diff --git a/.clang-format b/.clang-format new file mode 100644 index 0000000..0b38cb0 --- /dev/null +++ b/.clang-format @@ -0,0 +1,225 @@ +--- +Language: Cpp +# BasedOnStyle: Mozilla +AccessModifierOffset: -2 +AlignAfterOpenBracket: Align +AlignArrayOfStructures: None +AlignConsecutiveAssignments: + Enabled: false + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: true +AlignConsecutiveBitFields: + Enabled: false + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: false +AlignConsecutiveDeclarations: + Enabled: false + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: false +AlignConsecutiveMacros: + Enabled: false + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: false +AlignEscapedNewlines: Right +AlignOperands: Align +AlignTrailingComments: + Kind: Always + OverEmptyLines: 0 +AllowAllArgumentsOnNextLine: true +AllowAllParametersOfDeclarationOnNextLine: false +AllowShortBlocksOnASingleLine: Never +AllowShortCaseLabelsOnASingleLine: false +AllowShortEnumsOnASingleLine: true +AllowShortFunctionsOnASingleLine: Inline +AllowShortIfStatementsOnASingleLine: Never +AllowShortLambdasOnASingleLine: All +AllowShortLoopsOnASingleLine: false +AlwaysBreakAfterDefinitionReturnType: TopLevel +AlwaysBreakAfterReturnType: TopLevel +AlwaysBreakBeforeMultilineStrings: false +AlwaysBreakTemplateDeclarations: Yes +AttributeMacros: + - __capability +BinPackArguments: false +BinPackParameters: false +BitFieldColonSpacing: Both +BraceWrapping: + AfterCaseLabel: false + AfterClass: true + AfterControlStatement: Never + AfterEnum: true + AfterExternBlock: true + AfterFunction: true + AfterNamespace: false + AfterObjCDeclaration: false + AfterStruct: true + AfterUnion: true + BeforeCatch: false + BeforeElse: false + BeforeLambdaBody: false + BeforeWhile: false + IndentBraces: false + SplitEmptyFunction: true + SplitEmptyRecord: false + SplitEmptyNamespace: true +BreakAfterAttributes: Never +BreakAfterJavaFieldAnnotations: false +BreakArrays: true +BreakBeforeBinaryOperators: None +BreakBeforeConceptDeclarations: Always +BreakBeforeBraces: Mozilla +BreakBeforeInlineASMColon: OnlyMultiline +BreakBeforeTernaryOperators: true +BreakConstructorInitializers: BeforeComma +BreakInheritanceList: BeforeComma +BreakStringLiterals: true +ColumnLimit: 160 +CommentPragmas: '^ IWYU pragma:' +CompactNamespaces: false +ConstructorInitializerIndentWidth: 2 +ContinuationIndentWidth: 2 +Cpp11BracedListStyle: false +DerivePointerAlignment: false +DisableFormat: false +EmptyLineAfterAccessModifier: Never +EmptyLineBeforeAccessModifier: LogicalBlock +ExperimentalAutoDetectBinPacking: false +FixNamespaceComments: false +ForEachMacros: + - foreach + - Q_FOREACH + - BOOST_FOREACH +IfMacros: + - KJ_IF_MAYBE +IncludeBlocks: Preserve +IncludeCategories: + - Regex: '^"(llvm|llvm-c|clang|clang-c)/' + Priority: 2 + SortPriority: 0 + CaseSensitive: false + - Regex: '^(<|"(gtest|gmock|isl|json)/)' + Priority: 3 + SortPriority: 0 + CaseSensitive: false + - Regex: '.*' + Priority: 1 + SortPriority: 0 + CaseSensitive: false +IncludeIsMainRegex: '(Test)?$' +IncludeIsMainSourceRegex: '' +IndentAccessModifiers: false +IndentCaseBlocks: false +IndentCaseLabels: true +IndentExternBlock: AfterExternBlock +IndentGotoLabels: true +IndentPPDirectives: None +IndentRequiresClause: true +IndentWidth: 2 +IndentWrappedFunctionNames: false +InsertBraces: false +InsertNewlineAtEOF: false +InsertTrailingCommas: None +IntegerLiteralSeparator: + Binary: 0 + BinaryMinDigits: 0 + Decimal: 0 + DecimalMinDigits: 0 + Hex: 0 + HexMinDigits: 0 +JavaScriptQuotes: Leave +JavaScriptWrapImports: true +KeepEmptyLinesAtTheStartOfBlocks: true +LambdaBodyIndentation: Signature +LineEnding: DeriveLF +MacroBlockBegin: '' +MacroBlockEnd: '' +MaxEmptyLinesToKeep: 1 +NamespaceIndentation: None +ObjCBinPackProtocolList: Auto +ObjCBlockIndentWidth: 2 +ObjCBreakBeforeNestedBlockParam: true +ObjCSpaceAfterProperty: true +ObjCSpaceBeforeProtocolList: false +PackConstructorInitializers: BinPack +PenaltyBreakAssignment: 2 +PenaltyBreakBeforeFirstCallParameter: 19 +PenaltyBreakComment: 300 +PenaltyBreakFirstLessLess: 120 +PenaltyBreakOpenParenthesis: 0 +PenaltyBreakString: 1000 +PenaltyBreakTemplateDeclaration: 10 +PenaltyExcessCharacter: 1000000 +PenaltyIndentedWhitespace: 0 +PenaltyReturnTypeOnItsOwnLine: 200 +PointerAlignment: Left +PPIndentWidth: -1 +QualifierAlignment: Leave +ReferenceAlignment: Pointer +ReflowComments: true +RemoveBracesLLVM: false +RemoveSemicolon: false +RequiresClausePosition: OwnLine +RequiresExpressionIndentation: OuterScope +SeparateDefinitionBlocks: Leave +ShortNamespaceLines: 1 +SortIncludes: CaseSensitive +SortJavaStaticImport: Before +SortUsingDeclarations: LexicographicNumeric +SpaceAfterCStyleCast: false +SpaceAfterLogicalNot: false +SpaceAfterTemplateKeyword: false +SpaceAroundPointerQualifiers: Default +SpaceBeforeAssignmentOperators: true +SpaceBeforeCaseColon: false +SpaceBeforeCpp11BracedList: false +SpaceBeforeCtorInitializerColon: true +SpaceBeforeInheritanceColon: true +SpaceBeforeParens: ControlStatements +SpaceBeforeParensOptions: + AfterControlStatements: true + AfterForeachMacros: true + AfterFunctionDefinitionName: false + AfterFunctionDeclarationName: false + AfterIfMacros: true + AfterOverloadedOperator: false + AfterRequiresInClause: false + AfterRequiresInExpression: false + BeforeNonEmptyParentheses: false +SpaceBeforeRangeBasedForLoopColon: true +SpaceBeforeSquareBrackets: false +SpaceInEmptyBlock: false +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInAngles: Never +SpacesInConditionalStatement: false +SpacesInContainerLiterals: true +SpacesInCStyleCastParentheses: false +SpacesInLineCommentPrefix: + Minimum: 1 + Maximum: -1 +SpacesInParentheses: false +SpacesInSquareBrackets: false +Standard: Latest +StatementAttributeLikeMacros: + - Q_EMIT +StatementMacros: + - Q_UNUSED + - QT_REQUIRE_VERSION +TabWidth: 8 +UseTab: Never +WhitespaceSensitiveMacros: + - BOOST_PP_STRINGIZE + - CF_SWIFT_NAME + - NS_SWIFT_NAME + - PP_STRINGIZE + - STRINGIZE +... + diff --git a/.github/workflows/test_ci.yml b/.github/workflows/test_ci.yml index 41df44f..0d46532 100644 --- a/.github/workflows/test_ci.yml +++ b/.github/workflows/test_ci.yml @@ -1,4 +1,4 @@ -name: Test SPHINCS+ using CI +name: Test SPHINCS+ Post-Quantum Digital Signature Scheme on: push: @@ -8,20 +8,30 @@ on: jobs: build: - - runs-on: ubuntu-20.04 + runs-on: ${{matrix.os}} + strategy: + matrix: + os: [ubuntu-latest, macos-latest] steps: - uses: actions/checkout@v3 - - name: Setup Compiler + # From https://github.com/marketplace/actions/actions-setup-cmake + - name: Setup CMake + uses: jwlawson/actions-setup-cmake@v1.13 + with: + cmake-version: 'latest' + - name: Setup Google-Test run: | - sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 10 - sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 9 - - name: Fetch Dependency - run: git submodule update --init - - name: Install Python dependencies - run: python3 -m pip install -r wrapper/python/requirements.txt --user - - name: Execute Tests - run: make - - name: Cleanup - run: make clean + pushd ~ + git clone https://github.com/google/googletest.git -b v1.14.0 + pushd googletest + mkdir build + pushd build + cmake .. -DBUILD_GMOCK=OFF + make + sudo make install + popd + popd + popd + - name: Execute Tests on ${{matrix.os}} + run: make -j diff --git a/Makefile b/Makefile index 212a278..302808e 100644 --- a/Makefile +++ b/Makefile @@ -1,35 +1,69 @@ CXX = g++ -CXXFLAGS = -std=c++20 -Wall -Wextra -pedantic -OPTFLAGS = -O3 -march=native -mtune=native -IFLAGS = -I ./include -DEP_IFLAGS = -I ./sha3/include +CXX_FLAGS = -std=c++20 +WARN_FLAGS = -Wall -Wextra -pedantic +OPT_FLAGS = -O3 -march=native +LINK_FLAGS = -flto -all: testing test_kat +SHA3_INC_DIR = ./sha3/include +I_FLAGS = -I ./include +DEP_IFLAGS = -I $(SHA3_INC_DIR) -wrapper/libsphincs+-shake.so: wrapper/sphincs+-shake.cpp include/*.hpp sha3/include/*.hpp - $(CXX) $(CXXFLAGS) $(OPTFLAGS) $(IFLAGS) $(DEP_IFLAGS) -fPIC --shared $< -o $@ +SRC_DIR = include +SPHINCS+_SOURCES := $(wildcard $(SRC_DIR)/*.hpp) +BUILD_DIR = build -lib: wrapper/libsphincs+-shake.so +TEST_DIR = tests +TEST_SOURCES := $(wildcard $(TEST_DIR)/*.cpp) +TEST_OBJECTS := $(addprefix $(BUILD_DIR)/, $(notdir $(patsubst %.cpp,%.o,$(TEST_SOURCES)))) +TEST_LINK_FLAGS = -lgtest -lgtest_main +TEST_BINARY = $(BUILD_DIR)/test.out -test/a.out: test/main.cpp include/*.hpp include/test/*.hpp sha3/include/*.hpp - $(CXX) $(CXXFLAGS) $(OPTFLAGS) $(IFLAGS) $(DEP_IFLAGS) $< -o $@ +BENCHMARK_DIR = benchmarks +BENCHMARK_SOURCES := $(wildcard $(BENCHMARK_DIR)/*.cpp) +BENCHMARK_OBJECTS := $(addprefix $(BUILD_DIR)/, $(notdir $(patsubst %.cpp,%.o,$(BENCHMARK_SOURCES)))) +BENCHMARK_LINK_FLAGS = -lbenchmark -lbenchmark_main -lpthread +BENCHMARK_BINARY = $(BUILD_DIR)/bench.out +PERF_LINK_FLAGS = -lbenchmark -lbenchmark_main -lpfm -lpthread +PERF_BINARY = $(BUILD_DIR)/perf.out -testing: test/a.out - ./$< +all: test -test_kat: - bash test_kat.sh +$(BUILD_DIR): + mkdir -p $@ -clean: - find . -name '*.out' -o -name '*.o' -o -name '*.so' -o -name '*.gch' | xargs rm -rf +$(SHA3_INC_DIR): + git submodule update --init + +$(BUILD_DIR)/%.o: $(TEST_DIR)/%.cpp $(BUILD_DIR) $(SHA3_INC_DIR) + $(CXX) $(CXX_FLAGS) $(WARN_FLAGS) $(OPT_FLAGS) $(I_FLAGS) $(DEP_IFLAGS) -c $< -o $@ + +$(TEST_BINARY): $(TEST_OBJECTS) + $(CXX) $(OPT_FLAGS) $(LINK_FLAGS) $^ $(TEST_LINK_FLAGS) -o $@ + +test: $(TEST_BINARY) + ./$< --gtest_shuffle --gtest_random_seed=0 + +$(BUILD_DIR)/%.o: $(BENCHMARK_DIR)/%.cpp $(BUILD_DIR) $(SHA3_INC_DIR) + $(CXX) $(CXX_FLAGS) $(WARN_FLAGS) $(OPT_FLAGS) $(I_FLAGS) $(DEP_IFLAGS) -c $< -o $@ -format: - find . -path ./sha3 -prune -name '*.cpp' -o -name '*.hpp' | xargs clang-format -i --style=Mozilla && python3 -m black wrapper/python/*.py +$(BENCHMARK_BINARY): $(BENCHMARK_OBJECTS) + $(CXX) $(OPT_FLAGS) $(LINK_FLAGS) $^ $(BENCHMARK_LINK_FLAGS) -o $@ -bench/a.out: bench/main.cpp include/*.hpp include/bench/*.hpp sha3/include/*.hpp - # make sure you've google-benchmark globally installed; - # see https://github.com/google/benchmark/tree/2257fa4#installation - $(CXX) $(CXXFLAGS) $(OPTFLAGS) $(IFLAGS) $(DEP_IFLAGS) $< -lbenchmark -o $@ +benchmark: $(BENCHMARK_BINARY) + # Must *not* build google-benchmark with libPFM + ./$< --benchmark_time_unit=ms --benchmark_min_warmup_time=.5 --benchmark_enable_random_interleaving=true --benchmark_repetitions=10 --benchmark_min_time=0.1s --benchmark_display_aggregates_only=true --benchmark_counters_tabular=true + +$(PERF_BINARY): $(BENCHMARK_OBJECTS) + $(CXX) $(OPT_FLAGS) $(LINK_FLAGS) $^ $(PERF_LINK_FLAGS) -o $@ + +perf: $(PERF_BINARY) + # Must build google-benchmark with libPFM, follow https://gist.github.com/itzmeanjan/05dc3e946f635d00c5e0b21aae6203a7 + ./$< --benchmark_time_unit=ms --benchmark_min_warmup_time=.5 --benchmark_enable_random_interleaving=true --benchmark_repetitions=10 --benchmark_min_time=0.1s --benchmark_display_aggregates_only=true --benchmark_counters_tabular=true --benchmark_perf_counters=CYCLES + +.PHONY: format clean + +clean: + rm -rf $(BUILD_DIR) -benchmark: bench/a.out - ./$< --benchmark_time_unit=ms --benchmark_counters_tabular=true +format: $(SPHINCS+_SOURCES) $(TEST_SOURCES) $(BENCHMARK_SOURCES) + clang-format -i $^ diff --git a/bench/README.md b/bench/README.md deleted file mode 100644 index 6baa54a..0000000 --- a/bench/README.md +++ /dev/null @@ -1,389 +0,0 @@ -## Benchmarking SPHINCS+ DSA - -For benchmarking SPHINCS+ implementation for different parameter sets ( as suggested in the specification's section 7.2 and table 3 ), you may issue - - -```bash -make benchmark -``` - -> **Note** - -> For benchmarking ensure presence of `google-benchmark` header & library in well known locations. - ->**Warning** - -> CPU frequency scaling based on demand **must** be disabled when collecting benchmark results, you may follow [this](https://github.com/google/benchmark/blob/2257fa4/docs/user_guide.md#disabling-cpu-frequency-scaling) guide for doing so. - -> **Note** - -> On x86_64 architecture average CPU cycle spent in keygen/ sign/ verify routine is measured using compiler built-in `__rdtsc`. I've tested it with both Clang and GCC. - -### On Intel(R) Core(TM) i5-8279U CPU @ 2.40GHz [ compiled with Clang ] - -```bash -2022-12-08T11:41:59+04:00 -Running ./bench/a.out -Run on (8 X 2400 MHz CPU s) -CPU Caches: - L1 Data 32 KiB - L1 Instruction 32 KiB - L2 Unified 256 KiB (x4) - L3 Unified 6144 KiB -Load Average: 1.46, 1.53, 1.69 --------------------------------------------------------------------------------------------------------------------------------------------- -Benchmark Time CPU Iterations average_cpu_cycles items_per_second --------------------------------------------------------------------------------------------------------------------------------------------- -bench_sphincs::keygen<16, 63, 7, 16, variant::robust> 210 ms 210 ms 3 504.931M 4.75978/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::robust> 1578 ms 1576 ms 1 3.78599G 0.63435/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::robust> 1.51 ms 1.51 ms 416 3.63011M 662.274/s -bench_sphincs::keygen<16, 63, 7, 16, variant::simple> 111 ms 111 ms 6 266.835M 9.00062/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::simple> 846 ms 845 ms 1 2.02988G 1.18341/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::simple> 0.850 ms 0.849 ms 876 2.03983M 1.17732k/s -bench_sphincs::keygen<16, 66, 22, 16, variant::robust> 3.33 ms 3.33 ms 211 7.99807M 300.396/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::robust> 75.8 ms 75.8 ms 9 181.994M 13.2003/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::robust> 4.96 ms 4.84 ms 138 11.9145M 206.514/s -bench_sphincs::keygen<16, 66, 22, 16, variant::simple> 1.80 ms 1.80 ms 393 4.31831M 556.671/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::simple> 40.6 ms 40.6 ms 17 97.456M 24.6474/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::simple> 2.37 ms 2.37 ms 288 5.68473M 422.546/s -bench_sphincs::keygen<24, 63, 7, 16, variant::robust> 312 ms 311 ms 2 747.875M 3.2126/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::robust> 2697 ms 2695 ms 1 6.47293G 0.371115/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::robust> 2.41 ms 2.40 ms 300 5.77255M 416.308/s -bench_sphincs::keygen<24, 63, 7, 16, variant::simple> 165 ms 164 ms 4 394.937M 6.08015/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::simple> 1498 ms 1480 ms 1 3.59627G 0.675678/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::simple> 1.25 ms 1.25 ms 613 2.99999M 800.775/s -bench_sphincs::keygen<24, 66, 22, 16, variant::robust> 4.85 ms 4.85 ms 140 11.6377M 206.35/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::robust> 121 ms 121 ms 6 290.756M 8.26078/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::robust> 6.95 ms 6.95 ms 102 16.6855M 143.928/s -bench_sphincs::keygen<24, 66, 22, 16, variant::simple> 2.69 ms 2.65 ms 266 6.46234M 377.866/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::simple> 66.4 ms 66.3 ms 10 159.457M 15.0779/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::simple> 3.50 ms 3.49 ms 197 8.39536M 286.143/s -bench_sphincs::keygen<32, 64, 8, 16, variant::robust> 202 ms 201 ms 3 483.93M 4.96475/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::robust> 2281 ms 2280 ms 1 5.47549G 0.438681/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::robust> 3.45 ms 3.44 ms 203 8.26846M 290.527/s -bench_sphincs::keygen<32, 64, 8, 16, variant::simple> 113 ms 113 ms 6 272.3M 8.84044/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::simple> 1287 ms 1286 ms 1 3.0882G 0.777884/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::simple> 1.80 ms 1.79 ms 378 4.31596M 557.136/s -bench_sphincs::keygen<32, 68, 17, 16, variant::robust> 12.7 ms 12.7 ms 56 30.4591M 78.8608/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::robust> 246 ms 246 ms 3 591.167M 4.06221/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::robust> 7.00 ms 7.00 ms 100 16.8086M 142.908/s -bench_sphincs::keygen<32, 68, 17, 16, variant::simple> 6.75 ms 6.75 ms 100 16.1965M 148.237/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::simple> 136 ms 136 ms 5 327.065M 7.34905/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::simple> 3.56 ms 3.55 ms 190 8.53629M 281.395/s -``` - -### On ARM Cortex-A72 [ compiled with GCC ] - -```bash -2022-12-08T07:14:45+00:00 -Running ./bench/a.out -Run on (16 X 166.66 MHz CPU s) -CPU Caches: - L1 Data 32 KiB (x16) - L1 Instruction 48 KiB (x16) - L2 Unified 2048 KiB (x4) -Load Average: 0.22, 0.05, 0.02 -------------------------------------------------------------------------------------------------------------------------- -Benchmark Time CPU Iterations items_per_second -------------------------------------------------------------------------------------------------------------------------- -bench_sphincs::keygen<16, 63, 7, 16, variant::robust> 690 ms 690 ms 1 1.44943/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::robust> 5161 ms 5161 ms 1 0.193771/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::robust> 5.06 ms 5.06 ms 124 197.787/s -bench_sphincs::keygen<16, 63, 7, 16, variant::simple> 361 ms 361 ms 2 2.77299/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::simple> 2737 ms 2737 ms 1 0.365373/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::simple> 2.64 ms 2.64 ms 255 379.344/s -bench_sphincs::keygen<16, 66, 22, 16, variant::robust> 10.8 ms 10.8 ms 65 92.7138/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::robust> 249 ms 249 ms 3 4.02112/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::robust> 15.5 ms 15.5 ms 46 64.6147/s -bench_sphincs::keygen<16, 66, 22, 16, variant::simple> 5.65 ms 5.64 ms 124 177.149/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::simple> 131 ms 131 ms 5 7.60953/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::simple> 8.28 ms 8.28 ms 90 120.828/s -bench_sphincs::keygen<24, 63, 7, 16, variant::robust> 1006 ms 1006 ms 1 0.99375/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::robust> 8757 ms 8756 ms 1 0.114201/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::robust> 7.83 ms 7.83 ms 85 127.773/s -bench_sphincs::keygen<24, 63, 7, 16, variant::simple> 526 ms 526 ms 1 1.90001/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::simple> 4702 ms 4702 ms 1 0.212686/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::simple> 3.96 ms 3.96 ms 180 252.54/s -bench_sphincs::keygen<24, 66, 22, 16, variant::robust> 15.7 ms 15.7 ms 44 63.5635/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::robust> 395 ms 395 ms 2 2.53044/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::robust> 22.2 ms 22.2 ms 30 45.0619/s -bench_sphincs::keygen<24, 66, 22, 16, variant::simple> 8.23 ms 8.23 ms 85 121.451/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::simple> 212 ms 212 ms 3 4.71934/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::simple> 11.9 ms 11.9 ms 59 83.9878/s -bench_sphincs::keygen<32, 64, 8, 16, variant::robust> 663 ms 663 ms 1 1.50882/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::robust> 7478 ms 7478 ms 1 0.13373/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::robust> 11.1 ms 11.1 ms 62 89.8732/s -bench_sphincs::keygen<32, 64, 8, 16, variant::simple> 347 ms 347 ms 2 2.88308/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::simple> 4098 ms 4098 ms 1 0.244038/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::simple> 5.98 ms 5.98 ms 119 167.177/s -bench_sphincs::keygen<32, 68, 17, 16, variant::robust> 41.4 ms 41.4 ms 17 24.1373/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::robust> 812 ms 812 ms 1 1.23187/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::robust> 22.9 ms 22.9 ms 30 43.6005/s -bench_sphincs::keygen<32, 68, 17, 16, variant::simple> 21.7 ms 21.7 ms 32 46.1087/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::simple> 434 ms 434 ms 2 2.30276/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::simple> 12.1 ms 12.1 ms 59 82.582/s -``` - -### On ARM Cortex-A72 [ compiled with Clang ] - -```bash -2022-12-08T07:19:19+00:00 -Running ./bench/a.out -Run on (16 X 166.66 MHz CPU s) -CPU Caches: - L1 Data 32 KiB (x16) - L1 Instruction 48 KiB (x16) - L2 Unified 2048 KiB (x4) -Load Average: 0.45, 0.42, 0.19 -------------------------------------------------------------------------------------------------------------------------- -Benchmark Time CPU Iterations items_per_second -------------------------------------------------------------------------------------------------------------------------- -bench_sphincs::keygen<16, 63, 7, 16, variant::robust> 497 ms 497 ms 2 2.01115/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::robust> 3736 ms 3736 ms 1 0.267672/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::robust> 3.84 ms 3.84 ms 186 260.496/s -bench_sphincs::keygen<16, 63, 7, 16, variant::simple> 264 ms 264 ms 3 3.7854/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::simple> 2007 ms 2007 ms 1 0.49837/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::simple> 2.12 ms 2.12 ms 342 472.809/s -bench_sphincs::keygen<16, 66, 22, 16, variant::robust> 7.78 ms 7.78 ms 90 128.543/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::robust> 180 ms 180 ms 4 5.55778/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::robust> 10.8 ms 10.8 ms 61 92.2158/s -bench_sphincs::keygen<16, 66, 22, 16, variant::simple> 4.14 ms 4.14 ms 169 241.631/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::simple> 96.4 ms 96.4 ms 7 10.3727/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::simple> 5.63 ms 5.63 ms 125 177.624/s -bench_sphincs::keygen<24, 63, 7, 16, variant::robust> 728 ms 728 ms 1 1.37326/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::robust> 6340 ms 6339 ms 1 0.157744/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::robust> 5.53 ms 5.53 ms 132 180.678/s -bench_sphincs::keygen<24, 63, 7, 16, variant::simple> 385 ms 385 ms 2 2.59551/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::simple> 3449 ms 3449 ms 1 0.289948/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::simple> 2.83 ms 2.83 ms 242 352.911/s -bench_sphincs::keygen<24, 66, 22, 16, variant::robust> 11.4 ms 11.4 ms 61 87.8068/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::robust> 287 ms 287 ms 2 3.4806/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::robust> 16.8 ms 16.8 ms 43 59.6386/s -bench_sphincs::keygen<24, 66, 22, 16, variant::simple> 6.03 ms 6.03 ms 116 165.795/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::simple> 155 ms 155 ms 5 6.44817/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::simple> 8.26 ms 8.26 ms 85 121.002/s -bench_sphincs::keygen<32, 64, 8, 16, variant::robust> 480 ms 480 ms 2 2.08456/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::robust> 5444 ms 5444 ms 1 0.18369/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::robust> 8.36 ms 8.36 ms 85 119.586/s -bench_sphincs::keygen<32, 64, 8, 16, variant::simple> 254 ms 254 ms 3 3.94247/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::simple> 3011 ms 3010 ms 1 0.332173/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::simple> 4.29 ms 4.29 ms 166 232.98/s -bench_sphincs::keygen<32, 68, 17, 16, variant::robust> 30.0 ms 30.0 ms 23 33.3402/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::robust> 589 ms 589 ms 1 1.69912/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::robust> 16.6 ms 16.6 ms 43 60.3322/s -bench_sphincs::keygen<32, 68, 17, 16, variant::simple> 15.9 ms 15.9 ms 44 63.0379/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::simple> 318 ms 318 ms 2 3.14367/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::simple> 8.58 ms 8.58 ms 82 116.516/s -``` - -### On ARM Neoverse-V1 [ compiled with GCC ] - -```bash -2022-12-08T07:25:49+00:00 -Running ./bench/a.out -Run on (64 X 2100 MHz CPU s) -CPU Caches: - L1 Data 64 KiB (x64) - L1 Instruction 64 KiB (x64) - L2 Unified 1024 KiB (x64) - L3 Unified 32768 KiB (x1) -Load Average: 0.17, 0.07, 0.02 -------------------------------------------------------------------------------------------------------------------------- -Benchmark Time CPU Iterations items_per_second -------------------------------------------------------------------------------------------------------------------------- -bench_sphincs::keygen<16, 63, 7, 16, variant::robust> 429 ms 429 ms 2 2.33332/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::robust> 3229 ms 3229 ms 1 0.309693/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::robust> 3.50 ms 3.50 ms 219 285.916/s -bench_sphincs::keygen<16, 63, 7, 16, variant::simple> 222 ms 222 ms 3 4.49637/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::simple> 1687 ms 1687 ms 1 0.592607/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::simple> 1.59 ms 1.59 ms 430 627.559/s -bench_sphincs::keygen<16, 66, 22, 16, variant::robust> 6.70 ms 6.70 ms 104 149.321/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::robust> 155 ms 155 ms 5 6.44058/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::robust> 9.90 ms 9.90 ms 74 100.969/s -bench_sphincs::keygen<16, 66, 22, 16, variant::simple> 3.48 ms 3.48 ms 201 287.514/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::simple> 80.1 ms 80.1 ms 9 12.4882/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::simple> 4.66 ms 4.66 ms 142 214.575/s -bench_sphincs::keygen<24, 63, 7, 16, variant::robust> 625 ms 625 ms 1 1.60118/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::robust> 5503 ms 5503 ms 1 0.181731/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::robust> 4.59 ms 4.59 ms 146 217.892/s -bench_sphincs::keygen<24, 63, 7, 16, variant::simple> 323 ms 323 ms 2 3.0962/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::simple> 2911 ms 2911 ms 1 0.343579/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::simple> 2.48 ms 2.48 ms 290 403.089/s -bench_sphincs::keygen<24, 66, 22, 16, variant::robust> 9.76 ms 9.76 ms 72 102.41/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::robust> 248 ms 248 ms 3 4.02659/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::robust> 13.8 ms 13.8 ms 50 72.3611/s -bench_sphincs::keygen<24, 66, 22, 16, variant::simple> 5.05 ms 5.05 ms 139 198.04/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::simple> 132 ms 132 ms 5 7.56995/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::simple> 7.11 ms 7.11 ms 97 140.567/s -bench_sphincs::keygen<32, 64, 8, 16, variant::robust> 408 ms 408 ms 2 2.44808/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::robust> 4615 ms 4615 ms 1 0.216699/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::robust> 6.82 ms 6.82 ms 104 146.581/s -bench_sphincs::keygen<32, 64, 8, 16, variant::simple> 213 ms 213 ms 3 4.68975/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::simple> 2516 ms 2516 ms 1 0.397503/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::simple> 3.59 ms 3.59 ms 197 278.809/s -bench_sphincs::keygen<32, 68, 17, 16, variant::robust> 25.5 ms 25.5 ms 27 39.1657/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::robust> 505 ms 505 ms 1 1.98033/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::robust> 14.2 ms 14.2 ms 49 70.4305/s -bench_sphincs::keygen<32, 68, 17, 16, variant::simple> 13.3 ms 13.3 ms 53 75.0293/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::simple> 268 ms 268 ms 3 3.72861/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::simple> 7.20 ms 7.20 ms 96 138.893/s -``` - -### On ARM Neoverse-V1 [ compiled with Clang ] - -```bash -2022-12-08T07:30:20+00:00 -Running ./bench/a.out -Run on (64 X 2100 MHz CPU s) -CPU Caches: - L1 Data 64 KiB (x64) - L1 Instruction 64 KiB (x64) - L2 Unified 1024 KiB (x64) - L3 Unified 32768 KiB (x1) -Load Average: 0.25, 0.30, 0.15 -------------------------------------------------------------------------------------------------------------------------- -Benchmark Time CPU Iterations items_per_second -------------------------------------------------------------------------------------------------------------------------- -bench_sphincs::keygen<16, 63, 7, 16, variant::robust> 219 ms 219 ms 3 4.57051/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::robust> 1638 ms 1638 ms 1 0.610629/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::robust> 1.63 ms 1.63 ms 401 613.046/s -bench_sphincs::keygen<16, 63, 7, 16, variant::simple> 112 ms 112 ms 6 8.90044/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::simple> 857 ms 857 ms 1 1.16748/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::simple> 0.865 ms 0.865 ms 894 1.15575k/s -bench_sphincs::keygen<16, 66, 22, 16, variant::robust> 3.42 ms 3.42 ms 205 292.156/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::robust> 78.8 ms 78.8 ms 9 12.6943/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::robust> 4.73 ms 4.73 ms 145 211.375/s -bench_sphincs::keygen<16, 66, 22, 16, variant::simple> 1.76 ms 1.76 ms 398 568.252/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::simple> 41.1 ms 41.1 ms 17 24.3162/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::simple> 2.45 ms 2.45 ms 278 407.522/s -bench_sphincs::keygen<24, 63, 7, 16, variant::robust> 325 ms 325 ms 2 3.07811/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::robust> 2818 ms 2818 ms 1 0.354913/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::robust> 2.42 ms 2.42 ms 288 413.237/s -bench_sphincs::keygen<24, 63, 7, 16, variant::simple> 166 ms 166 ms 4 6.00926/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::simple> 1496 ms 1496 ms 1 0.668515/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::simple> 1.19 ms 1.19 ms 570 842.204/s -bench_sphincs::keygen<24, 66, 22, 16, variant::robust> 5.08 ms 5.08 ms 138 196.908/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::robust> 129 ms 129 ms 5 7.77763/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::robust> 7.16 ms 7.16 ms 99 139.722/s -bench_sphincs::keygen<24, 66, 22, 16, variant::simple> 2.60 ms 2.60 ms 269 384.12/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::simple> 67.3 ms 67.3 ms 10 14.8624/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::simple> 3.62 ms 3.62 ms 196 275.885/s -bench_sphincs::keygen<32, 64, 8, 16, variant::robust> 211 ms 211 ms 3 4.73802/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::robust> 2388 ms 2388 ms 1 0.418753/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::robust> 3.62 ms 3.62 ms 193 276.214/s -bench_sphincs::keygen<32, 64, 8, 16, variant::simple> 109 ms 109 ms 6 9.13816/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::simple> 1300 ms 1300 ms 1 0.769031/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::simple> 1.76 ms 1.76 ms 400 568.922/s -bench_sphincs::keygen<32, 68, 17, 16, variant::robust> 13.2 ms 13.2 ms 53 75.7917/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::robust> 260 ms 260 ms 3 3.83998/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::robust> 7.25 ms 7.25 ms 96 137.877/s -bench_sphincs::keygen<32, 68, 17, 16, variant::simple> 6.84 ms 6.84 ms 102 146.158/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::simple> 136 ms 136 ms 5 7.37617/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::simple> 3.49 ms 3.49 ms 191 286.591/s -``` - -### On Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz [ compiled with GCC ] - -```bash -2022-12-08T07:34:43+00:00 -Running ./bench/a.out -Run on (4 X 2300.25 MHz CPU s) -CPU Caches: - L1 Data 32 KiB (x2) - L1 Instruction 32 KiB (x2) - L2 Unified 256 KiB (x2) - L3 Unified 46080 KiB (x1) -Load Average: 0.15, 0.03, 0.01 --------------------------------------------------------------------------------------------------------------------------------------------- -Benchmark Time CPU Iterations average_cpu_cycles items_per_second --------------------------------------------------------------------------------------------------------------------------------------------- -bench_sphincs::keygen<16, 63, 7, 16, variant::robust> 612 ms 612 ms 1 1.40778G 1.63399/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::robust> 4639 ms 4639 ms 1 10.6706G 0.215558/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::robust> 4.78 ms 4.78 ms 148 10.996M 209.189/s -bench_sphincs::keygen<16, 63, 7, 16, variant::simple> 321 ms 321 ms 2 738.981M 3.11279/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::simple> 2438 ms 2438 ms 1 5.60734G 0.410208/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::simple> 2.37 ms 2.37 ms 313 5.46067M 421.212/s -bench_sphincs::keygen<16, 66, 22, 16, variant::robust> 9.56 ms 9.56 ms 73 21.9974M 104.559/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::robust> 220 ms 220 ms 3 506.64M 4.53979/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::robust> 14.1 ms 14.1 ms 51 32.384M 71.0268/s -bench_sphincs::keygen<16, 66, 22, 16, variant::simple> 5.03 ms 5.03 ms 139 11.566M 198.878/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::simple> 117 ms 117 ms 6 269.201M 8.54421/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::simple> 7.06 ms 7.06 ms 104 16.2499M 141.546/s -bench_sphincs::keygen<24, 63, 7, 16, variant::robust> 888 ms 888 ms 1 2.04335G 1.12561/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::robust> 7739 ms 7739 ms 1 17.7998G 0.129218/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::robust> 6.90 ms 6.90 ms 101 15.8733M 144.903/s -bench_sphincs::keygen<24, 63, 7, 16, variant::simple> 464 ms 464 ms 2 1067.18M 2.15531/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::simple> 4158 ms 4158 ms 1 9.56426G 0.240486/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::simple> 3.64 ms 3.64 ms 192 8.36833M 274.837/s -bench_sphincs::keygen<24, 66, 22, 16, variant::robust> 13.9 ms 13.9 ms 50 31.9581M 71.9746/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::robust> 385 ms 385 ms 2 886.537M 2.59439/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::robust> 19.7 ms 19.7 ms 36 45.2478M 50.8312/s -bench_sphincs::keygen<24, 66, 22, 16, variant::simple> 7.26 ms 7.26 ms 96 16.6948M 137.781/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::simple> 188 ms 188 ms 4 431.454M 5.33133/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::simple> 10.2 ms 10.2 ms 67 23.3489M 98.5089/s -bench_sphincs::keygen<32, 64, 8, 16, variant::robust> 607 ms 607 ms 1 1.39649G 1.64712/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::robust> 6683 ms 6683 ms 1 15.3708G 0.14964/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::robust> 9.74 ms 9.73 ms 70 22.3923M 102.723/s -bench_sphincs::keygen<32, 64, 8, 16, variant::simple> 305 ms 305 ms 2 700.768M 3.2823/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::simple> 3583 ms 3583 ms 1 8.24042G 0.279125/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::simple> 5.04 ms 5.04 ms 138 11.5869M 198.516/s -bench_sphincs::keygen<32, 68, 17, 16, variant::robust> 37.9 ms 37.9 ms 18 87.2275M 26.371/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::robust> 715 ms 715 ms 1 1.64516G 1.39812/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::robust> 19.8 ms 19.8 ms 35 45.5412M 50.5091/s -bench_sphincs::keygen<32, 68, 17, 16, variant::simple> 19.1 ms 19.1 ms 37 43.8764M 52.4224/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::simple> 380 ms 380 ms 2 873.303M 2.63396/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::simple> 10.0 ms 10.0 ms 70 23.0472M 99.8082/s -``` - -### On Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz [ compiled with Clang ] - -```bash -2022-12-08T07:39:20+00:00 -Running ./bench/a.out -Run on (4 X 2300.25 MHz CPU s) -CPU Caches: - L1 Data 32 KiB (x2) - L1 Instruction 32 KiB (x2) - L2 Unified 256 KiB (x2) - L3 Unified 46080 KiB (x1) -Load Average: 0.33, 0.37, 0.18 --------------------------------------------------------------------------------------------------------------------------------------------- -Benchmark Time CPU Iterations average_cpu_cycles items_per_second --------------------------------------------------------------------------------------------------------------------------------------------- -bench_sphincs::keygen<16, 63, 7, 16, variant::robust> 302 ms 302 ms 2 694.299M 3.31264/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::robust> 2261 ms 2261 ms 1 5.20139G 0.442203/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::robust> 2.39 ms 2.39 ms 287 5.49539M 418.556/s -bench_sphincs::keygen<16, 63, 7, 16, variant::simple> 159 ms 159 ms 4 366.439M 6.27696/s -bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::simple> 1211 ms 1211 ms 1 2.78554G 0.825711/s -bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::simple> 1.16 ms 1.16 ms 589 2.67407M 860.143/s -bench_sphincs::keygen<16, 66, 22, 16, variant::robust> 4.71 ms 4.71 ms 149 10.8237M 212.505/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::robust> 110 ms 110 ms 6 252.757M 9.10013/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::robust> 7.16 ms 7.16 ms 103 16.4642M 139.701/s -bench_sphincs::keygen<16, 66, 22, 16, variant::simple> 2.50 ms 2.50 ms 280 5.74299M 400.504/s -bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::simple> 58.2 ms 58.2 ms 12 133.756M 17.1961/s -bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::simple> 3.46 ms 3.46 ms 204 7.95742M 289.042/s -bench_sphincs::keygen<24, 63, 7, 16, variant::robust> 445 ms 445 ms 2 1022.61M 2.24936/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::robust> 3871 ms 3871 ms 1 8.90392G 0.258326/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::robust> 3.41 ms 3.41 ms 211 7.8527M 292.898/s -bench_sphincs::keygen<24, 63, 7, 16, variant::simple> 236 ms 236 ms 3 542.477M 4.23987/s -bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::simple> 2110 ms 2110 ms 1 4.85302G 0.473948/s -bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::simple> 1.72 ms 1.72 ms 398 3.95952M 580.864/s -bench_sphincs::keygen<24, 66, 22, 16, variant::robust> 6.95 ms 6.95 ms 101 15.9896M 143.847/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::robust> 176 ms 176 ms 4 404.608M 5.68521/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::robust> 10.1 ms 10.1 ms 71 23.1378M 99.4071/s -bench_sphincs::keygen<24, 66, 22, 16, variant::simple> 3.69 ms 3.69 ms 190 8.49073M 270.897/s -bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::simple> 96.1 ms 96.1 ms 7 221.07M 10.4038/s -bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::simple> 5.27 ms 5.27 ms 129 12.116M 189.831/s -bench_sphincs::keygen<32, 64, 8, 16, variant::robust> 290 ms 290 ms 2 667.092M 3.44782/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::robust> 3287 ms 3287 ms 1 7.5605G 0.304231/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::robust> 4.92 ms 4.92 ms 149 11.3189M 203.203/s -bench_sphincs::keygen<32, 64, 8, 16, variant::simple> 151 ms 151 ms 5 346.251M 6.64299/s -bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::simple> 1849 ms 1849 ms 1 4.25333G 0.540779/s -bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::simple> 2.46 ms 2.46 ms 288 5.66578M 405.966/s -bench_sphincs::keygen<32, 68, 17, 16, variant::robust> 18.1 ms 18.1 ms 39 41.6993M 55.1559/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::robust> 354 ms 354 ms 2 813.087M 2.82885/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::robust> 10.2 ms 10.2 ms 70 23.463M 98.0264/s -bench_sphincs::keygen<32, 68, 17, 16, variant::simple> 9.47 ms 9.47 ms 74 21.7869M 105.571/s -bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::simple> 190 ms 190 ms 4 437.308M 5.25943/s -bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::simple> 5.06 ms 5.06 ms 100 11.6456M 197.53/s -``` diff --git a/bench/main.cpp b/bench/main.cpp deleted file mode 100644 index decb92f..0000000 --- a/bench/main.cpp +++ /dev/null @@ -1,65 +0,0 @@ -#include "bench/bench_sphincs.hpp" - -using namespace sphincs_hashing; - -// SPHINCS+-128s-robust -BENCHMARK(bench_sphincs::keygen<16, 63, 7, 16, variant::robust>); -BENCHMARK(bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::robust>); -BENCHMARK(bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::robust>); - -// SPHINCS+-128s-simple -BENCHMARK(bench_sphincs::keygen<16, 63, 7, 16, variant::simple>); -BENCHMARK(bench_sphincs::sign<16, 63, 7, 12, 14, 16, variant::simple>); -BENCHMARK(bench_sphincs::verify<16, 63, 7, 12, 14, 16, variant::simple>); - -// SPHINCS+-128f-robust -BENCHMARK(bench_sphincs::keygen<16, 66, 22, 16, variant::robust>); -BENCHMARK(bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::robust>); -BENCHMARK(bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::robust>); - -// SPHINCS+-128f-simple -BENCHMARK(bench_sphincs::keygen<16, 66, 22, 16, variant::simple>); -BENCHMARK(bench_sphincs::sign<16, 66, 22, 6, 33, 16, variant::simple>); -BENCHMARK(bench_sphincs::verify<16, 66, 22, 6, 33, 16, variant::simple>); - -// SPHINCS+-192s-robust -BENCHMARK(bench_sphincs::keygen<24, 63, 7, 16, variant::robust>); -BENCHMARK(bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::robust>); -BENCHMARK(bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::robust>); - -// SPHINCS+-192s-simple -BENCHMARK(bench_sphincs::keygen<24, 63, 7, 16, variant::simple>); -BENCHMARK(bench_sphincs::sign<24, 63, 7, 14, 17, 16, variant::simple>); -BENCHMARK(bench_sphincs::verify<24, 63, 7, 14, 17, 16, variant::simple>); - -// SPHINCS+-192f-robust -BENCHMARK(bench_sphincs::keygen<24, 66, 22, 16, variant::robust>); -BENCHMARK(bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::robust>); -BENCHMARK(bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::robust>); - -// SPHINCS+-192f-simple -BENCHMARK(bench_sphincs::keygen<24, 66, 22, 16, variant::simple>); -BENCHMARK(bench_sphincs::sign<24, 66, 22, 8, 33, 16, variant::simple>); -BENCHMARK(bench_sphincs::verify<24, 66, 22, 8, 33, 16, variant::simple>); - -// SPHINCS+-256s-robust -BENCHMARK(bench_sphincs::keygen<32, 64, 8, 16, variant::robust>); -BENCHMARK(bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::robust>); -BENCHMARK(bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::robust>); - -// SPHINCS+-256s-simple -BENCHMARK(bench_sphincs::keygen<32, 64, 8, 16, variant::simple>); -BENCHMARK(bench_sphincs::sign<32, 64, 8, 14, 22, 16, variant::simple>); -BENCHMARK(bench_sphincs::verify<32, 64, 8, 14, 22, 16, variant::simple>); - -// SPHINCS+-256f-robust -BENCHMARK(bench_sphincs::keygen<32, 68, 17, 16, variant::robust>); -BENCHMARK(bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::robust>); -BENCHMARK(bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::robust>); - -// SPHINCS+-256f-simple -BENCHMARK(bench_sphincs::keygen<32, 68, 17, 16, variant::simple>); -BENCHMARK(bench_sphincs::sign<32, 68, 17, 9, 35, 16, variant::simple>); -BENCHMARK(bench_sphincs::verify<32, 68, 17, 9, 35, 16, variant::simple>); - -BENCHMARK_MAIN(); diff --git a/include/bench/bench_sphincs.hpp b/benchmarks/bench_sphincs+.hpp similarity index 93% rename from include/bench/bench_sphincs.hpp rename to benchmarks/bench_sphincs+.hpp index 5ffe846..3fc25c5 100644 --- a/include/bench/bench_sphincs.hpp +++ b/benchmarks/bench_sphincs+.hpp @@ -2,17 +2,14 @@ #include "sphincs.hpp" #include "x86_64_cpu_cycles.hpp" #include +#include // Benchmark SPHINCS+ Routines namespace bench_sphincs { // Benchmark SPHINCS+ keypair generation -template -inline static void +template +static inline void keygen(benchmark::State& state) { namespace utils = sphincs_utils; @@ -33,14 +30,14 @@ keygen(benchmark::State& state) sphincs::keygen(skey, pkey); + benchmark::DoNotOptimize(skey); + benchmark::DoNotOptimize(pkey); + benchmark::ClobberMemory(); + #if defined __x86_64__ const uint64_t end = cpu_cycles(); total_cycles += (end - start); #endif - - benchmark::DoNotOptimize(skey); - benchmark::DoNotOptimize(pkey); - benchmark::ClobberMemory(); } state.SetItemsProcessed(state.iterations()); @@ -63,7 +60,7 @@ template -inline static void +static inline void sign(benchmark::State& state) { namespace utils = sphincs_utils; @@ -91,15 +88,15 @@ sign(benchmark::State& state) sphincs::sign(msg, mlen, skey, sig); -#if defined __x86_64__ - const uint64_t end = cpu_cycles(); - total_cycles += (end - start); -#endif - benchmark::DoNotOptimize(msg); benchmark::DoNotOptimize(skey); benchmark::DoNotOptimize(sig); benchmark::ClobberMemory(); + +#if defined __x86_64__ + const uint64_t end = cpu_cycles(); + total_cycles += (end - start); +#endif } state.SetItemsProcessed(state.iterations()); @@ -124,7 +121,7 @@ template -inline static void +static inline void verify(benchmark::State& state) { namespace utils = sphincs_utils; @@ -146,25 +143,27 @@ verify(benchmark::State& state) uint64_t total_cycles = 0ul; #endif + bool flag = true; for (auto _ : state) { #if defined __x86_64__ const uint64_t start = cpu_cycles(); #endif - const bool flg = sphincs::verify(msg, mlen, sig, pkey); - -#if defined __x86_64__ - const uint64_t end = cpu_cycles(); - total_cycles += (end - start); -#endif + flag &= sphincs::verify(msg, mlen, sig, pkey); - benchmark::DoNotOptimize(flg); + benchmark::DoNotOptimize(flag); benchmark::DoNotOptimize(msg); benchmark::DoNotOptimize(sig); benchmark::DoNotOptimize(pkey); benchmark::ClobberMemory(); + +#if defined __x86_64__ + const uint64_t end = cpu_cycles(); + total_cycles += (end - start); +#endif } + assert(flag); state.SetItemsProcessed(state.iterations()); #if defined __x86_64__ diff --git a/benchmarks/bench_sphincs+_128f_robust.cpp b/benchmarks/bench_sphincs+_128f_robust.cpp new file mode 100644 index 0000000..cef0c28 --- /dev/null +++ b/benchmarks/bench_sphincs+_128f_robust.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<16, 66, 22, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-128f-robust/keygen"); +BENCHMARK(bench_sphincs::sign<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-128f-robust/sign"); +BENCHMARK(bench_sphincs::verify<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-128f-robust/verify"); diff --git a/benchmarks/bench_sphincs+_128f_simple.cpp b/benchmarks/bench_sphincs+_128f_simple.cpp new file mode 100644 index 0000000..bb4c644 --- /dev/null +++ b/benchmarks/bench_sphincs+_128f_simple.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<16, 66, 22, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-128f-simple/keygen"); +BENCHMARK(bench_sphincs::sign<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-128f-simple/sign"); +BENCHMARK(bench_sphincs::verify<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-128f-simple/verify"); diff --git a/benchmarks/bench_sphincs+_128s_robust.cpp b/benchmarks/bench_sphincs+_128s_robust.cpp new file mode 100644 index 0000000..5c0e39c --- /dev/null +++ b/benchmarks/bench_sphincs+_128s_robust.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<16, 63, 7, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-128s-robust/keygen"); +BENCHMARK(bench_sphincs::sign<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-128s-robust/sign"); +BENCHMARK(bench_sphincs::verify<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-128s-robust/verify"); diff --git a/benchmarks/bench_sphincs+_128s_simple.cpp b/benchmarks/bench_sphincs+_128s_simple.cpp new file mode 100644 index 0000000..94d7bf6 --- /dev/null +++ b/benchmarks/bench_sphincs+_128s_simple.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<16, 63, 7, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-128s-simple/keygen"); +BENCHMARK(bench_sphincs::sign<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-128s-simple/sign"); +BENCHMARK(bench_sphincs::verify<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-128s-simple/verify"); diff --git a/benchmarks/bench_sphincs+_192f_robust.cpp b/benchmarks/bench_sphincs+_192f_robust.cpp new file mode 100644 index 0000000..f4b84fa --- /dev/null +++ b/benchmarks/bench_sphincs+_192f_robust.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<24, 66, 22, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-192f-robust/keygen"); +BENCHMARK(bench_sphincs::sign<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-192f-robust/sign"); +BENCHMARK(bench_sphincs::verify<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-192f-robust/verify"); diff --git a/benchmarks/bench_sphincs+_192f_simple.cpp b/benchmarks/bench_sphincs+_192f_simple.cpp new file mode 100644 index 0000000..7683fff --- /dev/null +++ b/benchmarks/bench_sphincs+_192f_simple.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<24, 66, 22, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-192f-simple/keygen"); +BENCHMARK(bench_sphincs::sign<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-192f-simple/sign"); +BENCHMARK(bench_sphincs::verify<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-192f-simple/verify"); diff --git a/benchmarks/bench_sphincs+_192s_robust.cpp b/benchmarks/bench_sphincs+_192s_robust.cpp new file mode 100644 index 0000000..154e7b1 --- /dev/null +++ b/benchmarks/bench_sphincs+_192s_robust.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<24, 63, 7, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-192s-robust/keygen"); +BENCHMARK(bench_sphincs::sign<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-192s-robust/sign"); +BENCHMARK(bench_sphincs::verify<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-192s-robust/verify"); diff --git a/benchmarks/bench_sphincs+_192s_simple.cpp b/benchmarks/bench_sphincs+_192s_simple.cpp new file mode 100644 index 0000000..849c8d0 --- /dev/null +++ b/benchmarks/bench_sphincs+_192s_simple.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<24, 63, 7, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-192s-simple/keygen"); +BENCHMARK(bench_sphincs::sign<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-192s-simple/sign"); +BENCHMARK(bench_sphincs::verify<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-192s-simple/verify"); diff --git a/benchmarks/bench_sphincs+_256f_robust.cpp b/benchmarks/bench_sphincs+_256f_robust.cpp new file mode 100644 index 0000000..b26394a --- /dev/null +++ b/benchmarks/bench_sphincs+_256f_robust.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<32, 68, 17, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-256f-robust/keygen"); +BENCHMARK(bench_sphincs::sign<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-256f-robust/sign"); +BENCHMARK(bench_sphincs::verify<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-256f-robust/verify"); diff --git a/benchmarks/bench_sphincs+_256f_simple.cpp b/benchmarks/bench_sphincs+_256f_simple.cpp new file mode 100644 index 0000000..483c081 --- /dev/null +++ b/benchmarks/bench_sphincs+_256f_simple.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<32, 68, 17, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-256f-simple/keygen"); +BENCHMARK(bench_sphincs::sign<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-256f-simple/sign"); +BENCHMARK(bench_sphincs::verify<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-256f-simple/verify"); diff --git a/benchmarks/bench_sphincs+_256s_robust.cpp b/benchmarks/bench_sphincs+_256s_robust.cpp new file mode 100644 index 0000000..f783eda --- /dev/null +++ b/benchmarks/bench_sphincs+_256s_robust.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<32, 64, 8, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-256s-robust/keygen"); +BENCHMARK(bench_sphincs::sign<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-256s-robust/sign"); +BENCHMARK(bench_sphincs::verify<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::robust>)->Name("sphincs+-256s-robust/verify"); diff --git a/benchmarks/bench_sphincs+_256s_simple.cpp b/benchmarks/bench_sphincs+_256s_simple.cpp new file mode 100644 index 0000000..882fbfc --- /dev/null +++ b/benchmarks/bench_sphincs+_256s_simple.cpp @@ -0,0 +1,5 @@ +#include "bench_sphincs+.hpp" + +BENCHMARK(bench_sphincs::keygen<32, 64, 8, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-256s-simple/keygen"); +BENCHMARK(bench_sphincs::sign<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-256s-simple/sign"); +BENCHMARK(bench_sphincs::verify<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::simple>)->Name("sphincs+-256s-simple/verify"); diff --git a/include/bench/x86_64_cpu_cycles.hpp b/benchmarks/x86_64_cpu_cycles.hpp similarity index 82% rename from include/bench/x86_64_cpu_cycles.hpp rename to benchmarks/x86_64_cpu_cycles.hpp index 5cd5b7d..a39a4a6 100644 --- a/include/bench/x86_64_cpu_cycles.hpp +++ b/benchmarks/x86_64_cpu_cycles.hpp @@ -2,6 +2,8 @@ #if defined __x86_64__ +#include +#include #include // x86_64 architecture specific compiler built-in routine for computing CPU @@ -14,9 +16,10 @@ // end = cpu_cycles() // // CPU cycles spent executing code block = end - start -inline static uint64_t +static inline uint64_t cpu_cycles() { + _mm_mfence(); return __rdtsc(); } diff --git a/example/sphincs+-shake.cpp b/examples/sphincs+-shake.cpp similarity index 100% rename from example/sphincs+-shake.cpp rename to examples/sphincs+-shake.cpp diff --git a/include/address.hpp b/include/address.hpp index 2b98753..2a312c9 100644 --- a/include/address.hpp +++ b/include/address.hpp @@ -31,23 +31,15 @@ struct adrs_t adrs_t(const adrs_t& adrs) { std::memcpy(data, adrs.data, 32); } // Returns 1 -word wide layer address - inline uint32_t get_layer_address() const - { - return sphincs_utils::from_be_bytes(data + 0); - } + inline uint32_t get_layer_address() const { return sphincs_utils::from_be_bytes(data + 0); } // Only sets 1 -word wide layer address - inline void set_layer_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 0); - } + inline void set_layer_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 0); } // Returns 3 -word wide tree address inline std::array get_tree_address() const { - return { sphincs_utils::from_be_bytes(data + 4), - sphincs_utils::from_be_bytes(data + 8), - sphincs_utils::from_be_bytes(data + 12) }; + return { sphincs_utils::from_be_bytes(data + 4), sphincs_utils::from_be_bytes(data + 8), sphincs_utils::from_be_bytes(data + 12) }; } // Only sets 3 -word wide tree address @@ -69,10 +61,7 @@ struct adrs_t } // Returns 1 -word wide address type - inline type_t get_type() const - { - return static_cast(sphincs_utils::from_be_bytes(data + 16)); - } + inline type_t get_type() const { return static_cast(sphincs_utils::from_be_bytes(data + 16)); } // Sets 1 -word wide address type, along with that zeros subsequent 3 -words. inline void set_type(const type_t type) @@ -89,40 +78,22 @@ struct wots_hash_t : adrs_t wots_hash_t(const adrs_t& adrs) { std::memcpy(data, adrs.data, 32); } // Returns 1 -word wide keypair address - inline uint32_t get_keypair_address() const - { - return sphincs_utils::from_be_bytes(data + 20); - } + inline uint32_t get_keypair_address() const { return sphincs_utils::from_be_bytes(data + 20); } // Set 1 -word wide key pair address - inline void set_keypair_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 20); - } + inline void set_keypair_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 20); } // Returns 1 -word wide chain address - inline uint32_t get_chain_address() const - { - return sphincs_utils::from_be_bytes(data + 24); - } + inline uint32_t get_chain_address() const { return sphincs_utils::from_be_bytes(data + 24); } // Set 1 -word wide chain address - inline void set_chain_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 24); - } + inline void set_chain_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 24); } // Returns 1 -word wide hash address - inline uint32_t get_hash_address() const - { - return sphincs_utils::from_be_bytes(data + 28); - } + inline uint32_t get_hash_address() const { return sphincs_utils::from_be_bytes(data + 28); } // Set 1 -word wide hash address - inline void set_hash_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 28); - } + inline void set_hash_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 28); } }; // Structure of WOTS+ Public Key Compression Address @@ -132,16 +103,10 @@ struct wots_pk_t : adrs_t wots_pk_t(const adrs_t& adrs) { std::memcpy(data, adrs.data, 32); } // Returns 1 -word wide keypair address - inline uint32_t get_keypair_address() const - { - return sphincs_utils::from_be_bytes(data + 20); - } + inline uint32_t get_keypair_address() const { return sphincs_utils::from_be_bytes(data + 20); } // Set 1 -word wide key pair address - inline void set_keypair_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 20); - } + inline void set_keypair_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 20); } // Zeros last two words of ADRS structure inline void set_padding() { std::memset(data + 24, 0, sizeof(uint32_t) * 2); } @@ -157,28 +122,16 @@ struct tree_t : adrs_t inline void set_padding() { std::memset(data + 20, 0, sizeof(uint32_t)); } // Returns 1 -word wide tree height - inline uint32_t get_tree_height() const - { - return sphincs_utils::from_be_bytes(data + 24); - } + inline uint32_t get_tree_height() const { return sphincs_utils::from_be_bytes(data + 24); } // Sets 1 -word wide tree height - inline void set_tree_height(const uint32_t height) - { - sphincs_utils::to_be_bytes(height, data + 24); - } + inline void set_tree_height(const uint32_t height) { sphincs_utils::to_be_bytes(height, data + 24); } // Returns 1 -word wide tree index - inline uint32_t get_tree_index() const - { - return sphincs_utils::from_be_bytes(data + 28); - } + inline uint32_t get_tree_index() const { return sphincs_utils::from_be_bytes(data + 28); } // Sets 1 -word wide tree index - inline void set_tree_index(const uint32_t idx) - { - sphincs_utils::to_be_bytes(idx, data + 28); - } + inline void set_tree_index(const uint32_t idx) { sphincs_utils::to_be_bytes(idx, data + 28); } }; // Structure of FORS Tree Address @@ -188,40 +141,22 @@ struct fors_tree_t : adrs_t fors_tree_t(const adrs_t& adrs) { std::memcpy(data, adrs.data, 32); } // Returns 1 -word wide keypair address - inline uint32_t get_keypair_address() const - { - return sphincs_utils::from_be_bytes(data + 20); - } + inline uint32_t get_keypair_address() const { return sphincs_utils::from_be_bytes(data + 20); } // Sets 1 -word wide key pair address - inline void set_keypair_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 20); - } + inline void set_keypair_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 20); } // Returns 1 -word wide tree height - inline uint32_t get_tree_height() const - { - return sphincs_utils::from_be_bytes(data + 24); - } + inline uint32_t get_tree_height() const { return sphincs_utils::from_be_bytes(data + 24); } // Sets 1 -word wide tree height - inline void set_tree_height(const uint32_t height) - { - sphincs_utils::to_be_bytes(height, data + 24); - } + inline void set_tree_height(const uint32_t height) { sphincs_utils::to_be_bytes(height, data + 24); } // Returns 1 -word wide tree index - inline uint32_t get_tree_index() const - { - return sphincs_utils::from_be_bytes(data + 28); - } + inline uint32_t get_tree_index() const { return sphincs_utils::from_be_bytes(data + 28); } // Sets 1 -word wide tree index - inline void set_tree_index(const uint32_t idx) - { - sphincs_utils::to_be_bytes(idx, data + 28); - } + inline void set_tree_index(const uint32_t idx) { sphincs_utils::to_be_bytes(idx, data + 28); } }; // Structure of FORS Tree Root Compression Address @@ -231,16 +166,10 @@ struct fors_roots_t : adrs_t fors_roots_t(const adrs_t& adrs) { std::memcpy(data, adrs.data, 32); } // Returns 1 -word wide keypair address - inline uint32_t get_keypair_address() const - { - return sphincs_utils::from_be_bytes(data + 20); - } + inline uint32_t get_keypair_address() const { return sphincs_utils::from_be_bytes(data + 20); } // Sets 1 -word wide key pair address - inline void set_keypair_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 20); - } + inline void set_keypair_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 20); } // Zeros last two words of ADRS structure inline void set_padding() { std::memset(data + 24, 0, sizeof(uint32_t) * 2); } @@ -253,37 +182,22 @@ struct wots_prf_t : adrs_t wots_prf_t(const adrs_t& adrs) { std::memcpy(data, adrs.data, 32); } // Returns 1 -word wide keypair address - inline uint32_t get_keypair_address() const - { - return sphincs_utils::from_be_bytes(data + 20); - } + inline uint32_t get_keypair_address() const { return sphincs_utils::from_be_bytes(data + 20); } // Set 1 -word wide key pair address - inline void set_keypair_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 20); - } + inline void set_keypair_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 20); } // Returns 1 -word wide chain address - inline uint32_t get_chain_address() const - { - return sphincs_utils::from_be_bytes(data + 24); - } + inline uint32_t get_chain_address() const { return sphincs_utils::from_be_bytes(data + 24); } // Set 1 -word wide chain address - inline void set_chain_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 24); - } + inline void set_chain_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 24); } // Returns 1 -word wide hash address, which is always set to 0 inline uint32_t get_hash_address() const { return 0u; } // Zeros 1 -word wide hash address - inline void set_hash_address() - { - std::memset(data + 28, 0, sizeof(uint32_t)); - } + inline void set_hash_address() { std::memset(data + 28, 0, sizeof(uint32_t)); } }; // Structure of FORS Key Generation Address @@ -293,16 +207,10 @@ struct fors_prf_t : adrs_t fors_prf_t(const adrs_t& adrs) { std::memcpy(data, adrs.data, 32); } // Returns 1 -word wide keypair address - inline uint32_t get_keypair_address() const - { - return sphincs_utils::from_be_bytes(data + 20); - } + inline uint32_t get_keypair_address() const { return sphincs_utils::from_be_bytes(data + 20); } // Sets 1 -word wide key pair address - inline void set_keypair_address(const uint32_t address) - { - sphincs_utils::to_be_bytes(address, data + 20); - } + inline void set_keypair_address(const uint32_t address) { sphincs_utils::to_be_bytes(address, data + 20); } // Returns 1 -word wide tree height inline uint32_t get_tree_height() const { return 0u; } @@ -311,16 +219,10 @@ struct fors_prf_t : adrs_t inline void set_tree_height() { std::memset(data + 24, 0, sizeof(uint32_t)); } // Returns 1 -word wide tree index - inline uint32_t get_tree_index() const - { - return sphincs_utils::from_be_bytes(data + 28); - } + inline uint32_t get_tree_index() const { return sphincs_utils::from_be_bytes(data + 28); } // Sets 1 -word wide tree index - inline void set_tree_index(const uint32_t idx) - { - sphincs_utils::to_be_bytes(idx, data + 28); - } + inline void set_tree_index(const uint32_t idx) { sphincs_utils::to_be_bytes(idx, data + 28); } }; } diff --git a/include/fors.hpp b/include/fors.hpp index d64e26a..c8832ba 100644 --- a/include/fors.hpp +++ b/include/fors.hpp @@ -10,13 +10,13 @@ namespace sphincs_fors { // tree address, encoding the position of the FORS keypair within SPHINCS+, // following algorithm 14, as described in section 5.2 of specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void skgen(const uint8_t* const __restrict pk_seed, // n -bytes public key seed const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const sphincs_adrs::fors_tree_t adrs, // 32 -bytes FORS address - const uint32_t idx, // 4 -bytes index of FORS private key value - uint8_t* const __restrict skey // FORS private key value, living at `idx` + const uint32_t idx, // 4 -bytes index of FORS private key value + uint8_t* const __restrict skey // FORS private key value, living at `idx` ) { sphincs_adrs::fors_prf_t prf_adrs{ adrs }; @@ -37,15 +37,14 @@ skgen(const uint8_t* const __restrict pk_seed, // n -bytes public key seed // in section 4.1.3 of the specification, which describes treehash algorithm, // for computing n -bytes root node of subtree of height z, in main (binary) // Merkle Tree. -template -inline static void -treehash( - const uint8_t* const __restrict sk_seed, // n -bytes secret key seed - const uint32_t s_idx, // 4 -bytes start index - const uint32_t n_height, // 4 -bytes target node height - const uint8_t* const __restrict pk_seed, // n -bytes public key seed - sphincs_adrs::fors_tree_t adrs, // 32 -bytes address encoding FORS keypair - uint8_t* const __restrict root // n -bytes root of subtree of `n_height` +template +static inline void +treehash(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed + const uint32_t s_idx, // 4 -bytes start index + const uint32_t n_height, // 4 -bytes target node height + const uint8_t* const __restrict pk_seed, // n -bytes public key seed + sphincs_adrs::fors_tree_t adrs, // 32 -bytes address encoding FORS keypair + uint8_t* const __restrict root // n -bytes root of subtree of `n_height` ) { // # -of leafs in the subtree @@ -104,11 +103,11 @@ treehash( // public key seed and 32 -bytes FORS address, encoding the position of FORS // instance within SPHINCS+, using algorithm 16, as described in section 5.4 of // the specification https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void pkgen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const uint8_t* const __restrict pk_seed, // n -bytes public key seed const sphincs_adrs::fors_tree_t adrs, // 32 -bytes FORS address @@ -137,16 +136,16 @@ pkgen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed // position of FORS instance within SPHINCS+ structure, using algorithm 17, as // described in section 5.5 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -sign(const uint8_t* const __restrict msg, // ⌈(k * a) / 8⌉ -bytes message +template +static inline void +sign(const uint8_t* const __restrict msg, // ⌈(k * a) / 8⌉ -bytes message const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const uint8_t* const __restrict pk_seed, // n -bytes public key seed const sphincs_adrs::fors_tree_t adrs, // 32 -bytes FORS address - uint8_t* const __restrict sig // k * n * (a + 1) -bytes FORS signature + uint8_t* const __restrict sig // k * n * (a + 1) -bytes FORS signature ) { constexpr uint32_t t = 1u << a; // # -of leaves in FORS subtree @@ -181,17 +180,16 @@ sign(const uint8_t* const __restrict msg, // ⌈(k * a) / 8⌉ -bytes message // address of FORS instance within SPHINCS+ virtual structure, following // algorithm 18, as described in section // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -pk_from_sig( - const uint8_t* const __restrict sig, // k * n * (a + 1) -bytes FORS signature - const uint8_t* const __restrict msg, // ⌈(k * a) / 8⌉ -bytes message - const uint8_t* const __restrict pk_seed, // n -bytes public key seed - sphincs_adrs::fors_tree_t adrs, // 32 -bytes FORS address - uint8_t* const __restrict pkey // n -bytes FORS public key +template +static inline void +pk_from_sig(const uint8_t* const __restrict sig, // k * n * (a + 1) -bytes FORS signature + const uint8_t* const __restrict msg, // ⌈(k * a) / 8⌉ -bytes message + const uint8_t* const __restrict pk_seed, // n -bytes public key seed + sphincs_adrs::fors_tree_t adrs, // 32 -bytes FORS address + uint8_t* const __restrict pkey // n -bytes FORS public key ) { constexpr uint32_t t = 1u << a; // # -of leaves in FORS subtree diff --git a/include/hashing.hpp b/include/hashing.hpp index 5dba667..3059066 100644 --- a/include/hashing.hpp +++ b/include/hashing.hpp @@ -19,8 +19,8 @@ enum class variant : uint8_t // // See section 7.2.1 of Sphincs+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void h_msg(const uint8_t* const __restrict r, const uint8_t* const __restrict pk_seed, const uint8_t* const __restrict pk_root, @@ -49,12 +49,9 @@ h_msg(const uint8_t* const __restrict r, // // See section 7.2.1 of Sphincs+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -prf(const uint8_t* const __restrict pk_seed, - const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict adrs, - uint8_t* const __restrict dig) +template +static inline void +prf(const uint8_t* const __restrict pk_seed, const uint8_t* const __restrict sk_seed, const uint8_t* const __restrict adrs, uint8_t* const __restrict dig) { uint8_t tmp[n + 32 + n]; std::memcpy(tmp + 0, pk_seed, n); @@ -73,8 +70,8 @@ prf(const uint8_t* const __restrict pk_seed, // // See section 7.2.1 of Sphincs+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void prf_msg(const uint8_t* const __restrict sk_prf, const uint8_t* const __restrict opt_rand, const uint8_t* const __restrict msg, @@ -101,12 +98,9 @@ prf_msg(const uint8_t* const __restrict sk_prf, // // See section 7.2.1 of Sphincs+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -gen_mask(const uint8_t* const __restrict pk_seed, - const uint8_t* const __restrict adrs, - const uint8_t* const __restrict msg, - uint8_t* const __restrict dig) +template +static inline void +gen_mask(const uint8_t* const __restrict pk_seed, const uint8_t* const __restrict adrs, const uint8_t* const __restrict msg, uint8_t* const __restrict dig) { constexpr size_t mlen = n * l; @@ -133,12 +127,9 @@ gen_mask(const uint8_t* const __restrict pk_seed, // // See section 7.2.1 of Sphincs+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -t_l(const uint8_t* const __restrict pk_seed, - const uint8_t* const __restrict adrs, - const uint8_t* const __restrict msg, - uint8_t* const __restrict dig) +template +static inline void +t_l(const uint8_t* const __restrict pk_seed, const uint8_t* const __restrict adrs, const uint8_t* const __restrict msg, uint8_t* const __restrict dig) { constexpr size_t mlen = n * l; @@ -175,12 +166,9 @@ t_l(const uint8_t* const __restrict pk_seed, // // See section 7.2.1 of Sphincs+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -f(const uint8_t* const __restrict pk_seed, - const uint8_t* const __restrict adrs, - const uint8_t* const __restrict msg, - uint8_t* const __restrict dig) +template +static inline void +f(const uint8_t* const __restrict pk_seed, const uint8_t* const __restrict adrs, const uint8_t* const __restrict msg, uint8_t* const __restrict dig) { t_l(pk_seed, adrs, msg, dig); } @@ -196,12 +184,9 @@ f(const uint8_t* const __restrict pk_seed, // // See section 7.2.1 of Sphincs+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -h(const uint8_t* const __restrict pk_seed, - const uint8_t* const __restrict adrs, - const uint8_t* const __restrict msg, - uint8_t* const __restrict dig) +template +static inline void +h(const uint8_t* const __restrict pk_seed, const uint8_t* const __restrict adrs, const uint8_t* const __restrict msg, uint8_t* const __restrict dig) { t_l(pk_seed, adrs, msg, dig); } diff --git a/include/hypertree.hpp b/include/hypertree.hpp index da80e28..bcbc6b5 100644 --- a/include/hypertree.hpp +++ b/include/hypertree.hpp @@ -9,12 +9,12 @@ namespace sphincs_ht { // -bytes secret key seed & n -bytes public key seed, using algorithm 11, // described in section 4.2.2 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void pkgen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const uint8_t* const __restrict pk_seed, // n -bytes public key seed uint8_t* const __restrict pkey // n -bytes HT public key @@ -40,18 +40,18 @@ pkgen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed // // Find the specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -sign(const uint8_t* const __restrict msg, // n -bytes message ( to be signed ) +template +static inline void +sign(const uint8_t* const __restrict msg, // n -bytes message ( to be signed ) const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const uint8_t* const __restrict pk_seed, // n -bytes public key seed const uint64_t idx_tree, // 8 -bytes address to XMSS tree - const uint32_t idx_leaf, // 4 -bytes leaf index in that XMSS tree - uint8_t* const __restrict sig // (h + d * len) * n -bytes HT signature + const uint32_t idx_leaf, // 4 -bytes leaf index in that XMSS tree + uint8_t* const __restrict sig // (h + d * len) * n -bytes HT signature ) requires(sphincs_utils::check_ht_height_and_layer(h, d)) { @@ -101,12 +101,8 @@ sign(const uint8_t* const __restrict msg, // n -bytes message ( to be signed ) // // This routine returns truth value in case of successful hypertree signature // verification, otherwise it returns false. -template -inline static bool +template +static inline bool verify(const uint8_t* const __restrict msg, const uint8_t* const __restrict sig, const uint8_t* const __restrict pk_seed, diff --git a/include/sphincs.hpp b/include/sphincs.hpp index a8b9fcf..9f95ac0 100644 --- a/include/sphincs.hpp +++ b/include/sphincs.hpp @@ -16,12 +16,12 @@ namespace sphincs { // which is wrapped by this routine. There you can sample random bytes outside // of key generation function context and pass it as an argument to key // generator. -template -inline static void +template +static inline void keygen(uint8_t* const __restrict skey, // 4*n -bytes SPHINCS+ secret key uint8_t* const __restrict pkey // 2*n -bytes SPHINCS+ public key ) @@ -53,15 +53,15 @@ keygen(uint8_t* const __restrict skey, // 4*n -bytes SPHINCS+ secret key // which concerns you, I suggest you to look at underlying signing API, which is // wrapped by this routine. There you can sample random bytes outside of signing // function context and pass it as an argument to sign routine. -template -inline static void +template +static inline void sign(const uint8_t* const __restrict msg, // message to be signed const size_t mlen, // byte length of message const uint8_t* const __restrict skey, // SPHINCS+ secret key of 4*n -bytes @@ -83,14 +83,14 @@ sign(const uint8_t* const __restrict msg, // message to be signed // successful signature verification, following algorithm 21, as described in // section 6.5 of specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static bool +template +static inline bool verify(const uint8_t* const __restrict msg, // message which was signed const size_t mlen, // byte length of message const uint8_t* const __restrict sig, // SPHINCS+ signature diff --git a/include/sphincs_inner.hpp b/include/sphincs_inner.hpp index 881cb39..817c374 100644 --- a/include/sphincs_inner.hpp +++ b/include/sphincs_inner.hpp @@ -24,17 +24,17 @@ namespace sphincs_inner { // See section 6.2 and figure 14 of specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf for SPHINCS+ key // generation algorithm and key format, respectively. -template -inline static void +template +static inline void keygen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const uint8_t* const __restrict sk_prf, // n -bytes secret key PRF const uint8_t* const __restrict pk_seed, // n -bytes public key seed - uint8_t* const __restrict skey, // 4*n -bytes SPHINCS+ secret key - uint8_t* const __restrict pkey // 2*n -bytes SPHINCS+ public key + uint8_t* const __restrict skey, // 4*n -bytes SPHINCS+ secret key + uint8_t* const __restrict pkey // 2*n -bytes SPHINCS+ public key ) requires(sphincs_utils::check_keygen_params()) { @@ -68,18 +68,18 @@ keygen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed // // This form of SPHINCS+ signing API will be useful when testing conformance // with SPHINCS+ standard, using known answer tests (KATs). -template -inline static void -sign(const uint8_t* const __restrict msg, // message to be signed - const size_t mlen, // byte length of message - const uint8_t* const __restrict skey, // SPHINCS+ secret key of 4*n -bytes +template +static inline void +sign(const uint8_t* const __restrict msg, // message to be signed + const size_t mlen, // byte length of message + const uint8_t* const __restrict skey, // SPHINCS+ secret key of 4*n -bytes const uint8_t* const __restrict rand_bytes, // Optional n -bytes randomness uint8_t* const __restrict sig // SPHINCS+ signature ) @@ -155,14 +155,14 @@ sign(const uint8_t* const __restrict msg, // message to be signed // case of successful signature verification, following algorithm 21, as // described in section 6.5 of specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static bool +template +static inline bool verify(const uint8_t* const __restrict msg, // message which was signed const size_t mlen, // byte length of message const uint8_t* const __restrict sig, // SPHINCS+ signature diff --git a/include/test/test_sphincs.hpp b/include/test/test_sphincs.hpp deleted file mode 100644 index aad3290..0000000 --- a/include/test/test_sphincs.hpp +++ /dev/null @@ -1,55 +0,0 @@ -#pragma once -#include "sphincs.hpp" -#include "test_fors.hpp" -#include "test_hypertree.hpp" -#include "test_wots.hpp" -#include "test_xmss.hpp" - -// Test functional correctness of SPHINCS+ -namespace test_sphincs { - -// Test correctness of SPHINCS+ implementation, using -// -// - Keypair generation -// - Signing message using private key -// - Verifying signature using public key and message -// -// with random data. -template -inline static void -test_sphincs_plus(const size_t mlen) -{ - namespace utils = sphincs_utils; - constexpr size_t pklen = utils::get_sphincs_pkey_len(); - constexpr size_t sklen = utils::get_sphincs_skey_len(); - constexpr size_t siglen = utils::get_sphincs_sig_len(); - - // acquire memory resources - uint8_t* pkey = static_cast(std::malloc(pklen)); - uint8_t* skey = static_cast(std::malloc(sklen)); - uint8_t* msg = static_cast(std::malloc(mlen)); - uint8_t* sig = static_cast(std::malloc(siglen)); - - sphincs_utils::random_data(msg, mlen); - - sphincs::keygen(skey, pkey); - sphincs::sign(msg, mlen, skey, sig); - const bool flg = sphincs::verify(msg, mlen, sig, pkey); - - // release memory resources - std::free(pkey); - std::free(skey); - std::free(msg); - std::free(sig); - - assert(flg); -} - -} diff --git a/include/utils.hpp b/include/utils.hpp index fbd4298..e936c51 100644 --- a/include/utils.hpp +++ b/include/utils.hpp @@ -3,6 +3,7 @@ #include #include #include +#include #include #include #include @@ -17,17 +18,12 @@ namespace sphincs_utils { // Compile-time check to ensure that SPHINCS+ key generation function is only // invoked with parameter sets suggested in table 3 of the specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr bool +template +static inline constexpr bool check_keygen_params() { constexpr bool flg0 = w == 16; - constexpr bool flg1 = (v == sphincs_hashing::variant::robust) | - (v == sphincs_hashing::variant::simple); + constexpr bool flg1 = (v == sphincs_hashing::variant::robust) | (v == sphincs_hashing::variant::simple); constexpr bool flg2 = (n == 16) & (h == 63) & (d == 7); constexpr bool flg3 = (n == 16) & (h == 66) & (d == 22); @@ -42,19 +38,12 @@ check_keygen_params() // Compile-time check to ensure that SPHINCS+ sign/ verify function is only // invoked with parameter sets suggested in table 3 of the specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr bool +template +static inline constexpr bool check_sign_verify_params() { constexpr bool flg0 = w == 16; - constexpr bool flg1 = (v == sphincs_hashing::variant::robust) || - (v == sphincs_hashing::variant::simple); + constexpr bool flg1 = (v == sphincs_hashing::variant::robust) || (v == sphincs_hashing::variant::simple); const bool flg2 = (n == 16) & (h == 63) & (d == 7) & (a == 12) & (k == 14); const bool flg3 = (n == 16) & (h == 66) & (d == 22) & (a == 6) & (k == 33); @@ -72,7 +61,7 @@ check_sign_verify_params() // // Read more about this constraint in section 4.2.4 of the specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -inline static constexpr bool +static inline constexpr bool check_ht_height_and_layer(const uint32_t h, const uint32_t d) { return (h - (h / d)) <= 64u; @@ -82,7 +71,7 @@ check_ht_height_and_layer(const uint32_t h, const uint32_t d) // // See Winternitz Parameter point in section 3.1 of // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -inline static constexpr bool +static inline constexpr bool check_w(const size_t w) { return (w == 4) || (w == 16) || (w == 256); @@ -92,8 +81,8 @@ check_w(const size_t w) // // See section 3.1 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t log2() requires(check_w(w)) { @@ -104,8 +93,8 @@ log2() // // See section 3.1 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t compute_wots_len1() { return (8 * n) / log2(); @@ -115,8 +104,8 @@ compute_wots_len1() // // See section 3.1 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t compute_wots_len2() { constexpr size_t t0 = len1 * (w - 1); @@ -130,8 +119,8 @@ compute_wots_len2() // // See section 3.1 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t compute_wots_len() { constexpr size_t len1 = compute_wots_len1(); @@ -142,8 +131,8 @@ compute_wots_len() // Compile-time compute message digest length ( = m ) in bytes, following // section 6.1 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t compute_sphincs_md_len() { constexpr uint32_t t0 = (k * a + 7) >> 3; @@ -155,8 +144,8 @@ compute_sphincs_md_len() // Compile-time compute length of FORS sigature, following section 5.5 of // the specification https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t compute_fors_sig_len() { return n * static_cast(k * (a + 1u)); @@ -164,8 +153,8 @@ compute_fors_sig_len() // Compile-time compute length of HyperTree signature, following section 4.2.3 // of the specification https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t compute_ht_sig_len() { constexpr size_t len = compute_wots_len(); @@ -174,8 +163,8 @@ compute_ht_sig_len() // Compile-time compute length of SPHINCS+ public key; see figure 14 of the // specification https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t get_sphincs_pkey_len() { return n + n; @@ -183,8 +172,8 @@ get_sphincs_pkey_len() // Compile-time compute length of SPHINCS+ secret key; see figure 14 of the // specification https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t get_sphincs_skey_len() { return n + n + get_sphincs_pkey_len(); @@ -192,13 +181,8 @@ get_sphincs_skey_len() // Compile-time compute length of SPHINCS+ signature, see figure 15 of the // specification https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr size_t +template +static inline constexpr size_t get_sphincs_sig_len() { return n + compute_fors_sig_len() + compute_ht_sig_len(); @@ -206,7 +190,7 @@ get_sphincs_sig_len() // Given a 32 -bit word, this routine extracts out each byte from that word and // places them in a big endian byte array. -inline static void +static inline void to_be_bytes(const uint32_t word, uint8_t* const bytes) { bytes[0] = static_cast(word >> 24); @@ -217,12 +201,10 @@ to_be_bytes(const uint32_t word, uint8_t* const bytes) // Given a byte array of length 4, this routine converts it to a big endian 32 // -bit word. -inline static uint32_t +static inline uint32_t from_be_bytes(const uint8_t* const bytes) { - return (static_cast(bytes[0]) << 24) | - (static_cast(bytes[1]) << 16) | - (static_cast(bytes[2]) << 8) | + return (static_cast(bytes[0]) << 24) | (static_cast(bytes[1]) << 16) | (static_cast(bytes[2]) << 8) | (static_cast(bytes[3]) << 0); } @@ -231,8 +213,8 @@ from_be_bytes(const uint8_t* const bytes) // // See section 2.5 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static constexpr bool +template +static inline constexpr bool check_olen() { constexpr size_t lgw = log2(); @@ -251,8 +233,8 @@ check_olen() // // See section 2.4 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static std::array +template +static inline std::array to_byte(const T x) requires(std::is_unsigned_v) { @@ -276,8 +258,8 @@ to_byte(const T x) // // See algorithm 1 in section 2.5 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void base_w(const uint8_t* const __restrict in, uint8_t* const __restrict out) requires(check_olen()) { @@ -309,11 +291,10 @@ base_w(const uint8_t* const __restrict in, uint8_t* const __restrict out) // significant bits ( i.e. a = to_idx - frm_idx + 1 ). Extracted a -many // contiguous bits are now interpreted as an 32 -bit unsigned integer // ∈ [0, t) | a <= 32 and t = 2^a -inline static uint32_t -extract_contiguous_bits_as_u32( - const uint8_t* const __restrict msg, // byte array to extract bits from - const uint32_t frm_idx, // starting bit index - const uint32_t to_idx // ending bit index +static inline uint32_t +extract_contiguous_bits_as_u32(const uint8_t* const __restrict msg, // byte array to extract bits from + const uint32_t frm_idx, // starting bit index + const uint32_t to_idx // ending bit index ) { constexpr uint8_t mask = 0b1; @@ -350,6 +331,30 @@ to_hex(const uint8_t* const bytes, const size_t len) return ss.str(); } +// Given a hex encoded string of length 2*L, this routine can be used for +// parsing it as a byte array of length L. +static inline std::vector +from_hex(std::string_view hex) +{ + const size_t hlen = hex.length(); + assert(hlen % 2 == 0); + + const size_t blen = hlen / 2; + std::vector res(blen, 0); + + for (size_t i = 0; i < blen; i++) { + const size_t off = i * 2; + + uint8_t byte = 0; + auto sstr = hex.substr(off, 2); + std::from_chars(sstr.data(), sstr.data() + 2, byte, 16); + + res[i] = byte; + } + + return res; +} + // Generates N -many random values of type T | N >= 0 template static inline void diff --git a/include/wots.hpp b/include/wots.hpp index 485693b..a2b37db 100644 --- a/include/wots.hpp +++ b/include/wots.hpp @@ -12,8 +12,8 @@ namespace sphincs_wots { // // See algorithm 2 in section 3.2 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void chain(const uint8_t* const __restrict x, // n -bytes const uint32_t s_idx, // starting index const uint32_t steps, // # -of steps @@ -45,8 +45,8 @@ chain(const uint8_t* const __restrict x, // n -bytes // seed, n -bytes public key seed and 32 -bytes WOTS+ hash address, using // algorithm 4 defined in section 3.4 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void pkgen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const uint8_t* const __restrict pk_seed, // n -bytes public key seed sphincs_adrs::wots_hash_t adrs, // 32 -bytes WOTS+ hash address @@ -75,12 +75,7 @@ pkgen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed adrs.set_chain_address(i); adrs.set_hash_address(0); - chain(sk_limb, - 0u, - static_cast(w - 1), - adrs, - pk_seed, - chain_limbs + off); + chain(sk_limb, 0u, static_cast(w - 1), adrs, pk_seed, chain_limbs + off); } pk_adrs.set_type(sphincs_adrs::type_t::WOTS_PK); @@ -93,8 +88,8 @@ pkgen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed // secret key seed, n -bytes public key seed and 32 -bytes WOTS+ hash address, // using algorithm 5 defined in section 3.5 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void sign(const uint8_t* const __restrict msg, // n -bytes message to sign const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const uint8_t* const __restrict pk_seed, // n -bytes public key seed @@ -155,14 +150,13 @@ sign(const uint8_t* const __restrict msg, // n -bytes message to sign // hash address is also provided, using algorithm 6, defined in section 3.6 of // SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -pk_from_sig( - const uint8_t* const __restrict sig, // n * len -bytes signature - const uint8_t* const __restrict msg, // n -bytes message ( which was signed ) - const uint8_t* const __restrict pk_seed, // n -bytes public key seed - sphincs_adrs::wots_hash_t adrs, // 32 -bytes WOTS+ hash address - uint8_t* const __restrict pkey // n -bytes public key +template +static inline void +pk_from_sig(const uint8_t* const __restrict sig, // n * len -bytes signature + const uint8_t* const __restrict msg, // n -bytes message ( which was signed ) + const uint8_t* const __restrict pk_seed, // n -bytes public key seed + sphincs_adrs::wots_hash_t adrs, // 32 -bytes WOTS+ hash address + uint8_t* const __restrict pkey // n -bytes public key ) { constexpr size_t lgw = sphincs_utils::log2(); diff --git a/include/xmss.hpp b/include/xmss.hpp index 62629bb..a882ffc 100644 --- a/include/xmss.hpp +++ b/include/xmss.hpp @@ -11,7 +11,7 @@ namespace sphincs_xmss { // Read section 4.1.3 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf to understand why // height of node needs to be kept track of. -template +template struct node_t { uint8_t data[n]{}; @@ -22,16 +22,15 @@ struct node_t // leaf node being WOTS+ compressed public key at index `s_idx`, using algorithm // 7, described in section 4.1.3 of SPHINCS+ specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -treehash( - const uint8_t* const __restrict sk_seed, // n -bytes secret key seed - const uint32_t s_idx, // 4 -bytes start index - const uint32_t n_height, // 4 -bytes target node height - const uint8_t* const __restrict pk_seed, // n -bytes public key seed - const sphincs_adrs::adrs_t adrs, // 32 -bytes address of containing tree - uint8_t* const __restrict root // n -bytes root of subtree of height - // `n_height` +template +static inline void +treehash(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed + const uint32_t s_idx, // 4 -bytes start index + const uint32_t n_height, // 4 -bytes target node height + const uint8_t* const __restrict pk_seed, // n -bytes public key seed + const sphincs_adrs::adrs_t adrs, // 32 -bytes address of containing tree + uint8_t* const __restrict root // n -bytes root of subtree of height + // `n_height` ) { // # -of leafs in the subtree @@ -91,15 +90,15 @@ treehash( // Computes XMSS public key, which is the n -bytes root of the binary hash tree, // of height h, using algorithm 8, described in section 4.1.4 of SPHINCS+ // specification https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void +template +static inline void pkgen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const uint8_t* const __restrict pk_seed, // n -bytes public key seed - const sphincs_adrs::adrs_t adrs, // 32 -bytes address of containing tree - uint8_t* const __restrict pkey // n -bytes public key + const sphincs_adrs::adrs_t adrs, // 32 -bytes address of containing tree + uint8_t* const __restrict pkey // n -bytes public key ) { treehash(sk_seed, 0u, h, pk_seed, adrs, pkey); @@ -115,17 +114,17 @@ pkgen(const uint8_t* const __restrict sk_seed, // n -bytes secret key seed // // Find the specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -sign(const uint8_t* const __restrict msg, // n -bytes message ( to be signed ) +template +static inline void +sign(const uint8_t* const __restrict msg, // n -bytes message ( to be signed ) const uint8_t* const __restrict sk_seed, // n -bytes secret key seed const uint32_t idx, // 4 -bytes WOTS+ keypair index const uint8_t* const __restrict pk_seed, // n -bytes public key seed - const sphincs_adrs::adrs_t adrs, // 32 -bytes address of XMSS instance - uint8_t* const __restrict sig // (len * n + h * n) -bytes signature + const sphincs_adrs::adrs_t adrs, // 32 -bytes address of XMSS instance + uint8_t* const __restrict sig // (len * n + h * n) -bytes signature ) { constexpr size_t len = sphincs_utils::compute_wots_len(); @@ -156,18 +155,17 @@ sign(const uint8_t* const __restrict msg, // n -bytes message ( to be signed ) // It uses algorithm 10 for implicit XMSS signature verification, which is // described in section 4.1.7 of the specification // https://sphincs.org/data/sphincs+-r3.1-specification.pdf -template -inline static void -pk_from_sig( - const uint32_t idx, // 4 -bytes WOTS+ keypair index - const uint8_t* const __restrict sig, // (len * n + h * n) -bytes signature - const uint8_t* const __restrict msg, // n -bytes message - const uint8_t* const __restrict pk_seed, // n -bytes public key seed - const sphincs_adrs::adrs_t adrs, // 32 -bytes address of XMSS instance - uint8_t* const __restrict pkey // n -bytes public key +template +static inline void +pk_from_sig(const uint32_t idx, // 4 -bytes WOTS+ keypair index + const uint8_t* const __restrict sig, // (len * n + h * n) -bytes signature + const uint8_t* const __restrict msg, // n -bytes message + const uint8_t* const __restrict pk_seed, // n -bytes public key seed + const sphincs_adrs::adrs_t adrs, // 32 -bytes address of XMSS instance + uint8_t* const __restrict pkey // n -bytes public key ) { constexpr size_t len = sphincs_utils::compute_wots_len(); diff --git a/test/main.cpp b/test/main.cpp deleted file mode 100644 index 47dc623..0000000 --- a/test/main.cpp +++ /dev/null @@ -1,111 +0,0 @@ -#include "test/test_sphincs.hpp" -#include - -int -main() -{ - test_sphincs::test_wots<16, 16, sphincs_hashing::variant::robust>(); - test_sphincs::test_wots<16, 16, sphincs_hashing::variant::simple>(); - - test_sphincs::test_wots<24, 16, sphincs_hashing::variant::robust>(); - test_sphincs::test_wots<24, 16, sphincs_hashing::variant::simple>(); - - test_sphincs::test_wots<32, 16, sphincs_hashing::variant::robust>(); - test_sphincs::test_wots<32, 16, sphincs_hashing::variant::simple>(); - - std::cout << "[test] WOTS+ one-time signature\n"; - - test_sphincs::test_xmss<63 / 7, 16, 16, sphincs_hashing::variant::robust>(); - test_sphincs::test_xmss<63 / 7, 16, 16, sphincs_hashing::variant::simple>(); - test_sphincs::test_xmss<66 / 22, 16, 16, sphincs_hashing::variant::robust>(); - test_sphincs::test_xmss<66 / 22, 16, 16, sphincs_hashing::variant::simple>(); - - test_sphincs::test_xmss<63 / 7, 24, 16, sphincs_hashing::variant::robust>(); - test_sphincs::test_xmss<63 / 7, 24, 16, sphincs_hashing::variant::simple>(); - test_sphincs::test_xmss<66 / 22, 24, 16, sphincs_hashing::variant::robust>(); - test_sphincs::test_xmss<66 / 22, 24, 16, sphincs_hashing::variant::simple>(); - - test_sphincs::test_xmss<64 / 8, 32, 16, sphincs_hashing::variant::robust>(); - test_sphincs::test_xmss<64 / 8, 32, 16, sphincs_hashing::variant::simple>(); - test_sphincs::test_xmss<68 / 17, 32, 16, sphincs_hashing::variant::robust>(); - test_sphincs::test_xmss<68 / 17, 32, 16, sphincs_hashing::variant::simple>(); - - std::cout << "[test] Fixed Input-Length XMSS signature\n"; - - { - using namespace test_sphincs; - - test_hypertree<63, 7, 16, 16, sphincs_hashing::variant::robust>(); - test_hypertree<63, 7, 16, 16, sphincs_hashing::variant::simple>(); - test_hypertree<66, 22, 16, 16, sphincs_hashing::variant::robust>(); - test_hypertree<66, 22, 16, 16, sphincs_hashing::variant::simple>(); - - test_hypertree<63, 7, 24, 16, sphincs_hashing::variant::robust>(); - test_hypertree<63, 7, 24, 16, sphincs_hashing::variant::simple>(); - test_hypertree<66, 22, 24, 16, sphincs_hashing::variant::robust>(); - test_hypertree<66, 22, 24, 16, sphincs_hashing::variant::simple>(); - - test_hypertree<64, 8, 32, 16, sphincs_hashing::variant::robust>(); - test_hypertree<64, 8, 32, 16, sphincs_hashing::variant::simple>(); - test_hypertree<68, 17, 32, 16, sphincs_hashing::variant::robust>(); - test_hypertree<68, 17, 32, 16, sphincs_hashing::variant::simple>(); - - std::cout << "[test] HyperTree signature\n"; - } - - test_sphincs::test_fors<16, 12, 14, sphincs_hashing::variant::robust>(); - test_sphincs::test_fors<16, 12, 14, sphincs_hashing::variant::simple>(); - test_sphincs::test_fors<16, 6, 33, sphincs_hashing::variant::robust>(); - test_sphincs::test_fors<16, 6, 33, sphincs_hashing::variant::simple>(); - - test_sphincs::test_fors<24, 14, 17, sphincs_hashing::variant::robust>(); - test_sphincs::test_fors<24, 14, 17, sphincs_hashing::variant::simple>(); - test_sphincs::test_fors<24, 8, 33, sphincs_hashing::variant::robust>(); - test_sphincs::test_fors<24, 8, 33, sphincs_hashing::variant::simple>(); - - test_sphincs::test_fors<32, 14, 22, sphincs_hashing::variant::robust>(); - test_sphincs::test_fors<32, 14, 22, sphincs_hashing::variant::simple>(); - test_sphincs::test_fors<32, 9, 35, sphincs_hashing::variant::robust>(); - test_sphincs::test_fors<32, 9, 35, sphincs_hashing::variant::simple>(); - - std::cout << "[test] FORS signature\n"; - - { - using namespace test_sphincs; - using namespace sphincs_hashing; - - test_sphincs_plus<16, 63, 7, 12, 14, 16, variant::robust>(32); - test_sphincs_plus<16, 63, 7, 12, 14, 16, variant::robust, true>(32); - test_sphincs_plus<16, 63, 7, 12, 14, 16, variant::simple>(32); - test_sphincs_plus<16, 63, 7, 12, 14, 16, variant::simple, true>(32); - - test_sphincs_plus<16, 66, 22, 6, 33, 16, variant::robust>(32); - test_sphincs_plus<16, 66, 22, 6, 33, 16, variant::robust, true>(32); - test_sphincs_plus<16, 66, 22, 6, 33, 16, variant::simple>(32); - test_sphincs_plus<16, 66, 22, 6, 33, 16, variant::simple, true>(32); - - test_sphincs_plus<24, 63, 7, 14, 17, 16, variant::robust>(32); - test_sphincs_plus<24, 63, 7, 14, 17, 16, variant::robust, true>(32); - test_sphincs_plus<24, 63, 7, 14, 17, 16, variant::simple>(32); - test_sphincs_plus<24, 63, 7, 14, 17, 16, variant::simple, true>(32); - - test_sphincs_plus<24, 66, 22, 8, 33, 16, variant::robust>(32); - test_sphincs_plus<24, 66, 22, 8, 33, 16, variant::robust, true>(32); - test_sphincs_plus<24, 66, 22, 8, 33, 16, variant::simple>(32); - test_sphincs_plus<24, 66, 22, 8, 33, 16, variant::simple, true>(32); - - test_sphincs_plus<32, 64, 8, 14, 22, 16, variant::robust>(32); - test_sphincs_plus<32, 64, 8, 14, 22, 16, variant::robust, true>(32); - test_sphincs_plus<32, 64, 8, 14, 22, 16, variant::simple>(32); - test_sphincs_plus<32, 64, 8, 14, 22, 16, variant::simple, true>(32); - - test_sphincs_plus<32, 68, 17, 9, 35, 16, variant::robust>(32); - test_sphincs_plus<32, 68, 17, 9, 35, 16, variant::robust, true>(32); - test_sphincs_plus<32, 68, 17, 9, 35, 16, variant::simple>(32); - test_sphincs_plus<32, 68, 17, 9, 35, 16, variant::simple, true>(32); - - std::cout << "[test] SPHINCS+ signature\n"; - } - - return EXIT_SUCCESS; -} diff --git a/test_kat.sh b/test_kat.sh deleted file mode 100644 index 7118fab..0000000 --- a/test_kat.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -# 1. Make shared library object -make lib - -# 2. Run test cases -pushd wrapper/python -cp ../../kats/sphincs-shake-{128,192,256}{s,f}-{robust,simple}.kat . -python3 -m pytest -v -x -rm sphincs-shake-{128,192,256}{s,f}-{robust,simple}.kat -popd diff --git a/include/test/test_fors.hpp b/tests/test_fors.cpp similarity index 57% rename from include/test/test_fors.hpp rename to tests/test_fors.cpp index 93ef17e..f197526 100644 --- a/include/test/test_fors.hpp +++ b/tests/test_fors.cpp @@ -1,8 +1,5 @@ -#pragma once #include "fors.hpp" - -// Test functional correctness of SPHINCS+ -namespace test_sphincs { +#include // Test correctness of FORS implementation, in standalone mode, using // @@ -11,11 +8,8 @@ namespace test_sphincs { // - Recovering public key from signature and message // // with random data. -template -inline static void +template +static inline void test_fors() { constexpr size_t msg_len = (k * a + 7) / 8; // = ⌈(k * a) / 8⌉ -bytes @@ -40,9 +34,9 @@ test_fors() sphincs_fors::sign(msg, sk_seed, pk_seed, adrs, sig); sphincs_fors::pk_from_sig(sig, msg, pk_seed, adrs, pkey1); - bool flg = false; + bool flag = false; for (size_t i = 0; i < n; i++) { - flg |= static_cast(pkey0[i] ^ pkey1[i]); + flag |= static_cast(pkey0[i] ^ pkey1[i]); } std::free(sk_seed); @@ -52,7 +46,29 @@ test_fors() std::free(pkey1); std::free(sig); - assert(!flg); + EXPECT_FALSE(flag); +} + +TEST(SphincsPlus, FORSNISTSecurityLevel1) +{ + test_fors<16, 12, 14, sphincs_hashing::variant::robust>(); + test_fors<16, 12, 14, sphincs_hashing::variant::simple>(); + test_fors<16, 6, 33, sphincs_hashing::variant::robust>(); + test_fors<16, 6, 33, sphincs_hashing::variant::simple>(); +} + +TEST(SphincsPlus, FORSNISTSecurityLevel3) +{ + test_fors<24, 14, 17, sphincs_hashing::variant::robust>(); + test_fors<24, 14, 17, sphincs_hashing::variant::simple>(); + test_fors<24, 8, 33, sphincs_hashing::variant::robust>(); + test_fors<24, 8, 33, sphincs_hashing::variant::simple>(); } +TEST(SphincsPlus, FORSNISTSecurityLevel5) +{ + test_fors<32, 14, 22, sphincs_hashing::variant::robust>(); + test_fors<32, 14, 22, sphincs_hashing::variant::simple>(); + test_fors<32, 9, 35, sphincs_hashing::variant::robust>(); + test_fors<32, 9, 35, sphincs_hashing::variant::simple>(); } diff --git a/include/test/test_hypertree.hpp b/tests/test_hypertree.cpp similarity index 52% rename from include/test/test_hypertree.hpp rename to tests/test_hypertree.cpp index a78dbe3..92e2565 100644 --- a/include/test/test_hypertree.hpp +++ b/tests/test_hypertree.cpp @@ -1,8 +1,5 @@ -#pragma once #include "hypertree.hpp" - -// Test functional correctness of SPHINCS+ -namespace test_sphincs { +#include // Test correctness of HyperTree implementation, in standalone mode, using // @@ -11,12 +8,8 @@ namespace test_sphincs { // - Verifying signature by using public key and message // // with random data. -template -inline static void +template +static inline void test_hypertree() { constexpr size_t len = sphincs_utils::compute_wots_len(); @@ -37,11 +30,9 @@ test_hypertree() sphincs_utils::random_data(pk_seed, n); sphincs_utils::random_data(msg, n); - bool f = false; - sphincs_ht::pkgen(sk_seed, pk_seed, pkey); sphincs_ht::sign(msg, sk_seed, pk_seed, itree, ileaf, sig); - f = sphincs_ht::verify(msg, sig, pk_seed, itree, ileaf, pkey); + const bool flag = sphincs_ht::verify(msg, sig, pk_seed, itree, ileaf, pkey); std::free(sk_seed); std::free(pk_seed); @@ -49,7 +40,29 @@ test_hypertree() std::free(pkey); std::free(sig); - assert(f); + EXPECT_TRUE(flag); +} + +TEST(SphincsPlus, HyperTreeNISTSecurityLevel1) +{ + test_hypertree<63, 7, 16, 16, sphincs_hashing::variant::robust>(); + test_hypertree<63, 7, 16, 16, sphincs_hashing::variant::simple>(); + test_hypertree<66, 22, 16, 16, sphincs_hashing::variant::robust>(); + test_hypertree<66, 22, 16, 16, sphincs_hashing::variant::simple>(); } +TEST(SphincsPlus, HyperTreeNISTSecurityLevel3) +{ + test_hypertree<63, 7, 24, 16, sphincs_hashing::variant::robust>(); + test_hypertree<63, 7, 24, 16, sphincs_hashing::variant::simple>(); + test_hypertree<66, 22, 24, 16, sphincs_hashing::variant::robust>(); + test_hypertree<66, 22, 24, 16, sphincs_hashing::variant::simple>(); +} + +TEST(SphincsPlus, HyperTreeNISTSecurityLevel5) +{ + test_hypertree<64, 8, 32, 16, sphincs_hashing::variant::robust>(); + test_hypertree<64, 8, 32, 16, sphincs_hashing::variant::simple>(); + test_hypertree<68, 17, 32, 16, sphincs_hashing::variant::robust>(); + test_hypertree<68, 17, 32, 16, sphincs_hashing::variant::simple>(); } diff --git a/tests/test_sphincs+.cpp b/tests/test_sphincs+.cpp new file mode 100644 index 0000000..945606d --- /dev/null +++ b/tests/test_sphincs+.cpp @@ -0,0 +1,78 @@ +#include "sphincs.hpp" +#include + +// Test correctness of SPHINCS+ implementation, using +// +// - Keypair generation +// - Signing message using private key +// - Verifying signature using public key and message +// +// with random data. +template +static inline void +test_sphincs_plus(const size_t mlen) +{ + namespace utils = sphincs_utils; + constexpr size_t pklen = utils::get_sphincs_pkey_len(); + constexpr size_t sklen = utils::get_sphincs_skey_len(); + constexpr size_t siglen = utils::get_sphincs_sig_len(); + + // acquire memory resources + uint8_t* pkey = static_cast(std::malloc(pklen)); + uint8_t* skey = static_cast(std::malloc(sklen)); + uint8_t* msg = static_cast(std::malloc(mlen)); + uint8_t* sig = static_cast(std::malloc(siglen)); + + sphincs_utils::random_data(msg, mlen); + + sphincs::keygen(skey, pkey); + sphincs::sign(msg, mlen, skey, sig); + const bool flag = sphincs::verify(msg, mlen, sig, pkey); + + // release memory resources + std::free(pkey); + std::free(skey); + std::free(msg); + std::free(sig); + + EXPECT_TRUE(flag); +} + +TEST(SphincsPlus, SphincsPlusNISTSecurityLevel1KeygenSignVerify) +{ + test_sphincs_plus<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::robust>(32); + test_sphincs_plus<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::robust, true>(32); + test_sphincs_plus<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::simple>(32); + test_sphincs_plus<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::simple, true>(32); + + test_sphincs_plus<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::robust>(32); + test_sphincs_plus<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::robust, true>(32); + test_sphincs_plus<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::simple>(32); + test_sphincs_plus<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::simple, true>(32); +} + +TEST(SphincsPlus, SphincsPlusNISTSecurityLevel3KeygenSignVerify) +{ + test_sphincs_plus<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::robust>(32); + test_sphincs_plus<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::robust, true>(32); + test_sphincs_plus<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::simple>(32); + test_sphincs_plus<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::simple, true>(32); + + test_sphincs_plus<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::robust>(32); + test_sphincs_plus<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::robust, true>(32); + test_sphincs_plus<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::simple>(32); + test_sphincs_plus<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::simple, true>(32); +} + +TEST(SphincsPlus, SphincsPlusNISTSecurityLevel5KeygenSignVerify) +{ + test_sphincs_plus<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::robust>(32); + test_sphincs_plus<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::robust, true>(32); + test_sphincs_plus<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::simple>(32); + test_sphincs_plus<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::simple, true>(32); + + test_sphincs_plus<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::robust>(32); + test_sphincs_plus<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::robust, true>(32); + test_sphincs_plus<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::simple>(32); + test_sphincs_plus<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::simple, true>(32); +} diff --git a/tests/test_sphincs+_kat.cpp b/tests/test_sphincs+_kat.cpp new file mode 100644 index 0000000..be5b8ed --- /dev/null +++ b/tests/test_sphincs+_kat.cpp @@ -0,0 +1,179 @@ +#include "sphincs_inner.hpp" +#include "utils.hpp" +#include +#include +#include +#include +#include +#include +#include +#include + +// Test functional correctness and conformance ( to the reference implementation based on specification document +// https://sphincs.org/data/sphincs+-r3.1-specification.pdf ) of SPHINCS+ implementation, using Known Answer Tests, +// generated following instructions described in https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c. +template +static inline void +test_sphincs_plus_kat(const std::string kat_file) +{ + using namespace std::literals; + + std::fstream file(kat_file); + + while (true) { + std::string sk_seed0; + + if (!std::getline(file, sk_seed0).eof()) { + auto sk_seed1 = std::string_view(sk_seed0); + auto sk_seed2 = sk_seed1.substr(sk_seed1.find("="sv) + 2, sk_seed1.size()); + auto sk_seed = sphincs_utils::from_hex(sk_seed2); + + std::string sk_prf0; + std::getline(file, sk_prf0); + + auto sk_prf1 = std::string_view(sk_prf0); + auto sk_prf2 = sk_prf1.substr(sk_prf1.find("="sv) + 2, sk_prf1.size()); + auto sk_prf = sphincs_utils::from_hex(sk_prf2); + + std::string pk_seed0; + std::getline(file, pk_seed0); + + auto pk_seed1 = std::string_view(pk_seed0); + auto pk_seed2 = pk_seed1.substr(pk_seed1.find("="sv) + 2, pk_seed1.size()); + auto pk_seed = sphincs_utils::from_hex(pk_seed2); + + std::string pk_root0; + std::getline(file, pk_root0); + + auto pk_root1 = std::string_view(pk_root0); + auto pk_root2 = pk_root1.substr(pk_root1.find("="sv) + 2, pk_root1.size()); + auto pk_root = sphincs_utils::from_hex(pk_root2); + + std::string mlen0; + std::getline(file, mlen0); + size_t mlen = 0; + + auto mlen1 = std::string_view(mlen0); + auto mlen2 = mlen1.substr(mlen1.find("="sv) + 2, mlen1.size()); + std::from_chars(mlen2.data(), mlen2.data() + mlen2.size(), mlen); + + std::string msg0; + std::getline(file, msg0); + + auto msg1 = std::string_view(msg0); + auto msg2 = msg1.substr(msg1.find("="sv) + 2, msg1.size()); + auto msg = sphincs_utils::from_hex(msg2); + + std::string opt0; + std::getline(file, opt0); + + auto opt1 = std::string_view(opt0); + auto opt2 = opt1.substr(opt1.find("="sv) + 2, opt1.size()); + auto opt = sphincs_utils::from_hex(opt2); + + std::string sig0; + std::getline(file, sig0); + + auto sig1 = std::string_view(sig0); + auto sig2 = sig1.substr(sig1.find("="sv) + 2, sig1.size()); + auto sig = sphincs_utils::from_hex(sig2); + + constexpr size_t expected_pklen = sphincs_utils::get_sphincs_pkey_len(); + constexpr size_t expected_sklen = sphincs_utils::get_sphincs_skey_len(); + constexpr size_t expected_siglen = sphincs_utils::get_sphincs_sig_len(); + + const size_t computed_pklen = pk_seed.size() + pk_root.size(); + const size_t computed_sklen = sk_seed.size() + sk_prf.size() + computed_pklen; + const size_t computed_siglen = sig.size(); + + EXPECT_EQ(expected_pklen, computed_pklen); + EXPECT_EQ(expected_sklen, computed_sklen); + EXPECT_EQ(expected_siglen, computed_siglen); + + std::vector pkey(computed_pklen, 0); + std::vector skey(computed_sklen, 0); + std::vector computed_sig(computed_siglen, 0); + + // Keygen -> (randomized) Sign -> Verify + sphincs_inner::keygen(sk_seed.data(), sk_prf.data(), pk_seed.data(), skey.data(), pkey.data()); + sphincs_inner::sign(msg.data(), mlen, skey.data(), opt.data(), computed_sig.data()); + const auto flag = sphincs_inner::verify(msg.data(), mlen, computed_sig.data(), pkey.data()); + + // Check if computed public key, secret key and signature matches expected ones, from KAT file. + EXPECT_EQ(std::memcmp(pk_seed.data(), pkey.data(), pk_seed.size()), 0); + EXPECT_EQ(std::memcmp(pk_root.data(), pkey.data() + pk_seed.size(), pk_root.size()), 0); + EXPECT_EQ(std::memcmp(sk_seed.data(), skey.data(), sk_seed.size()), 0); + EXPECT_EQ(std::memcmp(sk_prf.data(), skey.data() + sk_seed.size(), sk_prf.size()), 0); + EXPECT_EQ(std::memcmp(pkey.data(), skey.data() + sk_seed.size() + sk_prf.size(), computed_pklen), 0); + EXPECT_EQ(std::memcmp(sig.data(), computed_sig.data(), computed_siglen), 0); + EXPECT_TRUE(flag); + + std::string empty_line; + std::getline(file, empty_line); + } else { + break; + } + } + + file.close(); +} + +TEST(SphincsPlus, SphincsPlus128sRobustKnownAnswerTests) +{ + test_sphincs_plus_kat<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::robust>("./kats/sphincs-shake-128s-robust.kat"); +} + +TEST(SphincsPlus, SphincsPlus128sSimpleKnownAnswerTests) +{ + test_sphincs_plus_kat<16, 63, 7, 12, 14, 16, sphincs_hashing::variant::simple>("./kats/sphincs-shake-128s-simple.kat"); +} + +TEST(SphincsPlus, SphincsPlus128fRobustKnownAnswerTests) +{ + test_sphincs_plus_kat<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::robust>("./kats/sphincs-shake-128f-robust.kat"); +} + +TEST(SphincsPlus, SphincsPlus128fSimpleKnownAnswerTests) +{ + test_sphincs_plus_kat<16, 66, 22, 6, 33, 16, sphincs_hashing::variant::simple>("./kats/sphincs-shake-128f-simple.kat"); +} + +TEST(SphincsPlus, SphincsPlus192sRobustKnownAnswerTests) +{ + test_sphincs_plus_kat<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::robust>("./kats/sphincs-shake-192s-robust.kat"); +} + +TEST(SphincsPlus, SphincsPlus192sSimpleKnownAnswerTests) +{ + test_sphincs_plus_kat<24, 63, 7, 14, 17, 16, sphincs_hashing::variant::simple>("./kats/sphincs-shake-192s-simple.kat"); +} + +TEST(SphincsPlus, SphincsPlus192fRobustKnownAnswerTests) +{ + test_sphincs_plus_kat<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::robust>("./kats/sphincs-shake-192f-robust.kat"); +} + +TEST(SphincsPlus, SphincsPlus192fSimpleKnownAnswerTests) +{ + test_sphincs_plus_kat<24, 66, 22, 8, 33, 16, sphincs_hashing::variant::simple>("./kats/sphincs-shake-192f-simple.kat"); +} + +TEST(SphincsPlus, SphincsPlus256sRobustKnownAnswerTests) +{ + test_sphincs_plus_kat<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::robust>("./kats/sphincs-shake-256s-robust.kat"); +} + +TEST(SphincsPlus, SphincsPlus256sSimpleKnownAnswerTests) +{ + test_sphincs_plus_kat<32, 64, 8, 14, 22, 16, sphincs_hashing::variant::simple>("./kats/sphincs-shake-256s-simple.kat"); +} + +TEST(SphincsPlus, SphincsPlus256fRobustKnownAnswerTests) +{ + test_sphincs_plus_kat<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::robust>("./kats/sphincs-shake-256f-robust.kat"); +} + +TEST(SphincsPlus, SphincsPlus256fSimpleKnownAnswerTests) +{ + test_sphincs_plus_kat<32, 68, 17, 9, 35, 16, sphincs_hashing::variant::simple>("./kats/sphincs-shake-256f-simple.kat"); +} diff --git a/include/test/test_wots.hpp b/tests/test_wots.cpp similarity index 68% rename from include/test/test_wots.hpp rename to tests/test_wots.cpp index 8dd70df..1a97fae 100644 --- a/include/test/test_wots.hpp +++ b/tests/test_wots.cpp @@ -1,9 +1,5 @@ -#pragma once #include "wots.hpp" -#include - -// Test functional correctness of SPHINCS+ -namespace test_sphincs { +#include // Test correctness of WOTS+ implementation, in standalone mode, using // @@ -14,9 +10,9 @@ namespace test_sphincs { // Note, WOTS+ is the One-Time Signature scheme that is used in SPHINCS+, though // its API is not fit for standalone usage, here random data filled WOTS+ hash // address is used for ensuring correctness - which should work correctly. -template -inline static void -test_wots() +template +static inline void +test_wots_plus() { constexpr size_t len = sphincs_utils::compute_wots_len(); @@ -40,9 +36,9 @@ test_wots() sphincs_wots::sign(msg, sk_seed, pk_seed, adrs, sig); sphincs_wots::pk_from_sig(sig, msg, pk_seed, adrs, pkey1); - bool flg = false; + bool flag = false; for (size_t i = 0; i < n; i++) { - flg |= static_cast(pkey0[i] ^ pkey1[i]); + flag |= static_cast(pkey0[i] ^ pkey1[i]); } std::free(sk_seed); @@ -52,7 +48,23 @@ test_wots() std::free(msg); std::free(sig); - assert(!flg); + EXPECT_FALSE(flag); +} + +TEST(SphincsPlus, WOTS_PlusNISTSecurityLevel1) +{ + test_wots_plus<16, 16, sphincs_hashing::variant::robust>(); + test_wots_plus<16, 16, sphincs_hashing::variant::simple>(); +} + +TEST(SphincsPlus, WOTS_PlusNISTSecurityLevel3) +{ + test_wots_plus<24, 16, sphincs_hashing::variant::robust>(); + test_wots_plus<24, 16, sphincs_hashing::variant::simple>(); } +TEST(SphincsPlus, WOTS_PlusNISTSecurityLevel5) +{ + test_wots_plus<32, 16, sphincs_hashing::variant::robust>(); + test_wots_plus<32, 16, sphincs_hashing::variant::simple>(); } diff --git a/include/test/test_xmss.hpp b/tests/test_xmss.cpp similarity index 58% rename from include/test/test_xmss.hpp rename to tests/test_xmss.cpp index 54daa37..a58df1f 100644 --- a/include/test/test_xmss.hpp +++ b/tests/test_xmss.cpp @@ -1,8 +1,5 @@ -#pragma once #include "xmss.hpp" - -// Test functional correctness of SPHINCS+ -namespace test_sphincs { +#include // Test correctness of fixed input-length XMSS implementation, in standalone // mode, using @@ -12,11 +9,8 @@ namespace test_sphincs { // - Verifying signature by recovering public key from message and signature // // with random data. -template -inline static void +template +static inline void test_xmss() { constexpr size_t len = sphincs_utils::compute_wots_len(); @@ -43,9 +37,9 @@ test_xmss() sphincs_xmss::sign(msg, sk_seed, idx, pk_seed, adrs, sig); sphincs_xmss::pk_from_sig(idx, sig, msg, pk_seed, adrs, pkey1); - bool flg = false; + bool flag = false; for (size_t i = 0; i < n; i++) { - flg |= static_cast(pkey0[i] ^ pkey1[i]); + flag |= static_cast(pkey0[i] ^ pkey1[i]); } std::free(sk_seed); @@ -55,7 +49,29 @@ test_xmss() std::free(pkey1); std::free(sig); - assert(!flg); + EXPECT_FALSE(flag); +} + +TEST(SphincsPlus, XMSSNISTSecurityLevel1) +{ + test_xmss<63 / 7, 16, 16, sphincs_hashing::variant::robust>(); + test_xmss<63 / 7, 16, 16, sphincs_hashing::variant::simple>(); + test_xmss<66 / 22, 16, 16, sphincs_hashing::variant::robust>(); + test_xmss<66 / 22, 16, 16, sphincs_hashing::variant::simple>(); +} + +TEST(SphincsPlus, XMSSNISTSecurityLevel3) +{ + test_xmss<63 / 7, 24, 16, sphincs_hashing::variant::robust>(); + test_xmss<63 / 7, 24, 16, sphincs_hashing::variant::simple>(); + test_xmss<66 / 22, 24, 16, sphincs_hashing::variant::robust>(); + test_xmss<66 / 22, 24, 16, sphincs_hashing::variant::simple>(); } +TEST(SphincsPlus, XMSSNISTSecurityLevel5) +{ + test_xmss<64 / 8, 32, 16, sphincs_hashing::variant::robust>(); + test_xmss<64 / 8, 32, 16, sphincs_hashing::variant::simple>(); + test_xmss<68 / 17, 32, 16, sphincs_hashing::variant::robust>(); + test_xmss<68 / 17, 32, 16, sphincs_hashing::variant::simple>(); } diff --git a/wrapper/python/requirements.txt b/wrapper/python/requirements.txt deleted file mode 100644 index 40b450d..0000000 --- a/wrapper/python/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -pytest==7.2.0 -black==22.10.0 diff --git a/wrapper/python/sphincs_shake.py b/wrapper/python/sphincs_shake.py deleted file mode 100644 index cae807b..0000000 --- a/wrapper/python/sphincs_shake.py +++ /dev/null @@ -1,780 +0,0 @@ -#!/usr/bin/python3 - -""" - Before using `sphincs_shake` library module, make sure you've run - `make lib` and generated shared library object, which is loaded - here; then function calls are forwarded to respective C++ implementation. - - Author: Anjan Roy - - Project: https://github.com/itzmeanjan/sphincs.git -""" - -from ctypes import c_size_t, CDLL, c_char_p, create_string_buffer, c_bool -from posixpath import exists, abspath -from typing import Tuple - -SO_PATH: str = abspath("../libsphincs+-shake.so") -assert exists(SO_PATH), "Use `make lib` to generate shared library object !" - -SO_LIB: CDLL = CDLL(SO_PATH) - - -def sphincs_shake_128s_robust_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 16 -bytes secret key seed, 16 -bytes secret key PRF and 16 -bytes - public key seed, this routine compute 64 -bytes secret key and 32 -bytes - public key, using SPHINCS+-SHAKE-128s-robust keygen algorithm - """ - assert ( - len(sk_seed) == 16 - ), "[SPHINCS+-SHAKE-128s-robust] Expected secret key seed to be 16 -bytes" - assert ( - len(sk_prf) == 16 - ), "[SPHINCS+-SHAKE-128s-robust] Expected secret key PRF to be 16 -bytes" - assert ( - len(pk_seed) == 16 - ), "[SPHINCS+-SHAKE-128s-robust] Expected public key seed to be 16 -bytes" - - skey = create_string_buffer(64) - pkey = create_string_buffer(32) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128s_robust_keygen.argtypes = args - - SO_LIB.sphincs_shake_128s_robust_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_128s_simple_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 16 -bytes secret key seed, 16 -bytes secret key PRF and 16 -bytes - public key seed, this routine compute 64 -bytes secret key and 32 -bytes - public key, using SPHINCS+-SHAKE-128s-simple keygen algorithm - """ - assert ( - len(sk_seed) == 16 - ), "[SPHINCS+-SHAKE-128s-simple] Expected secret key seed to be 16 -bytes" - assert ( - len(sk_prf) == 16 - ), "[SPHINCS+-SHAKE-128s-simple] Expected secret key PRF to be 16 -bytes" - assert ( - len(pk_seed) == 16 - ), "[SPHINCS+-SHAKE-128s-simple] Expected public key seed to be 16 -bytes" - - skey = create_string_buffer(64) - pkey = create_string_buffer(32) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128s_simple_keygen.argtypes = args - - SO_LIB.sphincs_shake_128s_simple_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_128f_robust_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 16 -bytes secret key seed, 16 -bytes secret key PRF and 16 -bytes - public key seed, this routine compute 64 -bytes secret key and 32 -bytes - public key, using SPHINCS+-SHAKE-128f-robust keygen algorithm - """ - assert ( - len(sk_seed) == 16 - ), "[SPHINCS+-SHAKE-128f-robust] Expected secret key seed to be 16 -bytes" - assert ( - len(sk_prf) == 16 - ), "[SPHINCS+-SHAKE-128f-robust] Expected secret key PRF to be 16 -bytes" - assert ( - len(pk_seed) == 16 - ), "[SPHINCS+-SHAKE-128f-robust] Expected public key seed to be 16 -bytes" - - skey = create_string_buffer(64) - pkey = create_string_buffer(32) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128f_robust_keygen.argtypes = args - - SO_LIB.sphincs_shake_128f_robust_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_128f_simple_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 16 -bytes secret key seed, 16 -bytes secret key PRF and 16 -bytes - public key seed, this routine compute 64 -bytes secret key and 32 -bytes - public key, using SPHINCS+-SHAKE-128f-simple keygen algorithm - """ - assert ( - len(sk_seed) == 16 - ), "[SPHINCS+-SHAKE-128f-simple] Expected secret key seed to be 16 -bytes" - assert ( - len(sk_prf) == 16 - ), "[SPHINCS+-SHAKE-128f-simple] Expected secret key PRF to be 16 -bytes" - assert ( - len(pk_seed) == 16 - ), "[SPHINCS+-SHAKE-128f-simple] Expected public key seed to be 16 -bytes" - - skey = create_string_buffer(64) - pkey = create_string_buffer(32) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128f_simple_keygen.argtypes = args - - SO_LIB.sphincs_shake_128f_simple_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_192s_robust_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 24 -bytes secret key seed, 24 -bytes secret key PRF and 24 -bytes - public key seed, this routine compute 96 -bytes secret key and 48 -bytes - public key, using SPHINCS+-SHAKE-192s-robust keygen algorithm - """ - assert ( - len(sk_seed) == 24 - ), "[SPHINCS+-SHAKE-192s-robust] Expected secret key seed to be 24 -bytes" - assert ( - len(sk_prf) == 24 - ), "[SPHINCS+-SHAKE-192s-robust] Expected secret key PRF to be 24 -bytes" - assert ( - len(pk_seed) == 24 - ), "[SPHINCS+-SHAKE-192s-robust] Expected public key seed to be 24 -bytes" - - skey = create_string_buffer(96) - pkey = create_string_buffer(48) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192s_robust_keygen.argtypes = args - - SO_LIB.sphincs_shake_192s_robust_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_192s_simple_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 24 -bytes secret key seed, 24 -bytes secret key PRF and 24 -bytes - public key seed, this routine compute 96 -bytes secret key and 48 -bytes - public key, using SPHINCS+-SHAKE-192s-simple keygen algorithm - """ - assert ( - len(sk_seed) == 24 - ), "[SPHINCS+-SHAKE-192s-simple] Expected secret key seed to be 24 -bytes" - assert ( - len(sk_prf) == 24 - ), "[SPHINCS+-SHAKE-192s-simple] Expected secret key PRF to be 24 -bytes" - assert ( - len(pk_seed) == 24 - ), "[SPHINCS+-SHAKE-192s-simple] Expected public key seed to be 24 -bytes" - - skey = create_string_buffer(96) - pkey = create_string_buffer(48) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192s_simple_keygen.argtypes = args - - SO_LIB.sphincs_shake_192s_simple_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_192f_robust_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 24 -bytes secret key seed, 24 -bytes secret key PRF and 24 -bytes - public key seed, this routine compute 96 -bytes secret key and 48 -bytes - public key, using SPHINCS+-SHAKE-192f-robust keygen algorithm - """ - assert ( - len(sk_seed) == 24 - ), "[SPHINCS+-SHAKE-192f-robust] Expected secret key seed to be 24 -bytes" - assert ( - len(sk_prf) == 24 - ), "[SPHINCS+-SHAKE-192f-robust] Expected secret key PRF to be 24 -bytes" - assert ( - len(pk_seed) == 24 - ), "[SPHINCS+-SHAKE-192f-robust] Expected public key seed to be 24 -bytes" - - skey = create_string_buffer(96) - pkey = create_string_buffer(48) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192f_robust_keygen.argtypes = args - - SO_LIB.sphincs_shake_192f_robust_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_192f_simple_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 24 -bytes secret key seed, 24 -bytes secret key PRF and 24 -bytes - public key seed, this routine compute 96 -bytes secret key and 48 -bytes - public key, using SPHINCS+-SHAKE-192f-simple keygen algorithm - """ - assert ( - len(sk_seed) == 24 - ), "[SPHINCS+-SHAKE-192f-simple] Expected secret key seed to be 24 -bytes" - assert ( - len(sk_prf) == 24 - ), "[SPHINCS+-SHAKE-192f-simple] Expected secret key PRF to be 24 -bytes" - assert ( - len(pk_seed) == 24 - ), "[SPHINCS+-SHAKE-192f-simple] Expected public key seed to be 24 -bytes" - - skey = create_string_buffer(96) - pkey = create_string_buffer(48) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192f_simple_keygen.argtypes = args - - SO_LIB.sphincs_shake_192f_simple_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_256s_robust_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 32 -bytes secret key seed, 32 -bytes secret key PRF and 32 -bytes - public key seed, this routine compute 128 -bytes secret key and 64 -bytes - public key, using SPHINCS+-SHAKE-256s-robust keygen algorithm - """ - assert ( - len(sk_seed) == 32 - ), "[SPHINCS+-SHAKE-256s-robust] Expected secret key seed to be 32 -bytes" - assert ( - len(sk_prf) == 32 - ), "[SPHINCS+-SHAKE-256s-robust] Expected secret key PRF to be 32 -bytes" - assert ( - len(pk_seed) == 32 - ), "[SPHINCS+-SHAKE-256s-robust] Expected public key seed to be 32 -bytes" - - skey = create_string_buffer(128) - pkey = create_string_buffer(64) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256s_robust_keygen.argtypes = args - - SO_LIB.sphincs_shake_256s_robust_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_256s_simple_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 32 -bytes secret key seed, 32 -bytes secret key PRF and 32 -bytes - public key seed, this routine compute 128 -bytes secret key and 64 -bytes - public key, using SPHINCS+-SHAKE-256s-simple keygen algorithm - """ - assert ( - len(sk_seed) == 32 - ), "[SPHINCS+-SHAKE-256s-simple] Expected secret key seed to be 32 -bytes" - assert ( - len(sk_prf) == 32 - ), "[SPHINCS+-SHAKE-256s-simple] Expected secret key PRF to be 32 -bytes" - assert ( - len(pk_seed) == 32 - ), "[SPHINCS+-SHAKE-256s-simple] Expected public key seed to be 32 -bytes" - - skey = create_string_buffer(128) - pkey = create_string_buffer(64) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256s_simple_keygen.argtypes = args - - SO_LIB.sphincs_shake_256s_simple_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_256f_robust_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 32 -bytes secret key seed, 32 -bytes secret key PRF and 32 -bytes - public key seed, this routine compute 128 -bytes secret key and 64 -bytes - public key, using SPHINCS+-SHAKE-256f-robust keygen algorithm - """ - assert ( - len(sk_seed) == 32 - ), "[SPHINCS+-SHAKE-256f-robust] Expected secret key seed to be 32 -bytes" - assert ( - len(sk_prf) == 32 - ), "[SPHINCS+-SHAKE-256f-robust] Expected secret key PRF to be 32 -bytes" - assert ( - len(pk_seed) == 32 - ), "[SPHINCS+-SHAKE-256f-robust] Expected public key seed to be 32 -bytes" - - skey = create_string_buffer(128) - pkey = create_string_buffer(64) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256f_robust_keygen.argtypes = args - - SO_LIB.sphincs_shake_256f_robust_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_256f_simple_keygen( - sk_seed: bytes, sk_prf: bytes, pk_seed: bytes -) -> Tuple[bytes, bytes]: - """ - Given 32 -bytes secret key seed, 32 -bytes secret key PRF and 32 -bytes - public key seed, this routine compute 128 -bytes secret key and 64 -bytes - public key, using SPHINCS+-SHAKE-256f-simple keygen algorithm - """ - assert ( - len(sk_seed) == 32 - ), "[SPHINCS+-SHAKE-256f-simple] Expected secret key seed to be 32 -bytes" - assert ( - len(sk_prf) == 32 - ), "[SPHINCS+-SHAKE-256f-simple] Expected secret key PRF to be 32 -bytes" - assert ( - len(pk_seed) == 32 - ), "[SPHINCS+-SHAKE-256f-simple] Expected public key seed to be 32 -bytes" - - skey = create_string_buffer(128) - pkey = create_string_buffer(64) - - args = [c_char_p, c_char_p, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256f_simple_keygen.argtypes = args - - SO_LIB.sphincs_shake_256f_simple_keygen(sk_seed, sk_prf, pk_seed, skey, pkey) - - return skey.raw, pkey.raw - - -def sphincs_shake_128s_robust_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 64 -bytes secret key and 16 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-128s-robust signing algorithm - """ - sig = create_string_buffer(7856) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128s_robust_sign.argtypes = args - - SO_LIB.sphincs_shake_128s_robust_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_128s_simple_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 64 -bytes secret key and 16 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-128s-simple signing algorithm - """ - sig = create_string_buffer(7856) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128s_simple_sign.argtypes = args - - SO_LIB.sphincs_shake_128s_simple_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_128f_robust_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 64 -bytes secret key and 16 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-128f-robust signing algorithm - """ - sig = create_string_buffer(17088) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128f_robust_sign.argtypes = args - - SO_LIB.sphincs_shake_128f_robust_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_128f_simple_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 64 -bytes secret key and 16 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-128f-simple signing algorithm - """ - sig = create_string_buffer(17088) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128f_simple_sign.argtypes = args - - SO_LIB.sphincs_shake_128f_simple_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_192s_robust_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 96 -bytes secret key and 24 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-192s-robust signing algorithm - """ - sig = create_string_buffer(16224) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192s_robust_sign.argtypes = args - - SO_LIB.sphincs_shake_192s_robust_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_192s_simple_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 96 -bytes secret key and 24 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-192s-simple signing algorithm - """ - sig = create_string_buffer(16224) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192s_simple_sign.argtypes = args - - SO_LIB.sphincs_shake_192s_simple_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_192f_robust_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 96 -bytes secret key and 24 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-192f-robust signing algorithm - """ - sig = create_string_buffer(35664) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192f_robust_sign.argtypes = args - - SO_LIB.sphincs_shake_192f_robust_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_192f_simple_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 96 -bytes secret key and 24 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-192f-simple signing algorithm - """ - sig = create_string_buffer(35664) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192f_simple_sign.argtypes = args - - SO_LIB.sphincs_shake_192f_simple_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_256s_robust_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 128 -bytes secret key and 32 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-256s-robust signing algorithm - """ - sig = create_string_buffer(29792) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256s_robust_sign.argtypes = args - - SO_LIB.sphincs_shake_256s_robust_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_256s_simple_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 128 -bytes secret key and 32 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-256s-simple signing algorithm - """ - sig = create_string_buffer(29792) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256s_simple_sign.argtypes = args - - SO_LIB.sphincs_shake_256s_simple_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_256f_robust_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 128 -bytes secret key and 32 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-256f-robust signing algorithm - """ - sig = create_string_buffer(49856) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256f_robust_sign.argtypes = args - - SO_LIB.sphincs_shake_256f_robust_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_256f_simple_sign( - msg: bytes, mlen: int, skey: bytes, rbytes: bytes -) -> bytes: - """ - Given mlen -bytes message, 128 -bytes secret key and 32 -bytes signature - randomization seed, this routine computes SPHINCS+ signature using - SPHINCS+-SHAKE-256f-simple signing algorithm - """ - sig = create_string_buffer(49856) - - args = [c_char_p, c_size_t, c_char_p, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256f_simple_sign.argtypes = args - - SO_LIB.sphincs_shake_256f_simple_sign(msg, mlen, skey, rbytes, sig) - - return sig.raw - - -def sphincs_shake_128s_robust_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 32 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-128s-robust algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128s_robust_verify.argtypes = args - SO_LIB.sphincs_shake_128s_robust_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_128s_robust_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_128s_simple_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 32 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-128s-simple algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128s_simple_verify.argtypes = args - SO_LIB.sphincs_shake_128s_simple_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_128s_simple_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_128f_robust_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 32 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-128f-robust algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128f_robust_verify.argtypes = args - SO_LIB.sphincs_shake_128f_robust_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_128f_robust_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_128f_simple_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 32 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-128f-simple algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_128f_simple_verify.argtypes = args - SO_LIB.sphincs_shake_128f_simple_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_128f_simple_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_192s_robust_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 48 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-192s-robust algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192s_robust_verify.argtypes = args - SO_LIB.sphincs_shake_192s_robust_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_192s_robust_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_192s_simple_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 48 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-192s-simple algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192s_simple_verify.argtypes = args - SO_LIB.sphincs_shake_192s_simple_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_192s_simple_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_192f_robust_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 48 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-192f-robust algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192f_robust_verify.argtypes = args - SO_LIB.sphincs_shake_192f_robust_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_192f_robust_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_192f_simple_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 48 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-192f-simple algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_192f_simple_verify.argtypes = args - SO_LIB.sphincs_shake_192f_simple_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_192f_simple_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_256s_robust_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 64 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-256s-robust algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256s_robust_verify.argtypes = args - SO_LIB.sphincs_shake_256s_robust_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_256s_robust_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_256s_simple_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 64 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-256s-simple algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256s_simple_verify.argtypes = args - SO_LIB.sphincs_shake_256s_simple_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_256s_simple_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_256f_robust_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 64 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-256f-robust algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256f_robust_verify.argtypes = args - SO_LIB.sphincs_shake_256f_robust_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_256f_robust_verify(msg, mlen, sig, pkey) - return verified - - -def sphincs_shake_256f_simple_verify( - msg: bytes, mlen: int, sig: bytes, pkey: bytes -) -> bool: - """ - Given mlen -bytes message, SPHINCS+ signature and 64 -bytes public key, - this routine verifies signature using SPHINCS+-SHAKE-256f-simple algorithm - and returns boolean truth value if signature verification succeeds - """ - args = [c_char_p, c_size_t, c_char_p, c_char_p] - SO_LIB.sphincs_shake_256f_simple_verify.argtypes = args - SO_LIB.sphincs_shake_256f_simple_verify.restype = c_bool - - verified = SO_LIB.sphincs_shake_256f_simple_verify(msg, mlen, sig, pkey) - return verified - - -if __name__ == "__main__": - print("Use `sphincs-shake` as library module") diff --git a/wrapper/python/test_sphincs_shake.py b/wrapper/python/test_sphincs_shake.py deleted file mode 100644 index 0723653..0000000 --- a/wrapper/python/test_sphincs_shake.py +++ /dev/null @@ -1,737 +0,0 @@ -#!/usr/bin/python3 - -import sphincs_shake as spx - - -def extract_out_value(key_val: str) -> str: - return [i.strip() for i in key_val.split("=")][-1] - - -def hex_to_bytes(hs: str) -> bytes: - return bytes( - [int(f"0x{hs[i * 2: (i+1) * 2]}", base=16) for i in range(len(hs) >> 1)] - ) - - -def test_sphincs_shake_128s_robust(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-128s-robust DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-128s-robust" - - with open("sphincs-shake-128s-robust.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_128s_robust_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_128s_robust_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_128s_robust_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_128s_simple(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-128s-simple DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-128s-simple" - - with open("sphincs-shake-128s-simple.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_128s_simple_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_128s_simple_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_128s_simple_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_128f_robust(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-128f-robust DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-128f-robust" - - with open("sphincs-shake-128f-robust.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_128f_robust_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_128f_robust_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_128f_robust_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_128f_simple(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-128f-simple DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-128f-simple" - - with open("sphincs-shake-128f-simple.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_128f_simple_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_128f_simple_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_128f_simple_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_192s_robust(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-192s-robust DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-192s-robust" - - with open("sphincs-shake-192s-robust.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_192s_robust_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_192s_robust_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_192s_robust_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_192s_simple(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-192s-simple DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-192s-simple" - - with open("sphincs-shake-192s-simple.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_192s_simple_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_192s_simple_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_192s_simple_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_192f_robust(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-192f-robust DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-192f-robust" - - with open("sphincs-shake-192f-robust.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_192f_robust_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_192f_robust_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_192f_robust_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_192f_simple(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-192f-simple DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-192f-simple" - - with open("sphincs-shake-192f-simple.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_192f_simple_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_192f_simple_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_192f_simple_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_256s_robust(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-256s-robust DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-256s-robust" - - with open("sphincs-shake-256s-robust.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_256s_robust_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_256s_robust_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_256s_robust_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_256s_simple(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-256s-simple DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-256s-simple" - - with open("sphincs-shake-256s-simple.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_256s_simple_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_256s_simple_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_256s_simple_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_256f_robust(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-256f-robust DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-256f-robust" - - with open("sphincs-shake-256f-robust.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_256f_robust_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_256f_robust_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_256f_robust_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -def test_sphincs_shake_256f_simple(): - """ - Ensures functional correctness and compatibility of SPHINCS+-SHAKE-256f-simple DSA implementation, - against original reference implementation https://github.com/sphincs/sphincsplus - - Known Answer Tests generated using https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - """ - - alg = "SPHINCS+-SHAKE-256f-simple" - - with open("sphincs-shake-256f-simple.kat", "r") as fd: - while True: - sk_seed = fd.readline() - if not sk_seed: - # no more KAT - break - - sk_prf = fd.readline() - pk_seed = fd.readline() - pk_root = fd.readline() - mlen = fd.readline() - msg = fd.readline() - opt = fd.readline() - sig = fd.readline() - - # extract out required fields - sk_seed = extract_out_value(sk_seed) - sk_prf = extract_out_value(sk_prf) - pk_seed = extract_out_value(pk_seed) - pk_root = extract_out_value(pk_root) - mlen = extract_out_value(mlen) - msg = extract_out_value(msg) - opt = extract_out_value(opt) - sig = extract_out_value(sig) - - # convert input hex strings to bytes object - sk_seed = hex_to_bytes(sk_seed) - sk_prf = hex_to_bytes(sk_prf) - pk_seed = hex_to_bytes(pk_seed) - pk_root = hex_to_bytes(pk_root) - mlen = int(mlen) - msg = hex_to_bytes(msg) - opt = hex_to_bytes(opt) - sig = hex_to_bytes(sig) - - pkey = pk_seed + pk_root - skey = sk_seed + sk_prf + pkey - - keys = spx.sphincs_shake_256f_simple_keygen(sk_seed, sk_prf, pk_seed) - sig_ = spx.sphincs_shake_256f_simple_sign(msg, mlen, keys[0], opt) - verified = spx.sphincs_shake_256f_simple_verify(msg, mlen, sig_, keys[1]) - - assert verified, f"[{alg}] Failed to verify signature" - assert pkey == keys[1], f"[{alg}] Public key doesn't match" - assert skey == keys[0], f"[{alg}] Secret key doesn't match" - assert sig_ == sig, f"[{alg}] Signature doesn't match" - - fd.readline() - - -if __name__ == "__main__": - print("Use `pytest` for running test cases") diff --git a/wrapper/sphincs+-shake.cpp b/wrapper/sphincs+-shake.cpp deleted file mode 100644 index 5a8ab8c..0000000 --- a/wrapper/sphincs+-shake.cpp +++ /dev/null @@ -1,953 +0,0 @@ -#include "sphincs_inner.hpp" - -// Thin C wrapper on top of underlying C++ implementation of -// SPHINCS+-SHAKE-{128,192,256}{s,f}-{robust,simple} digital signature algorithm -// (DSA), which can be used for producing shared library object with conformant -// C-ABI & interfaced from other languages such as Rust, Python etc. -// -// This interface is being exposed for testing this implementation's functional -// correctness and conformance with SPHINCS+ specification -// https://sphincs.org/data/sphincs+-r3.1-specification.pdf -// using known answer tests produced using -// https://gist.github.com/itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c - -// Function prototypes -extern "C" -{ - // Key Generation API - - // Generates keypair for SPHINCS+-SHAKE-128s-robust parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_128s_robust_keygen( - const uint8_t* const __restrict, // 16 -bytes secret key seed - const uint8_t* const __restrict, // 16 -bytes secret key PRF - const uint8_t* const __restrict, // 16 -bytes public key seed - uint8_t* const __restrict, // 64 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 32 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-128s-simple parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_128s_simple_keygen( - const uint8_t* const __restrict, // 16 -bytes secret key seed - const uint8_t* const __restrict, // 16 -bytes secret key PRF - const uint8_t* const __restrict, // 16 -bytes public key seed - uint8_t* const __restrict, // 64 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 32 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-128f-robust parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_128f_robust_keygen( - const uint8_t* const __restrict, // 16 -bytes secret key seed - const uint8_t* const __restrict, // 16 -bytes secret key PRF - const uint8_t* const __restrict, // 16 -bytes public key seed - uint8_t* const __restrict, // 64 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 32 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-128f-simple parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_128f_simple_keygen( - const uint8_t* const __restrict, // 16 -bytes secret key seed - const uint8_t* const __restrict, // 16 -bytes secret key PRF - const uint8_t* const __restrict, // 16 -bytes public key seed - uint8_t* const __restrict, // 64 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 32 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-192s-robust parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_192s_robust_keygen( - const uint8_t* const __restrict, // 24 -bytes secret key seed - const uint8_t* const __restrict, // 24 -bytes secret key PRF - const uint8_t* const __restrict, // 24 -bytes public key seed - uint8_t* const __restrict, // 96 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 48 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-192s-simple parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_192s_simple_keygen( - const uint8_t* const __restrict, // 24 -bytes secret key seed - const uint8_t* const __restrict, // 24 -bytes secret key PRF - const uint8_t* const __restrict, // 24 -bytes public key seed - uint8_t* const __restrict, // 96 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 48 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-192f-robust parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_192f_robust_keygen( - const uint8_t* const __restrict, // 24 -bytes secret key seed - const uint8_t* const __restrict, // 24 -bytes secret key PRF - const uint8_t* const __restrict, // 24 -bytes public key seed - uint8_t* const __restrict, // 96 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 48 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-192f-simple parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_192f_simple_keygen( - const uint8_t* const __restrict, // 24 -bytes secret key seed - const uint8_t* const __restrict, // 24 -bytes secret key PRF - const uint8_t* const __restrict, // 24 -bytes public key seed - uint8_t* const __restrict, // 96 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 48 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-256s-robust parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_256s_robust_keygen( - const uint8_t* const __restrict, // 32 -bytes secret key seed - const uint8_t* const __restrict, // 32 -bytes secret key PRF - const uint8_t* const __restrict, // 32 -bytes public key seed - uint8_t* const __restrict, // 128 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 64 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-256s-simple parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_256s_simple_keygen( - const uint8_t* const __restrict, // 32 -bytes secret key seed - const uint8_t* const __restrict, // 32 -bytes secret key PRF - const uint8_t* const __restrict, // 32 -bytes public key seed - uint8_t* const __restrict, // 128 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 64 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-256f-robust parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_256f_robust_keygen( - const uint8_t* const __restrict, // 32 -bytes secret key seed - const uint8_t* const __restrict, // 32 -bytes secret key PRF - const uint8_t* const __restrict, // 32 -bytes public key seed - uint8_t* const __restrict, // 128 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 64 -bytes SPHINCS+ public key - ); - - // Generates keypair for SPHINCS+-SHAKE-256f-simple parameter set, as provided - // in table 3 of the specification - // https://sphincs.org/data/sphincs+-r3.1-specification.pdf - void sphincs_shake_256f_simple_keygen( - const uint8_t* const __restrict, // 32 -bytes secret key seed - const uint8_t* const __restrict, // 32 -bytes secret key PRF - const uint8_t* const __restrict, // 32 -bytes public key seed - uint8_t* const __restrict, // 128 -bytes SPHINCS+ secret key - uint8_t* const __restrict // 64 -bytes SPHINCS+ public key - ); - - // Signing API - - // Sign message using SPHINCS+-SHAKE-128s-robust secret key - void sphincs_shake_128s_robust_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 64 -bytes - const uint8_t* const __restrict, // 16 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-128s-simple secret key - void sphincs_shake_128s_simple_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 64 -bytes - const uint8_t* const __restrict, // 16 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-128f-robust secret key - void sphincs_shake_128f_robust_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 64 -bytes - const uint8_t* const __restrict, // 16 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-128f-simple secret key - void sphincs_shake_128f_simple_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 64 -bytes - const uint8_t* const __restrict, // 16 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-192s-robust secret key - void sphincs_shake_192s_robust_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 96 -bytes - const uint8_t* const __restrict, // 24 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-192s-simple secret key - void sphincs_shake_192s_simple_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 96 -bytes - const uint8_t* const __restrict, // 24 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-192f-robust secret key - void sphincs_shake_192f_robust_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 96 -bytes - const uint8_t* const __restrict, // 24 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-192f-simple secret key - void sphincs_shake_192f_simple_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 96 -bytes - const uint8_t* const __restrict, // 24 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-256s-robust secret key - void sphincs_shake_256s_robust_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 128 -bytes - const uint8_t* const __restrict, // 32 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-256s-simple secret key - void sphincs_shake_256s_simple_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 128 -bytes - const uint8_t* const __restrict, // 32 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-256f-robust secret key - void sphincs_shake_256f_robust_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 128 -bytes - const uint8_t* const __restrict, // 32 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Sign message using SPHINCS+-SHAKE-256f-simple secret key - void sphincs_shake_256f_simple_sign( - const uint8_t* const __restrict, // message to be signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ secret key of 128 -bytes - const uint8_t* const __restrict, // 32 -bytes randomness - uint8_t* const __restrict // SPHINCS+ signature - ); - - // Verification API - - // Verify signature using SPHINCS+-SHAKE-128s-robust public key - bool sphincs_shake_128s_robust_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 32 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-128s-simple public key - bool sphincs_shake_128s_simple_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 32 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-128f-robust public key - bool sphincs_shake_128f_robust_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 32 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-128f-simple public key - bool sphincs_shake_128f_simple_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 32 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-192s-robust public key - bool sphincs_shake_192s_robust_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 48 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-192s-simple public key - bool sphincs_shake_192s_simple_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 48 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-192f-robust public key - bool sphincs_shake_192f_robust_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 48 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-192f-simple public key - bool sphincs_shake_192f_simple_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 48 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-256s-robust public key - bool sphincs_shake_256s_robust_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 64 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-256s-simple public key - bool sphincs_shake_256s_simple_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 64 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-256f-robust public key - bool sphincs_shake_256f_robust_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 64 -bytes - ); - - // Verify signature using SPHINCS+-SHAKE-256f-simple public key - bool sphincs_shake_256f_simple_verify( - const uint8_t* const __restrict, // message which was signed - const size_t, // byte length of message - const uint8_t* const __restrict, // SPHINCS+ signature - const uint8_t* const __restrict // SPHINCS+ public key of 64 -bytes - ); -} - -// Function implementations -extern "C" -{ - - // Key Generation API - - void sphincs_shake_128s_robust_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 16; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::robust; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_128s_simple_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 16; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::simple; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_128f_robust_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 16; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::robust; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_128f_simple_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 16; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::simple; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_192s_robust_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 24; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::robust; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_192s_simple_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 24; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::simple; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_192f_robust_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 24; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::robust; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_192f_simple_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 24; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::simple; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_256s_robust_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 32; - constexpr uint32_t h = 64; - constexpr uint32_t d = 8; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::robust; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_256s_simple_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 32; - constexpr uint32_t h = 64; - constexpr uint32_t d = 8; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::simple; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_256f_robust_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 32; - constexpr uint32_t h = 68; - constexpr uint32_t d = 17; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::robust; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_256f_simple_keygen(const uint8_t* const __restrict sk_seed, - const uint8_t* const __restrict sk_prf, - const uint8_t* const __restrict pk_seed, - uint8_t* const __restrict skey, - uint8_t* const __restrict pkey) - { - constexpr size_t n = 32; - constexpr uint32_t h = 68; - constexpr uint32_t d = 17; - constexpr size_t w = 16; - constexpr auto r = sphincs_hashing::variant::simple; - - sphincs_inner::keygen(sk_seed, sk_prf, pk_seed, skey, pkey); - } - - void sphincs_shake_128s_robust_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 16; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr uint32_t a = 12; - constexpr uint32_t k = 14; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_128s_simple_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 16; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr uint32_t a = 12; - constexpr uint32_t k = 14; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_128f_robust_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 16; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr uint32_t a = 6; - constexpr uint32_t k = 33; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_128f_simple_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 16; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr uint32_t a = 6; - constexpr uint32_t k = 33; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_192s_robust_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 24; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr uint32_t a = 14; - constexpr uint32_t k = 17; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_192s_simple_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 24; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr uint32_t a = 14; - constexpr uint32_t k = 17; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_192f_robust_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 24; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr uint32_t a = 8; - constexpr uint32_t k = 33; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_192f_simple_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 24; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr uint32_t a = 8; - constexpr uint32_t k = 33; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_256s_robust_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 32; - constexpr uint32_t h = 64; - constexpr uint32_t d = 8; - constexpr uint32_t a = 14; - constexpr uint32_t k = 22; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_256s_simple_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 32; - constexpr uint32_t h = 64; - constexpr uint32_t d = 8; - constexpr uint32_t a = 14; - constexpr uint32_t k = 22; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_256f_robust_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 32; - constexpr uint32_t h = 68; - constexpr uint32_t d = 17; - constexpr uint32_t a = 9; - constexpr uint32_t k = 35; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - void sphincs_shake_256f_simple_sign(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict skey, - const uint8_t* const __restrict rbytes, - uint8_t* const __restrict sig) - { - constexpr size_t n = 32; - constexpr uint32_t h = 68; - constexpr uint32_t d = 17; - constexpr uint32_t a = 9; - constexpr uint32_t k = 35; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - constexpr bool r = true; - - sphincs_inner::sign(msg, mlen, skey, rbytes, sig); - } - - bool sphincs_shake_128s_robust_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 16; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr uint32_t a = 12; - constexpr uint32_t k = 14; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_128s_simple_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 16; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr uint32_t a = 12; - constexpr uint32_t k = 14; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_128f_robust_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 16; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr uint32_t a = 6; - constexpr uint32_t k = 33; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_128f_simple_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 16; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr uint32_t a = 6; - constexpr uint32_t k = 33; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_192s_robust_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 24; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr uint32_t a = 14; - constexpr uint32_t k = 17; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_192s_simple_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 24; - constexpr uint32_t h = 63; - constexpr uint32_t d = 7; - constexpr uint32_t a = 14; - constexpr uint32_t k = 17; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_192f_robust_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 24; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr uint32_t a = 8; - constexpr uint32_t k = 33; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_192f_simple_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 24; - constexpr uint32_t h = 66; - constexpr uint32_t d = 22; - constexpr uint32_t a = 8; - constexpr uint32_t k = 33; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_256s_robust_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 32; - constexpr uint32_t h = 64; - constexpr uint32_t d = 8; - constexpr uint32_t a = 14; - constexpr uint32_t k = 22; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_256s_simple_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 32; - constexpr uint32_t h = 64; - constexpr uint32_t d = 8; - constexpr uint32_t a = 14; - constexpr uint32_t k = 22; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_256f_robust_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 32; - constexpr uint32_t h = 68; - constexpr uint32_t d = 17; - constexpr uint32_t a = 9; - constexpr uint32_t k = 35; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::robust; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } - - bool sphincs_shake_256f_simple_verify(const uint8_t* const __restrict msg, - const size_t mlen, - const uint8_t* const __restrict sig, - const uint8_t* const __restrict pkey) - { - constexpr size_t n = 32; - constexpr uint32_t h = 68; - constexpr uint32_t d = 17; - constexpr uint32_t a = 9; - constexpr uint32_t k = 35; - constexpr size_t w = 16; - constexpr auto v = sphincs_hashing::variant::simple; - - return sphincs_inner::verify(msg, mlen, sig, pkey); - } -}