1 files changed, 140 insertions, 0 deletions
diff --git a/xmss_hash.c b/xmss_hash.c
new file mode 100644
index 000000000..b9eee7cff
--- /dev/null
+++ b/xmss_hash.c
@@ -0,0 +1,140 @@
+/* $OpenBSD: xmss_hash.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */
+/*
+hash.c version 20160722
+Andreas Hülsing
+Joost Rijneveld
+Public domain.
+*/
+#include "includes.h"
+#ifdef WITH_XMSS
+#include "xmss_hash_address.h"
+#include "xmss_commons.h"
+#include "xmss_hash.h"
+#include <stddef.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+#include <openssl/evp.h>
+int core_hash_SHA2(unsigned char *, const unsigned int, const unsigned char *,
+    unsigned int, const unsigned char *, unsigned long long, unsigned int);
+unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8]){
+#if IS_LITTLE_ENDIAN==1 
+  int i = 0;
+  for(i=0;i<8;i++)
+    to_byte(bytes+i*4, addr[i],4);
+  return bytes;  
+#else
+  memcpy(bytes, addr, 32);
+  return bytes; 
+#endif   
+}
+int core_hash_SHA2(unsigned char *out, const unsigned int type, const unsigned char *key, unsigned int keylen, const unsigned char *in, unsigned long long inlen, unsigned int n){  
+  unsigned long long i = 0;
+  unsigned char buf[inlen + n + keylen];
+  
+  // Input is (toByte(X, 32) || KEY || M) 
+  
+  // set toByte
+  to_byte(buf, type, n);
+  
+  for (i=0; i < keylen; i++) {
+    buf[i+n] = key[i];
+  }
+  
+  for (i=0; i < inlen; i++) {
+    buf[keylen + n + i] = in[i];
+  }
+  if (n == 32) {
+    SHA256(buf, inlen + keylen + n, out);
+    return 0;
+  }
+  else {
+    if (n == 64) {
+      SHA512(buf, inlen + keylen + n, out);
+      return 0;
+    }
+  }
+  return 1;
+}
+/**
+ * Implements PRF
+ */
+int prf(unsigned char *out, const unsigned char *in, const unsigned char *key, unsigned int keylen)
+{ 
+  return core_hash_SHA2(out, 3, key, keylen, in, 32, keylen);
+}
+/*
+ * Implemts H_msg
+ */
+int h_msg(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n)
+{
+  if (keylen != 3*n){
+    // H_msg takes 3n-bit keys, but n does not match the keylength of keylen
+    return -1;
+  }  
+  return core_hash_SHA2(out, 2, key, keylen, in, inlen, n);
+}
+/**
+ * We assume the left half is in in[0]...in[n-1]
+ */
+int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
+{
+  unsigned char buf[2*n];
+  unsigned char key[n];
+  unsigned char bitmask[2*n];
+  unsigned char byte_addr[32];
+  unsigned int i;
+  setKeyAndMask(addr, 0);
+  addr_to_byte(byte_addr, addr);
+  prf(key, byte_addr, pub_seed, n);
+  // Use MSB order
+  setKeyAndMask(addr, 1);
+  addr_to_byte(byte_addr, addr);
+  prf(bitmask, byte_addr, pub_seed, n);
+  setKeyAndMask(addr, 2);
+  addr_to_byte(byte_addr, addr);
+  prf(bitmask+n, byte_addr, pub_seed, n);
+  for (i = 0; i < 2*n; i++) {
+    buf[i] = in[i] ^ bitmask[i];
+  }
+  return core_hash_SHA2(out, 1, key, n, buf, 2*n, n);
+}
+int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
+{
+  unsigned char buf[n];
+  unsigned char key[n];
+  unsigned char bitmask[n];
+  unsigned char byte_addr[32];
+  unsigned int i;
+  setKeyAndMask(addr, 0);  
+  addr_to_byte(byte_addr, addr);  
+  prf(key, byte_addr, pub_seed, n);
+  
+  setKeyAndMask(addr, 1);
+  addr_to_byte(byte_addr, addr);
+  prf(bitmask, byte_addr, pub_seed, n);
+  
+  for (i = 0; i < n; i++) {
+    buf[i] = in[i] ^ bitmask[i];
+  }
+  return core_hash_SHA2(out, 0, key, n, buf, n, n);
+}
+#endif /* WITH_XMSS */

diff --git a/xmss_hash.c b/xmss_hash.c new file mode 100644 index 000000000..b9eee7cff --- /dev/null +++ b/xmss_hash.c
@@ -0,0 +1,140 @@
	1	/* $OpenBSD: xmss_hash.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */
	2	/*
	3	hash.c version 20160722
	4	Andreas Hülsing
	5	Joost Rijneveld
	6	Public domain.
	7	*/
	8
	9	#include "includes.h"
	10	#ifdef WITH_XMSS
	11
	12	#include "xmss_hash_address.h"
	13	#include "xmss_commons.h"
	14	#include "xmss_hash.h"
	15
	16	#include <stddef.h>
	17	#ifdef HAVE_STDINT_H
	18	#include <stdint.h>
	19	#endif
	20	#include <stdio.h>
	21	#include <string.h>
	22	#include <openssl/sha.h>
	23	#include <openssl/hmac.h>
	24	#include <openssl/evp.h>
	25
	26	int core_hash_SHA2(unsigned char , const unsigned int, const unsigned char ,
	27	unsigned int, const unsigned char *, unsigned long long, unsigned int);
	28
	29	unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8]){
	30	#if IS_LITTLE_ENDIAN==1
	31	int i = 0;
	32	for(i=0;i<8;i++)
	33	to_byte(bytes+i*4, addr[i],4);
	34	return bytes;
	35	#else
	36	memcpy(bytes, addr, 32);
	37	return bytes;
	38	#endif
	39	}
	40
	41	int core_hash_SHA2(unsigned char out, const unsigned int type, const unsigned char key, unsigned int keylen, const unsigned char *in, unsigned long long inlen, unsigned int n){
	42	unsigned long long i = 0;
	43	unsigned char buf[inlen + n + keylen];
	44
	45	// Input is (toByte(X, 32) \|\| KEY \|\| M)
	46
	47	// set toByte
	48	to_byte(buf, type, n);
	49
	50	for (i=0; i < keylen; i++) {
	51	buf[i+n] = key[i];
	52	}
	53
	54	for (i=0; i < inlen; i++) {
	55	buf[keylen + n + i] = in[i];
	56	}
	57
	58	if (n == 32) {
	59	SHA256(buf, inlen + keylen + n, out);
	60	return 0;
	61	}
	62	else {
	63	if (n == 64) {
	64	SHA512(buf, inlen + keylen + n, out);
	65	return 0;
	66	}
	67	}
	68	return 1;
	69	}
	70
	71	/**
	72	* Implements PRF
	73	*/
	74	int prf(unsigned char out, const unsigned char in, const unsigned char *key, unsigned int keylen)
	75	{
	76	return core_hash_SHA2(out, 3, key, keylen, in, 32, keylen);
	77	}
	78
	79	/*
	80	* Implemts H_msg
	81	*/
	82	int h_msg(unsigned char out, const unsigned char in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n)
	83	{
	84	if (keylen != 3*n){
	85	// H_msg takes 3n-bit keys, but n does not match the keylength of keylen
	86	return -1;
	87	}
	88	return core_hash_SHA2(out, 2, key, keylen, in, inlen, n);
	89	}
	90
	91	/**
	92	* We assume the left half is in in[0]...in[n-1]
	93	*/
	94	int hash_h(unsigned char out, const unsigned char in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
	95	{
	96
	97	unsigned char buf[2*n];
	98	unsigned char key[n];
	99	unsigned char bitmask[2*n];
	100	unsigned char byte_addr[32];
	101	unsigned int i;
	102
	103	setKeyAndMask(addr, 0);
	104	addr_to_byte(byte_addr, addr);
	105	prf(key, byte_addr, pub_seed, n);
	106	// Use MSB order
	107	setKeyAndMask(addr, 1);
	108	addr_to_byte(byte_addr, addr);
	109	prf(bitmask, byte_addr, pub_seed, n);
	110	setKeyAndMask(addr, 2);
	111	addr_to_byte(byte_addr, addr);
	112	prf(bitmask+n, byte_addr, pub_seed, n);
	113	for (i = 0; i < 2*n; i++) {
	114	buf[i] = in[i] ^ bitmask[i];
	115	}
	116	return core_hash_SHA2(out, 1, key, n, buf, 2*n, n);
	117	}
	118
	119	int hash_f(unsigned char out, const unsigned char in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n)
	120	{
	121	unsigned char buf[n];
	122	unsigned char key[n];
	123	unsigned char bitmask[n];
	124	unsigned char byte_addr[32];
	125	unsigned int i;
	126
	127	setKeyAndMask(addr, 0);
	128	addr_to_byte(byte_addr, addr);
	129	prf(key, byte_addr, pub_seed, n);
	130
	131	setKeyAndMask(addr, 1);
	132	addr_to_byte(byte_addr, addr);
	133	prf(bitmask, byte_addr, pub_seed, n);
	134
	135	for (i = 0; i < n; i++) {
	136	buf[i] = in[i] ^ bitmask[i];
	137	}
	138	return core_hash_SHA2(out, 0, key, n, buf, n, n);
	139	}
	140	#endif /* WITH_XMSS */