diff --git a/include/dap_cert.h b/include/dap_cert.h
index a793fd7ad309e6bc297906af1adf1ab6f69eb78c..db212d2484a8f5d12c69929db0cc3ccab74f0e41 100755
--- a/include/dap_cert.h
+++ b/include/dap_cert.h
@@ -52,8 +52,9 @@ size_t dap_cert_parse_str_list(const char * a_certs_str, dap_cert_t *** a_certs,
dap_cert_t * dap_cert_generate(const char * a_cert_name,const char * a_file_path,dap_enc_key_type_t a_key_type );
-dap_cert_t * dap_cert_generate_mem(const char * a_cert_name,
- dap_enc_key_type_t a_key_type );
+dap_cert_t * dap_cert_generate_mem_with_seed(const char * a_cert_name, dap_enc_key_type_t a_key_type,
+ const void* a_seed, size_t a_seed_size);
+dap_cert_t * dap_cert_generate_mem(const char * a_cert_name, dap_enc_key_type_t a_key_type );
dap_cert_t * dap_cert_add_file(const char * a_cert_name,const char *a_folder_path);
diff --git a/src/XKCP/lib/high/Keccak/FIPS202/SimpleFIPS202.c b/src/XKCP/lib/high/Keccak/FIPS202/SimpleFIPS202.c
index 6dc94232cc3102ffaa11d2b01aaa824d9ebc1b9f..2aae03216e668c2faca40269c0d9adb9843446ac 100755
--- a/src/XKCP/lib/high/Keccak/FIPS202/SimpleFIPS202.c
+++ b/src/XKCP/lib/high/Keccak/FIPS202/SimpleFIPS202.c
@@ -21,6 +21,11 @@ int SHAKE256(unsigned char *output, size_t outputByteLen, const unsigned char *i
return KeccakWidth1600_Sponge(1088, 512, input, inputByteLen, 0x1F, output, outputByteLen);
}
+int SHA3_192(unsigned char *output, const unsigned char *input, size_t inputByteLen)
+{
+ return KeccakWidth1600_Sponge(1216, 384, input, inputByteLen, 0x06, output, 192/8);
+}
+
int SHA3_224(unsigned char *output, const unsigned char *input, size_t inputByteLen)
{
return KeccakWidth1600_Sponge(1152, 448, input, inputByteLen, 0x06, output, 224/8);
diff --git a/src/XKCP/lib/high/Keccak/FIPS202/SimpleFIPS202.h b/src/XKCP/lib/high/Keccak/FIPS202/SimpleFIPS202.h
index b3c68ae842fc4f9667a4769a7b9f5e3d6f2deec8..73559dedce4f957d418b678b796cbda06c885b30 100755
--- a/src/XKCP/lib/high/Keccak/FIPS202/SimpleFIPS202.h
+++ b/src/XKCP/lib/high/Keccak/FIPS202/SimpleFIPS202.h
@@ -33,6 +33,15 @@ int SHAKE128(unsigned char *output, size_t outputByteLen, const unsigned char *i
*/
int SHAKE256(unsigned char *output, size_t outputByteLen, const unsigned char *input, size_t inputByteLen);
+
+/** Implementation of SHA3-192 [FIPS 202].
+ * @param output Pointer to the output buffer (24 bytes).
+ * @param input Pointer to the input message.
+ * @param inputByteLen The length of the input message in bytes.
+ * @return 0 if successful, 1 otherwise.
+ */
+int SHA3_192(unsigned char *output, const unsigned char *input, size_t inputByteLen);
+
/** Implementation of SHA3-224 [FIPS 202].
* @param output Pointer to the output buffer (28 bytes).
* @param input Pointer to the input message.
diff --git a/src/dap_cert.c b/src/dap_cert.c
index 7a21bbe87dec93b356daa89906933b72ea282a1b..a9fb97bfeef962c07a4392467d82ec5fa56dc520 100755
--- a/src/dap_cert.c
+++ b/src/dap_cert.c
@@ -193,10 +193,10 @@ int dap_cert_add_cert_sign(dap_cert_t * a_cert, dap_cert_t * a_cert_signer)
* @param a_key_type
* @return
*/
-dap_cert_t * dap_cert_generate_mem(const char * a_cert_name,
- dap_enc_key_type_t a_key_type )
+dap_cert_t * dap_cert_generate_mem_with_seed(const char * a_cert_name, dap_enc_key_type_t a_key_type,
+ const void* a_seed, size_t a_seed_size)
{
- dap_enc_key_t *l_enc_key = dap_enc_key_new_generate(a_key_type, NULL, 0, NULL, 0, 0);
+ dap_enc_key_t *l_enc_key = dap_enc_key_new_generate(a_key_type, NULL, 0, a_seed, a_seed_size, 0);
if ( l_enc_key ){
dap_cert_t * l_cert = dap_cert_new(a_cert_name);
l_cert->enc_key = l_enc_key;
@@ -213,6 +213,17 @@ dap_cert_t * dap_cert_generate_mem(const char * a_cert_name,
}
}
+/**
+ * @brief dap_cert_generate_mem
+ * @param a_cert_name
+ * @param a_key_type
+ * @return
+ */
+dap_cert_t * dap_cert_generate_mem(const char * a_cert_name, dap_enc_key_type_t a_key_type)
+{
+ return dap_cert_generate_mem_with_seed(a_cert_name, a_key_type, NULL, 0);
+}
+
/**
* @brief dap_cert_generate
* @param a_cert_name
diff --git a/src/dap_enc_bliss.c b/src/dap_enc_bliss.c
index 78b34b4bae9cceede2d3ed104bf63f466125e383..255a29a3efcfb41e950845bb1f736afb6aca4937 100755
--- a/src/dap_enc_bliss.c
+++ b/src/dap_enc_bliss.c
@@ -6,6 +6,8 @@
#include "dap_enc_bliss.h"
#include "dap_common.h"
#include "dap_rand.h"
+#include "SimpleFIPS202.h"
+
#define LOG_TAG "dap_enc_sig_bliss"
static enum DAP_BLISS_SIGN_SECURITY _bliss_type = MAX_SECURITY; // by default
@@ -74,7 +76,12 @@ void dap_enc_sig_bliss_key_new_generate(struct dap_enc_key * a_key, const void *
uint8_t seed_tmp[SHA3_512_DIGEST_LENGTH];
entropy_t entropy;
- randombytes(&seed_tmp, 64);
+ if(seed && seed_size>0){
+ assert(SHA3_512_DIGEST_LENGTH==64);
+ SHA3_512((unsigned char *)seed_tmp, (const unsigned char *)seed, seed_size);
+ }
+ else
+ randombytes(&seed_tmp, 64);
entropy_init(&entropy, seed_tmp);
/* type is a param of sign-security
diff --git a/src/dap_enc_dilithium.c b/src/dap_enc_dilithium.c
index 5ddd872e306f0c67cd58c56cf567171c34c4ef99..c530ef8c49ab01e83c78fee69004461822984ed9 100755
--- a/src/dap_enc_dilithium.c
+++ b/src/dap_enc_dilithium.c
@@ -52,7 +52,7 @@ void dap_enc_sig_dilithium_key_new_generate(struct dap_enc_key * key, const void
key->pub_key_data = malloc(key->pub_key_data_size);
retcode = dilithium_crypto_sign_keypair((dilithium_public_key_t *) key->pub_key_data,
- (dilithium_private_key_t *) key->priv_key_data, _dilithium_type);
+ (dilithium_private_key_t *) key->priv_key_data, _dilithium_type, seed, seed_size);
if(retcode != 0) {
dilithium_private_and_public_keys_delete((dilithium_private_key_t *) key->pub_key_data,
(dilithium_public_key_t *) key->pub_key_data);
diff --git a/src/dap_enc_picnic.c b/src/dap_enc_picnic.c
index 437699958dfcab5565fdb18a06bf4f017746de36..6c64c3d768eabf3612b137f40ed1e08a838e48c8 100755
--- a/src/dap_enc_picnic.c
+++ b/src/dap_enc_picnic.c
@@ -96,7 +96,7 @@ void dap_enc_sig_picnic_key_new_generate(struct dap_enc_key * key, const void *k
key->priv_key_data = calloc(1, key->priv_key_data_size);
key->pub_key_data = calloc(1, key->pub_key_data_size);
- picnic_keys_gen((picnic_privatekey_t *) key->priv_key_data, (picnic_publickey_t *) key->pub_key_data, parameters);
+ picnic_keys_gen((picnic_privatekey_t *) key->priv_key_data, (picnic_publickey_t *) key->pub_key_data, parameters, seed, seed_size);
if(!picnic_validate_keypair((picnic_privatekey_t *) key->priv_key_data, (picnic_publickey_t *) key->pub_key_data))
set_picnic_params_t(key);
}
diff --git a/src/dap_enc_tesla.c b/src/dap_enc_tesla.c
index 1bba317a8100d9ed031f4e4c15f06f6a18817c60..4da96a8ddafc58f0dd0b0f1a1ebaba374b77c1f4 100755
--- a/src/dap_enc_tesla.c
+++ b/src/dap_enc_tesla.c
@@ -58,7 +58,7 @@ void dap_enc_sig_tesla_key_new_generate(struct dap_enc_key * key, const void *ke
key->pub_key_data = malloc(key->pub_key_data_size);
retcode = tesla_crypto_sign_keypair((tesla_public_key_t *) key->pub_key_data,
- (tesla_private_key_t *) key->priv_key_data, _tesla_type);
+ (tesla_private_key_t *) key->priv_key_data, _tesla_type, seed, seed_size);
if(retcode != 0) {
tesla_private_and_public_keys_delete((tesla_private_key_t *) key->pub_key_data,
(tesla_public_key_t *) key->pub_key_data);
diff --git a/src/dap_sign.c b/src/dap_sign.c
index b7f436d9548fd49fbcd23cec5d5f4f71408222f8..3e221c8bf679b49e36d3cf402cdbae23d1109c41 100755
--- a/src/dap_sign.c
+++ b/src/dap_sign.c
@@ -135,16 +135,16 @@ dap_sign_type_t dap_pkey_type_from_sign( dap_pkey_type_t a_pkey_type)
dap_sign_type_t dap_sign_type_from_str(const char * a_type_str)
{
dap_sign_type_t l_sign_type = {0};
- if ( strcmp (a_type_str,"sig_bliss") == 0 ){
+ if ( dap_strcmp (a_type_str,"sig_bliss") == 0 ){
l_sign_type.type = SIG_TYPE_BLISS;
- } else if ( strcmp (a_type_str,"sig_tesla") == 0){
+ } else if ( dap_strcmp (a_type_str,"sig_tesla") == 0){
l_sign_type.type = SIG_TYPE_TESLA;
- } else if ( strcmp (a_type_str,"sig_picnic") == 0){
+ } else if ( dap_strcmp (a_type_str,"sig_picnic") == 0){
l_sign_type.type = SIG_TYPE_PICNIC;
- }else if ( strcmp (a_type_str,"sig_dil") == 0){
+ }else if ( dap_strcmp (a_type_str,"sig_dil") == 0){
l_sign_type.type = SIG_TYPE_DILITHIUM;
}else{
- log_it (L_WARNING, "Wrong sign type string \"%s\"",a_type_str);
+ log_it(L_WARNING, "Wrong sign type string \"%s\"", a_type_str ? a_type_str : "(null)");
}
return l_sign_type;
}
diff --git a/src/sig_dilithium/dilithium_params.h b/src/sig_dilithium/dilithium_params.h
index e4a3fa6ddecb69aeb9f21f5d6df2febc091964c2..b7294dea8d2e32bc68acc1714c9dcfc20e995c0f 100755
--- a/src/sig_dilithium/dilithium_params.h
+++ b/src/sig_dilithium/dilithium_params.h
@@ -74,7 +74,8 @@ typedef struct {
///==========================================================================================
bool dilithium_params_init(dilithium_param_t *, dilithium_kind_t );
-int dilithium_crypto_sign_keypair(dilithium_public_key_t *, dilithium_private_key_t *, dilithium_kind_t );
+int dilithium_crypto_sign_keypair(dilithium_public_key_t *public_key, dilithium_private_key_t *private_key,
+ dilithium_kind_t kind, const void * seed, size_t seed_size);
int dilithium_crypto_sign(dilithium_signature_t *, const unsigned char *, unsigned long long, const dilithium_private_key_t *);
diff --git a/src/sig_dilithium/dilithium_sign.c b/src/sig_dilithium/dilithium_sign.c
index 28a5ec9e93c5d16f2aff98600e50858739733043..47942fa5ec7986bbccc589ee802960da3ebb6ec5 100755
--- a/src/sig_dilithium/dilithium_sign.c
+++ b/src/sig_dilithium/dilithium_sign.c
@@ -2,7 +2,7 @@
#include "dilithium_sign.h"
//#include "KeccakHash.h"
-//#include "SimpleFIPS202.h"
+#include "SimpleFIPS202.h"
/********************************************************************************************/
void expand_mat(polyvecl mat[], const unsigned char rho[SEEDBYTES], dilithium_param_t *p)
@@ -132,7 +132,9 @@ static int32_t dilithium_private_and_public_keys_init(dilithium_private_key_t *p
}
/*************************************************/
-int dilithium_crypto_sign_keypair(dilithium_public_key_t *public_key, dilithium_private_key_t *private_key, dilithium_kind_t kind) {
+int dilithium_crypto_sign_keypair(dilithium_public_key_t *public_key, dilithium_private_key_t *private_key,
+ dilithium_kind_t kind, const void * seed, size_t seed_size)
+{
dilithium_param_t *p = malloc(sizeof(dilithium_param_t));
if (! dilithium_params_init( p, kind)) return -1;
@@ -153,7 +155,13 @@ int dilithium_crypto_sign_keypair(dilithium_public_key_t *public_key, dilithium_
polyvecl s1, s1hat;
polyveck s2, t, t1, t0;
- randombytes(seedbuf, SEEDBYTES);
+ if(seed && seed_size > 0) {
+ assert(SEEDBYTES==32);
+ SHA3_256((unsigned char *) seedbuf, (const unsigned char *) seed, seed_size);
+ }
+ else {
+ randombytes(seedbuf, SEEDBYTES);
+ }
//SHAKE256(seedbuf, 3*SEEDBYTES, seedbuf, SEEDBYTES);
shake256(seedbuf, 3*SEEDBYTES, seedbuf, SEEDBYTES);
diff --git a/src/sig_picnic/picnic.c b/src/sig_picnic/picnic.c
index c368d199c0deed24e87acdcca6dec1b8d274dfe8..4d04eb47ac6a1bd0657f03a25f4ef85b6f22ff1e 100755
--- a/src/sig_picnic/picnic.c
+++ b/src/sig_picnic/picnic.c
@@ -17,6 +17,7 @@
#include "picnic_types.h"
#include "lowmc_constants.h"
#include "platform.h"
+#include "SimpleFIPS202.h"
static int is_valid_params(picnic_params_t params)
{
@@ -380,7 +381,7 @@ int picnic_validate_keypair(const picnic_privatekey_t* privatekey, const picnic_
return 0;
}
-int picnic_keys_gen(picnic_privatekey_t *sk, picnic_publickey_t *pk, picnic_params_t param)
+int picnic_keys_gen(picnic_privatekey_t *sk, picnic_publickey_t *pk, picnic_params_t param, const void * seed, size_t seed_size)
{
paramset_t paramset;
@@ -388,16 +389,42 @@ int picnic_keys_gen(picnic_privatekey_t *sk, picnic_publickey_t *pk, picnic_para
if (ret != EXIT_SUCCESS) {
return -1;
}
- /* Generate a private key */
- sk->params = param;
- if (randombytes(sk->data, paramset.stateSizeBytes) != 0) {
- return -1;
- }
- /* Generate a random plaintext block */
- pk->params = param;
- if (randombytes(pk->plaintext, paramset.stateSizeBytes) != 0) {
- return -1;
+ /* Generate a private key */
+ if(seed && seed_size > 0) {
+ sk->params = param;
+ pk->params = param;
+ switch (paramset.stateSizeBytes) {
+ case 16:
+ SHAKE128((unsigned char *) sk->data, 16, (const unsigned char *) seed, seed_size);
+ //Generate a random plaintext block
+ SHAKE128((unsigned char *) pk->plaintext, 16, (const unsigned char *) seed, seed_size);
+ break;
+ case 24:
+ SHA3_192((unsigned char *) sk->data, (const unsigned char *) seed, seed_size);
+ //Generate a random plaintext block
+ SHA3_192((unsigned char *) pk->plaintext, (const unsigned char *) seed, seed_size);
+ break;
+ case 32:
+ SHA3_256((unsigned char *) sk->data, (const unsigned char *) seed, seed_size);
+ //Generate a random plaintext block
+ SHA3_256((unsigned char *) pk->plaintext, (const unsigned char *) seed, seed_size);
+ break;
+ default:
+ return -1;
+ }
+ }
+ else {
+ sk->params = param;
+ if(randombytes(sk->data, paramset.stateSizeBytes) != 0) {
+ return -1;
+ }
+
+ /* Generate a random plaintext block */
+ pk->params = param;
+ if(randombytes(pk->plaintext, paramset.stateSizeBytes) != 0) {
+ return -1;
+ }
}
LowMCEnc((uint32_t*)pk->plaintext, (uint32_t*)pk->ciphertext,
diff --git a/src/sig_picnic/picnic.h b/src/sig_picnic/picnic.h
index 11621c9bbe570efbea858319e84c5b2e8bc3f8c7..723e51de6d3a2efb92d8e0eb068a08a10272b0ec 100755
--- a/src/sig_picnic/picnic.h
+++ b/src/sig_picnic/picnic.h
@@ -68,7 +68,7 @@ int picnic_validate_keypair(const picnic_privatekey_t* privatekey, const picnic_
void picnic_keypair_delete(picnic_privatekey_t* sk, picnic_publickey_t *pk);
-int picnic_keys_gen(picnic_privatekey_t *sk, picnic_publickey_t *pk, picnic_params_t param);
+int picnic_keys_gen(picnic_privatekey_t *sk, picnic_publickey_t *pk, picnic_params_t param, const void * seed, size_t seed_size);
int get_param_set(picnic_params_t picnicParams, paramset_t* paramset);
diff --git a/src/sig_tesla/sign.c b/src/sig_tesla/sign.c
index 83c5a8376bd7c1c5267012e2c3895674dc02dd12..70694249369e1d057ee1deae3d44acf663bba14d 100755
--- a/src/sig_tesla/sign.c
+++ b/src/sig_tesla/sign.c
@@ -653,7 +653,7 @@ static int32_t tesla_private_and_public_keys_init(tesla_private_key_t *private_k
* - tesla_param_t *params: struct of TESLA parametrs
* Returns: 0 for successful execution
**********************************************************/
-int tesla_crypto_sign_keypair(tesla_public_key_t *public_key, tesla_private_key_t *private_key, tesla_kind_t kind)
+int tesla_crypto_sign_keypair(tesla_public_key_t *public_key, tesla_private_key_t *private_key, tesla_kind_t kind, const void * seed, size_t seed_size)
{
tesla_param_t *p = malloc(sizeof(tesla_param_t));
if (! tesla_params_init( p, kind)) return -1;
@@ -666,7 +666,13 @@ int tesla_crypto_sign_keypair(tesla_public_key_t *public_key, tesla_private_key_
unsigned char *randomness_extended = malloc((p->PARAM_K + 3) * CRYPTO_SEEDBYTES * sizeof(char));
// Get randomness_extended <- seed_e, seed_s, seed_a, seed_y
- randombytes(randomness, CRYPTO_RANDOMBYTES);
+ if(seed && seed_size>0){
+ assert(CRYPTO_RANDOMBYTES==32);
+ SHA3_256((unsigned char *)randomness, (const unsigned char *)seed, seed_size);
+ }
+ else{
+ randombytes(randomness, CRYPTO_RANDOMBYTES);
+ }
if(p->kind == 0 || p->kind == 3)
SHAKE128(randomness_extended, ((p->PARAM_K) + 3) * CRYPTO_SEEDBYTES, randomness, CRYPTO_RANDOMBYTES);
diff --git a/src/sig_tesla/tesla_params.h b/src/sig_tesla/tesla_params.h
index bbc89202f8d4b23e32a1742bb0dabf0392f36f6e..9adfdafcce1dcf68d6b2b4db2d4b772a4a66f1e5 100755
--- a/src/sig_tesla/tesla_params.h
+++ b/src/sig_tesla/tesla_params.h
@@ -72,7 +72,7 @@ typedef struct {
///==========================================================================================
bool tesla_params_init(tesla_param_t *, tesla_kind_t );
-int tesla_crypto_sign_keypair(tesla_public_key_t *, tesla_private_key_t *, tesla_kind_t );
+int tesla_crypto_sign_keypair(tesla_public_key_t *public_key, tesla_private_key_t *private_key, tesla_kind_t kind, const void * seed, size_t seed_size);
int tesla_crypto_sign(tesla_signature_t *, const unsigned char *, unsigned long long, const tesla_private_key_t *);