//~ Note: 'op1' will be updated so that it will contain the result.
//~ Important : Here, we don't calculate (update) 'op1->T'.
//~ ProjPoint <-- ExtProjPoint + ExtAffPoint, (op1->T is not computed)
//~ Also, we use the fact that curve_a = -1
void add_extProj_extAff_to_Proj(ExtProjPoint *op1, mpz_t op2_x, mpz_t op2_y, mpz_t op2_t){
mpz_add (B, op2_y, op2_x);
mpz_sub (A, op1->Y, op1->X);
mpz_mul (A, A, B);
mpz_mod (A, A, p); // A <-- (Y1 - X1) * (Y2 + X2)
mpz_sub (B, op2_y, op2_x);
mpz_add (op1->Y, op1->Y, op1->X);
mpz_mul (B, B, op1->Y);
mpz_mod (B, B, p); // B <-- (Y1 + X1) * (Y2 - X2)
mpz_mul (op1->Y, op1->Z, op2_t);
mpz_mul_ui (op1->Y, op1->Y, 2);
mpz_mod (op1->Y, op1->Y, p); // C <-- 2 * Z1 * T2
mpz_mul_ui (op1->T, op1->T, 2); // D <-- 2 * T1
mpz_add (op1->X, op1->T, op1->Y); // E <-- D + C
mpz_sub (op1->Z, B, A); // F <-- B - A
mpz_add (A, B, A); // G <-- B + A
mpz_sub (op1->Y, op1->T, op1->Y); // H <-- D - C
mpz_mul (op1->X , op1->X, op1->Z);
mpz_mod (op1->X , op1->X, p); // X <-- E * F
mpz_mul (op1->Y , op1->Y, A);
mpz_mod (op1->Y , op1->Y, p); // Y <-- G * H
mpz_mul (op1->Z , op1->Z, A);
mpz_mod (op1->Z , op1->Z, p); // Z <-- F * G
}
bool RSA::decrypt(char* msg, int32_t size)
{
boost::recursive_mutex::scoped_lock lockClass(rsaLock);
mpz_t c,v1,v2,u2,tmp;
mpz_init2(c, 1024);
mpz_init2(v1, 1024);
mpz_init2(v2, 1024);
mpz_init2(u2, 1024);
mpz_init2(tmp, 1024);
mpz_import(c, 128, 1, 1, 0, 0, msg);
mpz_mod(tmp, c, m_p);
mpz_powm(v1, tmp, m_dp, m_p);
mpz_mod(tmp, c, m_q);
mpz_powm(v2, tmp, m_dq, m_q);
mpz_sub(u2, v2, v1);
mpz_mul(tmp, u2, m_u);
mpz_mod(u2, tmp, m_q);
if(mpz_cmp_si(u2, 0) < 0) {
mpz_add(tmp, u2, m_q);
mpz_set(u2, tmp);
}
mpz_mul(tmp, u2, m_p);
mpz_set_ui(c, 0);
mpz_add(c, v1, tmp);
size_t count = (mpz_sizeinbase(c, 2) + 7)/8;
memset(msg, 0, 128 - count);
mpz_export(&msg[128 - count], NULL, 1, 1, 0, 0, c);
mpz_clear(c);
mpz_clear(v1);
mpz_clear(v2);
mpz_clear(u2);
mpz_clear(tmp);
return true;
}
//~ eq : (a*X^2 + Y^2)*Z^2 = Z^4 + d*(X^2)*(Y^2)
int is_on_curve_extProj(ExtProjPoint *op){
int rep;
mpz_t leq, req, lx, ly, lz;
mpz_inits (leq, req, lx, ly, lz, NULL);
mpz_mul (lx, op->X, op->X);
mpz_mod (lx, lx, p);
mpz_mul (ly, op->Y, op->Y);
mpz_mod (ly, ly, p);
mpz_mul (lz, op->Z, op->Z);
mpz_mod (lz, lz, p);
mpz_mul (leq, lx, curve_a);
mpz_add (leq, leq, ly);
mpz_mul (leq, leq, lz);
mpz_mod (leq, leq, p); // leq <-- (a*X^2 + Y^2)*Z^2
mpz_mul (lz, lz, lz);
mpz_mod (lz, lz, p); // lz <-- Z^4
mpz_mul (req, lx, ly);
mpz_mul (req, req, curve_d);
mpz_add (req, req, lz);
mpz_mod (req, req, p); // req <-- Z^4 + d*(X^2)*(Y^2)
rep = mpz_cmp (leq, req);
mpz_clears (leq, req, lx, ly, lz, NULL);
return (rep==0);
}
/* void RSA_encrypt_chunk(mpz_t, string, RSA_PUBLIC)
* encrypts one part of message using one's public key, part fits the
* requirements for itself, so that |part| <= k - 11
*/
void RSA_encrypt_chunk(mpz_t &cipher, string &message, RSA_PUBLIC &pub) {
// encrypting chunk has below format:
// EB = 00 || 02 || PS || 00 || D
// where k = |n| (it's in bytes)
// D = message, |D|<=k-11
long long k = mpz_sizeinbase(pub.n, 2) / 8;
// PS = random octets, |PS|=k-|D|-3
long long ps_len = k - 3 - message.length();
string EB("0002"); // EB = 00 || 02
EB.reserve(k*2);
string PS_tab; PS_tab.reserve(2*ps_len);
for (int i=0; i<ps_len; i++) {
PS_tab.append( decbyte2hex( random(255)+1 ) );
}
EB.append(PS_tab); // EB = 00 || 02 || PS
EB.append("00"); // EB = 00 || 02 || PS || 00
for (unsigned int i=0; i<message.length(); i++) {
EB.append( decbyte2hex((unsigned int)message[i]) );
} // EB = 00 || 02 || PS || 00 || D
// now we have EB generated
// algorithm for faster computing y = x^e (mod n)
// e = e(k-1)e(k-2)...e(1)e(0)
// e has the value of 11, 10001 or 10000000000000001 (3, 17, 65537)
string e_str = mpz_get_str(NULL, 2, pub.e);
int k_e = e_str.length();
mpz_t y, x;
mpz_inits(y, x, NULL);
mpz_set_str(x, EB.c_str(), 16); // x == EB
mpz_set(y, x); // y == x
for (long long i=1; i<k_e; i++) {
mpz_powm_ui(y, y, 2, pub.n);
if (e_str[i]=='1') {
mpz_mul(y, y, x);
mpz_mod(y, y, pub.n);
}
}
mpz_set(cipher, y); // cipher is now encrypted EB
mpz_clears(y, x, NULL); // tidying
}
void RSA::decrypt(char* msg, int32_t size)
{
OTSYS_THREAD_LOCK_CLASS lockClass(rsaLock);
mpz_t c,v1,v2,u2,tmp;
mpz_init2(c, 1024);
mpz_init2(v1, 1024);
mpz_init2(v2, 1024);
mpz_init2(u2, 1024);
mpz_init2(tmp, 1024);
mpz_import(c, 128, 1, 1, 0, 0, msg);
mpz_mod(tmp, c, m_p);
mpz_powm(v1, tmp, m_dp, m_p);
mpz_mod(tmp, c, m_q);
mpz_powm(v2, tmp, m_dq, m_q);
mpz_sub(u2, v2, v1);
mpz_mul(tmp, u2, m_u);
mpz_mod(u2, tmp, m_q);
if(mpz_cmp_si(u2, 0) < 0)
{
mpz_add(tmp, u2, m_q);
mpz_set(u2, tmp);
}
mpz_mul(tmp, u2, m_p);
mpz_set_ui(c, 0);
mpz_add(c, v1, tmp);
size_t count = (mpz_sizeinbase(c, 2) + 7)/8;
memset(msg, 0, 128 - count);
mpz_export(&msg[128 - count], NULL, 1, 1, 0, 0, c);
mpz_clear(c);
mpz_clear(v1);
mpz_clear(v2);
mpz_clear(u2);
mpz_clear(tmp);
}
void BnetSRP3::getServerSecret( mpz_ptr result, mpz_t& A, mpz_t& v )
{
mpz_t B_, u;
getServerSessionPublicKey(B_, v);
getScrambler(u, B_);
mpz_init(result);
mpz_powm(result, v, u, N);
mpz_mul(result, result, A);
mpz_mod(result, result, N);
mpz_powm(result, result, b, N);
mpz_clear(B_);
mpz_clear(u);
}
void gmp_brickexp::pow(fe* result, num* e) {
mpz_t* res = ((gmp_fe*) result)->get_val();
mpz_t* exp = ((gmp_num*) e)->get_val();
uint32_t u;
mpz_set_ui(*res, 1);
for (u = 0; u < m_numberOfElements; u++) {
if (mpz_tstbit(*exp, u)) {
mpz_mul(*res, *res, m_table[u]);
mpz_mod(*res, *res, *field->get_p());
}
}
}
static mask_t mpz_to_field (
field_a_t out,
const mpz_t in
) {
uint8_t ser[FIELD_BYTES];
mpz_t modded;
memset(ser,0,sizeof(ser));
mpz_init(modded);
mpz_mod(modded, in, mp_field);
mpz_export(ser, NULL, -1, 1, -1, 0, modded);
mask_t succ = field_deserialize(out, ser);
return succ;
}
void BnetSRP3::getServerSessionPublicKey( mpz_ptr result, mpz_t& v )
{
if (!B_inited)
{
mpz_init(B);
mpz_powm(B, g, b, N);
mpz_add(B, B, v);
mpz_mod(B, B, N);
B_inited = true;
}
mpz_init_set(result, B);
}
void djcs_encrypt(djcs_public_key *pk, hcs_random *hr, mpz_t rop, mpz_t plain1)
{
mpz_t t1;
mpz_init(t1);
mpz_random_in_mult_group(t1, hr->rstate, pk->n[0]);
mpz_powm(rop, pk->g, plain1, pk->n[pk->s]);
mpz_powm(t1, t1, pk->n[pk->s-1], pk->n[pk->s]);
mpz_mul(rop, rop, t1);
mpz_mod(rop, rop, pk->n[pk->s]);
mpz_clear(t1);
}
void decryption(){
mpz_powm(tmpI, c/*base*/, lambda/*exp*/, nn/*mod*/); // tmp = base^exp modulo mod
mpz_sub_ui(tmpI,tmpI,1);
mpz_tdiv_q(tmpI, tmpI, n);
mpz_powm(tmpII, g/*base*/, lambda/*exp*/, nn/*mod*/); // tmp = base^exp modulo mod
mpz_sub_ui(tmpII,tmpII,1);
mpz_tdiv_q(tmpII, tmpII, n);
mpz_invert (tmpII,tmpII,n);
mpz_mul(tmpI,tmpII,tmpI);
mpz_mod(tmpI, tmpI, n);
gmp_printf ("\nDecryption = %Zd\n", tmpI);
}
int mpz_premier(mpz_t _a)
{
mpz_t _root_temp;
mpz_init(_root_temp);
mpz_root(_root_temp,_a,2);
mpz_add_ui(_root_temp,_root_temp,1);
mpz_t _i; mpz_init(_i);
mpz_t _k; mpz_init(_k);
mpz_set_ui(_i,2);
while (mpz_cmp(_i,_root_temp)< 0)
{ mpz_mod(_k,_a,_i); mpz_add_ui(_i,_i,1); if (mpz_cmp_ui(_k,0)==0) {return 0;} }
return 1;
}
/*
* \brief Encrypts/decrypts a message using the RSA algorithm.
*
* \param result a field to populate with the result of your RSA calculation.
* \param message the message to perform RSA on. (probably a cert in this case)
* \param e the encryption key from the key_file passed in through the
* command-line arguments
* \param n the modulus for RSA from the modulus_file passed in through
* the command-line arguments
*
* Fill in this function with your proj0 solution or see staff solutions.
*/
static void
perform_rsa(mpz_t result, mpz_t message, mpz_t e, mpz_t n)
{
mpz_t odd;
mpz_init(odd);
mpz_add_ui(result, result, 1);
while (mpz_cmp_ui(e, 0)){
mpz_mod_ui(odd, e, 2);
if (mpz_cmp_ui(odd, 0)) {
mpz_mul(result, result, message);
mpz_mod(result, result, n);
mpz_sub_ui(e, e, 1);
} else {
mpz_mul(message, message, message);
mpz_mod(message, message, n);
mpz_div_ui(e, e, 2);
}
}
mpz_clear(odd);
}
const char *shecdsa_pub(const char *hex_str)
{
#ifdef HAVE_LIBGMP
static char pub_key[256];
ecdsa_parameters curve;
mpz_t temp;
mpz_t key;
char *comp_hex;
memset(pub_key, 0, sizeof(pub_key));
/* setup parameters */
curve = ecdsa_parameters_init();
ecdsa_parameters_load_curve(curve, secp160r1);
/* initialize public key */
ecdsa_point Q = ecdsa_point_init();
mpz_init(key);
#if 0
priv_key_hex = shkey_hex(priv_key);
str_hash = shsha1_hash(priv_key_hex, strlen(priv_key_hex));
mpz_set_str(key, str_hash, 16);
#endif
mpz_set_str(key, hex_str, 16);
#if 0
/* key modulo n */
mpz_init(temp);
mpz_mod(temp, key, curve->n);
mpz_set(key, temp);
mpz_clear(temp);
#endif
/* generate public key */
memset(pub_key, 0, sizeof(pub_key));
ecdsa_signature_generate_key(Q, key, curve);
comp_hex = ecdsa_point_compress(Q, 21);
if (!comp_hex) return (NULL);
strncpy(pub_key, comp_hex, sizeof(pub_key)-1);
free(comp_hex);
ecdsa_parameters_clear(curve);
ecdsa_point_clear(Q);
mpz_clear(key);
return (pub_key);
#else
return (NULL);
#endif
}
int shecdsa_verify(shkey_t *pub_key, char *str_r, char *str_s, unsigned char *data, size_t data_len)
{
#ifdef HAVE_LIBGMP
ecdsa_parameters curve;
ecdsa_signature sig;
ecdsa_point Q;
mpz_t temp;
mpz_t m;
uint8_t *hash;
int ok;
/* setup parameters */
curve = ecdsa_parameters_init();
ecdsa_parameters_load_curve(curve, secp160r1);
/* decompress public key */
Q = ecdsa_point_init();
ecdsa_point_decompress(Q, (char *)shkey_hex(pub_key), curve);
/* process message into sha1 hash */
mpz_init(m);
hash = shsha1_hash(data, data_len);
mpz_set_str(m, hash, 16);
/* msg modulo n - note standard is bit-length not mod */
mpz_init(temp);
mpz_mod(temp, m, curve->n);
mpz_set(m, temp);
mpz_clear(temp);
sig = ecdsa_signature_init();
ecdsa_signature_set_str(sig, str_r, str_s, 16);
/* verify signature */
ok = ecdsa_signature_verify(m, sig, Q, curve);
ecdsa_parameters_clear(curve);
ecdsa_signature_clear(sig);
ecdsa_point_clear(Q);
mpz_clear(m);
if (!ok)
return (SHERR_ACCESS);
return (0);
#else
return (SHERR_OPNOTSUPP);
#endif
}
static void generate_primes(private_key *ku)
{
mpz_t tmp;
mpz_init(tmp);
srand(time(NULL));
/* Select p and q */
/* Start with p */
generate_random_p(ku->p);
/* Make sure this is a good choice*/
/* If p mod e == 1, gcd(phi, e) != 1 */
mpz_mod(tmp, ku->p, ku->e);
while(!mpz_cmp_ui(tmp, 1))
{
/* Nope. Choose the next prime */
mpz_nextprime(ku->p, ku->p);
mpz_mod(tmp, ku->p, ku->e);
}
/* Now select q, where q!=p */
do {
generate_random_p(ku->q);
/* Make sure this is a good choice*/
/* If p mod e == 1, gcd(phi, e) != 1 */
mpz_mod(tmp, ku->q, ku->e);
while(!mpz_cmp_ui(tmp, 1))
{
/* Nope. Choose the next prime */
mpz_nextprime(ku->q, ku->q);
mpz_mod(tmp, ku->q, ku->e);
}
} while(mpz_cmp(ku->p, ku->q) == 0); /* If we have identical primes (unlikely), try again */
mpz_clear(tmp);
}
/**
* Compute exponential of x to e mod n
*/
void cpt_exp_mod(mpz_t res, mpz_srcptr x, mpz_srcptr e, mpz_srcptr, n)
{
if(mpz_cmp_si(e,0) < 0)
{
mpz_t me;
mpz_init(me);
mpz_neg(me,e);
cpt_exp_mod(res,x,me,n);
cpt_inv_mod(res,res,n);
mpz_clear(me);
return;
}
if(mpz_cmp_si(e,0) == 0)
{
mpz_set_si(res,1);
return;
}
/* Get the binary expansion of e */
const char * bin = mpz_get_str(NULL,2,e);
unsigned int l = strlen(bin);
mpz_t y;
mpz_init_set_si(y,1);
for(int i = 0; i < l; i++)
{
mpz_mul(y,y,2);
mpz_mod(y,y,n);
if(bin[i])
{
mpz_mul(y,x,y);
mpz_mod(y,y,n);
}
}
mpz_set(res,y);
mpz_clear(y);
free(bin);
}
//assume c has been initialized
void encrypt_big_num(mpz_t c, mpz_t m){
get_random_r();
//set r^n mod n^2
mpz_powm(r_pow_n, r, n, n_square);
//set big_temp = (n+1)^m mod n^2
mpz_powm(big_temp, n_plus_1, m, n_square);
//set c = (n+1)^m*r^n mod n^2
mpz_mul(c, big_temp, r_pow_n);
mpz_mod(c, c, n_square);
}
void gmp_pbs_bank_sign_start(gmp_pbs_bank_state *state, char* info) {
/* compute z, place in work3 */
gmp_pbs_Fhash(state->workspace.work3, info, &state->parameters,
&state->workspace);
/* compute b */
mpz_powm(state->workspace.work1, state->workspace.work3, state->d, state->parameters.p);
mpz_powm(state->workspace.work2, state->parameters.g, state->s, state->parameters.p);
mpz_mul(state->workspace.work3, state->workspace.work1, state->workspace.work2);
mpz_mod(state->b, state->workspace.work3, state->parameters.p);
/* compute a */
mpz_powm(state->a, state->parameters.g, state->u, state->parameters.p);
}
void gcd2(mpz_t r, mpz_t a1, mpz_t b1)
{
mpz_t a, b;
mpz_init_set(a, a1);
mpz_init_set(b, b1);
while (mpz_sgn(b) != 0) {
mpz_set(r, b); /* r = b; */
mpz_mod(b, a, b); /* b = a % b; */
mpz_set(a, r); /* a = r; */
}
mpz_set(r, a);
mpz_clear(a);
mpz_clear(b);
}
/* p <- gcd(n, l[0]*l[1]*...*l[k-1],
returns non-zero iff p is non trivial.
Clobbers l[0] */
int
list_gcd (mpz_t p, listz_t l, unsigned int k, mpz_t n)
{
unsigned int i;
for (i = 1; i < k; i++)
{
mpz_mul (l[0], l[0], l[i]);
mpz_mod (l[0], l[0], n);
}
mpz_gcd (p, l[0], n);
return mpz_cmp_ui (p, 1);
}
void
output_relation2 (FILE *fp, relation r, mpz_t q, mpz_t N)
{
unsigned int i;
mpz_invert (q, q, N);
mpz_mul (q, q, r->x);
mpz_mod (r->x, q, N);
mpz_set_ui (q, 1);
mpz_out_str (fp, 10, r->x);
for (i = 0; i < r->n; i++)
fprintf (fp, " %d %u", r->p[i], r->e[i]);
fprintf (fp, " 0\n");
}
// Input: priv_key = buffer of 200 bytes
// pub_key = buffer of 200 bytes
// Output: priv_key = Your private key
// pub_key = Your public key
int DH1080_gen(char *priv_key, char *pub_key)
{
unsigned char raw_buf[256]; //, iniHash[33];
//unsigned long seed;
int iRet, i;
size_t len;
mpz_t b_privkey, b_pubkey, b_base;
unsigned char temp[DH1080_PRIME_BYTES];
//FILE *hRnd;
priv_key[0]='0';
priv_key[1]='\0';
pub_key[0]='0';
pub_key[1]='\0';
mpz_init(b_privkey);
mpz_init(b_pubkey);
mpz_init_set_ui(b_base, 2);
do
{
for(i=0; i < DH1080_PRIME_BYTES; i++)
temp[i] = (unsigned char)rand(&csprng);
mpz_import(b_privkey, DH1080_PRIME_BYTES, 1, 1, 0, 0, temp);
mpz_mod(b_privkey, b_privkey, b_prime1080); /* [2, prime1080-1] */
} while( mpz_cmp_ui(b_privkey, 1) != 1); /* while smaller than 2 */
mpz_powm(b_pubkey, b_base, b_privkey, b_prime1080);
if(DH_verifyPubKey(b_pubkey))
{
mpz_export(raw_buf, &len, 1, 1, 0, 0, b_privkey);
mpz_clear(b_privkey);
htob64((char *)raw_buf, priv_key, len);
mpz_export(raw_buf, &len, 1, 1, 0, 0, b_pubkey);
htob64((char *)raw_buf, pub_key, len);
iRet=1;
}
else iRet=0;
ZeroMemory(raw_buf, sizeof(raw_buf));
mpz_clear(b_pubkey);
mpz_clear(b_base);
return iRet;
}
int gmp_pbs_client_sign_finish(gmp_pbs_client_state *state) {
/* compute rho */
mpz_add(state->workspace.work1, state->r, state->t1);
mpz_mod(state->signature.rho, state->workspace.work1, state->parameters.q);
/* compute omega */
mpz_add(state->workspace.work1, state->c, state->t2);
mpz_mod(state->signature.omega, state->workspace.work1, state->parameters.q);
/* compute sigma */
mpz_add(state->workspace.work1, state->s, state->t3);
mpz_mod(state->signature.sigma, state->workspace.work1, state->parameters.q);
/* compute delta */
mpz_add(state->workspace.work1, state->d, state->t4);
mpz_mod(state->signature.delta, state->workspace.work1, state->parameters.q);
/* consistency check for signature */
mpz_add(state->workspace.work1, state->signature.omega, state->signature.delta);
mpz_mod(state->workspace.work2, state->workspace.work1, state->parameters.q);
return mpz_cmp(state->workspace.work2, state->epsilon);
}
void RSA::setKey(const char* p, const char* q, const char* d)
{
OTSYS_THREAD_LOCK_CLASS lockClass(rsaLock);
mpz_set_str(m_p, p, 10);
mpz_set_str(m_q, q, 10);
mpz_set_str(m_d, d, 10);
mpz_t pm1,qm1;
mpz_init2(pm1, 520);
mpz_init2(qm1, 520);
mpz_sub_ui(pm1, m_p, 1);
mpz_sub_ui(qm1, m_q, 1);
mpz_invert(m_u, m_p, m_q);
mpz_mod(m_dp, m_d, pm1);
mpz_mod(m_dq, m_d, qm1);
mpz_mul(m_mod, m_p, m_q);
mpz_clear(pm1);
mpz_clear(qm1);
}
void RSA::setKey(const char* p, const char* q, const char* d)
{
boost::recursive_mutex::scoped_lock lockClass(rsaLock);
mpz_set_str(m_p, p, 10);
mpz_set_str(m_q, q, 10);
mpz_set_str(m_d, d, 10);
mpz_t pm1, qm1;
mpz_init2(pm1, 520);
mpz_init2(qm1, 520);
mpz_sub_ui(pm1, m_p, 1);
mpz_sub_ui(qm1, m_q, 1);
mpz_invert(m_u, m_p, m_q);
mpz_mod(m_dp, m_d, pm1);
mpz_mod(m_dq, m_d, qm1);
mpz_mul(m_mod, m_p, m_q);
mpz_clear(pm1);
mpz_clear(qm1);
}
/*
Map a projective jacobian point back to affine space
@param P [in/out] The point to map
@param modulus The modulus of the field the ECC curve is in
@param mp The "b" value from montgomery_setup()
@return 0 on success
*/
int
ecc_map (ecc_point * P, mpz_t modulus)
{
mpz_t t1, t2;
int err;
if (P == NULL)
return -1;
if ((err = mp_init_multi (&t1, &t2, NULL)) != 0)
{
return -1;
}
mpz_mod (P->z, P->z, modulus);
/* get 1/z */
mpz_invert (t1, P->z, modulus);
/* get 1/z^2 and 1/z^3 */
mpz_mul (t2, t1, t1);
mpz_mod (t2, t2, modulus);
mpz_mul (t1, t1, t2);
mpz_mod (t1, t1, modulus);
/* multiply against x/y */
mpz_mul (P->x, P->x, t2);
mpz_mod (P->x, P->x, modulus);
mpz_mul (P->y, P->y, t1);
mpz_mod (P->y, P->y, modulus);
mpz_set_ui (P->z, 1);
err = 0;
mp_clear_multi (&t1, &t2, NULL);
return err;
}
int pollardsRho(mpz_t *n)
{
mpz_t myN, x_fixed, cycle_size, x, factor, count, tmp;
long counter = 0;
int status = FAIL;
printf("Trying Pollards rho\n");
mpz_init_set(myN, *n);
mpz_init_set_ui(x_fixed, POLRHOXFIXED); mpz_init_set_ui(cycle_size, POLRHOCYCLESIZE);
mpz_init_set_ui(x, POLRHOX); mpz_init_set_ui(factor, POLRHOFACTOR);
mpz_init(tmp); mpz_init(count);
while (counter < POLRHOMAX)
{
mpz_set_ui(count, 1);
while (mpz_cmp(count, cycle_size) <= 0 && mpz_cmp_ui(factor, 1) <= 0)
{
mpz_mul(x, x, x); //x = (x*x+1)%number;
mpz_add_ui(x, x, 1);
mpz_mod(x, x, myN);
mpz_sub(tmp, x, x_fixed); //factor = gcd(x - x_fixed, number);
mpz_gcd(factor, tmp, myN);
mpz_add_ui(count, count, 1);
}
if (mpz_cmp_ui(factor, 1) > 0)
{
printWin(&factor, "Pollards rho");
status = WIN;
break;
}
mpz_mul_ui(cycle_size, cycle_size, 2); //cycle_size *= 2;
mpz_set(x_fixed, x);
counter += 1;
}
mpz_clear(myN);
mpz_clear(x_fixed); mpz_clear(cycle_size); mpz_clear(x);
mpz_clear(factor); mpz_clear(count); mpz_clear(tmp);
return status;
}
void RSA::decrypt(char* msg, uint32 size)
{
mpz_t c,v1,v2,u2,tmp;
mpz_init2(c, 1024);
mpz_init2(v1, 1024);
mpz_init2(v2, 1024);
mpz_init2(u2, 1024);
mpz_init2(tmp, 1024);
mpz_import(c, size, 1, 1, 0, 0, msg);
mpz_mod(tmp, c, m_p);
mpz_powm(v1, tmp, m_dp, m_p);
mpz_mod(tmp, c, m_q);
mpz_powm(v2, tmp, m_dq, m_q);
mpz_sub(u2, v2, v1);
mpz_mul(tmp, u2, m_u);
mpz_mod(u2, tmp, m_q);
if(mpz_cmp_si(u2, 0) < 0){
mpz_add(tmp, u2, m_q);
mpz_set(u2, tmp);
}
mpz_mul(tmp, u2, m_p);
mpz_set_ui(c, 0);
mpz_add(c, v1, tmp);
size_t count = (mpz_sizeinbase(c, 2) + 7)/8;
memset(msg, 0, size - count);
mpz_export(&msg[size - count], NULL, 1, 1, 0, 0, c);
mpz_clear(c);
mpz_clear(v1);
mpz_clear(v2);
mpz_clear(u2);
mpz_clear(tmp);
}
/**
* Applique le crt et remplit res solution de X = a mod mod_a, X = b mod mod_b
*/
void crt(mpz_t res, mpz_t a, mpz_t b, mpz_t mod_a, mpz_t mod_b){
mpz_t res_euclide[3], tmp1, tmp2, mod_fin;
mpz_inits(res_euclide[0], res_euclide[1], res_euclide[2], tmp1, tmp2, mod_fin, NULL);
mpz_mul(mod_fin, mod_a, mod_b);
mpz_mod(a, a, mod_a);
mpz_mod(b, b, mod_b);
euclide_etendu(mod_a, mod_b, res_euclide);
if (!mpz_cmp_si(res_euclide[2], 0)){
printf("Choisir des moduli premiers entre eux\n");
return;
}
mpz_mul(tmp1, mod_a, res_euclide[0]);
mpz_mul(tmp1, tmp1, b);
mpz_mul(tmp2, mod_b, res_euclide[1]);
mpz_mul(tmp2, tmp2, a);
mpz_add(res, tmp1, tmp2);
mpz_mod(res, res, mod_fin);
}
