[u/mdw/catacomb] / pgen-safe.c

/* -*-c-*-
 *
 * $Id: pgen-safe.c,v 1.2 2000/02/12 18:21:03 mdw Exp $
 *
 * Safe prime generation
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: pgen-safe.c,v $
 * Revision 1.2  2000/02/12 18:21:03  mdw
 * Overhaul of key management (again).
 *
 * Revision 1.1  1999/12/22 16:01:34  mdw
 * Find `safe' primes (i.e., %$p = 2q + 1$%).
 *
 */

/*----- Header files ------------------------------------------------------*/

#include "mp.h"
#include "mprand.h"
#include "pgen.h"

/*----- Main code ---------------------------------------------------------*/

/* --- @pgen_safestep@ --- *
 *
 * Steps two numbers, %$q$% and %$p = 2q + 1$%, such that neither has any
 * small factors.  %$p$% is put in the event block.
 */

int pgen_safestep(int rq, pgen_event *ev, void *p)
{
  pgen_safestepctx *c = p;
  int rc = PGEN_ABORT, qrc = 0;

  switch (rq) {

    /* --- Set up the contexts --- */

    case PGEN_BEGIN: {
      mp *p = mp_split(MP_COPY(ev->m));
      mp *q;
      p->v[0] |= 3;
      q = mp_lsr(MP_NEW, p, 1);
      rc = pfilt_create(&c->p, p);
      qrc = pfilt_create(&c->q, q);
      mp_drop(p); mp_drop(q);
    } break;

    /* --- Step along --- */

    case PGEN_TRY:
      mp_drop(ev->m);
      rc = pfilt_step(&c->p, 4);
      qrc = pfilt_step(&c->q, 2);
      break;

      break;

    /* --- Tidy the toys away --- */

    case PGEN_DONE:
      pfilt_destroy(&c->q);
      pfilt_destroy(&c->p);
      return (PGEN_DONE);
  }

  /* --- Continue stepping if necessary --- */

  while (rc == PGEN_FAIL || qrc == PGEN_FAIL) {
    rc = pfilt_step(&c->p, 4);
    qrc = pfilt_step(&c->q, 2);
  }

  ev->m = MP_COPY(c->p.m);
  if (qrc == PGEN_TRY)
    rc = PGEN_TRY;
  return (rc);
}

/* --- @pgen_safejump@ --- *
 *
 * Jumps two numbers, %$q$% and %$p = 2q + 1$% such that neither has any
 * small factors.
 */

int pgen_safejump(int rq, pgen_event *ev, void *p)
{
  pgen_safejumpctx *j = p;
  int rc = PGEN_ABORT, qrc = 0;

  switch (rq) {

    /* --- Set up the jump contexts --- *
     *
     * The jump in @j.q@ is congruent to 2 (mod 4); see @strongprime_setup@.
     * If @p@ is initially 1 (mod 4) then add @j.q@.  Then double @j.q@ to
     * ensure that the step is 0 (mod 4).
     */

    case PGEN_BEGIN: {
      mp *p = ev->m;
      mp *q;
      if ((p->v[0] & 3) != 3)
	p = mp_add(p, p, j->jq.m);
      rc = pfilt_create(&j->p, p);
      pfilt_muladd(&j->jp, &j->jq, 2, 0);
      q = mp_lsr(MP_NEW, p, 1);
      qrc = pfilt_create(&j->q, q);
      mp_drop(p);
      mp_drop(q);
    } break;

    /* --- Step on one place --- */

    case PGEN_TRY:
      mp_drop(ev->m);
      rc = pfilt_jump(&j->p, &j->jp);
      qrc = pfilt_jump(&j->q, &j->jq);
      break;

    /* --- Tidy everything up --- */

    case PGEN_DONE:
      pfilt_destroy(&j->jp);
      pfilt_destroy(&j->p);
      pfilt_destroy(&j->q);
      return (PGEN_DONE);
  }

  /* --- Step on while @p@ or @q@ have small factors --- */

  while (rc == PGEN_FAIL || qrc == PGEN_FAIL) {
    rc = pfilt_jump(&j->p, &j->jp);
    qrc = pfilt_jump(&j->q, &j->jq);
  }
  ev->m = MP_COPY(j->p.m);
  if (qrc == PGEN_TRY)
    rc = PGEN_TRY;
  return (rc);
}

/* --- @pgen_safetest@ --- *
 *
 * Applies Rabin-Miller tests to %$p$% and %$q$%.
 */

int pgen_safetest(int rq, pgen_event *ev, void *p)
{
  pgen_safetestctx *c = p;
  int rc = PGEN_ABORT;

  switch (rq) {
    case PGEN_BEGIN:
      rabin_create(&c->q, c->c.q.m);
      rabin_create(&c->p, c->c.p.m);
      rc = PGEN_TRY;
      break;
    case PGEN_TRY: {
      mp *m = mprand_range(MP_NEW, c->c.q.m, ev->r, 0);
      rc = rabin_test(&c->p, m);
      if (rc == PGEN_PASS)
	rc = rabin_test(&c->q, m);
      mp_drop(m);
    } break;
    case PGEN_DONE:
      rabin_destroy(&c->q);
      rabin_destroy(&c->p);
      break;
  }
  return (rc);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
1c42b462	1	/* --c--
1c42b462	2	*
052b36d0	3	* $Id: pgen-safe.c,v 1.2 2000/02/12 18:21:03 mdw Exp $
1c42b462	4	*
	5	* Safe prime generation
	6	*
	7	* (c) 1999 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
	18	*
	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Revision history --------------------------------------------------
	31	*
	32	* $Log: pgen-safe.c,v $
052b36d0	33	* Revision 1.2 2000/02/12 18:21:03 mdw
	34	* Overhaul of key management (again).
	35	*
1c42b462	36	* Revision 1.1 1999/12/22 16:01:34 mdw
	37	* Find `safe' primes (i.e., %$p = 2q + 1$%).
	38	*
	39	*/
	40
	41	/----- Header files ------------------------------------------------------/
	42
	43	#include "mp.h"
	44	#include "mprand.h"
	45	#include "pgen.h"
	46
	47	/----- Main code ---------------------------------------------------------/
	48
	49	/* --- @pgen_safestep@ --- *
	50	*
	51	* Steps two numbers, %$q$% and %$p = 2q + 1$%, such that neither has any
	52	* small factors. %$p$% is put in the event block.
	53	*/
	54
	55	int pgen_safestep(int rq, pgen_event ev, void p)
	56	{
	57	pgen_safestepctx *c = p;
052b36d0	58	int rc = PGEN_ABORT, qrc = 0;
1c42b462	59
1c42b462	60	switch (rq) {
052b36d0	61
	62	/* --- Set up the contexts --- */
	63
1c42b462	64	case PGEN_BEGIN: {
	65	mp *p = mp_split(MP_COPY(ev->m));
	66	mp *q;
	67	p->v[0] \|= 3;
	68	q = mp_lsr(MP_NEW, p, 1);
052b36d0	69	rc = pfilt_create(&c->p, p);
1c42b462	70	qrc = pfilt_create(&c->q, q);
052b36d0	71	mp_drop(p); mp_drop(q);
	72	} break;
	73
	74	/* --- Step along --- */
	75
1c42b462	76	case PGEN_TRY:
1c42b462	77	mp_drop(ev->m);
052b36d0	78	rc = pfilt_step(&c->p, 4);
	79	qrc = pfilt_step(&c->q, 2);
	80	break;
	81
1c42b462	82	break;
052b36d0	83
	84	/* --- Tidy the toys away --- */
	85
1c42b462	86	case PGEN_DONE:
	87	pfilt_destroy(&c->q);
	88	pfilt_destroy(&c->p);
052b36d0	89	return (PGEN_DONE);
	90	}
	91
	92	/* --- Continue stepping if necessary --- */
	93
	94	while (rc == PGEN_FAIL \|\| qrc == PGEN_FAIL) {
	95	rc = pfilt_step(&c->p, 4);
	96	qrc = pfilt_step(&c->q, 2);
	97	}
	98
	99	ev->m = MP_COPY(c->p.m);
	100	if (qrc == PGEN_TRY)
	101	rc = PGEN_TRY;
	102	return (rc);
	103	}
	104
	105	/* --- @pgen_safejump@ --- *
	106	*
	107	* Jumps two numbers, %$q$% and %$p = 2q + 1$% such that neither has any
	108	* small factors.
	109	*/
	110
	111	int pgen_safejump(int rq, pgen_event ev, void p)
	112	{
	113	pgen_safejumpctx *j = p;
	114	int rc = PGEN_ABORT, qrc = 0;
	115
	116	switch (rq) {
	117
	118	/* --- Set up the jump contexts --- *
	119	*
	120	* The jump in @j.q@ is congruent to 2 (mod 4); see @strongprime_setup@.
	121	* If @p@ is initially 1 (mod 4) then add @j.q@. Then double @j.q@ to
	122	* ensure that the step is 0 (mod 4).
	123	*/
	124
	125	case PGEN_BEGIN: {
	126	mp *p = ev->m;
	127	mp *q;
	128	if ((p->v[0] & 3) != 3)
	129	p = mp_add(p, p, j->jq.m);
	130	rc = pfilt_create(&j->p, p);
	131	pfilt_muladd(&j->jp, &j->jq, 2, 0);
	132	q = mp_lsr(MP_NEW, p, 1);
	133	qrc = pfilt_create(&j->q, q);
	134	mp_drop(p);
	135	mp_drop(q);
	136	} break;
	137
	138	/* --- Step on one place --- */
	139
	140	case PGEN_TRY:
	141	mp_drop(ev->m);
	142	rc = pfilt_jump(&j->p, &j->jp);
	143	qrc = pfilt_jump(&j->q, &j->jq);
1c42b462	144	break;
052b36d0	145
	146	/* --- Tidy everything up --- */
	147
	148	case PGEN_DONE:
	149	pfilt_destroy(&j->jp);
	150	pfilt_destroy(&j->p);
	151	pfilt_destroy(&j->q);
	152	return (PGEN_DONE);
1c42b462	153	}
052b36d0	154
	155	/* --- Step on while @p@ or @q@ have small factors --- */
	156
	157	while (rc == PGEN_FAIL \|\| qrc == PGEN_FAIL) {
	158	rc = pfilt_jump(&j->p, &j->jp);
	159	qrc = pfilt_jump(&j->q, &j->jq);
	160	}
	161	ev->m = MP_COPY(j->p.m);
	162	if (qrc == PGEN_TRY)
	163	rc = PGEN_TRY;
	164	return (rc);
1c42b462	165	}
	166
	167	/* --- @pgen_safetest@ --- *
	168	*
	169	* Applies Rabin-Miller tests to %$p$% and %$q$%.
	170	*/
	171
	172	int pgen_safetest(int rq, pgen_event ev, void p)
	173	{
	174	pgen_safetestctx *c = p;
	175	int rc = PGEN_ABORT;
	176
	177	switch (rq) {
	178	case PGEN_BEGIN:
	179	rabin_create(&c->q, c->c.q.m);
	180	rabin_create(&c->p, c->c.p.m);
	181	rc = PGEN_TRY;
	182	break;
	183	case PGEN_TRY: {
	184	mp *m = mprand_range(MP_NEW, c->c.q.m, ev->r, 0);
	185	rc = rabin_test(&c->p, m);
	186	if (rc == PGEN_PASS)
	187	rc = rabin_test(&c->q, m);
	188	mp_drop(m);
	189	} break;
	190	case PGEN_DONE:
	191	rabin_destroy(&c->q);
	192	rabin_destroy(&c->p);
	193	break;
	194	}
	195	return (rc);
	196	}
	197
	198	/----- That's all, folks -------------------------------------------------/