kris
/
xmss-KAT-generator
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
95 Révisions
1 Branche
488 KiB
 
 
Aborescence: 384b228c58
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '384b228c58'
${ noResults }
xmss-KAT-generator/hash.c

159 lignes
5.0 KiB
Brut Annotations Historique 

  1. #include <stdint.h>

  2. #include <string.h>

  3. #include <openssl/sha.h>

  4. 

  5. #include "hash_address.h"

  6. #include "xmss_commons.h"

  7. #include "params.h"

  8. #include "hash.h"

  9. #include "fips202.h"

  10. 

  11. void addr_to_bytes(unsigned char *bytes, const uint32_t addr[8])

  12. {

  13.     int i;

  14.     for (i = 0; i < 8; i++) {

  15.         ull_to_bytes(bytes + i*4, 4, addr[i]);

  16.     }

  17. }

  18. 

  19. static int core_hash(const xmss_params *params,

  20.                      unsigned char *out, const unsigned int type,

  21.                      const unsigned char *key, unsigned int keylen,

  22.                      const unsigned char *in, unsigned long long inlen, int n)

  23. {

  24.     unsigned char buf[inlen + n + keylen];

  25. 

  26.     /* We arrange the input into the hash function to be of the form:

  27.      *  toByte(X, 32) || KEY || M */

  28.     ull_to_bytes(buf, n, type);

  29.     memcpy(buf + n, key, keylen);

  30.     memcpy(buf + keylen + n, in, inlen);

  31. 

  32.     if (n == 32 && params->func == XMSS_SHA2) {

  33.         SHA256(buf, inlen + keylen + n, out);

  34.     }

  35.     else if (n == 32 && params->func == XMSS_SHAKE) {

  36.         shake128(out, 32, buf, inlen + keylen + n);

  37.     }

  38.     else if (n == 64 && params->func == XMSS_SHA2) {

  39.         SHA512(buf, inlen + keylen + n, out);

  40.     }

  41.     else if (n == 64 && params->func == XMSS_SHAKE) {

  42.         shake256(out, 64, buf, inlen + keylen + n);

  43.     }

  44.     else {

  45.         return 1;

  46.     }

  47.     return 0;

  48. }

  49. 

  50. int prf(const xmss_params *params,

  51.         unsigned char *out, const unsigned char *in,

  52.         const unsigned char *key, unsigned int keylen)

  53. {

  54.     return core_hash(params, out, 3, key, keylen, in, 32, keylen);

  55. }

  56. 

  57. int h_msg(const xmss_params *params,

  58.           unsigned char *out,

  59.           const unsigned char *in, unsigned long long inlen,

  60.           const unsigned char *key, const unsigned int keylen)

  61. {

  62.     return core_hash(params, out, 2, key, keylen, in, inlen, params->n);

  63. }

  64. 

  65. /*

  66.  * Computes the message hash using R, the public root, the index of the leaf

  67.  * node, and the message. Notably, it requires m_with_prefix to have 4*n bytes

  68.  * of space before the message, to use for the prefix. This is necessary to

  69.  * prevent having to move the message around (and thus allocate memory for it).

  70.  */

  71. int hash_message(const xmss_params *params, unsigned char *out,

  72.                  const unsigned char *R, const unsigned char *root,

  73.                  unsigned long long idx,

  74.                  unsigned char *m_with_prefix, unsigned long long mlen)

  75. {

  76.     /* We're creating a hash using input of the form:

  77.        toByte(X, 32) || R || root || index || M */

  78.     ull_to_bytes(m_with_prefix, params->n, 2);

  79.     memcpy(m_with_prefix + params->n, R, params->n);

  80.     memcpy(m_with_prefix + 2 * params->n, root, params->n);

  81.     ull_to_bytes(m_with_prefix + 3 * params->n, params->n, idx);

  82. 

  83.     /* Since the message can be bigger than the stack, this cannot use the

  84.      * core_hash function. */

  85.     if (params->n == 32 && params->func == XMSS_SHA2) {

  86.         SHA256(m_with_prefix, mlen + 4*params->n, out);

  87.     }

  88.     else if (params->n == 32 && params->func == XMSS_SHAKE) {

  89.         shake128(out, 32, m_with_prefix, mlen + 4*params->n);

  90.     }

  91.     else if (params->n == 64 && params->func == XMSS_SHA2) {

  92.         SHA512(m_with_prefix, mlen + 4*params->n, out);

  93.     }

  94.     else if (params->n == 64 && params->func == XMSS_SHAKE) {

  95.         shake256(out, 64, m_with_prefix, mlen + 4*params->n);

  96.     }

  97.     else {

  98.         return 1;

  99.     }

  100.     return 0;

  101. }

  102. 

  103. /**

  104.  * We assume the left half is in in[0]...in[n-1]

  105.  */

  106. int hash_h(const xmss_params *params,

  107.            unsigned char *out, const unsigned char *in,

  108.            const unsigned char *pub_seed, uint32_t addr[8])

  109. {

  110.     unsigned char buf[2*params->n];

  111.     unsigned char key[params->n];

  112.     unsigned char bitmask[2*params->n];

  113.     unsigned char addr_as_bytes[32];

  114.     unsigned int i;

  115. 

  116.     /* Generate the n-byte key. */

  117.     set_key_and_mask(addr, 0);

  118.     addr_to_bytes(addr_as_bytes, addr);

  119.     prf(params, key, addr_as_bytes, pub_seed, params->n);

  120. 

  121.     /* Generate the 2n-byte mask. */

  122.     set_key_and_mask(addr, 1);

  123.     addr_to_bytes(addr_as_bytes, addr);

  124.     prf(params, bitmask, addr_as_bytes, pub_seed, params->n);

  125. 

  126.     set_key_and_mask(addr, 2);

  127.     addr_to_bytes(addr_as_bytes, addr);

  128.     prf(params, bitmask + params->n, addr_as_bytes, pub_seed, params->n);

  129. 

  130.     for (i = 0; i < 2*params->n; i++) {

  131.         buf[i] = in[i] ^ bitmask[i];

  132.     }

  133.     return core_hash(params, out, 1, key, params->n, buf, 2*params->n, params->n);

  134. }

  135. 

  136. int hash_f(const xmss_params *params,

  137.            unsigned char *out, const unsigned char *in,

  138.            const unsigned char *pub_seed, uint32_t addr[8])

  139. {

  140.     unsigned char buf[params->n];

  141.     unsigned char key[params->n];

  142.     unsigned char bitmask[params->n];

  143.     unsigned char addr_as_bytes[32];

  144.     unsigned int i;

  145. 

  146.     set_key_and_mask(addr, 0);

  147.     addr_to_bytes(addr_as_bytes, addr);

  148.     prf(params, key, addr_as_bytes, pub_seed, params->n);

  149. 

  150.     set_key_and_mask(addr, 1);

  151.     addr_to_bytes(addr_as_bytes, addr);

  152.     prf(params, bitmask, addr_as_bytes, pub_seed, params->n);

  153. 

  154.     for (i = 0; i < params->n; i++) {

  155.         buf[i] = in[i] ^ bitmask[i];

  156.     }

  157.     return core_hash(params, out, 0, key, params->n, buf, params->n, params->n);

  158. }