Home Explore Help
Register Sign In
oberon
/
A2OS
mirror of https://github.com/yarrom/A2OS.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: f01700429f
Branches Tags
A2OS
/
source
/
CryptoPrimes.Mod

CryptoPrimes.Mod 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225 
  1. MODULE CryptoPrimes;
    2. 

  2. 

  3. (*	2002.9.11	g.f.	based on 'bn_prime.c'
    4. 

  4. 

  5. 		Copyright of the original:    <-- middle click here
    6. 

  6. *)
    7. 

  7. 

  8. IMPORT B := CryptoBigNumbers, Out := KernelLog;
    9. 

  9. 

  10. CONST
    11. 

  11. 	N = 2048;
    12. 

  12. 

  13. TYPE
    14. 

  14. 	BigNumber = B.BigNumber;
    15. 

  15. 

  16. VAR
    17. 

  17. 	one: BigNumber;
    18. 

  18. 	primes: ARRAY N OF LONGINT;
    19. 

  19. 

  20. 

  21. 	PROCEDURE NewPrime*( bits: INTEGER;  safe: BOOLEAN ): BigNumber;
    22. 

  22. 	VAR checks, i: INTEGER;  t, p: BigNumber;
    23. 

  23. 	BEGIN
    24. 

  24. 		checks := Checks( bits ); i := 1;
    25. 

  25. 		LOOP
    26. 

  26. 			p := ProbablePrime( bits );
    27. 

  27. 			Out.Char( '.' );
    28. 

  28. 			IF IsPrime( p, checks, FALSE ) THEN
    29. 

  29. 				Out.Char( 'P' );
    30. 

  30. 				IF ~safe THEN  Out.Ln;  RETURN p
    31. 

  31. 				ELSE
    32. 

  32. 					Out.Int( i, 0 );  INC( i );
    33. 

  33. 					(* for "safe prime" generation, check that (p-1)/2 is prime. *)
    34. 

  34. 					B.Copy( p, t );  t.Shift( -1 );
    35. 

  35. 					IF IsPrime( t, checks, FALSE ) THEN
    36. 

  36. 						Out.String( " (safe prime)" ); Out.Ln;
    37. 

  37. 						RETURN p
    38. 

  38. 					END;
    39. 

  39. 					Out.String( " (not safe)" ); Out.Ln;
    40. 

  40. 				END
    41. 

  41. 			END;
    42. 

  42. 		END
    43. 

  43. 	END NewPrime;
    44. 

  44. 

  45. 	PROCEDURE NewDHPrime*( bits: INTEGER;  safe: BOOLEAN;  add, rem: BigNumber ): BigNumber;
    46. 

  46. 	VAR checks: INTEGER;  t, p: BigNumber;
    47. 

  47. 	BEGIN
    48. 

  48. 		checks := Checks( bits );
    49. 

  49. 		LOOP
    50. 

  50. 			IF safe THEN  p := ProbableDHPrimeSafe( bits, add, rem )
    51. 

  51. 			ELSE p := ProbableDHPrime( bits, add, rem )
    52. 

  52. 			END;
    53. 

  53. 			IF IsPrime( p, checks, FALSE ) THEN
    54. 

  54. 				IF ~safe THEN  RETURN p
    55. 

  55. 				ELSE  (* for "safe prime" generation, check that (p-1)/2 is prime. *)
    56. 

  56. 					B.Copy( p, t );  t.Shift( -1 );
    57. 

  57. 					IF IsPrime( t, checks, FALSE ) THEN  RETURN p  END
    58. 

  58. 				END
    59. 

  59. 			END
    60. 

  60. 		END
    61. 

  61. 	END NewDHPrime;
    62. 

  62. 

  63. 	PROCEDURE Checks( b: LONGINT ): INTEGER;
    64. 

  64. 	(* number of Miller-Rabin iterations for an error rate  of less than 2^-80
    65. 

  65. 		for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
    66. 

  66. 		of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]
    67. 

  67. 	*)
    68. 

  68. 	VAR t: INTEGER;
    69. 

  69. 	BEGIN
    70. 

  70. 		ASSERT( b >= 100 );
    71. 

  71. 		IF b >= 1300 THEN t := 2
    72. 

  72. 		ELSIF b >= 850 THEN t := 3
    73. 

  73. 		ELSIF b >= 650 THEN t := 4
    74. 

  74. 		ELSIF b >= 550 THEN t := 5
    75. 

  75. 		ELSIF b >= 450 THEN t := 6
    76. 

  76. 		ELSIF b >= 400 THEN t := 7
    77. 

  77. 		ELSIF b >= 350 THEN t := 8
    78. 

  78. 		ELSIF b >= 300 THEN t := 9
    79. 

  79. 		ELSIF b >= 250 THEN t := 12
    80. 

  80. 		ELSIF b >= 200 THEN t := 15
    81. 

  81. 		ELSIF b >= 150 THEN t := 18
    82. 

  82. 		ELSE  t := 27
    83. 

  83. 		END;
    84. 

  84. 		RETURN t
    85. 

  85. 	END Checks;
    86. 

  86. 

  87. 

  88. 

  89. 	PROCEDURE ProbablePrime( bits: INTEGER ): BigNumber;
    90. 

  90. 	VAR t: BigNumber;  delta, i: LONGINT; p: BigNumber;
    91. 

  91. 		mods: ARRAY N OF LONGINT;
    92. 

  92. 	BEGIN
    93. 

  93. 		LOOP
    94. 

  94. 			p := B.NewRand( bits, 1, 1 );
    95. 

  95. 			FOR i := 0 TO N - 1 DO  mods[i] := B.ModWord( p, primes[i] )  END;
    96. 

  96. 			(* check that p is not a prime and also that gcd( p-1, primes) = 1 (except for 2) *)
    97. 

  97. 			i := 0;  delta := 0;
    98. 

  98. 			LOOP
    99. 

  99. 				INC( i );
    100. 

  100. 				IF i >= N THEN
    101. 

  101. 					B.AssignInt( t, delta );  p := B.Add( p, t );
    102. 

  102. 					RETURN p
    103. 

  103. 				END;
    104. 

  104. 				IF (mods[i] + delta) MOD primes[i] <= 1 THEN
    105. 

  105. 					INC( delta, 2 );  i := 0;
    106. 

  106. 					IF delta < 0 THEN  (* overfow! try new random *)  EXIT  END;
    107. 

  107. 				END;
    108. 

  108. 			END
    109. 

  109. 		END
    110. 

  110. 	END ProbablePrime;
    111. 

  111. 

  112. 

  113. 	PROCEDURE ProbableDHPrime( bits: INTEGER;  add, rem: BigNumber ): BigNumber;
    114. 

  114. 	VAR d, r, p: BigNumber;  i: LONGINT;
    115. 

  115. 	BEGIN
    116. 

  116. 		p := B.NewRand( bits, 0, 1 );
    117. 

  117. 

  118. 		(* we need (p - rem) mod add = 0 *)
    119. 

  119. 		r := B.Mod( p, add );  p := B.Sub( p, r );
    120. 

  120. 		IF rem.IsZero( ) THEN  p.Inc  ELSE  p := B.Add( p, rem )  END;
    121. 

  121. 

  122. 		(* we now have a random number 'p' to test. *)
    123. 

  123. 		i := 0;
    124. 

  124. 		LOOP
    125. 

  125. 			INC( i );
    126. 

  126. 			IF i >= N THEN  RETURN p  END;
    127. 

  127. 			B.AssignInt( d, primes[i] );  r := B.Mod( p, d );
    128. 

  128. 			IF r.IsZero( ) THEN  p := B.Add( p, add );  i := 0  END;
    129. 

  129. 		END
    130. 

  130. 	END ProbableDHPrime;
    131. 

  131. 

  132. 	PROCEDURE ProbableDHPrimeSafe( bits: INTEGER; padd, rem: BigNumber ): BigNumber;
    133. 

  133. 	VAR d, q, r, qr, qadd, p: BigNumber;  i: LONGINT;
    134. 

  134. 	BEGIN
    135. 

  135. 		B.Copy( padd, qadd );  qadd.Shift( -1 );
    136. 

  136. 		q := B.NewRand( bits, 0, 1 );
    137. 

  137. 

  138. 		r := B.Mod( q, qadd );  q := B.Sub( q, r );
    139. 

  139. 		IF rem.IsZero( ) THEN  q.Inc
    140. 

  140. 		ELSE  B.Copy( rem, r );  r.Shift( -1 );  q := B.Add( q, r )
    141. 

  141. 		END;
    142. 

  142. 

  143. 		(* we now have a random number  to test. *)
    144. 

  144. 		B.Copy( q, p );  p.Shift( 1 );  p.Inc;
    145. 

  145. 

  146. 		i := 0;
    147. 

  147. 		LOOP
    148. 

  148. 			INC( i );
    149. 

  149. 			IF i >= N THEN  RETURN p  END;
    150. 

  150. 			B.AssignInt( d, primes[i] );  r := B.Mod( p, d );  qr := B.Mod( q, d );
    151. 

  151. 			IF r.IsZero( ) OR qr.IsZero( ) THEN
    152. 

  152. 				p := B.Add( p, padd );  q := B.Add( q, qadd );  i := 0
    153. 

  153. 			END;
    154. 

  154. 		END
    155. 

  155. 	END ProbableDHPrimeSafe;
    156. 

  156. 

  157. 

  158. 	PROCEDURE IsPrime*( a: BigNumber;  checks: INTEGER;  doTrialDiv: BOOLEAN ): BOOLEAN;
    159. 

  159. 	VAR i, k: INTEGER;  A, A1, A1odd, check: BigNumber;
    160. 

  160. 	BEGIN
    161. 

  161. 		IF checks = 0 THEN  checks := Checks( a.BitSize( ) )  END;
    162. 

  162. 		IF ~ODD( a.d[0] ) THEN  RETURN FALSE  END;
    163. 

  163. 		IF doTrialDiv THEN
    164. 

  164. 			FOR i := 1 TO N - 1 DO
    165. 

  165. 				IF B.ModWord( a, primes[i] ) = 0 THEN  RETURN FALSE  END
    166. 

  166. 			END
    167. 

  167. 		END;
    168. 

  168. 		B.Copy( a, A );
    169. 

  169. 		IF A.neg THEN  A.Negate  END;
    170. 

  170. 		B.Copy( A, A1 );  A1.Dec;
    171. 

  171. 		IF A1.IsZero( ) THEN  RETURN FALSE  END;
    172. 

  172. 

  173. 		(* write  A1  as  A1odd * 2^k *)
    174. 

  174. 		k := 1;  WHILE ~A1.BitSet( k ) DO  INC( k )  END;
    175. 

  175. 		B.Copy( A1, A1odd );  A1odd.Shift( -k );
    176. 

  176. 

  177. 		FOR i := 1 TO checks DO
    178. 

  178. 			check := B.NewRand( A1.BitSize( ), 0, 0 );
    179. 

  179. 			IF check.GEQ( A1 ) THEN  check := B.Sub( check, A1 )  END;
    180. 

  180. 			check.Inc;
    181. 

  181. 			(* now 1 <= check < A *)
    182. 

  182. 			IF ~witness( check, A, A1, A1odd, k ) THEN   RETURN FALSE  END;
    183. 

  183. 		END;
    184. 

  184. 		RETURN TRUE
    185. 

  185. 	END IsPrime;
    186. 

  186. 

  187. 	PROCEDURE witness( W, a, a1, a1odd: BigNumber;  k: INTEGER): BOOLEAN;
    188. 

  188. 	VAR w: BigNumber;
    189. 

  189. 	BEGIN
    190. 

  190. 		w := B.ModExp( W, a1odd, a );
    191. 

  191. 		IF w.EQ( one ) THEN  (* probably prime *)  RETURN TRUE  END;
    192. 

  192. 		IF w.EQ( a1 ) THEN   RETURN TRUE  END;
    193. 

  193. 				(* w = -1 (mod a), a is probably prime *)
    194. 

  194. 		WHILE k > 0 DO
    195. 

  195. 			w := B.ModMul( w, w, a );  (* w = w^2 mod a *)
    196. 

  196. 			IF w.EQ( one ) THEN  RETURN FALSE  END;
    197. 

  197. 					(* a is composite, otherwise a previous w would  have been = -1 (mod a) *)
    198. 

  198. 			IF w.EQ( a1 ) THEN  RETURN TRUE  END;
    199. 

  199. 					(* w = -1 (mod a), a is probably prime *)
    200. 

  200. 			DEC( k )
    201. 

  201. 		END;
    202. 

  202. 		(* If we get here, w is the (a-1)/2-th power of the original w, *)
    203. 

  203. 		(* and it is neither -1 nor +1 -- so a cannot be prime *)
    204. 

  204. 		RETURN FALSE
    205. 

  205. 	END witness;
    206. 

  206. 

  207. 	PROCEDURE Init;
    208. 

  208. 	VAR sieve: ARRAY N OF SET; i, j, p, n: LONGINT;
    209. 

  209. 	BEGIN
    210. 

  210. 		(* compute the first N small primes *)
    211. 

  211. 		FOR i := 0 TO N - 1 DO sieve[i] := {0..31} END;
    212. 

  212. 		primes[0] := 2;  n := 1;  i := 1;
    213. 

  213. 		WHILE n < N DO
    214. 

  214. 			IF i MOD 32 IN sieve[i DIV 32] THEN
    215. 

  215. 				p := 2*i + 1;  primes[n] := p;  INC( n );  j := i;
    216. 

  216. 				WHILE j DIV 32 < N DO  EXCL( sieve[j DIV 32], j MOD 32 );  INC( j, p )  END;
    217. 

  217. 			END;
    218. 

  218. 			INC( i )
    219. 

  219. 		END;
    220. 

  220. 	END Init;
    221. 

  221. 

  222. BEGIN
    223. 

  223. 	Init;  B.AssignInt( one, 1 ); 
    224. 

  224. END CryptoPrimes.
    225. 

  225.