Added support for n=m=64
This commit is contained in:
parent
481cc106b6
commit
136f10dae0
7
Makefile
7
Makefile
@ -22,8 +22,7 @@ test/test_xmssmt: chacha.c hash.c prg.c randombytes.c wots.c xmss.c xmss_commons
|
|||||||
|
|
||||||
clean:
|
clean:
|
||||||
-rm *.o *.s
|
-rm *.o *.s
|
||||||
-rm test/test_sign
|
-rm test/test_chacha
|
||||||
-rm test/test_wots
|
-rm test/test_wots
|
||||||
-rm test/test_horst
|
-rm test/test_xmss
|
||||||
-rm test/speed
|
-rm test/test_xmssmt
|
||||||
-rm test/gen_testvectors
|
|
48
hash.c
48
hash.c
@ -93,10 +93,7 @@ int hash_m(unsigned char *out,const unsigned char *in,unsigned long long inlen,c
|
|||||||
*/
|
*/
|
||||||
int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
|
int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
|
||||||
{
|
{
|
||||||
if(n != 32){
|
|
||||||
fprintf(stderr, "Hash.c:hash_2n_n: Current implementation does not support n != 32, yet.\n");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
unsigned char buf[4*n];
|
unsigned char buf[4*n];
|
||||||
unsigned char key[n];
|
unsigned char key[n];
|
||||||
unsigned char bitmask[2*n];
|
unsigned char bitmask[2*n];
|
||||||
@ -104,12 +101,12 @@ int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *p
|
|||||||
|
|
||||||
SET_KEY_BIT(addr,1);
|
SET_KEY_BIT(addr,1);
|
||||||
SET_BLOCK_BIT(addr,0);
|
SET_BLOCK_BIT(addr,0);
|
||||||
prg_with_counter(key, n, pub_seed, 32, addr);
|
prg_with_counter(key, n, pub_seed, n, addr);
|
||||||
SET_KEY_BIT(addr,0);
|
SET_KEY_BIT(addr,0);
|
||||||
// Use MSB order
|
// Use MSB order
|
||||||
prg_with_counter(bitmask, n, pub_seed, 32, addr);
|
prg_with_counter(bitmask, n, pub_seed, n, addr);
|
||||||
SET_BLOCK_BIT(addr,1);
|
SET_BLOCK_BIT(addr,1);
|
||||||
prg_with_counter(bitmask+n, n, pub_seed, 32, addr);
|
prg_with_counter(bitmask+n, n, pub_seed, n, addr);
|
||||||
for(i=0;i<n;i++)
|
for(i=0;i<n;i++)
|
||||||
{
|
{
|
||||||
buf[i] = 0x00;
|
buf[i] = 0x00;
|
||||||
@ -117,32 +114,47 @@ int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *p
|
|||||||
buf[2*n+i] = in[i] ^ bitmask[i];
|
buf[2*n+i] = in[i] ^ bitmask[i];
|
||||||
buf[3*n+i] = in[n+i] ^ bitmask[n+i];
|
buf[3*n+i] = in[n+i] ^ bitmask[n+i];
|
||||||
}
|
}
|
||||||
SHA256(buf,4*n,out);
|
if(n==32){
|
||||||
return 0;
|
SHA256(buf,4*n,out);
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
if(n==64){
|
||||||
|
SHA512(buf,4*n,out);
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
fprintf(stderr, "Hash.c:hash_2n_n: Code only supports n=32 or n=64");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int hash_n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
|
int hash_n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)
|
||||||
{
|
{
|
||||||
if(n != 32){
|
|
||||||
fprintf(stderr, "Hash.c:hash_n_n: Current implementation does not support n != 32, yet.\n");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned char buf[3*n];
|
unsigned char buf[3*n];
|
||||||
unsigned char key[n];
|
unsigned char key[n];
|
||||||
unsigned char bitmask[n];
|
unsigned char bitmask[n];
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
WOTS_SELECT_KEY(addr);
|
WOTS_SELECT_KEY(addr);
|
||||||
prg_with_counter(key, n, pub_seed, 32, addr);
|
prg_with_counter(key, n, pub_seed, n, addr);
|
||||||
WOTS_SELECT_BLOCK(addr);
|
WOTS_SELECT_BLOCK(addr);
|
||||||
prg_with_counter(bitmask, n, pub_seed, 32, addr);
|
prg_with_counter(bitmask, n, pub_seed, n, addr);
|
||||||
for(i=0;i<n;i++)
|
for(i=0;i<n;i++)
|
||||||
{
|
{
|
||||||
buf[i] = 0x00;
|
buf[i] = 0x00;
|
||||||
buf[n+i] = key[i];
|
buf[n+i] = key[i];
|
||||||
buf[2*n+i] = in[i] ^ bitmask[i];
|
buf[2*n+i] = in[i] ^ bitmask[i];
|
||||||
}
|
}
|
||||||
SHA256(buf,3*n,out);
|
if(n==32){
|
||||||
return 0;
|
SHA256(buf,3*n,out);
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
if(n==64){
|
||||||
|
SHA512(buf,3*n,out);
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
fprintf(stderr, "Hash.c:hash_n_n: Code only supports n=32 or n=64");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
35
prg.c
35
prg.c
@ -3,9 +3,10 @@ prg.c version 20150811
|
|||||||
Andreas Hülsing
|
Andreas Hülsing
|
||||||
Public domain.
|
Public domain.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "chacha.h"
|
#include "chacha.h"
|
||||||
#include "prg.h"
|
#include "prg.h"
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
|
||||||
const unsigned char zero_nonce[12] = {0};
|
const unsigned char zero_nonce[12] = {0};
|
||||||
|
|
||||||
@ -25,12 +26,30 @@ void prg_with_counter(unsigned char *r, unsigned long long rlen, const unsigned
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
unsigned char nonce[12];
|
unsigned char nonce[12];
|
||||||
for(i = 0; i < 12; i++)
|
if(key_len == 32){
|
||||||
{
|
for(i = 0; i < 12; i++)
|
||||||
nonce[i] = addr[i];
|
{
|
||||||
|
nonce[i] = addr[i];
|
||||||
|
}
|
||||||
|
uint32_t counter;
|
||||||
|
counter = (((uint32_t)addr[12]) << 24)|(((uint32_t)addr[13]) << 16)|(((uint32_t)addr[14]) << 8)|addr[15];
|
||||||
|
// TODO: Check address handling. Endianess?
|
||||||
|
CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(key_len == 64)
|
||||||
|
{
|
||||||
|
for(i = 0; i < 12; i++)
|
||||||
|
{
|
||||||
|
nonce[i] = addr[i];
|
||||||
|
}
|
||||||
|
uint32_t counter;
|
||||||
|
counter = (((uint32_t)addr[12]) << 24)|(((uint32_t)addr[13]) << 16)|(((uint32_t)addr[14]) << 8)|addr[15];
|
||||||
|
// TODO: WRONG! Uses only 32 byte of key. However, does not compile with HMAC-SHA512
|
||||||
|
CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
|
||||||
|
} else {
|
||||||
|
fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
uint32_t counter;
|
|
||||||
counter = (addr[12] << 24)|(addr[13] << 16)|(addr[14] << 8)|addr[15];
|
|
||||||
// TODO: Check address handling. Endianess?
|
|
||||||
CRYPTO_chacha_20_keystream(r, rlen, key, nonce, counter);
|
|
||||||
}
|
}
|
BIN
test/test_chacha
BIN
test/test_chacha
Binary file not shown.
BIN
test/test_wots
BIN
test/test_wots
Binary file not shown.
BIN
test/test_xmss
BIN
test/test_xmss
Binary file not shown.
4
xmss.c
4
xmss.c
@ -121,7 +121,7 @@ void xmssmt_set_params(xmssmt_params *params, int m, int n, int h, int d, int w)
|
|||||||
params->d = d;
|
params->d = d;
|
||||||
params->m = m;
|
params->m = m;
|
||||||
params->n = n;
|
params->n = n;
|
||||||
params->index_len = ceil(h / 8);
|
params->index_len = (h + 7) / 8;
|
||||||
xmss_params xmss_par;
|
xmss_params xmss_par;
|
||||||
xmss_set_params(&xmss_par, m, n, (h/d), w);
|
xmss_set_params(&xmss_par, m, n, (h/d), w);
|
||||||
params->xmss_par = xmss_par;
|
params->xmss_par = xmss_par;
|
||||||
@ -748,7 +748,7 @@ int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsig
|
|||||||
|
|
||||||
// Extract index
|
// Extract index
|
||||||
for(i = 0; i < idx_len; i++){
|
for(i = 0; i < idx_len; i++){
|
||||||
idx |= ((unsigned long long)sig_msg[i]) << 8*(idx_len - 1 - i);
|
idx |= ((unsigned long long)sig_msg[i]) << (8*(idx_len - 1 - i));
|
||||||
}
|
}
|
||||||
printf("verify:: idx = %llu\n",idx);
|
printf("verify:: idx = %llu\n",idx);
|
||||||
sig_msg += idx_len;
|
sig_msg += idx_len;
|
||||||
|
Loading…
Reference in New Issue
Block a user