/*
  Author:  Pate Williams (c) 1997

  Exercise 9.4
  "Suppose that Alice is using the Okamoto Scheme
  with q = 1201, p = 122503, t = 10, alpha_1 =
  60497 and alpha_2 = 17163.
  (a) Suppose that Alice's secret exponents are
      a_1 = 432 and a_2 = 423. Compute v.
  (b) Suppose that k_1 = 389 and k_2 = 191. Compute
      gamma.
  (c) Suppose that Bob issues the challenge r = 21.
      Compute Alices's response y_1 and y_2.
  (d) Perform Bob's calculations to verify y_1 and
      y_2." -Douglas R. Stinson-
  See "Cryptography: Theory and Practice" by
  Douglas R. Stinson page 304.
*/

#include <stdio.h>
#include "lip.h"

int main(void)
{
  long alpha1 = 60497, alpha2 = 17163;
  long p = 122503, q = 1201, r = 21;
  long a1 = 432, a2 = 423, k1 = 389, k2 = 191;
  verylong za = 0, zb = 0, zc = 0, zd = 0;
  verylong zp = 0, zq = 0, zr = 0, zv = 0;
  verylong za1 = 0, za2 = 0, zk1 = 0, zk2 = 0;
  verylong zy1 = 0, zy2 = 0;
  verylong zalpha1 = 0, zalpha2 = 0, zgamma = 0;

  zintoz(alpha1, &zalpha1);
  zintoz(alpha2, &zalpha2);
  zintoz(p, &zp);
  zintoz(q, &zq);
  zintoz(r, &zr);
  zintoz(a1, &za1);
  zintoz(a2, &za2);
  zintoz(k1, &zk1);
  zintoz(k2, &zk2);
  zsub(zq, za1, &za);
  zsub(zq, za2, &zb);
  zexpmod(zalpha1, za, zp, &zc);
  zexpmod(zalpha2, zb, zp, &zd);
  zmulmod(zc, zd, zp, &zv);
  zexpmod(zalpha1, zk1, zp, &za);
  zexpmod(zalpha2, zk2, zp, &zb);
  zmulmod(za, zb, zp, &zgamma);
  zmulmod(za1, zr, zq, &za);
  zaddmod(zk1, za, zq, &zy1);
  zmulmod(za2, zr, zq, &za);
  zaddmod(zk2, za, zq, &zy2);
  zexpmod(zalpha1, zy1, zp, &za);
  zexpmod(zalpha2, zy2, zp, &zb);
  zexpmod(zv, zr, zp, &zc);
  zmulmod(za, zb, zp, &zd);
  zmulmod(zc, zd, zp, &za);
  printf("alpha_1 = %ld\n", alpha1);
  printf("alpha_2 = %ld\n", alpha2);
  printf("p = %ld\n", p);
  printf("q = %ld\n", q);
  printf("a_1 = %ld\n", a1);
  printf("a_2 = %ld\n", a2);
  printf("k_1 = %ld\n", k1);
  printf("k_2 = %ld\n", k2);
  printf("r = %ld\n", r);
  printf("v = ");
  zwriteln(zv);
  printf("gamma = ");
  zwriteln(zgamma);
  printf("y_1 = ");
  zwriteln(zy1);
  printf("y_2 = ");
  zwriteln(zy2);
  if (zcompare(zgamma, za) == 0)
    printf("y_1 and y_2 verified\n");
  else
    printf("y_1 and y_2 not verified\n");
  zfree(&za);
  zfree(&zb);
  zfree(&zc);
  zfree(&zd);
  zfree(&zp);
  zfree(&zq);
  zfree(&zr);
  zfree(&zv);
  zfree(&za1);
  zfree(&za2);
  zfree(&zk1);
  zfree(&zk2);
  zfree(&zy1);
  zfree(&zy2);
  zfree(&zalpha1);
  zfree(&zalpha2);
  zfree(&zgamma);
  return 0;
}