static int generate(struct ccdrbg_state *drbg, size_t dataOutLength, void *dataOut,
size_t additionalLength, const void *additional)
{
struct ccdrbg_nisthmac_state *state = (struct ccdrbg_nisthmac_state *)drbg;
const struct ccdrbg_nisthmac_custom *custom = state->custom;
const struct ccdigest_info *di = custom->di;
int rc = validate_gen_params(state->reseed_counter, dataOutLength, additional==NULL?0:additionalLength);
if(rc!=CCDRBG_STATUS_OK) return rc;
// 2. If additional_input ≠ Null, then (Key, V) = HMAC_DRBG_Update (additional_input, Key, V).
if (additional && additionalLength)
hmac_dbrg_update(drbg, additionalLength, additional, 0, NULL, 0, NULL);
// hmac_dbrg_generate_algorithm
char *outPtr = (char *) dataOut;
while (dataOutLength > 0) {
if (!state->bytesLeft) {
// 5. V=HMAC(K,V).
cchmac(di, state->keysize, state->key, state->vsize, state->nextvptr, state->vptr); // Won't be returned
// FIPS 140-2 4.9.2 Conditional Tests
// "Each subsequent generation of an n-bit block shall be compared with the previously generated block. The test shall fail if any two compared n-bit blocks are equal."
if (0==cc_cmp_safe(state->vsize, state->vptr, state->nextvptr)) {
//The world as we know it has come to an end
//the DRBG data structure is zeroized. subsequent calls to
//DRBG ends up in NULL dereferencing and/or unpredictable state.
//catastrophic error in SP 800-90A
done(drbg);
rc=CCDRBG_STATUS_ABORT;
cc_abort(NULL);
goto errOut;
}
CC_SWAP(state->nextvptr, state->vptr);
state->bytesLeft = state->vsize;
#if DRBG_NISTHMAC_DEBUG
cc_print("generate blk: ", state->vsize, state->vptr);
#endif
}
size_t outLength = dataOutLength > state->bytesLeft ? state->bytesLeft : dataOutLength;
CC_MEMCPY(outPtr, state->vptr, outLength);
state->bytesLeft -= outLength;
outPtr += outLength;
dataOutLength -= outLength;
}
// 6. (Key, V) = HMAC_DRBG_Update (additional_input, Key, V).
hmac_dbrg_update(drbg, additionalLength, additional, 0, NULL, 0, NULL);
// 7. reseed_counter = reseed_counter + 1.
state->reseed_counter++;
#if DRBG_NISTHMAC_DEBUG
dumpState("generate end: ", state);
cc_print("generate end nxt: ", state->vsize, state->nextvptr);
#endif
rc=CCDRBG_STATUS_OK;
errOut:
return rc;
}
void ccz_gcd(ccz *r, const ccz *s, const ccz *t)
{
if (ccz_n(s) < ccz_n(t))
CC_SWAP(s,t);
ccz_set_sign(r, 1);
ccz_set_capacity(r, ccz_n(s));
ccn_gcdn(ccz_n(s), r->u, ccz_n(s), s->u, ccz_n(t), t->u);
/* r will never be larger than t, so ccz_n(t) is ok here. */
ccz_set_n(r, ccn_n(ccz_n(t), r->u));
}
static void randcycle (int ncount, int *cyc, CCrandstate *rstate)
{
int i, k, temp;
for (i = 0; i < ncount; i++)
cyc[i] = i;
for (i = ncount; i > 1; i--) {
k = CCutil_lprand (rstate) % i;
CC_SWAP (cyc[i - 1], cyc[k], temp);
}
}
/* TODO: Potentially write and use ccn_lcm(n, r2n, s, t). */
void ccn_lcm(cc_size n, cc_unit *r2n, const cc_unit *s, const cc_unit *t) {
cc_unit tmp[n*2];
if (ccn_cmp(n, s, t) < 0)
CC_SWAP(s,t);
/* Now s >= t. */
ccn_zero(n*2, r2n);
ccn_gcd(n, r2n, s, t);
cc_unit t2[n*2];
ccn_setn(n*2, t2, n, t);
ccn_divmod(n, tmp, NULL, t2, r2n);
ccn_mul(n, r2n, s, tmp);
}
static int sparse_edgelen (int i, int j, CCdatagroup *dat)
{
int *adj;
int k, deg;
if (i > j) {
CC_SWAP (i, j, k);
}
adj = dat->adj[i];
deg = dat->degree[i];
for (k = 0; k < deg; k++) {
if (adj[k] == j) {
return dat->len[i][k];
}
}
return dat->default_len;
}
static void ccz_swap(ccz *a, ccz *b) {
CC_SWAP(a->n, b->n);
CC_SWAP(a->isa, b->isa);
CC_SWAP(a->sac, b->sac);
CC_SWAP(a->u, b->u);
}
