tree checksum vpatch file split hunks
all signers: diana_coman
antecedents: eucrypt_ch4_rpng eucrypt_ch12_wrapper_rsa_oaep_c_ada eucrypt_check_nread
press order:
patch:
(32 . 3)(32 . 6)
5 RSA implementation using TMSR specification.
6 Implemented in C.
7
8 6. smg_rng
9 This provides methods for obtaining random uint32_t, uint64_t, "dirty" float (between 0 and 1), IEEE 754/1985 float (between 1 and 2) using random bits from FG.
10 At the moment, this code is within smg_rsa (truerandom.c in particular) although it is likely to be extracted in the future as a standalone library/component pending release of vtools that are aware of code *moves* as opposed to del/add only.
- 8CE351DC40192AE3425D230BE59B8B487B9A206D2AE0747F87B09E00CCDF14898876877C68A6EA9E2C382B90220401B1EC4925F59906E77895C4A499827751F1(8 . 6)(8 . 12)- 01945E4CAD02CCC3811194A69CB62904B862F6A07E6EF4C7801E4D702A9C076AB3CE0056349E7121D64212B73511400C5D28580C400FFAD7E71014F753E4295A
15 #include "mpi.h"
16 #include "knobs.h"
17
18 /* A way to determine endianness at runtime.
19 * Required for diddling a float's mantissa for instance.
20 */
21 static const int onect = 1;
22 #define is_bigendian() ( (*(char*)&onect) == 0 )
23
24 /*
25 * These are constants as per TMSR RSA specification, NOT knobs!
26 * TMSR key length is 4096 bits (512 octets); this means 2 primes of 2048 bits (256 octets) each.
(82 . 6)(88 . 73)
28 */
29 int get_random_octets_from(int noctets, unsigned char *out, int from);
30
31 /* Returns (in parameter *n) a *potentially biased* random float between 0 and 1
32 * Uses bits from ENTROPY_SOURCE but it rounds when converting to float
33 * NB: This function rounds impredictably.
34 Use it ONLY if LSB normalization is insignificant to you!
35 * This function uses rng_uint64 below.
36 *
37 * @param n - a float value (LSB rounded) between 0 and 1, obtained using
38 * a 64-bit random integer (64 bits from ENTROPY_SOURCE)
39 * @return - a positive value on success and a negative value in case of error
40 * main possible cause for error: failure to open ENTROPY_SOURCE.
41 * NB: a non-responsive/malconfigured source can result in blocking
42 */
43 int rng_dirty_float(float *n);
44
45
46 /* Returns (in parameter *n) a randomly generated float between 1 and 2 using:
47 * - the IEEE 754/1985 format for single float representation
48 * - ENTROPY_SOURCE to obtain bits that are *directly* used as mantissa
49 * NB: this value is between 1 and 2 due to the normalised format that includes
50 * an implicit 1 ( i.e. value is (-1)^sign * 2^(e-127) * (1.mantissa) )
51 *
52 * From IEEE 754/1985, a description of the single float format:
53 * msb means most significant bit
54 * lsb means least significant bit
55 * 1 8 23 ... widths
56 * +-+-------+-----------------------+
57 * |s| e | f |
58 * +-+-------+-----------------------+
59 * msb lsb msb lsb ... order
60
61 * A 32-bit single format number X is divided as shown in the figure above. The
62 * value v of X is inferred from its constituent fields thus:
63 * 1. If e = 255 and f != 0 , then v is NaN regardless of s
64 * 2. If e = 255 and f = 0 , then v = (-1)^s INFINITY
65 * 3. If 0 < e < 255 , then v = (-1)^s * 2^(e-127) * ( 1.f )
66 * 4. If e = 0 and f != 0 , then v = (-1)^s * 2^(-126) * ( 0.f ) (denormalized
67 * numbers)
68 * 5. If e = 0 and f = 0 , then v = ( -1 )^s * 0 (zero)
69 *
70 * @param n - the address of an IEEE 754/1985 float: its mantissa will be set to
71 * random bits obtained from ENTROPY_SOURCE; its sign will be set
72 * to 0; its exponent will be set to 127 (the bias value so
73 * that the actual exponent is 0).
74 * @return - a positive value on success and a negative value in case of error
75 * main possible cause for error: failure to open ENTROPY_SOURCE.
76 * NB: a non-responsive/malconfigured source can result in blocking
77 */
78 int rng_float_754_1985(float *n);
79
80 /* Returns (in parameter *n) a random unsigned integer value on 32 bits.
81 * Uses random bits from ENTROPY_SOURCE that are directly interpreted as int
82 *
83 * @param n - it will contain the random integer obtained by interpreting 32
84 * bits from ENTROPY_SOURCE as an unsigned int value on 32 bits.
85 * @return - a positive value on success and a negative value in case of error
86 */
87 int rng_uint32( uint32_t *n );
88
89 /* Returns (in parameter *n) a random unsigned integer value on 64 bits.
90 * Uses random bits from ENTROPY_SOURCE that are directly interpreted as int
91 *
92 * @param n - it will contain the random integer obtained by interpreting 64
93 * bits from ENTROPY_SOURCE as an unsigned int value on 64 bits.
94 * @return - a positive value on success and a negative value in case of error
95 */
96 int rng_uint64( uint64_t *n );
97
98 /*********primegen.c*********/
99
100 /*
(601 . 6)(601 . 51)- C2C0CAF7B1DF0AA3811A718F544A8E2B5AA1909F97876E4F4070D6B01DC55F444A71837E746D58DC9211FCC4E4033E01582EE4B14C9DCA898BB9B838CC022347
105 xfree(getbuffer);
106 }
107
108 void test_dirty_float_rng( int nruns ) {
109 int i, status;
110 float dirty;
111
112 printf("Running test for smg rng dirty float with %d runs\n", nruns);
113 for (i=0; i<nruns; i++) {
114 status = rng_dirty_float( &dirty );
115 printf("Run %d: %f status %s\n", i+1, dirty, status>0 ? "OK" : "FAIL");
116 }
117 }
118
119 void test_ieee_float_rng( int nruns ) {
120 int i, status;
121 float ieee;
122
123 printf("Running test for smg rng ieee 745/1985 float with %d runs\n", nruns);
124 for (i=0; i<nruns; i++) {
125 status = rng_float_754_1985( &ieee );
126 printf("Run %d: %f status %s\n", i+1, ieee, status>0 ? "OK" : "FAIL");
127 }
128 }
129
130 void test_uint32_rng( int nruns ) {
131 int i, status;
132 uint32_t n;
133
134 printf("Running test for smg rng unsigned int32 with %d runs\n", nruns);
135 for (i=0; i<nruns; i++) {
136 status = rng_uint32( &n );
137 printf("Run %d: %"PRIu32" status %s\n", i+1, n, status>0 ? "OK" : "FAIL");
138 }
139 }
140
141 void test_uint64_rng( int nruns ) {
142 int i, status;
143 uint64_t n;
144
145 printf("Running test for smg rng unsigned int64 with %d runs\n", nruns);
146 for (i=0; i<nruns; i++) {
147 status = rng_uint64( &n );
148 printf("Run %d: %"PRIu64" status %s\n", i+1, n, status>0 ? "OK" : "FAIL");
149 }
150 }
151
152
153 int main(int ac, char **av)
154 {
155 int nruns;
(680 . 6)(725 . 18)
157 case 10:
158 test_mpi_buffer();
159 break;
160 case 11:
161 test_dirty_float_rng(nruns);
162 break;
163 case 12:
164 test_ieee_float_rng(nruns);
165 break;
166 case 13:
167 test_uint32_rng(nruns);
168 break;
169 case 14:
170 test_uint64_rng(nruns);
171 break;
172 default:
173 printf("Current test ids:\n");
174 printf("0 for timing entropy source\n");
(694 . 6)(751 . 10)
176 printf("8 for timing rsa key pair generator\n");
177 printf("9 for oaep encrypt/decrypt\n");
178 printf("10 for testing mpi_set/get_buffer\n");
179 printf("11 for testing smg_rng dirty float\n");
180 printf("12 for testing smg_rng ieee 745/1985 float\n");
181 printf("13 for testing smg_rng uint32 \n");
182 printf("14 for testing smg_rng uint64 \n");
183 }
184
185 return 0;
(89 . 3)(89 . 88)
190 return nread;
191 }
192
193 int rng_dirty_float(float *n) {
194 int status; /* for aborting in case of error */
195 uint32_t r; /* a random value on 32 bits */
196 uint32_t maxval = 0xffffffff; /* maximum value on 32 bits */
197
198 /* obtain a random number on 32 bits using ENTROPY_SOURCE */
199 status = rng_uint32( &r );
200 if ( status < 0 )
201 return status;
202
203 /* calculate and assign the floating-point random value as (r*1.0)/max val */
204 /* multiplication by 1.0 IS NEEDED to do float division rather than int div*/
205 *n = ( r * 1.0 ) / maxval;
206
207 return 1;
208 }
209
210 int rng_float_754_1985(float *n) {
211 /* Single float ieee 754/1985 has 23 bits that can be set for the mantissa
212 * (and one implicit bit=1).
213 * Full single float ieee 754/1985 representation takes 4 octets in total.
214 */
215 int noctets = 4; /* number of octets to read from ENTROPY_SOURCE */
216 int nread; /* number of octets *read* from ENTROPY_SOURCE */
217 unsigned char bits[ noctets ]; /* the random bits from ENTROPY_SOURCE */
218 int oSignExp, oExpM;/* offsets for sign+exponent octet, exponent+mantissa*/
219
220 /* obtain random bits */
221 nread = get_random_octets( noctets, bits );
222
223 if (nread != noctets )
224 return -1; /* something wrong at reading from ENTROPY_SOURCE, abort */
225
226 /* set offsets for bit diddling depending on endianness of iron */
227 if (is_bigendian()) {
228 oSignExp = 0;
229 oExpM = 1;
230 }
231 else {
232 oSignExp = 3;
233 oExpM = 2;
234 }
235
236 /* set sign=0; exponent=127; explicit mantissa = random bits (23 bits) */
237 *(bits+oExpM) = *(bits+2) | 0x80; /* one bit of exponent set */
238 *(bits+oSignExp) = 0x3f; /* sign=0; exponent bits for 127 */
239
240 /* now copy the bits to the result var (i.e. as a float's representation */
241 memcpy( n, bits, noctets );
242 return 1;
243 }
244
245 int rng_uint32( uint32_t *n ) {
246 int noctets = 4; /* 32 bits aka 4 octets to read from ENTROPY_SOURCE */
247 int nread; /* the number of octets read from ENTROPY_SOURCE */
248 unsigned char bits[ noctets ]; /* for storing the bits from ENTROPY_SOURCE */
249
250 /* read random 32 bits from ENTROPY_SOURCE */
251 nread = get_random_octets( noctets, bits );
252 if ( nread != noctets )
253 return -1;
254
255 /* copy the random bits to n, to be interpreted as uint32 */
256 /* endianness is irrelevant here - the bits are random anyway */
257 memcpy( n, bits, noctets );
258
259 return 1;
260 }
261
262 int rng_uint64( uint64_t *n ) {
263 int noctets = 8; /* 64 bits aka 8 octets to read from ENTROPY_SOURCE */
264 int nread; /* the number of octets read from ENTROPY_SOURCE */
265 unsigned char bits[ noctets ]; /* for storing the bits from ENTROPY_SOURCE */
266
267 /* read random 64 bits from ENTROPY_SOURCE */
268 nread = get_random_octets( noctets, bits );
269 if ( nread != noctets )
270 return -1;
271
272 /* copy the random bits to n, to be interpreted as uint64 */
273 /* endianness is irrelevant here - the bits are random anyway */
274 memcpy( n, bits, noctets );
275
276 return 1;
277 }