Improve analysis section.

[storin] / dsarand.h

/* -*-c-*-
 *
 * $Id: dsarand.h,v 1.1 2000/05/21 11:28:30 mdw Exp $
 *
 * Random number generator for DSA
 *
 * (c) 1999 Straylight/Edgeware
 * (c) 2000 Mark Wooding
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * Copyright (c) 2000 Mark Wooding
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * 
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 
 * 2, Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 
 * 3. The name of the authors may not be used to endorse or promote
 *    products derived from this software without specific prior written
 *    permission.
 * 
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
 * NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 * 
 * Instead of accepting the above terms, you may redistribute and/or modify
 * this software under the terms of either the GNU General Public License,
 * or the GNU Library General Public License, published by the Free
 * Software Foundation; either version 2 of the License, or (at your
 * option) any later version.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: dsarand.h,v $
 * Revision 1.1  2000/05/21 11:28:30  mdw
 * Initial check-in.
 *
 * --- Past lives (Catacomb) --- *
 *
 * Revision 1.1  1999/12/22 15:53:12  mdw
 * Random number generator for finding DSA parameters.
 *
 */

#ifndef DSARAND_H
#define DSARAND_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Header files ------------------------------------------------------*/

#ifndef BITS_H
#  include "bits.h"
#endif

#ifndef SHA_H
#  include "sha.h"
#endif

/*----- Data structures ---------------------------------------------------*/

typedef struct dsarand {
  octet *p;                             /* Pointer to seed (modified) */
  size_t sz;                            /* Size of the seed buffer */
  unsigned passes;                      /* Number of passes to make */
} dsarand;

/*----- Functions provided ------------------------------------------------*/

/* --- @dsarand_init@ --- *
 *
 * Arguments:   @dsarand *d@ = pointer to context
 *              @const void *p@ = pointer to seed buffer
 *              @size_t sz@ = size of the buffer
 *
 * Returns:     ---
 *
 * Use:         Initializes a DSA random number generator.
 */

extern void dsarand_init(dsarand */*d*/, const void */*p*/, size_t /*sz*/);

/* --- @dsarand_reseed@ --- *
 *
 * Arguments:   @dsarand *d@ = pointer to context
 *              @const void *p@ = pointer to seed buffer
 *              @size_t sz@ = size of the buffer
 *
 * Returns:     ---
 *
 * Use:         Initializes a DSA random number generator.
 */

extern void dsarand_reseed(dsarand */*d*/, const void */*p*/, size_t /*sz*/);

/* --- @dsarand_destroy@ --- *
 *
 * Arguments:   @dsarand *d@ = pointer to context
 *
 * Returns:     ---
 *
 * Use:         Disposes of a DSA random number generation context.
 */

extern void dsarand_destroy(dsarand */*d*/);

/* --- @dsarand_fill@ --- *
 *
 * Arguments:   @dsarand *d@ = pointer to context
 *              @void *p@ = pointer to output buffer
 *              @size_t sz@ = size of output buffer
 *
 * Returns:     ---
 *
 * Use:         Fills an output buffer with pseudorandom data.
 *
 *              Let %$p$% be the numerical value of the input buffer, and let
 *              %$b$% be the number of bytes required.  Let
 *              %$z = \lceil b / 20 \rceil$% be the number of SHA outputs
 *              required.  Then the output of pass %$n$% is
 *
 *                %$P_n = \sum_{0 \le i < z} 2^{160i} SHA(p + nz + i)$%
 *                                                      %${} \bmod 2^{8b}$%
 *
 *              and the actual result in the output buffer is the XOR of all
 *              of the output passes.
 *
 *              The DSA procedure for choosing @q@ involves two passes with
 *              %$z = 1$%; the procedure for choosing @p@ involves one pass
 *              with larger %$z$%.  This generalization of the DSA generation
 *              procedure is my own invention but it seems relatively sound.
 */

extern void dsarand_fill(dsarand */*d*/, void */*p*/, size_t /*sz*/);

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif