void srp_free(srp_t *srp)
{
mpz_clear(srp->a);
mpz_clear(srp->n);
gmp_randclear(srp->rand);
g_free(srp->username);
g_free(srp->username_upper);
g_free(srp->password_upper);
if (srp->A)
g_free(srp->A);
if (srp->S)
g_free(srp->S);
if (srp->K)
g_free(srp->K);
if (srp->M1)
g_free(srp->M1);
if (srp->M2)
g_free(srp->M2);
if (srp->salt)
g_free(srp->salt);
if (srp->B)
g_free(srp->B);
g_free(srp);
}
void
check_random (int argc, char *argv[])
{
gmp_randstate_t rands;
mpz_t w, x, y;
int i, reps = 2000;
gmp_randinit_default(rands);
mpz_init (w);
mpz_init (x);
mpz_init (y);
if (argc == 2)
reps = atoi (argv[1]);
for (i = 0; i < reps; i++)
{
mpz_errandomb (w, rands, 5*BITS_PER_MP_LIMB);
mpz_errandomb (x, rands, 5*BITS_PER_MP_LIMB);
mpz_errandomb (y, rands, 5*BITS_PER_MP_LIMB);
check_all (w, x, y);
check_all_inplace (w, y);
mpz_errandomb (w, rands, 5*BITS_PER_MP_LIMB);
mpz_errandomb (x, rands, 5*BITS_PER_MP_LIMB);
mpz_errandomb (y, rands, BITS_PER_ULONG);
check_all (w, x, y);
check_all_inplace (w, y);
}
mpz_clear (w);
mpz_clear (x);
mpz_clear (y);
gmp_randclear(rands);
}
damgard_jurik_ciphertext_t* damgard_jurik::encrypt(damgard_jurik_plaintext_t* pt, unsigned long s) {
mpz_t r;
gmp_randstate_t rand;
mpz_t x;
mpz_t gc;
damgard_jurik_ciphertext_t *res = new damgard_jurik_ciphertext_t();
/* pick random blinding factor */
mpz_init(r);
mpz_init(gc);
init_rand(rand, pubkey->bits / 8 + 1);
do {
mpz_urandomb(r, rand, pubkey->bits);
mpz_gcd(gc, r, pubkey->n);
}while( mpz_cmp(r, pubkey->n) >= 0 || mpz_cmp_ui(gc, 1) > 0 || mpz_cmp_ui(r, 0) == 0);
mpz_init(x);
// mpz_powm(res->text, pubkey->g, pt->text, pubkey->n_j[s + 1]);
compute_exp(&res->text, &pt->text, s);
mpz_powm(x, r, pubkey->n_j[s], pubkey->n_j[s + 1]);
mpz_mul(res->text, res->text, x);
mpz_mod(res->text, res->text, pubkey->n_j[s + 1]);
mpz_set(res->n_s, pubkey->n_j[s + 1]);
res->s = s;
mpz_clear(x);
mpz_clear(r);
gmp_randclear(rand);
return res;
}
void damgard_jurik::encrypt(damgard_jurik_ciphertext_t **list, damgard_jurik_plaintext_t **text, unsigned long s, int size) {
mpz_t r;
gmp_randstate_t rand;
mpz_t x;
mpz_t gc;
/* pick random blinding factor */
mpz_init(r);
mpz_init(gc);
init_rand(rand, pubkey->bits / 8 + 1);
do {
mpz_urandomb(r, rand, pubkey->bits);
mpz_gcd(gc, r, pubkey->n);
}while (mpz_cmp(r, pubkey->n) >= 0 || mpz_cmp_ui(gc, 1) > 0 || mpz_cmp_ui(r, 0) == 0);
mpz_init(x);
mpz_powm(x, r, pubkey->n_j[s], pubkey->n_j[s + 1]);
for (int i = 0; i < size; i++) {
list[i] = new damgard_jurik_ciphertext_t();
// mpz_powm(list[i]->text, pubkey->g, text[i]->text, pubkey->n_j[s + 1]);
compute_exp(&list[i]->text, &text[i]->text, s);
mpz_mul(list[i]->text, list[i]->text, x);
mpz_mod(list[i]->text, list[i]->text, pubkey->n_j[s + 1]);
mpz_set(list[i]->n_s, pubkey->n_j[s + 1]);
list[i]->s = s;
}
mpz_clear(x);
mpz_clear(r);
gmp_randclear(rand);
}
// This function is Obsolete 17/8/2009
void mpz_nextprime(mpz_ptr x,mpz_srcptr y)
{gmp_randstate_t rnd;
gmp_randinit_default(rnd);
mpz_next_likely_prime(x,y,rnd);
gmp_randclear(rnd);
return;}
int main(int argc, const char* argv[]) {
gmp_randstate_t state;
data_arr source;
mpz_t seed;
uint32_t min, max, n;
mpz_init(seed);
parse_input(argc, argv, seed, &min, &max);
gmp_randinit_default(state);
gmp_randseed(state, seed);
n = rand_range(state, min, max);
fprintf(stderr, "%u\n",n);
source = make_array(n);
generate_random_arr(n, source, state);
fprint_array(stdout, source, n);
gmp_randclear(state);
delete_array(source, n);
mpz_clear(seed);
return 0;
}
/* Test operands from a table of seed data. This variant creates the operands
using a division chain. This is a hack for better coverage of the gcd
code, which depends on that the random number generators give the exact
numbers we expect. */
void
check_kolmo2 (void)
{
static const struct {
unsigned int seed;
int nb, chain_len;
} data[] = {
{ 917, 15, 5 },
{ 1032, 18, 6 },
{ 1167, 18, 6 },
{ 1174, 18, 6 },
{ 1192, 18, 6 },
};
gmp_randstate_t rs;
mpz_t bs, a, b, want;
int i;
gmp_randinit_default (rs);
mpz_inits (bs, a, b, want, NULL);
for (i = 0; i < numberof (data); i++)
{
gmp_randseed_ui (rs, data[i].seed);
make_chain_operands (want, a, b, rs, data[i].nb, data[i].nb, data[i].chain_len);
one_test (a, b, want, -1);
}
mpz_clears (bs, a, b, want, NULL);
gmp_randclear (rs);
}
static pk_t * pkMatrix_rand(long n, long k)
{
long i, j;
mpzMatrix_t * A = mpzMatrix_init(n, n);
pk_t * Z;
mpz_t * data;
gmp_randstate_t state;
gmp_randinit_default(state);
gmp_randseed_ui(state, rand());
data = mpzMatrix_data(A);
for (i = 0; i < A->nrows; ++i) {
mpz_set_ui(data[i*A->nrows + i], 1);
}
for (i = 0; i < k; ++i) {
long c = rand() % n;
for (j = 0; j <= c; ++j) {
mpz_urandomb(data[j*n+c], state, 10);
}
}
gmp_randclear(state);
Z = pkMatrix_fromFull(A);
mpzMatrix_fini(A);
return Z;
}
long long testPerformance(long long tests, int bit_count, int repetitions)
{
gmp_randstate_t RAND;
gmp_randinit_default(RAND);
gmp_randseed_ui(RAND, getTime());
mpz_t base;
mpz_init_set_ui(base, 1);
mpz_mul_2exp(base, base, bit_count-1); // base = 2^(bit_count-1)
mpz_t n;
mpz_init(n);
long long time = 0;
int test;
for (test = 0; test < tests; test++) {
mpz_urandomb(n, RAND, bit_count-1);
mpz_add(n, n, base); // n has bit_count bits
time += measureTime(n, repetitions);
}
mpz_clear(n);
mpz_clear(base);
gmp_randclear(RAND);
return time / tests; // Average
}
void camlidl_custom_gmp_randstate2_finalize(value val)
{
CAMLparam1(val);
__gmp_randstate_struct** gmp_randstate = (__gmp_randstate_struct**)(Data_custom_val(val));
gmp_randclear(*gmp_randstate);
free(*gmp_randstate);
}
double run_mp(double sigma_, double c_, int tau, dgs_disc_gauss_alg_t alg, size_t ntrials, unsigned long long *t) {
mpfr_set_default_prec(80);
mpfr_t sigma;
mpfr_init_set_d(sigma, sigma_, MPFR_RNDN);
gmp_randstate_t state;
gmp_randinit_default(state);
mpfr_t c;
mpfr_init_set_d(c, c_, MPFR_RNDN);
dgs_disc_gauss_mp_t *gen = dgs_disc_gauss_mp_init(sigma, c, tau, alg);
double variance = 0.0;
mpz_t r;
mpz_init(r);
*t = walltime(0);
for(size_t i=0; i<ntrials; i++) {
gen->call(r, gen, state);
variance += mpz_get_d(r)*mpz_get_d(r);
}
*t = walltime(*t);
dgs_disc_gauss_mp_clear(gen);
mpfr_clear(sigma);
mpz_clear(r);
mpfr_clear(c);
gmp_randclear(state);
variance /= ntrials;
return sqrt(variance);
}
/* expect after a gmp_randinit_set that the new and old generators will
produce the same sequence of numbers */
void
check_one (const char *name, gmp_randstate_ptr src)
{
gmp_randstate_t dst;
mpz_t sz, dz;
int i;
gmp_randinit_set (dst, src);
mpz_init (sz);
mpz_init (dz);
for (i = 0; i < 20; i++)
{
mpz_urandomb (sz, src, 123);
mpz_urandomb (dz, dst, 123);
if (mpz_cmp (sz, dz) != 0)
{
printf ("gmp_randinit_set didn't duplicate randstate\n");
printf (" algorithm: %s\n", name);
gmp_printf (" from src: %#Zx\n", sz);
gmp_printf (" from dst: %#Zx\n", dz);
abort ();
}
}
mpz_clear (sz);
mpz_clear (dz);
gmp_randclear (dst);
}
/*Generate signature for a message*/
void signature_sign(signature sig, mpz_t message, mpz_t private_key, domain_parameters curve)
{
//message must not have a bit length longer than that of n
//see: Guide to Elliptic Curve Cryptography, section 4.4.1.
assert(mpz_sizeinbase(message, 2) <= mpz_sizeinbase(curve->n, 2));
//Initializing variables
mpz_t k;mpz_init(k);
mpz_t x;mpz_init(x);
point Q = point_init();
mpz_t r;mpz_init(r);
mpz_t t1;mpz_init(t1);
mpz_t t2;mpz_init(t2);
mpz_t t3;mpz_init(t3);
mpz_t s;mpz_init(s);
gmp_randstate_t r_state;
signature_sign_start:
//Set k
gmp_randinit_default(r_state);
random_seeding(r_state);
mpz_sub_ui(t1, curve->n, 2);
mpz_urandomm(k , r_state , t1);
gmp_randclear(r_state);
//Calculate x
point_multiplication(Q, k, curve->G, curve);
mpz_set(x, Q->x);
point_clear(Q);
//Calculate r
mpz_mod(r, x, curve->n);
if(!mpz_sgn(r)) //Start over if r=0, note haven't been tested memory might die :)
goto signature_sign_start;
mpz_clear(x);
//Calculate s
//s = k¯¹(e+d*r) mod n = (k¯¹ mod n) * ((e+d*r) mod n) mod n
number_theory_inverse(t1, k, curve->n);//t1 = k¯¹ mod n
mpz_mul(t2, private_key, r);//t2 = d*r
mpz_add(t3, message, t2); //t3 = e+t2
mpz_mod(t2, t3, curve->n); //t2 = t3 mod n
mpz_mul(t3, t2, t1); //t3 = t2 * t1
mpz_mod(s, t3, curve->n); //s = t3 mod n
mpz_clear(t1);
mpz_clear(t2);
mpz_clear(t3);
//Set signature
mpz_set(sig->r, r);
mpz_set(sig->s, s);
//Release k,r and s
mpz_clear(k);
mpz_clear(r);
mpz_clear(s);
}
static void
_hec_quit (void)
{
mpz_clear (n);
mpz_clear (g);
mpz_clear (n2);
gmp_randclear (state);
}
void
paillier_keygen( int modulusbits,
paillier_pubkey_t** pub,
paillier_prvkey_t** prv,
paillier_get_rand_t get_rand )
{
mpz_t p;
mpz_t q;
gmp_randstate_t rand;
/* allocate the new key structures */
*pub = (paillier_pubkey_t*) malloc(sizeof(paillier_pubkey_t));
*prv = (paillier_prvkey_t*) malloc(sizeof(paillier_prvkey_t));
/* initialize our integers */
mpz_init((*pub)->n);
mpz_init((*pub)->n_squared);
mpz_init((*pub)->n_plusone);
mpz_init((*prv)->lambda);
mpz_init((*prv)->x);
mpz_init(p);
mpz_init(q);
/* pick random (modulusbits/2)-bit primes p and q */
init_rand(rand, get_rand, modulusbits / 8 + 1);
do
{
do
mpz_urandomb(p, rand, modulusbits / 2);
while( !mpz_probab_prime_p(p, 10) );
do
mpz_urandomb(q, rand, modulusbits / 2);
while( !mpz_probab_prime_p(q, 10) );
/* compute the public modulus n = p q */
mpz_mul((*pub)->n, p, q);
} while( !mpz_tstbit((*pub)->n, modulusbits - 1) );
complete_pubkey(*pub);
(*pub)->bits = modulusbits;
/* compute the private key lambda = lcm(p-1,q-1) */
mpz_sub_ui(p, p, 1);
mpz_sub_ui(q, q, 1);
mpz_lcm((*prv)->lambda, p, q);
complete_prvkey(*prv, *pub);
/* clear temporary integers and randstate */
mpz_clear(p);
mpz_clear(q);
gmp_randclear(rand);
}
void
check_rand (void)
{
unsigned long min_prec = __GMPF_BITS_TO_PREC (1);
gmp_randstate_t rands;
mpf_t got, u;
unsigned long prec, v;
int i;
/* The nails code in mpf_mul_ui currently isn't exact, so suppress these
tests for now. */
if (BITS_PER_UI > GMP_NUMB_BITS)
return;
mpf_init (got);
mpf_init (u);
gmp_randinit_default(rands);
for (i = 0; i < 200; i++)
{
/* got precision */
prec = min_prec + gmp_urandomm_ui (rands, 15L);
refmpf_set_prec_limbs (got, prec);
/* u precision */
prec = min_prec + gmp_urandomm_ui (rands, 15L);
refmpf_set_prec_limbs (u, prec);
/* u, possibly negative */
mpf_rrandomb (u, rands, PREC(u), (mp_exp_t) 20);
if (gmp_urandomb_ui (rands, 1L))
mpf_neg (u, u);
/* v, 0 to BITS_PER_ULONG bits (inclusive) */
prec = gmp_urandomm_ui (rands, BITS_PER_ULONG+1);
v = gmp_urandomb_ui (rands, prec);
if ((i % 2) == 0)
{
/* separate */
mpf_mul_ui (got, u, v);
check_one ("separate", got, u, v);
}
else
{
/* overlap */
prec = refmpf_set_overlap (got, u);
mpf_mul_ui (got, got, v);
check_one ("overlap src==dst", got, u, v);
mpf_set_prec_raw (got, prec);
}
}
mpf_clear (got);
mpf_clear (u);
gmp_randclear(rands);
}
int
main (int argc, char **argv)
{
char str[1000];
gmp_randstate_t rnd;
mpz_t x, y, z;
int i, j, k, s;
tests_start ();
gmp_randinit_default (rnd);
mpz_init(x);
mpz_init(y);
mpz_init(z);
for( i = 0 ; i < sizeof(tests1) / sizeof(tests1[0]) ; ++i )
{
mpz_ui_pow_ui(x, 10, tests1[i].pow10);
mpz_next_prime_candidate(y, x, rnd);
mpz_sub(y, y, x);
j = mpz_get_ui(y);
if(j != tests1[i].np_off)
{
printf("\nnext_likely_prime(10^%d) - 10^%d: expected %d but got %d",
tests1[i].pow10, tests1[i].pow10, tests1[i].np_off, j);
abort();
}
}
for( i = 0 ; i < sizeof(tests2) / sizeof(tests2[0]) ; ++i )
{
mpz_ui_pow_ui(x, 10, tests2[i].pow10);
mpz_set(y, x);
s = j = 0;
for( ; ; )
{
mpz_next_prime_candidate(y, y, rnd);
mpz_sub(z, y, x);
k = mpz_get_si(z);
if(k >= 1000)
break;
j++;
s += k * k;
}
if(j != tests2[i].count || s != tests2[i].sumsq)
{
printf("\nnext_likely_prime failed test2[%d], expected %d and %d but got %d and %d",
i, tests2[i].count, tests2[i].sumsq, j, s);
abort();
}
}
gmp_randclear (rnd);
mpz_clear(z);
mpz_clear(y);
mpz_clear(x);
tests_end ();
exit (0);
}
int main(void)
{
/* Initialization */
long D, sd = 0;
mpz_t p, m, n, h, private_key;
mpz_t curv[2], base_point[2], public_key[2];
mpz_t seed;
gmp_randinit(stat, GMP_RAND_ALG_LC, 120);
mpz_init(p);
mpz_init(m);
mpz_init(n);
mpz_init(h);
mpz_init(private_key);
mpz_init(curv[0]); mpz_init(curv[1]);
mpz_init(base_point[0]); mpz_init(base_point[1]);
mpz_init(public_key[0]); mpz_init(public_key[1]);
mpz_init(seed);
srand( (unsigned) getpid());
sd=rand();
mpz_set_ui(seed, sd);
gmp_randseed(stat, seed);
/* set the value of the discriminant*/
D = 40;
/* create the order p, the elliptic curve and its order m using D */
CMmethod(D, &p, &m, curv);
/* create a base point of order n, where m = nh and returns n and h*/
domain_parameters(curv, base_point, &p, &m, &n, &h);
/* create a private and a public key */
create_priv_and_public(curv, &p, base_point, &private_key, public_key);
/* generate the signature on the message using ECDSA */
file_create_signature("README", curv, base_point, &p, &n, &private_key, "signature");
gmp_randclear(stat);
mpz_clear(p);
mpz_clear(m);
mpz_clear(n);
mpz_clear(h);
mpz_clear(private_key);
mpz_clear(curv[0]); mpz_clear(curv[1]);
mpz_clear(base_point[0]); mpz_clear(base_point[1]);
mpz_clear(public_key[0]); mpz_clear(public_key[1]);
mpz_clear(seed);
return 0;
}
paillier_ciphertext_t*
paillier_enc(paillier_tag* tag, paillier_ciphertext_t* res,
paillier_pubkey_t* pub,
paillier_plaintext_t* pt,
paillier_get_rand_t get_rand, int no_copies, mpz_t* rand_prf)
{
mpz_t r;
gmp_randstate_t rand;
mpz_t x, one;
// char val = '1';
/* pick random blinding factor */
mpz_init(r);
mpz_init_set_str(one, "1", 10);
//printf("\npubbits : %d \n", pub->bits);
init_rand(rand, get_rand, pub->bits / 8 + 1);
/* compute ciphertext */
/*if( !res )
{
res = (paillier_ciphertext_t*) malloc(sizeof(paillier_ciphertext_t));
mpz_init(res->c);
} */
//printf("\n calculating enc");
mpz_t t;
mpz_init(x);
mpz_init(t);
mpz_set(tag->t, pt->m);
mpz_mul(t, pub->n, pt->m);
int j;
for(j=0; j < no_copies; j++)
{
do
mpz_urandomb(r, rand, pub->bits);
while( mpz_cmp(r, pub->n) >= 0 );
mpz_mul(r, r, rand_prf[j]);
mpz_mod(r, r, pub->n);
mpz_powm(x, r, pub->n, pub->n_squared);
mpz_init(res[j].c);
//printf("\n power %d", j );
mpz_add(res[j].c, one, t);
//mpz_powm(res[j].c, pub->n_plusone, pt->m, pub->n_squared);
mpz_mul(res[j].c, res[j].c, x);
//printf("\n multiply");
mpz_mod(res[j].c, res[j].c, pub->n_squared);
}
//printf("\n mod");
mpz_clear(x);
//printf("\n clear");
mpz_clear(r);
gmp_randclear(rand);
return res;
}
int
mpz_millerrabin (mpz_srcptr n, int reps)
{
int r;
mpz_t nm1, nm3, x, y, q;
unsigned long int k;
gmp_randstate_t rstate;
int is_prime;
TMP_DECL;
TMP_MARK;
MPZ_TMP_INIT (nm1, SIZ (n) + 1);
mpz_sub_ui (nm1, n, 1L);
MPZ_TMP_INIT (x, SIZ (n) + 1);
MPZ_TMP_INIT (y, 2 * SIZ (n)); /* mpz_powm_ui needs excessive memory!!! */
/* Perform a Fermat test. */
mpz_set_ui (x, 210L);
mpz_powm (y, x, nm1, n);
if (mpz_cmp_ui (y, 1L) != 0)
{
TMP_FREE;
return 0;
}
MPZ_TMP_INIT (q, SIZ (n));
/* Find q and k, where q is odd and n = 1 + 2**k * q. */
k = mpz_scan1 (nm1, 0L);
mpz_tdiv_q_2exp (q, nm1, k);
/* n-3 */
MPZ_TMP_INIT (nm3, SIZ (n) + 1);
mpz_sub_ui (nm3, n, 3L);
ASSERT (mpz_cmp_ui (nm3, 1L) >= 0);
gmp_randinit_default (rstate);
is_prime = 1;
for (r = 0; r < reps && is_prime; r++)
{
/* 2 to n-2 inclusive, don't want 1, 0 or -1 */
mpz_urandomm (x, rstate, nm3);
mpz_add_ui (x, x, 2L);
is_prime = millerrabin (n, nm1, x, y, q, k);
}
gmp_randclear (rstate);
TMP_FREE;
return is_prime;
}
int
mpz_millerrabin (mpz_srcptr n, int reps)
{
gmp_randstate_t rstate;
int is_prime;
gmp_randinit_default(rstate);
is_prime = mpz_miller_rabin(n, reps, rstate);
gmp_randclear(rstate);
return is_prime;
}
void mpfr_bench(mpfr_prec_t prec_a, mpfr_prec_t prec_b, mpfr_prec_t prec_c,
const char *b_str, const char *c_str, unsigned long seed)
{
mpfr_t a,b,c;
mpf_t x,y,z;
mpz_t zz;
gmp_randstate_t state;
gmp_randinit_lc_2exp_size (state, 128);
gmp_randseed_ui (state, seed);
mpfr_init2(a, prec_a);
mpfr_init2(b, prec_b);
mpfr_init2(c, prec_c);
mpf_init2(x, prec_a);
mpf_init2(y, prec_b);
mpf_init2(z, prec_c);
if (b_str)
mpf_set_str(y, b_str, 10);
else
mpf_urandomb(y, state, prec_b);
if (c_str)
mpf_set_str(z, c_str, 10);
else
mpf_urandomb(z, state, prec_c);
mpfr_set_f(b, y, MPFR_RNDN);
mpfr_set_f(c, z, MPFR_RNDN);
mpz_init (zz);
mpz_urandomb (zz, state, 2*prec_b);
if (verbose)
{
printf("B="); mpfr_out_str(stdout, 10, 0, b, MPFR_RNDD);
printf("\nC="); mpfr_out_str(stdout, 10, 0, c, MPFR_RNDD);
putchar('\n');
}
TIMP_OVERHEAD ();
#undef BENCH
#define BENCH(TEST_STR, TEST) printf(" "TEST_STR": %Lu\n", TIMP_MEASURE(TEST))
TEST_LIST;
mpz_clear (zz);
mpfr_clear (a);
mpfr_clear (b);
mpfr_clear (c);
mpf_clear (x);
mpf_clear (y);
mpf_clear (z);
gmp_randclear (state);
}
void clear(){
gmp_randclear(state);
mpz_clear(big_temp);
mpz_clear(n);
mpz_clear(n_plus_1);
mpz_clear(n_square);
mpz_clear(r);
mpz_clear(r_pow_n);
mpz_clear(d);
mpz_clear(d_inverse);
}
void damgard_jurik::key_gen(int modulusbits) {
mpz_t p, q;
gmp_randstate_t rand;
mpz_init(pubkey->n);
mpz_init(pubkey->g);
mpz_init(prvkey->lambda);
mpz_init(p);
mpz_init(q);
init_rand(rand, modulusbits / 8 + 1);
do
{
do
mpz_urandomb(p, rand, modulusbits / 2);
while( !mpz_probab_prime_p(p, 10) );
do
mpz_urandomb(q, rand, modulusbits / 2);
while( !mpz_probab_prime_p(q, 10) );
/* compute the public modulus n = p q */
mpz_mul(pubkey->n, p, q);
} while( !mpz_tstbit(pubkey->n, modulusbits - 1));
pubkey->bits = modulusbits;
mpz_add_ui(pubkey->g, pubkey->n, 1);
pubkey->n_j = new mpz_t[s_max + 2];
pubkey->k_n = new mpz_t[s_max + 2];
mpz_init(pubkey->n_j[0]);
mpz_set_ui(pubkey->n_j[0], 1);
mpz_init(pubkey->k_n[0]);
mpz_set_ui(pubkey->k_n[0], 1);
for (int i = 1;i <= s_max + 1;i++) {
mpz_init(pubkey->n_j[i]);
mpz_mul(pubkey->n_j[i], pubkey->n_j[i - 1], pubkey->n);
mpz_init(pubkey->k_n[i]);
mpz_mul_ui(pubkey->k_n[i], pubkey->k_n[i - 1], i);
}
/* Compute Private Key */
mpz_sub_ui(p, p, 1);
mpz_sub_ui(q, q, 1);
mpz_lcm(prvkey->lambda, p, q);
mpz_clear(p);
mpz_clear(q);
gmp_randclear(rand);
}
void
test_main (void)
{
gmp_randstate_t rands;
unsigned i;
gmp_randinit_default (rands);
for (i = 0; ecc_curves[i]; i++)
{
if (ecc_curves[i]->p.sqrt)
test_modulo (rands, &ecc_curves[i]->p);
}
gmp_randclear (rands);
}
/* Check divide and conquer hensel division routine. */
void
check_dc_bdiv_q (void)
{
mp_limb_t np[2*MAX_LIMBS];
mp_limb_t np2[2*MAX_LIMBS];
mp_limb_t rp[3*MAX_LIMBS];
mp_limb_t dp[MAX_LIMBS];
mp_limb_t qp[2*MAX_LIMBS];
mp_limb_t dip;
mp_size_t nn, rn, dn, qn;
gmp_randstate_t rands;
int i, j, s;
gmp_randinit_default(rands);
for (i = 0; i < ITERS; i++)
{
dn = (random() % (MAX_LIMBS - 5)) + 6;
nn = (random() % MAX_LIMBS) + dn;
mpn_rrandom (np, rands, nn);
mpn_rrandom (dp, rands, dn);
dp[0] |= 1;
MPN_COPY(np2, np, nn);
modlimb_invert(dip, dp[0]);
mpn_dc_bdiv_q(qp, np, nn, dp, dn, dip);
if (nn >= dn) mpn_mul(rp, qp, nn, dp, dn);
else mpn_mul(rp, dp, dn, qp, nn);
if (mpn_cmp(rp, np2, nn) != 0)
{
printf("failed: quotient wrong!\n");
printf ("nn = %lu, dn = %lu\n\n", nn, dn);
gmp_printf (" np: %Nx\n\n", np2, nn);
gmp_printf (" dp: %Nx\n\n", dp, dn);
gmp_printf (" qp: %Nx\n\n", qp, nn);
gmp_printf (" rp: %Nx\n\n", rp, nn);
abort ();
}
}
gmp_randclear(rands);
}
void
PerlCryptDHGMP_mpz_rand_set(pTHX_ mpz_t *v, unsigned int bits)
{
gmp_randstate_t state;
gmp_randinit_default(state);
/* Perl_seed should come with Perl 5.8.1. You shouldn't be using
Perl older than that, or at least you should be supplying me with
a patch
*/
gmp_randseed_ui(state, Perl_seed(aTHX));
mpz_urandomb(*v, state, bits);
gmp_randclear(state);
}
int
main (void)
{
unsigned long n;
gmp_randstate_t rands;
int j, k, i, i1;
mp_limb_t sp[10000], tp[10000], xp[10000], yp[10000], zp[10000];
tests_start ();
gmp_randinit_default(rands);
for (i1 = 0; i1 < 2; i1++)
{
for (n = 1; n < 100; n++)
{
for (j = 1; j < 5; j++)
{
if (i1 == 0)
{
mpn_randomb (xp, rands, n);
mpn_randomb (yp, rands, n);
mpn_randomb (zp, rands, n);
}
else
{
mpn_rrandom (xp, rands, n);
mpn_rrandom (yp, rands, n);
mpn_rrandom (zp, rands, n);
}
k = mpn_addadd_n (sp, xp, yp, zp, n);
i = mpn_add_n (tp, xp, yp, n);
i += mpn_add_n (tp, tp, zp, n);
if (k != i)
{
printf ("mpn_addadd_n ret wrong\n");
abort ();
}
if (mpn_cmp (sp, tp, n) != 0)
{
printf ("mpn_addadd_n sum wrong\n");
abort ();
}
}
}
}
gmp_randclear(rands);
tests_end ();
exit (0);
}
//mocked key
void paillier_pubkey::init_key(unsigned int key_bit_size)
{
init_s = 1;
gmp_randstate_t rand;
gmp_randinit_default(rand);
mpz_urandomb(nj[1], rand, key_bit_size);
mpz_add_ui(g, nj[1], 1);
for (int i = 2; i <= init_s+1; i++)
{
mpz_pow_ui(nj[i], nj[1], i);
}
gmp_randclear(rand);
}
void
test_main (void)
{
const char *nettle_test_seed;
gmp_randstate_t rands;
unsigned count = COUNT;
unsigned i;
gmp_randinit_default (rands);
test_fixed ();
for (i = 0; ecc_curves[i]; i++)
{
test_patterns ("p", &ecc_curves[i]->p);
test_patterns ("q", &ecc_curves[i]->p);
}
#if !NETTLE_USE_MINI_GMP
nettle_test_seed = getenv ("NETTLE_TEST_SEED");
if (nettle_test_seed && *nettle_test_seed)
{
mpz_t seed;
mpz_init (seed);
if (mpz_set_str (seed, nettle_test_seed, 0) < 0
|| mpz_sgn (seed) < 0)
die ("Invalid NETTLE_TEST_SEED: %s\n",
nettle_test_seed);
if (mpz_sgn (seed) == 0)
get_random_seed (seed);
fprintf (stderr, "Using NETTLE_TEST_SEED=");
mpz_out_str (stderr, 10, seed);
fprintf (stderr, "\n");
gmp_randseed (rands, seed);
mpz_clear (seed);
count *= 20;
}
#endif /* !NETTLE_USE_MINI_GMP */
for (i = 0; ecc_curves[i]; i++)
{
test_modulo (rands, "p", &ecc_curves[i]->p, count);
test_modulo (rands, "q", &ecc_curves[i]->q, count);
}
gmp_randclear (rands);
}
