From: Andreas Steffen Date: Fri, 6 Dec 2013 23:21:28 +0000 (+0100) Subject: Streamlined DRBG and MGF1 debug output X-Git-Tag: 5.1.2dr3~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a978a8194deba47087c06c2d13ff93e25a3e84ec;p=thirdparty%2Fstrongswan.git Streamlined DRBG and MGF1 debug output --- diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgftp1.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgftp1.c index d0427982bc..1d3362625f 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgftp1.c +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_mgftp1.c @@ -71,6 +71,7 @@ ntru_mgftp1( ntru_mgf1_t *mgf1; /* generate minimum MGF1 output */ + DBG2(DBG_LIB, "MGF1 is seeded with %u octets", seed_len); mgf1 = ntru_mgf1_create(hash_algid, chunk_create(seed, seed_len), TRUE); if (!mgf1) { @@ -80,7 +81,8 @@ ntru_mgftp1( octets = buf; octets_available = min_calls * md_len; - DBG2(DBG_LIB, "MGF1 generates %u octets", octets_available); + DBG2(DBG_LIB, "MGF1 generates %u octets to extract %d trits", + octets_available, num_trits_needed); if (!mgf1->get_mask(mgf1, octets_available, octets)) { mgf1->destroy(mgf1); @@ -96,7 +98,8 @@ ntru_mgftp1( octets = buf; octets_available = md_len; - DBG2(DBG_LIB, "MGF1 generates another %u octets", octets_available); + DBG2(DBG_LIB, "MGF1 generates another %u octets for the remaining " + "%u trits", octets_available, num_trits_needed); if (!mgf1->get_mask(mgf1, octets_available, octets)) { mgf1->destroy(mgf1); @@ -125,7 +128,8 @@ ntru_mgftp1( octets = buf; octets_available = md_len; - DBG2(DBG_LIB, "MGF1 generates another %u octets", octets_available); + DBG2(DBG_LIB, "MGF1 generates another %u octets for the remaining " + "%u trits", octets_available, num_trits_needed); if (!mgf1->get_mask(mgf1, octets_available, octets)) { mgf1->destroy(mgf1); diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c index 955544f2f8..e1f4f04a45 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c @@ -93,6 +93,7 @@ ntru_gen_poly( ntru_mgf1_t *mgf1; /* generate minimum MGF1 output */ + DBG2(DBG_LIB, "MGF1 is seeded with %u octets", seed_len); mgf1 = ntru_mgf1_create(hash_algid, chunk_create(seed, seed_len), TRUE); if (!mgf1) { @@ -102,13 +103,6 @@ ntru_gen_poly( octets = buf; octets_available = min_calls * md_len; - DBG2(DBG_LIB, "MGF1 generates %u octets", octets_available); - if (!mgf1->get_mask(mgf1, octets_available, octets)) - { - mgf1->destroy(mgf1); - return NTRU_MGF1_FAIL; - } - /* init indices counts for number of polynomials being generated */ if (is_product_form) { @@ -134,6 +128,13 @@ ntru_gen_poly( memset(used, 0, N); /* generate indices (IGF-2) for all polynomials */ + DBG2(DBG_LIB, "MGF1 generates %u octets for %u indices", + octets_available, num_indices); + if (!mgf1->get_mask(mgf1, octets_available, octets)) + { + mgf1->destroy(mgf1); + return NTRU_MGF1_FAIL; + } while (num_polys > 0) { @@ -166,8 +167,9 @@ ntru_gen_poly( octets = buf; octets_available = md_len; - DBG2(DBG_LIB, "MGF1 generates another %u octets", - octets_available); + DBG2(DBG_LIB, "MGF1 generates another %u octets for the " + "remaining %u indices", octets_available, + num_indices - index_cnt); if (!mgf1->get_mask(mgf1, octets_available, octets)) { mgf1->destroy(mgf1); diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.c b/src/libstrongswan/plugins/ntru/ntru_drbg.c index bf8d7fda26..0081223c92 100644 --- a/src/libstrongswan/plugins/ntru/ntru_drbg.c +++ b/src/libstrongswan/plugins/ntru/ntru_drbg.c @@ -119,7 +119,7 @@ METHOD(ntru_drbg_t, reseed, bool, chunk_t seed; seed = chunk_alloc(this->strength / BITS_PER_BYTE); - DBG2(DBG_LIB, "DBRG requesting %u bytes of entropy", seed.len); + DBG2(DBG_LIB, "DRG requests %u bytes of entropy", seed.len); if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr)) { @@ -254,7 +254,7 @@ ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str, entropy_len = (strength + strength/2) / BITS_PER_BYTE; seed = chunk_alloc(entropy_len + pers_str.len); - DBG2(DBG_LIB, "DBRG requesting %u bytes of entropy", entropy_len); + DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len); if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr)) {