kris/xmss-KAT-generator
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added support for n=m=64

Browse Source
This commit is contained in:
Andreas 2015-08-12 17:59:29 +02:00
parent 481cc106b6
commit 136f10dae0
7 changed files with 62 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@ -22,8 +22,7 @@ test/test_xmssmt: chacha.c hash.c prg.c randombytes.c wots.c xmss.c xmss_commons
clean: clean:
-rm *.o *.s -rm *.o *.s
-rm test/test_sign -rm test/test_chacha
-rm test/test_wots -rm test/test_wots
-rm test/test_horst -rm test/test_xmss
-rm test/speed -rm test/test_xmssmt
-rm test/gen_testvectors

40
hash.c
View File

@ -93,10 +93,7 @@ int hash_m(unsigned char *out,const unsigned char *in,unsigned long long inlen,c
*/ */
int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n) int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
{ {
if(n != 32){
fprintf(stderr, "Hash.c:hash_2n_n: Current implementation does not support n != 32, yet.\n");
return -1;
}
unsigned char buf[4*n]; unsigned char buf[4*n];
unsigned char key[n]; unsigned char key[n];
unsigned char bitmask[2*n]; unsigned char bitmask[2*n];
@ -104,12 +101,12 @@ int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *p
SET_KEY_BIT(addr,1); SET_KEY_BIT(addr,1);
SET_BLOCK_BIT(addr,0); SET_BLOCK_BIT(addr,0);
prg_with_counter(key, n, pub_seed, 32, addr); prg_with_counter(key, n, pub_seed, n, addr);
SET_KEY_BIT(addr,0); SET_KEY_BIT(addr,0);
// Use MSB order // Use MSB order
prg_with_counter(bitmask, n, pub_seed, 32, addr); prg_with_counter(bitmask, n, pub_seed, n, addr);
SET_BLOCK_BIT(addr,1); SET_BLOCK_BIT(addr,1);
prg_with_counter(bitmask+n, n, pub_seed, 32, addr); prg_with_counter(bitmask+n, n, pub_seed, n, addr);
for(i=0;i<n;i++) for(i=0;i<n;i++)
{ {
buf[i] = 0x00; buf[i] = 0x00;
@ -117,32 +114,47 @@ int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *p
buf[2*n+i] = in[i] ^ bitmask[i]; buf[2*n+i] = in[i] ^ bitmask[i];
buf[3*n+i] = in[n+i] ^ bitmask[n+i]; buf[3*n+i] = in[n+i] ^ bitmask[n+i];
} }
if(n==32){
SHA256(buf,4*n,out); SHA256(buf,4*n,out);
return 0; return 0;
} else {
if(n==64){
SHA512(buf,4*n,out);
return 0;
} else {
fprintf(stderr, "Hash.c:hash_2n_n: Code only supports n=32 or n=64");
return -1;
}
}
} }
int hash_n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n) int hash_n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
{ {
if(n != 32){
fprintf(stderr, "Hash.c:hash_n_n: Current implementation does not support n != 32, yet.\n");
return -1;
}
unsigned char buf[3*n]; unsigned char buf[3*n];
unsigned char key[n]; unsigned char key[n];
unsigned char bitmask[n]; unsigned char bitmask[n];
int i; int i;
WOTS_SELECT_KEY(addr); WOTS_SELECT_KEY(addr);
prg_with_counter(key, n, pub_seed, 32, addr); prg_with_counter(key, n, pub_seed, n, addr);
WOTS_SELECT_BLOCK(addr); WOTS_SELECT_BLOCK(addr);
prg_with_counter(bitmask, n, pub_seed, 32, addr); prg_with_counter(bitmask, n, pub_seed, n, addr);
for(i=0;i<n;i++) for(i=0;i<n;i++)
{ {
buf[i] = 0x00; buf[i] = 0x00;
buf[n+i] = key[i]; buf[n+i] = key[i];
buf[2*n+i] = in[i] ^ bitmask[i]; buf[2*n+i] = in[i] ^ bitmask[i];
} }
if(n==32){
SHA256(buf,3*n,out); SHA256(buf,3*n,out);
return 0; return 0;
} else {
if(n==64){
SHA512(buf,3*n,out);
return 0;
} else {
fprintf(stderr, "Hash.c:hash_n_n: Code only supports n=32 or n=64");
return -1;
}
}
} }

23
prg.c
View File

@ -3,9 +3,10 @@ prg.c version 20150811
Andreas Hülsing Andreas Hülsing
Public domain. Public domain.
*/ */
#include "chacha.h" #include "chacha.h"
#include "prg.h" #include "prg.h"
#include <stdio.h>
const unsigned char zero_nonce[12] = {0}; const unsigned char zero_nonce[12] = {0};
@ -25,12 +26,30 @@ void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned
{ {
int i; int i;
unsigned char nonce[12]; unsigned char nonce[12];
if(key_len == 32){
for(i = 0; i < 12; i++) for(i = 0; i < 12; i++)
{ {
nonce[i] = addr[i]; nonce[i] = addr[i];
} }
uint32_t counter; uint32_t counter;
counter = (addr[12] << 24)|(addr[13] << 16)|(addr[14] << 8)|addr[15]; counter = (((uint32_t)addr[12]) << 24)|(((uint32_t)addr[13]) << 16)|(((uint32_t)addr[14]) << 8)|addr[15];
// TODO: Check address handling. Endianess? // TODO: Check address handling. Endianess?
CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter); CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
}
else
{
if(key_len == 64)
{
for(i = 0; i < 12; i++)
{
nonce[i] = addr[i];
}
uint32_t counter;
counter = (((uint32_t)addr[12]) << 24)|(((uint32_t)addr[13]) << 16)|(((uint32_t)addr[14]) << 8)|addr[15];
// TODO: WRONG! Uses only 32 byte of key. However, does not compile with HMAC-SHA512
CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
} else {
fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");
}
}
} }

BIN
test/test_chacha
View File

Binary file not shown.

BIN
test/test_wots
View File

Binary file not shown.

BIN
test/test_xmss
View File

Binary file not shown.

4
xmss.c
View File

@ -121,7 +121,7 @@ void xmssmt_set_params(xmssmt_params *params, int m, int n, int h, int d, int w)
params->d = d; params->d = d;
params->m = m; params->m = m;
params->n = n; params->n = n;
params->index_len = ceil(h / 8); params->index_len = (h + 7) / 8;
xmss_params xmss_par; xmss_params xmss_par;
xmss_set_params(&xmss_par, m, n, (h/d), w); xmss_set_params(&xmss_par, m, n, (h/d), w);
params->xmss_par = xmss_par; params->xmss_par = xmss_par;
@ -748,7 +748,7 @@ int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsig
// Extract index // Extract index
for(i = 0; i < idx_len; i++){ for(i = 0; i < idx_len; i++){
idx |= ((unsigned long long)sig_msg[i]) << 8*(idx_len - 1 - i); idx |= ((unsigned long long)sig_msg[i]) << (8*(idx_len - 1 - i));
} }
printf("verify:: idx = %llu\n",idx); printf("verify:: idx = %llu\n",idx);
sig_msg += idx_len; sig_msg += idx_len;