kris
/
xmss-KAT-generator
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 Commits
1 Branch
488 KiB
 
 
Tree: 59a4846fbd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '59a4846fbd'
${ noResults }
xmss-KAT-generator/hash.c

155 lines
3.5 KiB
Raw Blame History 

  1. /*

  2. hash.c version 20151120

  3. Andreas Hülsing

  4. Public domain.

  5. */

  6. 

  7. #include "prg.h"

  8. 

  9. #include <stddef.h>

  10. #include <stdio.h>

  11. #include <string.h>

  12. #include <openssl/sha.h>

  13. #include <openssl/hmac.h>

  14. #include <openssl/evp.h>

  15. 

  16. 

  17. #define SET_KEY_BIT(a, b) (a[15] = (a[15] & 253) | ((b << 1) & 2))

  18. #define SET_BLOCK_BIT(a, b) (a[15] = (a[15] & 254) | (b & 1))

  19. 

  20. #define WOTS_SELECT_KEY(a) (a[15] = (a[15] & 254) | 1)

  21. #define WOTS_SELECT_BLOCK(a) (a[15] = (a[15] & 254) | 0)

  22. 

  23. /**

  24.  * Implements PRF_m

  25.  */

  26. int prf_m(unsigned char *out, const unsigned char *in, size_t inlen, const unsigned char *key, unsigned int keylen)

  27. {

  28.   unsigned int length;

  29.   if (keylen == 32) {

  30.     HMAC(EVP_sha256(), key, keylen, in, inlen, out, &length);

  31.     if (length != 32) {

  32.       fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);

  33.     }

  34.     return 0;

  35.   }

  36.   else {

  37.     if (keylen == 64) {

  38.       HMAC(EVP_sha512(), key, keylen, in, inlen, out, &length);

  39.       if (length != 64) {

  40.         fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);

  41.       }

  42.       return 0;

  43.     }

  44.   }

  45.   return 1;

  46. }

  47. 

  48. /*

  49.  * Implemts H_m

  50.  */

  51. int hash_m(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int m)

  52. {

  53.   unsigned int i;

  54.   unsigned char buf[inlen + keylen + m];

  55. 

  56.   if (keylen != m){

  57.     fprintf(stderr, "H_m takes m-bit keys, we got m=%d but a keylength of %d.\n", m, keylen);

  58.     return 1;

  59.   }

  60.   for (i=0; i < m; i++) {

  61.     buf[i] = 0x00;

  62.   }

  63.   for (i=0; i < keylen; i++) {

  64.     buf[m + i] = key[i];

  65.   }

  66.   for (i=0; i < inlen; i++) {

  67.     buf[m + keylen + i] = in[i];

  68.   }

  69. 

  70.   if (m == 32) {

  71.     SHA256(buf, inlen + keylen + m, out);

  72.     return 0;

  73.   }

  74.   else {

  75.     if (m == 64) {

  76.       SHA512(buf, inlen + keylen + m, out);

  77.       return 0;

  78.     }

  79.   }

  80.   return 1;

  81. }

  82. 

  83. /**

  84.  * We assume the left half is in in[0]...in[n-1]

  85.  */

  86. int hash_2n_n(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const unsigned int n)

  87. {

  88. 

  89.   unsigned char buf[4*n];

  90.   unsigned char key[n];

  91.   unsigned char bitmask[2*n];

  92.   unsigned int i;

  93. 

  94.   SET_KEY_BIT(addr, 1);

  95.   SET_BLOCK_BIT(addr, 0);

  96.   prg_with_counter(key, pub_seed, n, addr);

  97.   SET_KEY_BIT(addr, 0);

  98.   // Use MSB order

  99.   prg_with_counter(bitmask, pub_seed, n, addr);

  100.   SET_BLOCK_BIT(addr, 1);

  101.   prg_with_counter(bitmask+n, pub_seed, n, addr);

  102.   for (i = 0; i < n; i++) {

  103.     buf[i] = 0x00;

  104.     buf[n+i] = key[i];

  105.     buf[2*n+i] = in[i] ^ bitmask[i];

  106.     buf[3*n+i] = in[n+i] ^ bitmask[n+i];

  107.   }

  108.   if (n == 32) {

  109.     SHA256(buf, 4*n, out);

  110.     return 0;

  111.   }

  112.   else {

  113.     if (n == 64) {

  114.       SHA512(buf, 4*n, out);

  115.       return 0;

  116.     }

  117.     else {

  118.       fprintf(stderr, "Hash.c:hash_2n_n: Code only supports n=32 or n=64");

  119.       return -1;

  120.     }

  121.   }

  122. }

  123. 

  124. int hash_n_n(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const unsigned int n)

  125. {

  126.   unsigned char buf[3*n];

  127.   unsigned char key[n];

  128.   unsigned char bitmask[n];

  129.   unsigned int i;

  130. 

  131.   WOTS_SELECT_KEY(addr);

  132.   prg_with_counter(key, pub_seed, n, addr);

  133.   WOTS_SELECT_BLOCK(addr);

  134.   prg_with_counter(bitmask, pub_seed, n, addr);

  135.   for (i = 0; i < n; i++) {

  136.     buf[i] = 0x00;

  137.     buf[n+i] = key[i];

  138.     buf[2*n+i] = in[i] ^ bitmask[i];

  139.   }

  140.   if (n == 32) {

  141.     SHA256(buf, 3*n, out);

  142.     return 0;

  143.   }

  144.   else {

  145.     if (n == 64) {

  146.       SHA512(buf, 3*n, out);

  147.       return 0;

  148.     }

  149.     else {

  150.       fprintf(stderr, "Hash.c:hash_n_n: Code only supports n=32 or n=64");

  151.       return -1;

  152.     }

  153.   }

  154. }