From: Markku-Juhani Olavi Saarinen Date: Thu, 18 Jun 2015 10:46:16 +0000 (+0200) Subject: Generalize c_indices generation using SHA-512 random oracle. X-Git-Tag: 5.3.3dr2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b7c510eece44cbdc126744b595581e7bc50a826;p=thirdparty%2Fstrongswan.git Generalize c_indices generation using SHA-512 random oracle. This generalization allows the ring dimension n to be different from the current n = 512 and allows kappa to be > 56. Also the hash octets are consumed in a more consistent manner. --- diff --git a/src/libstrongswan/plugins/bliss/bliss_utils.c b/src/libstrongswan/plugins/bliss/bliss_utils.c index 1117433ef5..85bd7dfd4b 100644 --- a/src/libstrongswan/plugins/bliss/bliss_utils.c +++ b/src/libstrongswan/plugins/bliss/bliss_utils.c @@ -57,23 +57,27 @@ void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd) bool bliss_utils_generate_c(hasher_t *hasher, chunk_t data_hash, uint16_t *ud, int n, uint16_t kappa, uint16_t *c_indices) { - int i, j, j_max; - uint64_t extra_bits; - uint16_t index, rounds = 0; + int i, index_found, rounds; + uint16_t index; uint8_t hash[HASH_SIZE_SHA512], un16_buf[2]; chunk_t un16 = { un16_buf, 2 }; bool index_taken[n]; - /* number of indices that can be derived in a single random oracle round */ - j_max = sizeof(hash) - sizeof(extra_bits); + for (i = 0; i < n; i++) + { + index_taken[i] = FALSE; + } + index_found = 0; - while (TRUE) + for (rounds = 0; rounds < 0x10000; rounds++) { + /* hash data */ if (!hasher->get_hash(hasher, data_hash, NULL)) { return FALSE; } + /* followed by the ud vector */ for (i = 0; i < n; i++) { htoun16(un16_buf, ud[i]); @@ -81,32 +85,34 @@ bool bliss_utils_generate_c(hasher_t *hasher, chunk_t data_hash, uint16_t *ud, { return FALSE; } - index_taken[i] = FALSE; } - htoun16(un16_buf, rounds++); + /* hash the round iteration */ + htoun16(un16_buf, rounds); if (!hasher->get_hash(hasher, un16, hash)) { return FALSE; } - extra_bits = untoh64(hash + j_max); - - for (i = 0, j = 0; j < j_max; j++) + for (i = 0; i < HASH_SIZE_SHA512; i += 2) { - index = 2 * (uint16_t)hash[j] + (extra_bits & 1); + index = untoh16(&hash[i]) % n; + if (!index_taken[index]) { - c_indices[i++] = index; + c_indices[index_found++] = index; index_taken[index] = TRUE; + + if (index_found == kappa) + { + return TRUE; + } } - if (i == kappa) - { - return TRUE; - } - extra_bits >>= 1; } } + DBG1(DBG_LIB, "aborted c_indices generation after 2^16 rounds"); + + return FALSE; } /**