TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #230 from libtom/math/miller-rabin

Browse Source 
Fix number of Miller-Rabin rounds
This commit is contained in:
Steffen Jaeckel 2017-06-22 12:44:33 +02:00 committed by GitHub
commit 5e71ac27e2
6 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/headers/tomcrypt_math.h
View File

@ -24,6 +24,12 @@
typedef void rsa_key; typedef void rsa_key;
#endif #endif
#ifndef LTC_MILLER_RABIN_REPS
/* Number of rounds of the Miller-Rabin test
* "Reasonable values of reps are between 15 and 50." c.f. gmp doc of mpz_probab_prime_p() */
#define LTC_MILLER_RABIN_REPS 35
#endif
/** math descriptor */ /** math descriptor */
typedef struct { typedef struct {
/** Name of the math provider */ /** Name of the math provider */
@ -345,7 +351,7 @@ typedef struct {
/** Primality testing /** Primality testing
@param a The integer to test @param a The integer to test
@param b The number of tests that shall be executed @param b The number of Miller-Rabin tests that shall be executed
@param c The destination of the result (FP_YES if prime) @param c The destination of the result (FP_YES if prime)
@return CRYPT_OK on success @return CRYPT_OK on success
*/ */
@ -472,13 +478,13 @@ typedef struct {
int (*submod)(void *a, void *b, void *c, void *d); int (*submod)(void *a, void *b, void *c, void *d);
/* ---- misc stuff ---- */ /* ---- misc stuff ---- */
/** Make a pseudo-random mpi /** Make a pseudo-random mpi
@param a The mpi to make random @param a The mpi to make random
@param size The desired length @param size The desired length
@return CRYPT_OK on success @return CRYPT_OK on success
*/ */
int (*rand)(void *a, int size); int (*rand)(void *a, int size);
} ltc_math_descriptor; } ltc_math_descriptor;
extern ltc_math_descriptor ltc_mp; extern ltc_math_descriptor ltc_mp;

2
src/math/gmp_desc.c
View File

@ -446,7 +446,7 @@ static int isprime(void *a, int b, int *c)
LTC_ARGCHK(a != NULL); LTC_ARGCHK(a != NULL);
LTC_ARGCHK(c != NULL); LTC_ARGCHK(c != NULL);
if (b == 0) { if (b == 0) {
b = 8; b = LTC_MILLER_RABIN_REPS;
} /* if */ } /* if */
*c = mpz_probab_prime_p(a, b) > 0 ? LTC_MP_YES : LTC_MP_NO; *c = mpz_probab_prime_p(a, b) > 0 ? LTC_MP_YES : LTC_MP_NO;
return CRYPT_OK; return CRYPT_OK;

2
src/math/ltm_desc.c
View File

@ -404,7 +404,7 @@ static int isprime(void *a, int b, int *c)
LTC_ARGCHK(a != NULL); LTC_ARGCHK(a != NULL);
LTC_ARGCHK(c != NULL); LTC_ARGCHK(c != NULL);
if (b == 0) { if (b == 0) {
b = 8; b = LTC_MILLER_RABIN_REPS;
} /* if */ } /* if */
err = mpi_to_ltc_error(mp_prime_is_prime(a, b, c)); err = mpi_to_ltc_error(mp_prime_is_prime(a, b, c));
*c = (*c == MP_YES) ? LTC_MP_YES : LTC_MP_NO; *c = (*c == MP_YES) ? LTC_MP_YES : LTC_MP_NO;

2
src/math/rand_prime.c
View File

@ -66,7 +66,7 @@ int rand_prime(void *N, long len, prng_state *prng, int wprng)
} }
/* test */ /* test */
if ((err = mp_prime_is_prime(N, 8, &res)) != CRYPT_OK) { if ((err = mp_prime_is_prime(N, LTC_MILLER_RABIN_REPS, &res)) != CRYPT_OK) {
XFREE(buf); XFREE(buf);
return err; return err;
} }

6
src/math/tfm_desc.c
View File

@ -415,8 +415,10 @@ static int isprime(void *a, int b, int *c)
{ {
LTC_ARGCHK(a != NULL); LTC_ARGCHK(a != NULL);
LTC_ARGCHK(c != NULL); LTC_ARGCHK(c != NULL);
(void)b; if (b == 0) {
*c = (fp_isprime(a) == FP_YES) ? LTC_MP_YES : LTC_MP_NO; b = LTC_MILLER_RABIN_REPS;
} /* if */
*c = (fp_isprime_ex(a, b) == FP_YES) ? LTC_MP_YES : LTC_MP_NO;
return CRYPT_OK; return CRYPT_OK;
} }

16
src/pk/dsa/dsa_make_key.c
View File

@ -75,11 +75,23 @@ static int dsa_make_params(prng_state *prng, int wprng, int group_size, int modu
L = modulus_size * 8; L = modulus_size * 8;
N = group_size * 8; N = group_size * 8;
/* XXX-TODO no Lucas test */
#ifdef LTC_MPI_HAS_LUCAS_TEST
/* M-R tests (when followed by one Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */ /* M-R tests (when followed by one Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */
mr_tests_p = (L <= 2048) ? 3 : 2; mr_tests_p = (L <= 2048) ? 3 : 2;
if (N <= 160) { mr_tests_q = 19; } if (N <= 160) { mr_tests_q = 19; }
else if (N <= 224) { mr_tests_q = 24; } else if (N <= 224) { mr_tests_q = 24; }
else { mr_tests_q = 27; } else { mr_tests_q = 27; }
#else
/* M-R tests (without Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */
if (L <= 1024) { mr_tests_p = 40; }
else if (L <= 2048) { mr_tests_p = 56; }
else { mr_tests_p = 64; }
if (N <= 160) { mr_tests_q = 40; }
else if (N <= 224) { mr_tests_q = 56; }
else { mr_tests_q = 64; }
#endif
if (N <= 256) { if (N <= 256) {
hash = register_hash(&sha256_desc); hash = register_hash(&sha256_desc);
@ -122,7 +134,7 @@ static int dsa_make_params(prng_state *prng, int wprng, int group_size, int modu
if ((err = mp_mod(U, t2N1, U)) != CRYPT_OK) { goto cleanup; } if ((err = mp_mod(U, t2N1, U)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_add(t2N1, U, q)) != CRYPT_OK) { goto cleanup; } if ((err = mp_add(t2N1, U, q)) != CRYPT_OK) { goto cleanup; }
if (!mp_isodd(q)) mp_add_d(q, 1, q); if (!mp_isodd(q)) mp_add_d(q, 1, q);
if ((err = mp_prime_is_prime(q, mr_tests_q, &res)) != CRYPT_OK) { goto cleanup; } /* XXX-TODO rounds are ignored; no Lucas test */ if ((err = mp_prime_is_prime(q, mr_tests_q, &res)) != CRYPT_OK) { goto cleanup; }
if (res == LTC_MP_YES) found_q = 1; if (res == LTC_MP_YES) found_q = 1;
} }
@ -149,7 +161,7 @@ static int dsa_make_params(prng_state *prng, int wprng, int group_size, int modu
if ((err = mp_sub(X, p, p)) != CRYPT_OK) { goto cleanup; } if ((err = mp_sub(X, p, p)) != CRYPT_OK) { goto cleanup; }
if (mp_cmp(p, t2L1) != LTC_MP_LT) { if (mp_cmp(p, t2L1) != LTC_MP_LT) {
/* p >= 2^(L-1) */ /* p >= 2^(L-1) */
if ((err = mp_prime_is_prime(p, mr_tests_p, &res)) != CRYPT_OK) { goto cleanup; } /* XXX-TODO rounds are ignored; no Lucas test */ if ((err = mp_prime_is_prime(p, mr_tests_p, &res)) != CRYPT_OK) { goto cleanup; }
if (res == LTC_MP_YES) { if (res == LTC_MP_YES) {
found_p = 1; found_p = 1;
} }