1 files changed, 64 insertions, 0 deletions

diff --git a/libraries/spongycastle/core/src/main/java/org/spongycastle/pqc/crypto/ntru/NTRUSignerPrng.java b/libraries/spongycastle/core/src/main/java/org/spongycastle/pqc/crypto/ntru/NTRUSignerPrng.java
new file mode 100644
index 000000000..c9278dd57
--- /dev/null
+++ b/libraries/spongycastle/core/src/main/java/org/spongycastle/pqc/crypto/ntru/NTRUSignerPrng.java
@@ -0,0 +1,64 @@
+package org.spongycastle.pqc.crypto.ntru;
+
+import java.nio.ByteBuffer;
+
+import org.spongycastle.crypto.Digest;
+
+/**
+ * An implementation of the deterministic pseudo-random generator in EESS section 3.7.3.1
+ */
+public class NTRUSignerPrng
+{
+    private int counter;
+    private byte[] seed;
+    private Digest hashAlg;
+
+    /**
+     * Constructs a new PRNG and seeds it with a byte array.
+     *
+     * @param seed    a seed
+     * @param hashAlg the hash algorithm to use
+     */
+    NTRUSignerPrng(byte[] seed, Digest hashAlg)
+    {
+        counter = 0;
+        this.seed = seed;
+        this.hashAlg = hashAlg;
+    }
+
+    /**
+     * Returns <code>n</code> random bytes
+     *
+     * @param n number of bytes to return
+     * @return the next <code>n</code> random bytes
+     */
+    byte[] nextBytes(int n)
+    {
+        ByteBuffer buf = ByteBuffer.allocate(n);
+
+        while (buf.hasRemaining())
+        {
+            ByteBuffer cbuf = ByteBuffer.allocate(seed.length + 4);
+            cbuf.put(seed);
+            cbuf.putInt(counter);
+            byte[] array = cbuf.array();
+            byte[] hash = new byte[hashAlg.getDigestSize()];
+
+            hashAlg.update(array, 0, array.length);
+
+            hashAlg.doFinal(hash, 0);
+
+            if (buf.remaining() < hash.length)
+            {
+                buf.put(hash, 0, buf.remaining());
+            }
+            else
+            {
+                buf.put(hash);
+            }
+            counter++;
+        }
+
+        return buf.array();
+    }
+}
\ No newline at end of file