diff options
Diffstat (limited to 'moduli.c')
| -rw-r--r-- | moduli.c | 86 |
1 files changed, 57 insertions, 29 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */ | 1 | /* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> | 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> |
| 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> | 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> |
| @@ -38,7 +38,6 @@ | |||
| 38 | */ | 38 | */ |
| 39 | 39 | ||
| 40 | #include "includes.h" | 40 | #include "includes.h" |
| 41 | #include "moduli.h" | ||
| 42 | #include "xmalloc.h" | 41 | #include "xmalloc.h" |
| 43 | #include "log.h" | 42 | #include "log.h" |
| 44 | 43 | ||
| @@ -49,55 +48,68 @@ | |||
| 49 | */ | 48 | */ |
| 50 | 49 | ||
| 51 | /* need line long enough for largest moduli plus headers */ | 50 | /* need line long enough for largest moduli plus headers */ |
| 52 | #define QLINESIZE (100+8192) | 51 | #define QLINESIZE (100+8192) |
| 53 | 52 | ||
| 54 | /* Type: decimal. | 53 | /* Type: decimal. |
| 55 | * Specifies the internal structure of the prime modulus. | 54 | * Specifies the internal structure of the prime modulus. |
| 56 | */ | 55 | */ |
| 57 | #define QTYPE_UNKNOWN (0) | 56 | #define QTYPE_UNKNOWN (0) |
| 58 | #define QTYPE_UNSTRUCTURED (1) | 57 | #define QTYPE_UNSTRUCTURED (1) |
| 59 | #define QTYPE_SAFE (2) | 58 | #define QTYPE_SAFE (2) |
| 60 | #define QTYPE_SCHNOOR (3) | 59 | #define QTYPE_SCHNOOR (3) |
| 61 | #define QTYPE_SOPHIE_GERMAINE (4) | 60 | #define QTYPE_SOPHIE_GERMAIN (4) |
| 62 | #define QTYPE_STRONG (5) | 61 | #define QTYPE_STRONG (5) |
| 63 | 62 | ||
| 64 | /* Tests: decimal (bit field). | 63 | /* Tests: decimal (bit field). |
| 65 | * Specifies the methods used in checking for primality. | 64 | * Specifies the methods used in checking for primality. |
| 66 | * Usually, more than one test is used. | 65 | * Usually, more than one test is used. |
| 67 | */ | 66 | */ |
| 68 | #define QTEST_UNTESTED (0x00) | 67 | #define QTEST_UNTESTED (0x00) |
| 69 | #define QTEST_COMPOSITE (0x01) | 68 | #define QTEST_COMPOSITE (0x01) |
| 70 | #define QTEST_SIEVE (0x02) | 69 | #define QTEST_SIEVE (0x02) |
| 71 | #define QTEST_MILLER_RABIN (0x04) | 70 | #define QTEST_MILLER_RABIN (0x04) |
| 72 | #define QTEST_JACOBI (0x08) | 71 | #define QTEST_JACOBI (0x08) |
| 73 | #define QTEST_ELLIPTIC (0x10) | 72 | #define QTEST_ELLIPTIC (0x10) |
| 74 | 73 | ||
| 75 | /* | 74 | /* |
| 76 | * Size: decimal. | 75 | * Size: decimal. |
| 77 | * Specifies the number of the most significant bit (0 to M). | 76 | * Specifies the number of the most significant bit (0 to M). |
| 78 | * WARNING: internally, usually 1 to N. | 77 | * WARNING: internally, usually 1 to N. |
| 79 | */ | 78 | */ |
| 80 | #define QSIZE_MINIMUM (511) | 79 | #define QSIZE_MINIMUM (511) |
| 81 | 80 | ||
| 82 | /* | 81 | /* |
| 83 | * Prime sieving defines | 82 | * Prime sieving defines |
| 84 | */ | 83 | */ |
| 85 | 84 | ||
| 86 | /* Constant: assuming 8 bit bytes and 32 bit words */ | 85 | /* Constant: assuming 8 bit bytes and 32 bit words */ |
| 87 | #define SHIFT_BIT (3) | 86 | #define SHIFT_BIT (3) |
| 88 | #define SHIFT_BYTE (2) | 87 | #define SHIFT_BYTE (2) |
| 89 | #define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) | 88 | #define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE) |
| 90 | #define SHIFT_MEGABYTE (20) | 89 | #define SHIFT_MEGABYTE (20) |
| 91 | #define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) | 90 | #define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE) |
| 91 | |||
| 92 | /* | ||
| 93 | * Using virtual memory can cause thrashing. This should be the largest | ||
| 94 | * number that is supported without a large amount of disk activity -- | ||
| 95 | * that would increase the run time from hours to days or weeks! | ||
| 96 | */ | ||
| 97 | #define LARGE_MINIMUM (8UL) /* megabytes */ | ||
| 98 | |||
| 99 | /* | ||
| 100 | * Do not increase this number beyond the unsigned integer bit size. | ||
| 101 | * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits). | ||
| 102 | */ | ||
| 103 | #define LARGE_MAXIMUM (127UL) /* megabytes */ | ||
| 92 | 104 | ||
| 93 | /* | 105 | /* |
| 94 | * Constant: when used with 32-bit integers, the largest sieve prime | 106 | * Constant: when used with 32-bit integers, the largest sieve prime |
| 95 | * has to be less than 2**32. | 107 | * has to be less than 2**32. |
| 96 | */ | 108 | */ |
| 97 | #define SMALL_MAXIMUM (0xffffffffUL) | 109 | #define SMALL_MAXIMUM (0xffffffffUL) |
| 98 | 110 | ||
| 99 | /* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */ | 111 | /* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */ |
| 100 | #define TINY_NUMBER (1UL<<16) | 112 | #define TINY_NUMBER (1UL<<16) |
| 101 | 113 | ||
| 102 | /* Ensure enough bit space for testing 2*q. */ | 114 | /* Ensure enough bit space for testing 2*q. */ |
| 103 | #define TEST_MAXIMUM (1UL<<16) | 115 | #define TEST_MAXIMUM (1UL<<16) |
| @@ -114,6 +126,9 @@ | |||
| 114 | * Prime testing defines | 126 | * Prime testing defines |
| 115 | */ | 127 | */ |
| 116 | 128 | ||
| 129 | /* Minimum number of primality tests to perform */ | ||
| 130 | #define TRIAL_MINIMUM (4) | ||
| 131 | |||
| 117 | /* | 132 | /* |
| 118 | * Sieving data (XXX - move to struct) | 133 | * Sieving data (XXX - move to struct) |
| 119 | */ | 134 | */ |
| @@ -129,6 +144,8 @@ static u_int32_t *LargeSieve, largewords, largetries, largenumbers; | |||
| 129 | static u_int32_t largebits, largememory; /* megabytes */ | 144 | static u_int32_t largebits, largememory; /* megabytes */ |
| 130 | static BIGNUM *largebase; | 145 | static BIGNUM *largebase; |
| 131 | 146 | ||
| 147 | int gen_candidates(FILE *, int, int, BIGNUM *); | ||
| 148 | int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); | ||
| 132 | 149 | ||
| 133 | /* | 150 | /* |
| 134 | * print moduli out in consistent form, | 151 | * print moduli out in consistent form, |
| @@ -219,7 +236,7 @@ sieve_large(u_int32_t s) | |||
| 219 | } | 236 | } |
| 220 | 237 | ||
| 221 | /* | 238 | /* |
| 222 | * list candidates for Sophie-Germaine primes (where q = (p-1)/2) | 239 | * list candidates for Sophie-Germain primes (where q = (p-1)/2) |
| 223 | * to standard output. | 240 | * to standard output. |
| 224 | * The list is checked against small known primes (less than 2**30). | 241 | * The list is checked against small known primes (less than 2**30). |
| 225 | */ | 242 | */ |
| @@ -235,6 +252,13 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) | |||
| 235 | 252 | ||
| 236 | largememory = memory; | 253 | largememory = memory; |
| 237 | 254 | ||
| 255 | if (memory != 0 && | ||
| 256 | (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { | ||
| 257 | error("Invalid memory amount (min %ld, max %ld)", | ||
| 258 | LARGE_MINIMUM, LARGE_MAXIMUM); | ||
| 259 | return (-1); | ||
| 260 | } | ||
| 261 | |||
| 238 | /* | 262 | /* |
| 239 | * Set power to the length in bits of the prime to be generated. | 263 | * Set power to the length in bits of the prime to be generated. |
| 240 | * This is changed to 1 less than the desired safe prime moduli p. | 264 | * This is changed to 1 less than the desired safe prime moduli p. |
| @@ -403,7 +427,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) | |||
| 403 | debug2("test q = largebase+%u", 2 * j); | 427 | debug2("test q = largebase+%u", 2 * j); |
| 404 | BN_set_word(q, 2 * j); | 428 | BN_set_word(q, 2 * j); |
| 405 | BN_add(q, q, largebase); | 429 | BN_add(q, q, largebase); |
| 406 | if (qfileout(out, QTYPE_SOPHIE_GERMAINE, QTEST_SIEVE, | 430 | if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, |
| 407 | largetries, (power - 1) /* MSB */, (0), q) == -1) { | 431 | largetries, (power - 1) /* MSB */, (0), q) == -1) { |
| 408 | ret = -1; | 432 | ret = -1; |
| 409 | break; | 433 | break; |
| @@ -430,8 +454,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) | |||
| 430 | * The result is a list of so-call "safe" primes | 454 | * The result is a list of so-call "safe" primes |
| 431 | */ | 455 | */ |
| 432 | int | 456 | int |
| 433 | prime_test(FILE *in, FILE *out, u_int32_t trials, | 457 | prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) |
| 434 | u_int32_t generator_wanted) | ||
| 435 | { | 458 | { |
| 436 | BIGNUM *q, *p, *a; | 459 | BIGNUM *q, *p, *a; |
| 437 | BN_CTX *ctx; | 460 | BN_CTX *ctx; |
| @@ -441,6 +464,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, | |||
| 441 | time_t time_start, time_stop; | 464 | time_t time_start, time_stop; |
| 442 | int res; | 465 | int res; |
| 443 | 466 | ||
| 467 | if (trials < TRIAL_MINIMUM) { | ||
| 468 | error("Minimum primality trials is %d", TRIAL_MINIMUM); | ||
| 469 | return (-1); | ||
| 470 | } | ||
| 471 | |||
| 444 | time(&time_start); | 472 | time(&time_start); |
| 445 | 473 | ||
| 446 | p = BN_new(); | 474 | p = BN_new(); |
| @@ -490,8 +518,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, | |||
| 490 | 518 | ||
| 491 | /* modulus (hex) */ | 519 | /* modulus (hex) */ |
| 492 | switch (in_type) { | 520 | switch (in_type) { |
| 493 | case QTYPE_SOPHIE_GERMAINE: | 521 | case QTYPE_SOPHIE_GERMAIN: |
| 494 | debug2("%10u: (%u) Sophie-Germaine", count_in, in_type); | 522 | debug2("%10u: (%u) Sophie-Germain", count_in, in_type); |
| 495 | a = q; | 523 | a = q; |
| 496 | BN_hex2bn(&a, cp); | 524 | BN_hex2bn(&a, cp); |
| 497 | /* p = 2*q + 1 */ | 525 | /* p = 2*q + 1 */ |