Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.

129 righe
3.6 KiB

  1. #include "hash_address.h"
  2. #include "xmss_commons.h"
  3. #include "params.h"
  4. #include "hash.h"
  5. #include "fips202.h"
  6. #include <stdint.h>
  7. #include <openssl/sha.h>
  8. void addr_to_bytes(unsigned char *bytes, const uint32_t addr[8])
  9. {
  10. int i;
  11. for (i = 0; i < 8; i++) {
  12. ull_to_bytes(bytes + i*4, 4, addr[i]);
  13. }
  14. }
  15. static int core_hash(const xmss_params *params,
  16. unsigned char *out, const unsigned int type,
  17. const unsigned char *key, unsigned int keylen,
  18. const unsigned char *in, unsigned long long inlen, int n)
  19. {
  20. unsigned long long i = 0;
  21. unsigned char buf[inlen + n + keylen];
  22. /* We arrange the input into the hash function to be of the form:
  23. * toByte(X, 32) || KEY || M
  24. */
  25. ull_to_bytes(buf, n, type);
  26. for (i=0; i < keylen; i++) {
  27. buf[i+n] = key[i];
  28. }
  29. for (i=0; i < inlen; i++) {
  30. buf[keylen + n + i] = in[i];
  31. }
  32. if (n == 32 && params->func == XMSS_SHA2) {
  33. SHA256(buf, inlen + keylen + n, out);
  34. }
  35. else if (n == 32 && params->func == XMSS_SHAKE) {
  36. shake128(out, 32, buf, inlen + keylen + n);
  37. }
  38. else if (n == 64 && params->func == XMSS_SHA2) {
  39. SHA512(buf, inlen + keylen + n, out);
  40. }
  41. else if (n == 64 && params->func == XMSS_SHAKE) {
  42. shake256(out, 64, buf, inlen + keylen + n);
  43. }
  44. else {
  45. return 1;
  46. }
  47. return 0;
  48. }
  49. int prf(const xmss_params *params,
  50. unsigned char *out, const unsigned char *in,
  51. const unsigned char *key, unsigned int keylen)
  52. {
  53. return core_hash(params, out, 3, key, keylen, in, 32, keylen);
  54. }
  55. int h_msg(const xmss_params *params,
  56. unsigned char *out,
  57. const unsigned char *in, unsigned long long inlen,
  58. const unsigned char *key, const unsigned int keylen)
  59. {
  60. return core_hash(params, out, 2, key, keylen, in, inlen, params->n);
  61. }
  62. /**
  63. * We assume the left half is in in[0]...in[n-1]
  64. */
  65. int hash_h(const xmss_params *params,
  66. unsigned char *out, const unsigned char *in,
  67. const unsigned char *pub_seed, uint32_t addr[8])
  68. {
  69. unsigned char buf[2*params->n];
  70. unsigned char key[params->n];
  71. unsigned char bitmask[2*params->n];
  72. unsigned char addr_as_bytes[32];
  73. unsigned int i;
  74. /* Generate the n-byte key. */
  75. set_key_and_mask(addr, 0);
  76. addr_to_bytes(addr_as_bytes, addr);
  77. prf(params, key, addr_as_bytes, pub_seed, params->n);
  78. /* Generate the 2n-byte mask. */
  79. set_key_and_mask(addr, 1);
  80. addr_to_bytes(addr_as_bytes, addr);
  81. prf(params, bitmask, addr_as_bytes, pub_seed, params->n);
  82. set_key_and_mask(addr, 2);
  83. addr_to_bytes(addr_as_bytes, addr);
  84. prf(params, bitmask + params->n, addr_as_bytes, pub_seed, params->n);
  85. for (i = 0; i < 2*params->n; i++) {
  86. buf[i] = in[i] ^ bitmask[i];
  87. }
  88. return core_hash(params, out, 1, key, params->n, buf, 2*params->n, params->n);
  89. }
  90. int hash_f(const xmss_params *params,
  91. unsigned char *out, const unsigned char *in,
  92. const unsigned char *pub_seed, uint32_t addr[8])
  93. {
  94. unsigned char buf[params->n];
  95. unsigned char key[params->n];
  96. unsigned char bitmask[params->n];
  97. unsigned char addr_as_bytes[32];
  98. unsigned int i;
  99. set_key_and_mask(addr, 0);
  100. addr_to_bytes(addr_as_bytes, addr);
  101. prf(params, key, addr_as_bytes, pub_seed, params->n);
  102. set_key_and_mask(addr, 1);
  103. addr_to_bytes(addr_as_bytes, addr);
  104. prf(params, bitmask, addr_as_bytes, pub_seed, params->n);
  105. for (i = 0; i < params->n; i++) {
  106. buf[i] = in[i] ^ bitmask[i];
  107. }
  108. return core_hash(params, out, 0, key, params->n, buf, params->n, params->n);
  109. }