kris
/
xmss-KAT-generator
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 Commits
1 Branch
488 KiB
 
 
Tree: c37b9dcfca
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c37b9dcfca'
${ noResults }
xmss-KAT-generator/hash.c

149 lines
3.2 KiB
Raw Blame History 

  1. /*

  2. hash.c version 20160210

  3. Andreas Hülsing

  4. Joost Rijneveld

  5. Public domain.

  6. */

  7. 

  8. #include "prg.h"

  9. #include "hash_address.h"

  10. 

  11. #include <stddef.h>

  12. #include <stdio.h>

  13. #include <string.h>

  14. #include <openssl/sha.h>

  15. #include <openssl/hmac.h>

  16. #include <openssl/evp.h>

  17. 

  18. 

  19. /**

  20.  * Implements PRF_m

  21.  */

  22. int prf_m(unsigned char *out, const unsigned char *in, size_t inlen, const unsigned char *key, unsigned int keylen)

  23. {

  24.   unsigned int length;

  25.   if (keylen == 32) {

  26.     HMAC(EVP_sha256(), key, keylen, in, inlen, out, &length);

  27.     if (length != 32) {

  28.       fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);

  29.     }

  30.     return 0;

  31.   }

  32.   else {

  33.     if (keylen == 64) {

  34.       HMAC(EVP_sha512(), key, keylen, in, inlen, out, &length);

  35.       if (length != 64) {

  36.         fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);

  37.       }

  38.       return 0;

  39.     }

  40.   }

  41.   return 1;

  42. }

  43. 

  44. /*

  45.  * Implemts H_m

  46.  */

  47. int hash_m(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int m)

  48. {

  49.   unsigned int i;

  50.   unsigned char buf[inlen + keylen];

  51. 

  52.   if (keylen != 2*m){

  53.     fprintf(stderr, "H_m takes 2m-bit keys, we got m=%d but a keylength of %d.\n", m, keylen);

  54.     return 1;

  55.   }

  56.   

  57.   for (i=0; i < keylen; i++) {

  58.     buf[i] = key[i];

  59.   }

  60.   for (i=0; i < inlen; i++) {

  61.     buf[keylen + i] = in[i];

  62.   }

  63. 

  64.   if (m == 32) {

  65.     SHA256(buf, inlen + keylen, out);

  66.     return 0;

  67.   }

  68.   else {

  69.     if (m == 64) {

  70.       SHA512(buf, inlen + keylen, out);

  71.       return 0;

  72.     }

  73.   }

  74.   return 1;

  75. }

  76. 

  77. /**

  78.  * We assume the left half is in in[0]...in[n-1]

  79.  */

  80. int hash_2n_n(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const unsigned int n)

  81. {

  82. 

  83.   unsigned char buf[4*n];

  84.   unsigned char key[n];

  85.   unsigned char bitmask[2*n];

  86.   unsigned int i;

  87. 

  88.   SET_KEY_BIT(addr, 1);

  89.   SET_BLOCK_BIT(addr, 0);

  90.   prg_with_counter(key, pub_seed, n, addr);

  91.   SET_KEY_BIT(addr, 0);

  92.   // Use MSB order

  93.   prg_with_counter(bitmask, pub_seed, n, addr);

  94.   SET_BLOCK_BIT(addr, 1);

  95.   prg_with_counter(bitmask+n, pub_seed, n, addr);

  96.   for (i = 0; i < n; i++) {

  97.     buf[i] = 0x00;

  98.     buf[n+i] = key[i];

  99.     buf[2*n+i] = in[i] ^ bitmask[i];

  100.     buf[3*n+i] = in[n+i] ^ bitmask[n+i];

  101.   }

  102.   if (n == 32) {

  103.     SHA256(buf, 4*n, out);

  104.     return 0;

  105.   }

  106.   else {

  107.     if (n == 64) {

  108.       SHA512(buf, 4*n, out);

  109.       return 0;

  110.     }

  111.     else {

  112.       fprintf(stderr, "Hash.c:hash_2n_n: Code only supports n=32 or n=64");

  113.       return -1;

  114.     }

  115.   }

  116. }

  117. 

  118. int hash_n_n(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, unsigned char addr[16], const unsigned int n)

  119. {

  120.   unsigned char buf[3*n];

  121.   unsigned char key[n];

  122.   unsigned char bitmask[n];

  123.   unsigned int i;

  124. 

  125.   WOTS_SELECT_KEY(addr);

  126.   prg_with_counter(key, pub_seed, n, addr);

  127.   WOTS_SELECT_BLOCK(addr);

  128.   prg_with_counter(bitmask, pub_seed, n, addr);

  129.   for (i = 0; i < n; i++) {

  130.     buf[i] = 0x00;

  131.     buf[n+i] = key[i];

  132.     buf[2*n+i] = in[i] ^ bitmask[i];

  133.   }

  134.   if (n == 32) {

  135.     SHA256(buf, 3*n, out);

  136.     return 0;

  137.   }

  138.   else {

  139.     if (n == 64) {

  140.       SHA512(buf, 3*n, out);

  141.       return 0;

  142.     }

  143.     else {

  144.       fprintf(stderr, "Hash.c:hash_n_n: Code only supports n=32 or n=64");

  145.       return -1;

  146.     }

  147.   }

  148. }