kris
/
xmss-KAT-generator
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
488 KiB
 
 
Tree: 1826fb26ff
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1826fb26ff'
${ noResults }
xmss-KAT-generator/hash.c

144 lines
3.2 KiB
Raw Blame History 

  1. #include "params.h"

  2. #include "prg.h"

  3. 

  4. #include <stddef.h>

  5. #include "stdio.h"

  6. #include <openssl/sha.h>

  7. #include <openssl/hmac.h>

  8. #include <openssl/evp.h>

  9. 

  10. 

  11. #define SET_KEY_BIT(a,b) (a[15] = (a[15] & 253) | (b << 1))

  12. #define SET_BLOCK_BIT(a,b) (a[15] = (a[15] & 254) | b)

  13. 

  14. #define WOTS_SELECT_KEY(a) (a[15] = (a[15] & 253) | 1)

  15. #define WOTS_SELECT_BLOCK(a) (a[15] = (a[15] & 254) | 0)

  16. 

  17. /**

  18.  * Implements PRF_m

  19.  */

  20. int prf_m(unsigned char *out, const unsigned char *in, size_t inlen, const unsigned char *key, int keylen)

  21. {

  22.   unsigned int length;

  23.   if (keylen == 32){

  24.     HMAC(EVP_sha256(), key, keylen, in, inlen, out, &length);

  25.     if(length != 32)

  26.     {

  27.       fprintf(stderr, "HMAC outputs %d bytes... That should not happen...",length); 

  28.     }

  29.     return 0;

  30.   }

  31.   else

  32.   {

  33.     if(keylen == 64)

  34.     {

  35.       HMAC(EVP_sha512(), key, keylen, in, inlen, out, &length);

  36.       if(length != 64)

  37.       {

  38. 	fprintf(stderr, "HMAC outputs %d bytes... That should not happen...",length); 

  39.       }

  40.       return 0;

  41.     }

  42.   }

  43.   return 1;

  44. }

  45. 

  46. /*

  47.  * Implemts H_m

  48.  */

  49. int hash_m(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *key, const int keylen, const int m)

  50. {

  51.   if(keylen != m){

  52.     fprintf(stderr, "H_m takes m-bit keys, we got m=%d but a keylength of %d.\n",m,keylen); 

  53.     return 1;

  54.   }

  55.   unsigned long long i;

  56.   unsigned char buf[inlen +keylen+m];

  57.   for(i=0;i<m;i++)

  58.   {

  59.     buf[i] = 0x00;

  60.   }

  61.   for(i=0;i <keylen;i++)

  62.   {

  63.     buf[m+i] = key[i];

  64.   }

  65.   for(i=0;i <inlen;i++)

  66.   {

  67.     buf[m+keylen+i] = in[i];

  68.   }

  69.   

  70.   if(m == 32)

  71.   {  

  72.     SHA256(buf,inlen +keylen+m,out);

  73.     return 0;

  74.   } 

  75.   else

  76.   {

  77.     if(m == 64)

  78.     {

  79.       SHA512(buf,inlen +keylen+m,out);

  80.       return 0;

  81.     }

  82.   }

  83.   return 1;

  84. }

  85. 

  86. /**

  87.  * We assume the left half is in in[0]...in[n-1]

  88.  */

  89. int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)

  90. {

  91.   if(n != 32){ 

  92.     fprintf(stderr, "Hash.c:hash_2n_n: Current implementation does not support n != 32, yet.\n");

  93.     return -1;

  94.   }

  95.   unsigned char buf[4*n];

  96.   unsigned char key[n];

  97.   unsigned char bitmask[2*n];

  98.   int i;

  99.   

  100.   SET_KEY_BIT(addr,1);

  101.   SET_BLOCK_BIT(addr,0);

  102.   prg_with_counter(key, n, pub_seed, 32, addr);

  103.   SET_KEY_BIT(addr,0);

  104.   // Use MSB order

  105.   prg_with_counter(bitmask, n, pub_seed, 32, addr);

  106.   SET_BLOCK_BIT(addr,1);

  107.   prg_with_counter(bitmask+n, n, pub_seed, 32, addr);

  108.   for(i=0;i<n;i++)

  109.   {

  110.     buf[i] = 0x00;

  111.     buf[n+i] = key[i];

  112.     buf[2*n+i] = in[i] ^ bitmask[i];

  113.     buf[3*n+i] = in[n+i] ^ bitmask[n+i];

  114.   }

  115.   SHA256(buf,4*n,out);

  116.   return 0;

  117. }

  118. 

  119. int hash_n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)

  120. {

  121.   if(n != 32){ 

  122.     fprintf(stderr, "Hash.c:hash_n_n: Current implementation does not support n != 32, yet.\n");

  123.     return -1;

  124.   }

  125.   

  126.   unsigned char buf[3*n];

  127.   unsigned char key[n];

  128.   unsigned char bitmask[n];

  129.   int i;

  130.   

  131.   WOTS_SELECT_KEY(addr);

  132.   prg_with_counter(key, n, pub_seed, 32, addr);

  133.   WOTS_SELECT_BLOCK(addr);

  134.   prg_with_counter(bitmask, n, pub_seed, 32, addr);

  135.   for(i=0;i<n;i++)

  136.   {

  137.     buf[i] = 0x00;

  138.     buf[n+i] = key[i];

  139.     buf[2*n+i] = in[i] ^ bitmask[i];

  140.   }

  141.   SHA256(buf,3*n,out);

  142.   return 0;

  143. }