Skip to content

Instantly share code, notes, and snippets.

@itzmeanjan

itzmeanjan/sphincs_kat_generation.patch

Created November 28, 2022 11:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c to your computer and use it in GitHub Desktop.
Save itzmeanjan/d483872509b8a1a7c4d6614ec9d43e6c to your computer and use it in GitHub Desktop.
Download ZIP
Git Patch for generating Known Answer Tests ( KATs ) from SPHINCS+ Reference Implementation
Raw
sphincs_kat_generation.patch
diff --git a/ref/Makefile b/ref/Makefile
index a3aabad..24c34e1 100644
--- a/ref/Makefile
+++ b/ref/Makefile
@@ -43,7 +43,7 @@ benchmarks: $(BENCHMARK)
benchmark: $(BENCHMARK:=.exec)
PQCgenKAT_sign: PQCgenKAT_sign.c $(DET_SOURCES) $(DET_HEADERS)
- $(CC) $(CFLAGS) -o $@ $(DET_SOURCES) $< -lcrypto
+ $(CC) $(CFLAGS) -o $@ $(DET_SOURCES) -I/usr/local/opt/openssl@1.1/include -L/usr/local/opt/openssl@1.1/lib $< -lcrypto
test/benchmark: test/benchmark.c test/cycles.c $(SOURCES) $(HEADERS)
$(CC) $(CFLAGS) -o $@ test/cycles.c $(SOURCES) $< $(LDLIBS)
diff --git a/ref/hex_print.h b/ref/hex_print.h
new file mode 100644
index 0000000..7afd872
--- /dev/null
+++ b/ref/hex_print.h
@@ -0,0 +1,9 @@
+#include <stdio.h>
+#include <stdint.h>
+
+inline void to_hex(const uint8_t *const bytes, const size_t blen) {
+ for(size_t i = 0; i < blen; i++) {
+ printf("%.2x", bytes[i]);
+ }
+ printf("\n");
+}
diff --git a/ref/sign.c b/ref/sign.c
index a8e0c3c..596ce35 100644
--- a/ref/sign.c
+++ b/ref/sign.c
@@ -12,6 +12,7 @@
#include "randombytes.h"
#include "utils.h"
#include "merkle.h"
+#include "hex_print.h"
/*
* Returns the length of a secret key, in bytes
@@ -72,6 +73,15 @@ int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
memcpy(pk + SPX_N, sk + 3*SPX_N, SPX_N);
+ printf("sk_seed = ");
+ to_hex(sk, SPX_N);
+ printf("sk_prf = ");
+ to_hex(sk + SPX_N, SPX_N);
+ printf("pk_seed = ");
+ to_hex(sk + 2 * SPX_N, SPX_N);
+ printf("pk_root = ");
+ to_hex(sk + 3 * SPX_N, SPX_N);
+
return 0;
}
@@ -95,6 +105,10 @@ int crypto_sign_keypair(unsigned char *pk, unsigned char *sk)
int crypto_sign_signature(uint8_t *sig, size_t *siglen,
const uint8_t *m, size_t mlen, const uint8_t *sk)
{
+ printf("mlen = %zu\n", mlen);
+ printf("msg = ");
+ to_hex(m, mlen);
+
spx_ctx ctx;
const unsigned char *sk_prf = sk + SPX_N;
@@ -123,6 +137,10 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen,
This can help counter side-channel attacks that would benefit from
getting a large number of traces when the signer uses the same nodes. */
randombytes(optrand, SPX_N);
+
+ printf("opt = ");
+ to_hex(optrand, SPX_N);
+
/* Compute the digest randomization value. */
gen_message_random(sig, sk_prf, optrand, m, mlen, &ctx);
@@ -154,6 +172,10 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen,
*siglen = SPX_BYTES;
+ printf("sig = ");
+ to_hex(sig - *siglen, *siglen);
+ printf("\n");
+
return 0;
}
@itzmeanjan
Copy link
Author

itzmeanjan commented Nov 28, 2022
edited

Steps for generating SPHINCS+-SHAKE-{128,192,256}{s,f}-{robust,simple} Known Answer Tests

Note

Generated KATs are used for ensuring correctness and compatibility of https://github.com/itzmeanjan/sphincs

  • Create working directory
cd
mkdir tmp
cd tmp
  • Clone SPHINCS+ reference implementation
git clone https://github.com/sphincs/sphincsplus.git
git checkout ed15dd78658f63288c7492c00260d86154b84637

Warning

If you don't have openssl development headers and library installed, you have to install so by issuing brew install openssl

  • Clone this gist
git clone https://gist.github.com/d483872509b8a1a7c4d6614ec9d43e6c.git
  • Copy patch file to SPHINCS+ reference implementation directory
cp d483872509b8a1a7c4d6614ec9d43e6c/sphincs_kat_generation.patch sphincsplus/
  • Apply git patch
cd sphincsplus
git apply sphincs_kat_generation.patch
  • Check git status to find out which files were touched during application of patch
git status
  • Generate Known Answer Tests for SPHINCS+-SHAKE-{128,192,256}{s,f}-{robust,simple}
pushd ref

make PQCgenKAT_sign PARAMS=sphincs-shake-128s THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-128s-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-128s THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-128s-simple.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-128f THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-128f-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-128f THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-128f-simple.kat && rm PQCgenKAT_sign


make PQCgenKAT_sign PARAMS=sphincs-shake-192s THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-192s-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-192s THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-192s-simple.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-192f THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-192f-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-192f THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-192f-simple.kat && rm PQCgenKAT_sign

make PQCgenKAT_sign PARAMS=sphincs-shake-256s THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-256s-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-256s THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-256s-simple.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-256f THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-256f-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-256f THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-256f-simple.kat && rm PQCgenKAT_sign

popd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment