/*
* Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "bliss_utils.h"
#include <asn1/asn1.h>
#include <crypto/hashers/hasher.h>
#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
/**
* See header.
*/
int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n)
{
int32_t product = 0;
int i;
for (i = 0; i < n; i++)
{
product += x[i] * y[i];
}
return product;
}
/**
* See header.
*/
void bliss_utils_round_and_drop(const bliss_param_set_t *set,
int32_t *x, int16_t *xd)
{
int32_t factor;
int i;
factor = 1 << set->d;
for (i = 0; i < set->n; i++)
{
xd[i] = ((x[i] + (factor >> 1)) / factor) % set->p;
}
}
/**
* See header.
*/
bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
uint16_t *ud, const bliss_param_set_t *set,
uint16_t *c_indices)
{
int i, index_trials = 0, index_found = 0;
bool index_taken[set->n];
uint32_t index;
uint8_t *seed_pos;
chunk_t seed;
xof_bitspender_t *bitspender;
seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t));
/* the data hash makes up the first part of the oracle seed */
memcpy(seed.ptr, data_hash.ptr, data_hash.len);
seed_pos = seed.ptr + data_hash.len;
/* followed by the n elements of the ud vector in network order */
for (i = 0; i < set->n; i++)
{
htoun16(seed_pos, ud[i]);
seed_pos += sizeof(uint16_t);
}
bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;
}
for (i = 0; i < set->n; i++)
{
index_taken[i] = FALSE;
}
DBG3(DBG_LIB, " i c_index[i]");
while (bitspender->get_bits(bitspender, set->n_bits, &index))
{
index_trials++;
if (!index_taken[index])
{
DBG3(DBG_LIB, "%2u %8u", index_found, index);
c_indices[index_found++] = index;
index_taken[index] = TRUE;
if (index_found == set->kappa)
{
DBG3(DBG_LIB, "%2d index trials", index_trials);
bitspender->destroy(bitspender);
return TRUE;
}
}
}
bitspender->destroy(bitspender);
return FALSE;
}
/**
* See header.
*/
bool bliss_utils_check_norms(const bliss_param_set_t *set,
int32_t *z1, int16_t *z2d)
{
int32_t z2ds[set->n];
int32_t z1_min, z1_max, norm;
int16_t z2d_min, z2d_max;
int i;
/* some statistics on the values of z1 and z2d */
z1_min = z1_max = z1[0];
z2d_min = z2d_max = z2d[0];
for (i = 1; i < set->n; i++)
{
if (z1[i] < z1_min)
{
z1_min = z1[i];
}
else if (z1[i] > z1_max)
{
z1_max = z1[i];
}
if (z2d[i] < z2d_min)
{
z2d_min = z2d[i];
}
else if (z2d[i] > z2d_max)
{
z2d_max = z2d[i];
}
}
DBG2(DBG_LIB, "z1 = %d..%d, z2d = %d..%d", z1_min, z1_max, z2d_min, z2d_max);
/* Restriction on infinite norm */
for (i = 0; i < set->n; i++)
{
z2ds[i] = (1 << set->d) * z2d[i];
if (z1[i] >= set->B_inf || z2ds[i] >= set->B_inf ||
z1[i] <= -set->B_inf || z2ds[i] <= -set->B_inf)
{
DBG2(DBG_LIB, "signature rejected due to excessive infinite norm");
return FALSE;
}
}
/* Restriction on l2-norm */
norm = bliss_utils_scalar_product(z1, z1, set->n) +
bliss_utils_scalar_product(z2ds, z2ds, set->n);
if (norm >= set->B_l2)
{
DBG2(DBG_LIB, "signature rejected due to excessive l2-norm");
return FALSE;
}
return TRUE;
}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bliss_utils.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / bliss