void
mpz_true_random (mpz_t s, unsigned long int nbits)
{
#if __FreeBSD__
FILE *fs;
char c[1];
int i;
mpz_set_ui (s, 0);
for (i = 0; i < nbits; i += 8)
{
for (;;)
{
int nread;
fs = fopen ("/dev/random", "r");
nread = fread (c, 1, 1, fs);
fclose (fs);
if (nread != 0)
break;
sleep (1);
}
mpz_mul_2exp (s, s, 8);
mpz_add_ui (s, s, ((unsigned long int) c[0]) & 0xff);
printf ("%d random bits\n", i + 8);
}
if (nbits % 8 != 0)
mpz_mod_2exp (s, s, nbits);
#endif
}
/***************************************************************
* This function casts an mpz_t to an unsigned long long. We
* need this function in order to return the mpz_t value due to
* the difficulty of passing the value of the mpz_t function.
***************************************************************/
unsigned long long mpz_get_ull(mpz_t n)
{
unsigned int lo, hi;
mpz_t tmp;
mpz_init( tmp );
mpz_mod_2exp( tmp, n, 64 ); /* tmp = (lower 64 bits of n) */
lo = mpz_get_ui( tmp ); /* lo = tmp & 0xffffffff */
mpz_div_2exp( tmp, tmp, 32 ); /* tmp >>= 32 */
hi = mpz_get_ui( tmp ); /* hi = tmp & 0xffffffff */
mpz_clear( tmp );
return (((unsigned long long)hi) << 32) + lo;
}
uint64 mpz2uint64(mpz_t n)
{
unsigned int lo, hi;
mpz_t tmp;
mpz_init( tmp );
mpz_mod_2exp( tmp, n, 64 );
lo = mpz_get_ui( tmp );
mpz_div_2exp( tmp, tmp, 32 );
hi = mpz_get_ui( tmp );
mpz_clear( tmp );
return (((uint64)hi) << 32) + lo;
}
void rsa_random_integer(MP_INT *ret, RandomState *state, unsigned int bits)
{
unsigned int bytes = (bits + 7) / 8;
char *str = xmalloc(bytes * 2 + 1);
unsigned int i;
/* We first create a random hex number of the desired size, and then
convert it to a mp-int. */
for (i = 0; i < bytes; i++)
sprintf(str + 2 * i, "%02x", random_get_byte(state));
/* Convert it to the internal representation. */
if (mpz_set_str(ret, str, 16) < 0)
fatal("Intenal error, mpz_set_str returned error");
/* Clear extra data. */
memset(str, 0, 2 * bytes);
xfree(str);
/* Reduce it to the desired number of bits. */
mpz_mod_2exp(ret, ret, bits);
}
int
main (int argc, char *argv[])
{
const char usage[] = "usage: findlc [-dv] m2exp [low_merit [high_merit]]\n";
int f;
int v_lose, m_lose, v_best, m_best;
int c;
int debug = 1;
int cnt_high_merit;
mpz_t m;
unsigned long int m2exp;
#define DIMS 6 /* dimensions run in spectral test */
mpf_t v[DIMS-1]; /* spectral test result (there's no v
for 1st dimension */
mpf_t f_merit, low_merit, high_merit;
mpz_t acc, minus8;
mpz_t min, max;
mpz_t s;
mpz_init (m);
mpz_init (a);
for (f = 0; f < DIMS-1; f++)
mpf_init (v[f]);
mpf_init (f_merit);
mpf_init_set_d (low_merit, .1);
mpf_init_set_d (high_merit, .1);
while ((c = getopt (argc, argv, "a:di:hv")) != -1)
switch (c)
{
case 'd': /* debug */
g_debug++;
break;
case 'v': /* print version */
puts (rcsid[1]);
exit (0);
case 'h':
case '?':
default:
fputs (usage, stderr);
exit (1);
}
argc -= optind;
argv += optind;
if (argc < 1)
{
fputs (usage, stderr);
exit (1);
}
/* Install signal handler. */
if (SIG_ERR == signal (SIGSEGV, sh_status))
{
perror ("signal (SIGSEGV)");
exit (1);
}
if (SIG_ERR == signal (SIGHUP, sh_status))
{
perror ("signal (SIGHUP)");
exit (1);
}
printf ("findlc: version: %s\n", rcsid[1]);
m2exp = atol (argv[0]);
mpz_init_set_ui (m, 1);
mpz_mul_2exp (m, m, m2exp);
printf ("m = 0x");
mpz_out_str (stdout, 16, m);
puts ("");
if (argc > 1) /* have low_merit */
mpf_set_str (low_merit, argv[1], 0);
if (argc > 2) /* have high_merit */
mpf_set_str (high_merit, argv[2], 0);
if (debug)
{
fprintf (stderr, "low_merit = ");
mpf_out_str (stderr, 10, 2, low_merit);
fprintf (stderr, "; high_merit = ");
mpf_out_str (stderr, 10, 2, high_merit);
fputs ("\n", stderr);
}
mpz_init (minus8);
mpz_set_si (minus8, -8L);
mpz_init_set_ui (acc, 0);
mpz_init (s);
mpz_init_set_d (min, 0.01 * pow (2.0, (double) m2exp));
mpz_init_set_d (max, 0.99 * pow (2.0, (double) m2exp));
mpz_true_random (s, m2exp); /* Start. */
mpz_setbit (s, 0); /* Make it odd. */
v_best = m_best = 2*(DIMS-1);
for (;;)
{
mpz_add (acc, acc, s);
mpz_mod_2exp (acc, acc, m2exp);
#if later
mpz_and_si (a, acc, -8L);
#else
mpz_and (a, acc, minus8);
#endif
mpz_add_ui (a, a, 5);
if (mpz_cmp (a, min) <= 0 || mpz_cmp (a, max) >= 0)
continue;
spectral_test (v, DIMS, a, m);
for (f = 0, v_lose = m_lose = 0, cnt_high_merit = DIMS-1;
f < DIMS-1; f++)
{
merit (f_merit, f + 2, v[f], m);
if (mpf_cmp_ui (v[f], 1 << (30 / (f + 2) + (f == 2))) < 0)
v_lose++;
if (mpf_cmp (f_merit, low_merit) < 0)
m_lose++;
if (mpf_cmp (f_merit, high_merit) >= 0)
cnt_high_merit--;
}
if (0 == v_lose && 0 == m_lose)
{
mpz_out_str (stdout, 10, a); puts (""); fflush (stdout);
if (0 == cnt_high_merit)
break; /* leave loop */
}
if (v_lose < v_best)
{
v_best = v_lose;
printf ("best (v_lose=%d; m_lose=%d): ", v_lose, m_lose);
mpz_out_str (stdout, 10, a); puts (""); fflush (stdout);
}
if (m_lose < m_best)
{
m_best = m_lose;
printf ("best (v_lose=%d; m_lose=%d): ", v_lose, m_lose);
mpz_out_str (stdout, 10, a); puts (""); fflush (stdout);
}
}
mpz_clear (m);
mpz_clear (a);
for (f = 0; f < DIMS-1; f++)
mpf_clear (v[f]);
mpf_clear (f_merit);
mpf_clear (low_merit);
mpf_clear (high_merit);
printf ("done.\n");
return 0;
}
void ECDSA_verify_sign_file(char * path, ptr_curve_t E, ptr_point_t G, ptr_point_t Q, mpz_t r, mpz_t s)
{
mpz_t n;
mpz_init(n);
mpz_ui_pow_ui(n,2,M);
if(mpz_cmp(s,n)<0 && mpz_cmp_ui(s,0)>0)
{
printf("\t s is in ]0,n-1]\n");
}
else
{
printf("\t s isn't ]0,n-1]\n");
printf("\t signature is false\n");
return;
}
if(mpz_cmp(r,n)<0 && mpz_cmp_ui(r,0)>0)
{
printf("\t r is in ]0,n-1]\n");
}
else
{
printf("\t r isn't ]0,n-1]\n");
printf("\t signature is false\n");
return;
}
//sha-256 de m
mpz_t z;
char buffer[65];
char buffer_M[40];
//z = Hex_to_int(sha-256(M))
sha256_file(path,buffer);
strncpy(buffer_M,buffer,40);
mpz_init_set_str(z,buffer_M,16);
/*if(DEBUG)*/gmp_printf("\t\tn = %Zd\n",n);
/*if(DEBUG)*/gmp_printf("\t\tz = %Zd\n",z);
/*if(DEBUG)*/gmp_printf("\t\tr = %Zd\n",r);
/*if(DEBUG)*/gmp_printf("\t\ts = %Zd\n",s);
//w = s^-1 mod n
mpz_t w;
mpz_init(w);
mpz_invert(w,s,n);
//u1 = zw mod n & u2 = rw mod n
mpz_t u1, u2, r0;
mpz_init(u1);
mpz_init(u2);
mpz_init(r0);
mpz_mul(r0,z,w);
mpz_mod_2exp(u1,r0,M);
mpz_mul(r0,r,w);
mpz_mod_2exp(u2,r0,M);
//(x1,y1) = u1 G + u2 Q
point_t R;
point_init(&R);
point_t GQ;
point_init(&GQ);
addition_point_CE(E,G,Q,&GQ);
bases_t g_bases, q_bases;
bases_init(g_bases);
bases_init(q_bases);
int_to_bases(u1,g_bases);
int_to_bases(u2,q_bases);
/*if(DEBUG)*/gmp_printf("\t\tw = %Zd\n",w);
/*if(DEBUG)*/gmp_printf("\t\tu1 = %Zd\n",u1);
/*if(DEBUG)*/gmp_printf("\t\tu2 = %Zd\n",u2);
multiple_addition_point_CE(E,g_bases,G,q_bases,Q,&GQ,&R);
//res = R_x1 mod n (if r = res true else false sign)
mpz_t res, x1;
mpz_init(res);
mpz_init(x1);
bases_to_int(R._x,x1);
mpz_mod(res,x1,n);
if(mpz_cmp(res,r) == 0)
{
printf("\t signature is true\n");
}
else
{
printf("\t signature is false\n");
}
}//ECDSA_verify_sign_file()
void ECDSA_sign_file (char * path, ptr_curve_t E, ptr_point_t G, ptr_point_t Q, bases_t d_bases, mpz_t r, mpz_t s)
{
printf("\n\tStrat EC-DSA algo\n");
mpz_t k_inv, r0, r1, r2, n, d, k, z, x1;
mpz_init(k_inv);
mpz_init(r0);
mpz_init(r1);
mpz_init(r2);
mpz_init(s);
mpz_init(k);
mpz_init(z);
mpz_init(x1);
mpz_init(r);
bases_t k_bases;
bases_init(k_bases);
point_t X;
point_init(&X);
//sha-256 de m
char buffer[65];
char buffer_M[40];
mpz_init(n);
mpz_ui_pow_ui(n,2,M);
mpz_init(d);
bases_to_int(d_bases,d);
mpz_t seed;
mpz_init_set_str(seed,"85e25bfe5c86226cdb12016f7553f9d0e693a268",16);
gmp_randstate_t rand_stat;
gmp_randinit_default(rand_stat);
gmp_randseed(rand_stat,seed);
//gmp_randseed_ui(rand_stat,time(NULL));
//k*G=(x1,y1) (un scalaire fois un point)
int step_3 = 0;
while(!step_3)
{
mpz_urandomb(k,rand_stat,M);
if(DEBUG)gmp_printf("%Zd\n",k);
int_to_bases(k,k_bases);
multiple_point_CE(E,G,k_bases,&X);
if(DEBUG)point_print(&X,"X");
//r=x1 mod n (x1 est transformé en integer)
bases_to_int(X._x,x1);
if(DEBUG)gmp_printf("%Zd\n",x1);
mpz_mod_2exp(r,x1,M);
if(mpz_cmp_ui(r,0)<=0)
{
printf("\tRestart EC-DSA algo because r = 0\n");
continue;
}
if(DEBUG)gmp_printf("r = x1 mod n, r = %Zd\n", r);
//z = Hex_to_int(sha-256(M))
sha256_file(path,buffer);
strncpy(buffer_M,buffer,40);
mpz_init_set_str(z,buffer_M,16);
//s= k^-1(z+r*d) mod n (multiplication d'integers)
mpz_invert(k_inv,k,n);
mpz_mul(r0,r,d);
mpz_add(r1,z,r0);
mpz_mul(r2,k_inv,r1);
mpz_mod_2exp(s,r2,M);
//if s = 0 go to step_3
if(mpz_cmp_ui(s,0)>0)
{
step_3 = 1;
}
else
{
printf("\tRestart EC-DSA algo because s = 0\n");
}
}
printf("\t\thash : sha-256(M) = %s\n", buffer);
gmp_printf("\t\tz = %Zd\n",z);
gmp_printf("\t\tr = %Zd\n",r);
gmp_printf("\t\ts = %Zd\n",s);
printf("\tEnd EC-DSA algo\n");
}//ECDSA_sign_file()
