mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-27 15:43:42 +08:00
Clean LMS
This commit is contained in:
Zhi Guan
@@ -523,12 +523,6 @@ if (ENABLE_LMS)
|
|||||||
list(APPEND tools tools/lmskeygen.c tools/lmssign.c tools/lmsverify.c)
|
list(APPEND tools tools/lmskeygen.c tools/lmssign.c tools/lmsverify.c)
|
||||||
list(APPEND tools tools/hsskeygen.c tools/hsssign.c tools/hssverify.c)
|
list(APPEND tools tools/hsskeygen.c tools/hsssign.c tools/hssverify.c)
|
||||||
list(APPEND tests lms)
|
list(APPEND tests lms)
|
||||||
|
|
||||||
option(ENABLE_LMS_CROSSCHECK "Enable LMS SHA-256 cross-check" OFF)
|
|
||||||
if (ENABLE_LMS_CROSSCHECK)
|
|
||||||
message(STATUS "ENABLE_LMS_CROSSCHECK is ON")
|
|
||||||
add_definitions(-DENABLE_LMS_CROSSCHECK)
|
|
||||||
endif()
|
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
|
||||||
@@ -937,7 +931,7 @@ endif()
|
|||||||
#
|
#
|
||||||
set(CPACK_PACKAGE_NAME "GmSSL")
|
set(CPACK_PACKAGE_NAME "GmSSL")
|
||||||
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
||||||
set(CPACK_PACKAGE_VERSION "3.3.0-dev.1157")
|
set(CPACK_PACKAGE_VERSION "3.3.0-dev.1158")
|
||||||
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
||||||
set(CPACK_NSIS_MODIFY_PATH ON)
|
set(CPACK_NSIS_MODIFY_PATH ON)
|
||||||
include(CPack)
|
include(CPack)
|
||||||
|
|||||||
@@ -15,9 +15,6 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <gmssl/sm3.h>
|
#include <gmssl/sm3.h>
|
||||||
#ifdef ENABLE_SHA2
|
|
||||||
#include <gmssl/sha2.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
@@ -29,41 +26,15 @@ extern "C" {
|
|||||||
#define LMS_MAX_HEIGHT 25
|
#define LMS_MAX_HEIGHT 25
|
||||||
|
|
||||||
|
|
||||||
typedef uint8_t lms_hash256_t[32];
|
typedef uint8_t lms_sm3_digest_t[32];
|
||||||
|
|
||||||
// Crosscheck with data from LMS-reference (SHA-256), except the LMS signature.
|
|
||||||
#if defined(ENABLE_LMS_CROSSCHECK) && defined(ENABLE_SHA2)
|
|
||||||
#define LMS_HASH256_CTX SHA256_CTX
|
|
||||||
#define lms_hash256_init sha256_init
|
|
||||||
#define lms_hash256_update sha256_update
|
|
||||||
#define lms_hash256_finish sha256_finish
|
|
||||||
#else
|
|
||||||
#define LMS_HASH256_CTX SM3_CTX
|
|
||||||
#define lms_hash256_init sm3_init
|
|
||||||
#define lms_hash256_update sm3_update
|
|
||||||
#define lms_hash256_finish sm3_finish
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
#if defined(ENABLE_LMS_CROSSCHECK) && defined(ENABLE_SHA2)
|
|
||||||
enum {
|
|
||||||
//LMOTS_SHA256_N32_W1 = 1,
|
|
||||||
//LMOTS_SHA256_N32_W2 = 2,
|
|
||||||
//LMOTS_SHA256_N32_W4 = 3,
|
|
||||||
LMOTS_SHA256_N32_W8 = 4,
|
|
||||||
};
|
|
||||||
#define LMOTS_HASH256_N32_W8 LMOTS_SHA256_N32_W8
|
|
||||||
#define LMOTS_HASH256_N32_W8_NAME "LMOTS_SHA256_N32_W8"
|
|
||||||
#else
|
|
||||||
enum {
|
enum {
|
||||||
//LMOTS_SM3_N32_W1 = 11,
|
//LMOTS_SM3_N32_W1 = 11,
|
||||||
//LMOTS_SM3_N32_W2 = 12,
|
//LMOTS_SM3_N32_W2 = 12,
|
||||||
//LMOTS_SM3_N32_W4 = 13,
|
//LMOTS_SM3_N32_W4 = 13,
|
||||||
LMOTS_SM3_N32_W8 = 14,
|
LMOTS_SM3_N32_W8 = 14,
|
||||||
};
|
};
|
||||||
#define LMOTS_HASH256_N32_W8 LMOTS_SM3_N32_W8
|
#define LMOTS_SM3_N32_W8_NAME "LMOTS_SM3_N32_W8"
|
||||||
#define LMOTS_HASH256_N32_W8_NAME "LMOTS_SM3_N32_W8"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// in LMS, we use Winternitz w = 2^8 = 256
|
// in LMS, we use Winternitz w = 2^8 = 256
|
||||||
// represent 256-bit hash as 256/8 = 32 base_w numbers
|
// represent 256-bit hash as 256/8 = 32 base_w numbers
|
||||||
@@ -71,25 +42,16 @@ enum {
|
|||||||
// so total hash chains is 32 + 2 = 34
|
// so total hash chains is 32 + 2 = 34
|
||||||
#define LMOTS_NUM_CHAINS 34
|
#define LMOTS_NUM_CHAINS 34
|
||||||
|
|
||||||
typedef lms_hash256_t lmots_key_t[34];
|
typedef lms_sm3_digest_t lmots_key_t[34];
|
||||||
typedef lms_hash256_t lmots_sig_t[34];
|
typedef lms_sm3_digest_t lmots_sig_t[34];
|
||||||
|
|
||||||
char *lmots_type_name(int lmots_type);
|
char *lmots_type_name(int lmots_type);
|
||||||
void lmots_derive_secrets(const lms_hash256_t seed, const uint8_t I[16], int q, lms_hash256_t x[34]);
|
void lmots_derive_secrets(const lms_sm3_digest_t seed, const uint8_t I[16], int q, lms_sm3_digest_t x[34]);
|
||||||
void lmots_secrets_to_public_hash(const uint8_t I[16], int q, const lms_hash256_t x[34], lms_hash256_t pub);
|
void lmots_secrets_to_public_hash(const uint8_t I[16], int q, const lms_sm3_digest_t x[34], lms_sm3_digest_t pub);
|
||||||
void lmots_compute_signature(const uint8_t I[16], int q, const lms_hash256_t dgst, const lms_hash256_t x[34], lms_hash256_t y[34]);
|
void lmots_compute_signature(const uint8_t I[16], int q, const lms_sm3_digest_t dgst, const lms_sm3_digest_t x[34], lms_sm3_digest_t y[34]);
|
||||||
void lmots_signature_to_public_hash(const uint8_t I[16], int q, const lms_hash256_t y[34], const lms_hash256_t dgst, lms_hash256_t pub);
|
void lmots_signature_to_public_hash(const uint8_t I[16], int q, const lms_sm3_digest_t y[34], const lms_sm3_digest_t dgst, lms_sm3_digest_t pub);
|
||||||
|
|
||||||
|
|
||||||
#if defined(ENABLE_LMS_CROSSCHECK) && defined(ENABLE_SHA2)
|
|
||||||
enum {
|
|
||||||
LMS_SHA256_M32_H5 = 5,
|
|
||||||
LMS_SHA256_M32_H10 = 6,
|
|
||||||
LMS_SHA256_M32_H15 = 7,
|
|
||||||
LMS_SHA256_M32_H20 = 8,
|
|
||||||
LMS_SHA256_M32_H25 = 9,
|
|
||||||
};
|
|
||||||
#else
|
|
||||||
// TODO: submit to IETF
|
// TODO: submit to IETF
|
||||||
enum {
|
enum {
|
||||||
LMS_SM3_M32_H5 = 5,
|
LMS_SM3_M32_H5 = 5,
|
||||||
@@ -98,43 +60,24 @@ enum {
|
|||||||
LMS_SM3_M32_H20 = 8,
|
LMS_SM3_M32_H20 = 8,
|
||||||
LMS_SM3_M32_H25 = 9,
|
LMS_SM3_M32_H25 = 9,
|
||||||
};
|
};
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(ENABLE_LMS_CROSSCHECK) && defined(ENABLE_SHA2)
|
#define LMS_SM3_M32_H5_NAME "LMS_SM3_M32_H5"
|
||||||
# define LMS_HASH256_M32_H5 LMS_SHA256_M32_H5
|
#define LMS_SM3_M32_H10_NAME "LMS_SM3_M32_H10"
|
||||||
# define LMS_HASH256_M32_H5_NAME "LMS_SHA256_M32_H5"
|
#define LMS_SM3_M32_H15_NAME "LMS_SM3_M32_H15"
|
||||||
# define LMS_HASH256_M32_H10 LMS_SHA256_M32_H10
|
#define LMS_SM3_M32_H20_NAME "LMS_SM3_M32_H20"
|
||||||
# define LMS_HASH256_M32_H10_NAME "LMS_SHA256_M32_H10"
|
#define LMS_SM3_M32_H25_NAME "LMS_SM3_M32_H25"
|
||||||
# define LMS_HASH256_M32_H15 LMS_SHA256_M32_H15
|
|
||||||
# define LMS_HASH256_M32_H15_NAME "LMS_SHA256_M32_H15"
|
|
||||||
# define LMS_HASH256_M32_H20 LMS_SHA256_M32_H20
|
|
||||||
# define LMS_HASH256_M32_H20_NAME "LMS_SHA256_M32_H20"
|
|
||||||
# define LMS_HASH256_M32_H25 LMS_SHA256_M32_H25
|
|
||||||
# define LMS_HASH256_M32_H25_NAME "LMS_SHA256_M32_H25"
|
|
||||||
#else
|
|
||||||
# define LMS_HASH256_M32_H5 LMS_SM3_M32_H5
|
|
||||||
# define LMS_HASH256_M32_H5_NAME "LMS_SM3_M32_H5"
|
|
||||||
# define LMS_HASH256_M32_H10 LMS_SM3_M32_H10
|
|
||||||
# define LMS_HASH256_M32_H10_NAME "LMS_SM3_M32_H10"
|
|
||||||
# define LMS_HASH256_M32_H15 LMS_SM3_M32_H15
|
|
||||||
# define LMS_HASH256_M32_H15_NAME "LMS_SM3_M32_H15"
|
|
||||||
# define LMS_HASH256_M32_H20 LMS_SM3_M32_H20
|
|
||||||
# define LMS_HASH256_M32_H20_NAME "LMS_SM3_M32_H20"
|
|
||||||
# define LMS_HASH256_M32_H25 LMS_SM3_M32_H25
|
|
||||||
# define LMS_HASH256_M32_H25_NAME "LMS_SM3_M32_H25"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
char *lms_type_name(int lms_type);
|
char *lms_type_name(int lms_type);
|
||||||
int lms_type_from_name(const char *name);
|
int lms_type_from_name(const char *name);
|
||||||
int lms_type_to_height(int type, size_t *height);
|
int lms_type_to_height(int type, size_t *height);
|
||||||
void lms_derive_merkle_tree(const lms_hash256_t seed, const uint8_t I[16], int height, lms_hash256_t *tree);
|
void lms_derive_merkle_tree(const lms_sm3_digest_t seed, const uint8_t I[16], int height, lms_sm3_digest_t *tree);
|
||||||
void lms_derive_merkle_root(const lms_hash256_t seed, const uint8_t I[16], int height, lms_hash256_t root);
|
void lms_derive_merkle_root(const lms_sm3_digest_t seed, const uint8_t I[16], int height, lms_sm3_digest_t root);
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
int lms_type;
|
int lms_type;
|
||||||
int lmots_type;
|
int lmots_type;
|
||||||
uint8_t I[16]; // lms key identifier
|
uint8_t I[16]; // lms key identifier
|
||||||
lms_hash256_t root; // merkle tree root
|
lms_sm3_digest_t root; // merkle tree root
|
||||||
} LMS_PUBLIC_KEY;
|
} LMS_PUBLIC_KEY;
|
||||||
|
|
||||||
#define LMS_PUBLIC_KEY_SIZE (4 + 4 + 16 + 32) // = 56 bytes
|
#define LMS_PUBLIC_KEY_SIZE (4 + 4 + 16 + 32) // = 56 bytes
|
||||||
@@ -145,17 +88,17 @@ typedef int (*lms_key_update_callback)(LMS_KEY *key);
|
|||||||
|
|
||||||
typedef struct LMS_KEY_st {
|
typedef struct LMS_KEY_st {
|
||||||
LMS_PUBLIC_KEY public_key;
|
LMS_PUBLIC_KEY public_key;
|
||||||
lms_hash256_t seed; // secret seed
|
lms_sm3_digest_t seed; // secret seed
|
||||||
uint32_t q; // key index
|
uint32_t q; // key index
|
||||||
|
|
||||||
lms_hash256_t *tree;
|
lms_sm3_digest_t *tree;
|
||||||
lms_key_update_callback update_callback;
|
lms_key_update_callback update_callback;
|
||||||
void *update_param;
|
void *update_param;
|
||||||
} LMS_KEY;
|
} LMS_KEY;
|
||||||
|
|
||||||
#define LMS_PRIVATE_KEY_SIZE (LMS_PUBLIC_KEY_SIZE + 32 + 4) // = 92 bytes
|
#define LMS_PRIVATE_KEY_SIZE (LMS_PUBLIC_KEY_SIZE + 32 + 4) // = 92 bytes
|
||||||
|
|
||||||
int lms_key_generate_ex(LMS_KEY *key, int lms_type, const lms_hash256_t seed, const uint8_t I[16], int cache_tree);
|
int lms_key_generate_ex(LMS_KEY *key, int lms_type, const lms_sm3_digest_t seed, const uint8_t I[16], int cache_tree);
|
||||||
int lms_key_generate(LMS_KEY *key, int lms_type);
|
int lms_key_generate(LMS_KEY *key, int lms_type);
|
||||||
int lms_key_set_update_callback(LMS_KEY *key, lms_key_update_callback update_cb, void *param);
|
int lms_key_set_update_callback(LMS_KEY *key, lms_key_update_callback update_cb, void *param);
|
||||||
int lms_key_update(LMS_KEY *key);
|
int lms_key_update(LMS_KEY *key);
|
||||||
@@ -177,24 +120,24 @@ typedef struct {
|
|||||||
uint32_t q; // key index
|
uint32_t q; // key index
|
||||||
struct {
|
struct {
|
||||||
int lmots_type;
|
int lmots_type;
|
||||||
lms_hash256_t C; // signature random
|
lms_sm3_digest_t C; // signature random
|
||||||
lms_hash256_t y[34];
|
lms_sm3_digest_t y[34];
|
||||||
} lmots_sig;
|
} lmots_sig;
|
||||||
int lms_type;
|
int lms_type;
|
||||||
lms_hash256_t path[LMS_MAX_HEIGHT];
|
lms_sm3_digest_t path[LMS_MAX_HEIGHT];
|
||||||
} LMS_SIGNATURE;
|
} LMS_SIGNATURE;
|
||||||
|
|
||||||
int lms_signature_to_merkle_root(const uint8_t I[16], size_t h, int q,
|
int lms_signature_to_merkle_root(const uint8_t I[16], size_t h, int q,
|
||||||
const lms_hash256_t y[34], const lms_hash256_t *path,
|
const lms_sm3_digest_t y[34], const lms_sm3_digest_t *path,
|
||||||
const lms_hash256_t dgst, lms_hash256_t root);
|
const lms_sm3_digest_t dgst, lms_sm3_digest_t root);
|
||||||
|
|
||||||
#define LMS_HASH256_M32_H5_SIGNATURE_SIZE 1292
|
#define LMS_SM3_M32_H5_SIGNATURE_SIZE 1292
|
||||||
#define LMS_HASH256_M32_H10_SIGNATURE_SIZE 1452
|
#define LMS_SM3_M32_H10_SIGNATURE_SIZE 1452
|
||||||
#define LMS_HASH256_M32_H15_SIGNATURE_SIZE 1612
|
#define LMS_SM3_M32_H15_SIGNATURE_SIZE 1612
|
||||||
#define LMS_HASH256_M32_H20_SIGNATURE_SIZE 1772
|
#define LMS_SM3_M32_H20_SIGNATURE_SIZE 1772
|
||||||
#define LMS_HASH256_M32_H25_SIGNATURE_SIZE 1932
|
#define LMS_SM3_M32_H25_SIGNATURE_SIZE 1932
|
||||||
#define LMS_SIGNATURE_MIN_SIZE LMS_HASH256_M32_H5_SIGNATURE_SIZE // = 4 + 4 + 32 + 32*34 + 4 + 32*5 = 1292 bytes
|
#define LMS_SIGNATURE_MIN_SIZE LMS_SM3_M32_H5_SIGNATURE_SIZE // = 4 + 4 + 32 + 32*34 + 4 + 32*5 = 1292 bytes
|
||||||
#define LMS_SIGNATURE_MAX_SIZE LMS_HASH256_M32_H25_SIGNATURE_SIZE // = 4 + 4 + 32 + 32*34 + 4 + 32*25 = 1932 bytes
|
#define LMS_SIGNATURE_MAX_SIZE LMS_SM3_M32_H25_SIGNATURE_SIZE // = 4 + 4 + 32 + 32*34 + 4 + 32*25 = 1932 bytes
|
||||||
|
|
||||||
int lms_signature_size(int lms_type, size_t *siglen);
|
int lms_signature_size(int lms_type, size_t *siglen);
|
||||||
int lms_signature_to_bytes(const LMS_SIGNATURE *sig, uint8_t **out, size_t *outlen);
|
int lms_signature_to_bytes(const LMS_SIGNATURE *sig, uint8_t **out, size_t *outlen);
|
||||||
@@ -203,7 +146,7 @@ int lms_signature_print_ex(FILE *fp, int fmt, int ind, const char *label, const
|
|||||||
int lms_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
|
int lms_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
LMS_HASH256_CTX lms_hash256_ctx;
|
SM3_CTX sm3_ctx;
|
||||||
LMS_PUBLIC_KEY lms_public_key;
|
LMS_PUBLIC_KEY lms_public_key;
|
||||||
LMS_SIGNATURE lms_sig; // cache lmots x[34]
|
LMS_SIGNATURE lms_sig; // cache lmots x[34]
|
||||||
} LMS_SIGN_CTX;
|
} LMS_SIGN_CTX;
|
||||||
|
|||||||
@@ -46,34 +46,34 @@ extern const uint32_t SECP256R1_U_N[9];
|
|||||||
int secp256r1_is_zero(const secp256r1_t a);
|
int secp256r1_is_zero(const secp256r1_t a);
|
||||||
int secp256r1_is_one(const secp256r1_t a);
|
int secp256r1_is_one(const secp256r1_t a);
|
||||||
int secp256r1_cmp(const secp256r1_t a, const secp256r1_t b);
|
int secp256r1_cmp(const secp256r1_t a, const secp256r1_t b);
|
||||||
void secp256r1_set_zero(secp256r1_t r);
|
int secp256r1_set_zero(secp256r1_t r);
|
||||||
void secp256r1_set_one(secp256r1_t r);
|
int secp256r1_set_one(secp256r1_t r);
|
||||||
void secp256r1_copy(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_copy(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_to_32bytes(const secp256r1_t a, uint8_t out[32]);
|
int secp256r1_to_32bytes(const secp256r1_t a, uint8_t out[32]);
|
||||||
void secp256r1_from_32bytes(secp256r1_t r, const uint8_t in[32]);
|
int secp256r1_from_32bytes(secp256r1_t r, const uint8_t in[32]);
|
||||||
int secp256r1_print(FILE *fp, int fmt, int ind, const char *label, const secp256r1_t a);
|
int secp256r1_print(FILE *fp, int fmt, int ind, const char *label, const secp256r1_t a);
|
||||||
|
|
||||||
void secp256r1_modp_add(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
int secp256r1_modp_add(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
||||||
void secp256r1_modp_dbl(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modp_dbl(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modp_tri(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modp_tri(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modp_sub(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
int secp256r1_modp_sub(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
||||||
void secp256r1_modp_neg(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modp_neg(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modp_haf(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modp_haf(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modp_mul(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
int secp256r1_modp_mul(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
||||||
void secp256r1_modp_sqr(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modp_sqr(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modp_exp(secp256r1_t r, const secp256r1_t a, const secp256r1_t e);
|
int secp256r1_modp_exp(secp256r1_t r, const secp256r1_t a, const secp256r1_t e);
|
||||||
void secp256r1_modp_inv(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modp_inv(secp256r1_t r, const secp256r1_t a);
|
||||||
|
|
||||||
void secp256r1_modn(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modn(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modn_add(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
int secp256r1_modn_add(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
||||||
void secp256r1_modn_dbl(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modn_dbl(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modn_tri(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modn_tri(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modn_sub(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
int secp256r1_modn_sub(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
||||||
void secp256r1_modn_neg(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modn_neg(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modn_mul(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
int secp256r1_modn_mul(secp256r1_t r, const secp256r1_t a, const secp256r1_t b);
|
||||||
void secp256r1_modn_sqr(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modn_sqr(secp256r1_t r, const secp256r1_t a);
|
||||||
void secp256r1_modn_exp(secp256r1_t r, const secp256r1_t a, const secp256r1_t e);
|
int secp256r1_modn_exp(secp256r1_t r, const secp256r1_t a, const secp256r1_t e);
|
||||||
void secp256r1_modn_inv(secp256r1_t r, const secp256r1_t a);
|
int secp256r1_modn_inv(secp256r1_t r, const secp256r1_t a);
|
||||||
|
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
@@ -85,19 +85,19 @@ typedef struct {
|
|||||||
const SECP256R1_POINT *secp256r1_generator(void);
|
const SECP256R1_POINT *secp256r1_generator(void);
|
||||||
#define SECP256R1_POINT_G (*secp256r1_generator())
|
#define SECP256R1_POINT_G (*secp256r1_generator())
|
||||||
|
|
||||||
void secp256r1_point_set_infinity(SECP256R1_POINT *R);
|
int secp256r1_point_set_infinity(SECP256R1_POINT *R);
|
||||||
int secp256r1_point_is_at_infinity(const SECP256R1_POINT *P);
|
int secp256r1_point_is_at_infinity(const SECP256R1_POINT *P);
|
||||||
int secp256r1_point_is_on_curve(const SECP256R1_POINT *P);
|
int secp256r1_point_is_on_curve(const SECP256R1_POINT *P);
|
||||||
int secp256r1_point_equ(const SECP256R1_POINT *P, const SECP256R1_POINT *Q);
|
int secp256r1_point_equ(const SECP256R1_POINT *P, const SECP256R1_POINT *Q);
|
||||||
int secp256r1_point_set_xy(SECP256R1_POINT *R, const secp256r1_t x, const secp256r1_t y);
|
int secp256r1_point_set_xy(SECP256R1_POINT *R, const secp256r1_t x, const secp256r1_t y);
|
||||||
int secp256r1_point_get_xy(const SECP256R1_POINT *P, secp256r1_t x, secp256r1_t y);
|
int secp256r1_point_get_xy(const SECP256R1_POINT *P, secp256r1_t x, secp256r1_t y);
|
||||||
void secp256r1_point_copy(SECP256R1_POINT *R, const SECP256R1_POINT *P);
|
int secp256r1_point_copy(SECP256R1_POINT *R, const SECP256R1_POINT *P);
|
||||||
void secp256r1_point_dbl(SECP256R1_POINT *R, const SECP256R1_POINT *P);
|
int secp256r1_point_dbl(SECP256R1_POINT *R, const SECP256R1_POINT *P);
|
||||||
void secp256r1_point_add(SECP256R1_POINT *R, const SECP256R1_POINT *P, const SECP256R1_POINT *Q);
|
int secp256r1_point_add(SECP256R1_POINT *R, const SECP256R1_POINT *P, const SECP256R1_POINT *Q);
|
||||||
void secp256r1_point_neg(SECP256R1_POINT *R, const SECP256R1_POINT *P);
|
int secp256r1_point_neg(SECP256R1_POINT *R, const SECP256R1_POINT *P);
|
||||||
void secp256r1_point_sub(SECP256R1_POINT *R, const SECP256R1_POINT *P, const SECP256R1_POINT *Q);
|
int secp256r1_point_sub(SECP256R1_POINT *R, const SECP256R1_POINT *P, const SECP256R1_POINT *Q);
|
||||||
void secp256r1_point_mul(SECP256R1_POINT *R, const secp256r1_t k, const SECP256R1_POINT *P);
|
int secp256r1_point_mul(SECP256R1_POINT *R, const secp256r1_t k, const SECP256R1_POINT *P);
|
||||||
void secp256r1_point_mul_generator(SECP256R1_POINT *R, const secp256r1_t k);
|
int secp256r1_point_mul_generator(SECP256R1_POINT *R, const secp256r1_t k);
|
||||||
int secp256r1_point_print(FILE *fp, int fmt, int ind, const char *label, const SECP256R1_POINT *P);
|
int secp256r1_point_print(FILE *fp, int fmt, int ind, const char *label, const SECP256R1_POINT *P);
|
||||||
int secp256r1_point_to_uncompressed_octets(const SECP256R1_POINT *P, uint8_t octets[65]);
|
int secp256r1_point_to_uncompressed_octets(const SECP256R1_POINT *P, uint8_t octets[65]);
|
||||||
int secp256r1_point_from_uncompressed_octets(SECP256R1_POINT *P, const uint8_t octets[65]);
|
int secp256r1_point_from_uncompressed_octets(SECP256R1_POINT *P, const uint8_t octets[65]);
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ extern "C" {
|
|||||||
|
|
||||||
|
|
||||||
#define GMSSL_VERSION_NUM 30300
|
#define GMSSL_VERSION_NUM 30300
|
||||||
#define GMSSL_VERSION_STR "GmSSL 3.3.0-dev.1157"
|
#define GMSSL_VERSION_STR "GmSSL 3.3.0-dev.1158"
|
||||||
|
|
||||||
int gmssl_version_num(void);
|
int gmssl_version_num(void);
|
||||||
const char *gmssl_version_str(void);
|
const char *gmssl_version_str(void);
|
||||||
|
|||||||
326
src/lms.c
326
src/lms.c
@@ -24,8 +24,8 @@ static const uint8_t D_INTR[2] = { 0x83, 0x83 };
|
|||||||
char *lmots_type_name(int lmots_type)
|
char *lmots_type_name(int lmots_type)
|
||||||
{
|
{
|
||||||
switch (lmots_type) {
|
switch (lmots_type) {
|
||||||
case LMOTS_HASH256_N32_W8:
|
case LMOTS_SM3_N32_W8:
|
||||||
return LMOTS_HASH256_N32_W8_NAME;
|
return LMOTS_SM3_N32_W8_NAME;
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -33,32 +33,32 @@ char *lmots_type_name(int lmots_type)
|
|||||||
char *lms_type_name(int lms_type)
|
char *lms_type_name(int lms_type)
|
||||||
{
|
{
|
||||||
switch (lms_type) {
|
switch (lms_type) {
|
||||||
case LMS_HASH256_M32_H5:
|
case LMS_SM3_M32_H5:
|
||||||
return LMS_HASH256_M32_H5_NAME;
|
return LMS_SM3_M32_H5_NAME;
|
||||||
case LMS_HASH256_M32_H10:
|
case LMS_SM3_M32_H10:
|
||||||
return LMS_HASH256_M32_H10_NAME;
|
return LMS_SM3_M32_H10_NAME;
|
||||||
case LMS_HASH256_M32_H15:
|
case LMS_SM3_M32_H15:
|
||||||
return LMS_HASH256_M32_H15_NAME;
|
return LMS_SM3_M32_H15_NAME;
|
||||||
case LMS_HASH256_M32_H20:
|
case LMS_SM3_M32_H20:
|
||||||
return LMS_HASH256_M32_H20_NAME;
|
return LMS_SM3_M32_H20_NAME;
|
||||||
case LMS_HASH256_M32_H25:
|
case LMS_SM3_M32_H25:
|
||||||
return LMS_HASH256_M32_H25_NAME;
|
return LMS_SM3_M32_H25_NAME;
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
int lms_type_from_name(const char *name)
|
int lms_type_from_name(const char *name)
|
||||||
{
|
{
|
||||||
if (!strcmp(name, LMS_HASH256_M32_H5_NAME)) {
|
if (!strcmp(name, LMS_SM3_M32_H5_NAME)) {
|
||||||
return LMS_HASH256_M32_H5;
|
return LMS_SM3_M32_H5;
|
||||||
} else if (!strcmp(name, LMS_HASH256_M32_H10_NAME)) {
|
} else if (!strcmp(name, LMS_SM3_M32_H10_NAME)) {
|
||||||
return LMS_HASH256_M32_H10;
|
return LMS_SM3_M32_H10;
|
||||||
} else if (!strcmp(name, LMS_HASH256_M32_H15_NAME)) {
|
} else if (!strcmp(name, LMS_SM3_M32_H15_NAME)) {
|
||||||
return LMS_HASH256_M32_H15;
|
return LMS_SM3_M32_H15;
|
||||||
} else if (!strcmp(name, LMS_HASH256_M32_H20_NAME)) {
|
} else if (!strcmp(name, LMS_SM3_M32_H20_NAME)) {
|
||||||
return LMS_HASH256_M32_H20;
|
return LMS_SM3_M32_H20;
|
||||||
} else if (!strcmp(name, LMS_HASH256_M32_H25_NAME)) {
|
} else if (!strcmp(name, LMS_SM3_M32_H25_NAME)) {
|
||||||
return LMS_HASH256_M32_H25;
|
return LMS_SM3_M32_H25;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -66,19 +66,19 @@ int lms_type_from_name(const char *name)
|
|||||||
int lms_type_to_height(int type, size_t *height)
|
int lms_type_to_height(int type, size_t *height)
|
||||||
{
|
{
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case LMS_HASH256_M32_H5:
|
case LMS_SM3_M32_H5:
|
||||||
*height = 5;
|
*height = 5;
|
||||||
break;
|
break;
|
||||||
case LMS_HASH256_M32_H10:
|
case LMS_SM3_M32_H10:
|
||||||
*height = 10;
|
*height = 10;
|
||||||
break;
|
break;
|
||||||
case LMS_HASH256_M32_H15:
|
case LMS_SM3_M32_H15:
|
||||||
*height = 15;
|
*height = 15;
|
||||||
break;
|
break;
|
||||||
case LMS_HASH256_M32_H20:
|
case LMS_SM3_M32_H20:
|
||||||
*height = 20;
|
*height = 20;
|
||||||
break;
|
break;
|
||||||
case LMS_HASH256_M32_H25:
|
case LMS_SM3_M32_H25:
|
||||||
*height = 25;
|
*height = 25;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
@@ -88,9 +88,9 @@ int lms_type_to_height(int type, size_t *height)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void lmots_derive_secrets(const lms_hash256_t seed, const uint8_t I[16], int q, lms_hash256_t x[34])
|
void lmots_derive_secrets(const lms_sm3_digest_t seed, const uint8_t I[16], int q, lms_sm3_digest_t x[34])
|
||||||
{
|
{
|
||||||
LMS_HASH256_CTX ctx;
|
SM3_CTX ctx;
|
||||||
uint8_t qbytes[4];
|
uint8_t qbytes[4];
|
||||||
uint8_t ibytes[2];
|
uint8_t ibytes[2];
|
||||||
const uint8_t jbytes[1] = { 0xff };
|
const uint8_t jbytes[1] = { 0xff };
|
||||||
@@ -102,25 +102,25 @@ void lmots_derive_secrets(const lms_hash256_t seed, const uint8_t I[16], int q,
|
|||||||
for (i = 0; i < 34; i++) {
|
for (i = 0; i < 34; i++) {
|
||||||
PUTU16(ibytes, i);
|
PUTU16(ibytes, i);
|
||||||
|
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, qbytes, 4);
|
sm3_update(&ctx, qbytes, 4);
|
||||||
lms_hash256_update(&ctx, ibytes, 2);
|
sm3_update(&ctx, ibytes, 2);
|
||||||
lms_hash256_update(&ctx, jbytes, 1);
|
sm3_update(&ctx, jbytes, 1);
|
||||||
lms_hash256_update(&ctx, seed, 32);
|
sm3_update(&ctx, seed, 32);
|
||||||
lms_hash256_finish(&ctx, x[i]);
|
sm3_finish(&ctx, x[i]);
|
||||||
}
|
}
|
||||||
|
|
||||||
gmssl_secure_clear(&ctx, sizeof(ctx));
|
gmssl_secure_clear(&ctx, sizeof(ctx));
|
||||||
}
|
}
|
||||||
|
|
||||||
void lmots_secrets_to_public_hash(const uint8_t I[16], int q, const lms_hash256_t x[34], lms_hash256_t pub)
|
void lmots_secrets_to_public_hash(const uint8_t I[16], int q, const lms_sm3_digest_t x[34], lms_sm3_digest_t pub)
|
||||||
{
|
{
|
||||||
LMS_HASH256_CTX ctx;
|
SM3_CTX ctx;
|
||||||
uint8_t qbytes[4];
|
uint8_t qbytes[4];
|
||||||
uint8_t ibytes[2];
|
uint8_t ibytes[2];
|
||||||
uint8_t jbytes[1];
|
uint8_t jbytes[1];
|
||||||
lms_hash256_t z[34];
|
lms_sm3_digest_t z[34];
|
||||||
int i, j;
|
int i, j;
|
||||||
|
|
||||||
PUTU32(qbytes, q);
|
PUTU32(qbytes, q);
|
||||||
@@ -132,28 +132,28 @@ void lmots_secrets_to_public_hash(const uint8_t I[16], int q, const lms_hash256_
|
|||||||
for (j = 0; j < 255; j++) {
|
for (j = 0; j < 255; j++) {
|
||||||
jbytes[0] = (uint8_t)j;
|
jbytes[0] = (uint8_t)j;
|
||||||
|
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, qbytes, 4);
|
sm3_update(&ctx, qbytes, 4);
|
||||||
lms_hash256_update(&ctx, ibytes, 2);
|
sm3_update(&ctx, ibytes, 2);
|
||||||
lms_hash256_update(&ctx, jbytes, 1);
|
sm3_update(&ctx, jbytes, 1);
|
||||||
lms_hash256_update(&ctx, z[i], 32);
|
sm3_update(&ctx, z[i], 32);
|
||||||
lms_hash256_finish(&ctx, z[i]);
|
sm3_finish(&ctx, z[i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1])
|
// K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1])
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, qbytes, 4);
|
sm3_update(&ctx, qbytes, 4);
|
||||||
lms_hash256_update(&ctx, D_PBLC, 2);
|
sm3_update(&ctx, D_PBLC, 2);
|
||||||
for (i = 0; i < 34; i++) {
|
for (i = 0; i < 34; i++) {
|
||||||
lms_hash256_update(&ctx, z[i], 32);
|
sm3_update(&ctx, z[i], 32);
|
||||||
}
|
}
|
||||||
lms_hash256_finish(&ctx, pub);
|
sm3_finish(&ctx, pub);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void winternitz_checksum(const lms_hash256_t dgst, uint8_t checksum[2])
|
static void winternitz_checksum(const lms_sm3_digest_t dgst, uint8_t checksum[2])
|
||||||
{
|
{
|
||||||
uint16_t sum = 0;
|
uint16_t sum = 0;
|
||||||
int i;
|
int i;
|
||||||
@@ -166,9 +166,9 @@ static void winternitz_checksum(const lms_hash256_t dgst, uint8_t checksum[2])
|
|||||||
}
|
}
|
||||||
|
|
||||||
// signed digest Q = H(I || u32str(q) || u16str(D_MESG) || C || message)
|
// signed digest Q = H(I || u32str(q) || u16str(D_MESG) || C || message)
|
||||||
void lmots_compute_signature(const uint8_t I[16], int q, const lms_hash256_t dgst, const lms_hash256_t x[34], lms_hash256_t y[34])
|
void lmots_compute_signature(const uint8_t I[16], int q, const lms_sm3_digest_t dgst, const lms_sm3_digest_t x[34], lms_sm3_digest_t y[34])
|
||||||
{
|
{
|
||||||
LMS_HASH256_CTX ctx;
|
SM3_CTX ctx;
|
||||||
uint8_t checksum[2];
|
uint8_t checksum[2];
|
||||||
uint8_t qbytes[4];
|
uint8_t qbytes[4];
|
||||||
uint8_t ibytes[2];
|
uint8_t ibytes[2];
|
||||||
@@ -188,22 +188,22 @@ void lmots_compute_signature(const uint8_t I[16], int q, const lms_hash256_t dgs
|
|||||||
for (j = 0; j < a; j++) {
|
for (j = 0; j < a; j++) {
|
||||||
jbytes[0] = j;
|
jbytes[0] = j;
|
||||||
|
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, qbytes, 4);
|
sm3_update(&ctx, qbytes, 4);
|
||||||
lms_hash256_update(&ctx, ibytes, 2);
|
sm3_update(&ctx, ibytes, 2);
|
||||||
lms_hash256_update(&ctx, jbytes, 1);
|
sm3_update(&ctx, jbytes, 1);
|
||||||
lms_hash256_update(&ctx, y[i], 32);
|
sm3_update(&ctx, y[i], 32);
|
||||||
lms_hash256_finish(&ctx, y[i]);
|
sm3_finish(&ctx, y[i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void lmots_signature_to_public_hash(const uint8_t I[16], int q, const lms_hash256_t y[34], const lms_hash256_t dgst, lms_hash256_t pub)
|
void lmots_signature_to_public_hash(const uint8_t I[16], int q, const lms_sm3_digest_t y[34], const lms_sm3_digest_t dgst, lms_sm3_digest_t pub)
|
||||||
{
|
{
|
||||||
LMS_HASH256_CTX ctx;
|
SM3_CTX ctx;
|
||||||
uint8_t checksum[2];
|
uint8_t checksum[2];
|
||||||
lms_hash256_t z[34];
|
lms_sm3_digest_t z[34];
|
||||||
uint8_t qbytes[4];
|
uint8_t qbytes[4];
|
||||||
uint8_t ibytes[2];
|
uint8_t ibytes[2];
|
||||||
uint8_t jbytes[1];
|
uint8_t jbytes[1];
|
||||||
@@ -222,36 +222,36 @@ void lmots_signature_to_public_hash(const uint8_t I[16], int q, const lms_hash25
|
|||||||
for (j = a; j < 255; j++) {
|
for (j = a; j < 255; j++) {
|
||||||
jbytes[0] = (uint8_t)j;
|
jbytes[0] = (uint8_t)j;
|
||||||
|
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, qbytes, 4);
|
sm3_update(&ctx, qbytes, 4);
|
||||||
lms_hash256_update(&ctx, ibytes, 2);
|
sm3_update(&ctx, ibytes, 2);
|
||||||
lms_hash256_update(&ctx, jbytes, 1);
|
sm3_update(&ctx, jbytes, 1);
|
||||||
lms_hash256_update(&ctx, z[i], 32);
|
sm3_update(&ctx, z[i], 32);
|
||||||
lms_hash256_finish(&ctx, z[i]);
|
sm3_finish(&ctx, z[i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Kc = H(I || u32str(q) || u16str(D_PBLC) || z[0] || z[1] || ... || z[p-1])
|
// Kc = H(I || u32str(q) || u16str(D_PBLC) || z[0] || z[1] || ... || z[p-1])
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, qbytes, 4);
|
sm3_update(&ctx, qbytes, 4);
|
||||||
lms_hash256_update(&ctx, D_PBLC, 2);
|
sm3_update(&ctx, D_PBLC, 2);
|
||||||
for (i = 0; i < 34; i++) {
|
for (i = 0; i < 34; i++) {
|
||||||
lms_hash256_update(&ctx, z[i], 32);
|
sm3_update(&ctx, z[i], 32);
|
||||||
}
|
}
|
||||||
lms_hash256_finish(&ctx, pub);
|
sm3_finish(&ctx, pub);
|
||||||
}
|
}
|
||||||
|
|
||||||
// derive full merkle tree[2^h * 2 - 1] from seed, tree[0] is the root
|
// derive full merkle tree[2^h * 2 - 1] from seed, tree[0] is the root
|
||||||
void lms_derive_merkle_tree(const lms_hash256_t seed, const uint8_t I[16], int h, lms_hash256_t *tree)
|
void lms_derive_merkle_tree(const lms_sm3_digest_t seed, const uint8_t I[16], int h, lms_sm3_digest_t *tree)
|
||||||
{
|
{
|
||||||
int r, n = (1 << h);
|
int r, n = (1 << h);
|
||||||
uint8_t rbytes[4];
|
uint8_t rbytes[4];
|
||||||
LMS_HASH256_CTX ctx;
|
SM3_CTX ctx;
|
||||||
lms_hash256_t x[34];
|
lms_sm3_digest_t x[34];
|
||||||
lms_hash256_t pub;
|
lms_sm3_digest_t pub;
|
||||||
lms_hash256_t *T = tree - 1;
|
lms_sm3_digest_t *T = tree - 1;
|
||||||
|
|
||||||
for (r = 2*n - 1; r >= 1; r--) {
|
for (r = 2*n - 1; r >= 1; r--) {
|
||||||
|
|
||||||
@@ -263,34 +263,34 @@ void lms_derive_merkle_tree(const lms_hash256_t seed, const uint8_t I[16], int h
|
|||||||
lmots_secrets_to_public_hash(I, q, x, pub);
|
lmots_secrets_to_public_hash(I, q, x, pub);
|
||||||
|
|
||||||
// H(I||u32str(r)||u16str(D_LEAF)||OTS_PUB_HASH[r-2^h])
|
// H(I||u32str(r)||u16str(D_LEAF)||OTS_PUB_HASH[r-2^h])
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, rbytes, 4);
|
sm3_update(&ctx, rbytes, 4);
|
||||||
lms_hash256_update(&ctx, D_LEAF, 2);
|
sm3_update(&ctx, D_LEAF, 2);
|
||||||
lms_hash256_update(&ctx, pub, 32);
|
sm3_update(&ctx, pub, 32);
|
||||||
lms_hash256_finish(&ctx, T[r]);
|
sm3_finish(&ctx, T[r]);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// H(I||u32str(r)||u16str(D_INTR)||T[2*r]||T[2*r+1])
|
// H(I||u32str(r)||u16str(D_INTR)||T[2*r]||T[2*r+1])
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, rbytes, 4);
|
sm3_update(&ctx, rbytes, 4);
|
||||||
lms_hash256_update(&ctx, D_INTR, 2);
|
sm3_update(&ctx, D_INTR, 2);
|
||||||
lms_hash256_update(&ctx, T[2*r], 32);
|
sm3_update(&ctx, T[2*r], 32);
|
||||||
lms_hash256_update(&ctx, T[2*r + 1], 32);
|
sm3_update(&ctx, T[2*r + 1], 32);
|
||||||
lms_hash256_finish(&ctx, T[r]);
|
sm3_finish(&ctx, T[r]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void lms_derive_merkle_root(const lms_hash256_t seed, const uint8_t I[16], int h, lms_hash256_t root)
|
void lms_derive_merkle_root(const lms_sm3_digest_t seed, const uint8_t I[16], int h, lms_sm3_digest_t root)
|
||||||
{
|
{
|
||||||
int q, r, n = 1 << h;
|
int q, r, n = 1 << h;
|
||||||
int qbits;
|
int qbits;
|
||||||
LMS_HASH256_CTX ctx;
|
SM3_CTX ctx;
|
||||||
lms_hash256_t stack[25];
|
lms_sm3_digest_t stack[25];
|
||||||
int num = 0;
|
int num = 0;
|
||||||
lms_hash256_t x[34];
|
lms_sm3_digest_t x[34];
|
||||||
uint8_t rbytes[4];
|
uint8_t rbytes[4];
|
||||||
|
|
||||||
for (q = 0; q < n; q++) {
|
for (q = 0; q < n; q++) {
|
||||||
@@ -302,12 +302,12 @@ void lms_derive_merkle_root(const lms_hash256_t seed, const uint8_t I[16], int h
|
|||||||
PUTU32(rbytes, r);
|
PUTU32(rbytes, r);
|
||||||
|
|
||||||
// H(I||u32str(r)||u16str(D_LEAF)||OTS_PUB_HASH[r-2^h])
|
// H(I||u32str(r)||u16str(D_LEAF)||OTS_PUB_HASH[r-2^h])
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, rbytes, 4);
|
sm3_update(&ctx, rbytes, 4);
|
||||||
lms_hash256_update(&ctx, D_LEAF, 2);
|
sm3_update(&ctx, D_LEAF, 2);
|
||||||
lms_hash256_update(&ctx, stack[num], 32);
|
sm3_update(&ctx, stack[num], 32);
|
||||||
lms_hash256_finish(&ctx, stack[num]);
|
sm3_finish(&ctx, stack[num]);
|
||||||
|
|
||||||
num++;
|
num++;
|
||||||
qbits = q;
|
qbits = q;
|
||||||
@@ -317,13 +317,13 @@ void lms_derive_merkle_root(const lms_hash256_t seed, const uint8_t I[16], int h
|
|||||||
r = r/2;
|
r = r/2;
|
||||||
PUTU32(rbytes, r);
|
PUTU32(rbytes, r);
|
||||||
|
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, rbytes, 4);
|
sm3_update(&ctx, rbytes, 4);
|
||||||
lms_hash256_update(&ctx, D_INTR, 2);
|
sm3_update(&ctx, D_INTR, 2);
|
||||||
lms_hash256_update(&ctx, stack[num - 2], 32);
|
sm3_update(&ctx, stack[num - 2], 32);
|
||||||
lms_hash256_update(&ctx, stack[num - 1], 32);
|
sm3_update(&ctx, stack[num - 1], 32);
|
||||||
lms_hash256_finish(&ctx, stack[num - 2]);
|
sm3_finish(&ctx, stack[num - 2]);
|
||||||
|
|
||||||
num--;
|
num--;
|
||||||
qbits >>= 1;
|
qbits >>= 1;
|
||||||
@@ -473,7 +473,7 @@ int lms_private_key_from_bytes(LMS_KEY *key, const uint8_t **in, size_t *inlen)
|
|||||||
|
|
||||||
if (cache_tree) {
|
if (cache_tree) {
|
||||||
size_t n = (size_t)1 << height;
|
size_t n = (size_t)1 << height;
|
||||||
if (!(key->tree = (lms_hash256_t *)malloc(sizeof(lms_hash256_t) * (2*n - 1)))) {
|
if (!(key->tree = (lms_sm3_digest_t *)malloc(sizeof(lms_sm3_digest_t) * (2*n - 1)))) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -525,7 +525,7 @@ void lms_key_cleanup(LMS_KEY *key)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int lms_key_generate_ex(LMS_KEY *key, int lms_type, const lms_hash256_t seed, const uint8_t I[16], int cache_tree)
|
int lms_key_generate_ex(LMS_KEY *key, int lms_type, const lms_sm3_digest_t seed, const uint8_t I[16], int cache_tree)
|
||||||
{
|
{
|
||||||
size_t h, n;
|
size_t h, n;
|
||||||
|
|
||||||
@@ -543,13 +543,13 @@ int lms_key_generate_ex(LMS_KEY *key, int lms_type, const lms_hash256_t seed, co
|
|||||||
memset(key, 0, sizeof(LMS_KEY));
|
memset(key, 0, sizeof(LMS_KEY));
|
||||||
|
|
||||||
key->public_key.lms_type = lms_type;
|
key->public_key.lms_type = lms_type;
|
||||||
key->public_key.lmots_type = LMOTS_HASH256_N32_W8;
|
key->public_key.lmots_type = LMOTS_SM3_N32_W8;
|
||||||
|
|
||||||
memcpy(key->public_key.I, I, 16);
|
memcpy(key->public_key.I, I, 16);
|
||||||
memcpy(key->seed, seed, 32);
|
memcpy(key->seed, seed, 32);
|
||||||
|
|
||||||
if (cache_tree) {
|
if (cache_tree) {
|
||||||
if (!(key->tree = (lms_hash256_t *)malloc(sizeof(lms_hash256_t) * (2*n - 1)))) {
|
if (!(key->tree = (lms_sm3_digest_t *)malloc(sizeof(lms_sm3_digest_t) * (2*n - 1)))) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -566,7 +566,7 @@ int lms_key_generate_ex(LMS_KEY *key, int lms_type, const lms_hash256_t seed, co
|
|||||||
|
|
||||||
int lms_key_generate(LMS_KEY *key, int lms_type)
|
int lms_key_generate(LMS_KEY *key, int lms_type)
|
||||||
{
|
{
|
||||||
lms_hash256_t seed;
|
lms_sm3_digest_t seed;
|
||||||
uint8_t I[16];
|
uint8_t I[16];
|
||||||
int cache_tree = 1;
|
int cache_tree = 1;
|
||||||
|
|
||||||
@@ -663,10 +663,10 @@ int lms_signature_size(int lms_type, size_t *len)
|
|||||||
}
|
}
|
||||||
*len = sizeof(uint32_t) // q
|
*len = sizeof(uint32_t) // q
|
||||||
+ sizeof(uint32_t) // lmots_type
|
+ sizeof(uint32_t) // lmots_type
|
||||||
+ sizeof(lms_hash256_t) // C
|
+ sizeof(lms_sm3_digest_t) // C
|
||||||
+ sizeof(lms_hash256_t) * 34 // y[34]
|
+ sizeof(lms_sm3_digest_t) * 34 // y[34]
|
||||||
+ sizeof(uint32_t) // lms_type
|
+ sizeof(uint32_t) // lms_type
|
||||||
+ sizeof(lms_hash256_t) * height; // path[hegith]
|
+ sizeof(lms_sm3_digest_t) * height; // path[hegith]
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -876,12 +876,12 @@ int lms_signature_from_bytes(LMS_SIGNATURE *sig, const uint8_t **in, size_t *inl
|
|||||||
}
|
}
|
||||||
|
|
||||||
int lms_signature_to_merkle_root(const uint8_t I[16], size_t h, int q,
|
int lms_signature_to_merkle_root(const uint8_t I[16], size_t h, int q,
|
||||||
const lms_hash256_t y[34], const lms_hash256_t *path,
|
const lms_sm3_digest_t y[34], const lms_sm3_digest_t *path,
|
||||||
const lms_hash256_t dgst, lms_hash256_t root)
|
const lms_sm3_digest_t dgst, lms_sm3_digest_t root)
|
||||||
{
|
{
|
||||||
size_t n, r;
|
size_t n, r;
|
||||||
uint8_t rbytes[4];
|
uint8_t rbytes[4];
|
||||||
LMS_HASH256_CTX ctx;
|
SM3_CTX ctx;
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
n = (size_t)1 << h;
|
n = (size_t)1 << h;
|
||||||
@@ -895,28 +895,28 @@ int lms_signature_to_merkle_root(const uint8_t I[16], size_t h, int q,
|
|||||||
lmots_signature_to_public_hash(I, q, y, dgst, root);
|
lmots_signature_to_public_hash(I, q, y, dgst, root);
|
||||||
|
|
||||||
// leaf[q] = H(I||u32str(r)||u16str(D_LEAF)||OTS_PUB_HASH[r-2^h])
|
// leaf[q] = H(I||u32str(r)||u16str(D_LEAF)||OTS_PUB_HASH[r-2^h])
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, rbytes, 4);
|
sm3_update(&ctx, rbytes, 4);
|
||||||
lms_hash256_update(&ctx, D_LEAF, 2);
|
sm3_update(&ctx, D_LEAF, 2);
|
||||||
lms_hash256_update(&ctx, root, 32);
|
sm3_update(&ctx, root, 32);
|
||||||
lms_hash256_finish(&ctx, root);
|
sm3_finish(&ctx, root);
|
||||||
|
|
||||||
for (i = 0; i < h; i++) {
|
for (i = 0; i < h; i++) {
|
||||||
PUTU32(rbytes, r/2);
|
PUTU32(rbytes, r/2);
|
||||||
|
|
||||||
lms_hash256_init(&ctx);
|
sm3_init(&ctx);
|
||||||
lms_hash256_update(&ctx, I, 16);
|
sm3_update(&ctx, I, 16);
|
||||||
lms_hash256_update(&ctx, rbytes, 4);
|
sm3_update(&ctx, rbytes, 4);
|
||||||
lms_hash256_update(&ctx, D_INTR, 2);
|
sm3_update(&ctx, D_INTR, 2);
|
||||||
if (r & 0x01) {
|
if (r & 0x01) {
|
||||||
lms_hash256_update(&ctx, path[i], 32);
|
sm3_update(&ctx, path[i], 32);
|
||||||
lms_hash256_update(&ctx, root, 32);
|
sm3_update(&ctx, root, 32);
|
||||||
} else {
|
} else {
|
||||||
lms_hash256_update(&ctx, root, 32);
|
sm3_update(&ctx, root, 32);
|
||||||
lms_hash256_update(&ctx, path[i], 32);
|
sm3_update(&ctx, path[i], 32);
|
||||||
}
|
}
|
||||||
lms_hash256_finish(&ctx, root);
|
sm3_finish(&ctx, root);
|
||||||
r = r/2;
|
r = r/2;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -927,7 +927,7 @@ int lms_sign_init(LMS_SIGN_CTX *ctx, LMS_KEY *key)
|
|||||||
{
|
{
|
||||||
LMS_SIGNATURE *lms_sig;
|
LMS_SIGNATURE *lms_sig;
|
||||||
uint8_t qbytes[4];
|
uint8_t qbytes[4];
|
||||||
const lms_hash256_t *T;
|
const lms_sm3_digest_t *T;
|
||||||
size_t height, r, i;
|
size_t height, r, i;
|
||||||
|
|
||||||
if (!ctx || !key) {
|
if (!ctx || !key) {
|
||||||
@@ -983,11 +983,11 @@ int lms_sign_init(LMS_SIGN_CTX *ctx, LMS_KEY *key)
|
|||||||
r /= 2;
|
r /= 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
lms_hash256_init(&ctx->lms_hash256_ctx);
|
sm3_init(&ctx->sm3_ctx);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, key->public_key.I, 16);
|
sm3_update(&ctx->sm3_ctx, key->public_key.I, 16);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, qbytes, 4);
|
sm3_update(&ctx->sm3_ctx, qbytes, 4);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, D_MESG, 2);
|
sm3_update(&ctx->sm3_ctx, D_MESG, 2);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, lms_sig->lmots_sig.C, 32);
|
sm3_update(&ctx->sm3_ctx, lms_sig->lmots_sig.C, 32);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -999,7 +999,7 @@ int lms_sign_update(LMS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (data && datalen > 0) {
|
if (data && datalen > 0) {
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, data, datalen);
|
sm3_update(&ctx->sm3_ctx, data, datalen);
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -1014,7 +1014,7 @@ int lms_sign_finish_ex(LMS_SIGN_CTX *ctx, LMS_SIGNATURE *sig)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
lms_hash256_finish(&ctx->lms_hash256_ctx, dgst);
|
sm3_finish(&ctx->sm3_ctx, dgst);
|
||||||
|
|
||||||
lms_sig = &ctx->lms_sig;
|
lms_sig = &ctx->lms_sig;
|
||||||
lmots_compute_signature(ctx->lms_public_key.I, lms_sig->q, dgst, lms_sig->lmots_sig.y, lms_sig->lmots_sig.y);
|
lmots_compute_signature(ctx->lms_public_key.I, lms_sig->q, dgst, lms_sig->lmots_sig.y, lms_sig->lmots_sig.y);
|
||||||
@@ -1033,7 +1033,7 @@ int lms_sign_finish(LMS_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
lms_hash256_finish(&ctx->lms_hash256_ctx, dgst);
|
sm3_finish(&ctx->sm3_ctx, dgst);
|
||||||
|
|
||||||
lms_sig = &ctx->lms_sig;
|
lms_sig = &ctx->lms_sig;
|
||||||
lmots_compute_signature(ctx->lms_public_key.I, lms_sig->q, dgst, lms_sig->lmots_sig.y, lms_sig->lmots_sig.y);
|
lmots_compute_signature(ctx->lms_public_key.I, lms_sig->q, dgst, lms_sig->lmots_sig.y, lms_sig->lmots_sig.y);
|
||||||
@@ -1074,11 +1074,11 @@ int lms_verify_init_ex(LMS_SIGN_CTX *ctx, const LMS_KEY *key, const LMS_SIGNATUR
|
|||||||
|
|
||||||
PUTU32(qbytes, lms_sig->q);
|
PUTU32(qbytes, lms_sig->q);
|
||||||
|
|
||||||
lms_hash256_init(&ctx->lms_hash256_ctx);
|
sm3_init(&ctx->sm3_ctx);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, key->public_key.I, 16);
|
sm3_update(&ctx->sm3_ctx, key->public_key.I, 16);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, qbytes, 4);
|
sm3_update(&ctx->sm3_ctx, qbytes, 4);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, D_MESG, 2);
|
sm3_update(&ctx->sm3_ctx, D_MESG, 2);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, lms_sig->lmots_sig.C, 32);
|
sm3_update(&ctx->sm3_ctx, lms_sig->lmots_sig.C, 32);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -1118,11 +1118,11 @@ int lms_verify_init(LMS_SIGN_CTX *ctx, const LMS_KEY *key, const uint8_t *sig, s
|
|||||||
|
|
||||||
PUTU32(qbytes, lms_sig->q);
|
PUTU32(qbytes, lms_sig->q);
|
||||||
|
|
||||||
lms_hash256_init(&ctx->lms_hash256_ctx);
|
sm3_init(&ctx->sm3_ctx);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, key->public_key.I, 16);
|
sm3_update(&ctx->sm3_ctx, key->public_key.I, 16);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, qbytes, 4);
|
sm3_update(&ctx->sm3_ctx, qbytes, 4);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, D_MESG, 2);
|
sm3_update(&ctx->sm3_ctx, D_MESG, 2);
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, lms_sig->lmots_sig.C, 32);
|
sm3_update(&ctx->sm3_ctx, lms_sig->lmots_sig.C, 32);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -1134,7 +1134,7 @@ int lms_verify_update(LMS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (data && datalen > 0) {
|
if (data && datalen > 0) {
|
||||||
lms_hash256_update(&ctx->lms_hash256_ctx, data, datalen);
|
sm3_update(&ctx->sm3_ctx, data, datalen);
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -1142,9 +1142,9 @@ int lms_verify_update(LMS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
|
|||||||
int lms_verify_finish(LMS_SIGN_CTX *ctx)
|
int lms_verify_finish(LMS_SIGN_CTX *ctx)
|
||||||
{
|
{
|
||||||
LMS_SIGNATURE *lms_sig;
|
LMS_SIGNATURE *lms_sig;
|
||||||
lms_hash256_t dgst;
|
lms_sm3_digest_t dgst;
|
||||||
size_t height;
|
size_t height;
|
||||||
lms_hash256_t root;
|
lms_sm3_digest_t root;
|
||||||
|
|
||||||
if (!ctx) {
|
if (!ctx) {
|
||||||
error_print();
|
error_print();
|
||||||
@@ -1157,7 +1157,7 @@ int lms_verify_finish(LMS_SIGN_CTX *ctx)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
lms_hash256_finish(&ctx->lms_hash256_ctx, dgst);
|
sm3_finish(&ctx->sm3_ctx, dgst);
|
||||||
|
|
||||||
if (lms_signature_to_merkle_root(ctx->lms_public_key.I, height,
|
if (lms_signature_to_merkle_root(ctx->lms_public_key.I, height,
|
||||||
lms_sig->q, lms_sig->lmots_sig.y, lms_sig->path, dgst, root) != 1) {
|
lms_sig->q, lms_sig->lmots_sig.y, lms_sig->path, dgst, root) != 1) {
|
||||||
@@ -1385,7 +1385,7 @@ void hss_key_cleanup(HSS_KEY *key)
|
|||||||
int hss_key_generate(HSS_KEY *key, const int *lms_types, size_t levels)
|
int hss_key_generate(HSS_KEY *key, const int *lms_types, size_t levels)
|
||||||
{
|
{
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
lms_hash256_t seed;
|
lms_sm3_digest_t seed;
|
||||||
uint8_t I[16];
|
uint8_t I[16];
|
||||||
LMS_SIGN_CTX ctx;
|
LMS_SIGN_CTX ctx;
|
||||||
uint8_t buf[LMS_SIGNATURE_MAX_SIZE]; // LMS_SIGNATURE_MAX_SIZE > SM3_PUBLIC_KEY_SIZE
|
uint8_t buf[LMS_SIGNATURE_MAX_SIZE]; // LMS_SIGNATURE_MAX_SIZE > SM3_PUBLIC_KEY_SIZE
|
||||||
|
|||||||
105
src/secp256r1.c
105
src/secp256r1.c
@@ -57,58 +57,74 @@ int secp256r1_cmp(const secp256r1_t a, const secp256r1_t b) {
|
|||||||
return bn_cmp(a, b, SECP256R1_K);
|
return bn_cmp(a, b, SECP256R1_K);
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_set_zero(secp256r1_t r) {
|
int secp256r1_set_zero(secp256r1_t r) {
|
||||||
bn_set_word(r, 0, SECP256R1_K);
|
bn_set_word(r, 0, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_set_one(secp256r1_t r) {
|
int secp256r1_set_one(secp256r1_t r) {
|
||||||
bn_set_word(r, 1, SECP256R1_K);
|
bn_set_word(r, 1, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_copy(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_copy(secp256r1_t r, const secp256r1_t a) {
|
||||||
bn_copy(r, a, SECP256R1_K);
|
bn_copy(r, a, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_to_32bytes(const secp256r1_t a, uint8_t out[32]) {
|
int secp256r1_to_32bytes(const secp256r1_t a, uint8_t out[32]) {
|
||||||
bn_to_bytes(a, SECP256R1_K, out);
|
bn_to_bytes(a, SECP256R1_K, out);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_from_32bytes(secp256r1_t r, const uint8_t in[32]) {
|
int secp256r1_from_32bytes(secp256r1_t r, const uint8_t in[32]) {
|
||||||
bn_from_bytes(r, SECP256R1_K, in);
|
bn_from_bytes(r, SECP256R1_K, in);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int secp256r1_print(FILE *fp, int fmt, int ind, const char *label, const secp256r1_t a) {
|
int secp256r1_print(FILE *fp, int fmt, int ind, const char *label, const secp256r1_t a) {
|
||||||
uint8_t bytes[32];
|
uint8_t bytes[32];
|
||||||
secp256r1_to_32bytes(a, bytes);
|
if (secp256r1_to_32bytes(a, bytes) != 1) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
format_bytes(fp, fmt, ind, label, bytes, 32);
|
format_bytes(fp, fmt, ind, label, bytes, 32);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modp_add(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
int secp256r1_modp_add(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
||||||
bn_mod_add(r, a, b, SECP256R1_P, SECP256R1_K);
|
bn_mod_add(r, a, b, SECP256R1_P, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modp_dbl(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modp_dbl(secp256r1_t r, const secp256r1_t a) {
|
||||||
bn_mod_add(r, a, a, SECP256R1_P, SECP256R1_K);
|
bn_mod_add(r, a, a, SECP256R1_P, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modp_tri(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modp_tri(secp256r1_t r, const secp256r1_t a) {
|
||||||
secp256r1_t tmp;
|
secp256r1_t tmp;
|
||||||
|
|
||||||
// 这里就出错了,真是太奇怪了!
|
|
||||||
bn_mod_add(tmp, a, a, SECP256R1_P, SECP256R1_K);
|
bn_mod_add(tmp, a, a, SECP256R1_P, SECP256R1_K);
|
||||||
bn_mod_add(r, tmp, a, SECP256R1_P, SECP256R1_K);
|
bn_mod_add(r, tmp, a, SECP256R1_P, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modp_sub(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
int secp256r1_modp_sub(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
||||||
bn_mod_sub(r, a, b, SECP256R1_P, SECP256R1_K);
|
bn_mod_sub(r, a, b, SECP256R1_P, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modp_neg(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modp_neg(secp256r1_t r, const secp256r1_t a) {
|
||||||
bn_mod_neg(r, a, SECP256R1_P, SECP256R1_K);
|
if (secp256r1_is_zero(a)) {
|
||||||
|
secp256r1_set_zero(r);
|
||||||
|
} else {
|
||||||
|
bn_mod_neg(r, a, SECP256R1_P, SECP256R1_K);
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modp_haf(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modp_haf(secp256r1_t r, const secp256r1_t a) {
|
||||||
int c = 0;
|
int c = 0;
|
||||||
if (a[0] & 1) {
|
if (a[0] & 1) {
|
||||||
c = bn_add(r, a, SECP256R1_P, SECP256R1_K);
|
c = bn_add(r, a, SECP256R1_P, SECP256R1_K);
|
||||||
@@ -124,79 +140,106 @@ void secp256r1_modp_haf(secp256r1_t r, const secp256r1_t a) {
|
|||||||
r[5] = (r[5] >> 1) | ((r[6] & 1) << 31);
|
r[5] = (r[5] >> 1) | ((r[6] & 1) << 31);
|
||||||
r[6] = (r[6] >> 1) | ((r[7] & 1) << 31);
|
r[6] = (r[6] >> 1) | ((r[7] & 1) << 31);
|
||||||
r[7] = (r[7] >> 1) | ((c & 1) << 31);
|
r[7] = (r[7] >> 1) | ((c & 1) << 31);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modp_mul(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
int secp256r1_modp_mul(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
||||||
uint32_t tmp[6*8 + 4];
|
uint32_t tmp[6*8 + 4];
|
||||||
bn_barrett_mod_mul(r, a, b, SECP256R1_P, SECP256R1_U_P, tmp, SECP256R1_K);
|
bn_barrett_mod_mul(r, a, b, SECP256R1_P, SECP256R1_U_P, tmp, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modp_sqr(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modp_sqr(secp256r1_t r, const secp256r1_t a) {
|
||||||
uint32_t tmp[6*8 + 4];
|
uint32_t tmp[6*8 + 4];
|
||||||
bn_barrett_mod_mul(r, a, a, SECP256R1_P, SECP256R1_U_P, tmp, SECP256R1_K);
|
bn_barrett_mod_mul(r, a, a, SECP256R1_P, SECP256R1_U_P, tmp, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modp_exp(secp256r1_t r, const secp256r1_t a, const secp256r1_t e) {
|
int secp256r1_modp_exp(secp256r1_t r, const secp256r1_t a, const secp256r1_t e) {
|
||||||
uint32_t tmp[7*8 + 4];
|
uint32_t tmp[7*8 + 4];
|
||||||
bn_barrett_mod_exp(r, a, e, SECP256R1_P, SECP256R1_U_P, tmp, SECP256R1_K);
|
bn_barrett_mod_exp(r, a, e, SECP256R1_P, SECP256R1_U_P, tmp, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME: 如果 a = 0 (mod p) 会发生什么
|
int secp256r1_modp_inv(secp256r1_t r, const secp256r1_t a) {
|
||||||
void secp256r1_modp_inv(secp256r1_t r, const secp256r1_t a) {
|
|
||||||
uint32_t tmp[8*8 + 4];
|
uint32_t tmp[8*8 + 4];
|
||||||
|
|
||||||
|
if (secp256r1_is_zero(a)) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
bn_barrett_mod_inv(r, a, SECP256R1_P, SECP256R1_U_P, tmp, SECP256R1_K);
|
bn_barrett_mod_inv(r, a, SECP256R1_P, SECP256R1_U_P, tmp, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void secp256r1_modn(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modn(secp256r1_t r, const secp256r1_t a) {
|
||||||
if (bn_cmp(a, SECP256R1_N, SECP256R1_K) >= 0) {
|
if (bn_cmp(a, SECP256R1_N, SECP256R1_K) >= 0) {
|
||||||
bn_sub(r, a, SECP256R1_N, SECP256R1_K);
|
bn_sub(r, a, SECP256R1_N, SECP256R1_K);
|
||||||
} else {
|
} else {
|
||||||
bn_copy(r, a, SECP256R1_K);
|
bn_copy(r, a, SECP256R1_K);
|
||||||
}
|
}
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modn_add(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
int secp256r1_modn_add(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
||||||
bn_mod_add(r, a, b, SECP256R1_N, SECP256R1_K);
|
bn_mod_add(r, a, b, SECP256R1_N, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modn_dbl(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modn_dbl(secp256r1_t r, const secp256r1_t a) {
|
||||||
bn_mod_add(r, a, a, SECP256R1_N, SECP256R1_K);
|
bn_mod_add(r, a, a, SECP256R1_N, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modn_tri(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modn_tri(secp256r1_t r, const secp256r1_t a) {
|
||||||
secp256r1_t tmp;
|
secp256r1_t tmp;
|
||||||
bn_mod_add(tmp, a, a, SECP256R1_N, SECP256R1_K);
|
bn_mod_add(tmp, a, a, SECP256R1_N, SECP256R1_K);
|
||||||
bn_mod_add(r, tmp, a, SECP256R1_N, SECP256R1_K);
|
bn_mod_add(r, tmp, a, SECP256R1_N, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modn_sub(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
int secp256r1_modn_sub(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
||||||
bn_mod_sub(r, a, b, SECP256R1_N, SECP256R1_K);
|
bn_mod_sub(r, a, b, SECP256R1_N, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modn_neg(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modn_neg(secp256r1_t r, const secp256r1_t a) {
|
||||||
bn_mod_neg(r, a, SECP256R1_N, SECP256R1_K);
|
if (secp256r1_is_zero(a)) {
|
||||||
|
secp256r1_set_zero(r);
|
||||||
|
} else {
|
||||||
|
bn_mod_neg(r, a, SECP256R1_N, SECP256R1_K);
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modn_mul(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
int secp256r1_modn_mul(secp256r1_t r, const secp256r1_t a, const secp256r1_t b) {
|
||||||
uint32_t tmp[6*8 + 4];
|
uint32_t tmp[6*8 + 4];
|
||||||
bn_barrett_mod_mul(r, a, b, SECP256R1_N, SECP256R1_U_N, tmp, SECP256R1_K);
|
bn_barrett_mod_mul(r, a, b, SECP256R1_N, SECP256R1_U_N, tmp, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modn_sqr(secp256r1_t r, const secp256r1_t a) {
|
int secp256r1_modn_sqr(secp256r1_t r, const secp256r1_t a) {
|
||||||
uint32_t tmp[6*8 + 4];
|
uint32_t tmp[6*8 + 4];
|
||||||
bn_barrett_mod_mul(r, a, a, SECP256R1_N, SECP256R1_U_N, tmp, SECP256R1_K);
|
bn_barrett_mod_mul(r, a, a, SECP256R1_N, SECP256R1_U_N, tmp, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void secp256r1_modn_exp(secp256r1_t r, const secp256r1_t a, const secp256r1_t e) {
|
int secp256r1_modn_exp(secp256r1_t r, const secp256r1_t a, const secp256r1_t e) {
|
||||||
uint32_t tmp[7*8 + 4];
|
uint32_t tmp[7*8 + 4];
|
||||||
bn_barrett_mod_exp(r, a, e, SECP256R1_N, SECP256R1_U_N, tmp, SECP256R1_K);
|
bn_barrett_mod_exp(r, a, e, SECP256R1_N, SECP256R1_U_N, tmp, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME: 如果 a = 0 (mod p) 会发生什么
|
int secp256r1_modn_inv(secp256r1_t r, const secp256r1_t a) {
|
||||||
void secp256r1_modn_inv(secp256r1_t r, const secp256r1_t a) {
|
|
||||||
uint32_t tmp[8*8 + 4];
|
uint32_t tmp[8*8 + 4];
|
||||||
|
|
||||||
|
if (secp256r1_is_zero(a)) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
bn_barrett_mod_inv(r, a, SECP256R1_N, SECP256R1_U_N, tmp, SECP256R1_K);
|
bn_barrett_mod_inv(r, a, SECP256R1_N, SECP256R1_U_N, tmp, SECP256R1_K);
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
351
tests/lmstest.c
351
tests/lmstest.c
@@ -24,9 +24,9 @@ static void test_print_elapsed(const char *func, clock_t start)
|
|||||||
|
|
||||||
|
|
||||||
static int lms_types[] = {
|
static int lms_types[] = {
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
};
|
};
|
||||||
|
|
||||||
static int test_print_consts(void)
|
static int test_print_consts(void)
|
||||||
@@ -46,192 +46,128 @@ static int test_print_consts(void)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(ENABLE_LMS_CROSSCHECK) && defined(ENABLE_SHA2)
|
static int test_sm3_hss_kat(void)
|
||||||
static int test_rfc8554_test1(void)
|
|
||||||
{
|
{
|
||||||
size_t i;
|
static const char *sm3_hss_public_key =
|
||||||
|
"00000002000000050000000e61a5d57d37f5e46bfb7520806b07a1b83d3bcaed"
|
||||||
// HSS Public key
|
"9914f6c45640986637c1a14e5f7cc64bcc92b47ac318afd894b17544";
|
||||||
int levels = 2;
|
static const char *sm3_hss_signature =
|
||||||
int lms_type = LMS_SHA256_M32_H5;
|
"00000001000000050000000ed32b56671d7eb98833c49b433c272586bc4a1c8a"
|
||||||
int lmots_type = LMOTS_SHA256_N32_W8;
|
"8970528ffa04b966f9426eb9ab7e482480399fa6e357c683e14b55bc03989238"
|
||||||
char *I = "61a5d57d37f5e46bfb7520806b07a1b8";
|
"3a55e93fa79abee02b261705d55980b4e2ccf6fb8042b17777e0474de1b43748"
|
||||||
char *K = "50650e3b31fe4a773ea29a07f09cf2ea30e579f0df58ef8e298da0434cb2b878";
|
"3ca96302b5a69d2c3a4ab572f7a278014dd095b031a76f2f5fbc25ec30c99881"
|
||||||
|
"e5d536bb0c12996ef228c4a1ac62df352dce08b9b04ebbb74ee7a3266d6dc101"
|
||||||
// Message
|
"c524331025ba41dae0d331262afabafd0beff8e668bd5dd916eafd1274484934"
|
||||||
char *msg =
|
"ce506e571cf693eec3fcb34cbbea87ac8b313f93197bf15a0e9bb105d9e37691"
|
||||||
|
"e0c57e4a5f615f8dd4ba35c7df9456e9815a143acf4e984cb023455125b51243"
|
||||||
|
"ecd3485858e5ebd7d2ffb3c889f53b7c59135e9f872932b12a521868301538bf"
|
||||||
|
"4cffecca900735806b929aec2cc5d6da8b9a91e5cf8e2c38189af5b92a8c5648"
|
||||||
|
"ae860a767190c306c460834ca476d129e263d3f62804d88d9d077c5deef80418"
|
||||||
|
"3467e158ad7c5a179dc0088ff80d296c659f3203c77a2e06df15efcda01cf675"
|
||||||
|
"bbaed0b9e3cba4726d758fec71523374c3e6a007fe286706eb46abb9267caeb2"
|
||||||
|
"140ce421714908793563dd8d910880b382941affdd38d3a9add3dac360f72a21"
|
||||||
|
"627f7f0f173e9ad493d1a97ceae63249c4bcb7d871d8b17286ab2c91271096be"
|
||||||
|
"aba1e8798eb61a6ad18f246e0ecb38bebce0927523baa98c72c288645aaaf61c"
|
||||||
|
"19330fe351e7fb4c5e622679acc7f15b92d424682d34555e8afa859ec293b3ac"
|
||||||
|
"788375f0e8a6951bb4b916d14470f908115e66c424f1acbea399aef6fa00f0e3"
|
||||||
|
"ff319e3a8a296681b7630ccc9b0da1617a75e5eb0480e5e06e7f164c42b58394"
|
||||||
|
"f870b658031a3de596101d5e7e71b3a6523c594233bd00b2c170e81ff93e94b0"
|
||||||
|
"bca9f9043aab415cd330b566eaa2535b6e42607b979515db5a99b90064560119"
|
||||||
|
"96fec95a36031c4fd9136cda176fa658d54b96f7a6d80908d65e145217d7009f"
|
||||||
|
"d2f0fb96fb45dbdbf33f49e739ae7bc7f7e0531d179e1b15b0ca1d3c345540fe"
|
||||||
|
"cb3591f60e72e9fa9c3f7d85e2d1856f9baaee3af90f14d105b3be98b7c3900e"
|
||||||
|
"1e4709d7698b031c2b40fc114ab13745eef2dfbc8eec730a21ee3f2e8affad5e"
|
||||||
|
"807f022bd7091a00ca55d6affbb5310c866c4bf16805ecf4a1f910e3334de46f"
|
||||||
|
"45e354d27dccd5310d2db6396bc357e3947a9897440cd849c0bd520c55a6dc05"
|
||||||
|
"8be5f0444d49ab6dbcc3c642d372d21ea51440c5ad3907a854b4129f55c05f21"
|
||||||
|
"da6f33227ceb80d158b334416a34e7d42bf5ecb3ceb06a7260bbd3d1f3603709"
|
||||||
|
"ce7f9df8c8d977085e013fa6f2d48c4ec703d6f25d6614728d20db85aaa2a2a6"
|
||||||
|
"a520b977c35ee862e1679348e16fc474a78006fc5689c91ad18953406f01e0c3"
|
||||||
|
"5ad9aadd7a96695c989620ce16bb8334a808af2ba3a7a23c2f53867044eb09fc"
|
||||||
|
"0c756d837d4cbe3408e2ccce21c8e786fe4fb292b6197e1346669774d3a9eedf"
|
||||||
|
"a8e5ddb2910ecef28521540243dfcae28ee5cd6d0a569a7ad664cbfefb52bfcf"
|
||||||
|
"d09e66db110cc2bdcfa6909f3f5998f7cc2d7a5c11c146cce13f72c698a8b138"
|
||||||
|
"651e9ad1541442f36e51e09a0000000528a7d2e5292ffaa18483fe7f0d6db429"
|
||||||
|
"238d3809ee778f6da4aaf28e77ba6ff939e8b2b0f3fe300beea139543ad25004"
|
||||||
|
"307de7ca1344c8645d8a8ee9629373868df046e1d4df456ad9cf5857d9ad868a"
|
||||||
|
"77633abf7de96279f84e2cf1166863a459638c92bd5617191ff96a912cc314e3"
|
||||||
|
"a430ad746f427ea60c3d1171e2034c67af8b1e5323b82a57dcdbd92ce21d3999"
|
||||||
|
"86d36d10f4ab2725ee808d2a654e1554000000050000000ed2f14ff6346af964"
|
||||||
|
"569f7d6cb880a1b6a3dfee7a6eb6bb4eceb552326e159d57b27f0c98bc513d3b"
|
||||||
|
"8746311d1d57ad6e0000000a0000000e0703c491e7558b35011ece3592eaa5da"
|
||||||
|
"4d918786771233e8353bc4f62323185ca6181777500d72b576c54d3b7c800664"
|
||||||
|
"9fdf6cc3d0251c138bed161ae9866dc12fd4f4c8002b29631dedfe72a08567ac"
|
||||||
|
"b0cb8d4c8189f4c64db40707196d49a0a738ac6575b662156b8d3825a19ab18f"
|
||||||
|
"10f93b6ee46d4f31f4295a68f51d4ae778ab3dd99020c8cb8e187e2f7cec0fb8"
|
||||||
|
"5cb888481d379faa8d1cd0e63e525e394d1256b12ee2cee8a6a4a80999ec7b3e"
|
||||||
|
"35b6d9b660b12e071f105f9fca56909d7bf25dc173fcd5ba6ea3ec138157f524"
|
||||||
|
"dea1ac0a679524f0f3a27129e90b7e09b41c178b8344a59333c963665ea28f9d"
|
||||||
|
"bca379ea6d98c216453810e150edb8c2404cc2c92804eb348f929e0d6ab0c5df"
|
||||||
|
"731ba8f346034d391a1beffc13b257039d1a653a83767e2b2ccb450cbc4c3e76"
|
||||||
|
"1f76a3b94b58b2a846e01344c716a6beada874e34a8a46cdd4ee3b328ba797c8"
|
||||||
|
"d8aef40fd8b27ee57a45d0d25e1d6091504472a261c7de6fb1f3e47d7495edd2"
|
||||||
|
"1760200a7c5c91205116e09d0565437b4813dd7b316ec01625945ebeb81800b0"
|
||||||
|
"7742abfa06998638e9a9e95cf09b0cca5e45234a9dc62f8983ddbd77efd737d5"
|
||||||
|
"b97c72cf7f7f1b33b7473c7dfc249b4001a05b71213eeb2305f0b79f047ab1f9"
|
||||||
|
"349a4fcada42523d0b6c4f994671cea38fdcea663ec725dbff73b2b3f0f4c037"
|
||||||
|
"8878a0d85d6fecf954ca9a4e97d3a1f219f324e7785f83a402af499bd852bac6"
|
||||||
|
"5bef42aa13fd8f564003e96268618b1082611885548344b6bcacb04a23123ea4"
|
||||||
|
"8b3902d5ff10b0d9bd6006257102c78f4cd2d60fbc49e3b173ba13e559ecb2e4"
|
||||||
|
"f10fcb33bb571fdc3440964b8613a2a763c0cf7860c75580c716bbf88a6c3bff"
|
||||||
|
"ff632ab66d3861f7fd3e0255147feb21fcd1a6742788dd56d4b820d4206b9dbc"
|
||||||
|
"b4b045b95cd587f02e317e986f6e86caa709e5aac8da44321fd38e50b4ff1386"
|
||||||
|
"e4e02887b6c961e633a16da4729bf6172e40a865f163e3610e4352aa15b177ac"
|
||||||
|
"35545aa7783c4fde3724a2151312b1901dd37a161f619033914ddb330d7783e0"
|
||||||
|
"e1e3b7c71d2c6da820af348644a3ea479fca0075974eec4b780ceb6dbacb8164"
|
||||||
|
"6f3f8d604d9f56b90e31b174f80ae1e450f3ac29663667c6ebaf090b13d6f60d"
|
||||||
|
"7541f988271efe00241160072b8d6667e5d4546ab40036af88aef5c9553957b3"
|
||||||
|
"3962cbd31b946fbf66dac1a2c477421590d17eea8c4c4900385847c116a4b2f9"
|
||||||
|
"453b3246542951bf377895912d4de8fd6ba7255c1ac065359b629cd58d51c767"
|
||||||
|
"81f6f2e8f2b3c61b4c6adaab90c937823c81fb70046136a457122134f340542e"
|
||||||
|
"92207aa84b1623330a2378bcbeb3ff0b85204acc8d2507ddc0912da70284de24"
|
||||||
|
"2f28aec0f69d6aa43d2d44cb6a8ae837a3936c2181ec26ae9ed18461620d7487"
|
||||||
|
"d76f5bbf4b5e69317d7a5cd016dc7ab00d9ef0a3825350db64ddb9d2610fd273"
|
||||||
|
"1758f7e9fff621e9e0927f1f91b9f2c5e5a3bcaea6e25319cddc6cc7e515826a"
|
||||||
|
"e0c77a214fed5f64d17e02b0408c8a9e4fe8929c8d92d5f837410814cff8a534"
|
||||||
|
"789a1dbee2ecd59afe7cb4924472d001000000055809ff98d4366c45f6903e86"
|
||||||
|
"ba7eefeafdda04ff2ad295313688efefea69839460746b64bd308dbc590fef12"
|
||||||
|
"0d3c02707215b122202ffc9fb8d602e563485f75e78f9e2684cf5fce9e3480db"
|
||||||
|
"8dd35a03dde4186c6eb9c6bfa4bb19c6d6c28e7b2d1fa4164d83caffd498085c"
|
||||||
|
"fa6616cacd7d44c6b700cbb0f6ec377d31fe9096e1b7b9bb773c8271423e4bbb"
|
||||||
|
"09613e7a026511948a67acd77e54031b62df1cbb";
|
||||||
|
static const char *msg =
|
||||||
"54686520706f77657273206e6f742064656c65676174656420746f2074686520"
|
"54686520706f77657273206e6f742064656c65676174656420746f2074686520"
|
||||||
"556e69746564205374617465732062792074686520436f6e737469747574696f"
|
"556e69746564205374617465732062792074686520436f6e737469747574696f"
|
||||||
"6e2c206e6f722070726f6869626974656420627920697420746f207468652053"
|
"6e2c206e6f722070726f6869626974656420627920697420746f207468652053"
|
||||||
"74617465732c2061726520726573657276656420746f20746865205374617465"
|
"74617465732c2061726520726573657276656420746f20746865205374617465"
|
||||||
"7320726573706563746976656c792c206f7220746f207468652070656f706c65"
|
"7320726573706563746976656c792c206f7220746f207468652070656f706c65"
|
||||||
"2e0a"; // MUST NOT use strlen(msg), which will not count the last 0x0a
|
"2e0a"; // MUST NOT use strlen(msg), which will not count the last 0x0a
|
||||||
|
|
||||||
// Signature
|
|
||||||
int Nspk = 1;
|
|
||||||
|
|
||||||
int sig0_q = 5;
|
|
||||||
int sig0_lmots_type = LMOTS_SHA256_N32_W8;
|
|
||||||
char *sig0_C =
|
|
||||||
"d32b56671d7eb98833c49b433c272586"
|
|
||||||
"bc4a1c8a8970528ffa04b966f9426eb9";
|
|
||||||
char *sig0_y[34] = {
|
|
||||||
"965a25bfd37f196b9073f3d4a232feb69128ec45146f86292f9dff9610a7bf95",
|
|
||||||
"a64c7f60f6261a62043f86c70324b7707f5b4a8a6e19c114c7be866d488778a0",
|
|
||||||
"e05fd5c6509a6e61d559cf1a77a970de927d60c70d3de31a7fa0100994e162a2",
|
|
||||||
"582e8ff1b10cd99d4e8e413ef469559f7d7ed12c838342f9b9c96b83a4943d16",
|
|
||||||
"81d84b15357ff48ca579f19f5e71f18466f2bbef4bf660c2518eb20de2f66e3b",
|
|
||||||
"14784269d7d876f5d35d3fbfc7039a462c716bb9f6891a7f41ad133e9e1f6d95",
|
|
||||||
"60b960e7777c52f060492f2d7c660e1471e07e72655562035abc9a701b473ecb",
|
|
||||||
"c3943c6b9c4f2405a3cb8bf8a691ca51d3f6ad2f428bab6f3a30f55dd9625563",
|
|
||||||
"f0a75ee390e385e3ae0b906961ecf41ae073a0590c2eb6204f44831c26dd768c",
|
|
||||||
"35b167b28ce8dc988a3748255230cef99ebf14e730632f27414489808afab1d1",
|
|
||||||
"e783ed04516de012498682212b07810579b250365941bcc98142da13609e9768",
|
|
||||||
"aaf65de7620dabec29eb82a17fde35af15ad238c73f81bdb8dec2fc0e7f93270",
|
|
||||||
"1099762b37f43c4a3c20010a3d72e2f606be108d310e639f09ce7286800d9ef8",
|
|
||||||
"a1a40281cc5a7ea98d2adc7c7400c2fe5a101552df4e3cccfd0cbf2ddf5dc677",
|
|
||||||
"9cbbc68fee0c3efe4ec22b83a2caa3e48e0809a0a750b73ccdcf3c79e6580c15",
|
|
||||||
"4f8a58f7f24335eec5c5eb5e0cf01dcf4439424095fceb077f66ded5bec73b27",
|
|
||||||
"c5b9f64a2a9af2f07c05e99e5cf80f00252e39db32f6c19674f190c9fbc506d8",
|
|
||||||
"26857713afd2ca6bb85cd8c107347552f30575a5417816ab4db3f603f2df56fb",
|
|
||||||
"c413e7d0acd8bdd81352b2471fc1bc4f1ef296fea1220403466b1afe78b94f7e",
|
|
||||||
"cf7cc62fb92be14f18c2192384ebceaf8801afdf947f698ce9c6ceb696ed70e9",
|
|
||||||
"e87b0144417e8d7baf25eb5f70f09f016fc925b4db048ab8d8cb2a661ce3b57a",
|
|
||||||
"da67571f5dd546fc22cb1f97e0ebd1a65926b1234fd04f171cf469c76b884cf3",
|
|
||||||
"115cce6f792cc84e36da58960c5f1d760f32c12faef477e94c92eb75625b6a37",
|
|
||||||
"1efc72d60ca5e908b3a7dd69fef0249150e3eebdfed39cbdc3ce9704882a2072",
|
|
||||||
"c75e13527b7a581a556168783dc1e97545e31865ddc46b3c957835da252bb732",
|
|
||||||
"8d3ee2062445dfb85ef8c35f8e1f3371af34023cef626e0af1e0bc017351aae2",
|
|
||||||
"ab8f5c612ead0b729a1d059d02bfe18efa971b7300e882360a93b025ff97e9e0",
|
|
||||||
"eec0f3f3f13039a17f88b0cf808f488431606cb13f9241f40f44e537d302c64a",
|
|
||||||
"4f1f4ab949b9feefadcb71ab50ef27d6d6ca8510f150c85fb525bf25703df720",
|
|
||||||
"9b6066f09c37280d59128d2f0f637c7d7d7fad4ed1c1ea04e628d221e3d8db77",
|
|
||||||
"b7c878c9411cafc5071a34a00f4cf07738912753dfce48f07576f0d4f94f42c6",
|
|
||||||
"d76f7ce973e9367095ba7e9a3649b7f461d9f9ac1332a4d1044c96aefee67676",
|
|
||||||
"401b64457c54d65fef6500c59cdfb69af7b6dddfcb0f086278dd8ad0686078df",
|
|
||||||
"b0f3f79cd893d314168648499898fbc0ced5f95b74e8ff14d735cdea968bee74",
|
|
||||||
};
|
|
||||||
int sig0_lms_type = LMS_SHA256_M32_H5;
|
|
||||||
char *sig0_path[5] = {
|
|
||||||
"d8b8112f9200a5e50c4a262165bd342cd800b8496810bc716277435ac376728d",
|
|
||||||
"129ac6eda839a6f357b5a04387c5ce97382a78f2a4372917eefcbf93f63bb591",
|
|
||||||
"12f5dbe400bd49e4501e859f885bf0736e90a509b30a26bfac8c17b5991c157e",
|
|
||||||
"b5971115aa39efd8d564a6b90282c3168af2d30ef89d51bf14654510a12b8a14",
|
|
||||||
"4cca1848cf7da59cc2b3d9d0692dd2a20ba3863480e25b1b85ee860c62bf5136",
|
|
||||||
};
|
|
||||||
|
|
||||||
int pub0_lms_type = LMS_SHA256_M32_H5;
|
|
||||||
int pub0_lmots_type = LMOTS_SHA256_N32_W8;
|
|
||||||
char *pub0_I = "d2f14ff6346af964569f7d6cb880a1b6";
|
|
||||||
char *pub0_K = "6c5004917da6eafe4d9ef6c6407b3db0e5485b122d9ebe15cda93cfec582d7ab";
|
|
||||||
|
|
||||||
int sig1_q = 0x0a;
|
|
||||||
int sig1_lmots_type = LMOTS_SHA256_N32_W8;
|
|
||||||
char *sig1_C = "0703c491e7558b35011ece3592eaa5da4d918786771233e8353bc4f62323185c";
|
|
||||||
char *sig1_y[34] = {
|
|
||||||
"95cae05b899e35dffd717054706209988ebfdf6e37960bb5c38d7657e8bffeef",
|
|
||||||
"9bc042da4b4525650485c66d0ce19b317587c6ba4bffcc428e25d08931e72dfb",
|
|
||||||
"6a120c5612344258b85efdb7db1db9e1865a73caf96557eb39ed3e3f426933ac",
|
|
||||||
"9eeddb03a1d2374af7bf77185577456237f9de2d60113c23f846df26fa942008",
|
|
||||||
"a698994c0827d90e86d43e0df7f4bfcdb09b86a373b98288b7094ad81a0185ac",
|
|
||||||
"100e4f2c5fc38c003c1ab6fea479eb2f5ebe48f584d7159b8ada03586e65ad9c",
|
|
||||||
"969f6aecbfe44cf356888a7b15a3ff074f771760b26f9c04884ee1faa329fbf4",
|
|
||||||
"e61af23aee7fa5d4d9a5dfcf43c4c26ce8aea2ce8a2990d7ba7b57108b47dabf",
|
|
||||||
"beadb2b25b3cacc1ac0cef346cbb90fb044beee4fac2603a442bdf7e507243b7",
|
|
||||||
"319c9944b1586e899d431c7f91bcccc8690dbf59b28386b2315f3d36ef2eaa3c",
|
|
||||||
"f30b2b51f48b71b003dfb08249484201043f65f5a3ef6bbd61ddfee81aca9ce6",
|
|
||||||
"0081262a00000480dcbc9a3da6fbef5c1c0a55e48a0e729f9184fcb1407c3152",
|
|
||||||
"9db268f6fe50032a363c9801306837fafabdf957fd97eafc80dbd165e435d0e2",
|
|
||||||
"dfd836a28b354023924b6fb7e48bc0b3ed95eea64c2d402f4d734c8dc26f3ac5",
|
|
||||||
"91825daef01eae3c38e3328d00a77dc657034f287ccb0f0e1c9a7cbdc828f627",
|
|
||||||
"205e4737b84b58376551d44c12c3c215c812a0970789c83de51d6ad787271963",
|
|
||||||
"327f0a5fbb6b5907dec02c9a90934af5a1c63b72c82653605d1dcce51596b3c2",
|
|
||||||
"b45696689f2eb382007497557692caac4d57b5de9f5569bc2ad0137fd47fb47e",
|
|
||||||
"664fcb6db4971f5b3e07aceda9ac130e9f38182de994cff192ec0e82fd6d4cb7",
|
|
||||||
"f3fe00812589b7a7ce515440456433016b84a59bec6619a1c6c0b37dd1450ed4",
|
|
||||||
"f2d8b584410ceda8025f5d2d8dd0d2176fc1cf2cc06fa8c82bed4d944e71339e",
|
|
||||||
"ce780fd025bd41ec34ebff9d4270a3224e019fcb444474d482fd2dbe75efb203",
|
|
||||||
"89cc10cd600abb54c47ede93e08c114edb04117d714dc1d525e11bed8756192f",
|
|
||||||
"929d15462b939ff3f52f2252da2ed64d8fae88818b1efa2c7b08c8794fb1b214",
|
|
||||||
"aa233db3162833141ea4383f1a6f120be1db82ce3630b3429114463157a64e91",
|
|
||||||
"234d475e2f79cbf05e4db6a9407d72c6bff7d1198b5c4d6aad2831db61274993",
|
|
||||||
"715a0182c7dc8089e32c8531deed4f7431c07c02195eba2ef91efb5613c37af7",
|
|
||||||
"ae0c066babc69369700e1dd26eddc0d216c781d56e4ce47e3303fa73007ff7b9",
|
|
||||||
"49ef23be2aa4dbf25206fe45c20dd888395b2526391a724996a44156beac8082",
|
|
||||||
"12858792bf8e74cba49dee5e8812e019da87454bff9e847ed83db07af3137430",
|
|
||||||
"82f880a278f682c2bd0ad6887cb59f652e155987d61bbf6a88d36ee93b6072e6",
|
|
||||||
"656d9ccbaae3d655852e38deb3a2dcf8058dc9fb6f2ab3d3b3539eb77b248a66",
|
|
||||||
"1091d05eb6e2f297774fe6053598457cc61908318de4b826f0fc86d4bb117d33",
|
|
||||||
"e865aa805009cc2918d9c2f840c4da43a703ad9f5b5806163d7161696b5a0adc",
|
|
||||||
};
|
|
||||||
int sig1_lms_type = LMS_SHA256_M32_H5;
|
|
||||||
char *sig1_path[5] = {
|
|
||||||
"d5c0d1bebb06048ed6fe2ef2c6cef305b3ed633941ebc8b3bec9738754cddd60",
|
|
||||||
"e1920ada52f43d055b5031cee6192520d6a5115514851ce7fd448d4a39fae2ab",
|
|
||||||
"2335b525f484e9b40d6a4a969394843bdcf6d14c48e8015e08ab92662c05c6e9",
|
|
||||||
"f90b65a7a6201689999f32bfd368e5e3ec9cb70ac7b8399003f175c40885081a",
|
|
||||||
"09ab3034911fe125631051df0408b3946b0bde790911e8978ba07dd56c73e7ee",
|
|
||||||
};
|
|
||||||
|
|
||||||
HSS_KEY key;
|
HSS_KEY key;
|
||||||
HSS_SIGNATURE sig;
|
HSS_SIGNATURE sig;
|
||||||
LMS_SIGNATURE *lms_sig;
|
HSS_SIGN_CTX ctx;
|
||||||
LMS_PUBLIC_KEY *lms_pub;
|
uint8_t pub[HSS_PUBLIC_KEY_SIZE];
|
||||||
|
uint8_t sigbuf[HSS_SIGNATURE_MAX_SIZE];
|
||||||
|
uint8_t data[162];
|
||||||
|
const uint8_t *cp;
|
||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
// hss public key
|
hex_to_bytes(sm3_hss_public_key, strlen(sm3_hss_public_key), pub, &len);
|
||||||
memset(&key, 0, sizeof(key));
|
if (len != HSS_PUBLIC_KEY_SIZE) {
|
||||||
key.levels = levels;
|
error_print();
|
||||||
lms_pub = &key.lms_key[0].public_key;
|
return -1;
|
||||||
lms_pub->lms_type = lms_type;
|
|
||||||
lms_pub->lmots_type = lmots_type;
|
|
||||||
hex_to_bytes(I, strlen(I), lms_pub->I, &len);
|
|
||||||
hex_to_bytes(K, strlen(K), lms_pub->root, &len);
|
|
||||||
|
|
||||||
// hss signature
|
|
||||||
memset(&sig, 0, sizeof(sig));
|
|
||||||
sig.num_signed_public_keys = Nspk;
|
|
||||||
|
|
||||||
// sig[0]
|
|
||||||
lms_sig = &sig.signed_public_keys[0].lms_sig;
|
|
||||||
lms_sig->q = sig0_q;
|
|
||||||
lms_sig->lmots_sig.lmots_type = sig0_lmots_type;
|
|
||||||
hex_to_bytes(sig0_C, 64, lms_sig->lmots_sig.C, &len);
|
|
||||||
for (i = 0; i < 34; i++) {
|
|
||||||
hex_to_bytes(sig0_y[i], 64, lms_sig->lmots_sig.y[i], &len);
|
|
||||||
}
|
}
|
||||||
lms_sig->lms_type = sig0_lms_type;
|
cp = pub;
|
||||||
for (i = 0; i < 5; i++) {
|
if (hss_public_key_from_bytes(&key, &cp, &len) != 1 || len != 0) {
|
||||||
hex_to_bytes(sig0_path[i], 64, lms_sig->path[i], &len);
|
error_print();
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
// pub[0]
|
hex_to_bytes(sm3_hss_signature, strlen(sm3_hss_signature), sigbuf, &len);
|
||||||
lms_pub = &sig.signed_public_keys[0].lms_public_key;
|
cp = sigbuf;
|
||||||
lms_pub->lms_type = pub0_lms_type;
|
if (hss_signature_from_bytes(&sig, &cp, &len) != 1 || len != 0) {
|
||||||
lms_pub->lmots_type = pub0_lmots_type;
|
error_print();
|
||||||
hex_to_bytes(pub0_I, 32, lms_pub->I, &len);
|
return -1;
|
||||||
hex_to_bytes(pub0_K, 64, lms_pub->root, &len);
|
|
||||||
|
|
||||||
// sig[1]
|
|
||||||
lms_sig = &sig.msg_lms_sig;
|
|
||||||
lms_sig->q = sig1_q;
|
|
||||||
lms_sig->lmots_sig.lmots_type = sig1_lmots_type;
|
|
||||||
hex_to_bytes(sig1_C, 64, lms_sig->lmots_sig.C, &len);
|
|
||||||
for (i = 0; i < 34; i++) {
|
|
||||||
hex_to_bytes(sig1_y[i], 64, lms_sig->lmots_sig.y[i], &len);
|
|
||||||
}
|
}
|
||||||
lms_sig->lms_type = sig1_lms_type;
|
|
||||||
for (i = 0; i < 5; i++) {
|
|
||||||
hex_to_bytes(sig1_path[i], 64, lms_sig->path[i], &len);
|
|
||||||
}
|
|
||||||
|
|
||||||
hss_public_key_print(stderr, 0, 0, "hss_public_key", &key);
|
|
||||||
|
|
||||||
hss_signature_print_ex(stderr, 0, 0, "hss_signature", &sig);
|
|
||||||
|
|
||||||
|
|
||||||
HSS_SIGN_CTX ctx;
|
|
||||||
uint8_t data[162];
|
|
||||||
|
|
||||||
hex_to_bytes(msg, strlen(msg), data, &len);
|
hex_to_bytes(msg, strlen(msg), data, &len);
|
||||||
|
|
||||||
@@ -251,19 +187,18 @@ static int test_rfc8554_test1(void)
|
|||||||
printf("%s() ok\n", __FUNCTION__);
|
printf("%s() ok\n", __FUNCTION__);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
static int test_sm3_lmots(void)
|
static int test_sm3_lmots(void)
|
||||||
{
|
{
|
||||||
lms_hash256_t seed = {0}; // TODO: change to test vector
|
lms_sm3_digest_t seed = {0}; // TODO: change to test vector
|
||||||
uint8_t I[16] = {0};
|
uint8_t I[16] = {0};
|
||||||
int q = 0;
|
int q = 0;
|
||||||
lms_hash256_t dgst = {0};
|
lms_sm3_digest_t dgst = {0};
|
||||||
lms_hash256_t x[34];
|
lms_sm3_digest_t x[34];
|
||||||
lms_hash256_t y[34];
|
lms_sm3_digest_t y[34];
|
||||||
lms_hash256_t pub;
|
lms_sm3_digest_t pub;
|
||||||
lms_hash256_t pub2;
|
lms_sm3_digest_t pub2;
|
||||||
|
|
||||||
lmots_derive_secrets(seed, I, q, x); // TODO: compare results with test vector
|
lmots_derive_secrets(seed, I, q, x); // TODO: compare results with test vector
|
||||||
lmots_secrets_to_public_hash(I, q, x, pub); // TODO: compare results with test vector
|
lmots_secrets_to_public_hash(I, q, x, pub); // TODO: compare results with test vector
|
||||||
@@ -282,14 +217,14 @@ static int test_sm3_lmots(void)
|
|||||||
|
|
||||||
static int test_lms_derive_merkle_root(void)
|
static int test_lms_derive_merkle_root(void)
|
||||||
{
|
{
|
||||||
lms_hash256_t seed = {0}; // TODO: change to test vector
|
lms_sm3_digest_t seed = {0}; // TODO: change to test vector
|
||||||
uint8_t I[16] = {0};
|
uint8_t I[16] = {0};
|
||||||
int h = 5;
|
int h = 5;
|
||||||
int n = 1<<h;
|
int n = 1<<h;
|
||||||
lms_hash256_t *tree = NULL;
|
lms_sm3_digest_t *tree = NULL;
|
||||||
lms_hash256_t root;
|
lms_sm3_digest_t root;
|
||||||
|
|
||||||
if (!(tree = (lms_hash256_t *)malloc(sizeof(lms_hash256_t)*(2*n - 1)))) {
|
if (!(tree = (lms_sm3_digest_t *)malloc(sizeof(lms_sm3_digest_t)*(2*n - 1)))) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -385,11 +320,11 @@ static int test_lms_key_to_bytes(void)
|
|||||||
static int test_lms_signature_size(void)
|
static int test_lms_signature_size(void)
|
||||||
{
|
{
|
||||||
int lms_types[] = {
|
int lms_types[] = {
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
LMS_HASH256_M32_H10,
|
LMS_SM3_M32_H10,
|
||||||
LMS_HASH256_M32_H15,
|
LMS_SM3_M32_H15,
|
||||||
LMS_HASH256_M32_H20,
|
LMS_SM3_M32_H20,
|
||||||
LMS_HASH256_M32_H25,
|
LMS_SM3_M32_H25,
|
||||||
};
|
};
|
||||||
size_t siglens[] = {
|
size_t siglens[] = {
|
||||||
1292,
|
1292,
|
||||||
@@ -419,11 +354,11 @@ static int test_lms_signature_size(void)
|
|||||||
static int test_hss_signature_size(void)
|
static int test_hss_signature_size(void)
|
||||||
{
|
{
|
||||||
int lms_types[] = {
|
int lms_types[] = {
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
LMS_HASH256_M32_H10,
|
LMS_SM3_M32_H10,
|
||||||
LMS_HASH256_M32_H15,
|
LMS_SM3_M32_H15,
|
||||||
LMS_HASH256_M32_H20,
|
LMS_SM3_M32_H20,
|
||||||
LMS_HASH256_M32_H25,
|
LMS_SM3_M32_H25,
|
||||||
};
|
};
|
||||||
size_t siglens[] = {
|
size_t siglens[] = {
|
||||||
4 + 1292,
|
4 + 1292,
|
||||||
@@ -534,7 +469,7 @@ static int test_lms_sign(void)
|
|||||||
|
|
||||||
static int test_lms_max_sigs(void)
|
static int test_lms_max_sigs(void)
|
||||||
{
|
{
|
||||||
int lms_type = LMS_HASH256_M32_H5;
|
int lms_type = LMS_SM3_M32_H5;
|
||||||
int height = 5;
|
int height = 5;
|
||||||
LMS_KEY key;
|
LMS_KEY key;
|
||||||
LMS_SIGN_CTX ctx;
|
LMS_SIGN_CTX ctx;
|
||||||
@@ -583,8 +518,8 @@ static int test_hss_key_update_level1(void)
|
|||||||
memset(&key, 0, sizeof(HSS_KEY));
|
memset(&key, 0, sizeof(HSS_KEY));
|
||||||
|
|
||||||
key.levels = 1;
|
key.levels = 1;
|
||||||
key.lms_key[0].public_key.lms_type = LMS_HASH256_M32_H25;
|
key.lms_key[0].public_key.lms_type = LMS_SM3_M32_H25;
|
||||||
key.lms_key[0].public_key.lmots_type = LMOTS_HASH256_N32_W8;
|
key.lms_key[0].public_key.lmots_type = LMOTS_SM3_N32_W8;
|
||||||
key.lms_key[0].q = (1 << 25);
|
key.lms_key[0].q = (1 << 25);
|
||||||
|
|
||||||
// out of keys
|
// out of keys
|
||||||
@@ -600,8 +535,8 @@ static int test_hss_key_update_level1(void)
|
|||||||
static int test_hss_key_update_level2(void)
|
static int test_hss_key_update_level2(void)
|
||||||
{
|
{
|
||||||
int lms_types[] = {
|
int lms_types[] = {
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
};
|
};
|
||||||
HSS_KEY key;
|
HSS_KEY key;
|
||||||
int i;
|
int i;
|
||||||
@@ -667,11 +602,11 @@ static int test_hss_key_update_level2(void)
|
|||||||
static int test_hss_key_update_level5(void)
|
static int test_hss_key_update_level5(void)
|
||||||
{
|
{
|
||||||
int lms_types[] = {
|
int lms_types[] = {
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
LMS_HASH256_M32_H5,
|
LMS_SM3_M32_H5,
|
||||||
};
|
};
|
||||||
HSS_KEY key;
|
HSS_KEY key;
|
||||||
int i;
|
int i;
|
||||||
@@ -990,7 +925,7 @@ static int test_hss_sign(void)
|
|||||||
static int test_hss_public_key_algor(void)
|
static int test_hss_public_key_algor(void)
|
||||||
{
|
{
|
||||||
int lms_types[] = {
|
int lms_types[] = {
|
||||||
LMS_HASH256_M32_H5
|
LMS_SM3_M32_H5
|
||||||
};
|
};
|
||||||
HSS_KEY key;
|
HSS_KEY key;
|
||||||
uint8_t buf[512];
|
uint8_t buf[512];
|
||||||
@@ -1066,9 +1001,7 @@ static int test_hss_public_key_algor(void)
|
|||||||
int main(void)
|
int main(void)
|
||||||
{
|
{
|
||||||
if (test_print_consts() != 1) goto err;
|
if (test_print_consts() != 1) goto err;
|
||||||
#if defined(ENABLE_LMS_CROSSCHECK) && defined(ENABLE_SHA2)
|
if (test_sm3_hss_kat() != 1) goto err;
|
||||||
if (test_rfc8554_test1() != 1) goto err;
|
|
||||||
#endif
|
|
||||||
if (test_sm3_lmots() != 1) goto err;
|
if (test_sm3_lmots() != 1) goto err;
|
||||||
if (test_lms_derive_merkle_root() != 1) goto err;
|
if (test_lms_derive_merkle_root() != 1) goto err;
|
||||||
if (test_lms_key_generate() != 1) goto err;
|
if (test_lms_key_generate() != 1) goto err;
|
||||||
|
|||||||
@@ -22,13 +22,13 @@ static const char *usage = "-lms_types types -out file [-pubout file] [-verbose]
|
|||||||
static const char *options =
|
static const char *options =
|
||||||
"Options\n"
|
"Options\n"
|
||||||
" -lms_types types LMS Algorithm Types, start from level 0, seperate by ':'\n"
|
" -lms_types types LMS Algorithm Types, start from level 0, seperate by ':'\n"
|
||||||
" such as "LMS_HASH256_M32_H5_NAME":"LMS_HASH256_M32_H10_NAME"\n"
|
" such as "LMS_SM3_M32_H5_NAME":"LMS_SM3_M32_H10_NAME"\n"
|
||||||
" Supported types:\n"
|
" Supported types:\n"
|
||||||
" "LMS_HASH256_M32_H5_NAME"\n"
|
" "LMS_SM3_M32_H5_NAME"\n"
|
||||||
" "LMS_HASH256_M32_H10_NAME"\n"
|
" "LMS_SM3_M32_H10_NAME"\n"
|
||||||
" "LMS_HASH256_M32_H15_NAME"\n"
|
" "LMS_SM3_M32_H15_NAME"\n"
|
||||||
" "LMS_HASH256_M32_H20_NAME"\n"
|
" "LMS_SM3_M32_H20_NAME"\n"
|
||||||
" "LMS_HASH256_M32_H25_NAME"\n"
|
" "LMS_SM3_M32_H25_NAME"\n"
|
||||||
" -out file Output private key\n"
|
" -out file Output private key\n"
|
||||||
" -pubout file Output public key\n"
|
" -pubout file Output public key\n"
|
||||||
" -verbose Print public key\n"
|
" -verbose Print public key\n"
|
||||||
|
|||||||
@@ -22,11 +22,11 @@ static const char *usage = "-lms_type type -out file [-pubout file] [-verbose]\n
|
|||||||
static const char *options =
|
static const char *options =
|
||||||
"Options\n"
|
"Options\n"
|
||||||
" -lms_type type LMS Algorithm Type\n"
|
" -lms_type type LMS Algorithm Type\n"
|
||||||
" "LMS_HASH256_M32_H5_NAME"\n"
|
" "LMS_SM3_M32_H5_NAME"\n"
|
||||||
" "LMS_HASH256_M32_H10_NAME"\n"
|
" "LMS_SM3_M32_H10_NAME"\n"
|
||||||
" "LMS_HASH256_M32_H15_NAME"\n"
|
" "LMS_SM3_M32_H15_NAME"\n"
|
||||||
" "LMS_HASH256_M32_H20_NAME"\n"
|
" "LMS_SM3_M32_H20_NAME"\n"
|
||||||
" "LMS_HASH256_M32_H25_NAME"\n"
|
" "LMS_SM3_M32_H25_NAME"\n"
|
||||||
" -out file Output private key\n"
|
" -out file Output private key\n"
|
||||||
" -pubout file Output public key\n"
|
" -pubout file Output public key\n"
|
||||||
" -verbose Print public key\n"
|
" -verbose Print public key\n"
|
||||||
|
|||||||
Reference in New Issue
Block a user