Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

131 Zeilen
3.1 KiB

  1. /*
  2. hash.c version 20160722
  3. Andreas Hülsing
  4. Joost Rijneveld
  5. Public domain.
  6. */
  7. #include "hash_address.h"
  8. #include "xmss_commons.h"
  9. #include "hash.h"
  10. #include <stddef.h>
  11. #include <stdint.h>
  12. #include <stdio.h>
  13. #include <string.h>
  14. #include <openssl/sha.h>
  15. #include <openssl/hmac.h>
  16. #include <openssl/evp.h>
  17. unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8]){
  18. #if IS_LITTLE_ENDIAN==1
  19. int i = 0;
  20. for(i=0;i<8;i++)
  21. to_byte(bytes+i*4, addr[i],4);
  22. return bytes;
  23. #else
  24. memcpy(bytes, addr, 32);
  25. return bytes;
  26. #endif
  27. }
  28. int core_hash_SHA2(unsigned char *out, const unsigned int type, const unsigned char *key, unsigned int keylen, const unsigned char *in, unsigned long long inlen, unsigned int n){
  29. unsigned long long i = 0;
  30. unsigned char buf[inlen + n + keylen];
  31. // Input is (toByte(X, 32) || KEY || M)
  32. // set toByte
  33. to_byte(buf, type, n);
  34. for (i=0; i < keylen; i++) {
  35. buf[i+n] = key[i];
  36. }
  37. for (i=0; i < inlen; i++) {
  38. buf[keylen + n + i] = in[i];
  39. }
  40. if (n == 32) {
  41. SHA256(buf, inlen + keylen + n, out);
  42. return 0;
  43. }
  44. else {
  45. if (n == 64) {
  46. SHA512(buf, inlen + keylen + n, out);
  47. return 0;
  48. }
  49. }
  50. return 1;
  51. }
  52. /**
  53. * Implements PRF
  54. */
  55. int prf(unsigned char *out, const unsigned char *in, const unsigned char *key, unsigned int keylen)
  56. {
  57. return core_hash_SHA2(out, 3, key, keylen, in, 32, keylen);
  58. }
  59. /*
  60. * Implemts H_msg
  61. */
  62. int h_msg(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n)
  63. {
  64. if (keylen != 3*n){
  65. fprintf(stderr, "H_msg takes 3n-bit keys, we got n=%d but a keylength of %d.\n", n, keylen);
  66. return 1;
  67. }
  68. return core_hash_SHA2(out, 2, key, keylen, in, inlen, n);
  69. }
  70. /**
  71. * We assume the left half is in in[0]...in[n-1]
  72. */
  73. int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
  74. {
  75. unsigned char buf[2*n];
  76. unsigned char key[n];
  77. unsigned char bitmask[2*n];
  78. unsigned char byte_addr[32];
  79. unsigned int i;
  80. setKeyAndMask(addr, 0);
  81. addr_to_byte(byte_addr, addr);
  82. prf(key, byte_addr, pub_seed, n);
  83. // Use MSB order
  84. setKeyAndMask(addr, 1);
  85. addr_to_byte(byte_addr, addr);
  86. prf(bitmask, byte_addr, pub_seed, n);
  87. setKeyAndMask(addr, 2);
  88. addr_to_byte(byte_addr, addr);
  89. prf(bitmask+n, byte_addr, pub_seed, n);
  90. for (i = 0; i < 2*n; i++) {
  91. buf[i] = in[i] ^ bitmask[i];
  92. }
  93. return core_hash_SHA2(out, 1, key, n, buf, 2*n, n);
  94. }
  95. int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
  96. {
  97. unsigned char buf[n];
  98. unsigned char key[n];
  99. unsigned char bitmask[n];
  100. unsigned char byte_addr[32];
  101. unsigned int i;
  102. setKeyAndMask(addr, 0);
  103. addr_to_byte(byte_addr, addr);
  104. prf(key, byte_addr, pub_seed, n);
  105. setKeyAndMask(addr, 1);
  106. addr_to_byte(byte_addr, addr);
  107. prf(bitmask, byte_addr, pub_seed, n);
  108. for (i = 0; i < n; i++) {
  109. buf[i] = in[i] ^ bitmask[i];
  110. }
  111. return core_hash_SHA2(out, 0, key, n, buf, n, n);
  112. }