/**
Primality testing of DSA params p and q
@param key The key to validate
@param stat [out] Result of test, 1==valid, 0==invalid
@return CRYPT_OK if successful
*/
int dsa_int_validate_primes(dsa_key *key, int *stat)
{
int err, res;
*stat = 0;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(stat != NULL);
/* key->q prime? */
if ((err = mp_prime_is_prime(key->q, LTC_MILLER_RABIN_REPS, &res)) != CRYPT_OK) {
return err;
}
if (res == LTC_MP_NO) {
return CRYPT_OK;
}
/* key->p prime? */
if ((err = mp_prime_is_prime(key->p, LTC_MILLER_RABIN_REPS, &res)) != CRYPT_OK) {
return err;
}
if (res == LTC_MP_NO) {
return CRYPT_OK;
}
*stat = 1;
return CRYPT_OK;
}
/**
Perform on the ECC system
@return CRYPT_OK if successful
*/
int ecc_test(void)
{
void *modulus, *order;
ecc_point *G, *GG;
int i, err, primality;
if ((err = mp_init_multi(&modulus, &order, NULL)) != CRYPT_OK) {
return err;
}
G = ltc_ecc_new_point();
GG = ltc_ecc_new_point();
if (G == NULL || GG == NULL) {
mp_clear_multi(modulus, order, NULL);
ltc_ecc_del_point(G);
ltc_ecc_del_point(GG);
return CRYPT_MEM;
}
for (i = 0; ltc_ecc_sets[i].size; i++) {
#if 0
printf("Testing %d\n", ltc_ecc_sets[i].size);
#endif
if ((err = mp_read_radix(modulus, (char *)ltc_ecc_sets[i].prime, 16)) != CRYPT_OK) { goto done; }
if ((err = mp_read_radix(order, (char *)ltc_ecc_sets[i].order, 16)) != CRYPT_OK) { goto done; }
/* is prime actually prime? */
if ((err = mp_prime_is_prime(modulus, 8, &primality)) != CRYPT_OK) { goto done; }
if (primality == 0) {
err = CRYPT_FAIL_TESTVECTOR;
goto done;
}
/* is order prime ? */
if ((err = mp_prime_is_prime(order, 8, &primality)) != CRYPT_OK) { goto done; }
if (primality == 0) {
err = CRYPT_FAIL_TESTVECTOR;
goto done;
}
if ((err = mp_read_radix(G->x, (char *)ltc_ecc_sets[i].Gx, 16)) != CRYPT_OK) { goto done; }
if ((err = mp_read_radix(G->y, (char *)ltc_ecc_sets[i].Gy, 16)) != CRYPT_OK) { goto done; }
mp_set(G->z, 1);
/* then we should have G == (order + 1)G */
if ((err = mp_add_d(order, 1, order)) != CRYPT_OK) { goto done; }
if ((err = ltc_mp.ecc_ptmul(order, G, GG, modulus, 1)) != CRYPT_OK) { goto done; }
if (mp_cmp(G->x, GG->x) != LTC_MP_EQ || mp_cmp(G->y, GG->y) != LTC_MP_EQ) {
err = CRYPT_FAIL_TESTVECTOR;
goto done;
}
}
err = CRYPT_OK;
goto done;
done:
ltc_ecc_del_point(GG);
ltc_ecc_del_point(G);
mp_clear_multi(order, modulus, NULL);
return err;
}
int main(void)
{
int res, x, y;
char buf[4096];
FILE *out;
mp_int a, b;
mp_init(&a);
mp_init(&b);
out = fopen("drprimes.txt", "w");
for (x = 0; x < (int)(sizeof(sizes)/sizeof(sizes[0])); x++) {
top:
printf("Seeking a %d-bit safe prime\n", sizes[x] * DIGIT_BIT);
mp_grow(&a, sizes[x]);
mp_zero(&a);
for (y = 1; y < sizes[x]; y++) {
a.dp[y] = MP_MASK;
}
/* make a DR modulus */
a.dp[0] = -1;
a.used = sizes[x];
/* now loop */
res = 0;
for (;;) {
a.dp[0] += 4;
if (a.dp[0] >= MP_MASK) break;
mp_prime_is_prime(&a, 1, &res);
if (res == 0) continue;
printf("."); fflush(stdout);
mp_sub_d(&a, 1, &b);
mp_div_2(&b, &b);
mp_prime_is_prime(&b, 3, &res);
if (res == 0) continue;
mp_prime_is_prime(&a, 3, &res);
if (res == 1) break;
}
if (res != 1) {
printf("Error not DR modulus\n"); sizes[x] += 1; goto top;
} else {
mp_toradix(&a, buf, 10);
printf("\n\np == %s\n\n", buf);
fprintf(out, "%d-bit prime:\np == %s\n\n", mp_count_bits(&a), buf); fflush(out);
}
}
fclose(out);
mp_clear(&a);
mp_clear(&b);
return 0;
}
/* figures out if a number is prime (MR test) */
int is_prime(mp_int *N, int *result)
{
int err;
if ((err = mp_prime_is_prime(N, 8, result)) != MP_OKAY) {
return CRYPT_MEM;
}
return CRYPT_OK;
}
static void getp(dss_key *key, unsigned int size) {
DEF_MP_INT(tempX);
DEF_MP_INT(tempC);
DEF_MP_INT(tempP);
DEF_MP_INT(temp2q);
int result;
unsigned char *buf;
m_mp_init_multi(&tempX, &tempC, &tempP, &temp2q, NULL);
/* 2*q */
if (mp_mul_d(key->q, 2, &temp2q) != MP_OKAY) {
fprintf(stderr, "dss key generation failed\n");
exit(1);
}
buf = (unsigned char*)m_malloc(size);
result = 0;
do {
genrandom(buf, size);
buf[0] |= 0x80; /* set the top bit high */
/* X is a random mp_int */
bytes_to_mp(&tempX, buf, size);
/* C = X mod 2q */
if (mp_mod(&tempX, &temp2q, &tempC) != MP_OKAY) {
fprintf(stderr, "dss key generation failed\n");
exit(1);
}
/* P = X - (C - 1) = X - C + 1*/
if (mp_sub(&tempX, &tempC, &tempP) != MP_OKAY) {
fprintf(stderr, "dss key generation failed\n");
exit(1);
}
if (mp_add_d(&tempP, 1, key->p) != MP_OKAY) {
fprintf(stderr, "dss key generation failed\n");
exit(1);
}
/* now check for prime, 5 rounds is enough according to HAC */
/* result == 1 => p is prime */
if (mp_prime_is_prime(key->p, 5, &result) != MP_OKAY) {
fprintf(stderr, "dss key generation failed\n");
exit(1);
}
} while (!result);
mp_clear_multi(&tempX, &tempC, &tempP, &temp2q, NULL);
m_burn(buf, size);
m_free(buf);
}
static int isprime(void *a, int *b)
{
int err;
LTC_ARGCHK(a != NULL);
LTC_ARGCHK(b != NULL);
err = mpi_to_ltc_error(mp_prime_is_prime(a, 8, b));
*b = (*b == MP_YES) ? LTC_MP_YES : LTC_MP_NO;
return err;
}
static int _prime_test(void)
{
void *p, *g, *tmp;
int x, err, primality;
if ((err = mp_init_multi(&p, &g, &tmp, NULL)) != CRYPT_OK) { goto error; }
for (x = 0; ltc_dh_sets[x].size != 0; x++) {
if ((err = mp_read_radix(g, ltc_dh_sets[x].base, 16)) != CRYPT_OK) { goto error; }
if ((err = mp_read_radix(p, ltc_dh_sets[x].prime, 16)) != CRYPT_OK) { goto error; }
/* ensure p is prime */
if ((err = mp_prime_is_prime(p, 8, &primality)) != CRYPT_OK) { goto done; }
if (primality != LTC_MP_YES ) {
err = CRYPT_FAIL_TESTVECTOR;
goto done;
}
if ((err = mp_sub_d(p, 1, tmp)) != CRYPT_OK) { goto error; }
if ((err = mp_div_2(tmp, tmp)) != CRYPT_OK) { goto error; }
/* ensure (p-1)/2 is prime */
if ((err = mp_prime_is_prime(tmp, 8, &primality)) != CRYPT_OK) { goto done; }
if (primality == 0) {
err = CRYPT_FAIL_TESTVECTOR;
goto done;
}
/* now see if g^((p-1)/2) mod p is in fact 1 */
if ((err = mp_exptmod(g, tmp, p, tmp)) != CRYPT_OK) { goto error; }
if (mp_cmp_d(tmp, 1)) {
err = CRYPT_FAIL_TESTVECTOR;
goto done;
}
}
err = CRYPT_OK;
error:
done:
mp_clear_multi(tmp, g, p, NULL);
return err;
}
int rand_prime(void *N, long len, prng_state *prng, int wprng)
{
int err, res, type;
unsigned char *buf;
LTC_ARGCHK(N != NULL);
/* get type */
if (len < 0) {
type = USE_BBS;
len = -len;
} else {
type = 0;
}
/* allow sizes between 2 and 512 bytes for a prime size */
if (len < 2 || len > 512) {
return CRYPT_INVALID_PRIME_SIZE;
}
/* valid PRNG? Better be! */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
/* allocate buffer to work with */
buf = XCALLOC(1, len);
if (buf == NULL) {
return CRYPT_MEM;
}
do {
/* generate value */
if (prng_descriptor[wprng].read(buf, len, prng) != (unsigned long)len) {
XFREE(buf);
return CRYPT_ERROR_READPRNG;
}
/* munge bits */
buf[0] |= 0x80 | 0x40;
buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
/* load value */
if ((err = mp_read_unsigned_bin(N, buf, len)) != CRYPT_OK) {
XFREE(buf);
return err;
}
/* test */
if ((err = mp_prime_is_prime(N, 8, &res)) != CRYPT_OK) {
XFREE(buf);
return err;
}
} while (res == LTC_MP_NO);
#ifdef LTC_CLEAN_STACK
zeromem(buf, len);
#endif
XFREE(buf);
return CRYPT_OK;
}
static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
{
int err, res, type;
byte* buf;
(void)heap;
if (N == NULL || rng == NULL)
return BAD_FUNC_ARG;
/* get type */
if (len < 0) {
type = USE_BBS;
len = -len;
} else {
type = 0;
}
/* allow sizes between 2 and 512 bytes for a prime size */
if (len < 2 || len > 512) {
return BAD_FUNC_ARG;
}
/* allocate buffer to work with */
buf = XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
if (buf == NULL) {
return MEMORY_E;
}
XMEMSET(buf, 0, len);
do {
#ifdef SHOW_GEN
printf(".");
fflush(stdout);
#endif
/* generate value */
RNG_GenerateBlock(rng, buf, len);
/* munge bits */
buf[0] |= 0x80 | 0x40;
buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
/* load value */
if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) {
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return err;
}
/* test */
if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) {
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return err;
}
} while (res == MP_NO);
#ifdef LTC_CLEAN_STACK
XMEMSET(buf, 0, len);
#endif
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return 0;
}
int
is_mersenne (long s, int *pp)
{
mp_int n, u;
int res, k;
*pp = 0;
if ((res = mp_init (&n)) != MP_OKAY) {
return res;
}
if ((res = mp_init (&u)) != MP_OKAY) {
goto LBL_N;
}
/* n = 2^s - 1 */
if ((res = mp_2expt(&n, s)) != MP_OKAY) {
goto LBL_MU;
}
if ((res = mp_sub_d (&n, 1, &n)) != MP_OKAY) {
goto LBL_MU;
}
/* set u=4 */
mp_set (&u, 4);
/* for k=1 to s-2 do */
for (k = 1; k <= s - 2; k++) {
/* u = u^2 - 2 mod n */
if ((res = mp_sqr (&u, &u)) != MP_OKAY) {
goto LBL_MU;
}
if ((res = mp_sub_d (&u, 2, &u)) != MP_OKAY) {
goto LBL_MU;
}
/* make sure u is positive */
while (u.sign == MP_NEG) {
if ((res = mp_add (&u, &n, &u)) != MP_OKAY) {
goto LBL_MU;
}
}
/* reduce */
if ((res = mp_reduce_2k (&u, &n, 1)) != MP_OKAY) {
goto LBL_MU;
}
}
/* if u == 0 then its prime */
if (mp_iszero (&u) == 1) {
mp_prime_is_prime(&n, 8, pp);
if (*pp != 1) printf("FAILURE\n");
}
res = MP_OKAY;
LBL_MU:mp_clear (&u);
LBL_N:mp_clear (&n);
return res;
}
/**
Create DSA parameters (INTERNAL ONLY, not part of public API)
@param prng An active PRNG state
@param wprng The index of the PRNG desired
@param group_size Size of the multiplicative group (octets)
@param modulus_size Size of the modulus (octets)
@param p [out] bignum where generated 'p' is stored (must be initialized by caller)
@param q [out] bignum where generated 'q' is stored (must be initialized by caller)
@param g [out] bignum where generated 'g' is stored (must be initialized by caller)
@return CRYPT_OK if successful, upon error this function will free all allocated memory
*/
static int _dsa_make_params(prng_state *prng, int wprng, int group_size, int modulus_size, void *p, void *q, void *g)
{
unsigned long L, N, n, outbytes, seedbytes, counter, j, i;
int err, res, mr_tests_q, mr_tests_p, found_p, found_q, hash;
unsigned char *wbuf, *sbuf, digest[MAXBLOCKSIZE];
void *t2L1, *t2N1, *t2q, *t2seedlen, *U, *W, *X, *c, *h, *e, *seedinc;
/* check size */
if (group_size >= LTC_MDSA_MAX_GROUP || group_size < 1 || group_size >= modulus_size) {
return CRYPT_INVALID_ARG;
}
/* FIPS-186-4 A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function
*
* L = The desired length of the prime p (in bits e.g. L = 1024)
* N = The desired length of the prime q (in bits e.g. N = 160)
* seedlen = The desired bit length of the domain parameter seed; seedlen shallbe equal to or greater than N
* outlen = The bit length of Hash function
*
* 1. Check that the (L, N)
* 2. If (seedlen <N), then return INVALID.
* 3. n = ceil(L / outlen) - 1
* 4. b = L- 1 - (n * outlen)
* 5. domain_parameter_seed = an arbitrary sequence of seedlen bits
* 6. U = Hash (domain_parameter_seed) mod 2^(N-1)
* 7. q = 2^(N-1) + U + 1 - (U mod 2)
* 8. Test whether or not q is prime as specified in Appendix C.3
* 9. If qis not a prime, then go to step 5.
* 10. offset = 1
* 11. For counter = 0 to (4L- 1) do {
* For j=0 to n do {
* Vj = Hash ((domain_parameter_seed+ offset + j) mod 2^seedlen
* }
* W = V0 + (V1 *2^outlen) + ... + (Vn-1 * 2^((n-1) * outlen)) + ((Vn mod 2^b) * 2^(n * outlen))
* X = W + 2^(L-1) Comment: 0 <= W < 2^(L-1); hence 2^(L-1) <= X < 2^L
* c = X mod 2*q
* p = X - (c - 1) Comment: p ~ 1 (mod 2*q)
* If (p >= 2^(L-1)) {
* Test whether or not p is prime as specified in Appendix C.3.
* If p is determined to be prime, then return VALID and the values of p, qand (optionally) the values of domain_parameter_seed and counter
* }
* offset = offset + n + 1 Comment: Increment offset
* }
*/
seedbytes = group_size;
L = (unsigned long)modulus_size * 8;
N = (unsigned long)group_size * 8;
/* XXX-TODO no Lucas test */
#ifdef LTC_MPI_HAS_LUCAS_TEST
/* M-R tests (when followed by one Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */
mr_tests_p = (L <= 2048) ? 3 : 2;
if (N <= 160) { mr_tests_q = 19; }
else if (N <= 224) { mr_tests_q = 24; }
else { mr_tests_q = 27; }
#else
/* M-R tests (without Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */
if (L <= 1024) { mr_tests_p = 40; }
else if (L <= 2048) { mr_tests_p = 56; }
else { mr_tests_p = 64; }
if (N <= 160) { mr_tests_q = 40; }
else if (N <= 224) { mr_tests_q = 56; }
else { mr_tests_q = 64; }
#endif
if (N <= 256) {
hash = register_hash(&sha256_desc);
}
else if (N <= 384) {
hash = register_hash(&sha384_desc);
}
else if (N <= 512) {
hash = register_hash(&sha512_desc);
}
else {
return CRYPT_INVALID_ARG; /* group_size too big */
}
if ((err = hash_is_valid(hash)) != CRYPT_OK) { return err; }
outbytes = hash_descriptor[hash].hashsize;
n = ((L + outbytes*8 - 1) / (outbytes*8)) - 1;
if ((wbuf = XMALLOC((n+1)*outbytes)) == NULL) { err = CRYPT_MEM; goto cleanup3; }
if ((sbuf = XMALLOC(seedbytes)) == NULL) { err = CRYPT_MEM; goto cleanup2; }
err = mp_init_multi(&t2L1, &t2N1, &t2q, &t2seedlen, &U, &W, &X, &c, &h, &e, &seedinc, NULL);
if (err != CRYPT_OK) { goto cleanup1; }
if ((err = mp_2expt(t2L1, L-1)) != CRYPT_OK) { goto cleanup; }
/* t2L1 = 2^(L-1) */
if ((err = mp_2expt(t2N1, N-1)) != CRYPT_OK) { goto cleanup; }
/* t2N1 = 2^(N-1) */
if ((err = mp_2expt(t2seedlen, seedbytes*8)) != CRYPT_OK) { goto cleanup; }
/* t2seedlen = 2^seedlen */
for(found_p=0; !found_p;) {
/* q */
for(found_q=0; !found_q;) {
if (prng_descriptor[wprng].read(sbuf, seedbytes, prng) != seedbytes) { err = CRYPT_ERROR_READPRNG; goto cleanup; }
i = outbytes;
if ((err = hash_memory(hash, sbuf, seedbytes, digest, &i)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_read_unsigned_bin(U, digest, outbytes)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_mod(U, t2N1, U)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_add(t2N1, U, q)) != CRYPT_OK) { goto cleanup; }
if (!mp_isodd(q)) mp_add_d(q, 1, q);
if ((err = mp_prime_is_prime(q, mr_tests_q, &res)) != CRYPT_OK) { goto cleanup; }
if (res == LTC_MP_YES) found_q = 1;
}
/* p */
if ((err = mp_read_unsigned_bin(seedinc, sbuf, seedbytes)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_add(q, q, t2q)) != CRYPT_OK) { goto cleanup; }
for(counter=0; counter < 4*L && !found_p; counter++) {
for(j=0; j<=n; j++) {
if ((err = mp_add_d(seedinc, 1, seedinc)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_mod(seedinc, t2seedlen, seedinc)) != CRYPT_OK) { goto cleanup; }
/* seedinc = (seedinc+1) % 2^seed_bitlen */
if ((i = mp_unsigned_bin_size(seedinc)) > seedbytes) { err = CRYPT_INVALID_ARG; goto cleanup; }
zeromem(sbuf, seedbytes);
if ((err = mp_to_unsigned_bin(seedinc, sbuf + seedbytes-i)) != CRYPT_OK) { goto cleanup; }
i = outbytes;
err = hash_memory(hash, sbuf, seedbytes, wbuf+(n-j)*outbytes, &i);
if (err != CRYPT_OK) { goto cleanup; }
}
if ((err = mp_read_unsigned_bin(W, wbuf, (n+1)*outbytes)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_mod(W, t2L1, W)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_add(W, t2L1, X)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_mod(X, t2q, c)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_sub_d(c, 1, p)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_sub(X, p, p)) != CRYPT_OK) { goto cleanup; }
if (mp_cmp(p, t2L1) != LTC_MP_LT) {
/* p >= 2^(L-1) */
if ((err = mp_prime_is_prime(p, mr_tests_p, &res)) != CRYPT_OK) { goto cleanup; }
if (res == LTC_MP_YES) {
found_p = 1;
}
}
}
}
/* FIPS-186-4 A.2.1 Unverifiable Generation of the Generator g
* 1. e = (p - 1)/q
* 2. h = any integer satisfying: 1 < h < (p - 1)
* h could be obtained from a random number generator or from a counter that changes after each use
* 3. g = h^e mod p
* 4. if (g == 1), then go to step 2.
*
*/
if ((err = mp_sub_d(p, 1, e)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_div(e, q, e, c)) != CRYPT_OK) { goto cleanup; }
/* e = (p - 1)/q */
i = mp_count_bits(p);
do {
do {
if ((err = rand_bn_bits(h, i, prng, wprng)) != CRYPT_OK) { goto cleanup; }
} while (mp_cmp(h, p) != LTC_MP_LT || mp_cmp_d(h, 2) != LTC_MP_GT);
if ((err = mp_sub_d(h, 1, h)) != CRYPT_OK) { goto cleanup; }
/* h is randon and 1 < h < (p-1) */
if ((err = mp_exptmod(h, e, p, g)) != CRYPT_OK) { goto cleanup; }
} while (mp_cmp_d(g, 1) == LTC_MP_EQ);
err = CRYPT_OK;
cleanup:
mp_clear_multi(t2L1, t2N1, t2q, t2seedlen, U, W, X, c, h, e, seedinc, NULL);
cleanup1:
XFREE(sbuf);
cleanup2:
XFREE(wbuf);
cleanup3:
return err;
}
lnc_key_t *lnc_gen_key(const size_t size, int *status) {
mp_int small_prime, random, mul, s, tmp;
mp_int modulus, root, public_key, secret_key;
int test_small, test_full;
uint32_t smallsize = lnc_suggest_subgroup(size);
int ret;
lnc_key_t *out;
if(size > UINT_MAX) {
*status = LNC_ERR_OVER;
return NULL;
}
test_small = mp_prime_rabin_miller_trials((int)smallsize);
test_full = mp_prime_rabin_miller_trials((int)size);
if((ret = mp_init_multi(&small_prime, &random, &mul, &s, &tmp, &modulus, &root, &secret_key, &public_key, NULL)) != MP_OKAY) {
*status = LNC_ERR_LTM;
return NULL;
}
/*
* The modulus is created in the form p = q * r + 1. This aids
* in finding g and guarantees a large prime factor (q) in the
* order of the group. I the order of the group contains only
* small prime factors, the key can be attacked easily.
*/
printf("libnetcrypt: Generating small prime (%d bits)...\n", smallsize);
mp_prime_random_ex(&small_prime, test_small, smallsize, 0, lnc_fill_random, NULL);
printf("libnetcrypt: Generating modulus... (%d bits)\n", size);
do {
do {
mp_random(&random, size - smallsize);
} while(mp_cmp_d(&random, 0) == MP_EQ);
mp_mul(&small_prime, &random, &mul);
mp_add1(&mul, &modulus);
mp_prime_is_prime(&modulus, test_full, &ret);
} while(!ret);
/* Specified in FIPS 186-4 A.2.1 */
printf("libnetcrypt: Generating generator...\n");
do {
mp_random(&s, size - smallsize);
mp_exptmod(&s, &random, &modulus, &root);
} while(mp_cmp_d(&root, 1) == MP_EQ);
/*
* We make sure a and g^a != 1 as these would make
* determining the shared secret trivial.
*/
printf("libnetcrypt: Generating secret and public key...\n");
do {
do {
mp_random(&secret_key, size);
} while((mp_cmp_d(&secret_key, 1) == MP_EQ) || (mp_cmp_mag(&secret_key, &modulus) != MP_LT));
mp_exptmod(&root, &secret_key, &modulus, &public_key);
} while(mp_cmp_d(&public_key, 1) == MP_EQ);
out = malloc(sizeof(lnc_key_t));
out->generator = root;
out->modulus = modulus;
out->secret_key = secret_key;
out->public_key = public_key;
printf("libnetcrypt: Done.\n");
mp_clear_multi(&small_prime, &random, &mul, &s, &tmp, NULL);
*status = LNC_OK;
return out;
}
int main(void)
{
mp_int a, b, c, d, e, f;
unsigned long expt_n, add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n,
gcd_n, lcm_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n, t;
unsigned rr;
int i, n, err, cnt, ix, old_kara_m, old_kara_s;
mp_digit mp;
mp_init(&a);
mp_init(&b);
mp_init(&c);
mp_init(&d);
mp_init(&e);
mp_init(&f);
srand(time(NULL));
#if 0
// test montgomery
printf("Testing montgomery...\n");
for (i = 1; i < 10; i++) {
printf("Testing digit size: %d\n", i);
for (n = 0; n < 1000; n++) {
mp_rand(&a, i);
a.dp[0] |= 1;
// let's see if R is right
mp_montgomery_calc_normalization(&b, &a);
mp_montgomery_setup(&a, &mp);
// now test a random reduction
for (ix = 0; ix < 100; ix++) {
mp_rand(&c, 1 + abs(rand()) % (2*i));
mp_copy(&c, &d);
mp_copy(&c, &e);
mp_mod(&d, &a, &d);
mp_montgomery_reduce(&c, &a, mp);
mp_mulmod(&c, &b, &a, &c);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("d = e mod a, c = e MOD a\n");
mp_todecimal(&a, buf); printf("a = %s\n", buf);
mp_todecimal(&e, buf); printf("e = %s\n", buf);
mp_todecimal(&d, buf); printf("d = %s\n", buf);
mp_todecimal(&c, buf); printf("c = %s\n", buf);
printf("compare no compare!\n"); exit(EXIT_FAILURE); }
}
}
}
printf("done\n");
// test mp_get_int
printf("Testing: mp_get_int\n");
for (i = 0; i < 1000; ++i) {
t = ((unsigned long) rand() * rand() + 1) & 0xFFFFFFFF;
mp_set_int(&a, t);
if (t != mp_get_int(&a)) {
printf("mp_get_int() bad result!\n");
return 1;
}
}
mp_set_int(&a, 0);
if (mp_get_int(&a) != 0) {
printf("mp_get_int() bad result!\n");
return 1;
}
mp_set_int(&a, 0xffffffff);
if (mp_get_int(&a) != 0xffffffff) {
printf("mp_get_int() bad result!\n");
return 1;
}
// test mp_sqrt
printf("Testing: mp_sqrt\n");
for (i = 0; i < 1000; ++i) {
printf("%6d\r", i);
fflush(stdout);
n = (rand() & 15) + 1;
mp_rand(&a, n);
if (mp_sqrt(&a, &b) != MP_OKAY) {
printf("mp_sqrt() error!\n");
return 1;
}
mp_n_root(&a, 2, &a);
if (mp_cmp_mag(&b, &a) != MP_EQ) {
printf("mp_sqrt() bad result!\n");
return 1;
}
}
printf("\nTesting: mp_is_square\n");
for (i = 0; i < 1000; ++i) {
printf("%6d\r", i);
fflush(stdout);
/* test mp_is_square false negatives */
n = (rand() & 7) + 1;
mp_rand(&a, n);
mp_sqr(&a, &a);
if (mp_is_square(&a, &n) != MP_OKAY) {
printf("fn:mp_is_square() error!\n");
return 1;
}
if (n == 0) {
printf("fn:mp_is_square() bad result!\n");
return 1;
}
/* test for false positives */
mp_add_d(&a, 1, &a);
if (mp_is_square(&a, &n) != MP_OKAY) {
printf("fp:mp_is_square() error!\n");
return 1;
}
if (n == 1) {
printf("fp:mp_is_square() bad result!\n");
return 1;
}
}
printf("\n\n");
/* test for size */
for (ix = 10; ix < 128; ix++) {
printf("Testing (not safe-prime): %9d bits \r", ix);
fflush(stdout);
err =
mp_prime_random_ex(&a, 8, ix,
(rand() & 1) ? LTM_PRIME_2MSB_OFF :
LTM_PRIME_2MSB_ON, myrng, NULL);
if (err != MP_OKAY) {
printf("failed with err code %d\n", err);
return EXIT_FAILURE;
}
if (mp_count_bits(&a) != ix) {
printf("Prime is %d not %d bits!!!\n", mp_count_bits(&a), ix);
return EXIT_FAILURE;
}
}
for (ix = 16; ix < 128; ix++) {
printf("Testing ( safe-prime): %9d bits \r", ix);
fflush(stdout);
err =
mp_prime_random_ex(&a, 8, ix,
((rand() & 1) ? LTM_PRIME_2MSB_OFF :
LTM_PRIME_2MSB_ON) | LTM_PRIME_SAFE, myrng,
NULL);
if (err != MP_OKAY) {
printf("failed with err code %d\n", err);
return EXIT_FAILURE;
}
if (mp_count_bits(&a) != ix) {
printf("Prime is %d not %d bits!!!\n", mp_count_bits(&a), ix);
return EXIT_FAILURE;
}
/* let's see if it's really a safe prime */
mp_sub_d(&a, 1, &a);
mp_div_2(&a, &a);
mp_prime_is_prime(&a, 8, &cnt);
if (cnt != MP_YES) {
printf("sub is not prime!\n");
return EXIT_FAILURE;
}
}
printf("\n\n");
mp_read_radix(&a, "123456", 10);
mp_toradix_n(&a, buf, 10, 3);
printf("a == %s\n", buf);
mp_toradix_n(&a, buf, 10, 4);
printf("a == %s\n", buf);
mp_toradix_n(&a, buf, 10, 30);
printf("a == %s\n", buf);
#if 0
for (;;) {
fgets(buf, sizeof(buf), stdin);
mp_read_radix(&a, buf, 10);
mp_prime_next_prime(&a, 5, 1);
mp_toradix(&a, buf, 10);
printf("%s, %lu\n", buf, a.dp[0] & 3);
}
#endif
/* test mp_cnt_lsb */
printf("testing mp_cnt_lsb...\n");
mp_set(&a, 1);
for (ix = 0; ix < 1024; ix++) {
if (mp_cnt_lsb(&a) != ix) {
printf("Failed at %d, %d\n", ix, mp_cnt_lsb(&a));
return 0;
}
mp_mul_2(&a, &a);
}
/* test mp_reduce_2k */
printf("Testing mp_reduce_2k...\n");
for (cnt = 3; cnt <= 128; ++cnt) {
mp_digit tmp;
mp_2expt(&a, cnt);
mp_sub_d(&a, 2, &a); /* a = 2**cnt - 2 */
printf("\nTesting %4d bits", cnt);
printf("(%d)", mp_reduce_is_2k(&a));
mp_reduce_2k_setup(&a, &tmp);
printf("(%d)", tmp);
for (ix = 0; ix < 1000; ix++) {
if (!(ix & 127)) {
printf(".");
fflush(stdout);
}
mp_rand(&b, (cnt / DIGIT_BIT + 1) * 2);
mp_copy(&c, &b);
mp_mod(&c, &a, &c);
mp_reduce_2k(&b, &a, 2);
if (mp_cmp(&c, &b)) {
printf("FAILED\n");
exit(0);
}
}
}
/* test mp_div_3 */
printf("Testing mp_div_3...\n");
mp_set(&d, 3);
for (cnt = 0; cnt < 10000;) {
mp_digit r1, r2;
if (!(++cnt & 127))
printf("%9d\r", cnt);
mp_rand(&a, abs(rand()) % 128 + 1);
mp_div(&a, &d, &b, &e);
mp_div_3(&a, &c, &r2);
if (mp_cmp(&b, &c) || mp_cmp_d(&e, r2)) {
printf("\n\nmp_div_3 => Failure\n");
}
}
printf("\n\nPassed div_3 testing\n");
/* test the DR reduction */
printf("testing mp_dr_reduce...\n");
for (cnt = 2; cnt < 32; cnt++) {
printf("%d digit modulus\n", cnt);
mp_grow(&a, cnt);
mp_zero(&a);
for (ix = 1; ix < cnt; ix++) {
a.dp[ix] = MP_MASK;
}
a.used = cnt;
a.dp[0] = 3;
mp_rand(&b, cnt - 1);
mp_copy(&b, &c);
rr = 0;
do {
if (!(rr & 127)) {
printf("%9lu\r", rr);
fflush(stdout);
}
mp_sqr(&b, &b);
mp_add_d(&b, 1, &b);
mp_copy(&b, &c);
mp_mod(&b, &a, &b);
mp_dr_reduce(&c, &a, (((mp_digit) 1) << DIGIT_BIT) - a.dp[0]);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("Failed on trial %lu\n", rr);
exit(-1);
}
} while (++rr < 500);
printf("Passed DR test for %d digits\n", cnt);
}
#endif
/* test the mp_reduce_2k_l code */
#if 0
#if 0
/* first load P with 2^1024 - 0x2A434 B9FDEC95 D8F9D550 FFFFFFFF FFFFFFFF */
mp_2expt(&a, 1024);
mp_read_radix(&b, "2A434B9FDEC95D8F9D550FFFFFFFFFFFFFFFF", 16);
mp_sub(&a, &b, &a);
#elif 1
/* p = 2^2048 - 0x1 00000000 00000000 00000000 00000000 4945DDBF 8EA2A91D 5776399B B83E188F */
mp_2expt(&a, 2048);
mp_read_radix(&b,
"1000000000000000000000000000000004945DDBF8EA2A91D5776399BB83E188F",
16);
mp_sub(&a, &b, &a);
#endif
mp_todecimal(&a, buf);
printf("p==%s\n", buf);
/* now mp_reduce_is_2k_l() should return */
if (mp_reduce_is_2k_l(&a) != 1) {
printf("mp_reduce_is_2k_l() return 0, should be 1\n");
return EXIT_FAILURE;
}
mp_reduce_2k_setup_l(&a, &d);
/* now do a million square+1 to see if it varies */
mp_rand(&b, 64);
mp_mod(&b, &a, &b);
mp_copy(&b, &c);
printf("testing mp_reduce_2k_l...");
fflush(stdout);
for (cnt = 0; cnt < (1UL << 20); cnt++) {
mp_sqr(&b, &b);
mp_add_d(&b, 1, &b);
mp_reduce_2k_l(&b, &a, &d);
mp_sqr(&c, &c);
mp_add_d(&c, 1, &c);
mp_mod(&c, &a, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("mp_reduce_2k_l() failed at step %lu\n", cnt);
mp_tohex(&b, buf);
printf("b == %s\n", buf);
mp_tohex(&c, buf);
printf("c == %s\n", buf);
return EXIT_FAILURE;
}
}
printf("...Passed\n");
#endif
div2_n = mul2_n = inv_n = expt_n = lcm_n = gcd_n = add_n =
sub_n = mul_n = div_n = sqr_n = mul2d_n = div2d_n = cnt = add_d_n =
sub_d_n = 0;
/* force KARA and TOOM to enable despite cutoffs */
KARATSUBA_SQR_CUTOFF = KARATSUBA_MUL_CUTOFF = 8;
TOOM_SQR_CUTOFF = TOOM_MUL_CUTOFF = 16;
for (;;) {
/* randomly clear and re-init one variable, this has the affect of triming the alloc space */
switch (abs(rand()) % 7) {
case 0:
mp_clear(&a);
mp_init(&a);
break;
case 1:
mp_clear(&b);
mp_init(&b);
break;
case 2:
mp_clear(&c);
mp_init(&c);
break;
case 3:
mp_clear(&d);
mp_init(&d);
break;
case 4:
mp_clear(&e);
mp_init(&e);
break;
case 5:
mp_clear(&f);
mp_init(&f);
break;
case 6:
break; /* don't clear any */
}
printf
("%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu ",
add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n, gcd_n, lcm_n,
expt_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n);
fgets(cmd, 4095, stdin);
cmd[strlen(cmd) - 1] = 0;
printf("%s ]\r", cmd);
fflush(stdout);
if (!strcmp(cmd, "mul2d")) {
++mul2d_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
sscanf(buf, "%d", &rr);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_mul_2d(&a, rr, &a);
a.sign = b.sign;
if (mp_cmp(&a, &b) != MP_EQ) {
printf("mul2d failed, rr == %d\n", rr);
draw(&a);
draw(&b);
return 0;
}
} else if (!strcmp(cmd, "div2d")) {
++div2d_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
sscanf(buf, "%d", &rr);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_div_2d(&a, rr, &a, &e);
a.sign = b.sign;
if (a.used == b.used && a.used == 0) {
a.sign = b.sign = MP_ZPOS;
}
if (mp_cmp(&a, &b) != MP_EQ) {
printf("div2d failed, rr == %d\n", rr);
draw(&a);
draw(&b);
return 0;
}
} else if (!strcmp(cmd, "add")) {
++add_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_add(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("add %lu failure!\n", add_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
/* test the sign/unsigned storage functions */
rr = mp_signed_bin_size(&c);
mp_to_signed_bin(&c, (unsigned char *) cmd);
memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
mp_read_signed_bin(&d, (unsigned char *) cmd, rr);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("mp_signed_bin failure!\n");
draw(&c);
draw(&d);
return 0;
}
rr = mp_unsigned_bin_size(&c);
mp_to_unsigned_bin(&c, (unsigned char *) cmd);
memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
mp_read_unsigned_bin(&d, (unsigned char *) cmd, rr);
if (mp_cmp_mag(&c, &d) != MP_EQ) {
printf("mp_unsigned_bin failure!\n");
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "sub")) {
++sub_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_sub(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("sub %lu failure!\n", sub_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "mul")) {
++mul_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_mul(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("mul %lu failure!\n", mul_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "div")) {
++div_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&d, buf, 64);
mp_div(&a, &b, &e, &f);
if (mp_cmp(&c, &e) != MP_EQ || mp_cmp(&d, &f) != MP_EQ) {
printf("div %lu %d, %d, failure!\n", div_n, mp_cmp(&c, &e),
mp_cmp(&d, &f));
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
draw(&f);
return 0;
}
} else if (!strcmp(cmd, "sqr")) {
++sqr_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_copy(&a, &c);
mp_sqr(&c, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("sqr %lu failure!\n", sqr_n);
draw(&a);
draw(&b);
draw(&c);
return 0;
}
} else if (!strcmp(cmd, "gcd")) {
++gcd_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_gcd(&d, &b, &d);
d.sign = c.sign;
if (mp_cmp(&c, &d) != MP_EQ) {
printf("gcd %lu failure!\n", gcd_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "lcm")) {
++lcm_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_lcm(&d, &b, &d);
d.sign = c.sign;
if (mp_cmp(&c, &d) != MP_EQ) {
printf("lcm %lu failure!\n", lcm_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return 0;
}
} else if (!strcmp(cmd, "expt")) {
++expt_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&d, buf, 64);
mp_copy(&a, &e);
mp_exptmod(&e, &b, &c, &e);
if (mp_cmp(&d, &e) != MP_EQ) {
printf("expt %lu failure!\n", expt_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
return 0;
}
} else if (!strcmp(cmd, "invmod")) {
++inv_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&c, buf, 64);
mp_invmod(&a, &b, &d);
mp_mulmod(&d, &a, &b, &e);
if (mp_cmp_d(&e, 1) != MP_EQ) {
printf("inv [wrong value from MPI?!] failure\n");
draw(&a);
draw(&b);
draw(&c);
draw(&d);
mp_gcd(&a, &b, &e);
draw(&e);
return 0;
}
} else if (!strcmp(cmd, "div2")) {
++div2_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_div_2(&a, &c);
if (mp_cmp(&c, &b) != MP_EQ) {
printf("div_2 %lu failure\n", div2_n);
draw(&a);
draw(&b);
draw(&c);
return 0;
}
} else if (!strcmp(cmd, "mul2")) {
++mul2_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_mul_2(&a, &c);
if (mp_cmp(&c, &b) != MP_EQ) {
printf("mul_2 %lu failure\n", mul2_n);
draw(&a);
draw(&b);
draw(&c);
return 0;
}
} else if (!strcmp(cmd, "add_d")) {
++add_d_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
sscanf(buf, "%d", &ix);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_add_d(&a, ix, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("add_d %lu failure\n", add_d_n);
draw(&a);
draw(&b);
draw(&c);
printf("d == %d\n", ix);
return 0;
}
} else if (!strcmp(cmd, "sub_d")) {
++sub_d_n;
fgets(buf, 4095, stdin);
mp_read_radix(&a, buf, 64);
fgets(buf, 4095, stdin);
sscanf(buf, "%d", &ix);
fgets(buf, 4095, stdin);
mp_read_radix(&b, buf, 64);
mp_sub_d(&a, ix, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("sub_d %lu failure\n", sub_d_n);
draw(&a);
draw(&b);
draw(&c);
printf("d == %d\n", ix);
return 0;
}
}
}
return 0;
}
/* modulus_size in bits */
int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
{
mp_int tmp, tmp2;
int err, msize, qsize,
loop_check_prime = 0,
check_prime = MP_NO;
unsigned char *buf;
if (rng == NULL || dsa == NULL)
return BAD_FUNC_ARG;
/* set group size in bytes from modulus size
* FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
*/
switch (modulus_size) {
case 1024:
qsize = 20;
break;
case 2048:
case 3072:
qsize = 32;
break;
default:
return BAD_FUNC_ARG;
break;
}
/* modulus size in bytes */
msize = modulus_size / 8;
/* allocate ram */
buf = (unsigned char *)XMALLOC(msize - qsize,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL) {
return MEMORY_E;
}
/* make a random string that will be multplied against q */
err = wc_RNG_GenerateBlock(rng, buf, msize - qsize);
if (err != MP_OKAY) {
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
/* force magnitude */
buf[0] |= 0xC0;
/* force even */
buf[msize - qsize - 1] &= ~1;
if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) {
mp_clear(&dsa->q);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MP_INIT_E;
}
err = mp_read_unsigned_bin(&tmp2, buf, msize - qsize);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* make our prime q */
err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return err;
}
/* p = random * q */
err = mp_mul(&dsa->q, &tmp2, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return err;
}
/* p = random * q + 1, so q is a prime divisor of p-1 */
err = mp_add_d(&dsa->p, 1, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return err;
}
if (mp_init(&tmp) != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return MP_INIT_E;
}
/* tmp = 2q */
err = mp_add(&dsa->q, &dsa->q, &tmp);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
/* loop until p is prime */
while (check_prime == MP_NO) {
err = mp_prime_is_prime(&dsa->p, 8, &check_prime);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
if (check_prime != MP_YES) {
/* p += 2q */
err = mp_add(&tmp, &dsa->p, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
loop_check_prime++;
}
}
/* tmp2 += (2*loop_check_prime)
* to have p = (q * tmp2) + 1 prime
*/
if (loop_check_prime) {
err = mp_add_d(&tmp2, 2*loop_check_prime, &tmp2);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
}
if (mp_init(&dsa->g) != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return MP_INIT_E;
}
/* find a value g for which g^tmp2 != 1 */
mp_set(&dsa->g, 1);
do {
err = mp_add_d(&dsa->g, 1, &dsa->g);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&dsa->g);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
err = mp_exptmod(&dsa->g, &tmp2, &dsa->p, &tmp);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&dsa->g);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
} while (mp_cmp_d(&tmp, 1) == MP_EQ);
/* at this point tmp generates a group of order q mod p */
mp_exch(&tmp, &dsa->g);
mp_clear(&tmp);
mp_clear(&tmp2);
return MP_OKAY;
}
int main(void)
{
char buf[2000];
int x, y;
mp_int q, p;
FILE *out;
clock_t t1;
mp_digit z;
mp_init_multi(&q, &p, NULL);
out = fopen("2kprime.1", "w");
for (x = 0; x < (int)(sizeof(sizes) / sizeof(sizes[0])); x++) {
top:
mp_2expt(&q, sizes[x]);
mp_add_d(&q, 3, &q);
z = -3;
t1 = clock();
for(;;) {
mp_sub_d(&q, 4, &q);
z += 4;
if (z > MP_MASK) {
printf("No primes of size %d found\n", sizes[x]);
break;
}
if (clock() - t1 > CLOCKS_PER_SEC) {
printf("."); fflush(stdout);
// sleep((clock() - t1 + CLOCKS_PER_SEC/2)/CLOCKS_PER_SEC);
t1 = clock();
}
/* quick test on q */
mp_prime_is_prime(&q, 1, &y);
if (y == 0) {
continue;
}
/* find (q-1)/2 */
mp_sub_d(&q, 1, &p);
mp_div_2(&p, &p);
mp_prime_is_prime(&p, 3, &y);
if (y == 0) {
continue;
}
/* test on q */
mp_prime_is_prime(&q, 3, &y);
if (y == 0) {
continue;
}
break;
}
if (y == 0) {
++sizes[x];
goto top;
}
mp_toradix(&q, buf, 10);
printf("\n\n%d-bits (k = %lu) = %s\n", sizes[x], z, buf);
fprintf(out, "%d-bits (k = %lu) = %s\n", sizes[x], z, buf); fflush(out);
}
return 0;
}
/**
Create a DSA key
@param prng An active PRNG state
@param wprng The index of the PRNG desired
@param group_size Size of the multiplicative group (octets)
@param modulus_size Size of the modulus (octets)
@param key [out] Where to store the created key
@return CRYPT_OK if successful, upon error this function will free all allocated memory
*/
int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key)
{
void *tmp, *tmp2;
int err, res;
unsigned char *buf;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
/* check prng */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
/* check size */
if (group_size >= MDSA_MAX_GROUP || group_size <= 15 ||
group_size >= modulus_size || (modulus_size - group_size) >= MDSA_DELTA) {
return CRYPT_INVALID_ARG;
}
/* allocate ram */
buf = XMALLOC(MDSA_DELTA);
if (buf == NULL) {
return CRYPT_MEM;
}
/* init mp_ints */
if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) {
XFREE(buf);
return err;
}
/* make our prime q */
if ((err = rand_prime(key->q, group_size, prng, wprng)) != CRYPT_OK) { goto error; }
/* double q */
if ((err = mp_add(key->q, key->q, tmp)) != CRYPT_OK) { goto error; }
/* now make a random string and multply it against q */
if (prng_descriptor[wprng].read(buf+1, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) {
err = CRYPT_ERROR_READPRNG;
goto error;
}
/* force magnitude */
buf[0] |= 0xC0;
/* force even */
buf[modulus_size - group_size - 1] &= ~1;
if ((err = mp_read_unsigned_bin(tmp2, buf, modulus_size - group_size)) != CRYPT_OK) { goto error; }
if ((err = mp_mul(key->q, tmp2, key->p)) != CRYPT_OK) { goto error; }
if ((err = mp_add_d(key->p, 1, key->p)) != CRYPT_OK) { goto error; }
/* now loop until p is prime */
for (;;) {
if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { goto error; }
if (res == LTC_MP_YES) break;
/* add 2q to p and 2 to tmp2 */
if ((err = mp_add(tmp, key->p, key->p)) != CRYPT_OK) { goto error; }
if ((err = mp_add_d(tmp2, 2, tmp2)) != CRYPT_OK) { goto error; }
}
/* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */
mp_set(key->g, 1);
do {
if ((err = mp_add_d(key->g, 1, key->g)) != CRYPT_OK) { goto error; }
if ((err = mp_exptmod(key->g, tmp2, key->p, tmp)) != CRYPT_OK) { goto error; }
} while (mp_cmp_d(tmp, 1) == LTC_MP_EQ);
/* at this point tmp generates a group of order q mod p */
mp_exch(tmp, key->g);
/* so now we have our DH structure, generator g, order q, modulus p
Now we need a random exponent [mod q] and it's power g^x mod p
*/
do {
if (prng_descriptor[wprng].read(buf, group_size, prng) != (unsigned long)group_size) {
err = CRYPT_ERROR_READPRNG;
goto error;
}
if ((err = mp_read_unsigned_bin(key->x, buf, group_size)) != CRYPT_OK) { goto error; }
} while (mp_cmp_d(key->x, 1) != LTC_MP_GT);
if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto error; }
key->type = PK_PRIVATE;
key->qord = group_size;
#ifdef LTC_CLEAN_STACK
zeromem(buf, MDSA_DELTA);
#endif
err = CRYPT_OK;
goto done;
error:
mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL);
done:
mp_clear_multi(tmp, tmp2, NULL);
XFREE(buf);
return err;
}
/**
Verify a DSA key for validity
@param key The key to verify
@param stat [out] Result of test, 1==valid, 0==invalid
@return CRYPT_OK if successful
*/
int dsa_verify_key(dsa_key *key, int *stat)
{
void *tmp, *tmp2;
int res, err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(stat != NULL);
/* default to an invalid key */
*stat = 0;
/* first make sure key->q and key->p are prime */
if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
return CRYPT_OK;
}
if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
return CRYPT_OK;
}
/* now make sure that g is not -1, 0 or 1 and <p */
if (mp_cmp_d(key->g, 0) == LTC_MP_EQ || mp_cmp_d(key->g, 1) == LTC_MP_EQ) {
return CRYPT_OK;
}
if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; }
if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { goto error; }
if (mp_cmp(tmp, key->g) == LTC_MP_EQ || mp_cmp(key->g, key->p) != LTC_MP_LT) {
err = CRYPT_OK;
goto error;
}
/* 1 < y < p-1 */
if (!(mp_cmp_d(key->y, 1) == LTC_MP_GT && mp_cmp(key->y, tmp) == LTC_MP_LT)) {
err = CRYPT_OK;
goto error;
}
/* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */
if ((err = mp_div(tmp, key->q, tmp, tmp2)) != CRYPT_OK) { goto error; }
if (mp_iszero(tmp2) != LTC_MP_YES) {
err = CRYPT_OK;
goto error;
}
if ((err = mp_exptmod(key->g, key->q, key->p, tmp)) != CRYPT_OK) { goto error; }
if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) {
err = CRYPT_OK;
goto error;
}
/* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */
if ((err = mp_exptmod(key->y, key->q, key->p, tmp)) != CRYPT_OK) { goto error; }
if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) {
err = CRYPT_OK;
goto error;
}
/* at this point we are out of tests ;-( */
err = CRYPT_OK;
*stat = 1;
error:
mp_clear_multi(tmp, tmp2, NULL);
return err;
}
int main(void)
{
unsigned rr;
int cnt, ix;
#if LTM_DEMO_TEST_VS_MTEST
unsigned long expt_n, add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n,
gcd_n, lcm_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n;
char* ret;
#else
unsigned long s, t;
unsigned long long q, r;
mp_digit mp;
int i, n, err, should;
#endif
if (mp_init_multi(&a, &b, &c, &d, &e, &f, NULL)!= MP_OKAY)
return EXIT_FAILURE;
atexit(_cleanup);
#if defined(LTM_DEMO_REAL_RAND)
if (!fd_urandom) {
fd_urandom = fopen("/dev/urandom", "r");
if (!fd_urandom) {
#if !defined(_WIN32)
fprintf(stderr, "\ncould not open /dev/urandom\n");
#endif
}
}
#endif
srand(LTM_DEMO_RAND_SEED);
#ifdef MP_8BIT
printf("Digit size 8 Bit \n");
#endif
#ifdef MP_16BIT
printf("Digit size 16 Bit \n");
#endif
#ifdef MP_32BIT
printf("Digit size 32 Bit \n");
#endif
#ifdef MP_64BIT
printf("Digit size 64 Bit \n");
#endif
printf("Size of mp_digit: %u\n", (unsigned int)sizeof(mp_digit));
printf("Size of mp_word: %u\n", (unsigned int)sizeof(mp_word));
printf("DIGIT_BIT: %d\n", DIGIT_BIT);
printf("MP_PREC: %d\n", MP_PREC);
#if LTM_DEMO_TEST_VS_MTEST == 0
// trivial stuff
// a: 0->5
mp_set_int(&a, 5);
// a: 5-> b: -5
mp_neg(&a, &b);
if (mp_cmp(&a, &b) != MP_GT) {
return EXIT_FAILURE;
}
if (mp_cmp(&b, &a) != MP_LT) {
return EXIT_FAILURE;
}
// a: 5-> a: -5
mp_neg(&a, &a);
if (mp_cmp(&b, &a) != MP_EQ) {
return EXIT_FAILURE;
}
// a: -5-> b: 5
mp_abs(&a, &b);
if (mp_isneg(&b) != MP_NO) {
return EXIT_FAILURE;
}
// a: -5-> b: -4
mp_add_d(&a, 1, &b);
if (mp_isneg(&b) != MP_YES) {
return EXIT_FAILURE;
}
if (mp_get_int(&b) != 4) {
return EXIT_FAILURE;
}
// a: -5-> b: 1
mp_add_d(&a, 6, &b);
if (mp_get_int(&b) != 1) {
return EXIT_FAILURE;
}
// a: -5-> a: 1
mp_add_d(&a, 6, &a);
if (mp_get_int(&a) != 1) {
return EXIT_FAILURE;
}
mp_zero(&a);
// a: 0-> a: 6
mp_add_d(&a, 6, &a);
if (mp_get_int(&a) != 6) {
return EXIT_FAILURE;
}
mp_set_int(&a, 0);
mp_set_int(&b, 1);
if ((err = mp_jacobi(&a, &b, &i)) != MP_OKAY) {
printf("Failed executing mp_jacobi(0 | 1) %s.\n", mp_error_to_string(err));
return EXIT_FAILURE;
}
if (i != 1) {
printf("Failed trivial mp_jacobi(0 | 1) %d != 1\n", i);
return EXIT_FAILURE;
}
for (cnt = 0; cnt < (int)(sizeof(jacobi)/sizeof(jacobi[0])); ++cnt) {
mp_set_int(&b, jacobi[cnt].n);
/* only test positive values of a */
for (n = -5; n <= 10; ++n) {
mp_set_int(&a, abs(n));
should = MP_OKAY;
if (n < 0) {
mp_neg(&a, &a);
/* Until #44 is fixed the negative a's must fail */
should = MP_VAL;
}
if ((err = mp_jacobi(&a, &b, &i)) != should) {
printf("Failed executing mp_jacobi(%d | %lu) %s.\n", n, jacobi[cnt].n, mp_error_to_string(err));
return EXIT_FAILURE;
}
if (err == MP_OKAY && i != jacobi[cnt].c[n + 5]) {
printf("Failed trivial mp_jacobi(%d | %lu) %d != %d\n", n, jacobi[cnt].n, i, jacobi[cnt].c[n + 5]);
return EXIT_FAILURE;
}
}
}
// test mp_get_int
printf("\n\nTesting: mp_get_int");
for (i = 0; i < 1000; ++i) {
t = ((unsigned long) rand () * rand () + 1) & 0xFFFFFFFF;
mp_set_int (&a, t);
if (t != mp_get_int (&a)) {
printf ("\nmp_get_int() bad result!");
return EXIT_FAILURE;
}
}
mp_set_int(&a, 0);
if (mp_get_int(&a) != 0) {
printf("\nmp_get_int() bad result!");
return EXIT_FAILURE;
}
mp_set_int(&a, 0xffffffff);
if (mp_get_int(&a) != 0xffffffff) {
printf("\nmp_get_int() bad result!");
return EXIT_FAILURE;
}
printf("\n\nTesting: mp_get_long\n");
for (i = 0; i < (int)(sizeof(unsigned long)*CHAR_BIT) - 1; ++i) {
t = (1ULL << (i+1)) - 1;
if (!t)
t = -1;
printf(" t = 0x%lx i = %d\r", t, i);
do {
if (mp_set_long(&a, t) != MP_OKAY) {
printf("\nmp_set_long() error!");
return EXIT_FAILURE;
}
s = mp_get_long(&a);
if (s != t) {
printf("\nmp_get_long() bad result! 0x%lx != 0x%lx", s, t);
return EXIT_FAILURE;
}
t <<= 1;
} while(t);
}
printf("\n\nTesting: mp_get_long_long\n");
for (i = 0; i < (int)(sizeof(unsigned long long)*CHAR_BIT) - 1; ++i) {
r = (1ULL << (i+1)) - 1;
if (!r)
r = -1;
printf(" r = 0x%llx i = %d\r", r, i);
do {
if (mp_set_long_long(&a, r) != MP_OKAY) {
printf("\nmp_set_long_long() error!");
return EXIT_FAILURE;
}
q = mp_get_long_long(&a);
if (q != r) {
printf("\nmp_get_long_long() bad result! 0x%llx != 0x%llx", q, r);
return EXIT_FAILURE;
}
r <<= 1;
} while(r);
}
// test mp_sqrt
printf("\n\nTesting: mp_sqrt\n");
for (i = 0; i < 1000; ++i) {
printf ("%6d\r", i);
fflush (stdout);
n = (rand () & 15) + 1;
mp_rand (&a, n);
if (mp_sqrt (&a, &b) != MP_OKAY) {
printf ("\nmp_sqrt() error!");
return EXIT_FAILURE;
}
mp_n_root_ex (&a, 2, &c, 0);
mp_n_root_ex (&a, 2, &d, 1);
if (mp_cmp_mag (&c, &d) != MP_EQ) {
printf ("\nmp_n_root_ex() bad result!");
return EXIT_FAILURE;
}
if (mp_cmp_mag (&b, &c) != MP_EQ) {
printf ("mp_sqrt() bad result!\n");
return EXIT_FAILURE;
}
}
printf("\n\nTesting: mp_is_square\n");
for (i = 0; i < 1000; ++i) {
printf ("%6d\r", i);
fflush (stdout);
/* test mp_is_square false negatives */
n = (rand () & 7) + 1;
mp_rand (&a, n);
mp_sqr (&a, &a);
if (mp_is_square (&a, &n) != MP_OKAY) {
printf ("\nfn:mp_is_square() error!");
return EXIT_FAILURE;
}
if (n == 0) {
printf ("\nfn:mp_is_square() bad result!");
return EXIT_FAILURE;
}
/* test for false positives */
mp_add_d (&a, 1, &a);
if (mp_is_square (&a, &n) != MP_OKAY) {
printf ("\nfp:mp_is_square() error!");
return EXIT_FAILURE;
}
if (n == 1) {
printf ("\nfp:mp_is_square() bad result!");
return EXIT_FAILURE;
}
}
printf("\n\n");
// r^2 = n (mod p)
for (i = 0; i < (int)(sizeof(sqrtmod_prime)/sizeof(sqrtmod_prime[0])); ++i) {
mp_set_int(&a, sqrtmod_prime[i].p);
mp_set_int(&b, sqrtmod_prime[i].n);
if (mp_sqrtmod_prime(&b, &a, &c) != MP_OKAY) {
printf("Failed executing %d. mp_sqrtmod_prime\n", (i+1));
return EXIT_FAILURE;
}
if (mp_cmp_d(&c, sqrtmod_prime[i].r) != MP_EQ) {
printf("Failed %d. trivial mp_sqrtmod_prime\n", (i+1));
ndraw(&c, "r");
return EXIT_FAILURE;
}
}
/* test for size */
for (ix = 10; ix < 128; ix++) {
printf ("Testing (not safe-prime): %9d bits \r", ix);
fflush (stdout);
err = mp_prime_random_ex (&a, 8, ix,
(rand () & 1) ? 0 : LTM_PRIME_2MSB_ON, myrng,
NULL);
if (err != MP_OKAY) {
printf ("failed with err code %d\n", err);
return EXIT_FAILURE;
}
if (mp_count_bits (&a) != ix) {
printf ("Prime is %d not %d bits!!!\n", mp_count_bits (&a), ix);
return EXIT_FAILURE;
}
}
printf("\n");
for (ix = 16; ix < 128; ix++) {
printf ("Testing ( safe-prime): %9d bits \r", ix);
fflush (stdout);
err = mp_prime_random_ex (
&a, 8, ix, ((rand () & 1) ? 0 : LTM_PRIME_2MSB_ON) | LTM_PRIME_SAFE,
myrng, NULL);
if (err != MP_OKAY) {
printf ("failed with err code %d\n", err);
return EXIT_FAILURE;
}
if (mp_count_bits (&a) != ix) {
printf ("Prime is %d not %d bits!!!\n", mp_count_bits (&a), ix);
return EXIT_FAILURE;
}
/* let's see if it's really a safe prime */
mp_sub_d (&a, 1, &a);
mp_div_2 (&a, &a);
mp_prime_is_prime (&a, 8, &cnt);
if (cnt != MP_YES) {
printf ("sub is not prime!\n");
return EXIT_FAILURE;
}
}
printf("\n\n");
// test montgomery
printf("Testing: montgomery...\n");
for (i = 1; i <= 10; i++) {
if (i == 10)
i = 1000;
printf(" digit size: %2d\r", i);
fflush(stdout);
for (n = 0; n < 1000; n++) {
mp_rand(&a, i);
a.dp[0] |= 1;
// let's see if R is right
mp_montgomery_calc_normalization(&b, &a);
mp_montgomery_setup(&a, &mp);
// now test a random reduction
for (ix = 0; ix < 100; ix++) {
mp_rand(&c, 1 + abs(rand()) % (2*i));
mp_copy(&c, &d);
mp_copy(&c, &e);
mp_mod(&d, &a, &d);
mp_montgomery_reduce(&c, &a, mp);
mp_mulmod(&c, &b, &a, &c);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("d = e mod a, c = e MOD a\n");
mp_todecimal(&a, buf); printf("a = %s\n", buf);
mp_todecimal(&e, buf); printf("e = %s\n", buf);
mp_todecimal(&d, buf); printf("d = %s\n", buf);
mp_todecimal(&c, buf); printf("c = %s\n", buf);
printf("compare no compare!\n"); return EXIT_FAILURE; }
/* only one big montgomery reduction */
if (i > 10)
{
n = 1000;
ix = 100;
}
}
}
}
printf("\n\n");
mp_read_radix(&a, "123456", 10);
mp_toradix_n(&a, buf, 10, 3);
printf("a == %s\n", buf);
mp_toradix_n(&a, buf, 10, 4);
printf("a == %s\n", buf);
mp_toradix_n(&a, buf, 10, 30);
printf("a == %s\n", buf);
#if 0
for (;;) {
fgets(buf, sizeof(buf), stdin);
mp_read_radix(&a, buf, 10);
mp_prime_next_prime(&a, 5, 1);
mp_toradix(&a, buf, 10);
printf("%s, %lu\n", buf, a.dp[0] & 3);
}
#endif
/* test mp_cnt_lsb */
printf("\n\nTesting: mp_cnt_lsb");
mp_set(&a, 1);
for (ix = 0; ix < 1024; ix++) {
if (mp_cnt_lsb (&a) != ix) {
printf ("Failed at %d, %d\n", ix, mp_cnt_lsb (&a));
return EXIT_FAILURE;
}
mp_mul_2 (&a, &a);
}
/* test mp_reduce_2k */
printf("\n\nTesting: mp_reduce_2k\n");
for (cnt = 3; cnt <= 128; ++cnt) {
mp_digit tmp;
mp_2expt (&a, cnt);
mp_sub_d (&a, 2, &a); /* a = 2**cnt - 2 */
printf ("\r %4d bits", cnt);
printf ("(%d)", mp_reduce_is_2k (&a));
mp_reduce_2k_setup (&a, &tmp);
printf ("(%lu)", (unsigned long) tmp);
for (ix = 0; ix < 1000; ix++) {
if (!(ix & 127)) {
printf (".");
fflush (stdout);
}
mp_rand (&b, (cnt / DIGIT_BIT + 1) * 2);
mp_copy (&c, &b);
mp_mod (&c, &a, &c);
mp_reduce_2k (&b, &a, 2);
if (mp_cmp (&c, &b)) {
printf ("FAILED\n");
return EXIT_FAILURE;
}
}
}
/* test mp_div_3 */
printf("\n\nTesting: mp_div_3...\n");
mp_set(&d, 3);
for (cnt = 0; cnt < 10000;) {
mp_digit r2;
if (!(++cnt & 127))
{
printf("%9d\r", cnt);
fflush(stdout);
}
mp_rand(&a, abs(rand()) % 128 + 1);
mp_div(&a, &d, &b, &e);
mp_div_3(&a, &c, &r2);
if (mp_cmp(&b, &c) || mp_cmp_d(&e, r2)) {
printf("\nmp_div_3 => Failure\n");
}
}
printf("\nPassed div_3 testing");
/* test the DR reduction */
printf("\n\nTesting: mp_dr_reduce...\n");
for (cnt = 2; cnt < 32; cnt++) {
printf ("\r%d digit modulus", cnt);
mp_grow (&a, cnt);
mp_zero (&a);
for (ix = 1; ix < cnt; ix++) {
a.dp[ix] = MP_MASK;
}
a.used = cnt;
a.dp[0] = 3;
mp_rand (&b, cnt - 1);
mp_copy (&b, &c);
rr = 0;
do {
if (!(rr & 127)) {
printf (".");
fflush (stdout);
}
mp_sqr (&b, &b);
mp_add_d (&b, 1, &b);
mp_copy (&b, &c);
mp_mod (&b, &a, &b);
mp_dr_setup(&a, &mp),
mp_dr_reduce (&c, &a, mp);
if (mp_cmp (&b, &c) != MP_EQ) {
printf ("Failed on trial %u\n", rr);
return EXIT_FAILURE;
}
} while (++rr < 500);
printf (" passed");
fflush (stdout);
}
#if LTM_DEMO_TEST_REDUCE_2K_L
/* test the mp_reduce_2k_l code */
#if LTM_DEMO_TEST_REDUCE_2K_L == 1
/* first load P with 2^1024 - 0x2A434 B9FDEC95 D8F9D550 FFFFFFFF FFFFFFFF */
mp_2expt(&a, 1024);
mp_read_radix(&b, "2A434B9FDEC95D8F9D550FFFFFFFFFFFFFFFF", 16);
mp_sub(&a, &b, &a);
#elif LTM_DEMO_TEST_REDUCE_2K_L == 2
/* p = 2^2048 - 0x1 00000000 00000000 00000000 00000000 4945DDBF 8EA2A91D 5776399B B83E188F */
mp_2expt(&a, 2048);
mp_read_radix(&b,
"1000000000000000000000000000000004945DDBF8EA2A91D5776399BB83E188F",
16);
mp_sub(&a, &b, &a);
#else
#error oops
#endif
mp_todecimal(&a, buf);
printf("\n\np==%s\n", buf);
/* now mp_reduce_is_2k_l() should return */
if (mp_reduce_is_2k_l(&a) != 1) {
printf("mp_reduce_is_2k_l() return 0, should be 1\n");
return EXIT_FAILURE;
}
mp_reduce_2k_setup_l(&a, &d);
/* now do a million square+1 to see if it varies */
mp_rand(&b, 64);
mp_mod(&b, &a, &b);
mp_copy(&b, &c);
printf("Testing: mp_reduce_2k_l...");
fflush(stdout);
for (cnt = 0; cnt < (int)(1UL << 20); cnt++) {
mp_sqr(&b, &b);
mp_add_d(&b, 1, &b);
mp_reduce_2k_l(&b, &a, &d);
mp_sqr(&c, &c);
mp_add_d(&c, 1, &c);
mp_mod(&c, &a, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("mp_reduce_2k_l() failed at step %d\n", cnt);
mp_tohex(&b, buf);
printf("b == %s\n", buf);
mp_tohex(&c, buf);
printf("c == %s\n", buf);
return EXIT_FAILURE;
}
}
printf("...Passed\n");
#endif /* LTM_DEMO_TEST_REDUCE_2K_L */
#else
div2_n = mul2_n = inv_n = expt_n = lcm_n = gcd_n = add_n =
sub_n = mul_n = div_n = sqr_n = mul2d_n = div2d_n = cnt = add_d_n =
sub_d_n = 0;
/* force KARA and TOOM to enable despite cutoffs */
KARATSUBA_SQR_CUTOFF = KARATSUBA_MUL_CUTOFF = 8;
TOOM_SQR_CUTOFF = TOOM_MUL_CUTOFF = 16;
for (;;) {
/* randomly clear and re-init one variable, this has the affect of triming the alloc space */
switch (abs(rand()) % 7) {
case 0:
mp_clear(&a);
mp_init(&a);
break;
case 1:
mp_clear(&b);
mp_init(&b);
break;
case 2:
mp_clear(&c);
mp_init(&c);
break;
case 3:
mp_clear(&d);
mp_init(&d);
break;
case 4:
mp_clear(&e);
mp_init(&e);
break;
case 5:
mp_clear(&f);
mp_init(&f);
break;
case 6:
break; /* don't clear any */
}
printf
("%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu ",
add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n, gcd_n, lcm_n,
expt_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n);
ret=fgets(cmd, 4095, stdin); if(!ret){_panic(__LINE__);}
cmd[strlen(cmd) - 1] = 0;
printf("%-6s ]\r", cmd);
fflush(stdout);
if (!strcmp(cmd, "mul2d")) {
++mul2d_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
sscanf(buf, "%d", &rr);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_mul_2d(&a, rr, &a);
a.sign = b.sign;
if (mp_cmp(&a, &b) != MP_EQ) {
printf("mul2d failed, rr == %d\n", rr);
draw(&a);
draw(&b);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "div2d")) {
++div2d_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
sscanf(buf, "%d", &rr);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_div_2d(&a, rr, &a, &e);
a.sign = b.sign;
if (a.used == b.used && a.used == 0) {
a.sign = b.sign = MP_ZPOS;
}
if (mp_cmp(&a, &b) != MP_EQ) {
printf("div2d failed, rr == %d\n", rr);
draw(&a);
draw(&b);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "add")) {
++add_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_add(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("add %lu failure!\n", add_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
/* test the sign/unsigned storage functions */
rr = mp_signed_bin_size(&c);
mp_to_signed_bin(&c, (unsigned char *) cmd);
memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
mp_read_signed_bin(&d, (unsigned char *) cmd, rr);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("mp_signed_bin failure!\n");
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
rr = mp_unsigned_bin_size(&c);
mp_to_unsigned_bin(&c, (unsigned char *) cmd);
memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
mp_read_unsigned_bin(&d, (unsigned char *) cmd, rr);
if (mp_cmp_mag(&c, &d) != MP_EQ) {
printf("mp_unsigned_bin failure!\n");
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "sub")) {
++sub_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_sub(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("sub %lu failure!\n", sub_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "mul")) {
++mul_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_mul(&d, &b, &d);
if (mp_cmp(&c, &d) != MP_EQ) {
printf("mul %lu failure!\n", mul_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "div")) {
++div_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&d, buf, 64);
mp_div(&a, &b, &e, &f);
if (mp_cmp(&c, &e) != MP_EQ || mp_cmp(&d, &f) != MP_EQ) {
printf("div %lu %d, %d, failure!\n", div_n, mp_cmp(&c, &e),
mp_cmp(&d, &f));
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
draw(&f);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "sqr")) {
++sqr_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_copy(&a, &c);
mp_sqr(&c, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("sqr %lu failure!\n", sqr_n);
draw(&a);
draw(&b);
draw(&c);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "gcd")) {
++gcd_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_gcd(&d, &b, &d);
d.sign = c.sign;
if (mp_cmp(&c, &d) != MP_EQ) {
printf("gcd %lu failure!\n", gcd_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "lcm")) {
++lcm_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_copy(&a, &d);
mp_lcm(&d, &b, &d);
d.sign = c.sign;
if (mp_cmp(&c, &d) != MP_EQ) {
printf("lcm %lu failure!\n", lcm_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "expt")) {
++expt_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&d, buf, 64);
mp_copy(&a, &e);
mp_exptmod(&e, &b, &c, &e);
if (mp_cmp(&d, &e) != MP_EQ) {
printf("expt %lu failure!\n", expt_n);
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "invmod")) {
++inv_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&c, buf, 64);
mp_invmod(&a, &b, &d);
mp_mulmod(&d, &a, &b, &e);
if (mp_cmp_d(&e, 1) != MP_EQ) {
printf("inv [wrong value from MPI?!] failure\n");
draw(&a);
draw(&b);
draw(&c);
draw(&d);
draw(&e);
mp_gcd(&a, &b, &e);
draw(&e);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "div2")) {
++div2_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_div_2(&a, &c);
if (mp_cmp(&c, &b) != MP_EQ) {
printf("div_2 %lu failure\n", div2_n);
draw(&a);
draw(&b);
draw(&c);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "mul2")) {
++mul2_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_mul_2(&a, &c);
if (mp_cmp(&c, &b) != MP_EQ) {
printf("mul_2 %lu failure\n", mul2_n);
draw(&a);
draw(&b);
draw(&c);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "add_d")) {
++add_d_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
sscanf(buf, "%d", &ix);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_add_d(&a, ix, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("add_d %lu failure\n", add_d_n);
draw(&a);
draw(&b);
draw(&c);
printf("d == %d\n", ix);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "sub_d")) {
++sub_d_n;
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&a, buf, 64);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
sscanf(buf, "%d", &ix);
ret=fgets(buf, 4095, stdin); if(!ret){_panic(__LINE__);}
mp_read_radix(&b, buf, 64);
mp_sub_d(&a, ix, &c);
if (mp_cmp(&b, &c) != MP_EQ) {
printf("sub_d %lu failure\n", sub_d_n);
draw(&a);
draw(&b);
draw(&c);
printf("d == %d\n", ix);
return EXIT_FAILURE;
}
} else if (!strcmp(cmd, "exit")) {
printf("\nokay, exiting now\n");
break;
}
}
#endif
return 0;
}