remove randombytes.c and add notrandombytes.c

Signed-off-by: Matthias J. Kannwischer <[email protected]>
pq-code-package · Oct 28, 2024 · 17aa104 · 17aa104
1 parent 3f579b2
commit 17aa104
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 93 deletions.
diff --git a/mk/crypto.mk b/mk/crypto.mk
@@ -12,7 +12,7 @@ ifeq ($(RNG),NISTRNG)
 else
 	LIBDEPS += $(LIB_DIR)/librng.a
 	LDLIBS += -lrng
-	CPPFLAGS += -Irandombytes
+	CPPFLAGS += -Itest/notrandombytes
 endif
 
 FIPS202_SRCS = $(wildcard fips202/*.c)
@@ -21,7 +21,7 @@ ifeq ($(OPT),1)
 	CPPFLAGS += -DMLKEM_USE_NATIVE
 endif
 
-$(LIB_DIR)/librng.a: $(call OBJS,$(wildcard randombytes/*.c))
+$(LIB_DIR)/librng.a: $(call OBJS,$(wildcard test/notrandombytes/*.c))
 
 $(LIB_DIR)/libnistrng.a: CFLAGS += -Wno-unused-result -O3 -fomit-frame-pointer
 $(LIB_DIR)/libnistrng.a: $(call OBJS,$(wildcard test/nistrng/*.c))

diff --git a/randombytes/randombytes.c b/randombytes/randombytes.c
diff --git a/test/notrandombytes/notrandombytes.c b/test/notrandombytes/notrandombytes.c
@@ -0,0 +1,79 @@
+// SPDX-License-Identifier: LicenseRef-PD-hp OR CC0-1.0 OR 0BSD OR MIT-0 OR MIT
+// Based on https://cr.yp.to/papers.html#surf by Daniel. J. Bernstein
+
+/**
+ * WARNING
+ *
+ * This file generates a PREDICTABLE and NOT AT ALL RANDOM sequence of bytes.
+ *
+ * Its purpose is to support our testing suite and it MUST NOT be used in any
+ * scenario where you are expecting actual cryptography to happen.
+ */
+
+#include <stdint.h>
+#include "randombytes.h"
+
+static uint32_t seed[32] = {3, 1, 4, 1, 5, 9, 2, 6, 5, 3, 5, 8, 9, 7, 9, 3,
+                            2, 3, 8, 4, 6, 2, 6, 4, 3, 3, 8, 3, 2, 7, 9, 5};
+static uint32_t in[12];
+static uint32_t out[8];
+static int32_t outleft = 0;
+
+#define ROTATE(x, b) (((x) << (b)) | ((x) >> (32 - (b))))
+#define MUSH(i, b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x, b));
+
+static void surf(void) {
+  uint32_t t[12];
+  uint32_t x;
+  uint32_t sum = 0;
+  int32_t r;
+  int32_t i;
+  int32_t loop;
+
+  for (i = 0; i < 12; ++i) {
+    t[i] = in[i] ^ seed[12 + i];
+  }
+  for (i = 0; i < 8; ++i) {
+    out[i] = seed[24 + i];
+  }
+  x = t[11];
+  for (loop = 0; loop < 2; ++loop) {
+    for (r = 0; r < 16; ++r) {
+      sum += 0x9e3779b9;
+      MUSH(0, 5)
+      MUSH(1, 7)
+      MUSH(2, 9)
+      MUSH(3, 13)
+      MUSH(4, 5)
+      MUSH(5, 7)
+      MUSH(6, 9)
+      MUSH(7, 13)
+      MUSH(8, 5)
+      MUSH(9, 7)
+      MUSH(10, 9)
+      MUSH(11, 13)
+    }
+    for (i = 0; i < 8; ++i) {
+      out[i] ^= t[i + 4];
+    }
+  }
+}
+
+void randombytes(uint8_t *buf, size_t n) {
+  while (n > 0) {
+    if (!outleft) {
+      if (!++in[0]) {
+        if (!++in[1]) {
+          if (!++in[2]) {
+            ++in[3];
+          }
+        }
+      }
+      surf();
+      outleft = 8;
+    }
+    *buf = (uint8_t)out[--outleft];
+    ++buf;
+    --n;
+  }
+}
diff --git a/randombytes/randombytes.h → test/notrandombytes/randombytes.h b/randombytes/randombytes.h → test/notrandombytes/randombytes.h