Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

136 řádky
3.6 KiB

  1. /*
  2. hash.c version 20160722
  3. Andreas Hülsing
  4. Joost Rijneveld
  5. Public domain.
  6. */
  7. #include "hash_address.h"
  8. #include "xmss_commons.h"
  9. #include "params.h"
  10. #include "hash.h"
  11. #include "fips202.h"
  12. #include <stdint.h>
  13. #include <string.h>
  14. #include <openssl/sha.h>
  15. unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8])
  16. {
  17. #if IS_LITTLE_ENDIAN==1
  18. int i;
  19. for (i = 0; i < 8; i++) {
  20. to_byte(bytes + i*4, addr[i], 4);
  21. }
  22. #else
  23. memcpy(bytes, addr, 32);
  24. #endif
  25. return bytes;
  26. }
  27. static int core_hash(const xmss_params *params,
  28. unsigned char *out, const unsigned int type,
  29. const unsigned char *key, unsigned int keylen,
  30. const unsigned char *in, unsigned long long inlen, int n)
  31. {
  32. unsigned long long i = 0;
  33. unsigned char buf[inlen + n + keylen];
  34. /* Input is of the form (toByte(X, 32) || KEY || M). */
  35. to_byte(buf, type, n);
  36. for (i=0; i < keylen; i++) {
  37. buf[i+n] = key[i];
  38. }
  39. for (i=0; i < inlen; i++) {
  40. buf[keylen + n + i] = in[i];
  41. }
  42. if (n == 32 && params->func == XMSS_SHA2) {
  43. SHA256(buf, inlen + keylen + n, out);
  44. }
  45. else if (n == 32 && params->func == XMSS_SHAKE) {
  46. shake128(out, 32, buf, inlen + keylen + n);
  47. }
  48. else if (n == 64 && params->func == XMSS_SHA2) {
  49. SHA512(buf, inlen + keylen + n, out);
  50. }
  51. else if (n == 64 && params->func == XMSS_SHAKE) {
  52. shake256(out, 64, buf, inlen + keylen + n);
  53. }
  54. else {
  55. return 1;
  56. }
  57. return 0;
  58. }
  59. int prf(const xmss_params *params,
  60. unsigned char *out, const unsigned char *in,
  61. const unsigned char *key, unsigned int keylen)
  62. {
  63. return core_hash(params, out, 3, key, keylen, in, 32, keylen);
  64. }
  65. int h_msg(const xmss_params *params,
  66. unsigned char *out,
  67. const unsigned char *in, unsigned long long inlen,
  68. const unsigned char *key, const unsigned int keylen)
  69. {
  70. return core_hash(params, out, 2, key, keylen, in, inlen, params->n);
  71. }
  72. /**
  73. * We assume the left half is in in[0]...in[n-1]
  74. */
  75. int hash_h(const xmss_params *params,
  76. unsigned char *out, const unsigned char *in,
  77. const unsigned char *pub_seed, uint32_t addr[8])
  78. {
  79. unsigned char buf[2*params->n];
  80. unsigned char key[params->n];
  81. unsigned char bitmask[2*params->n];
  82. unsigned char byte_addr[32];
  83. unsigned int i;
  84. set_key_and_mask(addr, 0);
  85. addr_to_byte(byte_addr, addr);
  86. prf(params, key, byte_addr, pub_seed, params->n);
  87. // Use MSB order
  88. set_key_and_mask(addr, 1);
  89. addr_to_byte(byte_addr, addr);
  90. prf(params, bitmask, byte_addr, pub_seed, params->n);
  91. set_key_and_mask(addr, 2);
  92. addr_to_byte(byte_addr, addr);
  93. prf(params, bitmask+params->n, byte_addr, pub_seed, params->n);
  94. for (i = 0; i < 2*params->n; i++) {
  95. buf[i] = in[i] ^ bitmask[i];
  96. }
  97. return core_hash(params, out, 1, key, params->n, buf, 2*params->n, params->n);
  98. }
  99. int hash_f(const xmss_params *params,
  100. unsigned char *out, const unsigned char *in,
  101. const unsigned char *pub_seed, uint32_t addr[8])
  102. {
  103. unsigned char buf[params->n];
  104. unsigned char key[params->n];
  105. unsigned char bitmask[params->n];
  106. unsigned char byte_addr[32];
  107. unsigned int i;
  108. set_key_and_mask(addr, 0);
  109. addr_to_byte(byte_addr, addr);
  110. prf(params, key, byte_addr, pub_seed, params->n);
  111. set_key_and_mask(addr, 1);
  112. addr_to_byte(byte_addr, addr);
  113. prf(params, bitmask, byte_addr, pub_seed, params->n);
  114. for (i = 0; i < params->n; i++) {
  115. buf[i] = in[i] ^ bitmask[i];
  116. }
  117. return core_hash(params, out, 0, key, params->n, buf, params->n, params->n);
  118. }