Annotation of embedaddon/strongswan/src/libstrongswan/plugins/bliss/bliss_utils.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2014-2016 Andreas Steffen
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "bliss_utils.h"
17:
18: #include <asn1/asn1.h>
19: #include <crypto/hashers/hasher.h>
20: #include <crypto/xofs/xof_bitspender.h>
21: #include <utils/debug.h>
22:
23: /**
24: * See header.
25: */
26: int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n)
27: {
28: int32_t product = 0;
29: int i;
30:
31: for (i = 0; i < n; i++)
32: {
33: product += x[i] * y[i];
34: }
35:
36: return product;
37: }
38:
39: /**
40: * See header.
41: */
42: void bliss_utils_round_and_drop(const bliss_param_set_t *set,
43: int32_t *x, int16_t *xd)
44: {
45: int32_t factor;
46: int i;
47:
48: factor = 1 << set->d;
49:
50: for (i = 0; i < set->n; i++)
51: {
52: xd[i] = ((x[i] + (factor >> 1)) / factor) % set->p;
53: }
54: }
55:
56: /**
57: * See header.
58: */
59: bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
60: uint16_t *ud, const bliss_param_set_t *set,
61: uint16_t *c_indices)
62: {
63: int i, index_trials = 0, index_found = 0;
64: bool index_taken[set->n];
65: uint32_t index;
66: uint8_t *seed_pos;
67: chunk_t seed;
68: xof_bitspender_t *bitspender;
69:
70: seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t));
71:
72: /* the data hash makes up the first part of the oracle seed */
73: memcpy(seed.ptr, data_hash.ptr, data_hash.len);
74: seed_pos = seed.ptr + data_hash.len;
75:
76: /* followed by the n elements of the ud vector in network order */
77: for (i = 0; i < set->n; i++)
78: {
79: htoun16(seed_pos, ud[i]);
80: seed_pos += sizeof(uint16_t);
81: }
82:
83: bitspender = xof_bitspender_create(alg, seed, FALSE);
84: if (!bitspender)
85: {
86: return NULL;
87: }
88:
89: for (i = 0; i < set->n; i++)
90: {
91: index_taken[i] = FALSE;
92: }
93:
94: DBG3(DBG_LIB, " i c_index[i]");
95: while (bitspender->get_bits(bitspender, set->n_bits, &index))
96: {
97: index_trials++;
98:
99: if (!index_taken[index])
100: {
101: DBG3(DBG_LIB, "%2u %8u", index_found, index);
102: c_indices[index_found++] = index;
103: index_taken[index] = TRUE;
104:
105: if (index_found == set->kappa)
106: {
107: DBG3(DBG_LIB, "%2d index trials", index_trials);
108: bitspender->destroy(bitspender);
109: return TRUE;
110: }
111: }
112: }
113:
114: bitspender->destroy(bitspender);
115: return FALSE;
116: }
117:
118: /**
119: * See header.
120: */
121: bool bliss_utils_check_norms(const bliss_param_set_t *set,
122: int32_t *z1, int16_t *z2d)
123: {
124: int32_t z2ds[set->n];
125: int32_t z1_min, z1_max, norm;
126: int16_t z2d_min, z2d_max;
127: int i;
128:
129: /* some statistics on the values of z1 and z2d */
130: z1_min = z1_max = z1[0];
131: z2d_min = z2d_max = z2d[0];
132:
133: for (i = 1; i < set->n; i++)
134: {
135: if (z1[i] < z1_min)
136: {
137: z1_min = z1[i];
138: }
139: else if (z1[i] > z1_max)
140: {
141: z1_max = z1[i];
142: }
143: if (z2d[i] < z2d_min)
144: {
145: z2d_min = z2d[i];
146: }
147: else if (z2d[i] > z2d_max)
148: {
149: z2d_max = z2d[i];
150: }
151: }
152: DBG2(DBG_LIB, "z1 = %d..%d, z2d = %d..%d", z1_min, z1_max, z2d_min, z2d_max);
153:
154: /* Restriction on infinite norm */
155: for (i = 0; i < set->n; i++)
156: {
157: z2ds[i] = (1 << set->d) * z2d[i];
158:
159: if (z1[i] >= set->B_inf || z2ds[i] >= set->B_inf ||
160: z1[i] <= -set->B_inf || z2ds[i] <= -set->B_inf)
161: {
162: DBG2(DBG_LIB, "signature rejected due to excessive infinite norm");
163: return FALSE;
164: }
165: }
166:
167: /* Restriction on l2-norm */
168: norm = bliss_utils_scalar_product(z1, z1, set->n) +
169: bliss_utils_scalar_product(z2ds, z2ds, set->n);
170:
171: if (norm >= set->B_l2)
172: {
173: DBG2(DBG_LIB, "signature rejected due to excessive l2-norm");
174: return FALSE;
175: }
176:
177: return TRUE;
178: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>