kris
/
xmss-KAT-generator
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
1 Branch
488 KiB
 
 
Tree: 622a9513b1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '622a9513b1'
${ noResults }
xmss-KAT-generator/hash.c

161 lines
3.3 KiB
Raw Blame History 

  1. /*

  2. hash.c version 20151120

  3. Andreas Hülsing

  4. Public domain.

  5. */

  6. 

  7. #include "prg.h"

  8. 

  9. #include <stddef.h>

  10. #include "stdio.h"

  11. #include <openssl/sha.h>

  12. #include <openssl/hmac.h>

  13. #include <openssl/evp.h>

  14. 

  15. 

  16. #define SET_KEY_BIT(a,b) (a[15] = (a[15] & 253) | (b << 1))

  17. #define SET_BLOCK_BIT(a,b) (a[15] = (a[15] & 254) | b)

  18. 

  19. #define WOTS_SELECT_KEY(a) (a[15] = (a[15] & 254) | 1)

  20. #define WOTS_SELECT_BLOCK(a) (a[15] = (a[15] & 254) | 0)

  21. 

  22. /**

  23.  * Implements PRF_m

  24.  */

  25. int prf_m(unsigned char *out, const unsigned char *in, size_t inlen, const unsigned char *key, int keylen)

  26. {

  27.   unsigned int length;

  28.   if (keylen == 32){

  29.     HMAC(EVP_sha256(), key, keylen, in, inlen, out, &length);

  30.     if(length != 32)

  31.     {

  32.       fprintf(stderr, "HMAC outputs %d bytes... That should not happen...",length); 

  33.     }

  34.     return 0;

  35.   }

  36.   else

  37.   {

  38.     if(keylen == 64)

  39.     {

  40.       HMAC(EVP_sha512(), key, keylen, in, inlen, out, &length);

  41.       if(length != 64)

  42.       {

  43. 	fprintf(stderr, "HMAC outputs %d bytes... That should not happen...",length); 

  44.       }

  45.       return 0;

  46.     }

  47.   }

  48.   return 1;

  49. }

  50. 

  51. /*

  52.  * Implemts H_m

  53.  */

  54. int hash_m(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *key, const int keylen, const int m)

  55. {

  56.   if(keylen != m){

  57.     fprintf(stderr, "H_m takes m-bit keys, we got m=%d but a keylength of %d.\n",m,keylen); 

  58.     return 1;

  59.   }

  60.   unsigned long long i;

  61.   unsigned char buf[inlen +keylen+m];

  62.   for(i=0;i<m;i++)

  63.   {

  64.     buf[i] = 0x00;

  65.   }

  66.   for(i=0;i <keylen;i++)

  67.   {

  68.     buf[m+i] = key[i];

  69.   }

  70.   for(i=0;i <inlen;i++)

  71.   {

  72.     buf[m+keylen+i] = in[i];

  73.   }

  74.   

  75.   if(m == 32)

  76.   {  

  77.     SHA256(buf,inlen +keylen+m,out);

  78.     return 0;

  79.   } 

  80.   else

  81.   {

  82.     if(m == 64)

  83.     {

  84.       SHA512(buf,inlen +keylen+m,out);

  85.       return 0;

  86.     }

  87.   }

  88.   return 1;

  89. }

  90. 

  91. /**

  92.  * We assume the left half is in in[0]...in[n-1]

  93.  */

  94. int hash_2n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)

  95. {

  96.   

  97.   unsigned char buf[4*n];

  98.   unsigned char key[n];

  99.   unsigned char bitmask[2*n];

  100.   int i;

  101.   

  102.   SET_KEY_BIT(addr,1);

  103.   SET_BLOCK_BIT(addr,0);

  104.   prg_with_counter(key, pub_seed, n, addr);

  105.   SET_KEY_BIT(addr,0);

  106.   // Use MSB order

  107.   prg_with_counter(bitmask, pub_seed, n, addr);

  108.   SET_BLOCK_BIT(addr,1);

  109.   prg_with_counter(bitmask+n, pub_seed, n, addr);

  110.   for(i=0;i<n;i++)

  111.   {

  112.     buf[i] = 0x00;

  113.     buf[n+i] = key[i];

  114.     buf[2*n+i] = in[i] ^ bitmask[i];

  115.     buf[3*n+i] = in[n+i] ^ bitmask[n+i];

  116.   }

  117.   if(n==32){

  118.     SHA256(buf,4*n,out);

  119.     return 0;

  120.   } else {

  121.     if(n==64){

  122.       SHA512(buf,4*n,out);

  123.       return 0;

  124.     } else {

  125.       fprintf(stderr, "Hash.c:hash_2n_n: Code only supports n=32 or n=64");

  126.       return -1;

  127.     }

  128.   }

  129. }

  130. 

  131. int hash_n_n(unsigned char *out,const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const int n)

  132. { 

  133.   unsigned char buf[3*n];

  134.   unsigned char key[n];

  135.   unsigned char bitmask[n];

  136.   int i;

  137.   

  138.   WOTS_SELECT_KEY(addr);

  139.   prg_with_counter(key, pub_seed, n, addr);

  140.   WOTS_SELECT_BLOCK(addr);

  141.   prg_with_counter(bitmask, pub_seed, n, addr);

  142.   for(i=0;i<n;i++)

  143.   {

  144.     buf[i] = 0x00;

  145.     buf[n+i] = key[i];

  146.     buf[2*n+i] = in[i] ^ bitmask[i];

  147.   }

  148.   if(n==32){

  149.     SHA256(buf,3*n,out);

  150.     return 0;

  151.   } else {

  152.     if(n==64){

  153.       SHA512(buf,3*n,out);

  154.       return 0;

  155.     } else {

  156.       fprintf(stderr, "Hash.c:hash_n_n: Code only supports n=32 or n=64");

  157.       return -1;

  158.     }

  159.   }

  160. }