diff options
author | David Barksdale <amatus.amongus@gmail.com> | 2010-05-17 05:02:11 +0000 |
---|---|---|
committer | David Barksdale <amatus.amongus@gmail.com> | 2010-05-17 05:02:11 +0000 |
commit | bdcdf3b89a7d8ccd1293eac5fa26cdfbe1c04244 (patch) | |
tree | 401c8a3310ba07dab3058cfe7a7bec69d1b602c4 /src/util/crypto_ksk.c | |
parent | e7ff3e82d257bece3b03eb277fea503a7c6f881b (diff) | |
download | gnunet-bdcdf3b89a7d8ccd1293eac5fa26cdfbe1c04244.tar.gz gnunet-bdcdf3b89a7d8ccd1293eac5fa26cdfbe1c04244.zip |
Fix mpz_randomize to always update the "state" of rnd, and optimize the code that assumes that mpz_randomize can return a number with more bits than requested. This change breaks kblock key generation again.
Diffstat (limited to 'src/util/crypto_ksk.c')
-rw-r--r-- | src/util/crypto_ksk.c | 40 |
1 files changed, 8 insertions, 32 deletions
diff --git a/src/util/crypto_ksk.c b/src/util/crypto_ksk.c index 26adbcda0..6c36d2f7b 100644 --- a/src/util/crypto_ksk.c +++ b/src/util/crypto_ksk.c | |||
@@ -156,35 +156,23 @@ static uint16_t small_prime_numbers[] = { | |||
156 | static int no_of_small_prime_numbers = DIM (small_prime_numbers) - 1; | 156 | static int no_of_small_prime_numbers = DIM (small_prime_numbers) - 1; |
157 | 157 | ||
158 | 158 | ||
159 | static unsigned int | 159 | static unsigned int |
160 | get_nbits (mpz_t a) | 160 | get_nbits (mpz_t a) |
161 | { | 161 | { |
162 | return mpz_sizeinbase (a, 2); | 162 | return mpz_sizeinbase (a, 2); |
163 | } | 163 | } |
164 | 164 | ||
165 | 165 | ||
166 | /** | ||
167 | * Set bit N of A. and clear all bits above | ||
168 | */ | ||
169 | static void | ||
170 | set_highbit (mpz_t a, unsigned int n) | ||
171 | { | ||
172 | unsigned int nbits; | ||
173 | |||
174 | nbits = get_nbits (a); | ||
175 | while (nbits > n) | ||
176 | mpz_clrbit (a, nbits--); | ||
177 | mpz_setbit (a, n); | ||
178 | } | ||
179 | |||
180 | static void | 166 | static void |
181 | mpz_randomize (mpz_t n, unsigned int nbits, GNUNET_HashCode * rnd) | 167 | mpz_randomize (mpz_t n, unsigned int nbits, GNUNET_HashCode * rnd) |
182 | { | 168 | { |
183 | GNUNET_HashCode *tmp; | 169 | GNUNET_HashCode *tmp; |
170 | int bits_per_hc = sizeof (GNUNET_HashCode) * 8; | ||
184 | int cnt; | 171 | int cnt; |
185 | int i; | 172 | int i; |
186 | 173 | ||
187 | cnt = (nbits / sizeof (GNUNET_HashCode) / 8) + 1; | 174 | GNUNET_assert (nbits > 0); |
175 | cnt = (nbits + bits_per_hc - 1) / bits_per_hc; | ||
188 | tmp = GNUNET_malloc (sizeof (GNUNET_HashCode) * cnt); | 176 | tmp = GNUNET_malloc (sizeof (GNUNET_HashCode) * cnt); |
189 | 177 | ||
190 | tmp[0] = *rnd; | 178 | tmp[0] = *rnd; |
@@ -192,7 +180,7 @@ mpz_randomize (mpz_t n, unsigned int nbits, GNUNET_HashCode * rnd) | |||
192 | { | 180 | { |
193 | GNUNET_CRYPTO_hash (&tmp[i], sizeof (GNUNET_HashCode), &tmp[i + 1]); | 181 | GNUNET_CRYPTO_hash (&tmp[i], sizeof (GNUNET_HashCode), &tmp[i + 1]); |
194 | } | 182 | } |
195 | *rnd = tmp[cnt - 1]; | 183 | GNUNET_CRYPTO_hash (rnd, sizeof (GNUNET_HashCode), &tmp[i + 1]); |
196 | mpz_import (n, cnt * sizeof (GNUNET_HashCode) / sizeof (unsigned int), | 184 | mpz_import (n, cnt * sizeof (GNUNET_HashCode) / sizeof (unsigned int), |
197 | 1, sizeof (unsigned int), 1, 0, tmp); | 185 | 1, sizeof (unsigned int), 1, 0, tmp); |
198 | GNUNET_free (tmp); | 186 | GNUNET_free (tmp); |
@@ -238,19 +226,7 @@ is_prime (mpz_t n, int steps, GNUNET_HashCode * hc) | |||
238 | } | 226 | } |
239 | else | 227 | else |
240 | { | 228 | { |
241 | mpz_randomize (x, nbits, hc); | 229 | mpz_randomize (x, nbits - 1, hc); |
242 | |||
243 | /* Make sure that the number is smaller than the prime and | ||
244 | keep the randomness of the high bit. */ | ||
245 | if (mpz_tstbit (x, nbits - 2)) | ||
246 | { | ||
247 | set_highbit (x, nbits - 2); /* Clear all higher bits. */ | ||
248 | } | ||
249 | else | ||
250 | { | ||
251 | set_highbit (x, nbits - 2); | ||
252 | mpz_clrbit (x, nbits - 2); | ||
253 | } | ||
254 | GNUNET_assert (mpz_cmp (x, nminus1) < 0 && mpz_cmp_ui (x, 1) > 0); | 230 | GNUNET_assert (mpz_cmp (x, nminus1) < 0 && mpz_cmp_ui (x, 1) > 0); |
255 | } | 231 | } |
256 | mpz_powm (y, x, q, n); | 232 | mpz_powm (y, x, q, n); |
@@ -306,7 +282,7 @@ gen_prime (mpz_t ptest, unsigned int nbits, GNUNET_HashCode * hc) | |||
306 | generating a secret prime we are most probably doing that | 282 | generating a secret prime we are most probably doing that |
307 | for RSA, to make sure that the modulus does have the | 283 | for RSA, to make sure that the modulus does have the |
308 | requested key size we set the 2 high order bits. */ | 284 | requested key size we set the 2 high order bits. */ |
309 | set_highbit (prime, nbits - 1); | 285 | mpz_setbit (prime, nbits - 1); |
310 | mpz_setbit (prime, nbits - 2); | 286 | mpz_setbit (prime, nbits - 2); |
311 | mpz_setbit (prime, 0); | 287 | mpz_setbit (prime, 0); |
312 | 288 | ||