Added support for n=m=64

2015-08-12 17:59:29 +02:00 · 2015-08-12 17:59:29 +02:00 · 136f10dae0
--- a/7
+++ b/7
@ -22,8 +22,7 @@ test/test_xmssmt: chacha.c hash.c prg.c randombytes.c wots.c xmss.c xmss_commons

 clean:
 	-rm *.o *.s
-	-rm test/test_sign
+	-rm test/test_chacha
 	-rm test/test_wots
-	-rm test/test_horst
-	-rm test/speed
-	-rm test/gen_testvectors
+	-rm test/test_xmss
+	-rm test/test_xmssmt
--- a/hash.c
+++ b/hash.c
@ -93,10 +93,7 @@ int hash_m(unsigned char *out,const unsigned char *in,unsigned long long inlen,c
 */
 int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
 {
-  if(n != 32){ 
-    fprintf(stderr, "Hash.c:hash_2n_n: Current implementation does not support n != 32, yet.\n");
-    return -1;
-  }
+  
  unsigned char buf[4*n];
  unsigned char key[n];
  unsigned char bitmask[2*n];
@ -104,12 +101,12 @@ int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *p
  
  SET_KEY_BIT(addr,1);
  SET_BLOCK_BIT(addr,0);
-  prg_with_counter(key, n, pub_seed, 32, addr);
+  prg_with_counter(key, n, pub_seed, n, addr);
  SET_KEY_BIT(addr,0);
  // Use MSB order
-  prg_with_counter(bitmask, n, pub_seed, 32, addr);
+  prg_with_counter(bitmask, n, pub_seed, n, addr);
  SET_BLOCK_BIT(addr,1);
-  prg_with_counter(bitmask+n, n, pub_seed, 32, addr);
+  prg_with_counter(bitmask+n, n, pub_seed, n, addr);
  for(i=0;i<n;i++)
  {
    buf[i] = 0x00;
@ -117,32 +114,47 @@ int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *p
    buf[2*n+i] = in[i] ^ bitmask[i];
    buf[3*n+i] = in[n+i] ^ bitmask[n+i];
  }
-  SHA256(buf,4*n,out);
-  return 0;
+  if(n==32){
+    SHA256(buf,4*n,out);
+    return 0;
+  } else {
+    if(n==64){
+      SHA512(buf,4*n,out);
+      return 0;
+    } else {
+      fprintf(stderr, "Hash.c:hash_2n_n: Code only supports n=32 or n=64");
+      return -1;
+    }
+  }
 }

 int hash_n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
-{
-  if(n != 32){ 
-    fprintf(stderr, "Hash.c:hash_n_n: Current implementation does not support n != 32, yet.\n");
-    return -1;
-  }
-  
+{ 
  unsigned char buf[3*n];
  unsigned char key[n];
  unsigned char bitmask[n];
  int i;
  
  WOTS_SELECT_KEY(addr);
-  prg_with_counter(key, n, pub_seed, 32, addr);
+  prg_with_counter(key, n, pub_seed, n, addr);
  WOTS_SELECT_BLOCK(addr);
-  prg_with_counter(bitmask, n, pub_seed, 32, addr);
+  prg_with_counter(bitmask, n, pub_seed, n, addr);
  for(i=0;i<n;i++)
  {
    buf[i] = 0x00;
    buf[n+i] = key[i];
    buf[2*n+i] = in[i] ^ bitmask[i];
  }
-  SHA256(buf,3*n,out);
-  return 0;
+  if(n==32){
+    SHA256(buf,3*n,out);
+    return 0;
+  } else {
+    if(n==64){
+      SHA512(buf,3*n,out);
+      return 0;
+    } else {
+      fprintf(stderr, "Hash.c:hash_n_n: Code only supports n=32 or n=64");
+      return -1;
+    }
+  }
 }
--- a/prg.c
+++ b/prg.c
@ -3,9 +3,10 @@ prg.c version 20150811
 Andreas Hülsing
 Public domain.
 */
-
 #include "chacha.h"
 #include "prg.h"
+#include <stdio.h>
+

 const unsigned char zero_nonce[12] = {0};

@ -25,12 +26,30 @@ void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned
 {
  int i;
  unsigned char nonce[12];
-  for(i = 0; i < 12; i++)
+  if(key_len == 32){
+    for(i = 0; i < 12; i++)
+    {
+      nonce[i] = addr[i];
+    }
+    uint32_t counter;
+    counter = (((uint32_t)addr[12]) << 24)|(((uint32_t)addr[13]) << 16)|(((uint32_t)addr[14]) << 8)|addr[15];
+    // TODO: Check address handling. Endianess?
+    CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
+  } 
+  else 
  {
-    nonce[i] = addr[i];
+    if(key_len == 64)
+    {
+      for(i = 0; i < 12; i++)
+      {
+	nonce[i] = addr[i];
+      }
+      uint32_t counter;
+      counter = (((uint32_t)addr[12]) << 24)|(((uint32_t)addr[13]) << 16)|(((uint32_t)addr[14]) << 8)|addr[15];
+      // TODO: WRONG! Uses only 32 byte of key. However, does not compile with HMAC-SHA512
+      CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
+    } else {
+      fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");
+    }
  }
-  uint32_t counter;
-  counter = (addr[12] << 24)|(addr[13] << 16)|(addr[14] << 8)|addr[15];
-  // TODO: Check address handling. Endianess?
-  CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
 }
--- a/test/test_chacha
+++ b/test/test_chacha
--- a/test/test_wots
+++ b/test/test_wots
--- a/test/test_xmss
+++ b/test/test_xmss
--- a/xmss.c
+++ b/xmss.c
@ -121,7 +121,7 @@ void xmssmt_set_params(xmssmt_params *params, int m, int n, int h, int d, int w)
  params->d = d;
  params->m = m;
  params->n = n;
-  params->index_len = ceil(h / 8);
+  params->index_len = (h + 7) / 8;
  xmss_params xmss_par;
  xmss_set_params(&xmss_par, m, n, (h/d), w);
  params->xmss_par = xmss_par;
@ -748,7 +748,7 @@ int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsig
  
  // Extract index
  for(i = 0; i < idx_len; i++){
-    idx |= ((unsigned long long)sig_msg[i]) << 8*(idx_len - 1 - i);
+    idx |= ((unsigned long long)sig_msg[i]) << (8*(idx_len - 1 - i));
  }
  printf("verify:: idx = %llu\n",idx);
  sig_msg += idx_len;