diff options
author | Colin Watson <cjwatson@debian.org> | 2018-04-03 08:20:28 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2018-04-03 08:20:28 +0100 |
commit | ed6ae9c1a014a08ff5db3d768f01f2e427eeb476 (patch) | |
tree | 601025e307745d351946c01ab13f419ddb6dae29 /xmss_hash.c | |
parent | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (diff) | |
parent | a0349a1cc4a18967ad1dbff5389bcdf9da098814 (diff) |
Import openssh_7.7p1.orig.tar.gz
Diffstat (limited to 'xmss_hash.c')
-rw-r--r-- | xmss_hash.c | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/xmss_hash.c b/xmss_hash.c new file mode 100644 index 000000000..b9eee7cff --- /dev/null +++ b/xmss_hash.c | |||
@@ -0,0 +1,140 @@ | |||
1 | /* $OpenBSD: xmss_hash.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ | ||
2 | /* | ||
3 | hash.c version 20160722 | ||
4 | Andreas Hülsing | ||
5 | Joost Rijneveld | ||
6 | Public domain. | ||
7 | */ | ||
8 | |||
9 | #include "includes.h" | ||
10 | #ifdef WITH_XMSS | ||
11 | |||
12 | #include "xmss_hash_address.h" | ||
13 | #include "xmss_commons.h" | ||
14 | #include "xmss_hash.h" | ||
15 | |||
16 | #include <stddef.h> | ||
17 | #ifdef HAVE_STDINT_H | ||
18 | #include <stdint.h> | ||
19 | #endif | ||
20 | #include <stdio.h> | ||
21 | #include <string.h> | ||
22 | #include <openssl/sha.h> | ||
23 | #include <openssl/hmac.h> | ||
24 | #include <openssl/evp.h> | ||
25 | |||
26 | int core_hash_SHA2(unsigned char *, const unsigned int, const unsigned char *, | ||
27 | unsigned int, const unsigned char *, unsigned long long, unsigned int); | ||
28 | |||
29 | unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8]){ | ||
30 | #if IS_LITTLE_ENDIAN==1 | ||
31 | int i = 0; | ||
32 | for(i=0;i<8;i++) | ||
33 | to_byte(bytes+i*4, addr[i],4); | ||
34 | return bytes; | ||
35 | #else | ||
36 | memcpy(bytes, addr, 32); | ||
37 | return bytes; | ||
38 | #endif | ||
39 | } | ||
40 | |||
41 | int core_hash_SHA2(unsigned char *out, const unsigned int type, const unsigned char *key, unsigned int keylen, const unsigned char *in, unsigned long long inlen, unsigned int n){ | ||
42 | unsigned long long i = 0; | ||
43 | unsigned char buf[inlen + n + keylen]; | ||
44 | |||
45 | // Input is (toByte(X, 32) || KEY || M) | ||
46 | |||
47 | // set toByte | ||
48 | to_byte(buf, type, n); | ||
49 | |||
50 | for (i=0; i < keylen; i++) { | ||
51 | buf[i+n] = key[i]; | ||
52 | } | ||
53 | |||
54 | for (i=0; i < inlen; i++) { | ||
55 | buf[keylen + n + i] = in[i]; | ||
56 | } | ||
57 | |||
58 | if (n == 32) { | ||
59 | SHA256(buf, inlen + keylen + n, out); | ||
60 | return 0; | ||
61 | } | ||
62 | else { | ||
63 | if (n == 64) { | ||
64 | SHA512(buf, inlen + keylen + n, out); | ||
65 | return 0; | ||
66 | } | ||
67 | } | ||
68 | return 1; | ||
69 | } | ||
70 | |||
71 | /** | ||
72 | * Implements PRF | ||
73 | */ | ||
74 | int prf(unsigned char *out, const unsigned char *in, const unsigned char *key, unsigned int keylen) | ||
75 | { | ||
76 | return core_hash_SHA2(out, 3, key, keylen, in, 32, keylen); | ||
77 | } | ||
78 | |||
79 | /* | ||
80 | * Implemts H_msg | ||
81 | */ | ||
82 | int h_msg(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n) | ||
83 | { | ||
84 | if (keylen != 3*n){ | ||
85 | // H_msg takes 3n-bit keys, but n does not match the keylength of keylen | ||
86 | return -1; | ||
87 | } | ||
88 | return core_hash_SHA2(out, 2, key, keylen, in, inlen, n); | ||
89 | } | ||
90 | |||
91 | /** | ||
92 | * We assume the left half is in in[0]...in[n-1] | ||
93 | */ | ||
94 | int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n) | ||
95 | { | ||
96 | |||
97 | unsigned char buf[2*n]; | ||
98 | unsigned char key[n]; | ||
99 | unsigned char bitmask[2*n]; | ||
100 | unsigned char byte_addr[32]; | ||
101 | unsigned int i; | ||
102 | |||
103 | setKeyAndMask(addr, 0); | ||
104 | addr_to_byte(byte_addr, addr); | ||
105 | prf(key, byte_addr, pub_seed, n); | ||
106 | // Use MSB order | ||
107 | setKeyAndMask(addr, 1); | ||
108 | addr_to_byte(byte_addr, addr); | ||
109 | prf(bitmask, byte_addr, pub_seed, n); | ||
110 | setKeyAndMask(addr, 2); | ||
111 | addr_to_byte(byte_addr, addr); | ||
112 | prf(bitmask+n, byte_addr, pub_seed, n); | ||
113 | for (i = 0; i < 2*n; i++) { | ||
114 | buf[i] = in[i] ^ bitmask[i]; | ||
115 | } | ||
116 | return core_hash_SHA2(out, 1, key, n, buf, 2*n, n); | ||
117 | } | ||
118 | |||
119 | int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n) | ||
120 | { | ||
121 | unsigned char buf[n]; | ||
122 | unsigned char key[n]; | ||
123 | unsigned char bitmask[n]; | ||
124 | unsigned char byte_addr[32]; | ||
125 | unsigned int i; | ||
126 | |||
127 | setKeyAndMask(addr, 0); | ||
128 | addr_to_byte(byte_addr, addr); | ||
129 | prf(key, byte_addr, pub_seed, n); | ||
130 | |||
131 | setKeyAndMask(addr, 1); | ||
132 | addr_to_byte(byte_addr, addr); | ||
133 | prf(bitmask, byte_addr, pub_seed, n); | ||
134 | |||
135 | for (i = 0; i < n; i++) { | ||
136 | buf[i] = in[i] ^ bitmask[i]; | ||
137 | } | ||
138 | return core_hash_SHA2(out, 0, key, n, buf, n, n); | ||
139 | } | ||
140 | #endif /* WITH_XMSS */ | ||