util.go

     1  // Copyright 2011 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package rand
     6  
     7  import (
     8  	"crypto/internal/fips140only"
     9  	"crypto/internal/randutil"
    10  	"errors"
    11  	"io"
    12  	"math/big"
    13  )
    14  
    15  // Prime returns a number of the given bit length that is prime with high probability.
    16  // Prime will return error for any error returned by rand.Read or if bits < 2.
    17  func Prime(rand io.Reader, bits int) (*big.Int, error) {
    18  	if fips140only.Enabled {
    19  		return nil, errors.New("crypto/rand: use of Prime is not allowed in FIPS 140-only mode")
    20  	}
    21  	if bits < 2 {
    22  		return nil, errors.New("crypto/rand: prime size must be at least 2-bit")
    23  	}
    24  
    25  	randutil.MaybeReadByte(rand)
    26  
    27  	b := uint(bits % 8)
    28  	if b == 0 {
    29  		b = 8
    30  	}
    31  
    32  	bytes := make([]byte, (bits+7)/8)
    33  	p := new(big.Int)
    34  
    35  	for {
    36  		if _, err := io.ReadFull(rand, bytes); err != nil {
    37  			return nil, err
    38  		}
    39  
    40  		// Clear bits in the first byte to make sure the candidate has a size <= bits.
    41  		bytes[0] &= uint8(int(1<<b) - 1)
    42  		// Don't let the value be too small, i.e, set the most significant two bits.
    43  		// Setting the top two bits, rather than just the top bit,
    44  		// means that when two of these values are multiplied together,
    45  		// the result isn't ever one bit short.
    46  		if b >= 2 {
    47  			bytes[0] |= 3 << (b - 2)
    48  		} else {
    49  			// Here b==1, because b cannot be zero.
    50  			bytes[0] |= 1
    51  			if len(bytes) > 1 {
    52  				bytes[1] |= 0x80
    53  			}
    54  		}
    55  		// Make the value odd since an even number this large certainly isn't prime.
    56  		bytes[len(bytes)-1] |= 1
    57  
    58  		p.SetBytes(bytes)
    59  		if p.ProbablyPrime(20) {
    60  			return p, nil
    61  		}
    62  	}
    63  }
    64  
    65  // Int returns a uniform random value in [0, max). It panics if max <= 0, and
    66  // returns an error if rand.Read returns one.
    67  func Int(rand io.Reader, max *big.Int) (n *big.Int, err error) {
    68  	if max.Sign() <= 0 {
    69  		panic("crypto/rand: argument to Int is <= 0")
    70  	}
    71  	n = new(big.Int)
    72  	n.Sub(max, n.SetUint64(1))
    73  	// bitLen is the maximum bit length needed to encode a value < max.
    74  	bitLen := n.BitLen()
    75  	if bitLen == 0 {
    76  		// the only valid result is 0
    77  		return
    78  	}
    79  	// k is the maximum byte length needed to encode a value < max.
    80  	k := (bitLen + 7) / 8
    81  	// b is the number of bits in the most significant byte of max-1.
    82  	b := uint(bitLen % 8)
    83  	if b == 0 {
    84  		b = 8
    85  	}
    86  
    87  	bytes := make([]byte, k)
    88  
    89  	for {
    90  		_, err = io.ReadFull(rand, bytes)
    91  		if err != nil {
    92  			return nil, err
    93  		}
    94  
    95  		// Clear bits in the first byte to increase the probability
    96  		// that the candidate is < max.
    97  		bytes[0] &= uint8(int(1<<b) - 1)
    98  
    99  		n.SetBytes(bytes)
   100  		if n.Cmp(max) < 0 {
   101  			return
   102  		}
   103  	}
   104  }
   105
View as plain text