diff options
| author | tb <> | 2023-05-10 21:05:24 +0000 |
|---|---|---|
| committer | tb <> | 2023-05-10 21:05:24 +0000 |
| commit | a03c417c0bb6170b5891dc327c9c68d629316b81 (patch) | |
| tree | ad5c1b46c955ea841045988b173e33579200445c /src/lib | |
| parent | 72c805e72c683fa3159a61579ede6ca11119ec9e (diff) | |
| download | openbsd-a03c417c0bb6170b5891dc327c9c68d629316b81.tar.gz openbsd-a03c417c0bb6170b5891dc327c9c68d629316b81.tar.bz2 openbsd-a03c417c0bb6170b5891dc327c9c68d629316b81.zip | |
Use is_pseudoprime instead of is_prime in bn_bpsw.c
This is more accurate and improves readability a bit. Apart from a comment
tweak this is sed + knfmt (which resulted in four wrapped lines).
Discussed with beck and jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_bpsw.c | 63 |
1 files changed, 33 insertions, 30 deletions
diff --git a/src/lib/libcrypto/bn/bn_bpsw.c b/src/lib/libcrypto/bn/bn_bpsw.c index a1acbbf1e9..82a4e87146 100644 --- a/src/lib/libcrypto/bn/bn_bpsw.c +++ b/src/lib/libcrypto/bn/bn_bpsw.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_bpsw.c,v 1.9 2023/05/10 12:21:55 tb Exp $ */ | 1 | /* $OpenBSD: bn_bpsw.c,v 1.10 2023/05/10 21:05:24 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2022 Martin Grenouilloux <martin.grenouilloux@lse.epita.fr> | 3 | * Copyright (c) 2022 Martin Grenouilloux <martin.grenouilloux@lse.epita.fr> |
| 4 | * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> |
| @@ -156,7 +156,7 @@ bn_lucas(BIGNUM *U, BIGNUM *V, const BIGNUM *k, const BIGNUM *D, | |||
| 156 | */ | 156 | */ |
| 157 | 157 | ||
| 158 | static int | 158 | static int |
| 159 | bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D, | 159 | bn_strong_lucas_test(int *is_pseudoprime, const BIGNUM *n, const BIGNUM *D, |
| 160 | BN_CTX *ctx) | 160 | BN_CTX *ctx) |
| 161 | { | 161 | { |
| 162 | BIGNUM *k, *U, *V; | 162 | BIGNUM *k, *U, *V; |
| @@ -194,7 +194,7 @@ bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D, | |||
| 194 | goto err; | 194 | goto err; |
| 195 | 195 | ||
| 196 | if (BN_is_zero(U) || BN_is_zero(V)) { | 196 | if (BN_is_zero(U) || BN_is_zero(V)) { |
| 197 | *is_prime = 1; | 197 | *is_pseudoprime = 1; |
| 198 | goto done; | 198 | goto done; |
| 199 | } | 199 | } |
| 200 | 200 | ||
| @@ -208,7 +208,7 @@ bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D, | |||
| 208 | goto err; | 208 | goto err; |
| 209 | 209 | ||
| 210 | if (BN_is_zero(V)) { | 210 | if (BN_is_zero(V)) { |
| 211 | *is_prime = 1; | 211 | *is_pseudoprime = 1; |
| 212 | goto done; | 212 | goto done; |
| 213 | } | 213 | } |
| 214 | } | 214 | } |
| @@ -217,7 +217,7 @@ bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D, | |||
| 217 | * If we got here, n is definitely composite. | 217 | * If we got here, n is definitely composite. |
| 218 | */ | 218 | */ |
| 219 | 219 | ||
| 220 | *is_prime = 0; | 220 | *is_pseudoprime = 0; |
| 221 | 221 | ||
| 222 | done: | 222 | done: |
| 223 | ret = 1; | 223 | ret = 1; |
| @@ -235,7 +235,7 @@ bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D, | |||
| 235 | */ | 235 | */ |
| 236 | 236 | ||
| 237 | static int | 237 | static int |
| 238 | bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx) | 238 | bn_strong_lucas_selfridge(int *is_pseudoprime, const BIGNUM *n, BN_CTX *ctx) |
| 239 | { | 239 | { |
| 240 | BIGNUM *D, *two; | 240 | BIGNUM *D, *two; |
| 241 | int is_perfect_square, jacobi_symbol, sign; | 241 | int is_perfect_square, jacobi_symbol, sign; |
| @@ -247,7 +247,7 @@ bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx) | |||
| 247 | if (!bn_is_perfect_square(&is_perfect_square, n, ctx)) | 247 | if (!bn_is_perfect_square(&is_perfect_square, n, ctx)) |
| 248 | goto err; | 248 | goto err; |
| 249 | if (is_perfect_square) { | 249 | if (is_perfect_square) { |
| 250 | *is_prime = 0; | 250 | *is_pseudoprime = 0; |
| 251 | goto done; | 251 | goto done; |
| 252 | } | 252 | } |
| 253 | 253 | ||
| @@ -278,7 +278,7 @@ bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx) | |||
| 278 | 278 | ||
| 279 | /* n and D have prime factors in common. */ | 279 | /* n and D have prime factors in common. */ |
| 280 | if (jacobi_symbol == 0) { | 280 | if (jacobi_symbol == 0) { |
| 281 | *is_prime = 0; | 281 | *is_pseudoprime = 0; |
| 282 | goto done; | 282 | goto done; |
| 283 | } | 283 | } |
| 284 | 284 | ||
| @@ -288,7 +288,7 @@ bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx) | |||
| 288 | BN_set_negative(D, sign == -1); | 288 | BN_set_negative(D, sign == -1); |
| 289 | } | 289 | } |
| 290 | 290 | ||
| 291 | if (!bn_strong_lucas_test(is_prime, n, D, ctx)) | 291 | if (!bn_strong_lucas_test(is_pseudoprime, n, D, ctx)) |
| 292 | goto err; | 292 | goto err; |
| 293 | 293 | ||
| 294 | done: | 294 | done: |
| @@ -318,7 +318,7 @@ bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx) | |||
| 318 | */ | 318 | */ |
| 319 | 319 | ||
| 320 | static int | 320 | static int |
| 321 | bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one, | 321 | bn_fermat(int *is_pseudoprime, const BIGNUM *n, const BIGNUM *n_minus_one, |
| 322 | const BIGNUM *k, int s, const BIGNUM *base, BN_CTX *ctx, BN_MONT_CTX *mctx) | 322 | const BIGNUM *k, int s, const BIGNUM *base, BN_CTX *ctx, BN_MONT_CTX *mctx) |
| 323 | { | 323 | { |
| 324 | BIGNUM *power; | 324 | BIGNUM *power; |
| @@ -338,7 +338,7 @@ bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one, | |||
| 338 | goto err; | 338 | goto err; |
| 339 | 339 | ||
| 340 | if (BN_is_one(power) || BN_cmp(power, n_minus_one) == 0) { | 340 | if (BN_is_one(power) || BN_cmp(power, n_minus_one) == 0) { |
| 341 | *is_prime = 1; | 341 | *is_pseudoprime = 1; |
| 342 | goto done; | 342 | goto done; |
| 343 | } | 343 | } |
| 344 | 344 | ||
| @@ -349,13 +349,13 @@ bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one, | |||
| 349 | 349 | ||
| 350 | /* n is a pseudoprime for base. */ | 350 | /* n is a pseudoprime for base. */ |
| 351 | if (BN_cmp(power, n_minus_one) == 0) { | 351 | if (BN_cmp(power, n_minus_one) == 0) { |
| 352 | *is_prime = 1; | 352 | *is_pseudoprime = 1; |
| 353 | goto done; | 353 | goto done; |
| 354 | } | 354 | } |
| 355 | 355 | ||
| 356 | /* n is composite: there's a square root of unity != 1 or -1. */ | 356 | /* n is composite: there's a square root of unity != 1 or -1. */ |
| 357 | if (BN_is_one(power)) { | 357 | if (BN_is_one(power)) { |
| 358 | *is_prime = 0; | 358 | *is_pseudoprime = 0; |
| 359 | goto done; | 359 | goto done; |
| 360 | } | 360 | } |
| 361 | } | 361 | } |
| @@ -364,7 +364,7 @@ bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one, | |||
| 364 | * If we get here, n is definitely composite: base^(n-1) != 1. | 364 | * If we get here, n is definitely composite: base^(n-1) != 1. |
| 365 | */ | 365 | */ |
| 366 | 366 | ||
| 367 | *is_prime = 0; | 367 | *is_pseudoprime = 0; |
| 368 | 368 | ||
| 369 | done: | 369 | done: |
| 370 | ret = 1; | 370 | ret = 1; |
| @@ -377,11 +377,12 @@ bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one, | |||
| 377 | 377 | ||
| 378 | /* | 378 | /* |
| 379 | * Miller-Rabin primality test for base 2 and for |rounds| of random bases. | 379 | * Miller-Rabin primality test for base 2 and for |rounds| of random bases. |
| 380 | * On success: is_prime == 0 implies n is composite - the converse is false. | 380 | * On success: is_pseudoprime == 0 implies that n is composite. |
| 381 | */ | 381 | */ |
| 382 | 382 | ||
| 383 | static int | 383 | static int |
| 384 | bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds) | 384 | bn_miller_rabin(int *is_pseudoprime, const BIGNUM *n, BN_CTX *ctx, |
| 385 | size_t rounds) | ||
| 385 | { | 386 | { |
| 386 | BN_MONT_CTX *mctx = NULL; | 387 | BN_MONT_CTX *mctx = NULL; |
| 387 | BIGNUM *base, *k, *n_minus_one, *three; | 388 | BIGNUM *base, *k, *n_minus_one, *three; |
| @@ -401,12 +402,12 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds) | |||
| 401 | goto err; | 402 | goto err; |
| 402 | 403 | ||
| 403 | if (BN_is_word(n, 2) || BN_is_word(n, 3)) { | 404 | if (BN_is_word(n, 2) || BN_is_word(n, 3)) { |
| 404 | *is_prime = 1; | 405 | *is_pseudoprime = 1; |
| 405 | goto done; | 406 | goto done; |
| 406 | } | 407 | } |
| 407 | 408 | ||
| 408 | if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) { | 409 | if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) { |
| 409 | *is_prime = 0; | 410 | *is_pseudoprime = 0; |
| 410 | goto done; | 411 | goto done; |
| 411 | } | 412 | } |
| 412 | 413 | ||
| @@ -440,9 +441,9 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds) | |||
| 440 | if (!BN_set_word(base, 2)) | 441 | if (!BN_set_word(base, 2)) |
| 441 | goto err; | 442 | goto err; |
| 442 | 443 | ||
| 443 | if (!bn_fermat(is_prime, n, n_minus_one, k, s, base, ctx, mctx)) | 444 | if (!bn_fermat(is_pseudoprime, n, n_minus_one, k, s, base, ctx, mctx)) |
| 444 | goto err; | 445 | goto err; |
| 445 | if (!*is_prime) | 446 | if (!*is_pseudoprime) |
| 446 | goto done; | 447 | goto done; |
| 447 | 448 | ||
| 448 | /* | 449 | /* |
| @@ -457,9 +458,10 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds) | |||
| 457 | if (!bn_rand_interval(base, three, n_minus_one)) | 458 | if (!bn_rand_interval(base, three, n_minus_one)) |
| 458 | goto err; | 459 | goto err; |
| 459 | 460 | ||
| 460 | if (!bn_fermat(is_prime, n, n_minus_one, k, s, base, ctx, mctx)) | 461 | if (!bn_fermat(is_pseudoprime, n, n_minus_one, k, s, base, ctx, |
| 462 | mctx)) | ||
| 461 | goto err; | 463 | goto err; |
| 462 | if (!*is_prime) | 464 | if (!*is_pseudoprime) |
| 463 | goto done; | 465 | goto done; |
| 464 | } | 466 | } |
| 465 | 467 | ||
| @@ -467,7 +469,7 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds) | |||
| 467 | * If we got here, we have a Miller-Rabin pseudoprime. | 469 | * If we got here, we have a Miller-Rabin pseudoprime. |
| 468 | */ | 470 | */ |
| 469 | 471 | ||
| 470 | *is_prime = 1; | 472 | *is_pseudoprime = 1; |
| 471 | 473 | ||
| 472 | done: | 474 | done: |
| 473 | ret = 1; | 475 | ret = 1; |
| @@ -485,7 +487,8 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds) | |||
| 485 | */ | 487 | */ |
| 486 | 488 | ||
| 487 | int | 489 | int |
| 488 | bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx, size_t rounds) | 490 | bn_is_prime_bpsw(int *is_pseudoprime, const BIGNUM *n, BN_CTX *in_ctx, |
| 491 | size_t rounds) | ||
| 489 | { | 492 | { |
| 490 | BN_CTX *ctx = NULL; | 493 | BN_CTX *ctx = NULL; |
| 491 | BN_ULONG mod; | 494 | BN_ULONG mod; |
| @@ -493,12 +496,12 @@ bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx, size_t rounds) | |||
| 493 | int ret = 0; | 496 | int ret = 0; |
| 494 | 497 | ||
| 495 | if (BN_is_word(n, 2)) { | 498 | if (BN_is_word(n, 2)) { |
| 496 | *is_prime = 1; | 499 | *is_pseudoprime = 1; |
| 497 | goto done; | 500 | goto done; |
| 498 | } | 501 | } |
| 499 | 502 | ||
| 500 | if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) { | 503 | if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) { |
| 501 | *is_prime = 0; | 504 | *is_pseudoprime = 0; |
| 502 | goto done; | 505 | goto done; |
| 503 | } | 506 | } |
| 504 | 507 | ||
| @@ -507,7 +510,7 @@ bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx, size_t rounds) | |||
| 507 | if ((mod = BN_mod_word(n, primes[i])) == (BN_ULONG)-1) | 510 | if ((mod = BN_mod_word(n, primes[i])) == (BN_ULONG)-1) |
| 508 | goto err; | 511 | goto err; |
| 509 | if (mod == 0) { | 512 | if (mod == 0) { |
| 510 | *is_prime = BN_is_word(n, primes[i]); | 513 | *is_pseudoprime = BN_is_word(n, primes[i]); |
| 511 | goto done; | 514 | goto done; |
| 512 | } | 515 | } |
| 513 | } | 516 | } |
| @@ -517,12 +520,12 @@ bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx, size_t rounds) | |||
| 517 | if (ctx == NULL) | 520 | if (ctx == NULL) |
| 518 | goto err; | 521 | goto err; |
| 519 | 522 | ||
| 520 | if (!bn_miller_rabin(is_prime, n, ctx, rounds)) | 523 | if (!bn_miller_rabin(is_pseudoprime, n, ctx, rounds)) |
| 521 | goto err; | 524 | goto err; |
| 522 | if (!*is_prime) | 525 | if (!*is_pseudoprime) |
| 523 | goto done; | 526 | goto done; |
| 524 | 527 | ||
| 525 | if (!bn_strong_lucas_selfridge(is_prime, n, ctx)) | 528 | if (!bn_strong_lucas_selfridge(is_pseudoprime, n, ctx)) |
| 526 | goto err; | 529 | goto err; |
| 527 | 530 | ||
| 528 | done: | 531 | done: |