[u/mdw/catacomb] / dh-kcdsa.c

/* -*-c-*-
 *
 * $Id$
 *
 * Generate KCDSA prime groups
 *
 * (c) 2006 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#include <mLib/macros.h>

#include "dh.h"
#include "mprand.h"
#include "pgen.h"
#include "prim.h"

/*----- Main code ---------------------------------------------------------*/

/* --- @dh_kcdsagen@ --- *
 *
 * Arguments:	@dh_param *dp@ = pointer to output parameter block
 *		@unsigned ql@ = size of small factor of %$(p - 1)/2$%
 *		@unsigned pl@ = size of %$p$% in bits
 *		@unsigned flags@ = other generation flags
 *		@unsigned steps@ = number of steps to go
 *		@grand *r@ = random number source
 *		@pgen_proc *ev@ = event handler function
 *		@void *ec@ = context for the event handler
 *
 * Returns:	@PGEN_DONE@ if it worked, @PGEN_ABORT@ if it failed.
 *
 * Use:		Generates a KCDSA prime group.  That is, it chooses a prime
 *		%$p$%, such that $%p = 2 q v + 1$%, for primes %$q$% and
 *		%$v$%.  The actual group of interest is the subgroup of order
 *		%$q$%.
 */

int dh_kcdsagen(dh_param *dp, unsigned ql, unsigned pl,
		unsigned flags, unsigned steps, grand *r,
		pgen_proc *ev, void *ec)
{
  pgen_filterctx pf;
  pgen_simulprime sp[2];
  pgen_simulctx ss;
  prim_ctx pc;
  rabin rb;
  int rc = PGEN_ABORT;
  int i;
  mp *x;

  /* --- First trick: find %$q$% --- */

  pf.step = 2;
  x = mprand(MP_NEW, pl - ql, r, 1);
  x = pgen("v", x, x, ev, ec,
	   steps, pgen_filter, &pf,
	   rabin_iters(pl - ql), pgen_test, &rb);
  if (!x)
    goto fail_0;

  /* --- Second trick: find %$p$% and %$v$% --- */

  x = mp_lsl(x, x, 1);
  sp[0].add = MP_ZERO; sp[0].mul = MP_ONE; sp[0].f = 0;
  sp[1].add = MP_ONE; sp[1].mul = x; sp[1].f = PGENF_KEEP;
  ss.step = MP_TWO; ss.v = sp; ss.n = N(sp);
  x = mprand(MP_NEW, ql, r, 1);
  dp->q = pgen("p", MP_NEW, x, ev, ec,
	       steps, pgen_simulstep, &ss,
	       rabin_iters(ql), pgen_simultest, &ss);
  mp_drop(sp[0].mul);
  if (!dp->q)
    goto fail_1;
  dp->p = sp[1].u.x;

  /* --- Third trick: find a generator --- */

  mpmont_create(&pc.mm, dp->p);
  mp_div(&x, 0, dp->p, dp->q);
  i = 0;
  pc.exp = x;
  pc.n = 0;
  dp->g = pgen("g", MP_NEW, MP_NEW, ev, ec,
	       0, prim_step, &i, 1, prim_test, &pc);
  mpmont_destroy(&pc.mm);
  if (!dp->g)
    goto fail_2;

  rc = PGEN_DONE;
  goto done;

  /* --- Tidying up and going home --- */

fail_2:
  mp_drop(dp->p);
fail_1:
fail_0:
done:
  mp_drop(x);
  return (rc);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
4e67e30b MW	1	/* --c--
	2	*
	3	* $Id$
	4	*
	5	* Generate KCDSA prime groups
	6	*
	7	* (c) 2006 Straylight/Edgeware
	8	*/
	9
45c0fd36	10	/----- Licensing notice --------------------------------------------------
4e67e30b MW	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
45c0fd36	18	*
4e67e30b MW	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
45c0fd36	23	*
4e67e30b MW	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Header files ------------------------------------------------------/
	31
	32	#include <mLib/macros.h>
	33
	34	#include "dh.h"
	35	#include "mprand.h"
	36	#include "pgen.h"
	37	#include "prim.h"
	38
	39	/----- Main code ---------------------------------------------------------/
	40
	41	/* --- @dh_kcdsagen@ --- *
	42	*
	43	* Arguments: @dh_param *dp@ = pointer to output parameter block
	44	* @unsigned ql@ = size of small factor of %$(p - 1)/2$%
	45	* @unsigned pl@ = size of %$p$% in bits
	46	* @unsigned flags@ = other generation flags
	47	* @unsigned steps@ = number of steps to go
	48	* @grand *r@ = random number source
	49	* @pgen_proc *ev@ = event handler function
	50	* @void *ec@ = context for the event handler
	51	*
	52	* Returns: @PGEN_DONE@ if it worked, @PGEN_ABORT@ if it failed.
	53	*
	54	* Use: Generates a KCDSA prime group. That is, it chooses a prime
	55	* %$p$%, such that $%p = 2 q v + 1$%, for primes %$q$% and
	56	* %$v$%. The actual group of interest is the subgroup of order
	57	* %$q$%.
	58	*/
	59
	60	int dh_kcdsagen(dh_param *dp, unsigned ql, unsigned pl,
	61	unsigned flags, unsigned steps, grand *r,
	62	pgen_proc ev, void ec)
	63	{
	64	pgen_filterctx pf;
	65	pgen_simulprime sp[2];
	66	pgen_simulctx ss;
	67	prim_ctx pc;
	68	rabin rb;
	69	int rc = PGEN_ABORT;
	70	int i;
	71	mp *x;
	72
	73	/* --- First trick: find %$q$% --- */
	74
	75	pf.step = 2;
23aec1b4 MW	76	x = mprand(MP_NEW, pl - ql, r, 1);
	77	x = pgen("v", x, x, ev, ec,
	78	steps, pgen_filter, &pf,
	79	rabin_iters(pl - ql), pgen_test, &rb);
	80	if (!x)
4e67e30b MW	81	goto fail_0;
	82
	83	/* --- Second trick: find %$p$% and %$v$% --- */
	84
23aec1b4	85	x = mp_lsl(x, x, 1);
4e67e30b MW	86	sp[0].add = MP_ZERO; sp[0].mul = MP_ONE; sp[0].f = 0;
	87	sp[1].add = MP_ONE; sp[1].mul = x; sp[1].f = PGENF_KEEP;
	88	ss.step = MP_TWO; ss.v = sp; ss.n = N(sp);
23aec1b4 MW	89	x = mprand(MP_NEW, ql, r, 1);
	90	dp->q = pgen("p", MP_NEW, x, ev, ec,
	91	steps, pgen_simulstep, &ss,
	92	rabin_iters(ql), pgen_simultest, &ss);
4e67e30b	93	mp_drop(sp[0].mul);
23aec1b4	94	if (!dp->q)
4e67e30b MW	95	goto fail_1;
	96	dp->p = sp[1].u.x;
	97
	98	/* --- Third trick: find a generator --- */
	99
	100	mpmont_create(&pc.mm, dp->p);
	101	mp_div(&x, 0, dp->p, dp->q);
	102	i = 0;
	103	pc.exp = x;
	104	pc.n = 0;
	105	dp->g = pgen("g", MP_NEW, MP_NEW, ev, ec,
	106	0, prim_step, &i, 1, prim_test, &pc);
	107	mpmont_destroy(&pc.mm);
	108	if (!dp->g)
	109	goto fail_2;
	110
	111	rc = PGEN_DONE;
	112	goto done;
	113
	114	/* --- Tidying up and going home --- */
	115
	116	fail_2:
	117	mp_drop(dp->p);
	118	fail_1:
4e67e30b MW	119	fail_0:
	120	done:
	121	mp_drop(x);
	122	return (rc);
	123	}
	124
	125	/----- That's all, folks -------------------------------------------------/