ElGamalKeyPairGenerator.cc

/*
 * Copyright 2003 Michael A. Marsh, Cornell University. All rights reserved.
 * This software is released under the modified BSD license.
 * See the file LICENSE in the top-level directory for details.
 */
//
// $Id: ElGamalKeyPairGenerator.cc,v 1.3 2004/05/19 15:56:47 mmarsh Exp $
//
// $Log: ElGamalKeyPairGenerator.cc,v $
// Revision 1.3  2004/05/19 15:56:47  mmarsh
// *** empty log message ***
//
// Revision 1.2  2003/11/04 22:31:47  mmarsh
// *** empty log message ***
//
//

#include "ElGamal.h"
#include "CODEX_Exceptions/BignumExceptions.h"

using namespace CODEX_Ciphers;
using namespace CODEX_Exceptions;
using CODEX_ASN1::BigNumber;
using CODEX_ASN1::SecureBigNumber;

void
ElGamalKeyPairGenerator::operator()( ElGamalPublicKey*& pubKey,
                                     ElGamalPrivateKey*& privKey,
                                     BIGNUM * p,
                                     BIGNUM * g )
{
   bool ownP = false;
   bool ownG = false;

   BIGNUM * p1   = 0;
   BN_CTX * ctx  = 0;
   BIGNUM * q    = 0;
   BIGNUM * temp = 0;
   BIGNUM * x    = 0;
   BIGNUM * y    = 0;

   try
   {
      if ( 0 == p )
      {
         // generate a new modulus -- a safe prime (p=2q+1 where q is prime)
         ownP = true;
         p = BN_new();
         if ( 0 == p )
         {
            throw BignumNullException( __FILE__ , __LINE__ );
         }
         if ( 0 == BN_generate_prime( p, m_numBits, 1, 0, 0, 0, 0 ) )
         {
            throw BignumGeneratePrimeException( __FILE__ , __LINE__ );
         }
      }
      else
      {
         p = BN_dup(p);
         ownP = true;
      }

      p1 = BN_new();
      if ( 0 == p1 )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }
      if ( ! BN_sub(p1,p,BN_value_one()) )
      {
         throw BignumSubException( __FILE__ , __LINE__ );
      }

      q = BN_new();
      if ( 0 == q )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }
      if ( ! BN_rshift1(q,p1) ) // q = (p-1)/2
      {
         throw BignumRshiftException( __FILE__ , __LINE__ );
      }

      ctx = BN_CTX_new();
      if ( 0 == ctx )
      {
         throw BignumContextException( __FILE__ , __LINE__ );
      }

      if ( 0 == g )
      {
         // generate a new generator
         g = BN_new();
         if ( 0 == g )
         {
            throw BignumNullException( __FILE__ , __LINE__ );
         }
         ownG = true;
         bool flag;
         temp = BN_new();
         if ( 0 == temp )
         {
            throw BignumNullException( __FILE__ , __LINE__ );
         }
         do
         {
            flag = false;
            if ( ! BN_rand_range(g,p) )
            {
               throw BignumRandRangeException( __FILE__ , __LINE__ );
            }
            if ( 0 >= BN_cmp( g, BN_value_one() ) )
            {
               flag = true;
            }
            else
            {
               // g is a generator if g^2 and g^q are both different from 1
               if ( ! BN_mod_mul(temp, g, g, p, ctx) )
               {
                  throw BignumModMulException( __FILE__ , __LINE__ );
               }
               if ( 0 == BN_cmp( temp, BN_value_one() ) )
               {
                  flag = true;
               }
               else
               {
                  if ( ! BN_mod_exp(temp, g, q, p, ctx) )
                  {
                     throw BignumModExpException( __FILE__ , __LINE__ );
                  }
                  if ( 0 == BN_cmp( temp, BN_value_one() ) )
                  {
                     flag = true;
                  }
               }
            }
         } while ( flag );
         BN_free( temp );
         temp = 0;

         // The generator we really want is for the subgroup of order q.
         // To get this generator, we simply square the generator we
         // currently have.
         if ( ! BN_mod_sqr( g, g, p, ctx ) )
         {
            throw BignumModMulException( __FILE__ , __LINE__ );
         }
      }
      else
      {
         g = BN_dup(g);
         ownG = true;
      }

      // now choose a private key x
      x = BN_new();
      if ( 0 == x )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }
      do
      {
         // we choose from the range (1,q) because we're working in a subgroup
         if ( ! BN_rand_range(x,q) )
         {
            throw BignumRandRangeException( __FILE__ , __LINE__ );
         }
      } while ( 0 >= BN_cmp( g, BN_value_one() ) );

      // now compute the corresponding public key y=g^x mod p
      y = BN_new();
      if ( 0 == y )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }
      if ( ! BN_mod_exp(y, g, x, p, ctx) )
      {
         throw BignumModExpException( __FILE__ , __LINE__ );
      }

      pubKey = new ElGamalPublicKey( p, g, y );
      privKey = new ElGamalPrivateKey( x );

      BN_CTX_free(ctx);
      BN_free(p1);
      BN_free( q );
   }
   catch ( ... )
   {
      if ( ownP && ( 0 != p ) ) BN_free(p);
      if ( ownG && ( 0 != g ) ) BN_free(g);

      if ( 0 != p1   ) BN_free(p1);
      if ( 0 != q    ) BN_free(q);
      if ( 0 != temp ) BN_free(temp);
      if ( 0 != x    ) BN_clear_free(x);
      if ( 0 != y    ) BN_free(y);
      if ( 0 != ctx  ) BN_CTX_free(ctx);
      throw;
   }
}

---