Merge pull request #163 from cyyber/master

Parameterized w in WotsParam

Author: cyyber

src/qrl/xmssBase.cpp

@@ -16,7 +16,7 @@
 //    32 pub_seed
 //    32 root
 
-constexpr size_t SIGNATURE_BASE_SIZE  = 4+32+67*32;
+//constexpr size_t SIGNATURE_BASE_SIZE  = 4+32+67*32;
 
 constexpr size_t XMSS_MAX_HEIGHT=254;
 
@@ -66,14 +66,22 @@ XmssBase::XmssBase(const TSEED& extended_seed)
     _addrFormatType = desc.getAddrFormatType();
 }
 
-uint32_t XmssBase::getSignatureSize()
+uint32_t XmssBase::calculateSignatureBaseSize(uint32_t wotsParamW) {
+  wots_params wotsParams;
+  wots_set_params(&wotsParams, 32, wotsParamW);
+  return 4 + 32 + wotsParams.keysize;
+}
+
+uint32_t XmssBase::getSignatureSize(uint32_t wotsParamW)
 {
+    const uint32_t SIGNATURE_BASE_SIZE = calculateSignatureBaseSize(wotsParamW);
     // 4 + n + (len + h) * n)
     return static_cast<uint32_t>(SIGNATURE_BASE_SIZE+_height*32);
 }
 
-uint8_t XmssBase::getHeightFromSigSize(size_t sigSize)
+uint8_t XmssBase::getHeightFromSigSize(size_t sigSize, uint32_t wotsParamW)
 {
+    const uint32_t SIGNATURE_BASE_SIZE = calculateSignatureBaseSize(wotsParamW);
     if (sigSize < SIGNATURE_BASE_SIZE)
     {
         throw std::invalid_argument("Invalid signature size");
@@ -194,14 +202,15 @@ std::vector<uint8_t> XmssBase::getAddress()
 
 bool XmssBase::verify(const TMESSAGE& message,
         const TSIGNATURE& signature,
-        const TKEY& extended_pk)
+        const TKEY& extended_pk,
+        uint32_t wotsParamW)
 {
     try
     {
         if (extended_pk.size()!=67) {
             throw std::invalid_argument("Invalid extended_pk size. It should be 67 bytes");
         }
-
+        const uint32_t SIGNATURE_BASE_SIZE = calculateSignatureBaseSize(wotsParamW);
         if (signature.size()>SIGNATURE_BASE_SIZE+XMSS_MAX_HEIGHT*32)
         {
             throw std::invalid_argument("invalid signature size. Height<=254");
@@ -213,7 +222,8 @@ bool XmssBase::verify(const TMESSAGE& message,
             return false;
         }
 
-        const auto height = static_cast<const uint8_t> (XmssBase::getHeightFromSigSize(signature.size()));
+        const auto height = static_cast<const uint8_t> (XmssBase::getHeightFromSigSize(
+                signature.size(), wotsParamW));
 
         if (height==0 || desc.getHeight()!=height) {
             return false;
@@ -223,7 +233,7 @@ bool XmssBase::verify(const TMESSAGE& message,
 
         xmss_params params{};
         const uint32_t k = 2;
-        const uint32_t w = 16;
+        const uint32_t w = wotsParamW;
         const uint32_t n = 32;
 
         if (k>=height || (height-k)%2) {

src/qrl/xmssBase.h

@@ -40,7 +40,8 @@ class XmssBase {
 
     static bool verify(const TMESSAGE &message,
                        const TSIGNATURE &signature,
-                       const TKEY &pk);
+                       const TKEY &pk,
+                       uint32_t wotsParamW=16);
 
     // TODO: Differentiate between XMSS and WOTS+ keys
     TKEY getSK();
@@ -75,9 +76,11 @@ class XmssBase {
 
     virtual unsigned int setIndex(uint32_t new_index);
 
-    unsigned int getSignatureSize();
+    unsigned int getSignatureSize(uint32_t wotsParamW=16);
 
-    static uint8_t getHeightFromSigSize(size_t sigSize);
+    static uint32_t calculateSignatureBaseSize(uint32_t wotsParamW=16);
+
+    static uint8_t getHeightFromSigSize(size_t sigSize, uint32_t wotsParamW=16);
 
     unsigned int getSecretKeySize();
 

src/qrl/xmssBasic.cpp

@@ -9,7 +9,8 @@
 XmssBasic::XmssBasic(const TSEED &seed,
                      unsigned char height,
                      eHashFunction hashFunction,
-                     eAddrFormatType addrFormatType)
+                     eAddrFormatType addrFormatType,
+                     uint32_t wotsParamW)
         : XmssBase(seed, height, hashFunction, addrFormatType) {
 //    PK format
 //    32 root address
@@ -31,7 +32,7 @@ XmssBasic::XmssBasic(const TSEED &seed,
     }
 
     const uint32_t k = 2;
-    const uint32_t w = 16;
+    const uint32_t w = wotsParamW;
     const uint32_t n = 32;
 
     if (k >= height || (height - k) % 2) {
@@ -49,7 +50,7 @@ XmssBasic::XmssBasic(const TSEED &seed,
 
 
 TSIGNATURE XmssBasic::sign(const TMESSAGE &message) {
-    auto signature = TSIGNATURE(getSignatureSize(), 0);
+    auto signature = TSIGNATURE(getSignatureSize(params.wots_par.w), 0);
 
     xmss_Signmsg(_hashFunction,
                  &params,

src/qrl/xmssBasic.h

@@ -19,7 +19,8 @@ class XmssBasic : public ::XmssBase {
     XmssBasic(const TSEED &seed,
               unsigned char height,
               eHashFunction hashFunction,
-              eAddrFormatType addrFormatType);
+              eAddrFormatType addrFormatType,
+              uint32_t wotsParamW=16);
 
     TSIGNATURE sign(const TMESSAGE &message) override;
 };

src/qrl/xmssFast.cpp

@@ -10,22 +10,22 @@ XmssFast::XmssFast(const TSEED &seed,
                    eAddrFormatType addrFormatType)
     : XmssBase(seed, height, hashFunction, addrFormatType)
 {
-    _initialize_tree();
+    initialize_tree();
 }
 
 XmssFast::XmssFast(const TSEED& extended_seed)
     : XmssBase(extended_seed)
 {
-    _initialize_tree();
+    initialize_tree();
 }
 
-void XmssFast::_initialize_tree()
+void XmssFast::initialize_tree(uint32_t wotsParamW)
 {
     _sk = TKEY(132, 0);
     auto tmp = TKEY(64, 0);
 
     const uint32_t k = 2;
-    const uint32_t w = 16;
+    const uint32_t w = wotsParamW;
     const uint32_t n = 32;
 
     if (k >= _height || (_height - k) % 2) {
@@ -78,7 +78,7 @@ unsigned int XmssFast::setIndex(unsigned int new_index)
 
 TSIGNATURE XmssFast::sign(const TMESSAGE &message)
 {
-    auto signature = TSIGNATURE(getSignatureSize(), 0);
+    auto signature = TSIGNATURE(getSignatureSize(params.wots_par.w), 0);
 
     auto index = getIndex();
     setIndex(index);

src/qrl/xmssFast.h

@@ -10,8 +10,8 @@
 #include <xmss-alt/algsxmss_fast.h>
 
 class XmssFast : public XmssBase {
-    void _initialize_tree();
 public:
+    void initialize_tree(uint32_t wotsParamW = 16);
     XmssFast(const TSEED& seed,
             unsigned char height,
             eHashFunction hashFunction = eHashFunction::SHAKE_128,

src/xmss-alt/xmss_common.c

@@ -138,7 +138,7 @@ int xmss_Verifysig(eHashFunction hash_func,
                    const unsigned char *pk,
                    unsigned char h) {
 
-    auto sig_msg_len = static_cast<unsigned long long int>(4 + 32 + 67 * 32 + h * 32);
+    auto sig_msg_len = static_cast<unsigned long long int>(4 + 32 + wotsParams->len * 32 + h * 32);
 
     uint32_t n = wotsParams->n;
 

tests/cpp/qrl/xmssFast_test.cpp

@@ -101,6 +101,69 @@ TEST(XmssFast, Verify)
     EXPECT_FALSE(XmssBasic::verify(data, signature, xmss.getPK()));
 }
 
+TEST(XmssFast, SignWithW4)
+{
+    std::vector<unsigned char> seed(48, 0);
+
+    XmssFast xmss(seed, XMSS_HEIGHT);
+    xmss.initialize_tree(4);
+
+    std::string message = "This is a test message";
+    std::vector<unsigned char> data(message.begin(), message.end());
+    EXPECT_EQ(xmss.getIndex(), 0);
+
+    auto signature = xmss.sign(data);
+
+    std::cout << std::endl;
+    std::cout << std::endl;
+    std::cout << "data       :" << data.size() << " bytes\n" << bin2hstr(data, 64) << std::endl;
+    std::cout << "signature  :" << signature.size() << " bytes\n" << bin2hstr(signature, 64) << std::endl;
+    EXPECT_EQ(xmss.getIndex(), 1);
+
+    auto signature2 = xmss.sign(data);
+
+    std::cout << std::endl;
+    std::cout << std::endl;
+    std::cout << "data       :" << data.size() << " bytes\n" << bin2hstr(data, 64) << std::endl;
+    std::cout << "signature  :" << signature.size() << " bytes\n" << bin2hstr(signature, 64) << std::endl;
+
+    EXPECT_NE(bin2hstr(signature), bin2hstr(signature2));
+    EXPECT_EQ(xmss.getIndex(), 2);
+}
+
+TEST(XmssFast, VerifyWithW4)
+{
+    std::vector<unsigned char> seed(48, 0);
+
+    XmssBasic xmss(seed, 10, eHashFunction::SHA2_256,
+            eAddrFormatType::SHA256_2X, 4);
+
+    std::string message = "56454c9621c549cd05c112de496ba32f";
+
+    std::vector<unsigned char> data_ref(message.begin(), message.end());
+    std::vector<unsigned char> data = hstr2bin("56454c9621c549cd05c112de496ba32f");
+
+    auto pk = xmss.getPK();
+    auto sk = xmss.getSK();
+    std::cout << std::endl;
+    std::cout << "seed:" << seed.size() << " bytes\n" << bin2hstr(seed, 32) << std::endl;
+    std::cout << "pk  :" << pk.size() << " bytes\n" << bin2hstr(pk, 32) << std::endl;
+    std::cout << "sk  :" << sk.size() << " bytes\n" << bin2hstr(sk, 32) << std::endl;
+
+    auto signature = xmss.sign(data);
+
+    std::cout << std::endl;
+    std::cout << std::endl;
+    std::cout << "data       :" << data.size() << " bytes\n" << bin2hstr(data, 64) << std::endl;
+    std::cout << "signature  :" << signature.size() << " bytes\n" << bin2hstr(signature, 64) << std::endl;
+
+    EXPECT_TRUE(XmssBasic::verify(data, signature, pk, 4));
+    EXPECT_FALSE(XmssBasic::verify(data, signature, xmss.getPK()));
+
+    signature[1] += 1;
+    EXPECT_FALSE(XmssBasic::verify(data, signature, xmss.getPK(), 4));
+}
+
 TEST(XmssFast, SignIndexShift)
 {
     std::vector<unsigned char> seed(48, 0);