Example #1
0
func RabinMiller(p *big.Int) bool {
	pdec := new(big.Int).Sub(p, big.NewInt(1)) // =  p - 1
	big2 := big.NewInt(2)

	for i := 0; i < 20; i++ {
		x := RandNumSmaller(p)
		stg := new(big.Int).Exp(x, pdec, p) // = x^(p-1) mod p
		if stg.Cmp(big1) != 0 {
			return false
		}

		// test na Carmichaelova cisla (kontrola zda x^[(p-1)/2] je +1 nebo -1)
		p2 := new(big.Int).Rsh(p, 1) // = (p - 1)/2
		for {
			stg.Exp(x, p2, p)
			if stg.Cmp(pdec) == 0 {
				break
			}
			if stg.Cmp(big1) != 0 {
				return false
			}
			_, res := p2.Div(p2, big2)
			if res.Cmp(big1) == 0 {
				break
			}
		}
	}
	return true
}
Example #2
0
// Verify verifies the signature in r, s of hash using the public key, pub. It
// returns true iff the signature is valid.
func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
	// FIPS 186-3, section 4.7

	if r.Sign() < 1 || r.Cmp(pub.Q) >= 0 {
		return false
	}
	if s.Sign() < 1 || s.Cmp(pub.Q) >= 0 {
		return false
	}

	w := new(big.Int).ModInverse(s, pub.Q)

	n := pub.Q.BitLen()
	if n&7 != 0 {
		return false
	}
	n >>= 3

	if n > len(hash) {
		n = len(hash)
	}
	z := new(big.Int).SetBytes(hash[:n])

	u1 := new(big.Int).Mul(z, w)
	u1.Mod(u1, pub.Q)
	u2 := w.Mul(r, w)
	u2.Mod(u2, pub.Q)
	v := u1.Exp(pub.G, u1, pub.P)
	u2.Exp(pub.Y, u2, pub.P)
	v.Mul(v, u2)
	v.Mod(v, pub.P)
	v.Mod(v, pub.Q)

	return v.Cmp(r) == 0
}
func info(a *big.Int, n uint) {
	dtrunc := int64(float64(a.BitLen())*.30103) - 10
	var first, rest big.Int
	rest.Exp(first.SetInt64(10), rest.SetInt64(dtrunc), nil)
	first.Quo(a, &rest)
	fstr := first.String()
	fmt.Printf("%d! begins %s... and has %d digits.\n",
		n, fstr, int64(len(fstr))+dtrunc)
}
Example #4
0
func (curve *Curve) double(p *Point) *Point {
	fmt.Printf("d")
	lambda_numerator := new(big.Int)
	lambda_denominator := new(big.Int)
	lambda := new(big.Int)
	lambda_numerator.Exp(p.X, BigTwo, curve.P)
	lambda_numerator.Mul(lambda_numerator, BigThree)
	lambda_numerator.Add(lambda_numerator, curve.A)
	lambda_denominator.Mul(BigTwo, p.Y)
	lambda_denominator, ok := modInverse(lambda_denominator, curve.P)
	if !ok {
		fmt.Printf("Its not OKAY\n")
		return nil
	}
	lambda.Mul(lambda_numerator, lambda_denominator)
	lambda = lambda.Mod(lambda, curve.P)

	p3 := NewPoint()

	temp := new(big.Int)
	temp2 := new(big.Int)
	//temp3 := new(big.Int)
	//temp4 := new(big.Int)
	//temp5 := new(big.Int)
	//temp6 := new(big.Int)
	p3.X.Sub(temp.Exp(lambda, BigTwo, curve.P), temp2.Mul(BigTwo, p.X))
	p3.X = p3.X.Mod(p3.X, curve.P)

	p3.Y.Sub(p.X, p3.X)
	p3.Y.Mul(p3.Y, lambda)
	p3.Y = p3.Y.Sub(p3.Y, p.Y)
	p3.Y = p3.Y.Mod(p3.Y, curve.P)
	if p3.X.Cmp(BigZero) == -1 { //if X is negative
		p3.X.Neg(p3.X)
		p3.X.Sub(curve.P, p3.X)
	}
	if p3.Y.Cmp(BigZero) == -1 { //if Y is negative
		p3.Y.Neg(p3.Y)
		p3.Y.Sub(curve.P, p3.Y)
	}
	return p3
}
Example #5
0
func recursive(in int64, value *big.Int, v vector.IntVector, primeIndex int, primes []*big.Int, winner *big.Int, winner2 *vector.IntVector) {

	if in > 4000000 {

		if value.Cmp(winner) < 0 || winner.Cmp(big.NewInt(-1)) == 0 {
			winner.Set(value)
			*winner2 = v
			fmt.Println(in, winner, *winner2)
			//fmt.Print(in, winner, *winner2, " (")
			//for k, v := range *winner2 {
			//	fmt.Print(primes[k], "**", v, " * ")
			//}
			//fmt.Println(")")
		}

		return
	}

	for i := int64(15); i >= 1; i -= 1 {

		var factor big.Int

		factor.Exp(primes[primeIndex], big.NewInt(i), nil)

		//fmt.Println(factor, i, primes[primeIndex])

		newV := v.Copy()
		newV.Push(int(i))

		var newValue big.Int
		newValue.Mul(value, &factor)

		recursive(in*(2*i+1)-i, &newValue, newV, primeIndex+1, primes, winner, winner2)

	}
}
Example #6
0
// GenerateParameters puts a random, valid set of DSA parameters into params.
// This function takes many seconds, even on fast machines.
func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes) (err os.Error) {
	// This function doesn't follow FIPS 186-3 exactly in that it doesn't
	// use a verification seed to generate the primes. The verification
	// seed doesn't appear to be exported or used by other code and
	// omitting it makes the code cleaner.

	var L, N int
	switch sizes {
	case L1024N160:
		L = 1024
		N = 160
	case L2048N224:
		L = 2048
		N = 224
	case L2048N256:
		L = 2048
		N = 256
	case L3072N256:
		L = 3072
		N = 256
	default:
		return os.ErrorString("crypto/dsa: invalid ParameterSizes")
	}

	qBytes := make([]byte, N/8)
	pBytes := make([]byte, L/8)

	q := new(big.Int)
	p := new(big.Int)
	rem := new(big.Int)
	one := new(big.Int)
	one.SetInt64(1)

GeneratePrimes:
	for {
		_, err = io.ReadFull(rand, qBytes)
		if err != nil {
			return
		}

		qBytes[len(qBytes)-1] |= 1
		qBytes[0] |= 0x80
		q.SetBytes(qBytes)

		if !big.ProbablyPrime(q, numMRTests) {
			continue
		}

		for i := 0; i < 4*L; i++ {
			_, err = io.ReadFull(rand, pBytes)
			if err != nil {
				return
			}

			pBytes[len(pBytes)-1] |= 1
			pBytes[0] |= 0x80

			p.SetBytes(pBytes)
			rem.Mod(p, q)
			rem.Sub(rem, one)
			p.Sub(p, rem)
			if p.BitLen() < L {
				continue
			}

			if !big.ProbablyPrime(p, numMRTests) {
				continue
			}

			params.P = p
			params.Q = q
			break GeneratePrimes
		}
	}

	h := new(big.Int)
	h.SetInt64(2)
	g := new(big.Int)

	pm1 := new(big.Int).Sub(p, one)
	e := new(big.Int).Div(pm1, q)

	for {
		g.Exp(h, e, p)
		if g.Cmp(one) == 0 {
			h.Add(h, one)
			continue
		}

		params.G = g
		return
	}

	panic("unreachable")
}
Example #7
0
func encrypt(c *big.Int, pub *PublicKey, m *big.Int) *big.Int {
	e := big.NewInt(int64(pub.E))
	c.Exp(m, e, pub.N)
	return c
}
Example #8
0
// decrypt performs an RSA decryption, resulting in a plaintext integer. If a
// random source is given, RSA blinding is used.
func decrypt(random io.Reader, priv *PrivateKey, c *big.Int) (m *big.Int, err os.Error) {
	// TODO(agl): can we get away with reusing blinds?
	if c.Cmp(priv.N) > 0 {
		err = DecryptionError{}
		return
	}

	var ir *big.Int
	if random != nil {
		// Blinding enabled. Blinding involves multiplying c by r^e.
		// Then the decryption operation performs (m^e * r^e)^d mod n
		// which equals mr mod n. The factor of r can then be removed
		// by multiplying by the multiplicative inverse of r.

		var r *big.Int

		for {
			r, err = rand.Int(random, priv.N)
			if err != nil {
				return
			}
			if r.Cmp(bigZero) == 0 {
				r = bigOne
			}
			var ok bool
			ir, ok = modInverse(r, priv.N)
			if ok {
				break
			}
		}
		bigE := big.NewInt(int64(priv.E))
		rpowe := new(big.Int).Exp(r, bigE, priv.N)
		cCopy := new(big.Int).Set(c)
		cCopy.Mul(cCopy, rpowe)
		cCopy.Mod(cCopy, priv.N)
		c = cCopy
	}

	if priv.Precomputed.Dp == nil {
		m = new(big.Int).Exp(c, priv.D, priv.N)
	} else {
		// We have the precalculated values needed for the CRT.
		m = new(big.Int).Exp(c, priv.Precomputed.Dp, priv.Primes[0])
		m2 := new(big.Int).Exp(c, priv.Precomputed.Dq, priv.Primes[1])
		m.Sub(m, m2)
		if m.Sign() < 0 {
			m.Add(m, priv.Primes[0])
		}
		m.Mul(m, priv.Precomputed.Qinv)
		m.Mod(m, priv.Primes[0])
		m.Mul(m, priv.Primes[1])
		m.Add(m, m2)

		for i, values := range priv.Precomputed.CRTValues {
			prime := priv.Primes[2+i]
			m2.Exp(c, values.Exp, prime)
			m2.Sub(m2, m)
			m2.Mul(m2, values.Coeff)
			m2.Mod(m2, prime)
			if m2.Sign() < 0 {
				m2.Add(m2, prime)
			}
			m2.Mul(m2, values.R)
			m.Add(m, m2)
		}
	}

	if ir != nil {
		// Unblind.
		m.Mul(m, ir)
		m.Mod(m, priv.N)
	}

	return
}
Example #9
0
File: rsa.go Project: richlowe/gcc
// decrypt performs an RSA decryption, resulting in a plaintext integer. If a
// random source is given, RSA blinding is used.
func decrypt(rand io.Reader, priv *PrivateKey, c *big.Int) (m *big.Int, err os.Error) {
	// TODO(agl): can we get away with reusing blinds?
	if c.Cmp(priv.N) > 0 {
		err = DecryptionError{}
		return
	}

	var ir *big.Int
	if rand != nil {
		// Blinding enabled. Blinding involves multiplying c by r^e.
		// Then the decryption operation performs (m^e * r^e)^d mod n
		// which equals mr mod n. The factor of r can then be removed
		// by multipling by the multiplicative inverse of r.

		var r *big.Int

		for {
			r, err = randomNumber(rand, priv.N)
			if err != nil {
				return
			}
			if r.Cmp(bigZero) == 0 {
				r = bigOne
			}
			var ok bool
			ir, ok = modInverse(r, priv.N)
			if ok {
				break
			}
		}
		bigE := big.NewInt(int64(priv.E))
		rpowe := new(big.Int).Exp(r, bigE, priv.N)
		c.Mul(c, rpowe)
		c.Mod(c, priv.N)
	}

	priv.rwMutex.RLock()

	if priv.dP == nil && priv.P != nil {
		priv.rwMutex.RUnlock()
		priv.rwMutex.Lock()
		if priv.dP == nil && priv.P != nil {
			priv.precompute()
		}
		priv.rwMutex.Unlock()
		priv.rwMutex.RLock()
	}

	if priv.dP == nil {
		m = new(big.Int).Exp(c, priv.D, priv.N)
	} else {
		// We have the precalculated values needed for the CRT.
		m = new(big.Int).Exp(c, priv.dP, priv.P)
		m2 := new(big.Int).Exp(c, priv.dQ, priv.Q)
		m.Sub(m, m2)
		if m.Sign() < 0 {
			m.Add(m, priv.P)
		}
		m.Mul(m, priv.qInv)
		m.Mod(m, priv.P)
		m.Mul(m, priv.Q)
		m.Add(m, m2)

		if priv.dR != nil {
			// 3-prime CRT.
			m2.Exp(c, priv.dR, priv.R)
			m2.Sub(m2, m)
			m2.Mul(m2, priv.tr)
			m2.Mod(m2, priv.R)
			if m2.Sign() < 0 {
				m2.Add(m2, priv.R)
			}
			m2.Mul(m2, priv.pq)
			m.Add(m, m2)
		}
	}

	priv.rwMutex.RUnlock()

	if ir != nil {
		// Unblind.
		m.Mul(m, ir)
		m.Mod(m, priv.N)
	}

	return
}
Example #10
0
// Spocita msg^key % mod
func crypt(key, mod *big.Int, msg []byte) []byte {
	a := new(big.Int).SetBytes(msg)
	a.Exp(a, key, mod)
	return a.Bytes()
}