~mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
prime generation: Deploy the new Baillie--PSW testers.
[catacomb]
/
pub
/
dh-kcdsa.c
diff --git
a/pub/dh-kcdsa.c
b/pub/dh-kcdsa.c
index
5feda92
..
d156740
100644
(file)
--- a/
pub/dh-kcdsa.c
+++ b/
pub/dh-kcdsa.c
@@
-63,35
+63,44
@@
int dh_kcdsagen(dh_param *dp, unsigned ql, unsigned pl,
pgen_simulprime sp[2];
pgen_simulctx ss;
prim_ctx pc;
pgen_simulprime sp[2];
pgen_simulctx ss;
prim_ctx pc;
- rabin rb;
int rc = PGEN_ABORT;
int i;
int rc = PGEN_ABORT;
int i;
- mp *x;
+ mp *x
= MP_NEW, *t = MP_NEW
;
- /* --- First trick: find %$
q
$% --- */
+ /* --- First trick: find %$
v
$% --- */
+retry:
pf.step = 2;
pf.step = 2;
- x = mprand(
MP_NEW, pl - ql
, r, 1);
+ x = mprand(
x, pl - ql - 1
, r, 1);
x = pgen("v", x, x, ev, ec,
steps, pgen_filter, &pf,
x = pgen("v", x, x, ev, ec,
steps, pgen_filter, &pf,
-
rabin_iters(pl - ql), pgen_test, &rb
);
+
PGEN_BAILLIEPSWNTESTS, pgen_bailliepswtest, 0
);
if (!x)
goto fail_0;
if (!x)
goto fail_0;
- /* --- Second trick: find %$p$% and %$
v
$% --- */
+ /* --- Second trick: find %$p$% and %$
q
$% --- */
x = mp_lsl(x, x, 1);
sp[0].add = MP_ZERO; sp[0].mul = MP_ONE; sp[0].f = 0;
x = mp_lsl(x, x, 1);
sp[0].add = MP_ZERO; sp[0].mul = MP_ONE; sp[0].f = 0;
- sp[1].add = MP_ONE; sp[1].mul = x; sp[1].f = PGENF_KEEP;
+ sp[1].add = MP_ONE; sp[1].mul = x; sp[1].f = PGENF_KEEP;
x = MP_NEW;
ss.step = MP_TWO; ss.v = sp; ss.n = N(sp);
ss.step = MP_TWO; ss.v = sp; ss.n = N(sp);
- x = mprand(MP_NEW, ql, r, 1);
+ do {
+ x = mprand(x, ql, r, 1);
+ t = mp_mul(t, x, sp[1].mul);
+ } while (mp_bits(t) != pl);
dp->q = pgen("p", MP_NEW, x, ev, ec,
steps, pgen_simulstep, &ss,
dp->q = pgen("p", MP_NEW, x, ev, ec,
steps, pgen_simulstep, &ss,
-
rabin_iters(ql), pgen_simul
test, &ss);
+
PGEN_BAILLIEPSWNTESTS, pgen_simulbailliepsw
test, &ss);
mp_drop(sp[1].mul);
mp_drop(sp[1].mul);
+ dp->p = sp[1].u.x;
if (!dp->q)
goto fail_1;
if (!dp->q)
goto fail_1;
- dp->p = sp[1].u.x;
+ if (mp_bits(dp->q) != ql || mp_bits(dp->p) != pl) {
+ if (steps) goto fail_1;
+ MP_DROP(dp->p);
+ MP_DROP(dp->q);
+ goto retry;
+ }
/* --- Third trick: find a generator --- */
/* --- Third trick: find a generator --- */
@@
-104,19
+113,20
@@
int dh_kcdsagen(dh_param *dp, unsigned ql, unsigned pl,
0, prim_step, &i, 1, prim_test, &pc);
mpmont_destroy(&pc.mm);
if (!dp->g)
0, prim_step, &i, 1, prim_test, &pc);
mpmont_destroy(&pc.mm);
if (!dp->g)
- goto fail_
2
;
+ goto fail_
1
;
rc = PGEN_DONE;
goto done;
/* --- Tidying up and going home --- */
rc = PGEN_DONE;
goto done;
/* --- Tidying up and going home --- */
-fail_2:
- mp_drop(dp->p);
fail_1:
fail_1:
+ mp_drop(dp->p);
+ mp_drop(dp->q);
fail_0:
done:
mp_drop(x);
fail_0:
done:
mp_drop(x);
+ mp_drop(t);
return (rc);
}
return (rc);
}