diff options
-rw-r--r-- | src/lib/pubkey/mce/code_based_key_gen.cpp | 20 | ||||
-rw-r--r-- | src/lib/pubkey/mce/polyn_gf2m.cpp | 26 | ||||
-rw-r--r-- | src/lib/pubkey/mce/polyn_gf2m.h | 1 |
3 files changed, 27 insertions, 20 deletions
diff --git a/src/lib/pubkey/mce/code_based_key_gen.cpp b/src/lib/pubkey/mce/code_based_key_gen.cpp index f83e23b05..8fb290386 100644 --- a/src/lib/pubkey/mce/code_based_key_gen.cpp +++ b/src/lib/pubkey/mce/code_based_key_gen.cpp @@ -4,6 +4,7 @@ * * (C) 2014 cryptosource GmbH * (C) 2014 Falko Strenzke [email protected] + * (C) 2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) * @@ -134,21 +135,14 @@ secure_vector<int> binary_matrix::row_reduced_echelon_form() return perm; } -void randomize_support(u32bit n, std::vector<gf2m> & L, RandomNumberGenerator & rng) +void randomize_support(std::vector<gf2m>& L, RandomNumberGenerator& rng) { - unsigned int i, j; - gf2m tmp; - - for (i = 0; i < n; ++i) + for(u32bit i = 0; i != L.size(); ++i) { + gf2m rnd = random_gf2m(rng); - gf2m rnd; - rng.randomize(reinterpret_cast<byte*>(&rnd), sizeof(rnd)); - j = rnd % n; // no rejection sampling, but for useful code-based parameters with n <= 13 this seem tolerable - - tmp = L[j]; - L[j] = L[i]; - L[i] = tmp; + // no rejection sampling, but for useful code-based parameters with n <= 13 this seem tolerable + std::swap(L[i], L[rnd % L.size()]); } } @@ -235,7 +229,7 @@ McEliece_PrivateKey generate_mceliece_key( RandomNumberGenerator & rng, u32bit e { L[i]=i; } - randomize_support(code_length,L,rng); + randomize_support(L, rng); polyn_gf2m g(sp_field); // create as zero bool success = false; do diff --git a/src/lib/pubkey/mce/polyn_gf2m.cpp b/src/lib/pubkey/mce/polyn_gf2m.cpp index 4d9bcf2e8..ec60213db 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.cpp +++ b/src/lib/pubkey/mce/polyn_gf2m.cpp @@ -4,6 +4,7 @@ * * (C) 2014 cryptosource GmbH * (C) 2014 Falko Strenzke [email protected] + * (C) 2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) * @@ -14,6 +15,7 @@ #include <botan/internal/bit_ops.h> #include <botan/rng.h> #include <botan/exceptn.h> +#include <botan/loadstor.h> namespace Botan { @@ -25,6 +27,9 @@ gf2m generate_gf2m_mask(gf2m a) return ~(result - 1); } +/** +* number of leading zeros +*/ unsigned nlz_16bit(u16bit x) { unsigned n; @@ -55,24 +60,31 @@ int polyn_gf2m::calc_degree_secure() const const_cast<polyn_gf2m*>(this)->m_deg = result; return result; } -/** -* number of leading zeros -*/ -gf2m random_code_element(unsigned code_length, Botan::RandomNumberGenerator& rng) +gf2m random_gf2m(RandomNumberGenerator& rng) + { + byte b[2]; + rng.randomize(b, sizeof(b)); + return make_u16bit(b[1], b[0]); + } + +gf2m random_code_element(unsigned code_length, RandomNumberGenerator& rng) { if(code_length == 0) { throw Invalid_Argument("random_code_element() was supplied a code length of zero"); } - unsigned nlz = nlz_16bit(code_length-1); - gf2m mask = (1 << (16-nlz)) -1; + const unsigned nlz = nlz_16bit(code_length-1); + const gf2m mask = (1 << (16-nlz)) -1; + gf2m result; + do { - rng.randomize(reinterpret_cast<byte*>(&result), sizeof(result)); + result = random_gf2m(rng); result &= mask; } while(result >= code_length); // rejection sampling + return result; } diff --git a/src/lib/pubkey/mce/polyn_gf2m.h b/src/lib/pubkey/mce/polyn_gf2m.h index 1c8cc5211..5d012f27b 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.h +++ b/src/lib/pubkey/mce/polyn_gf2m.h @@ -152,6 +152,7 @@ struct polyn_gf2m std::shared_ptr<GF2m_Field> msp_field; }; +gf2m random_gf2m(RandomNumberGenerator& rng); gf2m random_code_element(unsigned code_length, RandomNumberGenerator& rng); std::vector<polyn_gf2m> syndrome_init(polyn_gf2m const& generator, std::vector<gf2m> const& support, int n); |