int
main (int argc, char **argv)
{
random_update ();
bigint m, r, s1, s2;
barrett b;
for (int i = 120; i < 162; i++) {
m = random_bigint (i);
m.setbit (0, 1);
b.set (m);
for (int j = i - 33; j <= 2 * i; j++) {
r = random_bigint (j);
s1 = mod (r, m);
s2 = b.reduce (r);
if (s1 != s2)
panic << "r = " << r << "\n"
<< " " << s1 << "\n != " << s2 << "\n"
<< " ["
<< strbuf ("%*s", mpz_sizeinbase (&s1, 16),
bigint (abs (s1 - s2)).cstr ())
<< "]\n";
}
}
return 0;
}
paillier_priv
paillier_keygen (size_t nbits, size_t abits, u_int iter)
{
// Fast decryption
assert (nbits > 0);
assert (abits > 0);
assert (abits <= nbits);
random_init ();
size_t sbits = nbits - (2 * abits);
bigint n, p, q, a, g, k;
do {
a = random_prime (abits, odd_sieve, 2, iter);
bigint cp = random_bigint (sbits/2 + (sbits & 1));
bigint cq = random_bigint (sbits/2 + 1);
p = a * cp + 1;
while (!prime_test (p))
// p1 = a * (++c1) + 1
p += a;
q = a * cq + 1;
while (!prime_test (q))
// p2 = a * (++c2) + 1
q += a;
n = p * q;
} while (n.nbits () != nbits && n.nbits () != (nbits+1) || p == q);
paillier_gen (p, q, n, a, g, k);
if (p > q)
swap (p, q);
return paillier_priv (p, q, a, g, k, &n);
}
static dckey *
rw_keygen (size_t nbits, const char *extra)
{
rw_priv *sk = malloc (sizeof (*sk));
int bit2;
if (!sk)
return NULL;
mpz_init (sk->n);
mpz_init (sk->p);
mpz_init (sk->q);
mpz_init (sk->u);
mpz_init (sk->kp);
mpz_init (sk->kq);
do {
random_bigint (sk->p, (nbits+1)/2);
mpz_setbit (sk->p, 0);
mpz_setbit (sk->p, 1);
} while (!primecheck (sk->p));
bit2 = ~mpz_get_ui (sk->p) & 4;
do {
random_bigint (sk->q, nbits/2);
mpz_setbit (sk->q, 0);
mpz_setbit (sk->q, 1);
if (bit2)
mpz_setbit (sk->q, 2);
else
mpz_clrbit (sk->q, 2);
} while (!primecheck (sk->q));
rw_precompute (sk);
return &sk->key;
}
int
main (int argc, char **argv)
{
random_update ();
bigint r, s1, s2;
for (int i = 0; i < 1024; i++) {
r = random_bigint (rnd.getword () % 2048);
s1 = r * r;
mpz_square (&s2, &r);
if (s1 != s2)
panic << "r = " << r << "\n"
<< " " << s1 << "\n != " << s2 << "\n"
<< " ["
<< strbuf ("%*s", int (mpz_sizeinbase (&s1, 16)),
bigint (abs (s1 - s2)).cstr ())
<< "]\n";
}
return 0;
}
int
main (int argc, char **argv)
{
random_update ();
#define HMAC(k, m) \
do { \
u_char digest[sha1::hashsize]; \
sha1_hmac (digest, k, sizeof (k) - 1, m, sizeof (m) - 1); \
warn << "k = " << k << "\nm = " << m << "\n" \
<< hexdump (digest, sizeof (digest)) << "\n"; \
} while (0)
#define HMAC2(k, k2, m) \
do { \
u_char digest[sha1::hashsize]; \
sha1_hmac_2 (digest, k, sizeof (k) - 1, k2, sizeof (k2) - 1, \
m, sizeof (m) - 1); \
warn << "k = " << k << "\nm = " << m << "\n" \
<< hexdump (digest, sizeof (digest)) << "\n"; \
} while (0)
#if 0
HMAC ("Jefe", "what do ya want for nothing?");
HMAC ("\014\014\014\014\014\014\014\014\014\014\014\014\014\014\014\014\014\014\014\014", "Test With Truncation");
//HMAC2 ("Je", "fe", "what do ya want for nothing?");
#endif
bigint p ("c81698301db5fdba3c5fecfdd97ca952c1f0df3500740a567ecdb561555c8a34d0affcc99ae7a38b42d144373ae2f68b48064373b5baef7d25782fd07dc4b35f", 16);
bigint q ("d32d977062a62dccfc4a37a21b03fca098973b72860002a3c05084060fbaa81b5c0fc636902a2959fb5ffd3d8a4969fbe9e15037c35477c9789da0b74ef32e3f", 16);
bigint n ("a50e41c593b3b866bc4c72d0476611baab9bd54a22c62e11f536f87861ce592e7a101aea8652d3b949e66271b4497f91a861404eb5f3cba23f22b9b46fadda6cd327e3773eb23795e73ee06c16e5df18cf12e812fcd1bdbf3a4d7cca4fecd95fcbf248ac0534a3ebc67ebb06f9ca77d3ce1a5c4920da6d211b5f242e80d03661", 16);
rsa_pub rsapub (n);
str m ("a random string");
bigint c = rsapub.encrypt (m);
rsa_priv rsapriv (p, q);
m = rsapriv.decrypt (c, m.len ());
warn << "m " << m << "\n";
rsa_priv x (rsa_keygen (1024));
bigint pt (random_bigint (1019));
bigint ct, pt2;
BENCH (100000, ct = x.encrypt (pt));
BENCH (1000, pt = x.decrypt (ct));
#if 0
warn << pt.getstr (10) << "\n";
ct = x.encrypt (pt);
warn << ct.getstr (10) << "\n";;
pt2 = x.decrypt (ct);
warn << pt2.getstr (10) << "\n";
#endif
rabin_priv xx (rabin_keygen (1280, 2));
str pt3 ("plaintext message");
BENCH (100000, ct = xx.encrypt (pt3));
BENCH (1000, pt3 = xx.decrypt (ct, sizeof (pt3)));
#if 0
BENCH (100, ct = x.sign (pt3));
BENCH (1000, x.verify (pt3, ct));
BENCH (1000, ct = x.encrypt (pt3));
#endif
return 0;
}
int
main (int argc, char **argv)
{
random_update ();
bigint m, m2, r, r2, ri, s1, s2;
montgom b;
for (int i = 120; i < 162; i++) {
int res = 0;
m = random_bigint (i);
m.setbit (0, 1);
b.set (m);
m2 = m * b.getr ();
for (int j = i - 33; j <= 2 * i; j++) {
r = random_zn (m2);
r.trunc (j);
s1 = mod (r * b.getri (), m);
//s2 = b.mreduce (r);
b.mpz_mreduce (&s2, &r);
if (s1 != s2) {
res |= 1;
int sz = mpz_sizeinbase (&s1, 16);
panic << "mreduce failed\n"
<< " m = " << m << "\n"
<< " r = " << r << "\n"
<< " " << s1 << "\n != " << s2 << "\n"
<< " ["
<< strbuf ("%*s", sz, bigint (abs (s1 - s2)).cstr ())
<< "]\n";
}
}
// r = s1;
r = random_zn (m);
r2 = random_zn (m);
assert (r < m && r2 < m);
s1 = mod (r * r2 * b.getri (), m);
b.mpz_mmul (&s2, &r, &r2);
if (s1 != s2) {
res |= 2;
int sz = mpz_sizeinbase (&s1, 16);
panic << "mmul failed\n"
<< " m = " << m << "\n"
<< " r = " << r << "\n"
<< " " << s1 << "\n != " << s2 << "\n"
<< " ["
<< strbuf ("%*s", sz, bigint (abs (s1 - s2)).cstr ())
<< "]\n";
}
s1 = powm (r, r2, m);
b.mpz_powm (&s2, &r, &r2);
if (s1 != s2) {
res |= 4;
int sz = mpz_sizeinbase (&s1, 16);
panic << "powm failed\n"
<< " m = " << m << "\n"
<< " r = " << r << "\n"
<< " " << s1 << "\n != " << s2 << "\n"
<< " ["
<< strbuf ("%*s", sz, bigint (abs (s1 - s2)).cstr ())
<< "]\n";
}
#if 0
warn ("%s mreduce.. %d\n", (res&1) ? "fail" : "ok", i);
warn ("%s mmul.. %d\n", (res&2) ? "fail" : "ok", i);
warn ("%s powm.. %d\n", (res&4) ? "fail" : "ok", i);
#endif
}
return 0;
}
