Commit 734dbdfa authored by Niels Möller's avatar Niels Möller

* bignum-random-prime.c (_nettle_generate_pocklington_prime): Also

return the used r. Updated caller.

Rev: nettle/bignum-random-prime.c:1.5
Rev: nettle/bignum.h:1.6
parent e9c0dfa1
...@@ -257,18 +257,17 @@ miller_rabin_pocklington(mpz_t n, mpz_t nm1, mpz_t nm1dq, mpz_t a) ...@@ -257,18 +257,17 @@ miller_rabin_pocklington(mpz_t n, mpz_t nm1, mpz_t nm1dq, mpz_t a)
p0 must be of size >= ceil(bits/2) + 1. The extra factor q can be p0 must be of size >= ceil(bits/2) + 1. The extra factor q can be
omitted. */ omitted. */
void void
_nettle_generate_pocklington_prime (mpz_t p, unsigned bits, _nettle_generate_pocklington_prime (mpz_t p, unsigned bits, mpz_t r,
void *ctx, nettle_random_func random, void *ctx, nettle_random_func random,
const mpz_t p0, const mpz_t p0,
const mpz_t q, const mpz_t q,
const mpz_t p0q) const mpz_t p0q)
{ {
mpz_t i, r, pm1,a; mpz_t i, pm1,a;
assert (2*mpz_sizeinbase (p0, 2) > bits + 1); assert (2*mpz_sizeinbase (p0, 2) > bits + 1);
mpz_init (i); mpz_init (i);
mpz_init (r);
mpz_init (pm1); mpz_init (pm1);
mpz_init (a); mpz_init (a);
...@@ -304,13 +303,23 @@ _nettle_generate_pocklington_prime (mpz_t p, unsigned bits, ...@@ -304,13 +303,23 @@ _nettle_generate_pocklington_prime (mpz_t p, unsigned bits,
mpz_set_ui (a, buf[0] + 2); mpz_set_ui (a, buf[0] + 2);
if (q) if (q)
mpz_mul (r, r, q); {
mpz_t e;
if (miller_rabin_pocklington(p, pm1, r, a)) int is_prime;
mpz_init (e);
mpz_mul (e, r, q);
is_prime = miller_rabin_pocklington(p, pm1, e, a);
mpz_clear (e);
if (is_prime)
break;
}
else if (miller_rabin_pocklington(p, pm1, r, a))
break; break;
} }
mpz_clear (i); mpz_clear (i);
mpz_clear (r);
mpz_clear (pm1); mpz_clear (pm1);
mpz_clear (a); mpz_clear (a);
} }
...@@ -362,18 +371,20 @@ nettle_random_prime(mpz_t p, unsigned bits, ...@@ -362,18 +371,20 @@ nettle_random_prime(mpz_t p, unsigned bits,
} }
else else
{ {
mpz_t q; mpz_t q, r;
mpz_init (q); mpz_init (q);
mpz_init (r);
/* Bit size ceil(k/2) + 1, slightly larger than used in Alg. 4.62 /* Bit size ceil(k/2) + 1, slightly larger than used in Alg. 4.62
in Handbook of Applied Cryptography (which seems to be in Handbook of Applied Cryptography (which seems to be
incorrect for odd k). */ incorrect for odd k). */
nettle_random_prime (q, (bits+3)/2, ctx, random); nettle_random_prime (q, (bits+3)/2, ctx, random);
_nettle_generate_pocklington_prime (p, bits, ctx, random, _nettle_generate_pocklington_prime (p, bits, r, ctx, random,
q, NULL, q); q, NULL, q);
mpz_clear (q); mpz_clear (q);
mpz_clear (r);
} }
} }
...@@ -90,7 +90,7 @@ nettle_random_prime(mpz_t p, unsigned bits, ...@@ -90,7 +90,7 @@ nettle_random_prime(mpz_t p, unsigned bits,
void *ctx, nettle_random_func random); void *ctx, nettle_random_func random);
void void
_nettle_generate_pocklington_prime (mpz_t p, unsigned bits, _nettle_generate_pocklington_prime (mpz_t p, unsigned bits, mpz_t r,
void *ctx, nettle_random_func random, void *ctx, nettle_random_func random,
const mpz_t p0, const mpz_t p0,
const mpz_t q, const mpz_t q,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment