8 years ago · 5e71ac27e2
--- a/src/headers/tomcrypt_math.h
+++ b/src/headers/tomcrypt_math.h
@@ -24,6 +24,12 @@
 
				    typedef void rsa_key;
			
 
				 #endif
			
 
				 
			
 
				+#ifndef LTC_MILLER_RABIN_REPS
			
 
				+   /* Number of rounds of the Miller-Rabin test
			
 
				+    * "Reasonable values of reps are between 15 and 50." c.f. gmp doc of mpz_probab_prime_p() */
			
 
				+   #define LTC_MILLER_RABIN_REPS    35
			
 
				+#endif
			
 
				+
			
 
				 /** math descriptor */
			
 
				 typedef struct {
			
 
				    /** Name of the math provider */
			
@@ -345,7 +351,7 @@ typedef struct {
 
				 
			
 
				    /** Primality testing
			
 
				        @param a     The integer to test
			
 
				-       @param b     The number of tests that shall be executed
			
 
				+       @param b     The number of Miller-Rabin tests that shall be executed
			
 
				        @param c     The destination of the result (FP_YES if prime)
			
 
				        @return CRYPT_OK on success
			
 
				    */
			
@@ -472,13 +478,13 @@ typedef struct {
 
				    int (*submod)(void *a, void *b, void *c, void *d);
			
 
				 
			
 
				 /* ---- misc stuff ---- */
			
 
				+
			
 
				    /** Make a pseudo-random mpi
			
 
				       @param  a     The mpi to make random
			
 
				       @param  size  The desired length
			
 
				       @return CRYPT_OK on success
			
 
				    */
			
 
				    int (*rand)(void *a, int size);
			
 
				-
			
 
				 } ltc_math_descriptor;
			
 
				 
			
 
				 extern ltc_math_descriptor ltc_mp;
			
--- a/src/math/gmp_desc.c
+++ b/src/math/gmp_desc.c
@@ -446,7 +446,7 @@ static int isprime(void *a, int b, int *c)
 
				    LTC_ARGCHK(a != NULL);
			
 
				    LTC_ARGCHK(c != NULL);
			
 
				    if (b == 0) {
			
 
				-       b = 8;
			
 
				+       b = LTC_MILLER_RABIN_REPS;
			
 
				    } /* if */
			
 
				    *c = mpz_probab_prime_p(a, b) > 0 ? LTC_MP_YES : LTC_MP_NO;
			
 
				    return CRYPT_OK;
			
--- a/src/math/ltm_desc.c
+++ b/src/math/ltm_desc.c
@@ -404,7 +404,7 @@ static int isprime(void *a, int b, int *c)
 
				    LTC_ARGCHK(a != NULL);
			
 
				    LTC_ARGCHK(c != NULL);
			
 
				    if (b == 0) {
			
 
				-       b = 8;
			
 
				+       b = LTC_MILLER_RABIN_REPS;
			
 
				    } /* if */
			
 
				    err = mpi_to_ltc_error(mp_prime_is_prime(a, b, c));
			
 
				    *c = (*c == MP_YES) ? LTC_MP_YES : LTC_MP_NO;
			
--- a/src/math/rand_prime.c
+++ b/src/math/rand_prime.c
@@ -66,7 +66,7 @@ int rand_prime(void *N, long len, prng_state *prng, int wprng)
 
				       }
			
 
				 
			
 
				       /* test */
			
 
				-      if ((err = mp_prime_is_prime(N, 8, &res)) != CRYPT_OK) {
			
 
				+      if ((err = mp_prime_is_prime(N, LTC_MILLER_RABIN_REPS, &res)) != CRYPT_OK) {
			
 
				          XFREE(buf);
			
 
				          return err;
			
 
				       }
			
--- a/src/math/tfm_desc.c
+++ b/src/math/tfm_desc.c
@@ -415,8 +415,10 @@ static int isprime(void *a, int b, int *c)
 
				 {
			
 
				    LTC_ARGCHK(a != NULL);
			
 
				    LTC_ARGCHK(c != NULL);
			
 
				-   (void)b;
			
 
				-   *c = (fp_isprime(a) == FP_YES) ? LTC_MP_YES : LTC_MP_NO;
			
 
				+   if (b == 0) {
			
 
				+       b = LTC_MILLER_RABIN_REPS;
			
 
				+   } /* if */
			
 
				+   *c = (fp_isprime_ex(a, b) == FP_YES) ? LTC_MP_YES : LTC_MP_NO;
			
 
				    return CRYPT_OK;
			
 
				 }
			
 
				 
			
--- a/src/pk/dsa/dsa_make_key.c
+++ b/src/pk/dsa/dsa_make_key.c
@@ -75,11 +75,23 @@ static int dsa_make_params(prng_state *prng, int wprng, int group_size, int modu
 
				   L = modulus_size * 8;
			
 
				   N = group_size * 8;
			
 
				 
			
 
				+  /* XXX-TODO no Lucas test */
			
 
				+#ifdef LTC_MPI_HAS_LUCAS_TEST
			
 
				   /* M-R tests (when followed by one Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */
			
 
				   mr_tests_p = (L <= 2048) ? 3 : 2;
			
 
				   if      (N <= 160)  { mr_tests_q = 19; }
			
 
				   else if (N <= 224)  { mr_tests_q = 24; }
			
 
				   else                { mr_tests_q = 27; }
			
 
				+#else
			
 
				+  /* M-R tests (without Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */
			
 
				+  if      (L <= 1024) { mr_tests_p = 40; }
			
 
				+  else if (L <= 2048) { mr_tests_p = 56; }
			
 
				+  else                { mr_tests_p = 64; }
			
 
				+
			
 
				+  if      (N <= 160)  { mr_tests_q = 40; }
			
 
				+  else if (N <= 224)  { mr_tests_q = 56; }
			
 
				+  else                { mr_tests_q = 64; }
			
 
				+#endif
			
 
				 
			
 
				   if (N <= 256) {
			
 
				     hash = register_hash(&sha256_desc);
			
@@ -122,7 +134,7 @@ static int dsa_make_params(prng_state *prng, int wprng, int group_size, int modu
 
				       if ((err = mp_mod(U, t2N1, U)) != CRYPT_OK)                                { goto cleanup; }
			
 
				       if ((err = mp_add(t2N1, U, q)) != CRYPT_OK)                                { goto cleanup; }
			
 
				       if (!mp_isodd(q)) mp_add_d(q, 1, q);
			
 
				-      if ((err = mp_prime_is_prime(q, mr_tests_q, &res)) != CRYPT_OK)            { goto cleanup; }       /* XXX-TODO rounds are ignored; no Lucas test */
			
 
				+      if ((err = mp_prime_is_prime(q, mr_tests_q, &res)) != CRYPT_OK)            { goto cleanup; }
			
 
				       if (res == LTC_MP_YES) found_q = 1;
			
 
				     }
			
 
				 
			
@@ -149,7 +161,7 @@ static int dsa_make_params(prng_state *prng, int wprng, int group_size, int modu
 
				       if ((err = mp_sub(X, p, p))    != CRYPT_OK)                                { goto cleanup; }
			
 
				       if (mp_cmp(p, t2L1) != LTC_MP_LT) {
			
 
				         /* p >= 2^(L-1) */
			
 
				-        if ((err = mp_prime_is_prime(p, mr_tests_p, &res)) != CRYPT_OK)          { goto cleanup; }       /* XXX-TODO rounds are ignored; no Lucas test */
			
 
				+        if ((err = mp_prime_is_prime(p, mr_tests_p, &res)) != CRYPT_OK)          { goto cleanup; }
			
 
				         if (res == LTC_MP_YES) {
			
 
				           found_p = 1;
			
 
				         }