kris
/
xmss-KAT-generator
1
0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
71 提交
1 分支
488 KiB
 
 
目录树: 998137622a
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '998137622a'
${ noResults }
xmss-KAT-generator/wots.c

153 行
4.3 KiB
原始文件 Blame 文件历史 

  1. #include <stdint.h>

  2. #include "xmss_commons.h"

  3. #include "hash.h"

  4. #include "wots.h"

  5. #include "hash_address.h"

  6. #include "params.h"

  7. 

  8. /**

  9.  * Helper method for pseudorandom key generation

  10.  * Expands an n-byte array into a len*n byte array

  11.  * this is done using PRF

  12.  */

  13. static void expand_seed(const xmss_params *params,

  14.                         unsigned char *outseeds, const unsigned char *inseed)

  15. {

  16.     uint32_t i;

  17.     unsigned char ctr[32];

  18. 

  19.     for (i = 0; i < params->wots_len; i++) {

  20.         to_byte(ctr, i, 32);

  21.         prf(params, outseeds + i*params->n, ctr, inseed, params->n);

  22.     }

  23. }

  24. 

  25. /**

  26.  * Computes the chaining function.

  27.  * out and in have to be n-byte arrays

  28.  *

  29.  * interpretes in as start-th value of the chain

  30.  * addr has to contain the address of the chain

  31.  */

  32. static void gen_chain(const xmss_params *params,

  33.                       unsigned char *out, const unsigned char *in,

  34.                       unsigned int start, unsigned int steps,

  35.                       const unsigned char *pub_seed, uint32_t addr[8])

  36. {

  37.     uint32_t i;

  38. 

  39.     for (i = 0; i < params->n; i++) {

  40.         out[i] = in[i];

  41.     }

  42. 

  43.     for (i = start; i < (start+steps) && i < params->wots_w; i++) {

  44.         set_hash_addr(addr, i);

  45.         hash_f(params, out, out, pub_seed, addr);

  46.     }

  47. }

  48. 

  49. /**

  50.  * base_w algorithm as described in draft.

  51.  */

  52. static void base_w(const xmss_params *params,

  53.                    int *output, const int out_len, const unsigned char *input)

  54. {

  55.     int in = 0;

  56.     int out = 0;

  57.     uint8_t total = 0;

  58.     int bits = 0;

  59.     int i;

  60. 

  61.     for (i = 0; i < out_len; i++) {

  62.         if (bits == 0) {

  63.             total = input[in];

  64.             in++;

  65.             bits += 8;

  66.         }

  67.         bits -= params->wots_log_w;

  68.         output[out] = (total >> bits) & (params->wots_w - 1);

  69.         out++;

  70.     }

  71. }

  72. 

  73. void wots_pkgen(const xmss_params *params,

  74.                 unsigned char *pk, const unsigned char *sk,

  75.                 const unsigned char *pub_seed, uint32_t addr[8])

  76. {

  77.     uint32_t i;

  78. 

  79.     expand_seed(params, pk, sk);

  80.     for (i = 0; i < params->wots_len; i++) {

  81.         set_chain_addr(addr, i);

  82.         gen_chain(params, pk + i*params->n, pk + i*params->n,

  83.                   0, params->wots_w-1, pub_seed, addr);

  84.     }

  85. }

  86. 

  87. 

  88. void wots_sign(const xmss_params *params,

  89.                unsigned char *sig, const unsigned char *msg,

  90.                const unsigned char *sk, const unsigned char *pub_seed,

  91.                uint32_t addr[8])

  92. {

  93.     int basew[params->wots_len];

  94.     int csum = 0;

  95.     unsigned char csum_bytes[((params->wots_len2 * params->wots_log_w) + 7) / 8];

  96.     int csum_basew[params->wots_len2];

  97.     uint32_t i;

  98. 

  99.     base_w(params, basew, params->wots_len1, msg);

  100. 

  101.     for (i = 0; i < params->wots_len1; i++) {

  102.         csum += params->wots_w - 1 - basew[i];

  103.     }

  104. 

  105.     csum = csum << (8 - ((params->wots_len2 * params->wots_log_w) % 8));

  106. 

  107.     to_byte(csum_bytes, csum, ((params->wots_len2 * params->wots_log_w) + 7) / 8);

  108.     base_w(params, csum_basew, params->wots_len2, csum_bytes);

  109. 

  110.     for (i = 0; i < params->wots_len2; i++) {

  111.         basew[params->wots_len1 + i] = csum_basew[i];

  112.     }

  113. 

  114.     expand_seed(params, sig, sk);

  115. 

  116.     for (i = 0; i < params->wots_len; i++) {

  117.         set_chain_addr(addr, i);

  118.         gen_chain(params, sig + i*params->n, sig + i*params->n,

  119.                   0, basew[i], pub_seed, addr);

  120.     }

  121. }

  122. 

  123. void wots_pk_from_sig(const xmss_params *params, unsigned char *pk,

  124.                       const unsigned char *sig, const unsigned char *msg,

  125.                       const unsigned char *pub_seed, uint32_t addr[8])

  126. {

  127.     int basew[params->wots_len];

  128.     int csum = 0;

  129.     unsigned char csum_bytes[((params->wots_len2 * params->wots_log_w) + 7) / 8];

  130.     int csum_basew[params->wots_len2];

  131.     uint32_t i = 0;

  132. 

  133.     base_w(params, basew, params->wots_len1, msg);

  134. 

  135.     for (i=0; i < params->wots_len1; i++) {

  136.         csum += params->wots_w - 1 - basew[i];

  137.     }

  138. 

  139.     csum = csum << (8 - ((params->wots_len2 * params->wots_log_w) % 8));

  140. 

  141.     to_byte(csum_bytes, csum, ((params->wots_len2 * params->wots_log_w) + 7) / 8);

  142.     base_w(params, csum_basew, params->wots_len2, csum_bytes);

  143. 

  144.     for (i = 0; i < params->wots_len2; i++) {

  145.         basew[params->wots_len1 + i] = csum_basew[i];

  146.     }

  147.     for (i=0; i < params->wots_len; i++) {

  148.         set_chain_addr(addr, i);

  149.         gen_chain(params, pk + i*params->n, sig + i*params->n,

  150.                   basew[i], params->wots_w-1-basew[i], pub_seed, addr);

  151.     }

  152. }