dh_ctxt_t *dh_init(bn_t *p, bn_t *g) { dh_ctxt_t *res; bn_t *t; if (p == NULL || g == NULL) return NULL; assert(p->n == g->n); if ((res = (dh_ctxt_t *)mem_alloc(sizeof(dh_ctxt_t))) == NULL) return NULL; res->g = g; res->p = p; t = bn_copy(bn_alloc(p->n), p); bn_sub_ui(t, t, 2, p); // Check g \in [2, p - 2]. if (bn_cmp_ui(g, 2) < 0 || bn_cmp(g, t) > 0) goto outerr; // Generate c \in [1, p - 2]. res->c = bn_alloc(p->n); bn_rand_range(res->c, 1, p, 2); // C = g^c mod p res->C = bn_alloc(p->n); bn_pow_mod(res->C, res->g, res->c, p); goto outok; outerr:; mem_free(res); res = NULL; outok:; bn_free(t); return res; }
int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) { return bn_rand_range(1, r, range); }
int BN_rand_range(BIGNUM *r, const BIGNUM *range) { return bn_rand_range(0, r, range); }