ch2_truerandom 1
ch2_truerandom 2 * S.MG, 2017
ch2_truerandom 3 */
ch2_truerandom 4
ch2_truerandom 5 #ifndef SMG_RSA_H
ch2_truerandom 6 #define SMG_RSA_H
ch2_truerandom 7
ch2_truerandom 8 #include "mpi.h"
ch2_truerandom 9 #include "knobs.h"
ch2_truerandom 10
eucrypt_ch4_rpng 11
eucrypt_ch4_rpng 12 * These are constants as per TMSR RSA specification, NOT knobs!
eucrypt_ch4_rpng 13 * TMSR key length is 4096 bits (512 octets); this means 2 primes of 2048 bits (256 octets) each.
eucrypt_ch4_rpng 14 * NB: if you choose here an odd key length in octets you might end up with a smaller actual key, read the code.
eucrypt_ch4_rpng 15 */
eucrypt_ch4_rpng 16 static const int KEY_LENGTH_OCTETS = 512;
eucrypt_ch4_rpng 17
ch2_truerandom 18
ch2_truerandom 19
ch2_truerandom 20
ch2_truerandom 21 * Opens and configures (as per FG requirements) the specified entropy source (e.g. "/dev/ttyUSB0")
ch2_truerandom 22 * @param source_name the name of the file to open (e.g. "/dev/ttyUSB0")
ch2_truerandom 23 * @return the descriptor of the open file when successful; negative value otherwise
ch2_truerandom 24 */
ch2_truerandom 25 int open_entropy_source(char* source_name);
ch2_truerandom 26
ch2_truerandom 27
ch2_truerandom 28
ch2_truerandom 29 * Returns noctets random octets (i.e. 8*noctets bits in total) as obtained from EuCrypt's preferred source.
ch2_truerandom 30 * Preferred source is defined in knobs.h as ENTROPY_SOURCE and should be a TRNG (e.g. Fuckgoats).
ch2_truerandom 31 * @param nboctets the length of desired random sequence, in octets
ch2_truerandom 32 * @param out pointer to allocated memory space for the requested random noctets; NB: this method does NOT allocate space!
ch2_truerandom 33 * @return the actual number of octets that were obtained from the currently configured entropy source (this is equal to noctets on successful read of required noctets)
ch2_truerandom 34 */
ch2_truerandom 35 int get_random_octets(int noctets, unsigned char *out);
ch2_truerandom 36
ch2_truerandom 37
ch2_truerandom 38 * NB: the "from" source is considered to be the handle of an already opened stream;
ch2_truerandom 39 * This method will simply attempt to read from the source as needed!
ch2_truerandom 40 *
ch2_truerandom 41 * @param noctets the length of desired random sequence, in octets
ch2_truerandom 42 * @param out pointer to allocated memory space for the requested random octets;
ch2_truerandom 43 * NB: this method does NOT allocate space!
ch2_truerandom 44 * @param from handle of an already opened entropy source - this method will just READ from it as needed
ch2_truerandom 45 * @return the actual number of octets that were obtained
ch2_truerandom 46 */
ch2_truerandom 47 int get_random_octets_from(int noctets, unsigned char *out, int from);
ch2_truerandom 48
eucrypt_ch3_mille... 49
eucrypt_ch3_mille... 50
eucrypt_ch3_mille... 51
eucrypt_ch3_mille... 52 * This is an implementation of the Miller-Rabin probabilistic primality test:
eucrypt_ch3_mille... 53 * checking the specified number of randomly-chosen candidate witnesses
eucrypt_ch3_mille... 54 * (i.e. with an outer bound of (1/4)^nwitnesses).
eucrypt_ch3_mille... 55 * NB: a 1 result from this test means that the given n is indeed composite (non-prime)
eucrypt_ch3_mille... 56 but a 0 result does not fully guarantee that n is prime!
eucrypt_ch3_mille... 57 If this doesn't make sense to you, read more on probabilistic primality tests.
eucrypt_ch3_mille... 58 * @param n the candidate prime number;
eucrypt_ch3_mille... 59 the function will investigate whether this number is composite or *likely* to be prime.
eucrypt_ch3_mille... 60 How likely? It depends on the number of witnesses checked, see next parameter.
eucrypt_ch3_mille... 61 * @param nwitnesses this is the number of randomly chosen candidate witnesses to the compositeness of n
eucrypt_ch3_mille... 62 that will be checked; the outer bound of the algorithm depends on this.
eucrypt_ch3_mille... 63 * @param entropy_source the source of entropy (ready to read from) that will be used
eucrypt_ch3_mille... 64 to choose candidate witnesses to the compositeness of n.
eucrypt_ch3_mille... 65 * @return 1 if at least one witness to the compositeness of n has been found
eucrypt_ch3_mille... 66 (i.e. n is certainly composite);
eucrypt_ch3_mille... 67 0 if no witness to the compositeness of n was found (i.e. it is likely that n is prime)
eucrypt_ch3_mille... 68 * NB: the probability that n is *not* prime although this function returned 0 is
eucrypt_ch3_mille... 69 less than (1/4)^nwitnesses, but it is NOT zero.
eucrypt_ch3_mille... 70 */
eucrypt_ch3_mille... 71 int is_composite( MPI n, int nwitnesses, int entropy_source);
eucrypt_ch3_mille... 72
eucrypt_ch4_rpng 73
eucrypt_ch4_rpng 74 * Generates a random number that has passed the Miller-Rabin test for primality (see function is_composite above).
eucrypt_ch4_rpng 75 * NB: top 2 bits and bottom bit are ALWAYS 1! (i.e. a mask 110....01 is applied to the random bits)
eucrypt_ch4_rpng 76 * a prime of 8*noctets long will have only (8*noctets-3) bits that are randomly chosen!
eucrypt_ch4_rpng 77 * NB: this method does NOT allocate space for the requested MPI; it is the caller's responsibility to allocate it!
eucrypt_ch4_rpng 78 * The source of randomness is ENTROPY_SOURCE in eucrypt/smg_rsa/include/knobs.h
eucrypt_ch4_rpng 79 * The number of witnesses checked by Miller-Rabin is M_R_ITERATIONS in eucrypt/smg_rsa/include/knobs.h
eucrypt_ch4_rpng 80 * Preconditions:
eucrypt_ch4_rpng 81 * noctets > 0 (at least one octet!)
eucrypt_ch4_rpng 82 * output has known allocated memory for at least nlimbs(noctets)
eucrypt_ch4_rpng 83 * successful access to the entropy source
eucrypt_ch4_rpng 84 * @param noctets the length of the desired prime number, in octets
eucrypt_ch4_rpng 85 * @param output an MPI with sufficient memory allocated for a number that is noctets long
eucrypt_ch4_rpng 86 */
eucrypt_ch4_rpng 87 void gen_random_prime( unsigned int noctets, MPI output);
eucrypt_ch4_rpng 88
ch2_truerandom 89
ch2_truerandom 90 #endif /*SMG_RSA*/
ch2_truerandom 91