void mpz_true_random (mpz_t s, unsigned long int nbits) { #if __FreeBSD__ FILE *fs; char c[1]; int i; mpz_set_ui (s, 0); for (i = 0; i < nbits; i += 8) { for (;;) { int nread; fs = fopen ("/dev/random", "r"); nread = fread (c, 1, 1, fs); fclose (fs); if (nread != 0) break; sleep (1); } mpz_mul_2exp (s, s, 8); mpz_add_ui (s, s, ((unsigned long int) c[0]) & 0xff); printf ("%d random bits\n", i + 8); } if (nbits % 8 != 0) mpz_mod_2exp (s, s, nbits); #endif }
/*************************************************************** * This function casts an mpz_t to an unsigned long long. We * need this function in order to return the mpz_t value due to * the difficulty of passing the value of the mpz_t function. ***************************************************************/ unsigned long long mpz_get_ull(mpz_t n) { unsigned int lo, hi; mpz_t tmp; mpz_init( tmp ); mpz_mod_2exp( tmp, n, 64 ); /* tmp = (lower 64 bits of n) */ lo = mpz_get_ui( tmp ); /* lo = tmp & 0xffffffff */ mpz_div_2exp( tmp, tmp, 32 ); /* tmp >>= 32 */ hi = mpz_get_ui( tmp ); /* hi = tmp & 0xffffffff */ mpz_clear( tmp ); return (((unsigned long long)hi) << 32) + lo; }
uint64 mpz2uint64(mpz_t n) { unsigned int lo, hi; mpz_t tmp; mpz_init( tmp ); mpz_mod_2exp( tmp, n, 64 ); lo = mpz_get_ui( tmp ); mpz_div_2exp( tmp, tmp, 32 ); hi = mpz_get_ui( tmp ); mpz_clear( tmp ); return (((uint64)hi) << 32) + lo; }
void rsa_random_integer(MP_INT *ret, RandomState *state, unsigned int bits) { unsigned int bytes = (bits + 7) / 8; char *str = xmalloc(bytes * 2 + 1); unsigned int i; /* We first create a random hex number of the desired size, and then convert it to a mp-int. */ for (i = 0; i < bytes; i++) sprintf(str + 2 * i, "%02x", random_get_byte(state)); /* Convert it to the internal representation. */ if (mpz_set_str(ret, str, 16) < 0) fatal("Intenal error, mpz_set_str returned error"); /* Clear extra data. */ memset(str, 0, 2 * bytes); xfree(str); /* Reduce it to the desired number of bits. */ mpz_mod_2exp(ret, ret, bits); }
int main (int argc, char *argv[]) { const char usage[] = "usage: findlc [-dv] m2exp [low_merit [high_merit]]\n"; int f; int v_lose, m_lose, v_best, m_best; int c; int debug = 1; int cnt_high_merit; mpz_t m; unsigned long int m2exp; #define DIMS 6 /* dimensions run in spectral test */ mpf_t v[DIMS-1]; /* spectral test result (there's no v for 1st dimension */ mpf_t f_merit, low_merit, high_merit; mpz_t acc, minus8; mpz_t min, max; mpz_t s; mpz_init (m); mpz_init (a); for (f = 0; f < DIMS-1; f++) mpf_init (v[f]); mpf_init (f_merit); mpf_init_set_d (low_merit, .1); mpf_init_set_d (high_merit, .1); while ((c = getopt (argc, argv, "a:di:hv")) != -1) switch (c) { case 'd': /* debug */ g_debug++; break; case 'v': /* print version */ puts (rcsid[1]); exit (0); case 'h': case '?': default: fputs (usage, stderr); exit (1); } argc -= optind; argv += optind; if (argc < 1) { fputs (usage, stderr); exit (1); } /* Install signal handler. */ if (SIG_ERR == signal (SIGSEGV, sh_status)) { perror ("signal (SIGSEGV)"); exit (1); } if (SIG_ERR == signal (SIGHUP, sh_status)) { perror ("signal (SIGHUP)"); exit (1); } printf ("findlc: version: %s\n", rcsid[1]); m2exp = atol (argv[0]); mpz_init_set_ui (m, 1); mpz_mul_2exp (m, m, m2exp); printf ("m = 0x"); mpz_out_str (stdout, 16, m); puts (""); if (argc > 1) /* have low_merit */ mpf_set_str (low_merit, argv[1], 0); if (argc > 2) /* have high_merit */ mpf_set_str (high_merit, argv[2], 0); if (debug) { fprintf (stderr, "low_merit = "); mpf_out_str (stderr, 10, 2, low_merit); fprintf (stderr, "; high_merit = "); mpf_out_str (stderr, 10, 2, high_merit); fputs ("\n", stderr); } mpz_init (minus8); mpz_set_si (minus8, -8L); mpz_init_set_ui (acc, 0); mpz_init (s); mpz_init_set_d (min, 0.01 * pow (2.0, (double) m2exp)); mpz_init_set_d (max, 0.99 * pow (2.0, (double) m2exp)); mpz_true_random (s, m2exp); /* Start. */ mpz_setbit (s, 0); /* Make it odd. */ v_best = m_best = 2*(DIMS-1); for (;;) { mpz_add (acc, acc, s); mpz_mod_2exp (acc, acc, m2exp); #if later mpz_and_si (a, acc, -8L); #else mpz_and (a, acc, minus8); #endif mpz_add_ui (a, a, 5); if (mpz_cmp (a, min) <= 0 || mpz_cmp (a, max) >= 0) continue; spectral_test (v, DIMS, a, m); for (f = 0, v_lose = m_lose = 0, cnt_high_merit = DIMS-1; f < DIMS-1; f++) { merit (f_merit, f + 2, v[f], m); if (mpf_cmp_ui (v[f], 1 << (30 / (f + 2) + (f == 2))) < 0) v_lose++; if (mpf_cmp (f_merit, low_merit) < 0) m_lose++; if (mpf_cmp (f_merit, high_merit) >= 0) cnt_high_merit--; } if (0 == v_lose && 0 == m_lose) { mpz_out_str (stdout, 10, a); puts (""); fflush (stdout); if (0 == cnt_high_merit) break; /* leave loop */ } if (v_lose < v_best) { v_best = v_lose; printf ("best (v_lose=%d; m_lose=%d): ", v_lose, m_lose); mpz_out_str (stdout, 10, a); puts (""); fflush (stdout); } if (m_lose < m_best) { m_best = m_lose; printf ("best (v_lose=%d; m_lose=%d): ", v_lose, m_lose); mpz_out_str (stdout, 10, a); puts (""); fflush (stdout); } } mpz_clear (m); mpz_clear (a); for (f = 0; f < DIMS-1; f++) mpf_clear (v[f]); mpf_clear (f_merit); mpf_clear (low_merit); mpf_clear (high_merit); printf ("done.\n"); return 0; }
void ECDSA_verify_sign_file(char * path, ptr_curve_t E, ptr_point_t G, ptr_point_t Q, mpz_t r, mpz_t s) { mpz_t n; mpz_init(n); mpz_ui_pow_ui(n,2,M); if(mpz_cmp(s,n)<0 && mpz_cmp_ui(s,0)>0) { printf("\t s is in ]0,n-1]\n"); } else { printf("\t s isn't ]0,n-1]\n"); printf("\t signature is false\n"); return; } if(mpz_cmp(r,n)<0 && mpz_cmp_ui(r,0)>0) { printf("\t r is in ]0,n-1]\n"); } else { printf("\t r isn't ]0,n-1]\n"); printf("\t signature is false\n"); return; } //sha-256 de m mpz_t z; char buffer[65]; char buffer_M[40]; //z = Hex_to_int(sha-256(M)) sha256_file(path,buffer); strncpy(buffer_M,buffer,40); mpz_init_set_str(z,buffer_M,16); /*if(DEBUG)*/gmp_printf("\t\tn = %Zd\n",n); /*if(DEBUG)*/gmp_printf("\t\tz = %Zd\n",z); /*if(DEBUG)*/gmp_printf("\t\tr = %Zd\n",r); /*if(DEBUG)*/gmp_printf("\t\ts = %Zd\n",s); //w = s^-1 mod n mpz_t w; mpz_init(w); mpz_invert(w,s,n); //u1 = zw mod n & u2 = rw mod n mpz_t u1, u2, r0; mpz_init(u1); mpz_init(u2); mpz_init(r0); mpz_mul(r0,z,w); mpz_mod_2exp(u1,r0,M); mpz_mul(r0,r,w); mpz_mod_2exp(u2,r0,M); //(x1,y1) = u1 G + u2 Q point_t R; point_init(&R); point_t GQ; point_init(&GQ); addition_point_CE(E,G,Q,&GQ); bases_t g_bases, q_bases; bases_init(g_bases); bases_init(q_bases); int_to_bases(u1,g_bases); int_to_bases(u2,q_bases); /*if(DEBUG)*/gmp_printf("\t\tw = %Zd\n",w); /*if(DEBUG)*/gmp_printf("\t\tu1 = %Zd\n",u1); /*if(DEBUG)*/gmp_printf("\t\tu2 = %Zd\n",u2); multiple_addition_point_CE(E,g_bases,G,q_bases,Q,&GQ,&R); //res = R_x1 mod n (if r = res true else false sign) mpz_t res, x1; mpz_init(res); mpz_init(x1); bases_to_int(R._x,x1); mpz_mod(res,x1,n); if(mpz_cmp(res,r) == 0) { printf("\t signature is true\n"); } else { printf("\t signature is false\n"); } }//ECDSA_verify_sign_file()
void ECDSA_sign_file (char * path, ptr_curve_t E, ptr_point_t G, ptr_point_t Q, bases_t d_bases, mpz_t r, mpz_t s) { printf("\n\tStrat EC-DSA algo\n"); mpz_t k_inv, r0, r1, r2, n, d, k, z, x1; mpz_init(k_inv); mpz_init(r0); mpz_init(r1); mpz_init(r2); mpz_init(s); mpz_init(k); mpz_init(z); mpz_init(x1); mpz_init(r); bases_t k_bases; bases_init(k_bases); point_t X; point_init(&X); //sha-256 de m char buffer[65]; char buffer_M[40]; mpz_init(n); mpz_ui_pow_ui(n,2,M); mpz_init(d); bases_to_int(d_bases,d); mpz_t seed; mpz_init_set_str(seed,"85e25bfe5c86226cdb12016f7553f9d0e693a268",16); gmp_randstate_t rand_stat; gmp_randinit_default(rand_stat); gmp_randseed(rand_stat,seed); //gmp_randseed_ui(rand_stat,time(NULL)); //k*G=(x1,y1) (un scalaire fois un point) int step_3 = 0; while(!step_3) { mpz_urandomb(k,rand_stat,M); if(DEBUG)gmp_printf("%Zd\n",k); int_to_bases(k,k_bases); multiple_point_CE(E,G,k_bases,&X); if(DEBUG)point_print(&X,"X"); //r=x1 mod n (x1 est transformé en integer) bases_to_int(X._x,x1); if(DEBUG)gmp_printf("%Zd\n",x1); mpz_mod_2exp(r,x1,M); if(mpz_cmp_ui(r,0)<=0) { printf("\tRestart EC-DSA algo because r = 0\n"); continue; } if(DEBUG)gmp_printf("r = x1 mod n, r = %Zd\n", r); //z = Hex_to_int(sha-256(M)) sha256_file(path,buffer); strncpy(buffer_M,buffer,40); mpz_init_set_str(z,buffer_M,16); //s= k^-1(z+r*d) mod n (multiplication d'integers) mpz_invert(k_inv,k,n); mpz_mul(r0,r,d); mpz_add(r1,z,r0); mpz_mul(r2,k_inv,r1); mpz_mod_2exp(s,r2,M); //if s = 0 go to step_3 if(mpz_cmp_ui(s,0)>0) { step_3 = 1; } else { printf("\tRestart EC-DSA algo because s = 0\n"); } } printf("\t\thash : sha-256(M) = %s\n", buffer); gmp_printf("\t\tz = %Zd\n",z); gmp_printf("\t\tr = %Zd\n",r); gmp_printf("\t\ts = %Zd\n",s); printf("\tEnd EC-DSA algo\n"); }//ECDSA_sign_file()