Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members

rsa.cpp

00001 // rsa.cpp - written and placed in the public domain by Wei Dai 00002 00003 #include "pch.h" 00004 #include "rsa.h" 00005 #include "asn.h" 00006 #include "oids.h" 00007 #include "modarith.h" 00008 #include "nbtheory.h" 00009 #include "sha.h" 00010 #include "algparam.h" 00011 #include "fips140.h" 00012 00013 #ifndef NDEBUG 00014 #include "pssr.h" 00015 #endif 00016 00017 #include "oaep.cpp" 00018 00019 NAMESPACE_BEGIN(CryptoPP) 00020 00021 #ifndef NDEBUG 00022 void RSA_TestInstantiations() 00023 { 00024 RSASS<PKCS1v15, SHA>::Verifier x1(1, 1); 00025 RSASS<PKCS1v15, SHA>::Signer x2(NullRNG(), 1); 00026 RSASS<PKCS1v15, SHA>::Verifier x3(x2); 00027 RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey()); 00028 RSASS<PSS, SHA>::Verifier x5(x3); 00029 #ifndef __MWERKS__ 00030 RSASS<PSSR, SHA>::Signer x6 = x2; 00031 x3 = x2; 00032 x6 = x2; 00033 #endif 00034 RSAES<PKCS1v15>::Encryptor x7(x2); 00035 #ifndef __GNUC__ 00036 RSAES<PKCS1v15>::Encryptor x8(x3); 00037 #endif 00038 RSAES<OAEP<SHA> >::Encryptor x9(x2); 00039 00040 x4 = x2.GetKey(); 00041 } 00042 #endif 00043 00044 template class OAEP<SHA>; 00045 00046 OID RSAFunction::GetAlgorithmID() const 00047 { 00048 return ASN1::rsaEncryption(); 00049 } 00050 00051 void RSAFunction::BERDecodeKey(BufferedTransformation &bt) 00052 { 00053 BERSequenceDecoder seq(bt); 00054 m_n.BERDecode(seq); 00055 m_e.BERDecode(seq); 00056 seq.MessageEnd(); 00057 } 00058 00059 void RSAFunction::DEREncodeKey(BufferedTransformation &bt) const 00060 { 00061 DERSequenceEncoder seq(bt); 00062 m_n.DEREncode(seq); 00063 m_e.DEREncode(seq); 00064 seq.MessageEnd(); 00065 } 00066 00067 Integer RSAFunction::ApplyFunction(const Integer &x) const 00068 { 00069 DoQuickSanityCheck(); 00070 return a_exp_b_mod_c(x, m_e, m_n); 00071 } 00072 00073 bool RSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const 00074 { 00075 bool pass = true; 00076 pass = pass && m_n > Integer::One() && m_n.IsOdd(); 00077 pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n; 00078 return pass; 00079 } 00080 00081 bool RSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const 00082 { 00083 return GetValueHelper(this, name, valueType, pValue).Assignable() 00084 CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) 00085 CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent) 00086 ; 00087 } 00088 00089 void RSAFunction::AssignFrom(const NameValuePairs &source) 00090 { 00091 AssignFromHelper(this, source) 00092 CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) 00093 CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent) 00094 ; 00095 } 00096 00097 // ***************************************************************************** 00098 00099 class RSAPrimeSelector : public PrimeSelector 00100 { 00101 public: 00102 RSAPrimeSelector(const Integer &e) : m_e(e) {} 00103 bool IsAcceptable(const Integer &candidate) const {return RelativelyPrime(m_e, candidate-Integer::One());} 00104 Integer m_e; 00105 }; 00106 00107 void InvertibleRSAFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) 00108 { 00109 int modulusSize = 2048; 00110 alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); 00111 00112 if (modulusSize < 16) 00113 throw InvalidArgument("InvertibleRSAFunction: specified modulus size is too small"); 00114 00115 m_e = alg.GetValueWithDefault("PublicExponent", Integer(17)); 00116 00117 if (m_e < 3 || m_e.IsEven()) 00118 throw InvalidArgument("InvertibleRSAFunction: invalid public exponent"); 00119 00120 RSAPrimeSelector selector(m_e); 00121 const NameValuePairs &primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize) 00122 ("PointerToPrimeSelector", selector.GetSelectorPointer()); 00123 m_p.GenerateRandom(rng, primeParam); 00124 m_q.GenerateRandom(rng, primeParam); 00125 00126 m_d = EuclideanMultiplicativeInverse(m_e, LCM(m_p-1, m_q-1)); 00127 assert(m_d.IsPositive()); 00128 00129 m_dp = m_d % (m_p-1); 00130 m_dq = m_d % (m_q-1); 00131 m_n = m_p * m_q; 00132 m_u = m_q.InverseMod(m_p); 00133 00134 if (FIPS_140_2_ComplianceEnabled()) 00135 { 00136 RSASS<PKCS1v15, SHA>::Signer signer(*this); 00137 RSASS<PKCS1v15, SHA>::Verifier verifier(signer); 00138 SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier); 00139 00140 RSAES<OAEP<SHA> >::Decryptor decryptor(*this); 00141 RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor); 00142 EncryptionPairwiseConsistencyTest_FIPS_140_Only(encryptor, decryptor); 00143 } 00144 } 00145 00146 void InvertibleRSAFunction::Initialize(RandomNumberGenerator &rng, unsigned int keybits, const Integer &e) 00147 { 00148 GenerateRandom(rng, MakeParameters("ModulusSize", (int)keybits)("PublicExponent", e+e.IsEven())); 00149 } 00150 00151 void InvertibleRSAFunction::Initialize(const Integer &n, const Integer &e, const Integer &d) 00152 { 00153 m_n = n; 00154 m_e = e; 00155 m_d = d; 00156 00157 Integer r = --(d*e); 00158 while (r.IsEven()) 00159 r >>= 1; 00160 00161 ModularArithmetic modn(n); 00162 for (Integer i = 2; ; ++i) 00163 { 00164 Integer a = modn.Exponentiate(i, r); 00165 if (a == 1) 00166 continue; 00167 Integer b; 00168 while (a != -1) 00169 { 00170 b = modn.Square(a); 00171 if (b == 1) 00172 { 00173 m_p = GCD(a-1, n); 00174 m_q = n/m_p; 00175 m_dp = m_d % (m_p-1); 00176 m_dq = m_d % (m_q-1); 00177 m_u = m_q.InverseMod(m_p); 00178 return; 00179 } 00180 a = b; 00181 } 00182 } 00183 } 00184 00185 void InvertibleRSAFunction::BERDecodeKey(BufferedTransformation &bt) 00186 { 00187 BERSequenceDecoder privateKey(bt); 00188 word32 version; 00189 BERDecodeUnsigned<word32>(privateKey, version, INTEGER, 0, 0); // check version 00190 m_n.BERDecode(privateKey); 00191 m_e.BERDecode(privateKey); 00192 m_d.BERDecode(privateKey); 00193 m_p.BERDecode(privateKey); 00194 m_q.BERDecode(privateKey); 00195 m_dp.BERDecode(privateKey); 00196 m_dq.BERDecode(privateKey); 00197 m_u.BERDecode(privateKey); 00198 privateKey.MessageEnd(); 00199 } 00200 00201 void InvertibleRSAFunction::DEREncodeKey(BufferedTransformation &bt) const 00202 { 00203 DERSequenceEncoder privateKey(bt); 00204 DEREncodeUnsigned<word32>(privateKey, 0); // version 00205 m_n.DEREncode(privateKey); 00206 m_e.DEREncode(privateKey); 00207 m_d.DEREncode(privateKey); 00208 m_p.DEREncode(privateKey); 00209 m_q.DEREncode(privateKey); 00210 m_dp.DEREncode(privateKey); 00211 m_dq.DEREncode(privateKey); 00212 m_u.DEREncode(privateKey); 00213 privateKey.MessageEnd(); 00214 } 00215 00216 Integer InvertibleRSAFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const 00217 { 00218 DoQuickSanityCheck(); 00219 ModularArithmetic modn(m_n); 00220 Integer r(rng, Integer::One(), m_n - Integer::One()); 00221 Integer re = modn.Exponentiate(r, m_e); 00222 re = modn.Multiply(re, x); // blind 00223 // here we follow the notation of PKCS #1 and let u=q inverse mod p 00224 // but in ModRoot, u=p inverse mod q, so we reverse the order of p and q 00225 Integer y = ModularRoot(re, m_dq, m_dp, m_q, m_p, m_u); 00226 y = modn.Divide(y, r); // unblind 00227 if (modn.Exponentiate(y, m_e) != x) // check 00228 throw Exception(Exception::OTHER_ERROR, "InvertibleRSAFunction: computational error during private key operation"); 00229 return y; 00230 } 00231 00232 bool InvertibleRSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const 00233 { 00234 bool pass = RSAFunction::Validate(rng, level); 00235 pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n; 00236 pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n; 00237 pass = pass && m_d > Integer::One() && m_d.IsOdd() && m_d < m_n; 00238 pass = pass && m_dp > Integer::One() && m_dp.IsOdd() && m_dp < m_p; 00239 pass = pass && m_dq > Integer::One() && m_dq.IsOdd() && m_dq < m_q; 00240 pass = pass && m_u.IsPositive() && m_u < m_p; 00241 if (level >= 1) 00242 { 00243 pass = pass && m_p * m_q == m_n; 00244 pass = pass && m_e*m_d % LCM(m_p-1, m_q-1) == 1; 00245 pass = pass && m_dp == m_d%(m_p-1) && m_dq == m_d%(m_q-1); 00246 pass = pass && m_u * m_q % m_p == 1; 00247 } 00248 if (level >= 2) 00249 pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2); 00250 return pass; 00251 } 00252 00253 bool InvertibleRSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const 00254 { 00255 return GetValueHelper<RSAFunction>(this, name, valueType, pValue).Assignable() 00256 CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) 00257 CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) 00258 CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent) 00259 CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime1PrivateExponent) 00260 CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime2PrivateExponent) 00261 CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) 00262 ; 00263 } 00264 00265 void InvertibleRSAFunction::AssignFrom(const NameValuePairs &source) 00266 { 00267 AssignFromHelper<RSAFunction>(this, source) 00268 CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) 00269 CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) 00270 CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent) 00271 CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime1PrivateExponent) 00272 CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime2PrivateExponent) 00273 CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) 00274 ; 00275 } 00276 00277 NAMESPACE_END

Generated on Fri Aug 13 09:56:54 2004 for Crypto++ by doxygen 1.3.7