static SECStatus generate_prime(mp_int *prime, int primeLen) { mp_err err = MP_OKAY; SECStatus rv = SECSuccess; unsigned long counter = 0; int piter; unsigned char *pb = NULL; pb = PORT_Alloc(primeLen); if (!pb) { PORT_SetError(SEC_ERROR_NO_MEMORY); goto cleanup; } for (piter = 0; piter < MAX_PRIME_GEN_ATTEMPTS; piter++) { CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) ); pb[0] |= 0xC0; /* set two high-order bits */ pb[primeLen-1] |= 0x01; /* set low-order bit */ CHECK_MPI_OK( mp_read_unsigned_octets(prime, pb, primeLen) ); err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter); if (err != MP_NO) goto cleanup; /* keep going while err == MP_NO */ } cleanup: if (pb) PORT_ZFree(pb, primeLen); if (err) { MP_TO_SEC_ERROR(err); rv = SECFailure; } return rv; }
SECStatus DH_GenParam(int primeLen, DHParams **params) { PLArenaPool *arena; DHParams *dhparams; unsigned char *pb = NULL; unsigned char *ab = NULL; unsigned long counter = 0; mp_int p, q, a, h, psub1, test; mp_err err = MP_OKAY; SECStatus rv = SECSuccess; if (!params || primeLen < 0) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE); if (!arena) { PORT_SetError(SEC_ERROR_NO_MEMORY); return SECFailure; } dhparams = (DHParams *)PORT_ArenaZAlloc(arena, sizeof(DHParams)); if (!dhparams) { PORT_SetError(SEC_ERROR_NO_MEMORY); PORT_FreeArena(arena, PR_TRUE); return SECFailure; } dhparams->arena = arena; MP_DIGITS(&p) = 0; MP_DIGITS(&q) = 0; MP_DIGITS(&a) = 0; MP_DIGITS(&h) = 0; MP_DIGITS(&psub1) = 0; MP_DIGITS(&test) = 0; CHECK_MPI_OK( mp_init(&p) ); CHECK_MPI_OK( mp_init(&q) ); CHECK_MPI_OK( mp_init(&a) ); CHECK_MPI_OK( mp_init(&h) ); CHECK_MPI_OK( mp_init(&psub1) ); CHECK_MPI_OK( mp_init(&test) ); /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */ pb = PORT_Alloc(primeLen); CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) ); pb[0] |= 0x80; /* set high-order bit */ pb[primeLen-1] |= 0x01; /* set low-order bit */ CHECK_MPI_OK( mp_read_unsigned_octets(&p, pb, primeLen) ); CHECK_MPI_OK( mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter) ); /* construct Sophie-Germain prime q = (p-1)/2. */ CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) ); CHECK_MPI_OK( mp_div_2(&psub1, &q) ); /* construct a generator from the prime. */ ab = PORT_Alloc(primeLen); /* generate a candidate number a in p's field */ CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(ab, primeLen) ); CHECK_MPI_OK( mp_read_unsigned_octets(&a, ab, primeLen) ); /* force a < p (note that quot(a/p) <= 1) */ if ( mp_cmp(&a, &p) > 0 ) CHECK_MPI_OK( mp_sub(&a, &p, &a) ); do { /* check that a is in the range [2..p-1] */ if ( mp_cmp_d(&a, 2) < 0 || mp_cmp(&a, &psub1) >= 0) { /* a is outside of the allowed range. Set a=3 and keep going. */ mp_set(&a, 3); } /* if a**q mod p != 1 then a is a generator */ CHECK_MPI_OK( mp_exptmod(&a, &q, &p, &test) ); if ( mp_cmp_d(&test, 1) != 0 ) break; /* increment the candidate and try again. */ CHECK_MPI_OK( mp_add_d(&a, 1, &a) ); } while (PR_TRUE); MPINT_TO_SECITEM(&p, &dhparams->prime, arena); MPINT_TO_SECITEM(&a, &dhparams->base, arena); *params = dhparams; cleanup: mp_clear(&p); mp_clear(&q); mp_clear(&a); mp_clear(&h); mp_clear(&psub1); mp_clear(&test); if (pb) PORT_ZFree(pb, primeLen); if (ab) PORT_ZFree(ab, primeLen); if (err) { MP_TO_SEC_ERROR(err); rv = SECFailure; } if (rv) PORT_FreeArena(arena, PR_TRUE); return rv; }
int main(int argc, char *argv[]) { unsigned char *raw; char *out; unsigned long nTries; int rawlen, bits, outlen, ngen, ix, jx; int g_strong = 0; mp_int testval; mp_err res; clock_t start, end; /* We'll just use the C library's rand() for now, although this won't be good enough for cryptographic purposes */ if((out = PR_GetEnvSecure("SEED")) == NULL) { srand((unsigned int)time(NULL)); } else { srand((unsigned int)atoi(out)); } if(argc < 2) { fprintf(stderr, "Usage: %s <bits> [<count> [strong]]\n", argv[0]); return 1; } if((bits = abs(atoi(argv[1]))) < CHAR_BIT) { fprintf(stderr, "%s: please request at least %d bits.\n", argv[0], CHAR_BIT); return 1; } /* If optional third argument is given, use that as the number of primes to generate; otherwise generate one prime only. */ if(argc < 3) { ngen = 1; } else { ngen = abs(atoi(argv[2])); } /* If fourth argument is given, and is the word "strong", we'll generate strong (Sophie Germain) primes. */ if(argc > 3 && strcmp(argv[3], "strong") == 0) g_strong = 1; /* testval - candidate being tested; nTries - number tried so far */ if ((res = mp_init(&testval)) != MP_OKAY) { fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res)); return 1; } if(g_strong) { printf("Requested %d strong prime value(s) of %d bits.\n", ngen, bits); } else { printf("Requested %d prime value(s) of %d bits.\n", ngen, bits); } rawlen = (bits / CHAR_BIT) + ((bits % CHAR_BIT) ? 1 : 0) + 1; if((raw = calloc(rawlen, sizeof(unsigned char))) == NULL) { fprintf(stderr, "%s: out of memory, sorry.\n", argv[0]); return 1; } /* This loop is one for each prime we need to generate */ for(jx = 0; jx < ngen; jx++) { raw[0] = 0; /* sign is positive */ /* Pack the initializer with random bytes */ for(ix = 1; ix < rawlen; ix++) raw[ix] = (rand() * rand()) & UCHAR_MAX; raw[1] |= 0x80; /* set high-order bit of test value */ raw[rawlen - 1] |= 1; /* set low-order bit of test value */ /* Make an mp_int out of the initializer */ mp_read_raw(&testval, (char *)raw, rawlen); /* Initialize candidate counter */ nTries = 0; start = clock(); /* time generation for this prime */ do { res = mpp_make_prime(&testval, bits, g_strong, &nTries); if (res != MP_NO) break; /* This code works whether digits are 16 or 32 bits */ res = mp_add_d(&testval, 32 * 1024, &testval); res = mp_add_d(&testval, 32 * 1024, &testval); FPUTC(',', stderr); } while (1); end = clock(); if (res != MP_YES) { break; } FPUTC('\n', stderr); puts("The following value is probably prime:"); outlen = mp_radix_size(&testval, 10); out = calloc(outlen, sizeof(unsigned char)); mp_toradix(&testval, (char *)out, 10); printf("10: %s\n", out); mp_toradix(&testval, (char *)out, 16); printf("16: %s\n\n", out); free(out); printf("Number of candidates tried: %lu\n", nTries); printf("This computation took %ld clock ticks (%.2f seconds)\n", (end - start), ((double)(end - start) / CLOCKS_PER_SEC)); FPUTC('\n', stderr); } /* end of loop to generate all requested primes */ if(res != MP_OKAY) fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res)); free(raw); mp_clear(&testval); return 0; }