Compare revisions

fb1c4cbf · fb1c4cbf · fb1c4cbf · fb1c4cbf · fb1c4cbf · fb1c4cbf
--- a/src/salsa2012/salsa2012.pri
+++ b/src/salsa2012/salsa2012.pri
+INCLUDEPATH += $$PWD
+
+HEADERS += $$PWD/common_salsa.h \
+           $$PWD/crypto_core_salsa2012.h \
+           $$PWD/crypto_stream_salsa2012.h \
+           $$PWD/utils.h \
+
+SOURCES += $$PWD/core_salsa_ref.c \
+           $$PWD/stream_salsa2012.c \
+           $$PWD/stream_salsa2012_ref.c \
--- a/src/salsa2012/stream_salsa2012.c
+++ b/src/salsa2012/stream_salsa2012.c
+#include "crypto_stream_salsa2012.h"
+#include "rand/dap_rand.h"
+
+size_t
+crypto_stream_salsa2012_keybytes(void)
+{
+    return crypto_stream_salsa2012_KEYBYTES;
+}
+
+size_t
+crypto_stream_salsa2012_noncebytes(void)
+{
+    return crypto_stream_salsa2012_NONCEBYTES;
+}
+
+size_t
+crypto_stream_salsa2012_messagebytes_max(void)
+{
+    return crypto_stream_salsa2012_MESSAGEBYTES_MAX;
+}
+
+void
+crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES])
+{
+    randombytes(k, crypto_stream_salsa2012_KEYBYTES);
+}
--- a/src/salsa2012/stream_salsa2012_ref.c
+++ b/src/salsa2012/stream_salsa2012_ref.c
+/*
+version 20140420
+D. J. Bernstein
+Public domain.
+*/
+
+#include <stdint.h>
+
+#include "crypto_core_salsa2012.h"
+#include "crypto_stream_salsa2012.h"
+#include "utils.h"
+
+
+/**
+ * @brief generate gamma bytes
+ * @param gamma bytes array
+ * @param gamma_len
+ * @param n nonce
+ * @param k key
+ * @return
+ */
+
+int
+crypto_stream_salsa2012(unsigned char *gamma, unsigned long long gamma_len,
+                        const unsigned char *n, const unsigned char *k)
+{
+    unsigned char in[16];
+    unsigned char block[64];
+    unsigned char kcopy[32];
+    unsigned int  i;
+    unsigned int  u;
+
+    if (!gamma_len) {
+        return 0;
+    }
+    for (i = 0; i < 32; ++i) {
+        kcopy[i] = k[i];
+    }
+    for (i = 0; i < 8; ++i) {
+        in[i] = n[i];
+    }
+    for (i = 8; i < 16; ++i) {
+        in[i] = 0;
+    }
+    while (gamma_len >= 64) {
+        crypto_core_salsa2012(gamma, in, kcopy, NULL);
+        u = 1;
+        for (i = 8; i < 16; ++i) {
+            u += (unsigned int)in[i];
+            in[i] = u;
+            u >>= 8;
+        }
+        gamma_len -= 64;
+        gamma += 64;
+    }
+    if (gamma_len) {
+        crypto_core_salsa2012(block, in, kcopy, NULL);
+        for (i = 0; i < (unsigned int)gamma_len; ++i) {
+            gamma[i] = block[i];
+        }
+    }
+//    sodium_memzero(block, sizeof block);//TODO
+//    sodium_memzero(kcopy, sizeof kcopy);
+
+    return 0;
+}
+/**
+ * @brief c = m ^ gamma
+ * @param c
+ * @param m
+ * @param mlen
+ * @param n nonce 8 bytes
+ * @param k
+ * @return
+ */
+int
+crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m,
+                            unsigned long long mlen, const unsigned char *n,
+                            const unsigned char *k)
+{
+    unsigned char in[16];
+    unsigned char block[64];
+    unsigned char kcopy[32];
+    unsigned int  i;
+    unsigned int  u;
+
+    if (!mlen) {
+        return 0;
+    }
+    for (i = 0; i < 32; ++i) {
+        kcopy[i] = k[i];
+    }
+    for (i = 0; i < 8; ++i) {
+        in[i] = n[i];
+    }
+    for (i = 8; i < 16; ++i) {
+        in[i] = 0;
+    }
+    while (mlen >= 64) {
+        crypto_core_salsa2012(block, in, kcopy, NULL);
+        for (i = 0; i < 64; ++i) {
+            c[i] = m[i] ^ block[i];
+        }
+        u = 1;
+        for (i = 8; i < 16; ++i) {
+            u += (unsigned int)in[i];
+            in[i] = u;
+            u >>= 8;
+        }
+        mlen -= 64;
+        c += 64;
+        m += 64;
+    }
+    if (mlen) {
+        crypto_core_salsa2012(block, in, kcopy, NULL);
+        for (i = 0; i < (unsigned int)mlen; ++i) {
+            c[i] = m[i] ^ block[i];
+        }
+    }
+//    sodium_memzero(block, sizeof block);//TODO
+//    sodium_memzero(kcopy, sizeof kcopy);
+
+    return 0;
+}
--- a/src/salsa2012/utils.h
+++ b/src/salsa2012/utils.h
+#ifndef sodium_utils_H
+#define sodium_utils_H
+
+#include <stddef.h>
+
+
+#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B))
+#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX)
+#endif
--- a/src/sha3/KeccakHash.c
+++ b/src/sha3/KeccakHash.c
@@ -18,6 +18,24 @@ http://creativecommons.org/publicdomain/zero/1.0/

 /* ---------------------------------------------------------------- */

+//HashReturn Keccak_KDF(void *in, const int in_byte_len, void *key_out, const int out_byte_len, unsigned int rate, unsigned int capacity, unsigned char delimitedSuffix)
+//{
+//    HashReturn result;
+
+//    Keccak_HashInstance instance;
+//    result = Keccak_HashInitialize(&instance, rate, capacity, out_byte_len*8, delimitedSuffix);
+//    if (result != SUCCESS)
+//        return result;
+
+//    result = Keccak_HashUpdate(&instance, in, in_byte_len*8);
+//    if (result != SUCCESS)
+//        return result;
+
+//    result = Keccak_HashFinal(&instance, key_out);
+
+//    return result;
+//}
+
 HashReturn Keccak_HashInitialize(Keccak_HashInstance *instance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix)
 {
    HashReturn result;

--- a/src/sha3/KeccakHash.h
+++ b/src/sha3/KeccakHash.h
@@ -53,6 +53,9 @@ typedef struct {
  */
 HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix);

+
+//#define Keccak_256KDF(in, in_byte_len, key_out, out_byte_len) Keccak_KDF(in, in_byte_len, key_out, out_byte_len, 1088,  512, 0x1F)
+
 /** Macro to initialize a SHAKE128 instance as specified in the FIPS 202 standard.
  */
 #define Keccak_HashInitialize_SHAKE128(hashInstance)        Keccak_HashInitialize(hashInstance, 1344,  256,   0, 0x1F)

--- a/src/sha3/fips202.c
+++ b/src/sha3/fips202.c
@@ -341,7 +341,7 @@ void KeccakF1600_StatePermute(uint64_t * state)
 #define MIN(a, b) ((a) < (b) ? (a) : (b))


-static void keccak_absorb(uint64_t *s, unsigned int r, const unsigned char *m, unsigned long long int mlen, unsigned char p)
+void keccak_absorb(uint64_t *s, unsigned int r, const unsigned char *m, unsigned long long int mlen, unsigned char p)
 {
  unsigned long long i;
  unsigned char t[200];
@@ -367,7 +367,7 @@ static void keccak_absorb(uint64_t *s, unsigned int r, const unsigned char *m, u
 }


-static void keccak_squeezeblocks(unsigned char *h, unsigned long long int nblocks, uint64_t *s, unsigned int r)
+void keccak_squeezeblocks(unsigned char *h, unsigned long long int nblocks, uint64_t *s, unsigned int r)
 {
  unsigned int i;

@@ -454,7 +454,9 @@ void cshake128_simple_squeezeblocks(unsigned char *output, unsigned long long nb

 void cshake128_simple(unsigned char *output, unsigned long long outlen, uint16_t cstm, const unsigned char *in, unsigned long long inlen)
 {
-  uint64_t s[25] = {0};
+  uint64_t s[25];
+  for(int i = 0; i < 25; ++i)
+      s[i] = 0;
  unsigned char t[SHAKE128_RATE];
  unsigned int i;


--- a/src/sha3/fips202.h
+++ b/src/sha3/fips202.h
@@ -12,6 +12,9 @@

 #define SHA3_256_RATE 136

+void keccak_absorb(uint64_t *s, unsigned int r, const unsigned char *m, unsigned long long int mlen, unsigned char p);
+void keccak_squeezeblocks(unsigned char *h, unsigned long long int nblocks, uint64_t *s, unsigned int r);
+
 void shake128_absorb(uint64_t *s, const unsigned char *input, unsigned int inputByteLen);
 void shake128_squeezeblocks(unsigned char *output, unsigned long long nblocks, uint64_t *s);
 void shake128(unsigned char *output, unsigned long long outlen, const unsigned char *input,  unsigned long long inlen);

--- a/src/sig_bliss/bliss_b_keys.c
+++ b/src/sig_bliss/bliss_b_keys.c
@@ -118,17 +118,12 @@ static int32_t bliss_b_private_key_init(bliss_private_key_t *private_key, bliss_

  f = calloc(n, sizeof(int32_t));
  if (f == NULL) {
-      free(f);
-      free(g);
-      free(a);
      return BLISS_B_NO_MEM;
  }

  g = calloc(n, sizeof(int32_t));
  if (g == NULL) {
      free(f);
-      free(g);
-      free(a);
      return BLISS_B_NO_MEM;
  }

@@ -136,7 +131,6 @@ static int32_t bliss_b_private_key_init(bliss_private_key_t *private_key, bliss_
  if (a == NULL) {
      free(f);
      free(g);
-      free(a);
      return BLISS_B_NO_MEM;
  }


--- a/src/sig_bliss/bliss_b_signatures.c
+++ b/src/sig_bliss/bliss_b_signatures.c
@@ -404,18 +404,7 @@ int32_t bliss_b_sign(bliss_signature_t *signature,  const bliss_private_key_t *p
      /* initialize our sampler */
      if (!sampler_init(&sampler, p.sigma, p.ell, p.precision, entropy)) {
        retval = BLISS_B_BAD_ARGS;
-        secure_free(&z1, n);
-        secure_free(&z2, n);
-        secure_free((int32_t **)&indices, kappa);
-        free(hash);
-        hash = NULL;
        delete_ntt_state(state);
-        secure_free(&v, n);
-        secure_free(&dv, n);
-        secure_free(&y1, n);
-        secure_free(&y2, n);
-        secure_free(&v1, n);
-        secure_free(&v2, n);
        return retval;
      }

@@ -429,46 +418,91 @@ int32_t bliss_b_sign(bliss_signature_t *signature,  const bliss_private_key_t *p

      z1 = malloc(n * sizeof(int32_t));
      if(z1 ==  NULL){
+        free(hash);
        return BLISS_B_NO_MEM;
      }

      z2 = malloc(n * sizeof(int32_t));
      if(z2 ==  NULL){
+        free(hash);
+        secure_free(&z1, n);
        return BLISS_B_NO_MEM;
      }

      v1 = malloc(n * sizeof(int32_t));
      if(v1 ==  NULL){
+        free(hash);
+        secure_free(&z1, n);
+        secure_free(&z2, n);
        return BLISS_B_NO_MEM;
      }

      v2 = malloc(n * sizeof(int32_t));
      if(v2 ==  NULL){
+        free(hash);
+        secure_free(&z1, n);
+        secure_free(&z2, n);
+        secure_free(&v1, n);
        return BLISS_B_NO_MEM;
      }

      y1 = malloc(n * sizeof(int32_t));
      if(y1 ==  NULL){
+        free(hash);
+        secure_free(&z1, n);
+        secure_free(&z2, n);
+        secure_free(&v1, n);
+        secure_free(&v2, n);
        return BLISS_B_NO_MEM;
      }

      y2 = malloc(n * sizeof(int32_t));
      if(y2 ==  NULL){
+        free(hash);
+        secure_free(&z1, n);
+        secure_free(&z2, n);
+        secure_free(&v1, n);
+        secure_free(&v2, n);
+        secure_free(&y1, n);
        return BLISS_B_NO_MEM;
      }

      v = calloc(n, sizeof(int32_t));
      if(v ==  NULL){
+        free(hash);
+        secure_free(&z1, n);
+        secure_free(&z2, n);
+        secure_free(&v1, n);
+        secure_free(&v2, n);
+        secure_free(&y1, n);
+        secure_free(&y2, n);
        return BLISS_B_NO_MEM;
      }

      dv = calloc(n, sizeof(int32_t));
      if(dv ==  NULL){
+        free(hash);
+        secure_free(&z1, n);
+        secure_free(&z2, n);
+        secure_free(&v1, n);
+        secure_free(&v2, n);
+        secure_free(&y1, n);
+        secure_free(&y2, n);
+        secure_free(&v, n);
        return BLISS_B_NO_MEM;
      }

      indices = calloc(kappa, sizeof(int32_t));
      if(indices ==  NULL){
+        free(hash);
+        secure_free(&z1, n);
+        secure_free(&z2, n);
+        secure_free(&v1, n);
+        secure_free(&v2, n);
+        secure_free(&y1, n);
+        secure_free(&y2, n);
+        secure_free(&v, n);
+        secure_free(&dv, n);
        return BLISS_B_NO_MEM;
      }


--- a/src/sig_tesla/tesla_params.h
+++ b/src/sig_tesla/tesla_params.h
@@ -85,8 +85,8 @@ void tesla_private_and_public_keys_delete(tesla_private_key_t *private_key, tesl
 void tesla_signature_delete(tesla_signature_t *signature);

 ///==========================================================================================
-typedef	int64_t __attribute__ ((aligned(32))) poly;//[ 2048 ]; //PARAM_N
-typedef	int64_t __attribute__ ((aligned(32))) poly_k;//[ 5 * 2048]; // PARAM_K * PARAM_N
+typedef	int64_t poly;//[ 2048 ]; //PARAM_N __attribute__ ((aligned(32)))
+typedef	int64_t poly_k;//[ 5 * 2048]; // PARAM_K * PARAM_N __attribute__ ((aligned(32)))

 int64_t init_mass_poly(poly *zeta, poly *zetainv, tesla_param_t *p);
 int64_t reduce(int64_t a, tesla_param_t *p);

--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.0)
 project(test)

 set(CMAKE_C_STANDARD 11)

-add_subdirectory(libdap-test)
+if(NOT SUBMODULES_NO_BUILD)
+    add_subdirectory(libdap-test)
+endif()
+
 add_subdirectory(crypto)
 add_subdirectory(cert)
--- a/test/cert/CMakeLists.txt
+++ b/test/cert/CMakeLists.txt
-if(TARGET crypto_cert_test)
+if(TARGET crypto_cert_test)
    return() # The project has already been built.
 endif()
 project(crypto_cert_test)

-add_subdirectory(libdap-test)
-
 file(GLOB SOURCES *.c)
 file(GLOB HEADERS *.h)


--- a/test/cert/dap_sha3_tests.c
+++ b/test/cert/dap_sha3_tests.c
@@ -73,11 +73,11 @@ static inline double gettimefloat( void )
  return (double)gettime64() / 1000000000.0;
 }

-#include "keccak.h"
+#include "dap_hash.h"
 #include "XKCP/lib/high/Keccak/FIPS202/KeccakHash.h"
 #include "fips202.h"
 #include "SimpleFIPS202.h"
-
+/*
 #define DAP_CHAIN_HASH_FAST_SIZE    32

 typedef union dap_chain_hash_fast{
@@ -119,7 +119,7 @@ int dap_hash_fast( const void *a_data_in, size_t a_data_in_size, dap_chain_hash_

    return 1;
 }
-
+*/
 #define DATA_SIZE 2048

 uint8_t data[8192];
@@ -208,4 +208,4 @@ void dap_sha3_tests_run(void)
  dap_pass_msg("dap_sha3_tests_run( )");

  return;
-}
\ No newline at end of file
+}
--- a/test/crypto/CMakeLists.txt
+++ b/test/crypto/CMakeLists.txt
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.0)

 project(crypto-test)

+if ( NOT ( TARGET dap_core ) )
+    #add_subdirectory(libdap)
+endif()
+
+if ( NOT ( TARGET dap_test ) )
+    #add_subdirectory(libdap-test)
+endif()
+
 file(GLOB SRC *.h *.c)

 add_executable(${PROJECT_NAME} ${SRC})

--- a/test/crypto/dap_enc_base58_test.c
+++ b/test/crypto/dap_enc_base58_test.c
@@ -3,18 +3,18 @@
 #include <string.h>
 #include "dap_common.h"
 #include "dap_test.h"
-#include "dap_test_generator.h"
+#include "rand/dap_rand.h"
 #include "dap_enc_base58.h"
 #include "dap_enc_base58_test.h"

 static void test_encode_decode_base58(void)
 {
    static size_t source_size = 0;
-    int step = 1 + (rand() % 20);
+    int step = 1 + random_uint32_t( 20);
    source_size += (size_t) step;

    uint8_t source[source_size];
-    generate_random_byte_array(source, source_size);
+    randombytes(source, source_size);
    //source[0] = 0;
    //source[1] = 0;
    size_t encode_result_size = DAP_ENC_BASE58_ENCODE_SIZE(source_size);

--- a/test/crypto/dap_enc_base64_test.c
+++ b/test/crypto/dap_enc_base64_test.c
@@ -6,12 +6,12 @@ void test_encode_decode_base64(int count_steps, dap_enc_data_type_t standard)
    size_t source_size = 0;

    for (int i = 1; i <= count_steps; i++) {
-        int step = 1 + (rand() % 20 );
+        int step = 1 + random_uint32_t( 20 );
        source_size += (size_t)step;
        uint8_t source[source_size];
        char encode_result[DAP_ENC_BASE64_ENCODE_SIZE(source_size)];
        uint8_t decode_result[source_size];
-        generate_random_byte_array(source, source_size);
+        randombytes(source, source_size);

        size_t encrypted_size = dap_enc_base64_encode(source, source_size, encode_result, standard);
        size_t out_size = dap_enc_base64_decode(encode_result, encrypted_size, decode_result, standard);

--- a/test/crypto/dap_enc_base64_test.h
+++ b/test/crypto/dap_enc_base64_test.h
@@ -3,7 +3,7 @@
 #include "dap_enc_key.h"
 #include "dap_test.h"
 #include "stdint.h"
-#include "dap_test_generator.h"
+#include "rand/dap_rand.h"

 extern void dap_enc_base64_tests_run(void);

--- a/test/crypto/dap_enc_defeo_test.h
+++ b/test/crypto/dap_enc_defeo_test.h
@@ -2,6 +2,6 @@
 #include "dap_enc_defeo.h"
 #include "dap_enc_key.h"
 #include "dap_test.h"
-#include "dap_test_generator.h"
+#include "rand/dap_rand.h"

 void dap_enc_defeo_tests_run(void);
--- a/test/crypto/dap_enc_dilithium_test.c
+++ b/test/crypto/dap_enc_dilithium_test.c
-#include "dap_test_generator.h"
+#include "rand/dap_rand.h"
 #include "dap_enc_dilithium_test.h"
+#include "dap_enc_dilithium.h"
 #include "../sig_dilithium/dilithium_params.h"

 static void test_signing_verifying(void)
@@ -8,18 +9,18 @@ static void test_signing_verifying(void)
    size_t seed_size = sizeof(uint8_t);
    uint8_t seed[seed_size];

-    generate_random_byte_array(seed, seed_size);
+    randombytes(seed, seed_size);

    dap_enc_key_t* key = dap_enc_key_new_generate(DAP_ENC_KEY_TYPE_SIG_DILITHIUM, NULL, 0, seed, seed_size, 0);

-    size_t max_signature_size = dap_enc_dilithium_calc_signature_size();
+    size_t max_signature_size = dap_enc_dilithium_calc_signature_unserialized_size();
    uint8_t* sig = calloc(max_signature_size, 1);

-    int step = 1 + (rand() % 20);
+    int step = 1 + random_uint32_t( 20);
    source_size += (size_t) step;

    uint8_t source[source_size];
-    generate_random_byte_array(source, source_size);
+    randombytes(source, source_size);

    size_t siglen = key->enc_na(key, source, source_size, sig, max_signature_size);
    dap_assert_PIF(siglen > 0, "Signing message");
No results found