kris
/
xmss-KAT-generator
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
42 Revize
1 Větev
488 KiB
 
 
Strom: 1e00c92c18
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „1e00c92c18“
${ noResults }
xmss-KAT-generator/wots.c

153 řádky
3.7 KiB
Surový Blame Historie 

  1. /*

  2. wots.c version 20160722

  3. Andreas Hülsing

  4. Joost Rijneveld

  5. Public domain.

  6. */

  7. 

  8. #include "math.h"

  9. #include "stdio.h"

  10. #include "stdint.h"

  11. #include "xmss_commons.h"

  12. //#include "params.h"

  13. //#include "prg.h"

  14. #include "hash.h"

  15. #include "wots.h"

  16. #include "hash_address.h"

  17. #include "params.h"

  18. 

  19. /**

  20.  * Helper method for pseudorandom key generation

  21.  * Expands an n-byte array into a len*n byte array

  22.  * this is done using PRF

  23.  */

  24. static void expand_seed(unsigned char *outseeds, const unsigned char *inseed)

  25. {

  26.   uint32_t i = 0;

  27.   unsigned char ctr[32];

  28.   for(i = 0; i < XMSS_WOTS_LEN; i++){

  29.     to_byte(ctr, i, 32);

  30.     prf(outseeds + i*XMSS_N, ctr, inseed, XMSS_N);

  31.   }

  32. }

  33. 

  34. /**

  35.  * Computes the chaining function.

  36.  * out and in have to be n-byte arrays

  37.  *

  38.  * interpretes in as start-th value of the chain

  39.  * addr has to contain the address of the chain

  40.  */

  41. static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const unsigned char *pub_seed, uint32_t addr[8])

  42. {

  43.   uint32_t i, j;

  44.   for (j = 0; j < XMSS_N; j++)

  45.     out[j] = in[j];

  46. 

  47.   for (i = start; i < (start+steps) && i < XMSS_WOTS_W; i++) {

  48.     setHashADRS(addr, i);

  49.     hash_f(out, out, pub_seed, addr, XMSS_N);

  50.   }

  51. }

  52. 

  53. /**

  54.  * base_w algorithm as described in draft.

  55.  *

  56.  *

  57.  */

  58. static void base_w(int *output, const int out_len, const unsigned char *input)

  59. {

  60.   int in = 0;

  61.   int out = 0;

  62.   uint32_t total = 0;

  63.   int bits = 0;

  64.   int consumed = 0;

  65. 

  66.   for (consumed = 0; consumed < out_len; consumed++) {

  67.     if (bits == 0) {

  68.       total = input[in];

  69.       in++;

  70.       bits += 8;

  71.     }

  72.     bits -= XMSS_WOTS_LOG_W;

  73.     output[out] = (total >> bits) & (XMSS_WOTS_W - 1);

  74.     out++;

  75.   }

  76. }

  77. 

  78. void wots_pkgen(unsigned char *pk, const unsigned char *sk, const unsigned char *pub_seed, uint32_t addr[8])

  79. {

  80.   uint32_t i;

  81.   expand_seed(pk, sk);

  82.   for (i=0; i < XMSS_WOTS_LEN; i++) {

  83.     setChainADRS(addr, i);

  84.     gen_chain(pk+i*XMSS_N, pk+i*XMSS_N, 0, XMSS_WOTS_W-1, pub_seed, addr);

  85.   }

  86. }

  87. 

  88. 

  89. void wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const unsigned char *pub_seed, uint32_t addr[8])

  90. {

  91.   int basew[XMSS_WOTS_LEN];

  92.   int csum = 0;

  93.   uint32_t i = 0;

  94. 

  95.   base_w(basew, XMSS_WOTS_LEN1, msg);

  96. 

  97.   for (i=0; i < XMSS_WOTS_LEN1; i++) {

  98.     csum += XMSS_WOTS_W - 1 - basew[i];

  99.   }

  100. 

  101.   csum = csum << (8 - ((XMSS_WOTS_LEN2 * XMSS_WOTS_LOG_W) % 8));

  102. 

  103.   int len_2_bytes = ((XMSS_WOTS_LEN2 * XMSS_WOTS_LOG_W) + 7) / 8;

  104. 

  105.   unsigned char csum_bytes[len_2_bytes];

  106.   to_byte(csum_bytes, csum, len_2_bytes);

  107. 

  108.   int csum_basew[len_2_bytes / XMSS_WOTS_LOG_W];

  109.   base_w(csum_basew, XMSS_WOTS_LEN2, csum_bytes);

  110. 

  111.   for (i = 0; i < XMSS_WOTS_LEN2; i++) {

  112.     basew[XMSS_WOTS_LEN1 + i] = csum_basew[i];

  113.   }

  114. 

  115.   expand_seed(sig, sk);

  116. 

  117.   for (i = 0; i < XMSS_WOTS_LEN; i++) {

  118.     setChainADRS(addr, i);

  119.     gen_chain(sig+i*XMSS_N, sig+i*XMSS_N, 0, basew[i], pub_seed, addr);

  120.   }

  121. }

  122. 

  123. void wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const unsigned char *pub_seed, uint32_t addr[8])

  124. {

  125.   int basew[XMSS_WOTS_LEN];

  126.   int csum = 0;

  127.   uint32_t i = 0;

  128. 

  129.   base_w(basew, XMSS_WOTS_LEN1, msg);

  130. 

  131.   for (i=0; i < XMSS_WOTS_LEN1; i++) {

  132.     csum += XMSS_WOTS_W - 1 - basew[i];

  133.   }

  134. 

  135.   csum = csum << (8 - ((XMSS_WOTS_LEN2 * XMSS_WOTS_LOG_W) % 8));

  136. 

  137.   int len_2_bytes = ((XMSS_WOTS_LEN2 * XMSS_WOTS_LOG_W) + 7) / 8;

  138. 

  139.   unsigned char csum_bytes[len_2_bytes];

  140.   to_byte(csum_bytes, csum, len_2_bytes);

  141. 

  142.   int csum_basew[len_2_bytes / XMSS_WOTS_LOG_W];

  143.   base_w(csum_basew, XMSS_WOTS_LEN2, csum_bytes);

  144. 

  145.   for (i = 0; i < XMSS_WOTS_LEN2; i++) {

  146.     basew[XMSS_WOTS_LEN1 + i] = csum_basew[i];

  147.   }

  148.   for (i=0; i < XMSS_WOTS_LEN; i++) {

  149.     setChainADRS(addr, i);

  150.     gen_chain(pk+i*XMSS_N, sig+i*XMSS_N, basew[i], XMSS_WOTS_W-1-basew[i], pub_seed, addr);

  151.   }

  152. }