3 * $Id: dsarand.h,v 1.1 2000/05/21 11:28:30 mdw Exp $
5 * Random number generator for DSA
7 * (c) 1999 Straylight/Edgeware
8 * (c) 2000 Mark Wooding
11 /*----- Licensing notice --------------------------------------------------*
13 * Copyright (c) 2000 Mark Wooding
14 * All rights reserved.
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions are
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
23 * 2, Redistributions in binary form must reproduce the above copyright
24 * notice, this list of conditions and the following disclaimer in the
25 * documentation and/or other materials provided with the distribution.
27 * 3. The name of the authors may not be used to endorse or promote
28 * products derived from this software without specific prior written
31 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
32 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
33 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
34 * NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
40 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
41 * POSSIBILITY OF SUCH DAMAGE.
43 * Instead of accepting the above terms, you may redistribute and/or modify
44 * this software under the terms of either the GNU General Public License,
45 * or the GNU Library General Public License, published by the Free
46 * Software Foundation; either version 2 of the License, or (at your
47 * option) any later version.
50 /*----- Revision history --------------------------------------------------*
53 * Revision 1.1 2000/05/21 11:28:30 mdw
56 * --- Past lives (Catacomb) --- *
58 * Revision 1.1 1999/12/22 15:53:12 mdw
59 * Random number generator for finding DSA parameters.
70 /*----- Header files ------------------------------------------------------*/
80 /*----- Data structures ---------------------------------------------------*/
82 typedef struct dsarand {
83 octet *p; /* Pointer to seed (modified) */
84 size_t sz; /* Size of the seed buffer */
85 unsigned passes; /* Number of passes to make */
88 /*----- Functions provided ------------------------------------------------*/
90 /* --- @dsarand_init@ --- *
92 * Arguments: @dsarand *d@ = pointer to context
93 * @const void *p@ = pointer to seed buffer
94 * @size_t sz@ = size of the buffer
98 * Use: Initializes a DSA random number generator.
101 extern void dsarand_init(dsarand */*d*/, const void */*p*/, size_t /*sz*/);
103 /* --- @dsarand_reseed@ --- *
105 * Arguments: @dsarand *d@ = pointer to context
106 * @const void *p@ = pointer to seed buffer
107 * @size_t sz@ = size of the buffer
111 * Use: Initializes a DSA random number generator.
114 extern void dsarand_reseed(dsarand */*d*/, const void */*p*/, size_t /*sz*/);
116 /* --- @dsarand_destroy@ --- *
118 * Arguments: @dsarand *d@ = pointer to context
122 * Use: Disposes of a DSA random number generation context.
125 extern void dsarand_destroy(dsarand */*d*/);
127 /* --- @dsarand_fill@ --- *
129 * Arguments: @dsarand *d@ = pointer to context
130 * @void *p@ = pointer to output buffer
131 * @size_t sz@ = size of output buffer
135 * Use: Fills an output buffer with pseudorandom data.
137 * Let %$p$% be the numerical value of the input buffer, and let
138 * %$b$% be the number of bytes required. Let
139 * %$z = \lceil b / 20 \rceil$% be the number of SHA outputs
140 * required. Then the output of pass %$n$% is
142 * %$P_n = \sum_{0 \le i < z} 2^{160i} SHA(p + nz + i)$%
143 * %${} \bmod 2^{8b}$%
145 * and the actual result in the output buffer is the XOR of all
146 * of the output passes.
148 * The DSA procedure for choosing @q@ involves two passes with
149 * %$z = 1$%; the procedure for choosing @p@ involves one pass
150 * with larger %$z$%. This generalization of the DSA generation
151 * procedure is my own invention but it seems relatively sound.
154 extern void dsarand_fill(dsarand */*d*/, void */*p*/, size_t /*sz*/);
156 /*----- That's all, folks -------------------------------------------------*/