Blinder::Blinder(const BigInt& modulus,
std::function<BigInt (const BigInt&)> fwd_func,
std::function<BigInt (const BigInt&)> inv_func)
{
m_reducer = Modular_Reducer(modulus);
#if defined(BOTAN_HAS_SYSTEM_RNG)
auto& rng = system_rng();
#else
AutoSeeded_RNG rng;
#endif
const BigInt k(rng, modulus.bits() - 1);
m_e = fwd_func(k);
m_d = inv_func(k);
}
AutoSeeded_RNG::AutoSeeded_RNG(size_t reseed_interval) :
#if defined(BOTAN_HAS_SYSTEM_RNG)
AutoSeeded_RNG(system_rng(), reseed_interval)
#else
AutoSeeded_RNG(Entropy_Sources::global_sources(), reseed_interval)
#endif
{
}
void AutoSeeded_RNG::force_reseed()
{
m_rng->force_reseed();
m_rng->next_byte();
if(!m_rng->is_seeded())
{
throw Exception("AutoSeeded_RNG reseeding failed");
}
}
void fuzz(const uint8_t in[], size_t len)
{
if(len % 2 != 0)
return;
const BigInt a = BigInt::decode(in, len / 2);
const BigInt n = BigInt::decode(in + len / 2, len / 2);
try {
BigInt a_sqrt = ressol(a, n);
if(a_sqrt > 0)
{
/*
* If n is not prime then the result of ressol will be bogus. But
* this function is exposed to untrusted inputs (via OS2ECP) so
* should not hang or crash even with composite modulus.
* If the result is incorrect, check if n is a prime: if it is
* then z != a is a bug.
*/
BigInt z = (a_sqrt * a_sqrt) % n;
BigInt a_redc = a % n;
if(z != a_redc)
{
if(is_prime(n, system_rng(), 64))
{
std::cout << "A = " << a << "\n";
std::cout << "Ressol = " << a_sqrt << "\n";
std::cout << "N = " << n << "\n";
std::cout << "Z = " << z << "\n";
abort();
}
}
}
}
catch(Botan::Exception& e) {}
return;
}