xmss-KAT-generator/prg.c

/*
prg.c version 20150811
Andreas Hülsing
Public domain.
*/
#include "chacha.h"
#include "prg.h"
#include <stdio.h>


const unsigned char zero_nonce[12] = {0};

/**
 * Generates rlen output bytes using ChaCha20 with a zero nonce and counter = 0
 */
void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len)
{  
  CRYPTO_chacha_20_keystream(r, rlen, key, zero_nonce, 0);
}

/**
 * Generates rlen output bytes using ChaCha20.
 * Nonce and counter are set depending on the address addr.
 */
void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len, const unsigned char addr[16])
{
  int i;
  unsigned char nonce[12];
  if(key_len == 32){
    for(i = 0; i < 12; i++)
    {
      nonce[i] = addr[i];
    }
    uint32_t counter;
    counter = (((uint32_t)addr[12]) << 24)|(((uint32_t)addr[13]) << 16)|(((uint32_t)addr[14]) << 8)|addr[15];
    // TODO: Check address handling. Endianess?
    CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
  } 
  else 
  {
    if(key_len == 64)
    {
      for(i = 0; i < 12; i++)
      {
	nonce[i] = addr[i];
      }
      uint32_t counter;
      counter = (((uint32_t)addr[12]) << 24)|(((uint32_t)addr[13]) << 16)|(((uint32_t)addr[14]) << 8)|addr[15];
      // TODO: WRONG! Uses only 32 byte of key. However, does not compile with HMAC-SHA512
      CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
    } else {
      fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");
    }
  }
}
added copyright notes for publishing. Removed unused file. 2015-08-11 11:23:30 +01:00			`/*`
			`prg.c version 20150811`
			`Andreas Hülsing`
			`Public domain.`
			`*/`
Initial commit 2015-08-11 11:08:27 +01:00			`#include "chacha.h"`
			`#include "prg.h"`
Added support for n=m=64 2015-08-12 16:59:29 +01:00			`#include <stdio.h>`

Initial commit 2015-08-11 11:08:27 +01:00
			`const unsigned char zero_nonce[12] = {0};`

			`/**`
			`* Generates rlen output bytes using ChaCha20 with a zero nonce and counter = 0`
			`*/`
Change 'uint' to standard 'unsigned int' 2015-08-12 14:30:01 +01:00			`void prg(unsigned char r, unsigned long long rlen, const unsigned char key, unsigned int key_len)`
Initial commit 2015-08-11 11:08:27 +01:00			`{`
			`CRYPTO_chacha_20_keystream(r, rlen, key, zero_nonce, 0);`
			`}`

			`/**`
			`* Generates rlen output bytes using ChaCha20.`
			`* Nonce and counter are set depending on the address addr.`
			`*/`
Change 'uint' to standard 'unsigned int' 2015-08-12 14:30:01 +01:00			`void prg_with_counter(unsigned char r, unsigned long long rlen, const unsigned char key, unsigned int key_len, const unsigned char addr[16])`
Initial commit 2015-08-11 11:08:27 +01:00			`{`
			`int i;`
			`unsigned char nonce[12];`
Added support for n=m=64 2015-08-12 16:59:29 +01:00			`if(key_len == 32){`
			`for(i = 0; i < 12; i++)`
			`{`
			`nonce[i] = addr[i];`
			`}`
			`uint32_t counter;`
			`counter = (((uint32_t)addr[12]) << 24)\|(((uint32_t)addr[13]) << 16)\|(((uint32_t)addr[14]) << 8)\|addr[15];`
			`// TODO: Check address handling. Endianess?`
			`CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);`
			`}`
			`else`
Initial commit 2015-08-11 11:08:27 +01:00			`{`
Added support for n=m=64 2015-08-12 16:59:29 +01:00			`if(key_len == 64)`
			`{`
			`for(i = 0; i < 12; i++)`
			`{`
			`nonce[i] = addr[i];`
			`}`
			`uint32_t counter;`
			`counter = (((uint32_t)addr[12]) << 24)\|(((uint32_t)addr[13]) << 16)\|(((uint32_t)addr[14]) << 8)\|addr[15];`
			`// TODO: WRONG! Uses only 32 byte of key. However, does not compile with HMAC-SHA512`
			`CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);`
			`} else {`
			`fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");`
			`}`
Initial commit 2015-08-11 11:08:27 +01:00			`}`
			`}`