From 5c425fa6fd1314aa068ecb752d282b4757b31cdc Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 11 Nov 2015 21:19:06 +0000
Subject: [PATCH] Add Miller-Rabin primality tests to NSE. Closes #190

---
 nse_openssl.cc        | 36 ++++++++++++++++++++++++++++++++++++
 nselib/openssl.luadoc | 19 +++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/nse_openssl.cc b/nse_openssl.cc
index 34be20169..a3f5aa34e 100644
--- a/nse_openssl.cc
+++ b/nse_openssl.cc
@@ -3,6 +3,7 @@
  * Original code written by Luiz Henrique de Figueiredo <lhf@tecgraf.puc-rio.br>
  * Adapted for Nmap by Thomas Buchanan <tbuchanan@thecompassgrp.net>
  * bignum and rand_bytes functions added by Sven Klemm <sven@c3d2.de>
+ * Primality tests added by Jacob Gajek <jgajek@gmail.com>
  */
 
 #include <openssl/bn.h>
@@ -157,6 +158,37 @@ static int l_bignum_is_bit_set( lua_State *L ) /** bignum_set_bit( BIGNUM bn, nu
   return 1;
 }
 
+static int l_bignum_is_prime( lua_State *L ) /** bignum_is_prime( BIGNUM p, number nchecks ) */
+{
+  bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
+  int nchecks = luaL_optint( L, 2, BN_prime_checks );
+  BN_CTX * ctx = BN_CTX_new();
+  int is_prime = BN_is_prime_ex( p->bn, nchecks, ctx, NULL );
+  BN_CTX_free( ctx );
+  lua_pushboolean( L, is_prime );
+  return 1;
+}
+
+static int l_bignum_is_safe_prime( lua_State *L ) /** bignum_is_safe_prime( BIGNUM p, number nchecks ) */
+{
+  bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
+  int nchecks = luaL_optint( L, 2, BN_prime_checks );
+  BN_CTX * ctx = BN_CTX_new();
+  int is_prime = BN_is_prime_ex( p->bn, nchecks, ctx, NULL );
+  int is_safe = 0;
+  if (is_prime) {
+    BIGNUM * n = BN_dup( p->bn );
+    BN_sub_word( n, (BN_ULONG)1 );
+    BN_div_word( n, (BN_ULONG)2 );
+    is_safe = BN_is_prime_ex( n, nchecks, ctx, NULL );
+    BN_clear_free( n );
+  }
+  BN_CTX_free( ctx );
+  lua_pushboolean( L, is_safe );
+  lua_pushboolean( L, is_prime );
+  return 2;
+}
+
 static int l_bignum_bn2bin( lua_State *L ) /** bignum_bn2bin( BIGNUM bn ) */
 {
   bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM");
@@ -514,6 +546,8 @@ static const struct luaL_Reg bignum_methods[] = {
   { "set_bit", l_bignum_set_bit },
   { "clear_bit", l_bignum_clear_bit },
   { "is_bit_set", l_bignum_is_bit_set },
+  { "is_prime", l_bignum_is_prime },
+  { "is_safe_prime", l_bignum_is_safe_prime },
   { "__gc", l_bignum_free },
   { NULL, NULL }
 };
@@ -524,6 +558,8 @@ static const struct luaL_Reg openssllib[] = {
   { "bignum_set_bit", l_bignum_set_bit },
   { "bignum_clear_bit", l_bignum_clear_bit },
   { "bignum_is_bit_set", l_bignum_is_bit_set },
+  { "bignum_is_prime", l_bignum_is_prime },
+  { "bignum_is_safe_prime", l_bignum_is_safe_prime },
   { "bignum_bin2bn", l_bignum_bin2bn },
   { "bignum_dec2bn", l_bignum_dec2bn },
   { "bignum_hex2bn", l_bignum_hex2bn },
diff --git a/nselib/openssl.luadoc b/nselib/openssl.luadoc
index 886a523dc..0a32c4a4b 100644
--- a/nselib/openssl.luadoc
+++ b/nselib/openssl.luadoc
@@ -48,6 +48,25 @@ function bignum_clear_bit(bignum, position)
 -- @return True if the selected bit is set, false otherwise.
 function bignum_is_bit_set(bignum, position)
 
+--- Checks whether <code>bignum</code> is probably prime.
+--
+-- Performs Miller-Rabin probablistic primality tests.
+-- @param bignum bignum to check for primality
+-- @param nchecks Number of checks to perform. Default: number of checks dependent on bitsize of bignum, with a false positive rate of at most 2^-80
+-- @return True if the number is probably prime, false if it is composite.
+function bignum_is_prime(bignum, nchecks)
+
+--- Checks whether <code>bignum</code> is a safe prime.
+--
+-- A safe prime is defined as a prime p so that (p-1)/2 is also prime. Using
+-- non-safe primes in discrete logarithm cryptography like Diffie-Hellman can
+-- result in weak, easily broken key exchanges.
+-- @param bignum bignum to check for primality
+-- @param nchecks Number of checks to perform. Default: number of checks dependent on bitsize of bignum, with a false positive rate of at most 2^-80
+-- @return True if the number is a safe prime, false if it is not.
+-- @return True if the number is probably prime, false if it is composite.
+function bignum_is_safe_prime(bignum, nchecks)
+
 --- Converts a binary-encoded string into a bignum.
 -- @param string Binary string.
 -- @return bignum.