// ComputeKey computes the session key given the value of A.
func (ss *ServerSession) ComputeKey(A []byte) ([]byte, error) {
err := ss.setA(A)
if err != nil {
return nil, err
}
// S = (Av^u) mod N
S := new(big.Int).Exp(ss._v, ss._u, ss.SRP.Group.Prime)
S.Mul(ss._A, S).Mod(S, ss.SRP.Group.Prime)
// Reject A*v^u == 0,1 (mod N)
one := big.NewInt(1)
if S.Cmp(one) <= 0 {
return nil, fmt.Errorf("Av^u) mod N <= 0")
}
// Reject A*v^u == -1 (mod N)
t1 := new(big.Int).Add(S, one)
if t1.BitLen() == 0 {
return nil, fmt.Errorf("Av^u) mod N == -1")
}
// S = (S ^ b) mod N (computes session key)
S.Exp(S, ss._b, ss.SRP.Group.Prime)
// K = H(S)
ss.key = quickHash(ss.SRP.HashFunc, S.Bytes())
return ss.key, nil
}
func main() {
// Initialize two big ints with the first two numbers in the sequence.
a := big.NewInt(0)
b := big.NewInt(1)
// Initialize limit as 10^99, the smallest integer with 100 digits.
var limit big.Int
limit.Exp(big.NewInt(10), big.NewInt(99), nil)
fmt.Println(&limit)
// Loop while a is smaller than 1e100.
for a.Cmp(&limit) < 0 {
// Compute the next Fibonacci number, storing it in a.
a.Add(a, b)
// Swap a and b so that b is the next number in the sequence.
a, b = b, a
}
fmt.Println(a) // 100-digit Fibonacci number
// Test a for primality.
// (ProbablyPrimes' argument sets the number of Miller-Rabin
// rounds to be performed. 20 is a good value.)
fmt.Println(a.ProbablyPrime(20))
}
func newPasswd() {
ClearScreen()
wr("Make new password\n")
t:
key := ins("Name of password: "******"" {
wr("You used an invalid character in your name: ", in)
goto t
}
strlen := ins("Password length: ")
ig := in("Characters to not include: ")
ilen, err := strconv.Atoi(strlen)
if err != nil {
pause("That wasn't a number")
return
}
passes[key] = NewPass(ilen, ig)
if Debug {
fmt.Println("Debug dump:\n\t", passes)
}
a, b := big.NewInt(int64(Mod-len(ig))), big.NewInt(int64(ilen))
var z big.Int
z.Exp(a, b, nil)
fmt.Printf("Made new password; Approx chance of guessing = 1/%s\n\n", z.String())
pause("note that changes have not been saved.")
}
func main() {
var count int // initialize count at zero
distinct_powers := make(map[string]bool)
for a := 2; a < 101; a++ {
for b := 2; b < 101; b++ {
// have to use big.Int because the exponents exceed 20 digits fast
var ex big.Int
ex.Exp(big.NewInt(int64(a)), big.NewInt(int64(b)), nil)
// have to convert back to string because
// map won't accept big.Int as a key
term := ex.String()
if !distinct_powers[term] {
distinct_powers[term] = true
count++
}
}
}
fmt.Println(count)
}
// DecodeToBigInt returns an arbitrary precision integer from the base62 encoded string
func (e *Encoding) DecodeToBigInt(s string) *big.Int {
var (
n = new(big.Int)
c = new(big.Int)
idx = new(big.Int)
power = new(big.Int)
exp = new(big.Int)
bse = new(big.Int)
)
bse.SetInt64(base)
// Run through each character to decode
for i, v := range s {
// Get index/position of the rune as a big int
idx.SetInt64(int64(strings.IndexRune(e.encode, v)))
// Work downwards through exponents
exp.SetInt64(int64(len(s) - (i + 1)))
// Calculate power for this exponent
power.Exp(bse, exp, nil)
// Multiplied by our index, gives us the value for this character
c = c.Mul(idx, power)
// Finally add to running total
n.Add(n, c)
}
return n
}
func TestPad(t *testing.T) {
private, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil || private == nil {
t.Fatal("Can't gen private key %s\n", err)
}
public := &private.PublicKey
var a [9]byte
copy(a[0:8], "IDENTITY")
seed := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
encrypted_secret, err := rsa.EncryptOAEP(sha1.New(), rand.Reader,
public, seed, a[0:9])
if err != nil {
t.Fatal("Can't encrypt ", err)
}
fmt.Printf("encrypted_secret: %x\n", encrypted_secret)
decrypted_secret, err := rsa.DecryptOAEP(sha1.New(), rand.Reader,
private, encrypted_secret, a[0:9])
if err != nil {
t.Fatal("Can't decrypt ", err)
}
fmt.Printf("decrypted_secret: %x\n", decrypted_secret)
var N *big.Int
var D *big.Int
var x *big.Int
var z *big.Int
N = public.N
D = private.D
x = new(big.Int)
z = new(big.Int)
x.SetBytes(encrypted_secret)
z = z.Exp(x, D, N)
decrypted_pad := z.Bytes()
fmt.Printf("decrypted_pad : %x\n", decrypted_pad)
}
// StrongMillerRabin checks if N is a
// strong Miller-Rabin pseudoprime in base a.
// That is, it checks if a is a witness
// for compositeness of N or if N is a strong
// pseudoprime base a.
//
// Use builtin ProbablyPrime if you want to do a lot
// of random tests, this is for one specific
// base value.
func StrongMillerRabin(N *big.Int, a int64) int {
// Step 0: parse input
if N.Sign() < 0 || N.Bit(0) == 0 || a < 2 {
panic("MR is for positive odd integers with a >= 2")
}
A := big.NewInt(a)
if (a == 2 && N.Bit(0) == 0) || new(big.Int).GCD(nil, nil, N, A).Cmp(one) != 0 {
return IsComposite
}
// Step 1: find d,s, so that n - 1 = d*2^s
// with d odd
d := new(big.Int).Sub(N, one)
s := trailingZeroBits(d)
d.Rsh(d, s)
// Step 2: compute powers a^d
// and then a^(d*2^r) for 0<r<s
nm1 := new(big.Int).Sub(N, one)
Ad := new(big.Int).Exp(A, d, N)
if Ad.Cmp(one) == 0 || Ad.Cmp(nm1) == 0 {
return Undetermined
}
for r := uint(1); r < s; r++ {
Ad.Exp(Ad, two, N)
if Ad.Cmp(nm1) == 0 {
return Undetermined
}
}
// Step 3: a is a witness for compositeness
return IsComposite
}
func (h *Header) validPoW() error {
if h.Nonces[0] == h.Nonces[1] ||
h.Nonces[0] == h.Nonces[2] ||
h.Nonces[1] == h.Nonces[2] {
return ErrInvalidPoW
}
dInt := new(big.Int).SetUint64(h.Difficulty)
mInt := new(big.Int).SetUint64(2)
mInt.Exp(mInt, dInt, nil)
a := h.SumNonce(0)
b := h.SumNonce(1)
c := h.SumNonce(2)
aInt := new(big.Int).SetBytes(a[:])
bInt := new(big.Int).SetBytes(b[:])
cInt := new(big.Int).SetBytes(c[:])
aInt.Mod(aInt, mInt)
bInt.Mod(bInt, mInt)
cInt.Mod(cInt, mInt)
if aInt.Cmp(bInt) != 0 || aInt.Cmp(cInt) != 0 {
return ErrInvalidPoW
}
return nil
}
func (calc Calculator) threeValueCalculation(a, b, c *big.Int, operator string) *big.Int {
switch operator {
case "&":
return a.Exp(a, b, c)
}
return nil
}
// (n - 2^(k-1)) mod 2^m
func calcLastFinger(n []byte, k int) (string, []byte) {
// convert the n to a bigint
nBigInt := big.Int{}
nBigInt.SetBytes(n)
// get the right addend, i.e. 2^(k-1)
two := big.NewInt(2)
addend := big.Int{}
addend.Exp(two, big.NewInt(int64(k-1)), nil)
addend.Mul(&addend, big.NewInt(-1))
//Soustraction
neg := big.Int{}
neg.Add(&addend, &nBigInt)
// calculate 2^m
m := 160
ceil := big.Int{}
ceil.Exp(two, big.NewInt(int64(m)), nil)
// apply the mod
result := big.Int{}
result.Mod(&neg, &ceil)
resultBytes := result.Bytes()
resultHex := fmt.Sprintf("%x", resultBytes)
return resultHex, resultBytes
}
// privateEncrypt implements OpenSSL's RSA_private_encrypt function
func privateEncrypt(key *rsa.PrivateKey, data []byte) (enc []byte, err error) {
k := (key.N.BitLen() + 7) / 8
tLen := len(data)
// rfc2313, section 8:
// The length of the data D shall not be more than k-11 octets
if tLen > k-11 {
err = errors.New("Data too long")
return
}
em := make([]byte, k)
em[1] = 1
for i := 2; i < k-tLen-1; i++ {
em[i] = 0xff
}
copy(em[k-tLen:k], data)
c := new(big.Int).SetBytes(em)
if c.Cmp(key.N) > 0 {
err = nil
return
}
var m *big.Int
var ir *big.Int
if key.Precomputed.Dp == nil {
m = new(big.Int).Exp(c, key.D, key.N)
} else {
// We have the precalculated values needed for the CRT.
m = new(big.Int).Exp(c, key.Precomputed.Dp, key.Primes[0])
m2 := new(big.Int).Exp(c, key.Precomputed.Dq, key.Primes[1])
m.Sub(m, m2)
if m.Sign() < 0 {
m.Add(m, key.Primes[0])
}
m.Mul(m, key.Precomputed.Qinv)
m.Mod(m, key.Primes[0])
m.Mul(m, key.Primes[1])
m.Add(m, m2)
for i, values := range key.Precomputed.CRTValues {
prime := key.Primes[2+i]
m2.Exp(c, values.Exp, prime)
m2.Sub(m2, m)
m2.Mul(m2, values.Coeff)
m2.Mod(m2, prime)
if m2.Sign() < 0 {
m2.Add(m2, prime)
}
m2.Mul(m2, values.R)
m.Add(m, m2)
}
}
if ir != nil {
// Unblind.
m.Mul(m, ir)
m.Mod(m, key.N)
}
enc = m.Bytes()
return
}
// (n + 2^(k-1)) mod (2^m)
func calcFinger(n []byte, k int, m int) (string, []byte) {
// convert the n to a bigint
nBigInt := big.Int{}
nBigInt.SetBytes(n)
// get the right addend, i.e. 2^(k-1)
two := big.NewInt(2)
addend := big.Int{}
addend.Exp(two, big.NewInt(int64(k-1)), nil)
// calculate sum
sum := big.Int{}
sum.Add(&nBigInt, &addend)
// calculate 2^m
ceil := big.Int{}
ceil.Exp(two, big.NewInt(int64(m)), nil)
// apply the mod
result := big.Int{}
result.Mod(&sum, &ceil)
resultBytes := result.Bytes()
resultHex := fmt.Sprintf("%x", resultBytes)
return resultHex, resultBytes
}
func (c *Conversation) processSMP4(mpis []*big.Int) error {
if len(mpis) != 3 {
return errors.New("otr: incorrect number of arguments in SMP4 message")
}
rb := mpis[0]
cr := mpis[1]
d7 := mpis[2]
h := sha256.New()
r := new(big.Int).Exp(c.smp.qaqb, d7, p)
s := new(big.Int).Exp(rb, cr, p)
r.Mul(r, s)
r.Mod(r, p)
s.Exp(g, d7, p)
t := new(big.Int).Exp(c.smp.g3b, cr, p)
s.Mul(s, t)
s.Mod(s, p)
t.SetBytes(hashMPIs(h, 8, s, r))
if t.Cmp(cr) != 0 {
return errors.New("otr: ZKP cR failed in SMP4 message")
}
r.Exp(rb, c.smp.a3, p)
if r.Cmp(c.smp.papb) != 0 {
return smpFailureError
}
return nil
}
func (v *Value) String() string {
if v.IsZero() {
return "0"
}
if v.Native && v.IsScientific() {
value := strconv.FormatUint(v.Num, 10)
offset := strconv.FormatInt(v.Offset, 10)
if v.Negative {
return "-" + value + "e" + offset
}
return value + "e" + offset
}
value := big.NewInt(int64(v.Num))
if v.Negative {
value.Neg(value)
}
var offset *big.Int
if v.Native {
offset = big.NewInt(-6)
} else {
offset = big.NewInt(v.Offset)
}
exp := offset.Exp(bigTen, offset.Neg(offset), nil)
rat := big.NewRat(0, 1).SetFrac(value, exp)
left := rat.FloatString(0)
if rat.IsInt() {
return left
}
length := len(left)
if v.Negative {
length -= 1
}
return strings.TrimRight(rat.FloatString(32-length), "0")
}
/*
The Join function
The first fuction to be executed
Alaows it gives the hash and id and request the finger table for the boost node
*/
func Join(test bool) { //
//generate id
me.nodeId = Index(generateNodeId(), BITS)
nodeIdInt := me.nodeId
me.storage = map[string]string{}
//prepare finger table
if test { //firstnode in the ring
me.offset = 0
for i, _ := range me.FingerTable {
//compute the ith node
two := big.NewInt(2)
dist := big.Int{}
dist.Exp(two, big.NewInt(int64(i)), nil)
var ithNode big.Int
ithNode.Add(&dist, &nodeIdInt)
x := ringSize(BITS)
ithNode.Mod(&ithNode, &x)
//fill the fingr table row
me.FingerTable[i][0] = ithNode.String()
me.FingerTable[i][1] = me.nodeId.String()
me.FingerTable[i][2] = me.address //this node address
}
} else { //not first node in the ring
//initialize offset
GetOffsetClient(me.target)
updateFingerTable(nodeIdInt, me.target) //target server required
go infornMySuccessor()
go AutoUpdate() // initialize auto update
}
}
// normalizeBigInt divides off all trailing zeros from the provided big.Int.
// It will only modify the provided big.Int if copyOnWrite is not set, and
// it will use the formatted representation of the big.Int if it is provided.
func normalizeBigInt(bi *big.Int, copyOnWrite bool, formatted, tmp []byte) *big.Int {
tens := 0
if formatted != nil {
tens = trailingZerosFromBytes(formatted)
} else {
tens = trailingZeros(bi, tmp)
}
if tens > 0 {
// If the decimal's big.Int hasn't been copied already, copy
// it now because we will be modifying it.
from := bi
if copyOnWrite {
bi = new(big.Int)
}
var div *big.Int
switch tens {
case 1:
div = bigInt10
case 2:
div = bigInt100
case 3:
div = bigInt1000
default:
div = big.NewInt(10)
pow := big.NewInt(int64(tens))
div.Exp(div, pow, nil)
}
bi.Div(from, div)
}
return bi
}
/*公钥解密*/
func pubKeyDecrypt(pub *rsa.PublicKey, data []byte) ([]byte, error) {
k := (pub.N.BitLen() + 7) / 8
if k != len(data) {
return nil, ErrDataLen
}
m := new(big.Int).SetBytes(data)
if m.Cmp(pub.N) > 0 {
return nil, ErrDataToLarge
}
m.Exp(m, big.NewInt(int64(pub.E)), pub.N)
d := leftPad(m.Bytes(), k)
if d[0] != 0 {
return nil, ErrDataBroken
}
if d[1] != 0 && d[1] != 1 {
return nil, ErrKeyPairDismatch
}
var i = 2
for ; i < len(d); i++ {
if d[i] == 0 {
break
}
}
i++
if i == len(d) {
return nil, nil
}
return d[i:], nil
}
func plus(z *big.Int, x *big.Int, y *big.Int) *big.Int {
var lim big.Int
lim.Exp(big.NewInt(2), big.NewInt(256), big.NewInt(0))
z.Add(x, y)
return z.Mod(z, &lim)
}
//newPrivateKey makes private key from seeds.
func newPrivateKey(pSeed, qSeed big.Int) (*PrivateKey, error) {
q := &qSeed
p := &pSeed
var tmp big.Int
test := big.NewInt(0x7743)
var q1, phi, keyD, keyN big.Int
for count := 0; count < rsaCreateGiveup; count++ {
q = primize(q)
q1.Add(q, tmp.SetInt64(-1))
p = primize(p)
phi.Add(p, tmp.SetInt64(-1))
phi.Mul(&phi, &q1)
keyD.ModInverse(rsaPublicE, &phi)
if keyD.Cmp(tmp.SetInt64(0)) == 0 {
continue
}
keyN.Mul(p, q)
tmp.Exp(test, rsaPublicE, &keyN)
tmp.Exp(&tmp, &keyD, &keyN)
if tmp.Cmp(test) == 0 {
return &PrivateKey{&keyN, &keyD}, nil
}
p.Add(p, tmp.SetInt64(2))
q.Add(q, tmp.SetInt64(2))
}
err := errors.New("cannot generate private key")
log.Fatal(err)
return nil, err
}
// This example demonstrates how to use big.Int to compute the smallest
// Fibonacci number with 100 decimal digits and to test whether it is prime.
func Example_fibonacci() {
// Initialize two big ints with the first two numbers in the sequence.
a := big.NewInt(0)
b := big.NewInt(1)
// Initialize limit as 10^99, the smallest integer with 100 digits.
var limit big.Int
limit.Exp(big.NewInt(10), big.NewInt(99), nil)
// Loop while a is smaller than 1e100.
for a.Cmp(&limit) < 0 {
// Compute the next Fibonacci number, storing it in a.
a.Add(a, b)
// Swap a and b so that b is the next number in the sequence.
a, b = b, a
}
fmt.Println(a) // 100-digit Fibonacci number
// Test a for primality.
// (ProbablyPrimes' argument sets the number of Miller-Rabin
// rounds to be performed. 20 is a good value.)
fmt.Println(a.ProbablyPrime(20))
// Output:
// 1344719667586153181419716641724567886890850696275767987106294472017884974410332069524504824747437757
// false
}
func (s *SRPClientSession) calculate_biga() big.Int {
var biga big.Int
gp := s.config.gp
biga.Exp(&gp.G, &s.a, &gp.N)
return biga
}
// Verify verifies the signature in r, s of hash using the public key, pub. It
// reports whether the signature is valid.
//
// Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated
// to the byte-length of the subgroup. This function does not perform that
// truncation itself.
func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
// FIPS 186-3, section 4.7
if pub.P.Sign() == 0 {
return false
}
if r.Sign() < 1 || r.Cmp(pub.Q) >= 0 {
return false
}
if s.Sign() < 1 || s.Cmp(pub.Q) >= 0 {
return false
}
w := new(big.Int).ModInverse(s, pub.Q)
n := pub.Q.BitLen()
if n&7 != 0 {
return false
}
z := new(big.Int).SetBytes(hash)
u1 := new(big.Int).Mul(z, w)
u1.Mod(u1, pub.Q)
u2 := w.Mul(r, w)
u2.Mod(u2, pub.Q)
v := u1.Exp(pub.G, u1, pub.P)
u2.Exp(pub.Y, u2, pub.P)
v.Mul(v, u2)
v.Mod(v, pub.P)
v.Mod(v, pub.Q)
return v.Cmp(r) == 0
}
func (c *Conversation) processSMP1(mpis []*big.Int) error {
if len(mpis) != 6 {
return errors.New("otr: incorrect number of arguments in SMP1 message")
}
g2a := mpis[0]
c2 := mpis[1]
d2 := mpis[2]
g3a := mpis[3]
c3 := mpis[4]
d3 := mpis[5]
h := sha256.New()
r := new(big.Int).Exp(g, d2, p)
s := new(big.Int).Exp(g2a, c2, p)
r.Mul(r, s)
r.Mod(r, p)
t := new(big.Int).SetBytes(hashMPIs(h, 1, r))
if c2.Cmp(t) != 0 {
return errors.New("otr: ZKP c2 incorrect in SMP1 message")
}
r.Exp(g, d3, p)
s.Exp(g3a, c3, p)
r.Mul(r, s)
r.Mod(r, p)
t.SetBytes(hashMPIs(h, 2, r))
if c3.Cmp(t) != 0 {
return errors.New("otr: ZKP c3 incorrect in SMP1 message")
}
c.smp.g2a = g2a
c.smp.g3a = g3a
return nil
}
// powerOffset computes the offset by (n + 2^exp) % (2^mod)
func powerOffset(id []byte, exp int, mod int) []byte {
// Copy the existing slice
off := make([]byte, len(id))
copy(off, id)
// Convert the ID to a bigint
idInt := big.Int{}
idInt.SetBytes(id)
// Get the offset
two := big.NewInt(2)
offset := big.Int{}
offset.Exp(two, big.NewInt(int64(exp)), nil)
// Sum
sum := big.Int{}
sum.Add(&idInt, &offset)
// Get the ceiling
ceil := big.Int{}
ceil.Exp(two, big.NewInt(int64(mod)), nil)
// Apply the mod
idInt.Mod(&sum, &ceil)
// Add together
return idInt.Bytes()
}
// decryptRSA decrypts message m using RSA private key (p,q,d)
func decryptRSA(m, p, q, d *big.Int) []byte {
n := new(big.Int)
r := new(big.Int)
n.Mul(p, q)
r.Exp(m, d, n)
return r.Bytes()
}
func times(z *big.Int, x *big.Int, y *big.Int) *big.Int {
var lim, x1, y1 big.Int
lim.Exp(big.NewInt(2), big.NewInt(256), big.NewInt(0))
x1.Set(x)
y1.Set(y)
z.Mul(x, y)
z.Mod(z, &lim)
return z
}
func main() {
var z = new(big.Int)
sum := 0
digits := z.Exp(big.NewInt(2), big.NewInt(1000), nil).String()
for _, digit := range digits {
sum += int(digit) - int('0')
}
fmt.Printf("%v\n", sum)
}
func main() {
raw, err := ioutil.ReadAll(os.Stdin)
if err != nil {
log.Fatalln(err)
}
raw_strings := strings.Fields(strings.Replace(string(raw), "\n", " ", -1))
p, _ := new(big.Int).SetString(raw_strings[0], 0)
g, _ := new(big.Int).SetString(raw_strings[1], 0)
h, _ := new(big.Int).SetString(raw_strings[2], 0)
B := big.NewInt(2)
B.Exp(B, big.NewInt(20), p)
mitms := make(map[string]*big.Int)
one := big.NewInt(1)
fmt.Println("p:", p)
fmt.Println("g:", g)
fmt.Println("h:", h)
fmt.Println("Started calculating")
for i := big.NewInt(0); i.Cmp(B) != 0; i.Add(i, one) {
ex := new(big.Int).Exp(g, i, p)
ex.ModInverse(ex, p)
res := ex.Mul(ex, h)
res.Mod(res, p)
mitms[res.String()] = new(big.Int).Set(i)
}
fmt.Println("Calculated x1s")
var x1, x0 *big.Int
var ok bool
for i := big.NewInt(0); i.Cmp(B) != 0; i.Add(i, one) {
r := new(big.Int).Exp(g, B, p)
r.Exp(r, i, p)
if x1, ok = mitms[r.String()]; ok {
x0 = new(big.Int).Set(i)
fmt.Println("Found x0", x0, "x1", x1)
break
}
}
if x1 == nil || x0 == nil {
fmt.Println("Something went wrong - no solution")
} else {
x := x0.Mul(x0, B)
x.Add(x, x1)
fmt.Println(x)
}
}
// There has been discussion of renaming this and submitting it along with its
// counterpart in chef-golang to crypto/rsa.
func decrypt(pubKey *rsa.PublicKey, data []byte) ([]byte, error) {
c := new(big.Int)
m := new(big.Int)
m.SetBytes(data)
e := big.NewInt(int64(pubKey.E))
c.Exp(m, e, pubKey.N)
out := c.Bytes()
return out, nil
}
// Compute the Legendre symbol of i, if modulus M is prime,
// using the Euler criterion (which involves exponentiation).
func (i *Int) legendre() int {
var Pm1, v big.Int
Pm1.Sub(i.M, one)
v.Div(&Pm1, two)
v.Exp(&i.V, &v, i.M)
if v.Cmp(&Pm1) == 0 {
return -1
}
return v.Sign()
}