mirror of
https://github.com/emmansun/gmsm.git
synced 2025-10-13 23:00:47 +08:00
d57142dda1
* build(deps): bump github/codeql-action from 3.29.11 to 3.30.0 (#361) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.11 to 3.30.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](3c3833e0f8...2d92b76c45) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump codecov/codecov-action from 5.5.0 to 5.5.1 (#362) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.0 to 5.5.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](fdcc847654...5a1091511a) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.5.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#363) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.5.0 to 6.0.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](d35c59abb0...4469467582) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github/codeql-action from 3.30.0 to 3.30.1 (#364) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.0 to 3.30.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](2d92b76c45...f1f6e5f6af) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 (#367) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.13.0 to 2.13.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](ec9f2d5744...f4a75cfd61) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github/codeql-action from 3.30.1 to 3.30.2 (#368) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.1 to 3.30.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](f1f6e5f6af...d3678e237b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(mlkem): initialize mlkem from golang standard library * chore(mlkem): refactoring, reduce alloc times * build(deps): bump github/codeql-action from 3.30.2 to 3.30.3 (#369) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.2 to 3.30.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](d3678e237b...192325c861) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * doc(README): include MLKEM * mldsa: refactor the implementation of key and sign/verify * mldsa,slhdsa: crypto.Signer assertion * fix(slhdsa): GenerateKey slice issue #72 * fix(slhdsa): copy/paste issue * slhdsa: supplements package level document * internal/zuc: eea supports encoding.BinaryMarshaler & encoding.BinaryUnmarshaler interfaces * mlkem: use clear built-in * build(deps): bump github/codeql-action from 3.30.3 to 3.30.4 (#376) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.3 to 3.30.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](192325c861...303c0aef88) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * cipher: initial support gxm & mur modes * cipher: update comments * build(deps): bump github/codeql-action from 3.30.4 to 3.30.5 (#377) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.4 to 3.30.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](303c0aef88...3599b3baa1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * 增加了DRBG销毁内部状态的方法 (#378) * 增加了DRBG销毁内部状态的方法 * 统一前缀 * 修改随机数长度 * 分组和注释 * 错误函数描述 * zuc: expose methods to support encoding.BinaryMarshaler and encoding.BinaryUnmarshaler * drbg: align comments style * internal/zuc: support fast forward * internal/zuc: supplement comments --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sun Yimin <emmansun@users.noreply.github.com> Co-authored-by: Guanyu Quan <quanguanyu@qq.com>
163 lines
4.5 KiB
Go
163 lines
4.5 KiB
Go
package drbg
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"errors"
|
|
"hash"
|
|
"time"
|
|
)
|
|
|
|
// HmacDrbg hmac DRBG structure, its instance is NOT goroutine safe!!!
|
|
// The instance should be used in one goroutine only.
|
|
// Thera are NO hmac DRBR definition in GM/T 0105-2021 yet.
|
|
type HmacDrbg struct {
|
|
BaseDrbg
|
|
newHash func() hash.Hash
|
|
key []byte
|
|
hashSize int
|
|
}
|
|
|
|
// NewHmacDrbg create one hmac DRBG instance
|
|
func NewHmacDrbg(newHash func() hash.Hash, securityLevel SecurityLevel, gm bool, entropy, nonce, personalization []byte) (*HmacDrbg, error) {
|
|
hd := &HmacDrbg{}
|
|
|
|
hd.gm = gm
|
|
hd.newHash = newHash
|
|
hd.setSecurityLevel(securityLevel)
|
|
|
|
md := newHash()
|
|
hd.hashSize = md.Size()
|
|
|
|
// here for the min length, we just check <=0 now
|
|
if len(entropy) == 0 || len(entropy) >= maxBytes {
|
|
return nil, errors.New("drbg: invalid entropy length")
|
|
}
|
|
|
|
// here for the min length, we just check <=0 now
|
|
if len(nonce) == 0 || len(nonce) >= maxBytes>>1 {
|
|
return nil, errors.New("drbg: invalid nonce length")
|
|
}
|
|
|
|
if len(personalization) >= maxBytes {
|
|
return nil, errors.New("drbg: personalization is too long")
|
|
}
|
|
|
|
// HMAC_DRBG_Instantiate_process
|
|
hd.key = make([]byte, hd.hashSize)
|
|
hd.v = make([]byte, hd.hashSize)
|
|
for i := range hd.hashSize {
|
|
hd.key[i] = 0x00
|
|
hd.v[i] = 0x01
|
|
}
|
|
hd.update(entropy, nonce, personalization)
|
|
hd.reseedCounter = 1
|
|
hd.reseedTime = time.Now()
|
|
|
|
return hd, nil
|
|
}
|
|
|
|
// NewNISTHmacDrbg return hmac DRBG implementation which follows NIST standard
|
|
func NewNISTHmacDrbg(newHash func() hash.Hash, securityLevel SecurityLevel, entropy, nonce, personalization []byte) (*HmacDrbg, error) {
|
|
return NewHmacDrbg(newHash, securityLevel, false, entropy, nonce, personalization)
|
|
}
|
|
|
|
// Generate generates pseudo random bytes usging HMAC_DRBG_Generate_process
|
|
func (hd *HmacDrbg) Generate(output, additional []byte) error {
|
|
// Step 1. If reseed_counter > reseed_interval, then return [ErrReseedRequired] that a reseed is required
|
|
if hd.NeedReseed() {
|
|
return ErrReseedRequired
|
|
}
|
|
// Step 2. If additional_input is provided, then do update
|
|
if len(additional) > 0 {
|
|
hd.update(additional)
|
|
}
|
|
requestedBytes := len(output)
|
|
md := hmac.New(hd.newHash, hd.key)
|
|
for ; requestedBytes > 0; requestedBytes -= hd.hashSize {
|
|
// 4.1. V = HMAC (Key, V)
|
|
md.Reset()
|
|
md.Write(hd.v)
|
|
hd.v = md.Sum(hd.v[:0])
|
|
// 4.2. copy V to output
|
|
copy(output, hd.v)
|
|
if requestedBytes > hd.hashSize {
|
|
output = output[hd.hashSize:]
|
|
}
|
|
}
|
|
// Step 6. (Key, V) = HMAC_DRBG_Update (additional_input, Key, V)
|
|
hd.update(additional)
|
|
// Step 7. reseed_counter = reseed_counter + 1
|
|
hd.reseedCounter++
|
|
return nil
|
|
}
|
|
|
|
// Reseed hash DRBG reseed process. GM/T 0105-2021 has a little different with NIST.
|
|
// reference to NIST.SP.800-90Ar1.pdf section 10.1.2.4
|
|
func (hd *HmacDrbg) Reseed(entropy, additional []byte) error {
|
|
// here for the min length, we just check <=0 now
|
|
if len(entropy) == 0 || (hd.gm && len(entropy) < hd.hashSize) || len(entropy) >= maxBytes {
|
|
return errors.New("drbg: invalid entropy length")
|
|
}
|
|
|
|
if len(additional) >= maxBytes {
|
|
return errors.New("drbg: additional input too long")
|
|
}
|
|
hd.update(entropy, additional)
|
|
hd.reseedCounter = 1
|
|
hd.reseedTime = time.Now()
|
|
return nil
|
|
}
|
|
|
|
func (hd *HmacDrbg) MaxBytesPerRequest() int {
|
|
return maxBytesPerGenerate
|
|
}
|
|
|
|
// The HMAC_DRBG_Update function updates the internal state of
|
|
// HMAC_DRBG using the provided_data. Note that for this DRBG mechanism, the
|
|
// HMAC_DRBG_Update function also serves as a derivation function for the
|
|
// instantiate and reseed functions.
|
|
func (hd *HmacDrbg) update(byteSlices ...[]byte) error {
|
|
// step 1. K = HMAC(K, V || 0x00 || provided_data)
|
|
md := hmac.New(hd.newHash, hd.key)
|
|
md.Write(hd.v)
|
|
md.Write([]byte{0x00})
|
|
length := 0
|
|
for _, bytes := range byteSlices {
|
|
length += len(bytes)
|
|
if len(bytes) > 0 {
|
|
md.Write(bytes)
|
|
}
|
|
}
|
|
hd.key = md.Sum(hd.key[:0])
|
|
// step 2. V = HMAC(K, V)
|
|
md = hmac.New(hd.newHash, hd.key)
|
|
md.Write(hd.v)
|
|
hd.v = md.Sum(hd.v[:0])
|
|
// step 3. If provided_data = null, then return
|
|
if length == 0 {
|
|
return nil
|
|
}
|
|
// step 4. K = HMAC(K, V || 0x01 || provided_data)
|
|
md.Reset()
|
|
md.Write(hd.v)
|
|
md.Write([]byte{0x01})
|
|
for _, bytes := range byteSlices {
|
|
if len(bytes) > 0 {
|
|
md.Write(bytes)
|
|
}
|
|
}
|
|
hd.key = md.Sum(hd.key[:0])
|
|
// step 5. V = HMAC(K, V)
|
|
md = hmac.New(hd.newHash, hd.key)
|
|
md.Write(hd.v)
|
|
hd.v = md.Sum(hd.v[:0])
|
|
return nil
|
|
}
|
|
|
|
// Destroy destroys the internal state of DRBG instance
|
|
// working_state = {V, Key, reseed_counter, last_reseed_time,reseed_interval_in_counter, reseed_interval_in_time}
|
|
func (hd *HmacDrbg) Destroy() {
|
|
hd.BaseDrbg.Destroy()
|
|
setZero(hd.key)
|
|
}
|