Domů Procházet Nápověda
Přihlásit se
SoftwareDesign
/
csu3_am335x
8
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Větev: master
Větve Značky
csu3_am335x
/
EVSE
/
GPL
/
dropbear-2022.82
/
libtommath
/
bn_mp_prime_frobenius_underwood.c

bn_mp_prime_frobenius_underwood.c 4.4 KB
Trvalý odkaz Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 
  1. #include "tommath_private.h"
    2. 

  2. #ifdef BN_MP_PRIME_FROBENIUS_UNDERWOOD_C
    3. 

  3. 

  4. /* LibTomMath, multiple-precision integer library -- Tom St Denis */
    5. 

  5. /* SPDX-License-Identifier: Unlicense */
    6. 

  6. 

  7. /*
    8. 

  8.  *  See file bn_mp_prime_is_prime.c or the documentation in doc/bn.tex for the details
    9. 

  9.  */
    10. 

  10. #ifndef LTM_USE_ONLY_MR
    11. 

  11. 

  12. #ifdef MP_8BIT
    13. 

  13. /*
    14. 

  14.  * floor of positive solution of
    15. 

  15.  * (2^16)-1 = (a+4)*(2*a+5)
    16. 

  16.  * TODO: Both values are smaller than N^(1/4), would have to use a bigint
    17. 

  17.  *       for a instead but any a biger than about 120 are already so rare that
    18. 

  18.  *       it is possible to ignore them and still get enough pseudoprimes.
    19. 

  19.  *       But it is still a restriction of the set of available pseudoprimes
    20. 

  20.  *       which makes this implementation less secure if used stand-alone.
    21. 

  21.  */
    22. 

  22. #define LTM_FROBENIUS_UNDERWOOD_A 177
    23. 

  23. #else
    24. 

  24. #define LTM_FROBENIUS_UNDERWOOD_A 32764
    25. 

  25. #endif
    26. 

  26. mp_err mp_prime_frobenius_underwood(const mp_int *N, mp_bool *result)
    27. 

  27. {
    28. 

  28.    mp_int T1z, T2z, Np1z, sz, tz;
    29. 

  29. 

  30.    int a, ap2, length, i, j;
    31. 

  31.    mp_err err;
    32. 

  32. 

  33.    *result = MP_NO;
    34. 

  34. 

  35.    if ((err = mp_init_multi(&T1z, &T2z, &Np1z, &sz, &tz, NULL)) != MP_OKAY) {
    36. 

  36.       return err;
    37. 

  37.    }
    38. 

  38. 

  39.    for (a = 0; a < LTM_FROBENIUS_UNDERWOOD_A; a++) {
    40. 

  40.       /* TODO: That's ugly! No, really, it is! */
    41. 

  41.       if ((a==2) || (a==4) || (a==7) || (a==8) || (a==10) ||
    42. 

  42.           (a==14) || (a==18) || (a==23) || (a==26) || (a==28)) {
    43. 

  43.          continue;
    44. 

  44.       }
    45. 

  45.       /* (32764^2 - 4) < 2^31, no bigint for >MP_8BIT needed) */
    46. 

  46.       mp_set_u32(&T1z, (uint32_t)a);
    47. 

  47. 

  48.       if ((err = mp_sqr(&T1z, &T1z)) != MP_OKAY)                  goto LBL_FU_ERR;
    49. 

  49. 

  50.       if ((err = mp_sub_d(&T1z, 4uL, &T1z)) != MP_OKAY)           goto LBL_FU_ERR;
    51. 

  51. 

  52.       if ((err = mp_kronecker(&T1z, N, &j)) != MP_OKAY)           goto LBL_FU_ERR;
    53. 

  53. 

  54.       if (j == -1) {
    55. 

  55.          break;
    56. 

  56.       }
    57. 

  57. 

  58.       if (j == 0) {
    59. 

  59.          /* composite */
    60. 

  60.          goto LBL_FU_ERR;
    61. 

  61.       }
    62. 

  62.    }
    63. 

  63.    /* Tell it a composite and set return value accordingly */
    64. 

  64.    if (a >= LTM_FROBENIUS_UNDERWOOD_A) {
    65. 

  65.       err = MP_ITER;
    66. 

  66.       goto LBL_FU_ERR;
    67. 

  67.    }
    68. 

  68.    /* Composite if N and (a+4)*(2*a+5) are not coprime */
    69. 

  69.    mp_set_u32(&T1z, (uint32_t)((a+4)*((2*a)+5)));
    70. 

  70. 

  71.    if ((err = mp_gcd(N, &T1z, &T1z)) != MP_OKAY)                  goto LBL_FU_ERR;
    72. 

  72. 

  73.    if (!((T1z.used == 1) && (T1z.dp[0] == 1u)))                   goto LBL_FU_ERR;
    74. 

  74. 

  75.    ap2 = a + 2;
    76. 

  76.    if ((err = mp_add_d(N, 1uL, &Np1z)) != MP_OKAY)                goto LBL_FU_ERR;
    77. 

  77. 

  78.    mp_set(&sz, 1uL);
    79. 

  79.    mp_set(&tz, 2uL);
    80. 

  80.    length = mp_count_bits(&Np1z);
    81. 

  81. 

  82.    for (i = length - 2; i >= 0; i--) {
    83. 

  83.       /*
    84. 

  84.        * temp = (sz*(a*sz+2*tz))%N;
    85. 

  85.        * tz   = ((tz-sz)*(tz+sz))%N;
    86. 

  86.        * sz   = temp;
    87. 

  87.        */
    88. 

  88.       if ((err = mp_mul_2(&tz, &T2z)) != MP_OKAY)                 goto LBL_FU_ERR;
    89. 

  89. 

  90.       /* a = 0 at about 50% of the cases (non-square and odd input) */
    91. 

  91.       if (a != 0) {
    92. 

  92.          if ((err = mp_mul_d(&sz, (mp_digit)a, &T1z)) != MP_OKAY) goto LBL_FU_ERR;
    93. 

  93.          if ((err = mp_add(&T1z, &T2z, &T2z)) != MP_OKAY)         goto LBL_FU_ERR;
    94. 

  94.       }
    95. 

  95. 

  96.       if ((err = mp_mul(&T2z, &sz, &T1z)) != MP_OKAY)             goto LBL_FU_ERR;
    97. 

  97.       if ((err = mp_sub(&tz, &sz, &T2z)) != MP_OKAY)              goto LBL_FU_ERR;
    98. 

  98.       if ((err = mp_add(&sz, &tz, &sz)) != MP_OKAY)               goto LBL_FU_ERR;
    99. 

  99.       if ((err = mp_mul(&sz, &T2z, &tz)) != MP_OKAY)              goto LBL_FU_ERR;
    100. 

  100.       if ((err = mp_mod(&tz, N, &tz)) != MP_OKAY)                 goto LBL_FU_ERR;
    101. 

  101.       if ((err = mp_mod(&T1z, N, &sz)) != MP_OKAY)                goto LBL_FU_ERR;
    102. 

  102.       if (s_mp_get_bit(&Np1z, (unsigned int)i) == MP_YES) {
    103. 

  103.          /*
    104. 

  104.           *  temp = (a+2) * sz + tz
    105. 

  105.           *  tz   = 2 * tz - sz
    106. 

  106.           *  sz   = temp
    107. 

  107.           */
    108. 

  108.          if (a == 0) {
    109. 

  109.             if ((err = mp_mul_2(&sz, &T1z)) != MP_OKAY)           goto LBL_FU_ERR;
    110. 

  110.          } else {
    111. 

  111.             if ((err = mp_mul_d(&sz, (mp_digit)ap2, &T1z)) != MP_OKAY) goto LBL_FU_ERR;
    112. 

  112.          }
    113. 

  113.          if ((err = mp_add(&T1z, &tz, &T1z)) != MP_OKAY)          goto LBL_FU_ERR;
    114. 

  114.          if ((err = mp_mul_2(&tz, &T2z)) != MP_OKAY)              goto LBL_FU_ERR;
    115. 

  115.          if ((err = mp_sub(&T2z, &sz, &tz)) != MP_OKAY)           goto LBL_FU_ERR;
    116. 

  116.          mp_exch(&sz, &T1z);
    117. 

  117.       }
    118. 

  118.    }
    119. 

  119. 

  120.    mp_set_u32(&T1z, (uint32_t)((2 * a) + 5));
    121. 

  121.    if ((err = mp_mod(&T1z, N, &T1z)) != MP_OKAY)                  goto LBL_FU_ERR;
    122. 

  122.    if (MP_IS_ZERO(&sz) && (mp_cmp(&tz, &T1z) == MP_EQ)) {
    123. 

  123.       *result = MP_YES;
    124. 

  124.    }
    125. 

  125. 

  126. LBL_FU_ERR:
    127. 

  127.    mp_clear_multi(&tz, &sz, &Np1z, &T2z, &T1z, NULL);
    128. 

  128.    return err;
    129. 

  129. }
    130. 

  130. 

  131. #endif
    132. 

  132. #endif
    133.