diff options
author | Jack Lloyd <[email protected]> | 2015-10-27 09:08:04 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2015-10-27 09:08:04 -0400 |
commit | 62709ff4cf3bb0fff37b1a1e90bfd5f06a2b2151 (patch) | |
tree | 1c98a31885d499c7435bc5ac4274a944b0af9e9c | |
parent | 10e1dffc911e16b4aaddee2debe6fbc3415199c2 (diff) |
Fix McEliece key gen endian dependency.
The tests which generate McEliece keys using a deterministic RNG and
fixed seed failed on PowerPC (or other big endian systems) because the
vectors assumed we were creating elements little endian, which is
what happend with rng.randomize(&u16, 2) on x86
Fix it to always be little endian. No particular reason to prefer one vs the
other here (we're just trying for compatability with ourselves) and choosing
little endian avoids having to regen the vectors.
-rw-r--r-- | src/lib/pubkey/mce/code_based_key_gen.cpp | 20 | ||||
-rw-r--r-- | src/lib/pubkey/mce/polyn_gf2m.cpp | 26 | ||||
-rw-r--r-- | src/lib/pubkey/mce/polyn_gf2m.h | 1 |
3 files changed, 27 insertions, 20 deletions
diff --git a/src/lib/pubkey/mce/code_based_key_gen.cpp b/src/lib/pubkey/mce/code_based_key_gen.cpp index f83e23b05..8fb290386 100644 --- a/src/lib/pubkey/mce/code_based_key_gen.cpp +++ b/src/lib/pubkey/mce/code_based_key_gen.cpp @@ -4,6 +4,7 @@ * * (C) 2014 cryptosource GmbH * (C) 2014 Falko Strenzke [email protected] + * (C) 2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) * @@ -134,21 +135,14 @@ secure_vector<int> binary_matrix::row_reduced_echelon_form() return perm; } -void randomize_support(u32bit n, std::vector<gf2m> & L, RandomNumberGenerator & rng) +void randomize_support(std::vector<gf2m>& L, RandomNumberGenerator& rng) { - unsigned int i, j; - gf2m tmp; - - for (i = 0; i < n; ++i) + for(u32bit i = 0; i != L.size(); ++i) { + gf2m rnd = random_gf2m(rng); - gf2m rnd; - rng.randomize(reinterpret_cast<byte*>(&rnd), sizeof(rnd)); - j = rnd % n; // no rejection sampling, but for useful code-based parameters with n <= 13 this seem tolerable - - tmp = L[j]; - L[j] = L[i]; - L[i] = tmp; + // no rejection sampling, but for useful code-based parameters with n <= 13 this seem tolerable + std::swap(L[i], L[rnd % L.size()]); } } @@ -235,7 +229,7 @@ McEliece_PrivateKey generate_mceliece_key( RandomNumberGenerator & rng, u32bit e { L[i]=i; } - randomize_support(code_length,L,rng); + randomize_support(L, rng); polyn_gf2m g(sp_field); // create as zero bool success = false; do diff --git a/src/lib/pubkey/mce/polyn_gf2m.cpp b/src/lib/pubkey/mce/polyn_gf2m.cpp index 4d9bcf2e8..ec60213db 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.cpp +++ b/src/lib/pubkey/mce/polyn_gf2m.cpp @@ -4,6 +4,7 @@ * * (C) 2014 cryptosource GmbH * (C) 2014 Falko Strenzke [email protected] + * (C) 2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) * @@ -14,6 +15,7 @@ #include <botan/internal/bit_ops.h> #include <botan/rng.h> #include <botan/exceptn.h> +#include <botan/loadstor.h> namespace Botan { @@ -25,6 +27,9 @@ gf2m generate_gf2m_mask(gf2m a) return ~(result - 1); } +/** +* number of leading zeros +*/ unsigned nlz_16bit(u16bit x) { unsigned n; @@ -55,24 +60,31 @@ int polyn_gf2m::calc_degree_secure() const const_cast<polyn_gf2m*>(this)->m_deg = result; return result; } -/** -* number of leading zeros -*/ -gf2m random_code_element(unsigned code_length, Botan::RandomNumberGenerator& rng) +gf2m random_gf2m(RandomNumberGenerator& rng) + { + byte b[2]; + rng.randomize(b, sizeof(b)); + return make_u16bit(b[1], b[0]); + } + +gf2m random_code_element(unsigned code_length, RandomNumberGenerator& rng) { if(code_length == 0) { throw Invalid_Argument("random_code_element() was supplied a code length of zero"); } - unsigned nlz = nlz_16bit(code_length-1); - gf2m mask = (1 << (16-nlz)) -1; + const unsigned nlz = nlz_16bit(code_length-1); + const gf2m mask = (1 << (16-nlz)) -1; + gf2m result; + do { - rng.randomize(reinterpret_cast<byte*>(&result), sizeof(result)); + result = random_gf2m(rng); result &= mask; } while(result >= code_length); // rejection sampling + return result; } diff --git a/src/lib/pubkey/mce/polyn_gf2m.h b/src/lib/pubkey/mce/polyn_gf2m.h index 1c8cc5211..5d012f27b 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.h +++ b/src/lib/pubkey/mce/polyn_gf2m.h @@ -152,6 +152,7 @@ struct polyn_gf2m std::shared_ptr<GF2m_Field> msp_field; }; +gf2m random_gf2m(RandomNumberGenerator& rng); gf2m random_code_element(unsigned code_length, RandomNumberGenerator& rng); std::vector<polyn_gf2m> syndrome_init(polyn_gf2m const& generator, std::vector<gf2m> const& support, int n); |