X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/4f743df55ac05e51bc69aaabd188132f2f94543b..6a7dce9165a4a707382e49877334353618fcad9a:/bbs.h diff --git a/bbs.h b/bbs.h index 485fb76..30fb474 100644 --- a/bbs.h +++ b/bbs.h @@ -1,13 +1,13 @@ /* -*-c-*- * - * $Id: bbs.h,v 1.2 1999/12/22 15:52:08 mdw Exp $ + * $Id$ * * The Blum-Blum-Shub random bit generator * * (c) 1999 Straylight/Edgeware */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of Catacomb. * @@ -15,43 +15,32 @@ * it under the terms of the GNU Library General Public License as * published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. - * + * * Catacomb is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Library General Public License for more details. - * + * * You should have received a copy of the GNU Library General Public * License along with Catacomb; if not, write to the Free * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: bbs.h,v $ - * Revision 1.2 1999/12/22 15:52:08 mdw - * Rename `bbs_params' to `bbs_param' for consistency. - * - * Revision 1.1 1999/12/10 23:14:59 mdw - * Blum-Blum-Shub generator, and Blum-Goldwasser encryption. - * - */ - /*----- Notes on the BBS generator ----------------------------------------* * * The Blum-Blum-Shub generator takes the least significant bits from the * sequence %$x_i = x_{i - 1}^2 \bmod n$%, where %$n = pq$% is the product of * two primes %$p$% and %$q$%, each of which are congruent to %$3 \bmod 4$%. * For maximum period of the generator, %$(p - 1)/2$% and %$(q - 1)/1$% - * should be coprime. It is safe to use the least significant %$\log \log - * n$% bits of each step in the sequence -- an adversary must factor the - * modulus before being able to work forwards or backwards. The output of - * the generator cannot be distinguished from a (uniform, independent) random - * sequence of bits using any polynomial-time test. This is by far the - * strongest pseudorandom number generator provided in Catacomb, and by far - * the slowest too. For normal use, the standard Catacomb @rand@ generator - * should be more than adequate. + * should be coprime. It is safe to use the least significant + * %$\log \log n$% bits of each step in the sequence -- an adversary must + * factor the modulus before being able to work forwards or backwards. The + * output of the generator cannot be distinguished from a (uniform, + * independent) random sequence of bits using any polynomial-time test. This + * is by far the strongest pseudorandom number generator provided in + * Catacomb, and by far the slowest too. For normal use, the standard + * Catacomb @rand@ generator should be more than adequate. */ #ifndef CATACOMB_BBS_H @@ -69,6 +58,10 @@ # include "grand.h" #endif +#ifndef CATACOMB_KEY_H +# include "key.h" +#endif + #ifndef CATACOMB_MP_H # include "mp.h" #endif @@ -95,10 +88,34 @@ typedef struct bbs { /* --- Parameters --- */ -typedef struct bbs_param { +typedef struct bbs_pub { + mp *n; +} bbs_pub; + +typedef struct bbs_priv { mp *p, *q; /* Prime factors (3 mod 4) */ mp *n; /* Product @pq@ -- a Blum integer */ -} bbs_param; +} bbs_priv; + +/*----- Key fetching ------------------------------------------------------*/ + +extern const key_fetchdef bbs_pubfetch[]; +#define BBS_PUBFETCHSZ 3 + +extern const key_fetchdef bbs_privfetch[]; +#define BBS_PRIVFETCHSZ 7 + +/* --- @bbs_pubfree@, @bbs_privfree@ --- * + * + * Arguments: @bbs_pub *bp@, @bbs_priv *bp@ = pointer to key block + * + * Returns: --- + * + * Use: Frees a BBS key block. + */ + +extern void bbs_pubfree(bbs_pub */*bp*/); +extern void bbs_privfree(bbs_priv */*bp*/); /*----- The basic generator -----------------------------------------------*/ @@ -189,75 +206,66 @@ extern uint32 bbs_bits(bbs */*b*/, unsigned /*bits*/); * * If a generator is seeded, %$b$% bits are extracted, and then * @bbs_wrap@ is called, the generator will have been stepped - * %$\lceil b/k \rceil% times. + * %$\lceil b/k \rceil$% times. */ extern void bbs_wrap(bbs */*b*/); /*----- Large forwards and backwards jumps --------------------------------*/ -/* --- @bbs_ff@ --- * - * - * Arguments: @bbs *b@ = pointer to a BBS generator state - * @bbs_param *bp@ = pointer to BBS modulus factors - * @unsigned long n@ = number of steps to make - * - * Returns: --- - * - * Use: `Fast-forwards' a Blum-Blum-Shub generator by @n@ steps. - * Requires the factorization of the Blum modulus to do this - * efficiently. - */ - -extern void bbs_ff(bbs */*b*/, bbs_param */*bp*/, unsigned long /*n*/); - -/* --- @bbs_rew@ --- * +/* --- @bbs_{ff,rew}{,n}@ --- * * * Arguments: @bbs *b@ = pointer to a BBS generator state - * @bbs_param *bp@ = pointer to BBS modulus factors - * @unsigned long n@ = number of steps to make + * @const bbs_priv *bp@ = pointer to BBS modulus factors + * @mp *n@, @unsigned long n@ = number of steps to make * * Returns: --- * - * Use: `Rewinds' a Blum-Blum-Shub generator by @n@ steps. - * Requires the factorization of the Blum modulus to do this - * at all. + * Use: `Fast-forwards' or rewinds a Blum-Blum-Shub generator by @n@ + * steps. The @...n@ versions take an @unsigned long@ argument; + * the non-@...n@ versions a multiprecision integer. If @n@ is + * negative then the generator is stepped in the reverse + * direction. */ -extern void bbs_rew(bbs */*b*/, bbs_param */*bp*/, unsigned long /*n*/); +extern void bbs_ff(bbs */*b*/, const bbs_priv */*bp*/, mp */*n*/); +extern void bbs_ffn(bbs */*b*/, const bbs_priv */*bp*/, unsigned long /*n*/); +extern void bbs_rew(bbs */*b*/, const bbs_priv */*bp*/, mp */*n*/); +extern void bbs_rewn(bbs */*b*/, const bbs_priv */*bp*/, unsigned long /*n*/); /*----- Parameter generation ----------------------------------------------*/ /* --- @bbs_gen@ --- * * - * Arguments: @bbs_param *bp@ = pointer to parameter block - * @mp *p, *q@ = initial numbers to search from - * @size_t n@ = number of attempts to make + * Arguments: @bbs_priv *bp@ = pointer to parameter block + * @unsigned nbits@ = number of bits in the modulus + * @grand *r@ = pointer to random number source + * @unsigned n@ = number of attempts to make * @pgen_proc *event@ = event handler function * @void *ectx@ = argument for event handler * * Returns: If it worked OK, @PGEN_DONE@, otherwise @PGEN_ABORT@. * * Use: Finds two prime numbers %$p'$% and %$q'$% such that both are - * congruent to %$3 \bmod 4$%, and $(p - 1)/2$% and + * congruent to %$3 \bmod 4$%, and $(p - 1)/2$% and * %$(q - 1)/2$% have no common factors. The product %$n = pq$% * is eminently suitable for use as a modulus in a Blum-Blum- * Shub pseudorandom bit generator. */ -extern int bbs_gen(bbs_param */*bp*/, mp */*p*/, mp */*q*/, size_t /*n*/, - pgen_proc */*event*/, void */*ectx*/); +extern int bbs_gen(bbs_priv */*bp*/, unsigned /*nbits*/, grand */*r*/, + unsigned /*n*/, pgen_proc */*event*/, void */*ectx*/); /*----- Generic random number generator interface -------------------------*/ /* --- @bbs_rand@ --- * * - * Arguments: @mp *m@ = modulus + * Arguments: @mp *m@ = modulus * @mp *x@ = initial seed * - * Returns: Pointer to a generic generator. + * Returns: Pointer to a generic generator. * - * Use: Constructs a generic generator interface over a + * Use: Constructs a generic generator interface over a * Blum-Blum-Shub generator. */ @@ -266,7 +274,17 @@ extern grand *bbs_rand(mp */*m*/, mp */*x*/); /* --- Blum-Blum-Shub-specific misc op codes --- */ enum { - BBS_SET = GRAND_SPECIFIC /* @mp *x@ */ + BBS_SET = GRAND_SPECIFIC('B'), /* @mp *x@ */ + BBS_STEP, /* @void@ */ + BBS_STEPSZ, /* @void@ */ + BBS_BITS, /* @unsigned bits, uint32 *w@ */ + BBS_WRAP, /* @void@ */ + BBS_FF, /* @bbs_priv *p, mp *n@ */ + BBS_FFN, /* @bbs_priv *p, unsigned long n@ */ + BBS_REW, /* @bbs_priv *p, mp *n@ */ + BBS_REWN, /* @bbs_priv *p, unsigned long n@ */ + BBS_MOD, /* @mp **n@ */ + BBS_STATE /* @mp **x@ */ }; /*----- That's all, folks -------------------------------------------------*/