Polynomial::Polynomial(BIGNUM *constant,BIGNUM *p,int len)
{
this->p = BN_new();
coefficients = new vector<BIGNUM *>();
BIGNUM *conCopy = BN_new();
BN_copy(this->p,p);
BN_copy(conCopy,constant);
coefficients->push_back(conCopy);
for(int i=1;i<len;i++)
{
BIGNUM * rn = BN_new();
BN_pseudo_rand_range(rn,p);
coefficients->push_back(rn);
}
while(BN_is_zero(*(coefficients->end()-1)))
{
coefficients->pop_back();
BIGNUM * rn = BN_new();
BN_pseudo_rand_range(rn,p);
coefficients->push_back(rn);
}
}
static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
{
const RSA_METHOD *meth;
BIGNUM *A, *Ai;
BN_BLINDING *ret = NULL;
/* added in OpenSSL 0.9.6j and 0.9.7b */
/* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
* this should be placed in a new function of its own, but for reasons
* of binary compatibility can't */
meth = rsa->meth;
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
if (rsa->d != NULL && rsa->d->d != NULL)
{
/* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
}
else
{
if (!BN_rand_range(A,rsa->n)) goto err;
}
if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
if (!meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
goto err;
ret = BN_BLINDING_new(A,Ai,rsa->n);
BN_free(Ai);
err:
BN_CTX_end(ctx);
return ret;
}
ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{/* (Lo,Hi) */
BIGNUM *bn_from = NULL, *bn_to, *bn_rand;
unsigned char* data;
unsigned dlen;
ERL_NIF_TERM ret;
if (!get_bn_from_mpint(env, argv[0], &bn_from)
|| !get_bn_from_mpint(env, argv[1], &bn_rand)) {
if (bn_from) BN_free(bn_from);
return enif_make_badarg(env);
}
bn_to = BN_new();
BN_sub(bn_to, bn_rand, bn_from);
BN_pseudo_rand_range(bn_rand, bn_to);
BN_add(bn_rand, bn_rand, bn_from);
dlen = BN_num_bytes(bn_rand);
data = enif_make_new_binary(env, dlen+4, &ret);
put_int32(data, dlen);
BN_bn2bin(bn_rand, data+4);
ERL_VALGRIND_MAKE_MEM_DEFINED(data+4, dlen);
BN_free(bn_rand);
BN_free(bn_from);
BN_free(bn_to);
return ret;
}
int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
{
BIGNUM *A,*Ai = NULL;
BN_CTX *ctx;
int ret=0;
if (p_ctx == NULL)
{
if ((ctx=BN_CTX_new()) == NULL) goto err;
}
else
ctx=p_ctx;
/* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
if (rsa->blinding != NULL)
{
BN_BLINDING_free(rsa->blinding);
rsa->blinding = NULL;
}
/* NB: similar code appears in setup_blinding (rsa_eay.c);
* this should be placed in a new function of its own, but for reasons
* of binary compatibility can't */
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
if (rsa->d != NULL && rsa->d->d != NULL)
{
if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
}
else
{
if (!BN_rand_range(A,rsa->n)) goto err;
}
if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
if (!rsa->meth->bn_mod_exp(A,A,
rsa->e,rsa->n,ctx,rsa->_method_mod_n))
goto err;
if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
/* to make things thread-safe without excessive locking,
* rsa->blinding will be used just by the current thread: */
rsa->flags |= RSA_FLAG_BLINDING;
rsa->flags &= ~RSA_FLAG_NO_BLINDING;
ret=1;
err:
if (Ai != NULL) BN_free(Ai);
BN_CTX_end(ctx);
if (ctx != p_ctx) BN_CTX_free(ctx);
return(ret);
}
int BN_is_prime_fasttest(const BIGNUM *a, int checks,
void (*callback)(int,int,void *),
BN_CTX *ctx_passed, void *cb_arg,
int do_trial_division)
{
int i, j, ret = -1;
int k;
BN_CTX *ctx = NULL;
BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
BN_MONT_CTX *mont = NULL;
const BIGNUM *A = NULL;
if (BN_cmp(a, BN_value_one()) <= 0)
return 0;
if (checks == BN_prime_checks)
checks = BN_prime_checks_for_size(BN_num_bits(a));
/* first look for small factors */
if (!BN_is_odd(a))
return 0;
if (do_trial_division)
{
for (i = 1; i < NUMPRIMES; i++)
if (BN_mod_word(a, primes[i]) == 0)
return 0;
if (callback != NULL) callback(1, -1, cb_arg);
}
if (ctx_passed != NULL)
ctx = ctx_passed;
else
if ((ctx=BN_CTX_new()) == NULL)
goto err;
BN_CTX_start(ctx);
/* A := abs(a) */
if (a->neg)
{
BIGNUM *t;
if ((t = BN_CTX_get(ctx)) == NULL) goto err;
BN_copy(t, a);
t->neg = 0;
A = t;
}
else
A = a;
A1 = BN_CTX_get(ctx);
A1_odd = BN_CTX_get(ctx);
check = BN_CTX_get(ctx);
if (check == NULL) goto err;
/* compute A1 := A - 1 */
if (!BN_copy(A1, A))
goto err;
if (!BN_sub_word(A1, 1))
goto err;
if (BN_is_zero(A1))
{
ret = 0;
goto err;
}
/* write A1 as A1_odd * 2^k */
k = 1;
while (!BN_is_bit_set(A1, k))
k++;
if (!BN_rshift(A1_odd, A1, k))
goto err;
/* Montgomery setup for computations mod A */
mont = BN_MONT_CTX_new();
if (mont == NULL)
goto err;
if (!BN_MONT_CTX_set(mont, A, ctx))
goto err;
for (i = 0; i < checks; i++)
{
if (!BN_pseudo_rand_range(check, A1))
goto err;
if (!BN_add_word(check, 1))
goto err;
/* now 1 <= check < A */
j = witness(check, A, A1, A1_odd, k, ctx, mont);
if (j == -1) goto err;
if (j)
{
ret=0;
goto err;
}
if (callback != NULL) callback(1,i,cb_arg);
}
ret=1;
err:
if (ctx != NULL)
{
BN_CTX_end(ctx);
if (ctx_passed == NULL)
BN_CTX_free(ctx);
}
if (mont != NULL)
BN_MONT_CTX_free(mont);
return(ret);
}
int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
int do_trial_division, BN_GENCB *cb) {
int i, j, ret = -1;
int k;
BN_CTX *ctx = NULL;
BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
BN_MONT_CTX *mont = NULL;
const BIGNUM *A = NULL;
if (BN_cmp(a, BN_value_one()) <= 0) {
return 0;
}
if (checks == BN_prime_checks) {
checks = BN_prime_checks_for_size(BN_num_bits(a));
}
/* first look for small factors */
if (!BN_is_odd(a)) {
/* a is even => a is prime if and only if a == 2 */
return BN_is_word(a, 2);
}
if (do_trial_division) {
for (i = 1; i < NUMPRIMES; i++) {
if (BN_mod_word(a, primes[i]) == 0) {
return 0;
}
}
if (!BN_GENCB_call(cb, 1, -1)) {
goto err;
}
}
if (ctx_passed != NULL) {
ctx = ctx_passed;
} else if ((ctx = BN_CTX_new()) == NULL) {
goto err;
}
BN_CTX_start(ctx);
/* A := abs(a) */
if (a->neg) {
BIGNUM *t = BN_CTX_get(ctx);
if (t == NULL || !BN_copy(t, a)) {
goto err;
}
t->neg = 0;
A = t;
} else {
A = a;
}
A1 = BN_CTX_get(ctx);
A1_odd = BN_CTX_get(ctx);
check = BN_CTX_get(ctx);
if (check == NULL) {
goto err;
}
/* compute A1 := A - 1 */
if (!BN_copy(A1, A)) {
goto err;
}
if (!BN_sub_word(A1, 1)) {
goto err;
}
if (BN_is_zero(A1)) {
ret = 0;
goto err;
}
/* write A1 as A1_odd * 2^k */
k = 1;
while (!BN_is_bit_set(A1, k)) {
k++;
}
if (!BN_rshift(A1_odd, A1, k)) {
goto err;
}
/* Montgomery setup for computations mod A */
mont = BN_MONT_CTX_new();
if (mont == NULL) {
goto err;
}
if (!BN_MONT_CTX_set(mont, A, ctx)) {
goto err;
}
for (i = 0; i < checks; i++) {
if (!BN_pseudo_rand_range(check, A1)) {
goto err;
}
if (!BN_add_word(check, 1)) {
goto err;
}
/* now 1 <= check < A */
j = witness(check, A, A1, A1_odd, k, ctx, mont);
if (j == -1) {
goto err;
}
if (j) {
ret = 0;
goto err;
}
if (!BN_GENCB_call(cb, 1, i)) {
goto err;
}
}
ret = 1;
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
if (ctx_passed == NULL) {
BN_CTX_free(ctx);
}
}
if (mont != NULL) {
BN_MONT_CTX_free(mont);
}
return ret;
}
int main(int argc, char *argv[])
{
int bitlens[] = { 8, 16, 32, 64, 128, 256, 512, 1024, 2048 };
BIGNUM *r_hw = BN_new();
BIGNUM *r_sw = BN_new();
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
BIGNUM *n = BN_new();
BigNumber *bn_r;
BigNumber *bn_a;
BigNumber *bn_b;
BigNumber *bn_n;
int i = 0;
int j = 0;
int fail = 0;
int total = 0;
BN_CTX *ctx = BN_CTX_new();
//bn_r = cop_bn_new_sz(256);
for (j = 0; j < (sizeof(bitlens) / sizeof(int)); j++) {
for (i = 0; i < NUM_TESTS; i++) {
//printf("test %d-%d\n", i, j);
// Generate random parameters
BN_pseudo_rand(n, bitlens[j], 0, 1);
BN_pseudo_rand(b, bitlens[j], 0, 0);
BN_pseudo_rand_range(a, n);
// Setup bignumbers
size_t a_sz = BN_num_bytes(a);
if (a_sz) {
bn_a = cop_bn_new_sz(BN_num_bytes(a));
BN_bn2bin(a, bn_a->number);
} else {
bn_a = cop_bn_new_int(0);
}
bn_b = cop_bn_new_sz(BN_num_bytes(b));
bn_n = cop_bn_new_sz(BN_num_bytes(n));
BN_bn2bin(b, bn_b->number);
BN_bn2bin(n, bn_n->number);
// Perform tests
TEST_CASE_ASYM(mod_add, madd);
TEST_CASE_ASYM(mod_sub, msub);
TEST_CASE_ASYM(mod_mul, mmul);
TEST_CASE_ASYM(mod_exp, mex);
// Free memory
cop_bn_free(bn_a);
cop_bn_free(bn_b);
cop_bn_free(bn_n);
}
}
cop_bn_free(bn_r);
BN_free(r_hw);
BN_free(r_sw);
BN_free(a);
BN_free(b);
BN_free(n);
BN_CTX_free(ctx);
printf("=== %s: %d/%d failures ===\n", argv[0], fail, total);
return fail;
}
