Add some more vectors, and a whinge about how Skipjack test vectors are.

[catacomb] / pgen-safe.c

/* -*-c-*-
 *
 * $Id: pgen-safe.c,v 1.4 2000/07/03 18:09:27 mdw Exp $
 *
 * Safe prime generation
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: pgen-safe.c,v $
 * Revision 1.4  2000/07/03 18:09:27  mdw
 * Bug fix to the GCD check.  With any luck, this is the last of these to
 * need nailing to the wall.
 *
 * Revision 1.3  2000/06/17 11:52:36  mdw
 * Signal a pgen abort if the jump and base share a common factor.
 *
 * Revision 1.2  2000/02/12 18:21:03  mdw
 * Overhaul of key management (again).
 *
 * Revision 1.1  1999/12/22 16:01:34  mdw
 * Find `safe' primes (i.e., %$p = 2q + 1$%).
 *
 */

/*----- Header files ------------------------------------------------------*/

#include "mp.h"
#include "mprand.h"
#include "pgen.h"

/*----- Main code ---------------------------------------------------------*/

/* --- @pgen_safestep@ --- *
 *
 * Steps two numbers, %$q$% and %$p = 2q + 1$%, such that neither has any
 * small factors.  %$p$% is put in the event block.
 */

int pgen_safestep(int rq, pgen_event *ev, void *p)
{
  pgen_safestepctx *c = p;
  int rc = PGEN_ABORT, qrc = 0;

  switch (rq) {

    /* --- Set up the contexts --- */

    case PGEN_BEGIN: {
      mp *p = mp_split(MP_COPY(ev->m));
      mp *q;
      p->v[0] |= 3;
      q = mp_lsr(MP_NEW, p, 1);
      rc = pfilt_create(&c->p, p);
      qrc = pfilt_create(&c->q, q);
      mp_drop(p); mp_drop(q);
    } break;

    /* --- Step along --- */

    case PGEN_TRY:
      mp_drop(ev->m);
      rc = pfilt_step(&c->p, 4);
      qrc = pfilt_step(&c->q, 2);
      break;

      break;

    /* --- Tidy the toys away --- */

    case PGEN_DONE:
      pfilt_destroy(&c->q);
      pfilt_destroy(&c->p);
      return (PGEN_DONE);
  }

  /* --- Continue stepping if necessary --- */

  while (rc == PGEN_FAIL || qrc == PGEN_FAIL) {
    rc = pfilt_step(&c->p, 4);
    qrc = pfilt_step(&c->q, 2);
  }

  ev->m = MP_COPY(c->p.m);
  if (qrc == PGEN_TRY)
    rc = PGEN_TRY;
  return (rc);
}

/* --- @pgen_safejump@ --- *
 *
 * Jumps two numbers, %$q$% and %$p = 2q + 1$% such that neither has any
 * small factors.
 */

int pgen_safejump(int rq, pgen_event *ev, void *p)
{
  pgen_safejumpctx *j = p;
  int rc = PGEN_ABORT, qrc = 0;

  switch (rq) {

    /* --- Set up the jump contexts --- *
     *
     * The jump in @j.q@ is congruent to 2 (mod 4); see @strongprime_setup@.
     * If @p@ is initially 1 (mod 4) then add @j.q@.  Then double @j.q@ to
     * ensure that the step is 0 (mod 4).  Ensure that @jq@ and @q@ don't
     * have any common factors.
     */

    case PGEN_BEGIN: {
      mp *p = ev->m;
      mp *q;
      mp *g = MP_NEW;
      if ((p->v[0] & 3) != 3)
        p = mp_add(p, p, j->jq.m);
      q = mp_lsr(MP_NEW, p, 1);
      mp_gcd(&g, 0, 0, p, j->jq.m);
      if (MP_CMP(g, >, MP_ONE)) {
        ev->m = p;
        mp_drop(q);
        mp_drop(g);
        return (PGEN_ABORT);
      }
      mp_drop(g);
      rc = pfilt_create(&j->p, p);
      pfilt_muladd(&j->jp, &j->jq, 2, 0);
      qrc = pfilt_create(&j->q, q);
      mp_drop(p);
      mp_drop(q);
    } break;

    /* --- Step on one place --- */

    case PGEN_TRY:
      mp_drop(ev->m);
      rc = pfilt_jump(&j->p, &j->jp);
      qrc = pfilt_jump(&j->q, &j->jq);
      break;

    /* --- Tidy everything up --- */

    case PGEN_DONE:
      pfilt_destroy(&j->jp);
      pfilt_destroy(&j->p);
      pfilt_destroy(&j->q);
      return (PGEN_DONE);
  }

  /* --- Step on while @p@ or @q@ have small factors --- */

  while (rc == PGEN_FAIL || qrc == PGEN_FAIL) {
    rc = pfilt_jump(&j->p, &j->jp);
    qrc = pfilt_jump(&j->q, &j->jq);
  }
  ev->m = MP_COPY(j->p.m);
  if (qrc == PGEN_TRY)
    rc = PGEN_TRY;
  return (rc);
}

/* --- @pgen_safetest@ --- *
 *
 * Applies Rabin-Miller tests to %$p$% and %$q$%.
 */

int pgen_safetest(int rq, pgen_event *ev, void *p)
{
  pgen_safetestctx *c = p;
  int rc = PGEN_ABORT;

  switch (rq) {
    case PGEN_BEGIN:
      rabin_create(&c->q, c->c.q.m);
      rabin_create(&c->p, c->c.p.m);
      rc = PGEN_TRY;
      break;
    case PGEN_TRY: {
      mp *m = mprand_range(MP_NEW, c->c.q.m, ev->r, 0);
      rc = rabin_test(&c->p, m);
      if (rc == PGEN_PASS)
        rc = rabin_test(&c->q, m);
      mp_drop(m);
    } break;
    case PGEN_DONE:
      rabin_destroy(&c->q);
      rabin_destroy(&c->p);
      break;
  }
  return (rc);
}

/*----- That's all, folks -------------------------------------------------*/