0xab, sizeof(xmss_hash256_t));
hex_to_bytes("f0415ed807c8f8c2ee8ca3a00178bff37e1ccb2836e02607d06131c9341e52ca", 64, test_root, &len);
adrs_set_layer_address(adrs, 0);
adrs_set_tree_address(adrs, 0);
xmss_adrs_set_layer_address(adrs, 0);
xmss_adrs_set_tree_address(adrs, 0);
xmss_build_tree(xmss_secret, seed, adrs, height, tree);
memcpy(xmss_root, tree[(1 << (height + 1)) - 2], sizeof(hash256_t));
memcpy(xmss_root, tree[(1 << (height + 1)) - 2], sizeof(xmss_hash256_t));
/*
if (memcmp(xmss_root, test_root, sizeof(hash256_t))) {
if (memcmp(xmss_root, test_root, sizeof(xmss_hash256_t))) {
error_print();
return -1;
}
@@ -278,25 +278,25 @@ static int test_xmss_build_tree(void)
static int test_xmss_build_root(void)
{
hash256_t secret;
hash256_t seed;
xmss_hash256_t secret;
xmss_hash256_t seed;
xmss_adrs_t adrs;
size_t height = 4;
hash256_t tree[(1 << (4+1)) - 1];
hash256_t auth_path[4];
hash256_t root;
xmss_hash256_t tree[(1 << (4+1)) - 1];
xmss_hash256_t auth_path[4];
xmss_hash256_t root;
uint32_t index;
rand_bytes(secret, sizeof(secret));
rand_bytes(seed, sizeof(seed));
adrs_set_layer_address(adrs, 0);
adrs_set_tree_address(adrs, 0);
xmss_adrs_set_layer_address(adrs, 0);
xmss_adrs_set_tree_address(adrs, 0);
xmss_build_tree(secret, seed, adrs, height, tree);
for (index = 0; index < (1 << height); index++) {
xmss_build_auth_path(tree, height, index, auth_path);
xmss_build_root(tree[index], index, seed, adrs, auth_path, height, root);
if (memcmp(root, tree[sizeof(tree)/sizeof(tree[0]) - 1], sizeof(hash256_t)) != 0) {
if (memcmp(root, tree[sizeof(tree)/sizeof(tree[0]) - 1], sizeof(xmss_hash256_t)) != 0) {
error_print();
return -1;
}
@@ -446,7 +446,7 @@ static int test_xmss_signature_size(void)
static int test_xmss_sign(void)
{
static const uint8_t hash256_two[] = {
static const uint8_t xmss_hash256_two[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -456,13 +456,13 @@ static int test_xmss_sign(void)
uint32_t xmss_type = XMSS_HASH256_10_256;
size_t height = 10;
uint32_t index = 1011;
hash256_t hash256_index = {0};
xmss_hash256_t hash256_index = {0};
XMSS_KEY key;
XMSS_SIGNATURE sig;
xmss_adrs_t adrs;
hash256_t root;
HASH256_CTX ctx;
hash256_t dgst;
xmss_hash256_t root;
XMSS_HASH256_CTX ctx;
xmss_hash256_t dgst;
size_t h;
@@ -481,15 +481,15 @@ static int test_xmss_sign(void)
memset(sig.random, 0, 32);
// wots_sk => sig.wots_sig
adrs_set_layer_address(adrs, 0);
adrs_set_tree_address(adrs, 0);
adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
adrs_set_ots_address(adrs, index);
wots_derive_sk(key.secret, key.public_key.seed, adrs, sig.wots_sig);
xmss_adrs_set_layer_address(adrs, 0);
xmss_adrs_set_tree_address(adrs, 0);
xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
xmss_adrs_set_ots_address(adrs, index);
xmss_wots_derive_sk(key.secret, key.public_key.seed, adrs, sig.wots_sig);
// check wots_root
wots_derive_root(key.secret, key.public_key.seed, adrs, root);
if (memcmp(root, key.tree[index], sizeof(hash256_t)) != 0) {
xmss_wots_derive_root(key.secret, key.public_key.seed, adrs, root);
if (memcmp(root, key.tree[index], sizeof(xmss_hash256_t)) != 0) {
xmss_key_cleanup(&key);
error_print();
return -1;
@@ -500,24 +500,24 @@ static int test_xmss_sign(void)
PUTU32(hash256_index + 28, index);
hash256_init(&ctx);
hash256_update(&ctx, hash256_two, sizeof(hash256_t));
hash256_update(&ctx, sig.random, sizeof(hash256_t));
hash256_update(&ctx, key.public_key.root, sizeof(hash256_t));
hash256_update(&ctx, hash256_index, sizeof(hash256_t));
hash256_update(&ctx, msg, sizeof(msg));
hash256_finish(&ctx, dgst);
xmss_hash256_init(&ctx);
xmss_hash256_update(&ctx, xmss_hash256_two, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx, sig.random, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx, key.public_key.root, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx, hash256_index, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx, msg, sizeof(msg));
xmss_hash256_finish(&ctx, dgst);
wots_sign(sig.wots_sig, key.public_key.seed, adrs, dgst, sig.wots_sig);
xmss_wots_sign(sig.wots_sig, key.public_key.seed, adrs, dgst, sig.wots_sig);
// verify
// wots_sig => wots_root
wots_sig_to_pk(sig.wots_sig, key.public_key.seed, adrs, dgst, sig.wots_sig);
xmss_wots_sig_to_pk(sig.wots_sig, key.public_key.seed, adrs, dgst, sig.wots_sig);
adrs_set_type(adrs, XMSS_ADRS_TYPE_LTREE);
adrs_set_ltree_address(adrs, index);
wots_pk_to_root(sig.wots_sig, key.public_key.seed, adrs, root);
xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_LTREE);
xmss_adrs_set_ltree_address(adrs, index);
xmss_wots_pk_to_root(sig.wots_sig, key.public_key.seed, adrs, root);
@@ -539,7 +539,7 @@ static int test_xmss_sign(void)
xmss_build_root(root, index, key.public_key.seed, adrs, sig.auth_path, height, root);
if (memcmp(root, key.public_key.root, sizeof(hash256_t)) != 0) {
if (memcmp(root, key.public_key.root, sizeof(xmss_hash256_t)) != 0) {
error_print();
return -1;
}
@@ -893,13 +893,13 @@ static uint64_t xmssmt_tree_index(uint64_t index, size_t height, size_t layers,
// reference implementation of xmss^mt sign/verify
static int test_xmssmt_sign(void)
{
static const uint8_t hash256_two[] = {
static const uint8_t xmss_hash256_two[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
};
static const uint8_t hash256_three[] = {
static const uint8_t xmss_hash256_three[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -917,9 +917,9 @@ static int test_xmssmt_sign(void)
XMSSMT_KEY *key = &xmssmt_key;
XMSSMT_SIGN_CTX xmssmt_ctx;
XMSSMT_SIGN_CTX *ctx = &xmssmt_ctx;
hash256_t dgst;
xmss_hash256_t dgst;
hash256_t hash256_index;
xmss_hash256_t hash256_index;
xmss_adrs_t adrs;
uint64_t tree_address;
@@ -951,63 +951,63 @@ static int test_xmssmt_sign(void)
// XMSSMT_SIGNATURE:
// uint64_t index
// hash256_t random
// xmss_hash256_t random
// wots_sig_t wots_sigs[layers];
// hash256_t auth_path[height/layers]
// xmss_hash256_t auth_path[height/layers]
// copy index
ctx->xmssmt_sig.index = key->index;
// copy wots_sigs[1] to wots_sig[layers - 1] from key
for (layer = 1; layer < layers; layer++) {
memcpy(ctx->xmssmt_sig.wots_sigs[layer], key->wots_sigs[layer - 1], sizeof(wots_sig_t));
memcpy(ctx->xmssmt_sig.wots_sigs[layer], key->wots_sigs[layer - 1], sizeof(xmss_wots_sig_t));
}
// build auth_path
for (layer = 0; layer < layers; layer++) {
uint32_t tree_index = xmssmt_tree_index(ctx->xmssmt_sig.index, height, layers, layer);
hash256_t *tree = key->trees + xmss_num_tree_nodes(height/layers) * layer;
hash256_t *auth_path = ctx->xmssmt_sig.auth_path + (height/layers) * layer;
xmss_hash256_t *tree = key->trees + xmss_num_tree_nodes(height/layers) * layer;
xmss_hash256_t *auth_path = ctx->xmssmt_sig.auth_path + (height/layers) * layer;
xmss_build_auth_path(tree, height/layers, tree_index, auth_path);
}
// derive ctx->xmssmt_sig.random
memset(hash256_index, 0, 24);
PUTU64(hash256_index + 24, ctx->xmssmt_sig.index);
hash256_init(&ctx->hash256_ctx);
hash256_update(&ctx->hash256_ctx, hash256_three, sizeof(hash256_t));
hash256_update(&ctx->hash256_ctx, key->sk_prf, sizeof(hash256_t));
hash256_update(&ctx->hash256_ctx, hash256_index, sizeof(hash256_t));
hash256_finish(&ctx->hash256_ctx, ctx->xmssmt_sig.random);
xmss_hash256_init(&ctx->hash256_ctx);
xmss_hash256_update(&ctx->hash256_ctx, xmss_hash256_three, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx->hash256_ctx, key->sk_prf, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx->hash256_ctx, hash256_index, sizeof(xmss_hash256_t));
xmss_hash256_finish(&ctx->hash256_ctx, ctx->xmssmt_sig.random);
// derive wots_sk and save to wots_sigs[0]
layer = 0;
tree_address = xmssmt_tree_address(ctx->xmssmt_sig.index, height, layers, layer);
tree_index = xmssmt_tree_index(ctx->xmssmt_sig.index, height, layers, layer);
adrs_set_layer_address(adrs, layer);
adrs_set_tree_address(adrs, tree_address);
adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
adrs_set_ots_address(adrs, tree_index);
wots_derive_sk(key->secret, key->public_key.seed, adrs, ctx->xmssmt_sig.wots_sigs[0]);
xmss_adrs_set_layer_address(adrs, layer);
xmss_adrs_set_tree_address(adrs, tree_address);
xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
xmss_adrs_set_ots_address(adrs, tree_index);
xmss_wots_derive_sk(key->secret, key->public_key.seed, adrs, ctx->xmssmt_sig.wots_sigs[0]);
// H_msg(M) := HASH256(toByte(2, 32) || r || XMSS_ROOT || toByte(idx_sig, 32) || M)
hash256_init(&ctx->hash256_ctx);
hash256_update(&ctx->hash256_ctx, hash256_two, sizeof(hash256_t));
hash256_update(&ctx->hash256_ctx, ctx->xmssmt_sig.random, sizeof(hash256_t));
hash256_update(&ctx->hash256_ctx, key->public_key.root, sizeof(hash256_t));
hash256_update(&ctx->hash256_ctx, hash256_index, sizeof(hash256_t));
hash256_update(&ctx->hash256_ctx, msg, sizeof(msg));
hash256_finish(&ctx->hash256_ctx, dgst);
xmss_hash256_init(&ctx->hash256_ctx);
xmss_hash256_update(&ctx->hash256_ctx, xmss_hash256_two, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx->hash256_ctx, ctx->xmssmt_sig.random, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx->hash256_ctx, key->public_key.root, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx->hash256_ctx, hash256_index, sizeof(xmss_hash256_t));
xmss_hash256_update(&ctx->hash256_ctx, msg, sizeof(msg));
xmss_hash256_finish(&ctx->hash256_ctx, dgst);
// generate message wots_sig as wots_sigs[0]
layer = 0;
tree_address = xmssmt_tree_address(ctx->xmssmt_sig.index, height, layers, layer);
tree_index = xmssmt_tree_index(ctx->xmssmt_sig.index, height, layers, layer);
adrs_set_layer_address(adrs, layer);
adrs_set_tree_address(adrs, tree_address);
adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
adrs_set_ots_address(adrs, tree_index);
wots_sign(ctx->xmssmt_sig.wots_sigs[0], ctx->xmssmt_public_key.seed, adrs, dgst,
xmss_adrs_set_layer_address(adrs, layer);
xmss_adrs_set_tree_address(adrs, tree_address);
xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
xmss_adrs_set_ots_address(adrs, tree_index);
xmss_wots_sign(ctx->xmssmt_sig.wots_sigs[0], ctx->xmssmt_public_key.seed, adrs, dgst,
ctx->xmssmt_sig.wots_sigs[0]);
xmssmt_signature_print_ex(stderr, 0, 4, "xmssmt_signature", &ctx->xmssmt_sig, xmssmt_type);
@@ -1017,23 +1017,23 @@ static int test_xmssmt_sign(void)
for (layer = 0; layer < layers; layer++) {
uint64_t tree_address = xmssmt_tree_address(ctx->xmssmt_sig.index, height, layers, layer);
uint32_t tree_index = xmssmt_tree_index(ctx->xmssmt_sig.index, height, layers, layer);
wots_key_t wots_pk;
xmss_wots_key_t wots_pk;
// wots_sig, dgst => wots_pk
adrs_set_layer_address(adrs, layer);
adrs_set_tree_address(adrs, tree_address);
adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
adrs_set_ots_address(adrs, tree_index);
wots_sig_to_pk(ctx->xmssmt_sig.wots_sigs[layer], ctx->xmssmt_public_key.seed, adrs, dgst, wots_pk);
xmss_adrs_set_layer_address(adrs, layer);
xmss_adrs_set_tree_address(adrs, tree_address);
xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
xmss_adrs_set_ots_address(adrs, tree_index);
xmss_wots_sig_to_pk(ctx->xmssmt_sig.wots_sigs[layer], ctx->xmssmt_public_key.seed, adrs, dgst, wots_pk);
// wots_pk => wots_root
adrs_set_type(adrs, XMSS_ADRS_TYPE_LTREE);
adrs_set_ltree_address(adrs, tree_index);
wots_pk_to_root(wots_pk, ctx->xmssmt_public_key.seed, adrs, dgst);
xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_LTREE);
xmss_adrs_set_ltree_address(adrs, tree_index);
xmss_wots_pk_to_root(wots_pk, ctx->xmssmt_public_key.seed, adrs, dgst);
// wots_root, auth_path => xmss_root (as dgst)
adrs_set_type(adrs, XMSS_ADRS_TYPE_HASHTREE);
adrs_set_padding(adrs, 0);
xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_HASHTREE);
xmss_adrs_set_padding(adrs, 0);
xmss_build_root(dgst, tree_index,
ctx->xmssmt_public_key.seed, adrs,
ctx->xmssmt_sig.auth_path + (height/layers) * layer, height/layers,
@@ -1041,7 +1041,7 @@ static int test_xmssmt_sign(void)
}
// verify xmssmt_root (save in dgst)
if (memcmp(dgst, ctx->xmssmt_public_key.root, sizeof(hash256_t)) != 0) {
if (memcmp(dgst, ctx->xmssmt_public_key.root, sizeof(xmss_hash256_t)) != 0) {
error_print();
return -1;
}