kris
/
pqcrypto
огледало од https://github.com/henrydcase/pqc.git
1
1
Креирај огранак 0
Код Дискусије 1 Издања 2 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
567 Комити
9 Гране
121 MiB
 
 
 
Дрво: cf88fb781e
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from 'cf88fb781e'
${ noResults }
pqcrypto/common/nistkatrng.c

104 lines
2.8 KiB
Датотека Blame Историја 

  1. //

  2. //  rng.c

  3. //

  4. //  Created by Bassham, Lawrence E (Fed) on 8/29/17.

  5. //  Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved.

  6. //  Modified for liboqs by Douglas Stebila

  7. //

  8. 

  9. #include <assert.h>

  10. #include <string.h>

  11. 

  12. #include "aes.h"

  13. #include "randombytes.h"

  14. 

  15. typedef struct {

  16.     uint8_t Key[32];

  17.     uint8_t V[16];

  18.     int reseed_counter;

  19. } AES256_CTR_DRBG_struct;

  20. 

  21. static AES256_CTR_DRBG_struct DRBG_ctx;

  22. static void AES256_CTR_DRBG_Update(const uint8_t *provided_data, uint8_t *Key, uint8_t *V);

  23. 

  24. // Use whatever AES implementation you have. This uses AES from openSSL library

  25. //    key - 256-bit AES key

  26. //    ctr - a 128-bit plaintext value

  27. //    buffer - a 128-bit ciphertext value

  28. static void AES256_ECB(uint8_t *key, uint8_t *ctr, uint8_t *buffer) {

  29.     aes256ctx ctx;

  30.     aes256_keyexp(&ctx, key);

  31.     aes256_ecb(buffer, ctr, 1, &ctx);

  32. }

  33. 

  34. void nist_kat_init(uint8_t *entropy_input, const uint8_t *personalization_string, int security_strength);

  35. void nist_kat_init(uint8_t *entropy_input, const uint8_t *personalization_string, int security_strength) {

  36.     uint8_t seed_material[48];

  37. 

  38.     assert(security_strength == 256);

  39.     memcpy(seed_material, entropy_input, 48);

  40.     if (personalization_string) {

  41.         for (int i = 0; i < 48; i++) {

  42.             seed_material[i] ^= personalization_string[i];

  43.         }

  44.     }

  45.     memset(DRBG_ctx.Key, 0x00, 32);

  46.     memset(DRBG_ctx.V, 0x00, 16);

  47.     AES256_CTR_DRBG_Update(seed_material, DRBG_ctx.Key, DRBG_ctx.V);

  48.     DRBG_ctx.reseed_counter = 1;

  49. }

  50. 

  51. int randombytes(uint8_t *buf, size_t xlen) {

  52.     uint8_t block[16];

  53.     int i = 0;

  54. 

  55.     while (xlen > 0) {

  56.         //increment V

  57.         for (int j = 15; j >= 0; j--) {

  58.             if (DRBG_ctx.V[j] == 0xff) {

  59.                 DRBG_ctx.V[j] = 0x00;

  60.             } else {

  61.                 DRBG_ctx.V[j]++;

  62.                 break;

  63.             }

  64.         }

  65.         AES256_ECB(DRBG_ctx.Key, DRBG_ctx.V, block);

  66.         if (xlen > 15) {

  67.             memcpy(buf + i, block, 16);

  68.             i += 16;

  69.             xlen -= 16;

  70.         } else {

  71.             memcpy(buf + i, block, xlen);

  72.             xlen = 0;

  73.         }

  74.     }

  75.     AES256_CTR_DRBG_Update(NULL, DRBG_ctx.Key, DRBG_ctx.V);

  76.     DRBG_ctx.reseed_counter++;

  77.     return 0;

  78. }

  79. 

  80. static void AES256_CTR_DRBG_Update(const uint8_t *provided_data, uint8_t *Key, uint8_t *V) {

  81.     uint8_t temp[48];

  82. 

  83.     for (int i = 0; i < 3; i++) {

  84.         //increment V

  85.         for (int j = 15; j >= 0; j--) {

  86.             if (V[j] == 0xff) {

  87.                 V[j] = 0x00;

  88.             } else {

  89.                 V[j]++;

  90.                 break;

  91.             }

  92.         }

  93. 

  94.         AES256_ECB(Key, V, temp + 16 * i);

  95.     }

  96.     if (provided_data != NULL) {

  97.         for (int i = 0; i < 48; i++) {

  98.             temp[i] ^= provided_data[i];

  99.         }

  100.     }

  101.     memcpy(Key, temp, 32);

  102.     memcpy(V, temp + 32, 16);

  103. }