kris
/
xmss-KAT-generator
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
1 Branch
488 KiB
 
 
Tree: 622a9513b1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '622a9513b1'
${ noResults }
xmss-KAT-generator/prg.c

87 lines
2.1 KiB
Raw Blame History 

  1. /*

  2. prg.c version 20151120

  3. Andreas Hülsing

  4. Public domain.

  5. */

  6. #include "chacha.h"

  7. #include "prg.h"

  8. #include <stdio.h>

  9. #include <openssl/sha.h>

  10. #include <openssl/hmac.h>

  11. #include <openssl/evp.h>

  12. 

  13. const unsigned char zero_nonce[12] = {0};

  14. 

  15. /**

  16.  * Generates rlen output bytes using ChaCha20 with a zero nonce and counter = 0

  17.  */

  18. void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len)

  19. {  

  20.   if(key_len == 32){

  21.     CRYPTO_chacha_20_keystream(r, rlen, key, zero_nonce, 0);

  22.   }

  23.   else

  24.   {

  25.     if(key_len == 64)

  26.     {

  27.       unsigned long long left = rlen;

  28.       u_int32_t counter = 0;

  29.       unsigned char *c = (unsigned char*)&counter;

  30.       unsigned int length;

  31.       unsigned int i = 0; 

  32.       unsigned char tmp[64];

  33.       while(left > 0)

  34.       {

  35. 	HMAC(EVP_sha512(), key, key_len, c , 4, tmp, &length);

  36. 	if(length != 64)

  37. 	  {

  38. 	    fprintf(stderr, "HMAC outputs %d bytes... That should not happen...",length); 

  39. 	  }

  40. 	for(i = 0; ((i < length) && (i < left));i++)

  41. 	{

  42. 	  r[rlen-left+i] = tmp[i];

  43. 	}

  44. 	left -=length;

  45. 	counter++;

  46.       }

  47.     }

  48.     else {

  49.       fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");

  50.     }

  51.   }

  52. }

  53. 

  54. /**

  55.  * Generates n output bytes using ChaCha20 (n=32) or HMAC-SHA2-512 (n=64).

  56.  * 

  57.  * For ChaCha, nonce and counter are set depending on the address addr. For HMAC, addr is used as message.

  58.  */

  59. void prg_with_counter(unsigned char *r, const unsigned char *key, unsigned int n, const unsigned char addr[16])

  60. {

  61.   int i;

  62.   unsigned char nonce[12];

  63.   if(n == 32){

  64.     for(i = 0; i < 12; i++)

  65.     {

  66.       nonce[i] = addr[i];

  67.     }

  68.     uint32_t counter;

  69.     counter = (((uint32_t)addr[12]) << 24)|(((uint32_t)addr[13]) << 16)|(((uint32_t)addr[14]) << 8)|addr[15];

  70.     // TODO: Check address handling. Endianess?

  71.     CRYPTO_chacha_20_keystream(r, n, key, nonce, counter);

  72.   } 

  73.   else 

  74.   {

  75.     if(n == 64)

  76.     {

  77.       unsigned int length;

  78.       HMAC(EVP_sha512(), key, n, addr, 16, r, &length);

  79.       if(length != 64)

  80.       {

  81. 	fprintf(stderr, "HMAC outputs %d bytes... That should not happen...",length); 

  82.       }

  83.     } else {

  84.       fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");

  85.     }

  86.   }

  87. }