Git Patch for generating Known Answer Tests ( KATs ) from SPHINCS+ Reference Implementation

sphincs_kat_generation.patch

diff --git a/ref/Makefile b/ref/Makefile
index a3aabad..24c34e1 100644
--- a/ref/Makefile
+++ b/ref/Makefile
@@ -43,7 +43,7 @@ benchmarks: $(BENCHMARK)
 benchmark: $(BENCHMARK:=.exec)
 
 PQCgenKAT_sign: PQCgenKAT_sign.c $(DET_SOURCES) $(DET_HEADERS)
-	$(CC) $(CFLAGS) -o $@ $(DET_SOURCES) $< -lcrypto
+	$(CC) $(CFLAGS) -o $@ $(DET_SOURCES) -I/usr/local/opt/[email protected]/include -L/usr/local/opt/[email protected]/lib $< -lcrypto
 
 test/benchmark: test/benchmark.c test/cycles.c $(SOURCES) $(HEADERS)
 	$(CC) $(CFLAGS) -o $@ test/cycles.c $(SOURCES) $< $(LDLIBS)
diff --git a/ref/hex_print.h b/ref/hex_print.h
new file mode 100644
index 0000000..7afd872
--- /dev/null
+++ b/ref/hex_print.h
@@ -0,0 +1,9 @@
+#include <stdio.h>
+#include <stdint.h>
+
+inline void to_hex(const uint8_t *const bytes, const size_t blen) {
+    for(size_t i = 0; i < blen; i++) {
+        printf("%.2x", bytes[i]);
+    }
+    printf("\n");
+}
diff --git a/ref/sign.c b/ref/sign.c
index a8e0c3c..596ce35 100644
--- a/ref/sign.c
+++ b/ref/sign.c
@@ -12,6 +12,7 @@
 #include "randombytes.h"
 #include "utils.h"
 #include "merkle.h"
+#include "hex_print.h"
 
 /*
  * Returns the length of a secret key, in bytes
@@ -72,6 +73,15 @@ int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
 
     memcpy(pk + SPX_N, sk + 3*SPX_N, SPX_N);
 
+    printf("sk_seed = ");
+    to_hex(sk, SPX_N);
+    printf("sk_prf = ");
+    to_hex(sk + SPX_N, SPX_N);
+    printf("pk_seed = ");
+    to_hex(sk + 2 * SPX_N, SPX_N);
+    printf("pk_root = ");
+    to_hex(sk + 3 * SPX_N, SPX_N);
+
     return 0;
 }
 
@@ -95,6 +105,10 @@ int crypto_sign_keypair(unsigned char *pk, unsigned char *sk)
 int crypto_sign_signature(uint8_t *sig, size_t *siglen,
                           const uint8_t *m, size_t mlen, const uint8_t *sk)
 {
+    printf("mlen = %zu\n", mlen);
+    printf("msg = ");
+    to_hex(m, mlen);
+
     spx_ctx ctx;
 
     const unsigned char *sk_prf = sk + SPX_N;
@@ -123,6 +137,10 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen,
        This can help counter side-channel attacks that would benefit from
        getting a large number of traces when the signer uses the same nodes. */
     randombytes(optrand, SPX_N);
+
+    printf("opt = ");
+    to_hex(optrand, SPX_N);
+
     /* Compute the digest randomization value. */
     gen_message_random(sig, sk_prf, optrand, m, mlen, &ctx);
 
@@ -154,6 +172,10 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen,
 
     *siglen = SPX_BYTES;
 
+    printf("sig = ");
+    to_hex(sig - *siglen, *siglen);
+    printf("\n");
+
     return 0;
 }
 

Steps for generating SPHINCS+-SHAKE-{128,192,256}{s,f}-{robust,simple} Known Answer Tests

Note

Generated KATs are used for ensuring correctness and compatibility of https://github.com/itzmeanjan/sphincs

• Create working directory

cd
mkdir tmp
cd tmp

• Clone SPHINCS+ reference implementation

git clone https://github.com/sphincs/sphincsplus.git
git checkout ed15dd78658f63288c7492c00260d86154b84637

Warning

If you don't have openssl development headers and library installed, you have to install so by issuing brew install openssl

• Clone this gist

git clone https://gist.github.com/d483872509b8a1a7c4d6614ec9d43e6c.git

• Copy patch file to SPHINCS+ reference implementation directory

cp d483872509b8a1a7c4d6614ec9d43e6c/sphincs_kat_generation.patch sphincsplus/

• Apply git patch

cd sphincsplus
git apply sphincs_kat_generation.patch

• Check git status to find out which files were touched during application of patch

git status

• Generate Known Answer Tests for SPHINCS+-SHAKE-{128,192,256}{s,f}-{robust,simple}

pushd ref

make PQCgenKAT_sign PARAMS=sphincs-shake-128s THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-128s-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-128s THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-128s-simple.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-128f THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-128f-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-128f THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-128f-simple.kat && rm PQCgenKAT_sign


make PQCgenKAT_sign PARAMS=sphincs-shake-192s THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-192s-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-192s THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-192s-simple.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-192f THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-192f-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-192f THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-192f-simple.kat && rm PQCgenKAT_sign

make PQCgenKAT_sign PARAMS=sphincs-shake-256s THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-256s-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-256s THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-256s-simple.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-256f THASH=robust && ./PQCgenKAT_sign > ../sphincs-shake-256f-robust.kat && rm PQCgenKAT_sign
make PQCgenKAT_sign PARAMS=sphincs-shake-256f THASH=simple && ./PQCgenKAT_sign > ../sphincs-shake-256f-simple.kat && rm PQCgenKAT_sign

popd