static void GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz) { word32 sz = mp_unsigned_bin_size(&key->p); sz = min(sz, 2 * DiscreteLogWorkFactor(sz * BIT_SIZE) / BIT_SIZE + 1); RNG_GenerateBlock(rng, priv, sz); priv[0] |= 0x0C; *privSz = sz; }
NRDigestSigner::NRDigestSigner(RandomNumberGenerator &rng, unsigned int pbits) { PrimeAndGenerator pg(1, rng, pbits, 2*DiscreteLogWorkFactor(pbits)); m_p = pg.Prime(); m_q = pg.SubPrime(); m_g = pg.Generator(); m_x.Randomize(rng, 1, m_q-1, Integer::ANY); m_gpc.SetModulusAndBase(m_p, m_g); m_y = m_gpc.Exponentiate(m_x); m_ypc.SetModulusAndBase(m_p, m_y); }
NRDigestSigner::NRDigestSigner(RandomNumberGenerator &rng, unsigned int pbits) { PrimeAndGenerator pg(1, rng, pbits, 2*DiscreteLogWorkFactor(pbits)); p = pg.Prime(); q = pg.SubPrime(); g = pg.Generator(); x.Randomize(rng, 2, q-2, Integer::ANY); gpc.Precompute(p, g, ExponentBitLength(), 1); y = gpc.Exponentiate(x); ypc.Precompute(p, y, ExponentBitLength(), 1); }
static bool CheckMOVCondition(const Integer &q, const Integer &r) { Integer t=1; unsigned int n=q.BitCount(), m=r.BitCount(); for (unsigned int i=n; DiscreteLogWorkFactor(i)<m/2; i+=n) { t = (t*q)%r; if (t == 1) return false; } return true; }
static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz) { int ret; word32 sz = mp_unsigned_bin_size(&key->p); sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) / WOLFSSL_BIT_SIZE + 1); ret = wc_RNG_GenerateBlock(rng, priv, sz); if (ret != 0) return ret; priv[0] |= 0x0C; *privSz = sz; return 0; }
static int GeneratePrivate(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz) { int ret; word32 sz = mp_unsigned_bin_size(&key->p); /* Table of predetermined values from the operation 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) / WOLFSSL_BIT_SIZE + 1 Sizes in table checked against RFC 3526 */ WOLFSSL_DH_ROUND(sz); /* if using fixed points only, then round up */ switch (sz) { case 128: sz = 21; break; case 256: sz = 29; break; case 384: sz = 34; break; case 512: sz = 39; break; case 640: sz = 42; break; case 768: sz = 46; break; case 896: sz = 49; break; case 1024: sz = 52; break; default: #ifndef WOLFSSL_DH_CONST /* if using floating points and size of p is not in table */ sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) / WOLFSSL_BIT_SIZE + 1); break; #else return BAD_FUNC_ARG; #endif } ret = wc_RNG_GenerateBlock(rng, priv, sz); if (ret != 0) return ret; priv[0] |= 0x0C; *privSz = sz; return 0; }
unsigned int ElGamalEncryptor::ExponentBitLength() const { return 2*DiscreteLogWorkFactor(p.BitCount()); }
unsigned int DH::ExponentBitLength() const { return 2*DiscreteLogWorkFactor(p.BitCount()); }
// Generate private value void DH::GeneratePrivate(RandomNumberGenerator& rng, byte* priv) { Integer x(rng, Integer::One(), min(p_ - 1, Integer::Power2(2*DiscreteLogWorkFactor(p_.BitCount())) ) ); x.Encode(priv, p_.ByteCount()); }