Annotation of embedaddon/strongswan/src/libstrongswan/plugins/bliss/bliss_utils.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2014-2016 Andreas Steffen
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "bliss_utils.h"
! 17:
! 18: #include <asn1/asn1.h>
! 19: #include <crypto/hashers/hasher.h>
! 20: #include <crypto/xofs/xof_bitspender.h>
! 21: #include <utils/debug.h>
! 22:
! 23: /**
! 24: * See header.
! 25: */
! 26: int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n)
! 27: {
! 28: int32_t product = 0;
! 29: int i;
! 30:
! 31: for (i = 0; i < n; i++)
! 32: {
! 33: product += x[i] * y[i];
! 34: }
! 35:
! 36: return product;
! 37: }
! 38:
! 39: /**
! 40: * See header.
! 41: */
! 42: void bliss_utils_round_and_drop(const bliss_param_set_t *set,
! 43: int32_t *x, int16_t *xd)
! 44: {
! 45: int32_t factor;
! 46: int i;
! 47:
! 48: factor = 1 << set->d;
! 49:
! 50: for (i = 0; i < set->n; i++)
! 51: {
! 52: xd[i] = ((x[i] + (factor >> 1)) / factor) % set->p;
! 53: }
! 54: }
! 55:
! 56: /**
! 57: * See header.
! 58: */
! 59: bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
! 60: uint16_t *ud, const bliss_param_set_t *set,
! 61: uint16_t *c_indices)
! 62: {
! 63: int i, index_trials = 0, index_found = 0;
! 64: bool index_taken[set->n];
! 65: uint32_t index;
! 66: uint8_t *seed_pos;
! 67: chunk_t seed;
! 68: xof_bitspender_t *bitspender;
! 69:
! 70: seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t));
! 71:
! 72: /* the data hash makes up the first part of the oracle seed */
! 73: memcpy(seed.ptr, data_hash.ptr, data_hash.len);
! 74: seed_pos = seed.ptr + data_hash.len;
! 75:
! 76: /* followed by the n elements of the ud vector in network order */
! 77: for (i = 0; i < set->n; i++)
! 78: {
! 79: htoun16(seed_pos, ud[i]);
! 80: seed_pos += sizeof(uint16_t);
! 81: }
! 82:
! 83: bitspender = xof_bitspender_create(alg, seed, FALSE);
! 84: if (!bitspender)
! 85: {
! 86: return NULL;
! 87: }
! 88:
! 89: for (i = 0; i < set->n; i++)
! 90: {
! 91: index_taken[i] = FALSE;
! 92: }
! 93:
! 94: DBG3(DBG_LIB, " i c_index[i]");
! 95: while (bitspender->get_bits(bitspender, set->n_bits, &index))
! 96: {
! 97: index_trials++;
! 98:
! 99: if (!index_taken[index])
! 100: {
! 101: DBG3(DBG_LIB, "%2u %8u", index_found, index);
! 102: c_indices[index_found++] = index;
! 103: index_taken[index] = TRUE;
! 104:
! 105: if (index_found == set->kappa)
! 106: {
! 107: DBG3(DBG_LIB, "%2d index trials", index_trials);
! 108: bitspender->destroy(bitspender);
! 109: return TRUE;
! 110: }
! 111: }
! 112: }
! 113:
! 114: bitspender->destroy(bitspender);
! 115: return FALSE;
! 116: }
! 117:
! 118: /**
! 119: * See header.
! 120: */
! 121: bool bliss_utils_check_norms(const bliss_param_set_t *set,
! 122: int32_t *z1, int16_t *z2d)
! 123: {
! 124: int32_t z2ds[set->n];
! 125: int32_t z1_min, z1_max, norm;
! 126: int16_t z2d_min, z2d_max;
! 127: int i;
! 128:
! 129: /* some statistics on the values of z1 and z2d */
! 130: z1_min = z1_max = z1[0];
! 131: z2d_min = z2d_max = z2d[0];
! 132:
! 133: for (i = 1; i < set->n; i++)
! 134: {
! 135: if (z1[i] < z1_min)
! 136: {
! 137: z1_min = z1[i];
! 138: }
! 139: else if (z1[i] > z1_max)
! 140: {
! 141: z1_max = z1[i];
! 142: }
! 143: if (z2d[i] < z2d_min)
! 144: {
! 145: z2d_min = z2d[i];
! 146: }
! 147: else if (z2d[i] > z2d_max)
! 148: {
! 149: z2d_max = z2d[i];
! 150: }
! 151: }
! 152: DBG2(DBG_LIB, "z1 = %d..%d, z2d = %d..%d", z1_min, z1_max, z2d_min, z2d_max);
! 153:
! 154: /* Restriction on infinite norm */
! 155: for (i = 0; i < set->n; i++)
! 156: {
! 157: z2ds[i] = (1 << set->d) * z2d[i];
! 158:
! 159: if (z1[i] >= set->B_inf || z2ds[i] >= set->B_inf ||
! 160: z1[i] <= -set->B_inf || z2ds[i] <= -set->B_inf)
! 161: {
! 162: DBG2(DBG_LIB, "signature rejected due to excessive infinite norm");
! 163: return FALSE;
! 164: }
! 165: }
! 166:
! 167: /* Restriction on l2-norm */
! 168: norm = bliss_utils_scalar_product(z1, z1, set->n) +
! 169: bliss_utils_scalar_product(z2ds, z2ds, set->n);
! 170:
! 171: if (norm >= set->B_l2)
! 172: {
! 173: DBG2(DBG_LIB, "signature rejected due to excessive l2-norm");
! 174: return FALSE;
! 175: }
! 176:
! 177: return TRUE;
! 178: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>