Implemented bitspender based on the MGF1 mask generator function
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 1 Nov 2014 09:16:54 +0000 (10:16 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 29 Nov 2014 13:51:15 +0000 (14:51 +0100)
src/libstrongswan/Makefile.am
src/libstrongswan/crypto/mgf1/mgf1.h
src/libstrongswan/crypto/mgf1/mgf1_bitspender.c [new file with mode: 0644]
src/libstrongswan/crypto/mgf1/mgf1_bitspender.h [new file with mode: 0644]

index 233bfcf..ba1e46f 100644 (file)
@@ -11,7 +11,8 @@ crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \
 crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \
 crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
 crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
-crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c crypto/mgf1/mgf1.c \
+crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
+crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
 credentials/credential_factory.c credentials/builder.c \
 credentials/cred_encoding.c credentials/keys/private_key.c \
 credentials/keys/public_key.c credentials/keys/shared_key.c \
@@ -66,7 +67,8 @@ crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \
 crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
 crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
 crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
-crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/mgf1/mgf1.h \
+crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \
+crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
 credentials/credential_factory.h credentials/builder.h \
 credentials/cred_encoding.h credentials/keys/private_key.h \
 credentials/keys/public_key.h credentials/keys/shared_key.h \
index 5b43d72..9ebf60a 100644 (file)
@@ -68,7 +68,7 @@ struct mgf1_t {
  *
  * @param alg                  hash algorithm to be used by MGF1
  * @param seed                 seed used by MGF1 to generate mask from
- * @param hash_seed            hash seed before using it as a seed from MGF1
+ * @param hash_seed            hash seed before using it as a seed for MGF1
  */
 mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
                                                          bool hash_seed);
diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
new file mode 100644 (file)
index 0000000..1b3533f
--- /dev/null
@@ -0,0 +1,158 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "mgf1_bitspender.h"
+
+#include <crypto/mgf1/mgf1.h>
+
+typedef struct private_mgf1_bitspender_t private_mgf1_bitspender_t;
+
+/**
+ * Private data structure for mgf1_bitspender_t object
+ */
+struct private_mgf1_bitspender_t {
+       /**
+        * Public interface.
+        */
+       mgf1_bitspender_t public;
+
+       /**
+        * MGF1 bit mask generator
+        */
+       mgf1_t *mgf1;
+
+       /**
+        * Octet storage (accommodates up to 64 octets)
+        */
+       uint8_t octets[HASH_SIZE_SHA512];
+
+       /**
+        * Length of the returned hash value in octets
+        */
+       int hash_len;
+
+       /**
+        * Number of generated octets
+        */
+       int octets_count;
+
+       /**
+        * Number of available octets
+        */
+       int octets_left;
+
+       /**
+        * Bit storage (accomodates up to 32 bits)
+        */
+       uint32_t bits;
+
+       /**
+        * Number of available bits
+        */
+       int bits_left;
+};
+
+METHOD(mgf1_bitspender_t, get_bits, uint32_t,
+       private_mgf1_bitspender_t *this, int bits_needed)
+{
+       uint32_t bits = 0x00000000;
+       int bits_now;
+       
+       if (bits_needed > 31)
+       {
+               /* too many bits requested */
+               return MGF1_BITSPENDER_ERROR;
+       }
+
+       while (bits_needed)
+       {
+               if (this->bits_left == 0)
+               {
+                       if (this->octets_left == 0)
+                       {
+                               /* get another block from MGF1 */
+                               if (!this->mgf1->get_mask(this->mgf1, this->hash_len,
+                                                                                                         this->octets))
+                               {
+                                       /* no block available */
+                                       return MGF1_BITSPENDER_ERROR;
+                               }
+                               this->octets_left = this->hash_len;
+                               this->octets_count += this->hash_len;
+                       }
+                       this->bits = untoh32(this->octets + this->hash_len -
+                                                                                               this->octets_left);
+                       this->bits_left = 32;
+                       this->octets_left -= 4;
+               }
+               if (bits_needed > this->bits_left)
+               {
+                       bits_now = this->bits_left;
+                       this->bits_left = 0;
+                       bits_needed -= bits_now;
+                       bits <<= bits_now;
+                       bits |= this->bits;
+               }
+               else
+               {
+                       bits_now = bits_needed;
+                       this->bits_left -= bits_needed;
+                       bits_needed = 0;
+                       bits <<= bits_now;
+                       bits |= this->bits >> this->bits_left;
+                       this->bits &= 0xffffffff >> (32 - this->bits_left);
+               }
+       }
+       return bits;
+}
+
+
+METHOD(mgf1_bitspender_t, destroy, void,
+       private_mgf1_bitspender_t *this)
+{
+       DBG2(DBG_LIB, "mgf1 generated %u octets", this->octets_count);
+       memwipe(this->octets, sizeof(this->octets));
+       this->mgf1->destroy(this->mgf1);
+       free(this);
+}
+
+/**
+ * See header.
+ */
+mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
+                                                                                 bool hash_seed)
+{
+       private_mgf1_bitspender_t *this;
+       mgf1_t *mgf1;
+
+       mgf1 = mgf1_create(alg, seed, hash_seed);
+       if (!mgf1)
+       {
+           return NULL;
+       }
+       DBG2(DBG_LIB, "mgf1 based on %N is seeded with %u octets",
+                                  hash_algorithm_short_names, alg, seed.len);
+
+       INIT(this,
+               .public = {
+                       .get_bits = _get_bits,
+                       .destroy = _destroy,
+               },
+               .mgf1 = mgf1,
+               .hash_len = mgf1->get_hash_size(mgf1),
+       );
+
+       return &this->public;
+}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h
new file mode 100644 (file)
index 0000000..a748695
--- /dev/null
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1_bitspender mgf1_bitspender
+ * @{ @ingroup bliss_p
+ */
+
+#ifndef MGF1_BITSPENDER_H_
+#define MGF1_BITSPENDER_H_
+
+#include <library.h>
+#include <crypto/hashers/hasher.h>
+
+typedef struct mgf1_bitspender_t mgf1_bitspender_t;
+
+#define MGF1_BITSPENDER_ERROR  0xffffffff
+
+/**
+ * Generates a given number of pseudo-random bits at a time using MFG1
+ */
+struct mgf1_bitspender_t {
+
+       /**
+        * Get pseudo-random bits
+        *
+        * @param bits_needed   Number of needed bits (1..31)
+        * @result                              Return between 1 and 31 pseudo-random bits
+        */
+       uint32_t (*get_bits)(mgf1_bitspender_t *this, int bits_needed);
+
+       /**
+        * Destroy mgf1_bitspender_t object
+        */
+       void (*destroy)(mgf1_bitspender_t *this);
+};
+
+/**
+ * Create a mgf1_bitspender_t object
+ * 
+ * @param alg                          Hash algorithm to be used with MGF1
+ * @param seed                         Seed used to initialize MGF1
+ * @param hash_seed                    Hash seed before using it as a seed for MFG1
+ */
+mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
+                                                                                 bool hash_seed);
+
+#endif /** MGF1_BITSPENDER_H_ @}*/