ref: e4adfd002653e5abe6e66a9c5b63374cb19b3696
dir: /libsec/dh.c/
#include "os.h" #include <mp.h> #include <libsec.h> mpint* dh_new(DHstate *dh, mpint *p, mpint *q, mpint *g) { mpint *pm1; int n; memset(dh, 0, sizeof(*dh)); if(mpcmp(g, mpone) <= 0) return nil; n = mpsignif(p); pm1 = mpnew(n); mpsub(p, mpone, pm1); dh->p = mpcopy(p); dh->g = mpcopy(g); dh->q = mpcopy(q != nil ? q : pm1); dh->x = mpnew(mpsignif(dh->q)); dh->y = mpnew(n); for(;;){ mpnrand(dh->q, genrandom, dh->x); mpexp(dh->g, dh->x, dh->p, dh->y); if(mpcmp(dh->y, mpone) > 0 && mpcmp(dh->y, pm1) < 0) break; } mpfree(pm1); return dh->y; } mpint* dh_finish(DHstate *dh, mpint *y) { mpint *k = nil; if(y == nil || dh->x == nil || dh->p == nil || dh->q == nil) goto Out; /* y > 1 */ if(mpcmp(y, mpone) <= 0) goto Out; k = mpnew(mpsignif(dh->p)); /* y < p-1 */ mpsub(dh->p, mpone, k); if(mpcmp(y, k) >= 0){ Bad: mpfree(k); k = nil; goto Out; } /* y**q % p == 1 if q < p-1 */ if(mpcmp(dh->q, k) < 0){ mpexp(y, dh->q, dh->p, k); if(mpcmp(k, mpone) != 0) goto Bad; } mpexp(y, dh->x, dh->p, k); Out: mpfree(dh->p); mpfree(dh->q); mpfree(dh->g); mpfree(dh->x); mpfree(dh->y); memset(dh, 0, sizeof(*dh)); return k; }