Update XMSS

Functions and types with prefix `xmss`
Set SM3 or SHA256 independently.

include/gmssl/xmss.h

@@ -15,7 +15,6 @@
 #include <string.h>
 #include <stdint.h>
 #include <gmssl/sm3.h>
-#include <gmssl/hash256.h>
 #ifdef ENABLE_SHA2
 #include <gmssl/sha2.h>
 #endif
@@ -25,18 +24,22 @@
 extern "C" {
 #endif
 
+typedef uint8_t xmss_hash256_t[32];
+
 
 // Crosscheck with data from xmss-reference (SHA-256), except the XMSS signature.
-#if defined(ENABLE_XMSS_CROSSCHECK) && defined(ENABLE_SHA2)
+#if defined(ENABLE_XMSS_CROSSCHECK) && defined(ENABLE_SHA2) && !defined(HASH256_CTX)
-# define HASH256_CTX		SHA256_CTX
+# define XMSS_HASH256_CTX		SHA256_CTX
-# define hash256_init		sha256_init
+# define xmss_hash256_init		sha256_init
-# define hash256_update		sha256_update
+# define xmss_hash256_update		sha256_update
-# define hash256_finish		sha256_finish
+# define xmss_hash256_finish		sha256_finish
+# define XMSS_HASH256_BLOCK_SIZE	SHA256_BLOCK_SIZE
 #else
-# define HASH256_CTX		SM3_CTX
+# define XMSS_HASH256_CTX		SM3_CTX
-# define hash256_init		sm3_init
+# define xmss_hash256_init		sm3_init
-# define hash256_update		sm3_update
+# define xmss_hash256_update		sm3_update
-# define hash256_finish		sm3_finish
+# define xmss_hash256_finish		sm3_finish
+# define XMSS_HASH256_BLOCK_SIZE	SM3_BLOCK_SIZE
 #endif
 
 
@@ -85,65 +88,65 @@ typedef struct {
 
 typedef uint8_t xmss_adrs_t[32];
 
-void adrs_copy_layer_address(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_layer_address(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_tree_address(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_tree_address(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_type(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_type(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_ots_address(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_ots_address(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_ltree_address(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_ltree_address(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_padding(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_padding(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_chain_address(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_chain_address(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_tree_height(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_tree_height(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_hash_address(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_hash_address(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_tree_index(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_tree_index(xmss_adrs_t dst, const xmss_adrs_t src);
-void adrs_copy_key_and_mask(xmss_adrs_t dst, const xmss_adrs_t src);
+void xmss_adrs_copy_key_and_mask(xmss_adrs_t dst, const xmss_adrs_t src);
 
-void adrs_set_layer_address(xmss_adrs_t adrs, uint32_t layer);
+void xmss_adrs_set_layer_address(xmss_adrs_t adrs, uint32_t layer);
-void adrs_set_tree_address(xmss_adrs_t adrs, uint64_t tree_addr);
+void xmss_adrs_set_tree_address(xmss_adrs_t adrs, uint64_t tree_addr);
-void adrs_set_type(xmss_adrs_t adrs, uint32_t type);
+void xmss_adrs_set_type(xmss_adrs_t adrs, uint32_t type);
-void adrs_set_ots_address(xmss_adrs_t adrs, uint32_t address);
+void xmss_adrs_set_ots_address(xmss_adrs_t adrs, uint32_t address);
-void adrs_set_ltree_address(xmss_adrs_t adrs, uint32_t address);
+void xmss_adrs_set_ltree_address(xmss_adrs_t adrs, uint32_t address);
-void adrs_set_padding(xmss_adrs_t adrs, uint32_t padding);
+void xmss_adrs_set_padding(xmss_adrs_t adrs, uint32_t padding);
-void adrs_set_chain_address(xmss_adrs_t adrs, uint32_t address);
+void xmss_adrs_set_chain_address(xmss_adrs_t adrs, uint32_t address);
-void adrs_set_tree_height(xmss_adrs_t adrs, uint32_t height);
+void xmss_adrs_set_tree_height(xmss_adrs_t adrs, uint32_t height);
-void adrs_set_hash_address(xmss_adrs_t adrs, uint32_t address);
+void xmss_adrs_set_hash_address(xmss_adrs_t adrs, uint32_t address);
-void adrs_set_tree_index(xmss_adrs_t adrs, uint32_t index);
+void xmss_adrs_set_tree_index(xmss_adrs_t adrs, uint32_t index);
-void adrs_set_key_and_mask(xmss_adrs_t adrs, uint32_t key_and_mask);
+void xmss_adrs_set_key_and_mask(xmss_adrs_t adrs, uint32_t key_and_mask);
 
-int xmss_adrs_print(FILE *fp, int fmt, int ind, const char *label, const hash256_t adrs);
+int xmss_adrs_print(FILE *fp, int fmt, int ind, const char *label, const xmss_hash256_t adrs);
 
 // WOTS+ with SM3/SHA256
 
-#define WOTS_WINTERNITZ_W 16 // rfc 8391 named algors only support w = 2^4 = 16
+#define XMSS_WOTS_WINTERNITZ_W 16 // rfc 8391 named algors only support w = 2^4 = 16
-#define WOTS_NUM_CHAINS	67
+#define XMSS_WOTS_NUM_CHAINS	67
 
-typedef hash256_t wots_key_t[WOTS_NUM_CHAINS];
+typedef xmss_hash256_t xmss_wots_key_t[XMSS_WOTS_NUM_CHAINS];
-typedef hash256_t wots_sig_t[WOTS_NUM_CHAINS];
+typedef xmss_hash256_t xmss_wots_sig_t[XMSS_WOTS_NUM_CHAINS];
 
 
-void wots_derive_sk(const hash256_t secret,
+void xmss_wots_derive_sk(const xmss_hash256_t secret,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	wots_key_t sk);
+	xmss_wots_key_t sk);
-void wots_chain(const hash256_t x,
+void xmss_wots_chain(const xmss_hash256_t x,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	int start, int steps, hash256_t y);
+	int start, int steps, xmss_hash256_t y);
-void wots_sk_to_pk(const wots_key_t sk,
+void xmss_wots_sk_to_pk(const xmss_wots_key_t sk,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	wots_key_t pk);
+	xmss_wots_key_t pk);
-void wots_sign(const wots_key_t sk,
+void xmss_wots_sign(const xmss_wots_key_t sk,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	const hash256_t dgst, wots_sig_t sig);
+	const xmss_hash256_t dgst, xmss_wots_sig_t sig);
-void wots_sig_to_pk(const wots_sig_t sig,
+void xmss_wots_sig_to_pk(const xmss_wots_sig_t sig,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	const hash256_t dgst, wots_key_t pk);
+	const xmss_hash256_t dgst, xmss_wots_key_t pk);
-void wots_pk_to_root(const wots_key_t pk,
+void xmss_wots_pk_to_root(const xmss_wots_key_t pk,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	hash256_t wots_root);
+	xmss_hash256_t wots_root);
-void wots_derive_root(const hash256_t secret,
+void xmss_wots_derive_root(const xmss_hash256_t secret,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	hash256_t wots_root);
+	xmss_hash256_t wots_root);
-int  wots_verify(const hash256_t wots_root,
+int  xmss_wots_verify(const xmss_hash256_t wots_root,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	const hash256_t dgst, const wots_sig_t sig);
+	const xmss_hash256_t dgst, const xmss_wots_sig_t sig);
 
 
 
@@ -185,21 +188,21 @@ uint32_t xmss_type_from_name(const char *name);
 int xmss_type_to_height(uint32_t xmss_type, size_t *height);
 
 size_t xmss_num_tree_nodes(size_t height);
-void xmss_build_tree(const hash256_t secret,
+void xmss_build_tree(const xmss_hash256_t secret,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	size_t height, hash256_t *tree); // tree[xmss_num_tree_nodes(height)]
+	size_t height, xmss_hash256_t *tree); // tree[xmss_num_tree_nodes(height)]
-void xmss_build_auth_path(const hash256_t *tree, size_t height,
+void xmss_build_auth_path(const xmss_hash256_t *tree, size_t height,
-	uint32_t index, hash256_t *auth_path); // auth_path[height]
+	uint32_t index, xmss_hash256_t *auth_path); // auth_path[height]
-void xmss_build_root(const hash256_t wots_root, uint32_t index,
+void xmss_build_root(const xmss_hash256_t wots_root, uint32_t index,
-	const hash256_t seed, const xmss_adrs_t adrs,
+	const xmss_hash256_t seed, const xmss_adrs_t adrs,
-	const hash256_t *auth_path, size_t height,
+	const xmss_hash256_t *auth_path, size_t height,
-	hash256_t xmss_root);
+	xmss_hash256_t xmss_root);
 
 
 typedef struct {
 	uint32_t xmss_type;
-	hash256_t seed;
+	xmss_hash256_t seed;
-	hash256_t root;
+	xmss_hash256_t root;
 } XMSS_PUBLIC_KEY;
 
 #define XMSS_PUBLIC_KEY_SIZE	(4 + 32 + 32) // = 68
@@ -207,9 +210,9 @@ typedef struct {
 typedef struct {
 	XMSS_PUBLIC_KEY public_key;
 	uint32_t index;
-	hash256_t secret;
+	xmss_hash256_t secret;
-	hash256_t sk_prf;
+	xmss_hash256_t sk_prf;
-	hash256_t *tree; // hash256_t[2^(h + 1) - 1]
+	xmss_hash256_t *tree; // xmss_hash256_t[2^(h + 1) - 1]
 } XMSS_KEY;
 
 // XMSS_SHA2_10_256:     65,640
@@ -232,9 +235,9 @@ void xmss_key_cleanup(XMSS_KEY *key);
 
 typedef struct {
 	uint32_t index; // < 2^(XMSS_MAX_HEIGHT) = 2^20, always encode to 4 bytes
-	hash256_t random;
+	xmss_hash256_t random;
-	wots_sig_t wots_sig;
+	xmss_wots_sig_t wots_sig;
-	hash256_t auth_path[XMSS_MAX_HEIGHT];
+	xmss_hash256_t auth_path[XMSS_MAX_HEIGHT];
 } XMSS_SIGNATURE;
 
 // XMSS_SM3_10_256	2500 bytes
@@ -243,6 +246,7 @@ typedef struct {
 #define XMSS_SIGNATURE_MIN_SIZE	(4 + 32 + 32*67 + 32 * XMSS_MIN_HEIGHT) // = 2500 bytes
 #define XMSS_SIGNATURE_MAX_SIZE	(4 + 32 + 32*67 + 32 * XMSS_MAX_HEIGHT) // = 2820 bytes
 int xmss_signature_size(uint32_t xmss_type, size_t *siglen);
+int xmss_key_get_signature_size(const XMSS_KEY *key, size_t *siglen);
 int xmss_signature_to_bytes(const XMSS_SIGNATURE *sig, uint32_t xmss_type, uint8_t **out, size_t *outlen);
 int xmss_signature_from_bytes(XMSS_SIGNATURE *sig, uint32_t xmss_type, const uint8_t **in, size_t *inlen);
 int xmss_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *in, size_t inlen);
@@ -251,7 +255,7 @@ int xmss_signature_print_ex(FILE *fp, int fmt, int ind, const char *label, const
 typedef struct {
 	XMSS_PUBLIC_KEY xmss_public_key;
 	XMSS_SIGNATURE xmss_sig;
-	HASH256_CTX hash256_ctx;
+	XMSS_HASH256_CTX hash256_ctx;
 } XMSS_SIGN_CTX;
 
 int xmss_sign_init(XMSS_SIGN_CTX *ctx, XMSS_KEY *key);
@@ -335,19 +339,19 @@ size_t xmssmt_num_trees_nodes(size_t height, size_t layers);
 
 typedef struct {
 	uint32_t xmssmt_type;
-	hash256_t seed;
+	xmss_hash256_t seed;
-	hash256_t root;
+	xmss_hash256_t root;
 } XMSSMT_PUBLIC_KEY;
 
-#define XMSSMT_PUBLIC_KEY_SIZE (4 + sizeof(hash256_t) + sizeof(hash256_t)) // = 68 bytes
+#define XMSSMT_PUBLIC_KEY_SIZE (4 + sizeof(xmss_hash256_t) + sizeof(xmss_hash256_t)) // = 68 bytes
 
 typedef struct {
 	XMSSMT_PUBLIC_KEY public_key;
 	uint64_t index; // in [0, 2^60 - 1]
-	hash256_t secret;
+	xmss_hash256_t secret;
-	hash256_t sk_prf;
+	xmss_hash256_t sk_prf;
-	hash256_t *trees;
+	xmss_hash256_t *trees;
-	wots_sig_t wots_sigs[XMSSMT_MAX_LAYERS - 1];
+	xmss_wots_sig_t wots_sigs[XMSSMT_MAX_LAYERS - 1];
 } XMSSMT_KEY;
 
 /*
@@ -361,7 +365,7 @@ typedef struct {
     XMSSMT_SM3_60_12_256:     47,916 bytes
 */
 int xmssmt_private_key_size(uint32_t xmssmt_type, size_t *len);
-int xmssmt_build_auth_path(const hash256_t *tree, size_t height, size_t layers, uint64_t index, hash256_t *auth_path);
+int xmssmt_build_auth_path(const xmss_hash256_t *tree, size_t height, size_t layers, uint64_t index, xmss_hash256_t *auth_path);
 
 int xmssmt_key_generate(XMSSMT_KEY *key, uint32_t xmssmt_type);
 int xmssmt_key_update(XMSSMT_KEY *key);
@@ -376,17 +380,18 @@ void xmssmt_key_cleanup(XMSSMT_KEY *key);
 
 typedef struct {
 	uint64_t index;
-	hash256_t random;
+	xmss_hash256_t random;
-	wots_sig_t wots_sigs[XMSSMT_MAX_LAYERS];
+	xmss_wots_sig_t wots_sigs[XMSSMT_MAX_LAYERS];
-	hash256_t auth_path[XMSSMT_MAX_HEIGHT];
+	xmss_hash256_t auth_path[XMSSMT_MAX_HEIGHT];
 } XMSSMT_SIGNATURE;
 
 int xmssmt_index_to_bytes(uint64_t index, uint32_t xmssmt_type, uint8_t **out, size_t *outlen);
 int xmssmt_index_from_bytes(uint64_t *index, uint32_t xmssmt_type, const uint8_t **in, size_t *inlen);
 
 #define XMSSMT_SIGNATURE_MAX_SIZE \
-	(sizeof(uint64_t) + sizeof(hash256_t) + sizeof(wots_sig_t)*XMSSMT_MAX_LAYERS + sizeof(hash256_t)*XMSSMT_MAX_HEIGHT) // = 27688 bytes
+	(sizeof(uint64_t) + sizeof(xmss_hash256_t) + sizeof(xmss_wots_sig_t)*XMSSMT_MAX_LAYERS + sizeof(xmss_hash256_t)*XMSSMT_MAX_HEIGHT) // = 27688 bytes
 
+int xmssmt_key_get_signature_size(const XMSSMT_KEY *key, size_t *siglen);
 int xmssmt_signature_size(uint32_t xmssmt_type, size_t *siglen);
 int xmssmt_signature_to_bytes(const XMSSMT_SIGNATURE *sig, uint32_t xmssmt_type, uint8_t **out, size_t *outlen);
 int xmssmt_signature_from_bytes(XMSSMT_SIGNATURE *sig, uint32_t xmssmt_type, const uint8_t **in, size_t *inlen);
@@ -397,7 +402,7 @@ int xmssmt_signature_print(FILE *fp, int fmt, int ind, const char *label, const
 typedef struct {
 	XMSSMT_PUBLIC_KEY xmssmt_public_key;
 	XMSSMT_SIGNATURE xmssmt_sig;
-	HASH256_CTX hash256_ctx;
+	XMSS_HASH256_CTX hash256_ctx;
 } XMSSMT_SIGN_CTX;
 
 int xmssmt_sign_init(XMSSMT_SIGN_CTX *ctx, XMSSMT_KEY *key);

tests/xmsstest.c

@@ -23,13 +23,13 @@ static int test_xmss_adrs(void)
 	xmss_adrs_t adrs;
 
 
-	adrs_set_layer_address(adrs, 0);
+	xmss_adrs_set_layer_address(adrs, 0);
-	adrs_set_tree_address(adrs, 1);
+	xmss_adrs_set_tree_address(adrs, 1);
-	adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
+	xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
-	adrs_set_ots_address(adrs, 0);
+	xmss_adrs_set_ots_address(adrs, 0);
-	adrs_set_chain_address(adrs, 1);
+	xmss_adrs_set_chain_address(adrs, 1);
-	adrs_set_hash_address(adrs, 12);
+	xmss_adrs_set_hash_address(adrs, 12);
-	adrs_set_key_and_mask(adrs, 0);
+	xmss_adrs_set_key_and_mask(adrs, 0);
 
 	xmss_adrs_print(stderr, 0, 4, "ADRS", adrs);
 
@@ -41,11 +41,11 @@ static int test_xmss_adrs(void)
 #if defined(ENABLE_XMSS_CROSSCHECK) && defined(ENABLE_SHA2)
 static int test_wots_derive_sk(void)
 {
-	hash256_t secret = {0};
+	xmss_hash256_t secret = {0};
-	hash256_t seed = {0};
+	xmss_hash256_t seed = {0};
 	xmss_adrs_t adrs = {0};
-	wots_key_t wots_sk;
+	xmss_wots_key_t wots_sk;
-	wots_key_t test_sk;
+	xmss_wots_key_t test_sk;
 	size_t len;
 
 	// sha256 test 1
@@ -56,7 +56,7 @@ static int test_wots_derive_sk(void)
 	hex_to_bytes("382c16f94b77905d4a6f78e1f38faf5ef914ac42324e356aeede056d356a5eeb", 64, test_sk[1], &len);
 	hex_to_bytes("ab08e768529903e533c9bf8b3ea8c69d36aedcee5ac78801f92d23ef758cfe03", 64, test_sk[66], &len);
 
-	wots_derive_sk(secret, seed, adrs, wots_sk);
+	xmss_wots_derive_sk(secret, seed, adrs, wots_sk);
 
 	if (memcmp(wots_sk[0], test_sk[0], 32)
 		|| memcmp(wots_sk[1], test_sk[1], 32)
@@ -73,7 +73,7 @@ static int test_wots_derive_sk(void)
 	hex_to_bytes("e45dad76c1b23975e898a365b8c73d13695a887ba2ba2377f840d3a3b7bf806c", 64, test_sk[1], &len);
 	hex_to_bytes("aaad735aa51662b8a48258561fb857b3f2b12a5802593522145b3b68355abf3b", 64, test_sk[66], &len);
 
-	wots_derive_sk(secret, seed, adrs, wots_sk);
+	xmss_wots_derive_sk(secret, seed, adrs, wots_sk);
 
 	if (memcmp(wots_sk[0], test_sk[0], 32)
 		|| memcmp(wots_sk[1], test_sk[1], 32)
@@ -88,12 +88,12 @@ static int test_wots_derive_sk(void)
 
 static int test_wots_sk_to_pk(void)
 {
-	hash256_t secret = {0};
+	xmss_hash256_t secret = {0};
-	hash256_t seed = {0};
+	xmss_hash256_t seed = {0};
 	xmss_adrs_t adrs = {0};
-	wots_key_t wots_sk;
+	xmss_wots_key_t wots_sk;
-	wots_key_t wots_pk;
+	xmss_wots_key_t wots_pk;
-	wots_key_t test_pk;
+	xmss_wots_key_t test_pk;
 	size_t len;
 
 	// sha256 test 2
@@ -104,9 +104,9 @@ static int test_wots_sk_to_pk(void)
 	hex_to_bytes("acf6be724d4b074d67330559ec24b3d42c9b9d87fa103e7f6be402ec3a2d41c1", 64, test_pk[1], &len);
 	hex_to_bytes("98691d83a657840d4b6f410e25fcd9a6480670ac9c090d3b79bc904ba7e131aa", 64, test_pk[66], &len);
 
-	wots_derive_sk(secret, seed, adrs, wots_sk);
+	xmss_wots_derive_sk(secret, seed, adrs, wots_sk);
 
-	wots_sk_to_pk(wots_sk, seed, adrs, wots_pk);
+	xmss_wots_sk_to_pk(wots_sk, seed, adrs, wots_pk);
 
 	if (memcmp(wots_pk[0], test_pk[0], 32)
 		|| memcmp(wots_pk[1], test_pk[1], 32)
@@ -121,15 +121,15 @@ static int test_wots_sk_to_pk(void)
 
 static int test_wots_sign(void)
 {
-	hash256_t secret = {0};
+	xmss_hash256_t secret = {0};
-	hash256_t seed = {0};
+	xmss_hash256_t seed = {0};
 	xmss_adrs_t adrs = {0};
-	hash256_t dgst = {0};
+	xmss_hash256_t dgst = {0};
-	wots_key_t wots_sk;
+	xmss_wots_key_t wots_sk;
-	wots_key_t wots_pk;
+	xmss_wots_key_t wots_pk;
-	wots_sig_t wots_sig;
+	xmss_wots_sig_t wots_sig;
-	wots_sig_t test_sig;
+	xmss_wots_sig_t test_sig;
-	wots_key_t sig_pk;
+	xmss_wots_key_t sig_pk;
 	size_t len;
 	int i;
 
@@ -144,23 +144,23 @@ static int test_wots_sign(void)
 	hex_to_bytes("75d2cfddd6ca9773fb9d0d17efe5c731c1a44f4b31352e26767623abf52911f9", 64, test_sig[15], &len);
 	hex_to_bytes("aaad735aa51662b8a48258561fb857b3f2b12a5802593522145b3b68355abf3b", 64, test_sig[66], &len);
 
-	wots_derive_sk(secret, seed, adrs, wots_sk);
+	xmss_wots_derive_sk(secret, seed, adrs, wots_sk);
 
-	wots_sk_to_pk(wots_sk, seed, adrs, wots_pk);
+	xmss_wots_sk_to_pk(wots_sk, seed, adrs, wots_pk);
 
-	wots_sign(wots_sk, seed, adrs, dgst, wots_sig);
+	xmss_wots_sign(wots_sk, seed, adrs, dgst, wots_sig);
 
-	if (memcmp(wots_sig[0], test_sig[0], sizeof(hash256_t))
+	if (memcmp(wots_sig[0], test_sig[0], sizeof(xmss_hash256_t))
-		|| memcmp(wots_sig[1], test_sig[1], sizeof(hash256_t))
+		|| memcmp(wots_sig[1], test_sig[1], sizeof(xmss_hash256_t))
-		|| memcmp(wots_sig[15], test_sig[15], sizeof(hash256_t))
+		|| memcmp(wots_sig[15], test_sig[15], sizeof(xmss_hash256_t))
-		|| memcmp(wots_sig[66], test_sig[66], sizeof(hash256_t))) {
+		|| memcmp(wots_sig[66], test_sig[66], sizeof(xmss_hash256_t))) {
 		error_print();
 		return -1;
 	}
 
-	wots_sig_to_pk(wots_sig, seed, adrs, dgst, sig_pk);
+	xmss_wots_sig_to_pk(wots_sig, seed, adrs, dgst, sig_pk);
 
-	if (memcmp(sig_pk ,wots_pk, sizeof(wots_key_t))) {
+	if (memcmp(sig_pk ,wots_pk, sizeof(xmss_wots_key_t))) {
 		error_print();
 		return -1;
 	}
@@ -171,39 +171,39 @@ static int test_wots_sign(void)
 
 static int test_wots_derive_root(void)
 {
-	hash256_t secret;
+	xmss_hash256_t secret;
-	hash256_t seed;
+	xmss_hash256_t seed;
 	xmss_adrs_t adrs;
-	hash256_t root;
+	xmss_hash256_t root;
-	hash256_t wots_0_root;
+	xmss_hash256_t wots_0_root;
-	hash256_t wots_1023_root;
+	xmss_hash256_t wots_1023_root;
 	size_t len;
 
-	memset(secret, 0x12, sizeof(hash256_t));
+	memset(secret, 0x12, sizeof(xmss_hash256_t));
-	memset(seed, 0xab, sizeof(hash256_t));
+	memset(seed, 0xab, sizeof(xmss_hash256_t));
 	hex_to_bytes("7A968C5F9AE4D2B781872B4E6EE851D55CC02F0AB9196701580D6F503D35DB68", 64, wots_0_root, &len);
 	hex_to_bytes("939E10CD44769D4D9853F7CF5612D6D83B3AA140A8867CCF34A1DBCC66FC4333", 64, wots_1023_root, &len);
 
 	// wots index is 0
-	adrs_set_layer_address(adrs, 0);
+	xmss_adrs_set_layer_address(adrs, 0);
-	adrs_set_tree_address(adrs, 0);
+	xmss_adrs_set_tree_address(adrs, 0);
-	adrs_set_ots_address(adrs, 0);
+	xmss_adrs_set_ots_address(adrs, 0);
 
-	wots_derive_root(secret, seed, adrs, root);
+	xmss_wots_derive_root(secret, seed, adrs, root);
 
-	if (memcmp(root, wots_0_root, sizeof(hash256_t)) != 0) {
+	if (memcmp(root, wots_0_root, sizeof(xmss_hash256_t)) != 0) {
 		error_print();
 		return -1;
 	}
 
 	// wots index is 1023
-	adrs_set_layer_address(adrs, 0);
+	xmss_adrs_set_layer_address(adrs, 0);
-	adrs_set_tree_address(adrs, 0);
+	xmss_adrs_set_tree_address(adrs, 0);
-	adrs_set_ots_address(adrs, 1023);
+	xmss_adrs_set_ots_address(adrs, 1023);
 
-	wots_derive_root(secret, seed, adrs, root);
+	xmss_wots_derive_root(secret, seed, adrs, root);
 
-	if (memcmp(root, wots_1023_root, sizeof(hash256_t)) != 0) {
+	if (memcmp(root, wots_1023_root, sizeof(xmss_hash256_t)) != 0) {
 		error_print();
 		return -1;
 	}
@@ -215,25 +215,25 @@ static int test_wots_derive_root(void)
 static int test_wots_verify(void)
 {
 	uint32_t index = 0;
-	hash256_t secret;
+	xmss_hash256_t secret;
-	hash256_t seed;
+	xmss_hash256_t seed;
 	xmss_adrs_t adrs;
-	wots_key_t sk;
+	xmss_wots_key_t sk;
-	hash256_t dgst;
+	xmss_hash256_t dgst;
-	wots_sig_t sig;
+	xmss_wots_sig_t sig;
-	hash256_t root;
+	xmss_hash256_t root;
 
 
-	adrs_set_layer_address(adrs, 0);
+	xmss_adrs_set_layer_address(adrs, 0);
-	adrs_set_tree_address(adrs, 0);
+	xmss_adrs_set_tree_address(adrs, 0);
-	adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
+	xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
-	adrs_set_ots_address(adrs, index);
+	xmss_adrs_set_ots_address(adrs, index);
 
-	wots_derive_sk(secret, seed, adrs, sk);
+	xmss_wots_derive_sk(secret, seed, adrs, sk);
-	wots_sign(sk, seed, adrs, dgst, sig);
+	xmss_wots_sign(sk, seed, adrs, dgst, sig);
-	wots_derive_root(secret, seed, adrs, root);
+	xmss_wots_derive_root(secret, seed, adrs, root);
 
-	if (wots_verify(root, seed, adrs, dgst, sig) != 1) {
+	if (xmss_wots_verify(root, seed, adrs, dgst, sig) != 1) {
 		error_print();
 		return -1;
 	}
@@ -247,26 +247,26 @@ static int test_wots_verify(void)
 
 static int test_xmss_build_tree(void)
 {
-	hash256_t xmss_secret;
+	xmss_hash256_t xmss_secret;
-	hash256_t seed;
+	xmss_hash256_t seed;
 	xmss_adrs_t adrs;
 	int height = 10;
-	hash256_t *tree = malloc(32 * (1<<height) * 2);
+	xmss_hash256_t *tree = malloc(32 * (1<<height) * 2);
-	hash256_t xmss_root;
+	xmss_hash256_t xmss_root;
-	hash256_t test_root;
+	xmss_hash256_t test_root;
 	size_t len;
 
-	memset(xmss_secret, 0x12, sizeof(hash256_t));
+	memset(xmss_secret, 0x12, sizeof(xmss_hash256_t));
-	memset(seed, 0xab, sizeof(hash256_t));
+	memset(seed, 0xab, sizeof(xmss_hash256_t));
 	hex_to_bytes("f0415ed807c8f8c2ee8ca3a00178bff37e1ccb2836e02607d06131c9341e52ca", 64, test_root, &len);
 
-	adrs_set_layer_address(adrs, 0);
+	xmss_adrs_set_layer_address(adrs, 0);
-	adrs_set_tree_address(adrs, 0);
+	xmss_adrs_set_tree_address(adrs, 0);
 	xmss_build_tree(xmss_secret, seed, adrs, height, tree);
 
-	memcpy(xmss_root, tree[(1 << (height + 1)) - 2], sizeof(hash256_t));
+	memcpy(xmss_root, tree[(1 << (height + 1)) - 2], sizeof(xmss_hash256_t));
 	/*
-	if (memcmp(xmss_root, test_root, sizeof(hash256_t))) {
+	if (memcmp(xmss_root, test_root, sizeof(xmss_hash256_t))) {
 		error_print();
 		return -1;
 	}
@@ -278,25 +278,25 @@ static int test_xmss_build_tree(void)
 
 static int test_xmss_build_root(void)
 {
-	hash256_t secret;
+	xmss_hash256_t secret;
-	hash256_t seed;
+	xmss_hash256_t seed;
 	xmss_adrs_t adrs;
 	size_t height = 4;
-	hash256_t tree[(1 << (4+1)) - 1];
+	xmss_hash256_t tree[(1 << (4+1)) - 1];
-	hash256_t auth_path[4];
+	xmss_hash256_t auth_path[4];
-	hash256_t root;
+	xmss_hash256_t root;
 	uint32_t index;
 
 	rand_bytes(secret, sizeof(secret));
 	rand_bytes(seed, sizeof(seed));
-	adrs_set_layer_address(adrs, 0);
+	xmss_adrs_set_layer_address(adrs, 0);
-	adrs_set_tree_address(adrs, 0);
+	xmss_adrs_set_tree_address(adrs, 0);
 	xmss_build_tree(secret, seed, adrs, height, tree);
 
 	for (index = 0; index < (1 << height); index++) {
 		xmss_build_auth_path(tree, height, index, auth_path);
 		xmss_build_root(tree[index], index, seed, adrs, auth_path, height, root);
-		if (memcmp(root, tree[sizeof(tree)/sizeof(tree[0]) - 1], sizeof(hash256_t)) != 0) {
+		if (memcmp(root, tree[sizeof(tree)/sizeof(tree[0]) - 1], sizeof(xmss_hash256_t)) != 0) {
 			error_print();
 			return -1;
 		}
@@ -446,7 +446,7 @@ static int test_xmss_signature_size(void)
 
 static int test_xmss_sign(void)
 {
-	static const uint8_t hash256_two[] = {
+	static const uint8_t xmss_hash256_two[] = {
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -456,13 +456,13 @@ static int test_xmss_sign(void)
 	uint32_t xmss_type = XMSS_HASH256_10_256;
 	size_t height = 10;
 	uint32_t index = 1011;
-	hash256_t hash256_index = {0};
+	xmss_hash256_t hash256_index = {0};
 	XMSS_KEY key;
 	XMSS_SIGNATURE sig;
 	xmss_adrs_t adrs;
-	hash256_t root;
+	xmss_hash256_t root;
-	HASH256_CTX ctx;
+	XMSS_HASH256_CTX ctx;
-	hash256_t dgst;
+	xmss_hash256_t dgst;
 	size_t h;
 
 
@@ -481,15 +481,15 @@ static int test_xmss_sign(void)
 	memset(sig.random, 0, 32);
 
 	// wots_sk => sig.wots_sig
-	adrs_set_layer_address(adrs, 0);
+	xmss_adrs_set_layer_address(adrs, 0);
-	adrs_set_tree_address(adrs, 0);
+	xmss_adrs_set_tree_address(adrs, 0);
-	adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
+	xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
-	adrs_set_ots_address(adrs, index);
+	xmss_adrs_set_ots_address(adrs, index);
-	wots_derive_sk(key.secret, key.public_key.seed, adrs, sig.wots_sig);
+	xmss_wots_derive_sk(key.secret, key.public_key.seed, adrs, sig.wots_sig);
 
 	// check wots_root
-	wots_derive_root(key.secret, key.public_key.seed, adrs, root);
+	xmss_wots_derive_root(key.secret, key.public_key.seed, adrs, root);
-	if (memcmp(root, key.tree[index], sizeof(hash256_t)) != 0) {
+	if (memcmp(root, key.tree[index], sizeof(xmss_hash256_t)) != 0) {
 		xmss_key_cleanup(&key);
 		error_print();
 		return -1;
@@ -500,24 +500,24 @@ static int test_xmss_sign(void)
 
 
 	PUTU32(hash256_index + 28, index);
-	hash256_init(&ctx);
+	xmss_hash256_init(&ctx);
-	hash256_update(&ctx, hash256_two, sizeof(hash256_t));
+	xmss_hash256_update(&ctx, xmss_hash256_two, sizeof(xmss_hash256_t));
-	hash256_update(&ctx, sig.random, sizeof(hash256_t));
+	xmss_hash256_update(&ctx, sig.random, sizeof(xmss_hash256_t));
-	hash256_update(&ctx, key.public_key.root, sizeof(hash256_t));
+	xmss_hash256_update(&ctx, key.public_key.root, sizeof(xmss_hash256_t));
-	hash256_update(&ctx, hash256_index, sizeof(hash256_t));
+	xmss_hash256_update(&ctx, hash256_index, sizeof(xmss_hash256_t));
-	hash256_update(&ctx, msg, sizeof(msg));
+	xmss_hash256_update(&ctx, msg, sizeof(msg));
-	hash256_finish(&ctx, dgst);
+	xmss_hash256_finish(&ctx, dgst);
 
-	wots_sign(sig.wots_sig, key.public_key.seed, adrs, dgst, sig.wots_sig);
+	xmss_wots_sign(sig.wots_sig, key.public_key.seed, adrs, dgst, sig.wots_sig);
 
 	// verify
 
 	// wots_sig => wots_root
-	wots_sig_to_pk(sig.wots_sig, key.public_key.seed, adrs, dgst, sig.wots_sig);
+	xmss_wots_sig_to_pk(sig.wots_sig, key.public_key.seed, adrs, dgst, sig.wots_sig);
 
-	adrs_set_type(adrs, XMSS_ADRS_TYPE_LTREE);
+	xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_LTREE);
-	adrs_set_ltree_address(adrs, index);
+	xmss_adrs_set_ltree_address(adrs, index);
-	wots_pk_to_root(sig.wots_sig, key.public_key.seed, adrs, root);
+	xmss_wots_pk_to_root(sig.wots_sig, key.public_key.seed, adrs, root);
 
 
 
@@ -539,7 +539,7 @@ static int test_xmss_sign(void)
 
 	xmss_build_root(root, index, key.public_key.seed, adrs, sig.auth_path, height, root);
 
-	if (memcmp(root, key.public_key.root, sizeof(hash256_t)) != 0) {
+	if (memcmp(root, key.public_key.root, sizeof(xmss_hash256_t)) != 0) {
 		error_print();
 		return -1;
 	}
@@ -893,13 +893,13 @@ static uint64_t xmssmt_tree_index(uint64_t index, size_t height, size_t layers,
 // reference implementation of xmss^mt sign/verify
 static int test_xmssmt_sign(void)
 {
-	static const uint8_t hash256_two[] = {
+	static const uint8_t xmss_hash256_two[] = {
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
 	};
-	static const uint8_t hash256_three[] = {
+	static const uint8_t xmss_hash256_three[] = {
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -917,9 +917,9 @@ static int test_xmssmt_sign(void)
 	XMSSMT_KEY *key = &xmssmt_key;
 	XMSSMT_SIGN_CTX xmssmt_ctx;
 	XMSSMT_SIGN_CTX *ctx = &xmssmt_ctx;
-	hash256_t dgst;
+	xmss_hash256_t dgst;
 
-	hash256_t hash256_index;
+	xmss_hash256_t hash256_index;
 	xmss_adrs_t adrs;
 
 	uint64_t tree_address;
@@ -951,63 +951,63 @@ static int test_xmssmt_sign(void)
 
 	// XMSSMT_SIGNATURE:
 	//	uint64_t	index
-	//	hash256_t	random
+	//	xmss_hash256_t	random
 	//	wots_sig_t	wots_sigs[layers];
-	//	hash256_t	auth_path[height/layers]
+	//	xmss_hash256_t	auth_path[height/layers]
 
 	// copy index
 	ctx->xmssmt_sig.index = key->index;
 
 	// copy wots_sigs[1] to wots_sig[layers - 1] from key
 	for (layer = 1; layer < layers; layer++) {
-		memcpy(ctx->xmssmt_sig.wots_sigs[layer], key->wots_sigs[layer - 1], sizeof(wots_sig_t));
+		memcpy(ctx->xmssmt_sig.wots_sigs[layer], key->wots_sigs[layer - 1], sizeof(xmss_wots_sig_t));
 	}
 
 	// build auth_path
 	for (layer = 0; layer < layers; layer++) {
 		uint32_t tree_index = xmssmt_tree_index(ctx->xmssmt_sig.index, height, layers, layer);
-		hash256_t *tree = key->trees + xmss_num_tree_nodes(height/layers) * layer;
+		xmss_hash256_t *tree = key->trees + xmss_num_tree_nodes(height/layers) * layer;
-		hash256_t *auth_path = ctx->xmssmt_sig.auth_path + (height/layers) * layer;
+		xmss_hash256_t *auth_path = ctx->xmssmt_sig.auth_path + (height/layers) * layer;
 		xmss_build_auth_path(tree, height/layers, tree_index, auth_path);
 	}
 
 	// derive ctx->xmssmt_sig.random
 	memset(hash256_index, 0, 24);
 	PUTU64(hash256_index + 24, ctx->xmssmt_sig.index);
-	hash256_init(&ctx->hash256_ctx);
+	xmss_hash256_init(&ctx->hash256_ctx);
-	hash256_update(&ctx->hash256_ctx, hash256_three, sizeof(hash256_t));
+	xmss_hash256_update(&ctx->hash256_ctx, xmss_hash256_three, sizeof(xmss_hash256_t));
-	hash256_update(&ctx->hash256_ctx, key->sk_prf, sizeof(hash256_t));
+	xmss_hash256_update(&ctx->hash256_ctx, key->sk_prf, sizeof(xmss_hash256_t));
-	hash256_update(&ctx->hash256_ctx, hash256_index, sizeof(hash256_t));
+	xmss_hash256_update(&ctx->hash256_ctx, hash256_index, sizeof(xmss_hash256_t));
-	hash256_finish(&ctx->hash256_ctx, ctx->xmssmt_sig.random);
+	xmss_hash256_finish(&ctx->hash256_ctx, ctx->xmssmt_sig.random);
 
 	// derive wots_sk and save to wots_sigs[0]
 	layer = 0;
 	tree_address = xmssmt_tree_address(ctx->xmssmt_sig.index, height, layers, layer);
 	tree_index = xmssmt_tree_index(ctx->xmssmt_sig.index, height, layers, layer);
-	adrs_set_layer_address(adrs, layer);
+	xmss_adrs_set_layer_address(adrs, layer);
-	adrs_set_tree_address(adrs, tree_address);
+	xmss_adrs_set_tree_address(adrs, tree_address);
-	adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
+	xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
-	adrs_set_ots_address(adrs, tree_index);
+	xmss_adrs_set_ots_address(adrs, tree_index);
-	wots_derive_sk(key->secret, key->public_key.seed, adrs, ctx->xmssmt_sig.wots_sigs[0]);
+	xmss_wots_derive_sk(key->secret, key->public_key.seed, adrs, ctx->xmssmt_sig.wots_sigs[0]);
 
 	// H_msg(M) := HASH256(toByte(2, 32) || r || XMSS_ROOT || toByte(idx_sig, 32) || M)
-	hash256_init(&ctx->hash256_ctx);
+	xmss_hash256_init(&ctx->hash256_ctx);
-	hash256_update(&ctx->hash256_ctx, hash256_two, sizeof(hash256_t));
+	xmss_hash256_update(&ctx->hash256_ctx, xmss_hash256_two, sizeof(xmss_hash256_t));
-	hash256_update(&ctx->hash256_ctx, ctx->xmssmt_sig.random, sizeof(hash256_t));
+	xmss_hash256_update(&ctx->hash256_ctx, ctx->xmssmt_sig.random, sizeof(xmss_hash256_t));
-	hash256_update(&ctx->hash256_ctx, key->public_key.root, sizeof(hash256_t));
+	xmss_hash256_update(&ctx->hash256_ctx, key->public_key.root, sizeof(xmss_hash256_t));
-	hash256_update(&ctx->hash256_ctx, hash256_index, sizeof(hash256_t));
+	xmss_hash256_update(&ctx->hash256_ctx, hash256_index, sizeof(xmss_hash256_t));
-	hash256_update(&ctx->hash256_ctx, msg, sizeof(msg));
+	xmss_hash256_update(&ctx->hash256_ctx, msg, sizeof(msg));
-	hash256_finish(&ctx->hash256_ctx, dgst);
+	xmss_hash256_finish(&ctx->hash256_ctx, dgst);
 
 	// generate message wots_sig as wots_sigs[0]
 	layer = 0;
 	tree_address = xmssmt_tree_address(ctx->xmssmt_sig.index, height, layers, layer);
 	tree_index = xmssmt_tree_index(ctx->xmssmt_sig.index, height, layers, layer);
-	adrs_set_layer_address(adrs, layer);
+	xmss_adrs_set_layer_address(adrs, layer);
-	adrs_set_tree_address(adrs, tree_address);
+	xmss_adrs_set_tree_address(adrs, tree_address);
-	adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
+	xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
-	adrs_set_ots_address(adrs, tree_index);
+	xmss_adrs_set_ots_address(adrs, tree_index);
-	wots_sign(ctx->xmssmt_sig.wots_sigs[0], ctx->xmssmt_public_key.seed, adrs, dgst,
+	xmss_wots_sign(ctx->xmssmt_sig.wots_sigs[0], ctx->xmssmt_public_key.seed, adrs, dgst,
 		ctx->xmssmt_sig.wots_sigs[0]);
 
 	xmssmt_signature_print_ex(stderr, 0, 4, "xmssmt_signature", &ctx->xmssmt_sig, xmssmt_type);
@@ -1017,23 +1017,23 @@ static int test_xmssmt_sign(void)
 	for (layer = 0; layer < layers; layer++) {
 		uint64_t tree_address = xmssmt_tree_address(ctx->xmssmt_sig.index, height, layers, layer);
 		uint32_t tree_index = xmssmt_tree_index(ctx->xmssmt_sig.index, height, layers, layer);
-		wots_key_t wots_pk;
+		xmss_wots_key_t wots_pk;
 
 		// wots_sig, dgst => wots_pk
-		adrs_set_layer_address(adrs, layer);
+		xmss_adrs_set_layer_address(adrs, layer);
-		adrs_set_tree_address(adrs, tree_address);
+		xmss_adrs_set_tree_address(adrs, tree_address);
-		adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
+		xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
-		adrs_set_ots_address(adrs, tree_index);
+		xmss_adrs_set_ots_address(adrs, tree_index);
-		wots_sig_to_pk(ctx->xmssmt_sig.wots_sigs[layer], ctx->xmssmt_public_key.seed, adrs, dgst, wots_pk);
+		xmss_wots_sig_to_pk(ctx->xmssmt_sig.wots_sigs[layer], ctx->xmssmt_public_key.seed, adrs, dgst, wots_pk);
 
 		// wots_pk => wots_root
-		adrs_set_type(adrs, XMSS_ADRS_TYPE_LTREE);
+		xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_LTREE);
-		adrs_set_ltree_address(adrs, tree_index);
+		xmss_adrs_set_ltree_address(adrs, tree_index);
-		wots_pk_to_root(wots_pk, ctx->xmssmt_public_key.seed, adrs, dgst);
+		xmss_wots_pk_to_root(wots_pk, ctx->xmssmt_public_key.seed, adrs, dgst);
 
 		// wots_root, auth_path => xmss_root (as dgst)
-		adrs_set_type(adrs, XMSS_ADRS_TYPE_HASHTREE);
+		xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_HASHTREE);
-		adrs_set_padding(adrs, 0);
+		xmss_adrs_set_padding(adrs, 0);
 		xmss_build_root(dgst, tree_index,
 			ctx->xmssmt_public_key.seed, adrs,
 			ctx->xmssmt_sig.auth_path + (height/layers) * layer, height/layers,
@@ -1041,7 +1041,7 @@ static int test_xmssmt_sign(void)
 	}
 
 	// verify xmssmt_root (save in dgst)
-	if (memcmp(dgst, ctx->xmssmt_public_key.root, sizeof(hash256_t)) != 0) {
+	if (memcmp(dgst, ctx->xmssmt_public_key.root, sizeof(xmss_hash256_t)) != 0) {
 		error_print();
 		return -1;
 	}