X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/b04a7659918367dcc8570e1c7b4246a97e88288d..ea932d59b3071ce00f9e510aad014ad64a3dc48c:/bbs-gen.c diff --git a/bbs-gen.c b/bbs-gen.c index 8780274..c668b21 100644 --- a/bbs-gen.c +++ b/bbs-gen.c @@ -1,13 +1,13 @@ /* -*-c-*- * - * $Id: bbs-gen.c,v 1.2 1999/12/22 15:52:28 mdw Exp $ + * $Id: bbs-gen.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Generate Blum integers * * (c) 1999 Straylight/Edgeware */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of Catacomb. * @@ -15,29 +15,18 @@ * it under the terms of the GNU Library General Public License as * published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. - * + * * Catacomb is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Library General Public License for more details. - * + * * You should have received a copy of the GNU Library General Public * License along with Catacomb; if not, write to the Free * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: bbs-gen.c,v $ - * Revision 1.2 1999/12/22 15:52:28 mdw - * Reworking for new prime-search system. - * - * Revision 1.1 1999/12/10 23:14:59 mdw - * Blum-Blum-Shub generator, and Blum-Goldwasser encryption. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -48,108 +37,89 @@ #include "mp.h" #include "mprand.h" #include "pgen.h" - -/*----- Data structures ---------------------------------------------------*/ - -typedef struct gcdctx { - mp *q; - mp *r; - pfilt p; -} gcdctx; - -/*----- Custom stepper ----------------------------------------------------*/ - -static int gcdstep(int rq, pgen_event *ev, void *p) -{ - gcdctx *g = p; - int rc = PGEN_ABORT; - mp *z = MP_NEW; - - switch (rq) { - case PGEN_BEGIN: { - mp *p = ev->m = mp_split(ev->m); - p->v[0] |= 3; - g->q = mp_lsr(MP_NEW, p, 1); - rc = pfilt_create(&g->p, p); - } break; - case PGEN_TRY: - g->q = mp_add(g->q, g->q, MP_FOUR); - rc = pfilt_step(&g->p, 4); - break; - case PGEN_DONE: - pfilt_destroy(&g->p); - mp_drop(g->q); - return (PGEN_DONE); - } - for (;;) { - if (rc != PGEN_FAIL) { - mp_gcd(&z, 0, 0, g->r, g->q); - if (MP_CMP(z, !=, MP_ONE)) - rc = PGEN_FAIL; - } - if (rc != PGEN_FAIL) - break; - g->q = mp_add(g->q, g->q, MP_FOUR); - rc = pfilt_step(&g->p, 4); - } - - mp_drop(z); - mp_drop(ev->m); - ev->m = MP_COPY(g->p.m); - return (rc); -} +#include "strongprime.h" /*----- Main code ---------------------------------------------------------*/ /* --- @bbs_gen@ --- * * - * Arguments: @bbs_param *bp@ = pointer to parameter block - * @mp *p, *q@ = initial numbers to search from - * @size_t n@ = number of attempts to make + * Arguments: @bbs_priv *bp@ = pointer to parameter block + * @unsigned nbits@ = number of bits in the modulus + * @grand *r@ = pointer to random number source + * @unsigned n@ = number of attempts to make * @pgen_proc *event@ = event handler function * @void *ectx@ = argument for event handler * * Returns: If it worked OK, @PGEN_DONE@, otherwise @PGEN_ABORT@. * * Use: Finds two prime numbers %$p'$% and %$q'$% such that both are - * congruent to %$3 \bmod 4$%, and $(p - 1)/2$% and + * congruent to %$3 \bmod 4$%, and $(p - 1)/2$% and * %$(q - 1)/2$% have no common factors. The product %$n = pq$% * is eminently suitable for use as a modulus in a Blum-Blum- * Shub pseudorandom bit generator. */ -int bbs_gen(bbs_param *bp, mp *p, mp *q, size_t n, +int bbs_gen(bbs_priv *bp, unsigned nbits, grand *r, unsigned n, pgen_proc *event, void *ectx) { - rabin r; - pgen_safestepctx c; - gcdctx g; + rabin rb; + pfilt jp; + pgen_jumpctx j; + pgen_gcdstepctx g; + unsigned nb = nbits/2; + mp *x = MP_NEW; /* --- Generate @p@ --- */ - if ((bp->p = pgen("p", MP_NEW, p, event, ectx, n, pgen_safestep, &c, - rabin_iters(mp_bits(p)), pgen_test, &r)) == 0) - goto fail_p; +again: + if ((x = strongprime_setup("p", x, &jp, nb, r, n, event, ectx)) == 0) + goto fail_x; + j.j = &jp; + bp->p = pgen("p", MP_NEW, x, event, ectx, n, pgen_jump, &j, + rabin_iters(nb), pgen_test, &rb); + pfilt_destroy(&jp); + if (!bp->p) { + if (n) + goto fail_p; + goto again; + } /* --- Generate @q@ --- */ - g.r = mp_lsr(MP_NEW, bp->p, 1); - if ((bp->q = pgen("q", MP_NEW, q, event, ectx, n, gcdstep, &g, - rabin_iters(mp_bits(q)), pgen_test, &r)) == 0) + nb = nbits - nb; + if ((x = strongprime_setup("q", x, &g.jp, nb, r, n, event, ectx)) == 0) goto fail_q; + if ((x->v[0] & 3) != 3) + x = mp_add(x, x, g.jp.m); + pfilt_muladd(&g.jp, &g.jp, 2, 0); + g.r = mp_lsr(MP_NEW, bp->p, 1); + g.g = MP_NEW; + g.max = MP_ONE; + bp->q = pgen("q", MP_NEW, x, event, ectx, n, pgen_gcdstep, &g, + rabin_iters(nb), pgen_test, &rb); + pfilt_destroy(&g.jp); + mp_drop(g.r); + mp_drop(g.g); + if (!bp->q) { + if (n) + goto fail_q; + mp_drop(bp->p); + goto again; + } /* --- Compute @n@ --- */ bp->n = mp_mul(MP_NEW, bp->p, bp->q); - mp_drop(g.r); + mp_drop(x); return (PGEN_DONE); /* --- Tidy up if things went wrong --- */ fail_q: - mp_drop(g.r); mp_drop(bp->p); fail_p: + mp_drop(x); +fail_x: return (PGEN_ABORT); }