1*47dd1d1bSDag-Erling Smørgrav #ifdef WITH_XMSS 2*47dd1d1bSDag-Erling Smørgrav /* $OpenBSD: xmss_wots.h,v 1.3 2018/02/26 12:14:53 dtucker Exp $ */ 3*47dd1d1bSDag-Erling Smørgrav /* 4*47dd1d1bSDag-Erling Smørgrav wots.h version 20160722 5*47dd1d1bSDag-Erling Smørgrav Andreas Hülsing 6*47dd1d1bSDag-Erling Smørgrav Joost Rijneveld 7*47dd1d1bSDag-Erling Smørgrav Public domain. 8*47dd1d1bSDag-Erling Smørgrav */ 9*47dd1d1bSDag-Erling Smørgrav 10*47dd1d1bSDag-Erling Smørgrav #ifndef WOTS_H 11*47dd1d1bSDag-Erling Smørgrav #define WOTS_H 12*47dd1d1bSDag-Erling Smørgrav 13*47dd1d1bSDag-Erling Smørgrav #ifdef HAVE_STDINT_H 14*47dd1d1bSDag-Erling Smørgrav #include "stdint.h" 15*47dd1d1bSDag-Erling Smørgrav #endif 16*47dd1d1bSDag-Erling Smørgrav 17*47dd1d1bSDag-Erling Smørgrav /** 18*47dd1d1bSDag-Erling Smørgrav * WOTS parameter set 19*47dd1d1bSDag-Erling Smørgrav * 20*47dd1d1bSDag-Erling Smørgrav * Meaning as defined in draft-irtf-cfrg-xmss-hash-based-signatures-02 21*47dd1d1bSDag-Erling Smørgrav */ 22*47dd1d1bSDag-Erling Smørgrav typedef struct { 23*47dd1d1bSDag-Erling Smørgrav uint32_t len_1; 24*47dd1d1bSDag-Erling Smørgrav uint32_t len_2; 25*47dd1d1bSDag-Erling Smørgrav uint32_t len; 26*47dd1d1bSDag-Erling Smørgrav uint32_t n; 27*47dd1d1bSDag-Erling Smørgrav uint32_t w; 28*47dd1d1bSDag-Erling Smørgrav uint32_t log_w; 29*47dd1d1bSDag-Erling Smørgrav uint32_t keysize; 30*47dd1d1bSDag-Erling Smørgrav } wots_params; 31*47dd1d1bSDag-Erling Smørgrav 32*47dd1d1bSDag-Erling Smørgrav /** 33*47dd1d1bSDag-Erling Smørgrav * Set the WOTS parameters, 34*47dd1d1bSDag-Erling Smørgrav * only m, n, w are required as inputs, 35*47dd1d1bSDag-Erling Smørgrav * len, len_1, and len_2 are computed from those. 36*47dd1d1bSDag-Erling Smørgrav * 37*47dd1d1bSDag-Erling Smørgrav * Assumes w is a power of 2 38*47dd1d1bSDag-Erling Smørgrav */ 39*47dd1d1bSDag-Erling Smørgrav void wots_set_params(wots_params *params, int n, int w); 40*47dd1d1bSDag-Erling Smørgrav 41*47dd1d1bSDag-Erling Smørgrav /** 42*47dd1d1bSDag-Erling Smørgrav * WOTS key generation. Takes a 32byte seed for the secret key, expands it to a full WOTS secret key and computes the corresponding public key. 43*47dd1d1bSDag-Erling Smørgrav * For this it takes the seed pub_seed which is used to generate bitmasks and hash keys and the address of this WOTS key pair addr 44*47dd1d1bSDag-Erling Smørgrav * 45*47dd1d1bSDag-Erling Smørgrav * params, must have been initialized before using wots_set params for params ! This is not done in this function 46*47dd1d1bSDag-Erling Smørgrav * 47*47dd1d1bSDag-Erling Smørgrav * Places the computed public key at address pk. 48*47dd1d1bSDag-Erling Smørgrav */ 49*47dd1d1bSDag-Erling Smørgrav void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]); 50*47dd1d1bSDag-Erling Smørgrav 51*47dd1d1bSDag-Erling Smørgrav /** 52*47dd1d1bSDag-Erling Smørgrav * Takes a m-byte message and the 32-byte seed for the secret key to compute a signature that is placed at "sig". 53*47dd1d1bSDag-Erling Smørgrav * 54*47dd1d1bSDag-Erling Smørgrav */ 55*47dd1d1bSDag-Erling Smørgrav int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]); 56*47dd1d1bSDag-Erling Smørgrav 57*47dd1d1bSDag-Erling Smørgrav /** 58*47dd1d1bSDag-Erling Smørgrav * Takes a WOTS signature, a m-byte message and computes a WOTS public key that it places at pk. 59*47dd1d1bSDag-Erling Smørgrav * 60*47dd1d1bSDag-Erling Smørgrav */ 61*47dd1d1bSDag-Erling Smørgrav int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]); 62*47dd1d1bSDag-Erling Smørgrav 63*47dd1d1bSDag-Erling Smørgrav #endif 64*47dd1d1bSDag-Erling Smørgrav #endif /* WITH_XMSS */ 65