Mercurial > dropbear

comparison libtommath/bn_mp_prime_random_ex.c @ 1437:871b18fd7065 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge from main (libtommath/libtomcrypt/curve25510-donna updates)
author Matt Johnston <matt@ucc.asn.au>
date Sat, 24 Jun 2017 22:51:45 +0800
parents 60fc6476e044
children 8bba51a55704
comparison
equal deleted inserted replaced
1432:41dca1e5ea34 1437:871b18fd7065
1 #include <tommath.h> 1 #include <tommath_private.h>
2 #ifdef BN_MP_PRIME_RANDOM_EX_C 2 #ifdef BN_MP_PRIME_RANDOM_EX_C
3 /* LibTomMath, multiple-precision integer library -- Tom St Denis 3 /* LibTomMath, multiple-precision integer library -- Tom St Denis
4 * 4 *
5 * LibTomMath is a library that provides multiple-precision 5 * LibTomMath is a library that provides multiple-precision
6 * integer arithmetic as well as number theoretic functionality. 6 * integer arithmetic as well as number theoretic functionality.
10 * additional optimizations in place. 10 * additional optimizations in place.
11 * 11 *
12 * The library is free for all purposes without any express 12 * The library is free for all purposes without any express
13 * guarantee it works. 13 * guarantee it works.
14 * 14 *
15 * Tom St Denis, [email protected], http://math.libtomcrypt.com 15 * Tom St Denis, [email protected], http://libtom.org
16 */ 16 */
17 17
18 /* makes a truly random prime of a given size (bits), 18 /* makes a truly random prime of a given size (bits),
19 * 19 *
20 * Flags are as follows: 20 * Flags are as follows:
21 * 21 *
22 * LTM_PRIME_BBS - make prime congruent to 3 mod 4 22 * LTM_PRIME_BBS - make prime congruent to 3 mod 4
23 * LTM_PRIME_SAFE - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS) 23 * LTM_PRIME_SAFE - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS)
24 * LTM_PRIME_2MSB_OFF - make the 2nd highest bit zero
25 * LTM_PRIME_2MSB_ON - make the 2nd highest bit one 24 * LTM_PRIME_2MSB_ON - make the 2nd highest bit one
26 * 25 *
27 * You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can 26 * You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can
28 * have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself 27 * have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself
29 * so it can be NULL 28 * so it can be NULL
35 { 34 {
36 unsigned char *tmp, maskAND, maskOR_msb, maskOR_lsb; 35 unsigned char *tmp, maskAND, maskOR_msb, maskOR_lsb;
37 int res, err, bsize, maskOR_msb_offset; 36 int res, err, bsize, maskOR_msb_offset;
38 37
39 /* sanity check the input */ 38 /* sanity check the input */
40 if (size <= 1 || t <= 0) { 39 if ((size <= 1) || (t <= 0)) {
41 return MP_VAL; 40 return MP_VAL;
42 } 41 }
43 42
44 /* LTM_PRIME_SAFE implies LTM_PRIME_BBS */ 43 /* LTM_PRIME_SAFE implies LTM_PRIME_BBS */
45 if (flags & LTM_PRIME_SAFE) { 44 if ((flags & LTM_PRIME_SAFE) != 0) {
46 flags |= LTM_PRIME_BBS; 45 flags |= LTM_PRIME_BBS;
47 } 46 }
48 47
49 /* calc the byte size */ 48 /* calc the byte size */
50 bsize = (size>>3) + ((size&7)?1:0); 49 bsize = (size>>3) + ((size&7)?1:0);
59 maskAND = ((size&7) == 0) ? 0xFF : (0xFF >> (8 - (size & 7))); 58 maskAND = ((size&7) == 0) ? 0xFF : (0xFF >> (8 - (size & 7)));
60 59
61 /* calc the maskOR_msb */ 60 /* calc the maskOR_msb */
62 maskOR_msb = 0; 61 maskOR_msb = 0;
63 maskOR_msb_offset = ((size & 7) == 1) ? 1 : 0; 62 maskOR_msb_offset = ((size & 7) == 1) ? 1 : 0;
64 if (flags & LTM_PRIME_2MSB_ON) { 63 if ((flags & LTM_PRIME_2MSB_ON) != 0) {
65 maskOR_msb |= 0x80 >> ((9 - size) & 7); 64 maskOR_msb |= 0x80 >> ((9 - size) & 7);
66 } 65 }
67 66
68 /* get the maskOR_lsb */ 67 /* get the maskOR_lsb */
69 maskOR_lsb = 1; 68 maskOR_lsb = 1;
70 if (flags & LTM_PRIME_BBS) { 69 if ((flags & LTM_PRIME_BBS) != 0) {
71 maskOR_lsb |= 3; 70 maskOR_lsb |= 3;
72 } 71 }
73 72
74 do { 73 do {
75 /* read the bytes */ 74 /* read the bytes */
93 if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { goto error; } 92 if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { goto error; }
94 if (res == MP_NO) { 93 if (res == MP_NO) {
95 continue; 94 continue;
96 } 95 }
97 96
98 if (flags & LTM_PRIME_SAFE) { 97 if ((flags & LTM_PRIME_SAFE) != 0) {
99 /* see if (a-1)/2 is prime */ 98 /* see if (a-1)/2 is prime */
100 if ((err = mp_sub_d(a, 1, a)) != MP_OKAY) { goto error; } 99 if ((err = mp_sub_d(a, 1, a)) != MP_OKAY) { goto error; }
101 if ((err = mp_div_2(a, a)) != MP_OKAY) { goto error; } 100 if ((err = mp_div_2(a, a)) != MP_OKAY) { goto error; }
102 101
103 /* is it prime? */ 102 /* is it prime? */
104 if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { goto error; } 103 if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { goto error; }
105 } 104 }
106 } while (res == MP_NO); 105 } while (res == MP_NO);
107 106
108 if (flags & LTM_PRIME_SAFE) { 107 if ((flags & LTM_PRIME_SAFE) != 0) {
109 /* restore a to the original value */ 108 /* restore a to the original value */
110 if ((err = mp_mul_2(a, a)) != MP_OKAY) { goto error; } 109 if ((err = mp_mul_2(a, a)) != MP_OKAY) { goto error; }
111 if ((err = mp_add_d(a, 1, a)) != MP_OKAY) { goto error; } 110 if ((err = mp_add_d(a, 1, a)) != MP_OKAY) { goto error; }
112 } 111 }
113 112
118 } 117 }
119 118
120 119
121 #endif 120 #endif
122 121
123 /* $Source: /cvs/libtom/libtommath/bn_mp_prime_random_ex.c,v $ */ 122 /* $Source$ */
124 /* $Revision: 1.4 $ */ 123 /* $Revision$ */
125 /* $Date: 2006/03/31 14:18:44 $ */ 124 /* $Date$ */