diff options
| author | Markku-Juhani Olavi Saarinen <mjos@iki.fi> | 2015-06-17 12:00:32 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2015-07-27 19:51:50 +0200 |
| commit | 68d8a1683041d8aab5c480201d7ec15bc9da2b03 (patch) | |
| tree | 51614d29b408258362e52ed49513e0ced79133a2 /src/libcharon/plugins/sql | |
| parent | faebdeac8eafad7b5c2109d5a9ce0af41dbf315c (diff) | |
| download | strongswan-68d8a1683041d8aab5c480201d7ec15bc9da2b03.tar.bz2 strongswan-68d8a1683041d8aab5c480201d7ec15bc9da2b03.tar.xz | |
Fixed several bugs in the BLISS signature generation/verification step.
The c_indices derived from the SHA-512 random oracle consist of
nine bits (0..511). The leftmost 8 bits of each index are taken
on an octet-by-octet basis from the 56 leftmost octets of the
SHA-512 hash. The 9th bit needed for the LSB is taken from the
extra_bits 64 bit unsigned integer which consists of the 8 rightmost
octets of the SHA-512 hash (in network order). If more than 56
indices must be derived then additional rounds of the random oracle
are executed until all kappa c_indices have been determined.
The bug fix shifts the extra_bits value by one bit in each loop
iteration so that the LSB of each index is random. Also iterate
through the hash array using the loop variable j not the c_indices
variable i.
Diffstat (limited to 'src/libcharon/plugins/sql')
0 files changed, 0 insertions, 0 deletions