#include "mprand.h"
#include "fibrand.h"
#include "rsa.h"
+#include "mpint.h"
+#include "mptext.h"
#include "mpmont.h"
#include "mpbarrett.h"
#include "dh.h"
#include "x25519.h"
#include "x448.h"
#include "ed25519.h"
+#include "ed448.h"
#include "cc.h"
#include "gcipher.h"
unsigned n; /* Number of factors */
unsigned i; /* Number of intervals (or zero) */
double t; /* Time for each interval (secs) */
+ mp *e; /* Public exponent */
unsigned f; /* Flags */
#define OF_NOCHECK 1u /* Don't do group checking */
} opts;
ed25519_verify(c->K, c->m, sizeof(c->m), c->sig);
}
+/* --- Ed448 --- */
+
+typedef struct ed448_signctx {
+ octet k[ED448_KEYSZ];
+ octet K[ED448_PUBSZ];
+ octet m[64];
+} ed448_signctx;
+
+typedef struct ed448_vrfctx {
+ octet K[ED448_PUBSZ];
+ octet m[64];
+ octet sig[ED448_SIGSZ];
+} ed448_vrfctx;
+
+static void *ed448_signinit(opts *o)
+{
+ ed448_signctx *c = CREATE(ed448_signctx);
+
+ rand_get(RAND_GLOBAL, c->k, sizeof(c->k));
+ rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
+ ed448_pubkey(c->K, c->k, sizeof(c->k));
+ return (c);
+}
+
+static void ed448_signrun(void *cc)
+{
+ ed448_signctx *c = cc;
+ octet sig[ED448_SIGSZ];
+
+ ed448_sign(sig, c->k, sizeof(c->k), c->K, 0, 0, 0, c->m, sizeof(c->m));
+}
+
+static void *ed448_vrfinit(opts *o)
+{
+ octet k[ED448_KEYSZ];
+ ed448_vrfctx *c = CREATE(ed448_vrfctx);
+
+ rand_get(RAND_GLOBAL, k, sizeof(k));
+ rand_get(RAND_GLOBAL, c->m, sizeof(c->m));
+ ed448_pubkey(c->K, k, sizeof(k));
+ ed448_sign(c->sig, k, sizeof(k), c->K, 0, 0, 0, c->m, sizeof(c->m));
+ return (c);
+}
+
+static void ed448_vrfrun(void *cc)
+{
+ ed448_vrfctx *c = cc;
+ ed448_verify(c->K, 0, 0, 0, c->m, sizeof(c->m), c->sig);
+}
+
/* --- RSA --- */
typedef struct rsapriv_ctx {
rsapriv_ctx *c = CREATE(rsapriv_ctx);
if (!o->fbits) o->fbits = 1024;
- rsa_gen(&c->rp, o->fbits, &rand_global, 0, pgen_evspin, 0);
+ if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
+ rsa_gen_e(&c->rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
rsa_privcreate(&c->rpc, &c->rp, 0);
c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
return (c);
rsapriv_ctx *c = CREATE(rsapriv_ctx);
if (!o->fbits) o->fbits = 1024;
- rsa_gen(&c->rp, o->fbits, &rand_global, 0, pgen_evspin, 0);
+ if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
+ rsa_gen_e(&c->rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
rsa_privcreate(&c->rpc, &c->rp, fibrand_create(0));
c->m = mprand_range(MP_NEW, c->rp.n, &rand_global, 0);
return (c);
rsa_priv rp;
if (!o->fbits) o->fbits = 1024;
- rsa_gen(&rp, o->fbits, &rand_global, 0, pgen_evspin, 0);
+ if (!o->e) o->e = mp_fromulong(MP_NEW, 65537);
+ rsa_gen_e(&rp, o->fbits, o->e, &rand_global, 0, pgen_evspin, 0);
c->rp.n = MP_COPY(rp.n);
c->rp.e = MP_COPY(rp.e);
rsa_privfree(&rp);
{ "x448", x448_jobinit, x448_jobrun },
{ "ed25519-sign", ed25519_signinit, ed25519_signrun },
{ "ed25519-vrf", ed25519_vrfinit, ed25519_vrfrun },
+ { "ed448-sign", ed448_signinit, ed448_signrun },
+ { "ed448-vrf", ed448_vrfinit, ed448_vrfrun },
{ "ksched", ksched_init, ksched_run },
{ "enc", enc_init, enc_run },
{ "hash", hash_init, hash_run },
-q, --no-check Don't check field/group for validity.\n\
-B, --group-bits Group size for g-prime; key size for ksched;\n\
data size for enc and hash.\n\
--n, --factors=COUNT Number of factors for {exp,mul}-sim.\n\
+-n, --factors=COUNT Number of factors for {exp,mul}-sim;\n\
+ inner iterations for enc and hash.\n\
-i, --intervals=COUNT Number of intervals to run for. [0; forever]\n\
-t, --time=TIME Length of an interval in seconds. [1]\n\
");
return (u);
}
+static mp *mparg(const char *what, const char *p)
+{
+ char *q;
+ mp *x = mp_readstring(MP_NEW, p, &q, 0);
+ if (!x || *q) die(1, "bad %s `%s'", what, p);
+ return (x);
+}
+
static double farg(const char *what, const char *p)
{
char *q;
{ "group-bits", OPTF_ARGREQ, 0, 'B' },
{ "factors", OPTF_ARGREQ, 0, 'n' },
{ "intervals", OPTF_ARGREQ, 0, 'i' },
+ { "public-exponent", OPTF_ARGREQ, 0, 'e' },
{ "time", OPTF_ARGREQ, 0, 't' },
{ "no-check", 0, 0, 'q' },
{ 0, 0, 0, 0 }
};
- i = mdwopt(argc, argv, "hvulC:b:B:n:i:t:q", opts, 0, 0, 0);
+ i = mdwopt(argc, argv, "hvulC:b:B:n:i:e:t:q", opts, 0, 0, 0);
if (i < 0) break;
switch (i) {
case 'h': help(stdout); exit(0);
case 'b': o.fbits = uarg("field bits", optarg); break;
case 'B': o.gbits = uarg("subgroup bits", optarg); break;
case 'n': o.n = uarg("factor count", optarg); break;
+ case 'e':
+ mp_drop(o.e); o.e = mparg("public exponent", optarg);
+ if (MP_CMP(o.e, <, MP_THREE) || MP_EVENP(o.e))
+ die(1, "invalid public exponent");
+ break;
case 'i': o.i = uarg("interval count", optarg); break;
case 't': o.t = farg("interval length", optarg); break;
case 'q': o.f |= OF_NOCHECK; break;