kris
/
pqcrypto
spegling av https://github.com/henrydcase/pqc.git
1
1
Förgrening 0
Kod Ärenden 1 Släpp 2 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
844 Incheckningar
9 Grenar
76 MiB
 
 
 
Träd: d4d6d09ff7
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'd4d6d09ff7'
${ noResults }
pqcrypto/common/nistseedexpander.c

104 rader
2.5 KiB
Blame Historik 

  1. //

  2. //  rng.c

  3. //

  4. //  Created by Bassham, Lawrence E (Fed) on 8/29/17.

  5. //  Copyright © 2017 Bassham, Lawrence E (Fed). All rights reserved.

  6. //  Modified for PQClean by Sebastian Verschoor

  7. //

  8. 

  9. #include "nistseedexpander.h"

  10. #include "aes.h"

  11. #include <string.h>

  12. 

  13. /*

  14.  seedexpander_init()

  15.  ctx            - stores the current state of an instance of the seed expander

  16.  seed           - a 32 byte random value

  17.  diversifier    - an 8 byte diversifier

  18.  maxlen         - maximum number of bytes (less than 2**32) generated under this seed and diversifier

  19.  */

  20. int

  21. seedexpander_init(AES_XOF_struct *ctx,

  22.                   const uint8_t *seed,

  23.                   const uint8_t *diversifier,

  24.                   size_t maxlen)

  25. {

  26.     ctx->length_remaining = maxlen;

  27. 

  28.     memcpy(ctx->key, seed, 32);

  29.     memcpy(ctx->ctr, diversifier, 8);

  30. 

  31.     ctx->ctr[11] = maxlen % 256;

  32.     maxlen >>= 8;

  33.     ctx->ctr[10] = maxlen % 256;

  34.     maxlen >>= 8;

  35.     ctx->ctr[9] = maxlen % 256;

  36.     maxlen >>= 8;

  37.     ctx->ctr[8] = maxlen % 256;

  38.     memset(ctx->ctr+12, 0x00, 4);

  39. 

  40.     ctx->buffer_pos = 16;

  41.     memset(ctx->buffer, 0x00, 16);

  42. 

  43.     return RNG_SUCCESS;

  44. }

  45. 

  46. static void AES256_ECB(uint8_t *key, uint8_t *ctr, uint8_t *buffer) {

  47.     aes256ctx ctx;

  48.     aes256_ecb_keyexp(&ctx, key);

  49.     aes256_ecb(buffer, ctr, 1, &ctx);

  50.     aes256_ctx_release(&ctx);

  51. }

  52. 

  53. /*

  54.  seedexpander()

  55.     ctx  - stores the current state of an instance of the seed expander

  56.     x    - returns the XOF data

  57.     xlen - number of bytes to return

  58.  */

  59. int

  60. seedexpander(AES_XOF_struct *ctx, uint8_t *x, size_t xlen)

  61. {

  62.     size_t offset;

  63. 

  64.     if ( x == NULL ) {

  65.         return RNG_BAD_OUTBUF;

  66.     }

  67.     if ( xlen >= ctx->length_remaining ) {

  68.         return RNG_BAD_REQ_LEN;

  69.     }

  70. 

  71.     ctx->length_remaining -= xlen;

  72. 

  73.     offset = 0;

  74.     while ( xlen > 0 ) {

  75.         if ( xlen <= (16-ctx->buffer_pos) ) { // buffer has what we need

  76.             memcpy(x+offset, ctx->buffer+ctx->buffer_pos, xlen);

  77.             ctx->buffer_pos += xlen;

  78. 

  79.             return RNG_SUCCESS;

  80.         }

  81. 

  82.         // take what's in the buffer

  83.         memcpy(x+offset, ctx->buffer+ctx->buffer_pos, 16-ctx->buffer_pos);

  84.         xlen -= 16-ctx->buffer_pos;

  85.         offset += 16-ctx->buffer_pos;

  86. 

  87.         AES256_ECB(ctx->key, ctx->ctr, ctx->buffer);

  88.         ctx->buffer_pos = 0;

  89. 

  90.         //increment the counter

  91.         for (size_t i=15; i>=12; i--) {

  92.             if ( ctx->ctr[i] == 0xff ) {

  93.                 ctx->ctr[i] = 0x00;

  94.             } else {

  95.                 ctx->ctr[i]++;

  96.                 break;

  97.             }

  98.         }

  99. 

  100.     }

  101. 

  102.     return RNG_SUCCESS;

  103. }