00001
00002
00003
#include "pch.h"
00004
#include "rw.h"
00005
#include "nbtheory.h"
00006
#include "asn.h"
00007
00008 NAMESPACE_BEGIN(CryptoPP)
00009
00010 void
EMSA2Pad::ComputeMessageRepresentative(
RandomNumberGenerator &rng,
00011 const byte *recoverableMessage,
unsigned int recoverableMessageLength,
00012
HashTransformation &hash, HashIdentifier hashIdentifier,
bool messageEmpty,
00013 byte *representative,
unsigned int representativeBitLength)
const
00014
{
00015
if (representativeBitLength % 8 != 7)
00016
throw PK_SignatureScheme::InvalidKeyLength(
"EMSA2: EMSA2 requires a key length that is a multiple of 8");
00017
00018
unsigned int digestSize = hash.DigestSize();
00019
if (representativeBitLength < 8*digestSize + 31)
00020
throw PK_SignatureScheme::KeyTooShort();
00021
00022
unsigned int representativeByteLength = BitsToBytes(representativeBitLength);
00023
00024 representative[0] = messageEmpty ? 0x4b : 0x6b;
00025 memset(representative+1, 0xbb, representativeByteLength-digestSize-4);
00026 byte *afterP2 = representative+representativeByteLength-digestSize-3;
00027 afterP2[0] = 0xba;
00028 hash.Final(afterP2+1);
00029 representative[representativeByteLength-2] = *hashIdentifier.first;
00030 representative[representativeByteLength-1] = 0xcc;
00031 }
00032
00033
00034
00035
void RWFunction::BERDecode(
BufferedTransformation &bt)
00036 {
00037
BERSequenceDecoder seq(bt);
00038 m_n.
BERDecode(seq);
00039 seq.
MessageEnd();
00040 }
00041
00042
void RWFunction::DEREncode(
BufferedTransformation &bt)
const
00043
{
00044
DERSequenceEncoder seq(bt);
00045 m_n.
DEREncode(seq);
00046 seq.
MessageEnd();
00047 }
00048
00049
Integer RWFunction::ApplyFunction(
const Integer &in)
const
00050
{
00051 DoQuickSanityCheck();
00052
00053
Integer out = in.
Squared()%m_n;
00054
const word r = 12;
00055
00056
00057
const word r2 = r/2;
00058
const word r3a = (16 + 5 - r) % 16;
00059
const word r3b = (16 + 13 - r) % 16;
00060
const word r4 = (8 + 5 - r/2) % 8;
00061
switch (out % 16)
00062 {
00063
case r:
00064
break;
00065
case r2:
00066
case r2+8:
00067 out <<= 1;
00068
break;
00069
case r3a:
00070
case r3b:
00071 out.
Negate();
00072 out += m_n;
00073
break;
00074
case r4:
00075
case r4+8:
00076 out.
Negate();
00077 out += m_n;
00078 out <<= 1;
00079
break;
00080
default:
00081 out =
Integer::Zero();
00082 }
00083
return out;
00084 }
00085
00086 bool RWFunction::Validate(
RandomNumberGenerator &rng,
unsigned int level)
const
00087
{
00088
bool pass =
true;
00089 pass = pass && m_n >
Integer::One() && m_n%8 == 5;
00090
return pass;
00091 }
00092
00093 bool RWFunction::GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
00094
{
00095
return GetValueHelper(
this, name, valueType, pValue).Assignable()
00096 CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
00097 ;
00098 }
00099
00100 void RWFunction::AssignFrom(
const NameValuePairs &source)
00101 {
00102 AssignFromHelper(
this, source)
00103 CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
00104 ;
00105 }
00106
00107
00108
00109
00110
00111 void InvertibleRWFunction::GenerateRandom(
RandomNumberGenerator &rng,
const NameValuePairs &alg)
00112 {
00113
int modulusSize = 2048;
00114 alg.
GetIntValue(
"ModulusSize", modulusSize) || alg.
GetIntValue(
"KeySize", modulusSize);
00115
00116
if (modulusSize < 16)
00117
throw InvalidArgument(
"InvertibleRWFunction: specified modulus length is too small");
00118
00119
const NameValuePairs &primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize);
00120 m_p.
GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters(
"EquivalentTo", 3)(
"Mod", 8)));
00121 m_q.
GenerateRandom(rng, CombinedNameValuePairs(primeParam, MakeParameters(
"EquivalentTo", 7)(
"Mod", 8)));
00122
00123 m_n = m_p * m_q;
00124 m_u = m_q.
InverseMod(m_p);
00125 }
00126
00127
void InvertibleRWFunction::BERDecode(
BufferedTransformation &bt)
00128 {
00129
BERSequenceDecoder seq(bt);
00130 m_n.
BERDecode(seq);
00131 m_p.
BERDecode(seq);
00132 m_q.
BERDecode(seq);
00133 m_u.
BERDecode(seq);
00134 seq.
MessageEnd();
00135 }
00136
00137
void InvertibleRWFunction::DEREncode(
BufferedTransformation &bt)
const
00138
{
00139
DERSequenceEncoder seq(bt);
00140 m_n.
DEREncode(seq);
00141 m_p.
DEREncode(seq);
00142 m_q.
DEREncode(seq);
00143 m_u.
DEREncode(seq);
00144 seq.
MessageEnd();
00145 }
00146
00147
Integer InvertibleRWFunction::CalculateInverse(
RandomNumberGenerator &rng,
const Integer &in)
const
00148
{
00149
00150
00151 DoQuickSanityCheck();
00152
00153
Integer cp=in%m_p, cq=in%m_q;
00154
00155
if (Jacobi(cp, m_p) * Jacobi(cq, m_q) != 1)
00156 {
00157 cp = cp%2 ? (cp+m_p) >> 1 : cp >> 1;
00158 cq = cq%2 ? (cq+m_q) >> 1 : cq >> 1;
00159 }
00160
00161 cp = ModularSquareRoot(cp, m_p);
00162 cq = ModularSquareRoot(cq, m_q);
00163
00164
Integer out = CRT(cq, m_q, cp, m_p, m_u);
00165
00166
return STDMIN(out, m_n-out);
00167 }
00168
00169 bool InvertibleRWFunction::Validate(
RandomNumberGenerator &rng,
unsigned int level)
const
00170
{
00171
bool pass = RWFunction::Validate(rng, level);
00172 pass = pass && m_p >
Integer::One() && m_p%8 == 3 && m_p < m_n;
00173 pass = pass && m_q >
Integer::One() && m_q%8 == 7 && m_q < m_n;
00174 pass = pass && m_u.
IsPositive() && m_u < m_p;
00175
if (level >= 1)
00176 {
00177 pass = pass && m_p * m_q == m_n;
00178 pass = pass && m_u * m_q % m_p == 1;
00179 }
00180
if (level >= 2)
00181 pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
00182
return pass;
00183 }
00184
00185 bool InvertibleRWFunction::GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
00186
{
00187
return GetValueHelper<RWFunction>(
this, name, valueType, pValue).Assignable()
00188 CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
00189 CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
00190 CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
00191 ;
00192 }
00193
00194 void InvertibleRWFunction::AssignFrom(
const NameValuePairs &source)
00195 {
00196 AssignFromHelper<RWFunction>(
this, source)
00197 CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
00198 CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
00199 CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
00200 ;
00201 }
00202
00203 NAMESPACE_END