void
test_dsa_key(struct dsa_public_key *pub,
struct dsa_private_key *key,
unsigned q_size)
{
mpz_t t;
mpz_init(t);
ASSERT(mpz_sizeinbase(pub->q, 2) == q_size);
ASSERT(mpz_sizeinbase(pub->p, 2) >= DSA_SHA1_MIN_P_BITS);
ASSERT(mpz_probab_prime_p(pub->p, 10));
ASSERT(mpz_probab_prime_p(pub->q, 10));
mpz_fdiv_r(t, pub->p, pub->q);
ASSERT(0 == mpz_cmp_ui(t, 1));
ASSERT(mpz_cmp_ui(pub->g, 1) > 0);
mpz_powm(t, pub->g, pub->q, pub->p);
ASSERT(0 == mpz_cmp_ui(t, 1));
mpz_powm(t, pub->g, key->x, pub->p);
ASSERT(0 == mpz_cmp(t, pub->y));
mpz_clear(t);
}
void factor(mpz_t num)
{
if(mpz_probab_prime_p(num, 10) > 0)
{
mpz_set(factors[num_factors++], num);
return;
}
// Trial division, "fairly cheap" compared to rest of QS
for(size_t i = 0; i < num_primes; ++i)
{
while(mpz_tdiv_q_ui(q, num, primes[i]) == 0)
{
mpz_set_ui(factors[num_factors++], primes[i]);
mpz_set(num, q);
}
}
if(!mpz_cmp_ui(num, 1)) // If num==1 we're done
return;
if(mpz_probab_prime_p(num, 10) > 0)
{
mpz_set(factors[num_factors++], num);
return;
}
sieve_factor(num);
}
void
paillier_keygen( int modulusbits,
paillier_pubkey_t** pub,
paillier_prvkey_t** prv,
paillier_get_rand_t get_rand )
{
mpz_t p;
mpz_t q;
gmp_randstate_t rand;
/* allocate the new key structures */
*pub = (paillier_pubkey_t*) malloc(sizeof(paillier_pubkey_t));
*prv = (paillier_prvkey_t*) malloc(sizeof(paillier_prvkey_t));
/* initialize our integers */
mpz_init((*pub)->n);
mpz_init((*pub)->n_squared);
mpz_init((*pub)->n_plusone);
mpz_init((*prv)->lambda);
mpz_init((*prv)->x);
mpz_init(p);
mpz_init(q);
/* pick random (modulusbits/2)-bit primes p and q */
init_rand(rand, get_rand, modulusbits / 8 + 1);
do
{
do
mpz_urandomb(p, rand, modulusbits / 2);
while( !mpz_probab_prime_p(p, 10) );
do
mpz_urandomb(q, rand, modulusbits / 2);
while( !mpz_probab_prime_p(q, 10) );
/* compute the public modulus n = p q */
mpz_mul((*pub)->n, p, q);
} while( !mpz_tstbit((*pub)->n, modulusbits - 1) );
complete_pubkey(*pub);
(*pub)->bits = modulusbits;
/* compute the private key lambda = lcm(p-1,q-1) */
mpz_sub_ui(p, p, 1);
mpz_sub_ui(q, q, 1);
mpz_lcm((*prv)->lambda, p, q);
complete_prvkey(*prv, *pub);
/* clear temporary integers and randstate */
mpz_clear(p);
mpz_clear(q);
gmp_randclear(rand);
}
/*--------------------------------------------------------------------*/
static uint32 postprocess(msieve_obj *obj, mpz_t factor,
mpz_t n, pm1_pp1_t *non_ecm_vals,
factor_list_t *factor_list) {
/* handling for factors found. When complete, n
is changed to new input to be factored */
uint32 i;
mpz_t q, r;
mp_t mp_factor;
uint32 is_prime0, is_prime1;
/* divide out all instances of factor from n */
mpz_init(q);
mpz_init(r);
while (1) {
mpz_tdiv_qr(q, r, n, factor);
if (mpz_cmp_ui(q, (unsigned long)0) == 0 ||
mpz_cmp_ui(r, (unsigned long)0) != 0)
break;
mpz_set(n, q);
}
mpz_clear(q);
mpz_clear(r);
if (mpz_cmp_ui(n, (unsigned long)1) == 0) {
mpz_set(n, factor);
}
else {
/* in the worst case, n and factor are both composite.
We would have to give up factoring one of them and
continue on the other */
is_prime0 = mpz_probab_prime_p(factor, 1);
is_prime1 = mpz_probab_prime_p(n, 1);
if ( (is_prime1 > 0 && is_prime0 == 0) ||
(is_prime1 == 0 && is_prime0 == 0 &&
mpz_cmp(factor, n) > 0) ) {
mpz_swap(factor, n);
}
/* switch the P+-1 stage 1 values to
be modulo the new n */
for (i = 0; i < NUM_NON_ECM; i++) {
mpz_mod(non_ecm_vals[i].start_val,
non_ecm_vals[i].start_val, n);
}
}
gmp2mp(factor, &mp_factor);
return factor_list_add(obj, factor_list, &mp_factor);
}
void rsaKeyGen(rsapvk_t *pvk, rsapbk_t *pbk) {
// Temporary variable
mpz_t tmp;
mpz_init(tmp);
// Integer used for random numbers
if (!seed_initialized)
rnInit();
do {
mpz_urandomb(pvk->p, seed, RSA_KEY_SIZE);
} while (!mpz_probab_prime_p(pvk->p, NB_TURN));
do {
mpz_urandomb(pvk->q, seed, RSA_KEY_SIZE);
} while (!mpz_probab_prime_p(pvk->q, NB_TURN));
// Initialize keys
mpz_mul(pbk->n, pvk->p, pvk->q);
mpz_set(pvk->n, pbk->n);
// Compute phi = (p-1)(q-1) = q(p-1) - (p-1)
// I don't compute p-1 and q-1 to avoid many initializations
mpz_sub_ui(tmp, pvk->p, 1);
mpz_mul(pvk->phi, pvk->q, tmp);
mpz_sub(pvk->phi, pvk->phi, tmp);
// Find a random number prime with phi
do {
mpz_urandomb(pbk->pbk, seed, RSA_KEY_SIZE);
mpz_gcd(tmp, pbk->pbk, pvk->phi);
} while (mpz_cmp_ui(tmp, 1));
// Compute pvk
mpz_invert(pvk->pvk, pbk->pbk, pvk->phi);
// Compute k
mpz_set_ui(tmp, NB_CHAR);
pvk->k = 0;
while (mpz_cmp(tmp, pbk->n) < 0) {
mpz_mul_ui(tmp, tmp, NB_CHAR);
pvk->k ++;
}
pvk->k --;
pbk->k = pvk->k;
// Clearing variables
mpz_clear(tmp);
}
void damgard_jurik::key_gen(int modulusbits) {
mpz_t p, q;
gmp_randstate_t rand;
mpz_init(pubkey->n);
mpz_init(pubkey->g);
mpz_init(prvkey->lambda);
mpz_init(p);
mpz_init(q);
init_rand(rand, modulusbits / 8 + 1);
do
{
do
mpz_urandomb(p, rand, modulusbits / 2);
while( !mpz_probab_prime_p(p, 10) );
do
mpz_urandomb(q, rand, modulusbits / 2);
while( !mpz_probab_prime_p(q, 10) );
/* compute the public modulus n = p q */
mpz_mul(pubkey->n, p, q);
} while( !mpz_tstbit(pubkey->n, modulusbits - 1));
pubkey->bits = modulusbits;
mpz_add_ui(pubkey->g, pubkey->n, 1);
pubkey->n_j = new mpz_t[s_max + 2];
pubkey->k_n = new mpz_t[s_max + 2];
mpz_init(pubkey->n_j[0]);
mpz_set_ui(pubkey->n_j[0], 1);
mpz_init(pubkey->k_n[0]);
mpz_set_ui(pubkey->k_n[0], 1);
for (int i = 1;i <= s_max + 1;i++) {
mpz_init(pubkey->n_j[i]);
mpz_mul(pubkey->n_j[i], pubkey->n_j[i - 1], pubkey->n);
mpz_init(pubkey->k_n[i]);
mpz_mul_ui(pubkey->k_n[i], pubkey->k_n[i - 1], i);
}
/* Compute Private Key */
mpz_sub_ui(p, p, 1);
mpz_sub_ui(q, q, 1);
mpz_lcm(prvkey->lambda, p, q);
mpz_clear(p);
mpz_clear(q);
gmp_randclear(rand);
}
void
genSafePrimes( mpz_t* p1, mpz_t* p, int modulusbits, gmp_randstate_t rand )
{
mpz_init(*p1);
mpz_init(*p);
do
{
do
mpz_urandomb(*p1, rand, (modulusbits / 2) - 1);
while( !mpz_probab_prime_p(*p1, 10) );
mpz_mul_ui(*p,*p1,2);
mpz_add_ui(*p,*p,1);
}
while( !mpz_probab_prime_p(*p, 10) );
}
void factor(mpz_t N)
{
int res;
char *str;
mpz_t divisor;
mpz_t next;
mpz_init(divisor);
mpz_init(next);
if (mpz_cmp(N, one) == 0)
return;
res = mpz_probab_prime_p(N, 10);
if (res) {
str = mpz_to_str(N);
if (!str)
return;
printf(" %s", str);
free(str);
return;
}
rho(divisor, N);
factor(divisor);
mpz_tdiv_q(next, N, divisor);
factor(next);
}
static int isprime(void *a, int *b)
{
LTC_ARGCHK(a != NULL);
LTC_ARGCHK(b != NULL);
*b = mpz_probab_prime_p(a, 8) > 0 ? LTC_MP_YES : LTC_MP_NO;
return CRYPT_OK;
}
static PyObject *
GMPy_MPZ_Method_IsPrime(PyObject *self, PyObject *args)
{
int i;
unsigned long reps = 25;
Py_ssize_t argc;
argc = PyTuple_GET_SIZE(args);
if (argc > 1) {
TYPE_ERROR("is_prime() takes at most 1 argument");
return NULL;
}
if (PyTuple_GET_SIZE(args) == 1) {
reps = c_ulong_From_Integer(PyTuple_GET_ITEM(args, 0));
if (reps == -1 && PyErr_Occurred()) {
return NULL;
}
/* Silently limit n to a reasonable value. */
if (reps > 1000) {
reps = 1000;
}
}
i = mpz_probab_prime_p(MPZ(self), (int)reps);
if (i)
Py_RETURN_TRUE;
else
Py_RETURN_FALSE;
}
/* Find primes in region [fr,fr+rsize), using the previously sieved s[]. */
void
find_primes (unsigned char *s, mpz_t fr, unsigned long ssize,
mpz_t siev_sqr_lim)
{
unsigned long j, ij;
mpz_t tmp;
mpz_init (tmp);
for (j = 0; j < (ssize + sizeof (long) - 1) / sizeof (long); j++)
{
if (((long *) s) [j] != 0)
{
for (ij = 0; ij < sizeof (long); ij++)
{
if (s[j * sizeof (long) + ij] != 0)
{
if (j * sizeof (long) + ij >= ssize)
goto out;
mpz_add_ui (tmp, fr, (j * sizeof (long) + ij) * 2);
if (mpz_cmp (tmp, siev_sqr_lim) < 0 ||
mpz_probab_prime_p (tmp, 10))
report (tmp);
}
}
}
}
out:
mpz_clear (tmp);
}
int main() {
for (int n = 2; n <= N / 2; ++n)
if (!composite[n])
for (int m = n + n; m <= N; m += n) composite[m] = true;
mpz_class n = 1;
int l = 1, numberOfPrimes = 0, numberOfTests = 1;
while (l += 2) {
for (int j = 0; j < 4; ++j) {
n += l - 1;
++numberOfTests;
if (n <= N) {
if (!composite[n.get_ui()]) ++numberOfPrimes;
}
else {
if (mpz_probab_prime_p(n.get_mpz_t(), 5)) ++numberOfPrimes;
}
}
double ratio = double(numberOfPrimes) / numberOfTests;
if (ratio < 0.1) break;
}
std::cout << l << "\n";
return 0;
}
int
factors_remove_composite(struct factors *f, mpz_t factor)
{
int i = 0;
int composite = 0;
for (; i < f->size; i++) {
if (mpz_probab_prime_p(f->factors[i], MILLERRABIN_REPEATS) == 0) {
mpz_set(factor, f->factors[i]);
composite = 1;
break;
}
}
if (composite == 0) {
return 0;
}
/*
* fill gap if factor was not located at the end
*/
for (; i < (f->size - 1); i++) {
mpz_set(f->factors[i], f->factors[i + 1]);
}
mpz_clear(f->factors[f->size - 1]);
f->size--;
return 1;
}
void
refmpz_nextprime (mpz_ptr p, mpz_srcptr t)
{
mpz_add_ui (p, t, 1L);
while (! mpz_probab_prime_p (p, 10))
mpz_add_ui (p, p, 1L);
}
int findMatch(long int q, long int n) {
long int poopy = n/q;
mpz_t l;
mpz_init(l);
mpz_set_si(l, poopy);
if (n%q == 0) {
if (mpz_probab_prime_p(l, 20) == 1){
return 1;
} else if (mpz_probab_prime_p(l, 20) == 0){
return 0;
} else {
return 1;
}
} else {
return 0;
}
}
/* for benchmarking */
int gmp_miller_rabin(const char* num_str, int rounds) {
mpz_t num;
int res;
mpz_init_set_str(num, num_str, 10);
res = mpz_probab_prime_p(num, rounds);
mpz_clear(num);
return res;
}
static int allprime_factor_array(mpz_t* farray, int nfacs)
{
int i;
for (i = 0; i < nfacs; i++) {
if (!mpz_probab_prime_p(farray[i], 5)) /* Be lazy */
return 0;
}
return 1;
}
int
main(int argc, char **argv)
{
char line[INTEGER_LIMIT];
if (argc > 1)
strncpy(&line[0], argv[1], INTEGER_LIMIT);
else if (scanf("%s\n", &line[0]) != 1) {
fprintf(stderr, "factor: unable to read number from stdin\n");
return 1;
}
mpz_t n;
mpz_init(n);
if (mpz_set_str(n, &line[0], 0) == -1 || mpz_cmp_ui(n, 1) < 0) {
fprintf(stderr, "factor: input must be a positive integer\n");
mpz_clear(n);
return 1;
}
if (mpz_cmp_ui(n, 1) == 0 || mpz_probab_prime_p(n, MILLERRABIN_REPEATS) > 0) {
gmp_printf("%Zd: %Zd\n", n, n);
mpz_clear(n);
return 0;
}
mpz_t t;
mpz_init(t);
mpz_sqrt(t, n);
struct factors *f = factors_create();
struct prime_sieve *ps = prime_sieve_create(MIN(TRIALDIVISION_LIMIT, mpz_get_ui(t)));
if (mpz_perfect_square_p(n)) {
factors_push(f, t);
factors_push(f, t);
} else {
mpz_set(t, n);
factors_push(f, t);
}
/* run trial division to find find small factors */
while (factors_remove_composite(f, t) && trial_division(t, f, ps));
prime_sieve_destroy(ps);
/* run quadratic sieve until factorized into only prime numbers */
while (factors_remove_composite(f, t) && quadratic_sieve(t, f, QUADRATIC_SIEVE_SIZE));
factors_sort(f);
print_result(n, f);
mpz_clears(n, t, NULL);
factors_destroy(f);
return 0;
}
bool TruncatablePrime(const mpz_class &num) {
mpz_class copy = num;
while (copy != 0) {
if (mpz_probab_prime_p(copy.get_mpz_t(), 15) == 0) {
return false;
}
copy = DeleteFirstDigit(copy);
}
copy = num;
while (copy != 0) {
if (mpz_probab_prime_p(copy.get_mpz_t(), 15) == 0) {
return false;
}
copy = DeleteLastDigit(copy);
}
return true;
}
static int isprime(void *a, int b, int *c)
{
LTC_ARGCHK(a != NULL);
LTC_ARGCHK(c != NULL);
if (b == 0) {
b = LTC_MILLER_RABIN_REPS;
} /* if */
*c = mpz_probab_prime_p(a, b) > 0 ? LTC_MP_YES : LTC_MP_NO;
return CRYPT_OK;
}
static int wrap_nettle_prime_check(bigint_t pp)
{
int ret;
ret = mpz_probab_prime_p(TOMPZ(pp), PRIME_CHECK_PARAM);
if (ret > 0) {
return 0;
}
return GNUTLS_E_INTERNAL_ERROR; /* ignored */
}
/* checks if the factor p was found by P+1 or P-1 (when prime).
a is the initial seed.
*/
static void
pp1_check_factor (mpz_t a, mpz_t p)
{
if (mpz_probab_prime_p (p, PROBAB_PRIME_TESTS))
{
mpz_mul (a, a, a);
mpz_sub_ui (a, a, 4);
if (mpz_jacobi (a, p) == 1)
outputf (OUTPUT_NORMAL, "[factor found by P-1]\n");
}
}
void genprime(mpz_t rop, gmp_randstate_t state) {
/* Generate a random number using GMP facilities
Validate the random number as a likely prime using GMP facilities
(TODO: reimplement primality checking)
*/
do {
mpz_urandomb(rop, state, 128);
}
while (mpz_probab_prime_p(rop, 25) == 0);
}
static void test_prime(const gnutls_datum_t * prime)
{
mpz_t p;
unsigned bits = prime->size * 8;
nettle_mpz_init_set_str_256_u(p, prime->size, prime->data);
assert(mpz_sizeinbase(p, 2) == bits);
assert(mpz_probab_prime_p(p, 18));
mpz_clear(p);
}
void damgard_jurik::key_gen(int modulusbits) {
mpz_t p, q;
gmp_randstate_t rand;
mpz_init(pubkey->n);
mpz_init(pubkey->g);
mpz_init(prvkey->lambda);
mpz_init(p);
mpz_init(q);
init_rand(rand, modulusbits / 8 + 1);
do
{
do
mpz_urandomb(p, rand, modulusbits / 2);
while( !mpz_probab_prime_p(p, 10) );
do
mpz_urandomb(q, rand, modulusbits / 2);
while( !mpz_probab_prime_p(q, 10) );
/* compute the public modulus n = p q */
mpz_mul(pubkey->n, p, q);
} while( !mpz_tstbit(pubkey->n, modulusbits - 1));
pubkey->bits = modulusbits;
mpz_add_ui(pubkey->g, pubkey->n, 1);
compute_cache();
/* Compute Private Key */
mpz_sub_ui(p, p, 1);
mpz_sub_ui(q, q, 1);
mpz_lcm(prvkey->lambda, p, q);
mpz_clear(p);
mpz_clear(q);
gmp_randclear(rand);
}
// Liefert die Primfaktorzerlegung einer Zahl als String.
char *factorize(mpz_t number)
{
// Primtest (Miller-Rabin).
if (mpz_probab_prime_p(number, 10) > 0)
return mpz_get_str(NULL, 10, number);
mpz_t factor, cofactor;
mpz_init(factor);
mpz_init(cofactor);
char *str1, *str2, *result;
int B1 = INITB1, B2 = INITB2, curves = INITCURVES;
// Zunaechst eine einfache Probedivision.
trial(number, factor, 3e3);
if (mpz_cmp_si(factor, 1) == 0)
{
// Zweite Strategie: Pollard-Rho.
do
{
rho(number, factor, 4e4);
} while (mpz_cmp(factor, number) == 0);
// Falls immer noch kein Faktor gefunden wurde, mit ECM fortfahren.
while (mpz_cmp_si(factor, 1) == 0)
{
ecm(number, factor, B1, B2, curves);
if (mpz_cmp(factor, number) == 0)
{
mpz_set_si(factor, 1);
B1 = INITB1;
B2 = INITB2;
curves = INITCURVES;
continue;
}
// Anpassung der Parameter.
B1 *= 4;
B2 *= 5;
curves = (curves * 5) / 2;
}
}
mpz_divexact(cofactor, number, factor);
str1 = factorize(factor);
str2 = factorize(cofactor);
result = (char *) malloc(strlen(str1) + strlen(str2) + 4);
strcpy(result, str1);
strcat(result, " * ");
strcat(result, str2);
mpz_clear(factor);
mpz_clear(cofactor);
return result;
}
int prime_q(unsigned long int n)
{
mpz_t tester;
mpz_init(tester);
mpz_set_ui(tester, n);
int r = mpz_probab_prime_p(tester, 25);
mpz_clear(tester);
return r;
}
// Factorization
int factor(const Ptr<RCP<const Integer>> &f, const Integer &n, double B1)
{
int ret_val = 0;
mpz_class _n, _f;
_n = n.as_mpz();
#ifdef HAVE_CSYMPY_ECM
if (mpz_perfect_power_p(_n.get_mpz_t())) {
unsigned long int i = 1;
mpz_class m, rem;
rem = 1; // Any non zero number
m = 2; // set `m` to 2**i, i = 1 at the begining
// calculate log2n, this can be improved
for (; m < _n; i++)
m = m * 2;
// eventually `rem` = 0 zero as `n` is a perfect power. `f_t` will
// be set to a factor of `n` when that happens
while (i > 1 && rem != 0) {
mpz_rootrem(_f.get_mpz_t(), rem.get_mpz_t(), _n.get_mpz_t(), i);
i--;
}
ret_val = 1;
}
else {
if (mpz_probab_prime_p(_n.get_mpz_t(), 25) > 0) { // most probably, n is a prime
ret_val = 0;
_f = _n;
}
else {
for (int i = 0; i < 10 && !ret_val; i++)
ret_val = ecm_factor(_f.get_mpz_t(), _n.get_mpz_t(), B1, NULL);
if (!ret_val)
throw std::runtime_error("ECM failed to factor the given number");
}
}
#else
// B1 is discarded if gmp-ecm is not installed
ret_val = _factor_trial_division_sieve(_f, _n);
#endif // HAVE_CSYMPY_ECM
*f = integer(_f);
return ret_val;
}
/* Generate a random probable prime. numbits must be a multiple of 8 (i.e., a
* round number of bytes). The base-2 logarithm of the result will lie in the
* interval [numbits - 0.5, numbits). Calls abort if any error occurs. */
static void generate_prime(mpz_t p, unsigned int numbits)
{
//Check if numbits is devisible by 8
if(!((numbits % 8) == 0)) {
printf("Error: Cannot generate prime of %d bits (must be multiple of 8)", numbits);
abort();
}
//Allocate array to read into
unsigned int num_bytes = numbits / 8;
char *rand_array = malloc(num_bytes);
if(rand_array == NULL) {
printf("Unable to allocate array for prime generation\n");
abort();
}
//Open dev/urandom
FILE *rand_data;
rand_data = fopen("/dev/urandom", "r");
//Init prime test var
int prime_test = 0;
//While our number is not prime, read more from urandom and generate new numbers
while(!((prime_test == 2) || (prime_test == 1))) {
//Read from dev/urandom
size_t result = fread(rand_array, 1, num_bytes, rand_data);
//Check if read was successfull
if((int) result != (int) num_bytes) {
printf("Error: Could not read %d bits from dev/random", num_bytes);
abort();
}
//Flip to the top two bits
*(rand_array) = *(rand_array) | 0xc0;
//Copy to mpz var
mpz_import(p, num_bytes, 1, sizeof(*(rand_array)), 0, 0, rand_array);
//Test for primality
prime_test = mpz_probab_prime_p(p, 25);
}
//Prime found, clean up
free(rand_array);
fclose(rand_data);
}
static Variant HHVM_FUNCTION(gmp_prob_prime,
const Variant& data,
int64_t reps = 10) {
mpz_t gmpData;
if (!variantToGMPData(cs_GMP_FUNC_NAME_GMP_PROB_PRIME, gmpData, data)) {
return false;
}
int64_t probPrime = mpz_probab_prime_p(gmpData, reps);
mpz_clear(gmpData);
return probPrime;
}
