Return to bliss_utils.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / bliss |
1.1 misho 1: /* 2: * Copyright (C) 2014-2016 Andreas Steffen 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: #include "bliss_utils.h" 17: 18: #include <asn1/asn1.h> 19: #include <crypto/hashers/hasher.h> 20: #include <crypto/xofs/xof_bitspender.h> 21: #include <utils/debug.h> 22: 23: /** 24: * See header. 25: */ 26: int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n) 27: { 28: int32_t product = 0; 29: int i; 30: 31: for (i = 0; i < n; i++) 32: { 33: product += x[i] * y[i]; 34: } 35: 36: return product; 37: } 38: 39: /** 40: * See header. 41: */ 42: void bliss_utils_round_and_drop(const bliss_param_set_t *set, 43: int32_t *x, int16_t *xd) 44: { 45: int32_t factor; 46: int i; 47: 48: factor = 1 << set->d; 49: 50: for (i = 0; i < set->n; i++) 51: { 52: xd[i] = ((x[i] + (factor >> 1)) / factor) % set->p; 53: } 54: } 55: 56: /** 57: * See header. 58: */ 59: bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash, 60: uint16_t *ud, const bliss_param_set_t *set, 61: uint16_t *c_indices) 62: { 63: int i, index_trials = 0, index_found = 0; 64: bool index_taken[set->n]; 65: uint32_t index; 66: uint8_t *seed_pos; 67: chunk_t seed; 68: xof_bitspender_t *bitspender; 69: 70: seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t)); 71: 72: /* the data hash makes up the first part of the oracle seed */ 73: memcpy(seed.ptr, data_hash.ptr, data_hash.len); 74: seed_pos = seed.ptr + data_hash.len; 75: 76: /* followed by the n elements of the ud vector in network order */ 77: for (i = 0; i < set->n; i++) 78: { 79: htoun16(seed_pos, ud[i]); 80: seed_pos += sizeof(uint16_t); 81: } 82: 83: bitspender = xof_bitspender_create(alg, seed, FALSE); 84: if (!bitspender) 85: { 86: return NULL; 87: } 88: 89: for (i = 0; i < set->n; i++) 90: { 91: index_taken[i] = FALSE; 92: } 93: 94: DBG3(DBG_LIB, " i c_index[i]"); 95: while (bitspender->get_bits(bitspender, set->n_bits, &index)) 96: { 97: index_trials++; 98: 99: if (!index_taken[index]) 100: { 101: DBG3(DBG_LIB, "%2u %8u", index_found, index); 102: c_indices[index_found++] = index; 103: index_taken[index] = TRUE; 104: 105: if (index_found == set->kappa) 106: { 107: DBG3(DBG_LIB, "%2d index trials", index_trials); 108: bitspender->destroy(bitspender); 109: return TRUE; 110: } 111: } 112: } 113: 114: bitspender->destroy(bitspender); 115: return FALSE; 116: } 117: 118: /** 119: * See header. 120: */ 121: bool bliss_utils_check_norms(const bliss_param_set_t *set, 122: int32_t *z1, int16_t *z2d) 123: { 124: int32_t z2ds[set->n]; 125: int32_t z1_min, z1_max, norm; 126: int16_t z2d_min, z2d_max; 127: int i; 128: 129: /* some statistics on the values of z1 and z2d */ 130: z1_min = z1_max = z1[0]; 131: z2d_min = z2d_max = z2d[0]; 132: 133: for (i = 1; i < set->n; i++) 134: { 135: if (z1[i] < z1_min) 136: { 137: z1_min = z1[i]; 138: } 139: else if (z1[i] > z1_max) 140: { 141: z1_max = z1[i]; 142: } 143: if (z2d[i] < z2d_min) 144: { 145: z2d_min = z2d[i]; 146: } 147: else if (z2d[i] > z2d_max) 148: { 149: z2d_max = z2d[i]; 150: } 151: } 152: DBG2(DBG_LIB, "z1 = %d..%d, z2d = %d..%d", z1_min, z1_max, z2d_min, z2d_max); 153: 154: /* Restriction on infinite norm */ 155: for (i = 0; i < set->n; i++) 156: { 157: z2ds[i] = (1 << set->d) * z2d[i]; 158: 159: if (z1[i] >= set->B_inf || z2ds[i] >= set->B_inf || 160: z1[i] <= -set->B_inf || z2ds[i] <= -set->B_inf) 161: { 162: DBG2(DBG_LIB, "signature rejected due to excessive infinite norm"); 163: return FALSE; 164: } 165: } 166: 167: /* Restriction on l2-norm */ 168: norm = bliss_utils_scalar_product(z1, z1, set->n) + 169: bliss_utils_scalar_product(z2ds, z2ds, set->n); 170: 171: if (norm >= set->B_l2) 172: { 173: DBG2(DBG_LIB, "signature rejected due to excessive l2-norm"); 174: return FALSE; 175: } 176: 177: return TRUE; 178: }