3 * $Id: bbs-rand.c,v 1.3 2000/06/17 10:45:21 mdw Exp $
5 * Blum-Blum-Shub secure random number generator
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
32 * $Log: bbs-rand.c,v $
33 * Revision 1.3 2000/06/17 10:45:21 mdw
34 * Typesetting fixes. Advertise random number generator strength. Use
35 * secure arena for memory allocation.
37 * Revision 1.2 1999/12/13 15:34:01 mdw
38 * Add support for seeding from a generic pseudorandom source.
40 * Revision 1.1 1999/12/10 23:14:59 mdw
41 * Blum-Blum-Shub generator, and Blum-Goldwasser encryption.
45 /*----- Header files ------------------------------------------------------*/
51 #include <mLib/bits.h>
58 #include "mpbarrett.h"
63 /*----- Main code ---------------------------------------------------------*/
65 /* --- @bbs_create@ --- *
67 * Arguments: @bbs *b@ = pointer to BBS generator state to initialize
68 * @mp *m@ = modulus (must be a Blum integer)
69 * @mp *x@ = initial seed for generator
73 * Use: Initializes a BBS generator. The generator is stepped once
74 * after initialization, as for @bbs_seed@.
77 void bbs_create(bbs *b, mp *m, mp *x)
82 mpbarrett_create(&b->mb, m);
84 mp_build(&k, &kw, &kw + 1);
85 b->k = mp_bits(&k) - 1;
90 /* --- @bbs_destroy@ --- *
92 * Arguments: @bbs *b@ = pointer to BBS generator state
96 * Use: Destroys a generator state when it's no longer wanted.
99 void bbs_destroy(bbs *b)
102 mpbarrett_destroy(&b->mb);
105 /* --- @bbs_step@ --- *
107 * Arguments: @bbs *b@ = pointer to BBS generator state
111 * Use: Steps the generator once. This isn't too useful in client
115 void bbs_step(bbs *b)
119 x = mpbarrett_reduce(&b->mb, x, x);
125 /* --- @bbs_set@ --- *
127 * Arguments: @bbs *b@ = pointer to BBS generator state
128 * @mp *x@ = new residue to set
132 * Use: Sets a new quadratic residue. The generator is stepped once.
135 void bbs_set(bbs *b, mp *x)
143 /* --- @bbs_seed@ --- *
145 * Arguments: @bbs *b@ = pointer to BBS generator state
146 * @mp *x@ = new seed to set
150 * Use: Sets a new seed. The generator is stepped until the residue
151 * has clearly wrapped around.
154 void bbs_seed(bbs *b, mp *x)
159 y = mp_sqr(MP_NEW, x);
160 y = mpbarrett_reduce(&b->mb, y, y);
171 /* --- @bbs_bits@ --- *
173 * Arguments: @bbs *b@ = pointer to BBS generator state
174 * @unsigned bits@ = number of bits wanted
176 * Returns: Bits extracted from the BBS generator.
178 * Use: Extracts a requested number of bits from the BBS generator.
181 uint32 bbs_bits(bbs *b, unsigned bits)
186 /* --- Keep turning the handle until there's enough in the reservoir --- */
188 while (bits >= b->b) {
191 x |= (b->r & m) << bits;
195 /* --- Extract the last few bits needed --- */
200 x |= (b->r >> b->b) & m;
208 /* --- @bbs_wrap@ --- *
210 * Arguments: @bbs *b@ = pointer to BBS generator state
214 * Use: Steps the generator if any of the reservoir bits are used.
215 * This can be used to `wrap up' after a Blum-Goldwasser
216 * encryption, for example, producing the final value to be sent
217 * along with the ciphertext.
219 * If a generator is seeded, %$b$% bits are extracted, and then
220 * @bbs_wrap@ is called, the generator will have been stepped
221 * %$\lceil b/k \rceil$% times.
224 void bbs_wrap(bbs *b)
230 /*----- Generic random number generator interface -------------------------*/
232 typedef struct gctx {
237 static void gdestroy(grand *r)
245 static int gmisc(grand *r, unsigned op, ...)
254 switch (va_arg(ap, unsigned)) {
257 case GRAND_SEEDUINT32:
268 case GRAND_SEEDINT: {
269 mp *x = mp_fromuint(MP_NEW, va_arg(ap, unsigned));
273 case GRAND_SEEDUINT32: {
274 mp *x = mp_fromuint32(MP_NEW, va_arg(ap, uint32));
279 bbs_seed(&g->b, va_arg(ap, mp *));
281 case GRAND_SEEDRAND: {
282 grand *rr = va_arg(ap, grand *);
283 mp *m = mprand(MP_NEW, mp_bits(g->b.mb.m) - 1, rr, 0);
288 bbs_set(&g->b, va_arg(ap, mp *));
299 static octet gbyte(grand *r)
302 return (bbs_bits(&g->b, 8));
305 static uint32 gword(grand *r)
308 return (bbs_bits(&g->b, 32));
311 static const grand_ops gops = {
315 gword, gbyte, gword, grand_range, grand_fill
318 /* --- @bbs_rand@ --- *
320 * Arguments: @mp *m@ = modulus
321 * @mp *x@ = initial seed
323 * Returns: Pointer to a generic generator.
325 * Use: Constructs a generic generator interface over a
326 * Blum-Blum-Shub generator.
329 grand *bbs_rand(mp *m, mp *x)
331 gctx *g = S_CREATE(gctx);
333 bbs_create(&g->b, m, x);
337 /*----- Test rig ----------------------------------------------------------*/
341 static int verify(dstr *v)
343 mp *n = *(mp **)v[0].buf;
344 mp *x = *(mp **)v[1].buf;
345 grand *b = bbs_rand(n, x);
349 dstr_ensure(&d, v[2].len);
350 b->ops->fill(b, d.buf, v[2].len);
352 if (memcmp(d.buf, v[2].buf, v[2].len) != 0) {
353 fputs("\n*** bbs failure\n", stderr);
354 fputs("n = ", stderr); mp_writefile(n, stderr, 10); fputc('\n', stderr);
355 fputs("x = ", stderr); mp_writefile(x, stderr, 10); fputc('\n', stderr);
356 fputs("expected = ", stderr); type_hex.dump(&v[2], stderr);
358 fputs(" found = ", stderr); type_hex.dump(&d, stderr);
360 fprintf(stderr, "k = %u\n", ((gctx *)b)->b.k);
367 assert(mparena_count(MPARENA_GLOBAL) == 0);
371 static test_chunk tests[] = {
372 { "bbs", verify, { &type_mp, &type_mp, &type_hex, 0 } },
376 int main(int argc, char *argv[])
379 test_run(argc, argv, tests, SRCDIR "/tests/bbs");
385 /*----- That's all, folks -------------------------------------------------*/