diff --git a/docs/algorithms/sig_stfl/lms.md b/docs/algorithms/sig_stfl/lms.md new file mode 100644 index 0000000000..8357d0a8f6 --- /dev/null +++ b/docs/algorithms/sig_stfl/lms.md @@ -0,0 +1,50 @@ +# LMS + +- **Algorithm type**: Digital signature scheme. +- **Main cryptographic assumption**: hash function second-preimage resistance. +- **Principal submitters**: Scott Fluhrer. +- **Auxiliary submitters**: C Martin, Maurice Hieronymus. +- **Authors' website**: https://www.rfc-editor.org/info/rfc8554 +- **Specification version**: None. +- **Primary Source**: + - **Source**: https://github.com/cisco/hash-sigs + - **Implementation license (SPDX-Identifier)**: MIT + + +## Parameter set summary + +| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) | +|:------------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:| +| LMS_SHA256_H5_W1 | | | 60 | 64 | 8688 | +| LMS_SHA256_H5_W2 | | | 60 | 64 | 4464 | +| LMS_SHA256_H5_W4 | | | 60 | 64 | 2352 | +| LMS_SHA256_H5_W8 | | | 60 | 64 | 1296 | +| LMS_SHA256_H10_W1 | | | 60 | 64 | 8848 | +| LMS_SHA256_H10_W2 | | | 60 | 64 | 4624 | +| LMS_SHA256_H10_W4 | | | 60 | 64 | 2512 | +| LMS_SHA256_H10_W8 | | | 60 | 64 | 1456 | +| LMS_SHA256_H15_W1 | | | 60 | 64 | 9008 | +| LMS_SHA256_H15_W2 | | | 60 | 64 | 4784 | +| LMS_SHA256_H15_W4 | | | 60 | 64 | 2672 | +| LMS_SHA256_H15_W8 | | | 60 | 64 | 1616 | +| LMS_SHA256_H20_W1 | | | 60 | 64 | 9168 | +| LMS_SHA256_H20_W2 | | | 60 | 64 | 4944 | +| LMS_SHA256_H20_W4 | | | 60 | 64 | 2832 | +| LMS_SHA256_H20_W8 | | | 60 | 64 | 1776 | +| LMS_SHA256_H25_W1 | | | 60 | 64 | 9328 | +| LMS_SHA256_H25_W2 | | | 60 | 64 | 5104 | +| LMS_SHA256_H25_W4 | | | 60 | 64 | 2992 | +| LMS_SHA256_H25_W8 | | | 60 | 64 | 1936 | +| LMS_SHA256_H5_W8_H5_W8 | | | 60 | 64 | 2644 | +| LMS_SHA256_H10_W4_H5_W8 | | | 60 | 64 | 2804 | +| LMS_SHA256_H10_W8_H5_W8 | | | 60 | 64 | 3860 | +| LMS_SHA256_H10_W2_H10_W2 | | | 60 | 64 | 9300 | +| LMS_SHA256_H10_W4_H10_W4 | | | 60 | 64 | 5076 | +| LMS_SHA256_H10_W8_H10_W8 | | | 60 | 64 | 2964 | +| LMS_SHA256_H15_W8_H5_W8 | | | 60 | 64 | 2964 | +| LMS_SHA256_H15_W8_H10_W8 | | | 60 | 64 | 3124 | +| LMS_SHA256_H15_W8_H15_W8 | | | 60 | 64 | 3284 | +| LMS_SHA256_H20_W8_H5_W8 | | | 60 | 64 | 3124 | +| LMS_SHA256_H20_W8_H10_W8 | | | 60 | 64 | 3284 | +| LMS_SHA256_H20_W8_H15_W8 | | | 60 | 64 | 3444 | +| LMS_SHA256_H20_W8_H20_W8 | | | 60 | 64 | 3604 | diff --git a/docs/algorithms/sig_stfl/lms.yml b/docs/algorithms/sig_stfl/lms.yml new file mode 100644 index 0000000000..2741a3afea --- /dev/null +++ b/docs/algorithms/sig_stfl/lms.yml @@ -0,0 +1,216 @@ +name: LMS +type: stateful signature +principal-submitters: +- Scott Fluhrer +auxiliary-submitters: +- C Martin +- Maurice Hieronymus + +crypto-assumption: hash function second-preimage resistance +website: https://www.rfc-editor.org/info/rfc8554 +nist-round: +spec-version: +spdx-license-identifier: +primary-upstream: + source: https://github.com/cisco/hash-sigs + spdx-license-identifier: MIT + upstream-ancestors: +parameter-sets: +- name: LMS_SHA256_H5_W1 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 8688 +- name: LMS_SHA256_H5_W2 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 4464 +- name: LMS_SHA256_H5_W4 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 2352 +- name: LMS_SHA256_H5_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 1296 +- name: LMS_SHA256_H10_W1 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 8848 +- name: LMS_SHA256_H10_W2 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 4624 +- name: LMS_SHA256_H10_W4 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 2512 +- name: LMS_SHA256_H10_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 1456 +- name: LMS_SHA256_H15_W1 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 9008 +- name: LMS_SHA256_H15_W2 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 4784 +- name: LMS_SHA256_H15_W4 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 2672 +- name: LMS_SHA256_H15_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 1616 +- name: LMS_SHA256_H20_W1 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 9168 +- name: LMS_SHA256_H20_W2 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 4944 +- name: LMS_SHA256_H20_W4 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 2832 +- name: LMS_SHA256_H20_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 1776 +- name: LMS_SHA256_H25_W1 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 9328 +- name: LMS_SHA256_H25_W2 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 5104 +- name: LMS_SHA256_H25_W4 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 2992 +- name: LMS_SHA256_H25_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 1936 +- name: LMS_SHA256_H5_W8_H5_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 2644 +- name: LMS_SHA256_H10_W4_H5_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 2804 +- name: LMS_SHA256_H10_W8_H5_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 3860 +- name: LMS_SHA256_H10_W2_H10_W2 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 9300 +- name: LMS_SHA256_H10_W4_H10_W4 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 5076 +- name: LMS_SHA256_H10_W8_H10_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 2964 +- name: LMS_SHA256_H15_W8_H5_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 2964 +- name: LMS_SHA256_H15_W8_H10_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 3124 +- name: LMS_SHA256_H15_W8_H15_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 3284 +- name: LMS_SHA256_H20_W8_H5_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 3124 +- name: LMS_SHA256_H20_W8_H10_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 3284 +- name: LMS_SHA256_H20_W8_H15_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 3444 +- name: LMS_SHA256_H20_W8_H20_W8 + claimed-nist-level: + claimed-security: + length-public-key: 60 + length-secret-key: 64 + length-signature: 3604 diff --git a/docs/algorithms/sig_stfl/sig_stfl.md b/docs/algorithms/sig_stfl/sig_stfl.md new file mode 100644 index 0000000000..dfd0403066 --- /dev/null +++ b/docs/algorithms/sig_stfl/sig_stfl.md @@ -0,0 +1,29 @@ + +# **Stateful Hash Based Signatures** + +The security of hash based signatures (HBS) is based on the underlying hash functions on which they are built. +NIST recommendation is that they are suitable for near term use to mitigate against attacks mounted by quantum computers. +While not a general purpose solution, they are useful means to authenticate boot or firmware images. + +**General** + +This package provides full support for a variety of variants for XMSS and LMS. +Key generation, signature generation, and signature verification. +Security of HBS also depends on the management of the state of the secret key. Secret keys can only used once to generate a signature. +Multiple signing with same key can reveal that key to an attacker. +Because of this, NIST recommends that key and signature generation be done in hardware security modules. +Having said that, this library is fully functional for research purposes. Secret keys are incremented after each sign operation. +However, secure storage and lifecycle management of the secret keys are left to applications using this feature. +Secret key storage is easily done by supplying a callback function to the library. This callback is invoked to store the secret key. + + +**Key State Management** + +Application writers have to supply callback functions to store and update secret keys. +After a sign operation the secret key index is advanced and stored. This ensures one-time use of the key. +Signing operations will fail without this callback set because the private key cannot be advanced (to prevent reuse). + +Stateful keys can generate a finite number of signatures. A counter tracks the limit when the key is created and is decremented after each signature is generated. +When the counter is down to 0, signature generation fails. Applications can query the remaining count via an API. + + diff --git a/docs/algorithms/sig_stfl/xmss.md b/docs/algorithms/sig_stfl/xmss.md new file mode 100644 index 0000000000..b78dce983b --- /dev/null +++ b/docs/algorithms/sig_stfl/xmss.md @@ -0,0 +1,44 @@ +# XMSS + +- **Algorithm type**: Digital signature scheme. +- **Main cryptographic assumption**: hash function second-preimage resistance. +- **Principal submitters**: Joost Rijneveld, A. Huelsing, David Cooper, Bas Westerbaan. +- **Authors' website**: https://www.rfc-editor.org/info/rfc8391 +- **Specification version**: None. +- **Primary Source**: + - **Source**: https://github.com/XMSS/xmss-reference + - **Implementation license (SPDX-Identifier)**: Apache-2.0 AND MIT + + +## Parameter set summary + +| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) | +|:----------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:| +| XMSS-SHA2_10_256 | | | 64 | 1373 | 2500 | +| XMSS-SHA2_16_256 | | | 64 | 2093 | 2692 | +| XMSS-SHA2_20_256 | | | 64 | 2573 | 2820 | +| XMSS-SHAKE_10_256 | | | 64 | 1373 | 2500 | +| XMSS-SHAKE_16_256 | | | 64 | 2093 | 2692 | +| XMSS-SHAKE_20_256 | | | 64 | 2573 | 2820 | +| XMSS-SHA2_10_512 | | | 128 | 2653 | 9092 | +| XMSS-SHA2_16_512 | | | 128 | 4045 | 9476 | +| XMSS-SHA2_20_512 | | | 128 | 2653 | 9732 | +| XMSS-SHAKE_10_512 | | | 128 | 2653 | 9092 | +| XMSS-SHAKE_16_512 | | | 128 | 4045 | 9476 | +| XMSS-SHAKE_20_512 | | | 128 | 4973 | 9732 | +| XMSSMT-SHA2_20/2_256 | | | 64 | 5998 | 4963 | +| XMSSMT-SHA2_20/4_256 | | | 64 | 10938 | 9251 | +| XMSSMT-SHA2_40/2_256 | | | 64 | 9600 | 5605 | +| XMSSMT-SHA2_40/4_256 | | | 64 | 15252 | 9893 | +| XMSSMT-SHA2_40/8_256 | | | 64 | 24516 | 18469 | +| XMSSMT-SHA2_60/3_256 | | | 64 | 16629 | 8392 | +| XMSSMT-SHA2_60/6_256 | | | 64 | 24507 | 14824 | +| XMSSMT-SHA2_60/12_256 | | | 64 | 38095 | 27688 | +| XMSSMT-SHAKE_20/2_256 | | | 64 | 5998 | 4963 | +| XMSSMT-SHAKE_20/4_256 | | | 64 | 10938 | 9251 | +| XMSSMT-SHAKE_40/2_256 | | | 64 | 9600 | 5605 | +| XMSSMT-SHAKE_40/4_256 | | | 64 | 15252 | 9893 | +| XMSSMT-SHAKE_40/8_256 | | | 64 | 24516 | 18469 | +| XMSSMT-SHAKE_60/3_256 | | | 64 | 24516 | 8392 | +| XMSSMT-SHAKE_60/6_256 | | | 64 | 24507 | 14824 | +| XMSSMT-SHAKE_60/12_256 | | | 64 | 38095 | 27688 | diff --git a/docs/algorithms/sig_stfl/xmss.yml b/docs/algorithms/sig_stfl/xmss.yml new file mode 100644 index 0000000000..bf57a7eeb8 --- /dev/null +++ b/docs/algorithms/sig_stfl/xmss.yml @@ -0,0 +1,187 @@ +name: XMSS +type: stateful signature +principal-submitters: +- Joost Rijneveld +- A. Huelsing +- David Cooper +- Bas Westerbaan +auxiliary-submitters: + +crypto-assumption: hash function second-preimage resistance +website: https://www.rfc-editor.org/info/rfc8391 +nist-round: +spec-version: +spdx-license-identifier: Apache-2.0 AND MIT +primary-upstream: + source: https://github.com/XMSS/xmss-reference + spdx-license-identifier: Apache-2.0 AND MIT + upstream-ancestors: +parameter-sets: +- name: XMSS-SHA2_10_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 1373 + length-signature: 2500 +- name: XMSS-SHA2_16_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 2093 + length-signature: 2692 +- name: XMSS-SHA2_20_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 2573 + length-signature: 2820 +- name: XMSS-SHAKE_10_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 1373 + length-signature: 2500 +- name: XMSS-SHAKE_16_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 2093 + length-signature: 2692 +- name: XMSS-SHAKE_20_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 2573 + length-signature: 2820 +- name: XMSS-SHA2_10_512 + claimed-nist-level: + claimed-security: + length-public-key: 128 + length-secret-key: 2653 + length-signature: 9092 +- name: XMSS-SHA2_16_512 + claimed-nist-level: + claimed-security: + length-public-key: 128 + length-secret-key: 4045 + length-signature: 9476 +- name: XMSS-SHA2_20_512 + claimed-nist-level: + claimed-security: + length-public-key: 128 + length-secret-key: 2653 + length-signature: 9732 +- name: XMSS-SHAKE_10_512 + claimed-nist-level: + claimed-security: + length-public-key: 128 + length-secret-key: 2653 + length-signature: 9092 +- name: XMSS-SHAKE_16_512 + claimed-nist-level: + claimed-security: + length-public-key: 128 + length-secret-key: 4045 + length-signature: 9476 +- name: XMSS-SHAKE_20_512 + claimed-nist-level: + claimed-security: + length-public-key: 128 + length-secret-key: 4973 + length-signature: 9732 +- name: XMSSMT-SHA2_20/2_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 5998 + length-signature: 4963 +- name: XMSSMT-SHA2_20/4_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 10938 + length-signature: 9251 +- name: XMSSMT-SHA2_40/2_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 9600 + length-signature: 5605 +- name: XMSSMT-SHA2_40/4_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 15252 + length-signature: 9893 +- name: XMSSMT-SHA2_40/8_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 24516 + length-signature: 18469 +- name: XMSSMT-SHA2_60/3_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 16629 + length-signature: 8392 +- name: XMSSMT-SHA2_60/6_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 24507 + length-signature: 14824 +- name: XMSSMT-SHA2_60/12_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 38095 + length-signature: 27688 +- name: XMSSMT-SHAKE_20/2_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 5998 + length-signature: 4963 +- name: XMSSMT-SHAKE_20/4_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 10938 + length-signature: 9251 +- name: XMSSMT-SHAKE_40/2_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 9600 + length-signature: 5605 +- name: XMSSMT-SHAKE_40/4_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 15252 + length-signature: 9893 +- name: XMSSMT-SHAKE_40/8_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 24516 + length-signature: 18469 +- name: XMSSMT-SHAKE_60/3_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 24516 + length-signature: 8392 +- name: XMSSMT-SHAKE_60/6_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 24507 + length-signature: 14824 +- name: XMSSMT-SHAKE_60/12_256 + claimed-nist-level: + claimed-security: + length-public-key: 64 + length-secret-key: 38095 + length-signature: 27688 \ No newline at end of file diff --git a/scripts/update_docs_from_yaml.py b/scripts/update_docs_from_yaml.py index ef152d376a..a07a81c2d0 100644 --- a/scripts/update_docs_from_yaml.py +++ b/scripts/update_docs_from_yaml.py @@ -17,6 +17,7 @@ def file_get_contents(filename, encoding=None): kem_yamls = [] sig_yamls = [] +sig_stfl_yamls = [] ######################################## # Update the KEM markdown documentation. @@ -269,6 +270,66 @@ def do_it(liboqs_root): out_md.write('- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.') + ############################################## + # Update the stateful signature markdown documentation. + ############################################## + for sig_stfl_yaml_path in sorted(glob.glob(os.path.join(liboqs_root, 'docs', 'algorithms', 'sig_stfl', '*.yml'))): + sig_stfl_yaml = load_yaml(sig_stfl_yaml_path) + sig_stfl_yamls.append(sig_stfl_yaml) + sig_stfl_name = os.path.splitext(os.path.basename(sig_stfl_yaml_path))[0] + print('Updating {}/{}.md'.format(os.path.dirname(sig_stfl_yaml_path), sig_stfl_name)) + + with open(os.path.join(liboqs_root, 'docs', 'algorithms', 'sig_stfl', '{}.md'.format(sig_stfl_name)), mode='w', encoding='utf-8') as out_md: + out_md.write('# {}\n\n'.format(sig_stfl_yaml['name'])) + out_md.write('- **Algorithm type**: Digital signature scheme.\n') + out_md.write('- **Main cryptographic assumption**: {}.\n'.format(sig_stfl_yaml['crypto-assumption'])) + out_md.write('- **Principal submitters**: {}.\n'.format(', '.join(sig_stfl_yaml['principal-submitters']))) + if 'auxiliary-submitters' in sig_stfl_yaml and sig_stfl_yaml['auxiliary-submitters']: + out_md.write('- **Auxiliary submitters**: {}.\n'.format(', '.join(sig_stfl_yaml['auxiliary-submitters']))) + out_md.write('- **Authors\' website**: {}\n'.format(sig_stfl_yaml['website'])) + out_md.write('- **Specification version**: {}.\n'.format(sig_stfl_yaml['spec-version'])) + + out_md.write('- **Primary Source**:\n') + out_md.write(' - **Source**: {}\n'.format(sig_stfl_yaml['primary-upstream']['source'])) + out_md.write(' - **Implementation license (SPDX-Identifier)**: {}\n'.format(sig_stfl_yaml['primary-upstream']['spdx-license-identifier'])) + if 'optimized-upstreams' in sig_stfl_yaml: + out_md.write('- **Optimized Implementation sources**: {}\n'.format(sig_stfl_yaml['primary-upstream']['source'])) + for opt_upstream in sig_stfl_yaml['optimized-upstreams']: + out_md.write(' - **{}**:\n'.format(opt_upstream, opt_upstream)) + out_md.write(' - **Source**: {}\n'.format(sig_stfl_yaml['optimized-upstreams'][opt_upstream]['source'])) + out_md.write(' - **Implementation license (SPDX-Identifier)**: {}\n'.format(sig_stfl_yaml['optimized-upstreams'][opt_upstream]['spdx-license-identifier'])) + + if 'upstream-ancestors' in sig_stfl_yaml: + out_md.write(', which takes it from:\n') + for url in sig_stfl_yaml['upstream-ancestors'][:-1]: + out_md.write(' - {}, which takes it from:\n'.format(url)) + out_md.write(' - {}\n'.format(sig_stfl_yaml['upstream-ancestors'][-1])) + else: + out_md.write('\n') + + if 'advisories' in sig_stfl_yaml: + out_md.write('\n## Advisories\n\n') + for advisory in sig_stfl_yaml['advisories']: + out_md.write('- {}\n'.format(advisory)) + + out_md.write('\n## Parameter set summary\n\n') + table = [['Parameter set', + 'Security model', + 'Claimed NIST Level', + 'Public key size (bytes)', + 'Secret key size (bytes)', + 'Signature size (bytes)']] + for parameter_set in sig_stfl_yaml['parameter-sets']: + table.append([parameter_set['name'], + parameter_set['claimed-security'], + parameter_set['claimed-nist-level'], + parameter_set['length-public-key'], + parameter_set['length-secret-key'], + parameter_set['length-signature']]) + out_md.write(tabulate.tabulate(table, tablefmt="pipe", headers="firstrow", colalign=("center",))) + out_md.write('\n') + + #################### # Update the README. diff --git a/src/sig_stfl/lms/external/common_defs.h b/src/sig_stfl/lms/external/common_defs.h index 83739949ee..1c7c85d382 100644 --- a/src/sig_stfl/lms/external/common_defs.h +++ b/src/sig_stfl/lms/external/common_defs.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( COMMON_DEFS_H_ ) #define COMMON_DEFS_H_ diff --git a/src/sig_stfl/lms/external/config.h b/src/sig_stfl/lms/external/config.h index e23d19fa9a..f9549858a9 100644 --- a/src/sig_stfl/lms/external/config.h +++ b/src/sig_stfl/lms/external/config.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( CONFIG_H_ ) #define CONFIG_H_ diff --git a/src/sig_stfl/lms/external/endian.c b/src/sig_stfl/lms/external/endian.c index 0c3c55b0fe..52f8439baf 100644 --- a/src/sig_stfl/lms/external/endian.c +++ b/src/sig_stfl/lms/external/endian.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #include "endian.h" void put_bigendian( void *target, unsigned long long value, size_t bytes ) { diff --git a/src/sig_stfl/lms/external/endian.h b/src/sig_stfl/lms/external/endian.h index a94177ddeb..09b9a609da 100644 --- a/src/sig_stfl/lms/external/endian.h +++ b/src/sig_stfl/lms/external/endian.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( ENDIAN_H_ ) #define ENDIAN_H_ diff --git a/src/sig_stfl/lms/external/hash.c b/src/sig_stfl/lms/external/hash.c index 0fe23ecc62..090dafd66c 100644 --- a/src/sig_stfl/lms/external/hash.c +++ b/src/sig_stfl/lms/external/hash.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #include #include "hash.h" #include "hss_zeroize.h" diff --git a/src/sig_stfl/lms/external/hash.h b/src/sig_stfl/lms/external/hash.h index 8b1891f108..bd42d3f0e9 100644 --- a/src/sig_stfl/lms/external/hash.h +++ b/src/sig_stfl/lms/external/hash.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HASH_H__ ) #define HASH_H__ #include diff --git a/src/sig_stfl/lms/external/hss.c b/src/sig_stfl/lms/external/hss.c index c38455daed..fd5342a982 100644 --- a/src/sig_stfl/lms/external/hss.c +++ b/src/sig_stfl/lms/external/hss.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is an implementation of the HSS signature scheme from LMS * This is designed to be full-featured diff --git a/src/sig_stfl/lms/external/hss.h b/src/sig_stfl/lms/external/hss.h index 5ff8fc5c52..675089ddf0 100644 --- a/src/sig_stfl/lms/external/hss.h +++ b/src/sig_stfl/lms/external/hss.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined(HSS_H_) #define HSS_H_ diff --git a/src/sig_stfl/lms/external/hss_alloc.c b/src/sig_stfl/lms/external/hss_alloc.c index 9e6e7694c1..53eaa762e2 100644 --- a/src/sig_stfl/lms/external/hss_alloc.c +++ b/src/sig_stfl/lms/external/hss_alloc.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code which allocates a working key (and initializes the fields * that are independent of the key) diff --git a/src/sig_stfl/lms/external/hss_aux.c b/src/sig_stfl/lms/external/hss_aux.c index 0d8777386f..a53b73a42b 100644 --- a/src/sig_stfl/lms/external/hss_aux.c +++ b/src/sig_stfl/lms/external/hss_aux.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the implementation of the aux data within the HSS tree */ diff --git a/src/sig_stfl/lms/external/hss_aux.h b/src/sig_stfl/lms/external/hss_aux.h index 02e6677a38..8e5386b5b3 100644 --- a/src/sig_stfl/lms/external/hss_aux.h +++ b/src/sig_stfl/lms/external/hss_aux.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_AUX_H_ ) #define HSS_AUX_H_ diff --git a/src/sig_stfl/lms/external/hss_common.c b/src/sig_stfl/lms/external/hss_common.c index d07261dd26..4c764d6650 100644 --- a/src/sig_stfl/lms/external/hss_common.c +++ b/src/sig_stfl/lms/external/hss_common.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code that is common between an HSS verifier, and a full HSS * implementation that both signs and verifies diff --git a/src/sig_stfl/lms/external/hss_common.h b/src/sig_stfl/lms/external/hss_common.h index a5640d669e..17729a6a97 100644 --- a/src/sig_stfl/lms/external/hss_common.h +++ b/src/sig_stfl/lms/external/hss_common.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_COMMON_H_ ) #define HSS_COMMON_H_ diff --git a/src/sig_stfl/lms/external/hss_compute.c b/src/sig_stfl/lms/external/hss_compute.c index 752a7e2868..f4b1f3c1cd 100644 --- a/src/sig_stfl/lms/external/hss_compute.c +++ b/src/sig_stfl/lms/external/hss_compute.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This includes some computation methods that are shared between different * subsystems of the HSS signature package diff --git a/src/sig_stfl/lms/external/hss_derive.c b/src/sig_stfl/lms/external/hss_derive.c index fc8833594a..d978fc5a66 100644 --- a/src/sig_stfl/lms/external/hss_derive.c +++ b/src/sig_stfl/lms/external/hss_derive.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the file that contains the routines that generate various 'random' * values from the master seed. diff --git a/src/sig_stfl/lms/external/hss_derive.h b/src/sig_stfl/lms/external/hss_derive.h index 57ba4a1bc8..4886ab3f6a 100644 --- a/src/sig_stfl/lms/external/hss_derive.h +++ b/src/sig_stfl/lms/external/hss_derive.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_DERIVE_H_ ) #define HSS_DERIVE_H_ diff --git a/src/sig_stfl/lms/external/hss_generate.c b/src/sig_stfl/lms/external/hss_generate.c index 5d6880c267..28fcc9eaee 100644 --- a/src/sig_stfl/lms/external/hss_generate.c +++ b/src/sig_stfl/lms/external/hss_generate.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the routine that generates the ephemeral ("working") key from the * short private value. It builds all the various current, building and diff --git a/src/sig_stfl/lms/external/hss_internal.h b/src/sig_stfl/lms/external/hss_internal.h index 4e7c53675d..3458e9ef85 100644 --- a/src/sig_stfl/lms/external/hss_internal.h +++ b/src/sig_stfl/lms/external/hss_internal.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_INTERNAL_H_ ) #define HSS_INTERNAL_H_ diff --git a/src/sig_stfl/lms/external/hss_keygen.c b/src/sig_stfl/lms/external/hss_keygen.c index 7a364b3f04..71da413325 100644 --- a/src/sig_stfl/lms/external/hss_keygen.c +++ b/src/sig_stfl/lms/external/hss_keygen.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #include #include #include "common_defs.h" diff --git a/src/sig_stfl/lms/external/hss_param.c b/src/sig_stfl/lms/external/hss_param.c index a1c20ab14c..838f7a8381 100644 --- a/src/sig_stfl/lms/external/hss_param.c +++ b/src/sig_stfl/lms/external/hss_param.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #include #include "hss.h" #include "hss_internal.h" diff --git a/src/sig_stfl/lms/external/hss_reserve.c b/src/sig_stfl/lms/external/hss_reserve.c index 7ef8585560..662df26628 100644 --- a/src/sig_stfl/lms/external/hss_reserve.c +++ b/src/sig_stfl/lms/external/hss_reserve.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #include #include "common_defs.h" #include "hss_internal.h" diff --git a/src/sig_stfl/lms/external/hss_reserve.h b/src/sig_stfl/lms/external/hss_reserve.h index 14f4da3096..d5c8284cf9 100644 --- a/src/sig_stfl/lms/external/hss_reserve.h +++ b/src/sig_stfl/lms/external/hss_reserve.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_RESERVE_H_ ) #define HSS_RESERVE_H_ diff --git a/src/sig_stfl/lms/external/hss_sign.c b/src/sig_stfl/lms/external/hss_sign.c index cbcbdf845b..44e850424e 100644 --- a/src/sig_stfl/lms/external/hss_sign.c +++ b/src/sig_stfl/lms/external/hss_sign.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is an implementation of the HSS signature scheme from LMS * This is the part that actually generates the signature diff --git a/src/sig_stfl/lms/external/hss_sign_inc.c b/src/sig_stfl/lms/external/hss_sign_inc.c index 6890a4a621..72a8a22c91 100644 --- a/src/sig_stfl/lms/external/hss_sign_inc.c +++ b/src/sig_stfl/lms/external/hss_sign_inc.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code that implements the hierarchical part of the LMS hash * based signatures; in this case, incremental signing diff --git a/src/sig_stfl/lms/external/hss_sign_inc.h b/src/sig_stfl/lms/external/hss_sign_inc.h index cf4f25aec6..ddca5ea63e 100644 --- a/src/sig_stfl/lms/external/hss_sign_inc.h +++ b/src/sig_stfl/lms/external/hss_sign_inc.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_SIGN_INC_H_ ) #define HSS_SIGN_INC_H_ #include diff --git a/src/sig_stfl/lms/external/hss_thread.h b/src/sig_stfl/lms/external/hss_thread.h index 0fa48e958c..d2dcd8a3ea 100644 --- a/src/sig_stfl/lms/external/hss_thread.h +++ b/src/sig_stfl/lms/external/hss_thread.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_THREAD_H_ ) #define HSS_THREAD_H_ /* diff --git a/src/sig_stfl/lms/external/hss_thread_pthread.c b/src/sig_stfl/lms/external/hss_thread_pthread.c index b5f64d3764..1ea90cc161 100644 --- a/src/sig_stfl/lms/external/hss_thread_pthread.c +++ b/src/sig_stfl/lms/external/hss_thread_pthread.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #include "hss_thread.h" #include diff --git a/src/sig_stfl/lms/external/hss_thread_single.c b/src/sig_stfl/lms/external/hss_thread_single.c index d844385293..698e2dba6a 100644 --- a/src/sig_stfl/lms/external/hss_thread_single.c +++ b/src/sig_stfl/lms/external/hss_thread_single.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #include "hss_thread.h" #include "config.h" diff --git a/src/sig_stfl/lms/external/hss_verify.c b/src/sig_stfl/lms/external/hss_verify.c index b7f0f8b489..1b993aa9b4 100644 --- a/src/sig_stfl/lms/external/hss_verify.c +++ b/src/sig_stfl/lms/external/hss_verify.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code that implements the hierarchical part of the LMS hash * based signatures diff --git a/src/sig_stfl/lms/external/hss_verify.h b/src/sig_stfl/lms/external/hss_verify.h index 6561ee2a3c..d806900fe4 100644 --- a/src/sig_stfl/lms/external/hss_verify.h +++ b/src/sig_stfl/lms/external/hss_verify.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_VERIFY_H_ ) #define HSS_VERIFY_H_ diff --git a/src/sig_stfl/lms/external/hss_verify_inc.c b/src/sig_stfl/lms/external/hss_verify_inc.c index 4b5cf7e7a1..e12cf5c021 100644 --- a/src/sig_stfl/lms/external/hss_verify_inc.c +++ b/src/sig_stfl/lms/external/hss_verify_inc.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code that implements the hierarchical part of the LMS hash * based signatures; in this case, incremental verification diff --git a/src/sig_stfl/lms/external/hss_verify_inc.h b/src/sig_stfl/lms/external/hss_verify_inc.h index 6c3ec74da1..c09d006e4a 100644 --- a/src/sig_stfl/lms/external/hss_verify_inc.h +++ b/src/sig_stfl/lms/external/hss_verify_inc.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_VERIFY_INC_H_ ) #define HSS_VERIFY_INC_H_ #include diff --git a/src/sig_stfl/lms/external/hss_zeroize.c b/src/sig_stfl/lms/external/hss_zeroize.c index f2bd334903..9c31168069 100644 --- a/src/sig_stfl/lms/external/hss_zeroize.c +++ b/src/sig_stfl/lms/external/hss_zeroize.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #include "hss_zeroize.h" #include diff --git a/src/sig_stfl/lms/external/hss_zeroize.h b/src/sig_stfl/lms/external/hss_zeroize.h index bfe84db155..6571c4233d 100644 --- a/src/sig_stfl/lms/external/hss_zeroize.h +++ b/src/sig_stfl/lms/external/hss_zeroize.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( HSS_ZEROIZE_H_ ) #define HSS_ZEROIZE_H_ diff --git a/src/sig_stfl/lms/external/license.txt b/src/sig_stfl/lms/external/license.txt new file mode 100644 index 0000000000..4e5a9b9b1e --- /dev/null +++ b/src/sig_stfl/lms/external/license.txt @@ -0,0 +1,29 @@ +****************************************************************************** +Copyright (c) 2017 Cisco Systems, Inc. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. +Neither the name of the Cisco Systems, Inc. nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. +****************************************************************************** diff --git a/src/sig_stfl/lms/external/lm_common.c b/src/sig_stfl/lms/external/lm_common.c index 5976f4b589..6f37af627e 100644 --- a/src/sig_stfl/lms/external/lm_common.c +++ b/src/sig_stfl/lms/external/lm_common.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code that implements the tree part of the LMS hash * based signatures diff --git a/src/sig_stfl/lms/external/lm_common.h b/src/sig_stfl/lms/external/lm_common.h index b577c22462..c7197fd5a0 100644 --- a/src/sig_stfl/lms/external/lm_common.h +++ b/src/sig_stfl/lms/external/lm_common.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined(LM_COMMON_H_) #define LM_COMMON_H_ diff --git a/src/sig_stfl/lms/external/lm_ots.h b/src/sig_stfl/lms/external/lm_ots.h index 4e33d9e9fd..f0cc42d11f 100644 --- a/src/sig_stfl/lms/external/lm_ots.h +++ b/src/sig_stfl/lms/external/lm_ots.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( LM_OTS_H_ ) #define LM_OTS_H_ diff --git a/src/sig_stfl/lms/external/lm_ots_common.c b/src/sig_stfl/lms/external/lm_ots_common.c index 45672e18b2..100eff606a 100644 --- a/src/sig_stfl/lms/external/lm_ots_common.c +++ b/src/sig_stfl/lms/external/lm_ots_common.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code that implements the one-time-signature part of the LMS hash * based signatures diff --git a/src/sig_stfl/lms/external/lm_ots_common.h b/src/sig_stfl/lms/external/lm_ots_common.h index fe6faebe98..db25d20999 100644 --- a/src/sig_stfl/lms/external/lm_ots_common.h +++ b/src/sig_stfl/lms/external/lm_ots_common.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( LM_OTS_COMMON_H_ ) #define LM_OTS_COMMON_H_ diff --git a/src/sig_stfl/lms/external/lm_ots_sign.c b/src/sig_stfl/lms/external/lm_ots_sign.c index ee8f56b0a2..7e0950c564 100644 --- a/src/sig_stfl/lms/external/lm_ots_sign.c +++ b/src/sig_stfl/lms/external/lm_ots_sign.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code that implements the one-time-signature part of the LMS hash * based signatures diff --git a/src/sig_stfl/lms/external/lm_ots_verify.c b/src/sig_stfl/lms/external/lm_ots_verify.c index 478f5ffe8d..b6e3980ab7 100644 --- a/src/sig_stfl/lms/external/lm_ots_verify.c +++ b/src/sig_stfl/lms/external/lm_ots_verify.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code that implements the one-time-signature part of the LMS hash * based signatures diff --git a/src/sig_stfl/lms/external/lm_ots_verify.h b/src/sig_stfl/lms/external/lm_ots_verify.h index dcf6551b0f..006ffe23bd 100644 --- a/src/sig_stfl/lms/external/lm_ots_verify.h +++ b/src/sig_stfl/lms/external/lm_ots_verify.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined( LM_OTS_VERIFY_H_ ) #define LM_OTS_VERIFY_H_ diff --git a/src/sig_stfl/lms/external/lm_verify.c b/src/sig_stfl/lms/external/lm_verify.c index 3ec4cb6599..50fa54f475 100644 --- a/src/sig_stfl/lms/external/lm_verify.c +++ b/src/sig_stfl/lms/external/lm_verify.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT /* * This is the code that implements the tree part of the LMS hash * based signatures diff --git a/src/sig_stfl/lms/external/lm_verify.h b/src/sig_stfl/lms/external/lm_verify.h index b7b6b0736d..ff67f51ac8 100644 --- a/src/sig_stfl/lms/external/lm_verify.h +++ b/src/sig_stfl/lms/external/lm_verify.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #if !defined(LM_VERIFY_H_) #define LM_VERIFY_H_ diff --git a/src/sig_stfl/lms/external/lms_namespace.h b/src/sig_stfl/lms/external/lms_namespace.h index c1b8f142ae..099a37c19b 100644 --- a/src/sig_stfl/lms/external/lms_namespace.h +++ b/src/sig_stfl/lms/external/lms_namespace.h @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT #ifndef _LMS_NAMESPACE_H #define _LMS_NAMESPACE_H