cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 19:20:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Generalize dh_flag in mbedtls_mpi_gen_prime

Browse Source 
Setting the dh_flag to 1 used to indicate that the caller requests safe
primes from mbedtls_mpi_gen_prime. We generalize the functionality to
make room for more flags in that parameter.
This commit is contained in:
Janos Follath 2018-08-14 11:08:41 +01:00
parent 53546ea099
commit 7c025a9f50
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
include/mbedtls/bignum.h
View File

@ -740,13 +740,23 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ); void *p_rng );
/**
* \brief Flags for mbedtls_mpi_gen_prime()
*
* Each of these flags is a constraint on the result X returned by
* mbedtls_mpi_gen_prime().
*/
typedef enum {
MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
} mbedtls_mpi_gen_prime_flag_t;
/** /**
* \brief Prime number generation * \brief Prime number generation
* *
* \param X Destination MPI * \param X Destination MPI
* \param nbits Required size of X in bits * \param nbits Required size of X in bits
* ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS ) * ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
* \param dh_flag If 1, then (X-1)/2 will be prime too * \param flags Mask of flags of type #mbedtls_mpi_gen_prime_flag_t
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
@ -754,7 +764,7 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
* MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3 * MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
*/ */
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ); void *p_rng );

6
library/bignum.c
View File

@ -2192,11 +2192,11 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
/* /*
* Prime number generation * Prime number generation
* *
* If dh_flag is 0 and nbits is at least 1024, then the procedure * If flags is 0 and nbits is at least 1024, then the procedure
* follows the RSA probably-prime generation method of FIPS 186-4. * follows the RSA probably-prime generation method of FIPS 186-4.
* NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536. * NB. FIPS 186-4 only allows the specific bit lengths of 1024 and 1536.
*/ */
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag, int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng )
{ {
@ -2229,7 +2229,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) ); if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) );
X->p[0] |= 1; X->p[0] |= 1;
if( dh_flag == 0 ) if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 )
{ {
ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ); ret = mbedtls_mpi_is_prime( X, f_rng, p_rng );

2
tests/suites/test_suite_mpi.data
View File

@ -706,7 +706,7 @@ mbedtls_mpi_gen_prime:128:0:0
Test mbedtls_mpi_gen_prime (Safe) Test mbedtls_mpi_gen_prime (Safe)
depends_on:MBEDTLS_GENPRIME depends_on:MBEDTLS_GENPRIME
mbedtls_mpi_gen_prime:128:1:0 mbedtls_mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH:0
Test bit getting (Value bit 25) Test bit getting (Value bit 25)
mbedtls_mpi_get_bit:10:"49979687":25:1 mbedtls_mpi_get_bit:10:"49979687":25:1