kris
/
xmss-KAT-generator
1
0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 Commits
1 Branch
488 KiB
 
 
Tree: c37b9dcfca
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'c37b9dcfca'
${ noResults }
xmss-KAT-generator/prg.c

80 regels
2.2 KiB
Ruw Blame Geschiedenis 

  1. /*

  2. prg.c version 20160210

  3. Andreas Hülsing

  4. Joost Rijneveld

  5. Public domain.

  6. */

  7. #include "chacha.h"

  8. #include "prg.h"

  9. #include <stdio.h>

  10. #include <openssl/sha.h>

  11. #include <openssl/hmac.h>

  12. #include <openssl/evp.h>

  13. 

  14. const unsigned char zero_nonce[12] = {0};

  15. 

  16. /**

  17.  * Generates rlen output bytes using ChaCha20 with a zero nonce and counter = 0

  18.  */

  19. void prg(unsigned char *r, unsigned long long rlen, const unsigned char *key, unsigned int key_len)

  20. {

  21.   if (key_len == 32) {

  22.     CRYPTO_chacha_20_keystream(r, rlen, key, zero_nonce, 0);

  23.   }

  24.   else {

  25.     if (key_len == 64) {

  26.       unsigned long long left = rlen;

  27.       u_int32_t counter = 0;

  28.       unsigned char *c = (unsigned char*)&counter;

  29.       unsigned int length;

  30.       unsigned int i = 0;

  31.       unsigned char tmp[64];

  32.       while (left > 0) {

  33.         HMAC(EVP_sha512(), key, key_len, c , 4, tmp, &length);

  34.         if (length != 64) {

  35.           fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);

  36.         }

  37.         for (i = 0; ((i < length) && (i < left)); i++) {

  38.           r[rlen-left+i] = tmp[i];

  39.         }

  40.         left -= length;

  41.         counter++;

  42.       }

  43.     }

  44.     else {

  45.       fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");

  46.     }

  47.   }

  48. }

  49. 

  50. /**

  51.  * Generates n output bytes using ChaCha20 (n=32) or HMAC-SHA2-512 (n=64).

  52.  *

  53.  * For ChaCha, nonce and counter are set depending on the address addr. For HMAC, addr is used as message.

  54.  */

  55. void prg_with_counter(unsigned char *r, const unsigned char *key, unsigned int n, const unsigned char addr[16])

  56. {

  57.   int i;

  58.   unsigned char nonce[12];

  59.   if (n == 32) {

  60.     for (i = 0; i < 12; i++) {

  61.       nonce[i] = addr[i];

  62.     }

  63.     uint32_t counter;

  64.     counter = (((uint32_t)addr[12]) << 24) | (((uint32_t)addr[13]) << 16) | (((uint32_t)addr[14]) << 8) | addr[15];

  65.     // TODO: Check address handling. Endianess?

  66.     CRYPTO_chacha_20_keystream(r, n, key, nonce, counter);

  67.   }

  68.   else {

  69.     if (n == 64) {

  70.       unsigned int length;

  71.       HMAC(EVP_sha512(), key, n, addr, 16, r, &length);

  72.       if (length != 64) {

  73.         fprintf(stderr, "HMAC outputs %d bytes... That should not happen...", length);

  74.       }

  75.     }

  76.     else {

  77.       fprintf(stderr,"prg.c:: Code only supports 32 byte and 64 byte seeds");

  78.     }

  79.   }

  80. }