Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members

rsa.cpp

00001 // rsa.cpp - written and placed in the public domain by Wei Dai
00002 
00003 #include "pch.h"
00004 #include "rsa.h"
00005 #include "asn.h"
00006 #include "oids.h"
00007 #include "modarith.h"
00008 #include "nbtheory.h"
00009 #include "sha.h"
00010 #include "algparam.h"
00011 #include "fips140.h"
00012 
00013 #ifndef NDEBUG
00014 #include "pssr.h"
00015 #endif
00016 
00017 #include "oaep.cpp"
00018 
00019 NAMESPACE_BEGIN(CryptoPP)
00020 
00021 #ifndef NDEBUG
00022 void RSA_TestInstantiations()
00023 {
00024         RSASS<PKCS1v15, SHA>::Verifier x1(1, 1);
00025         RSASS<PKCS1v15, SHA>::Signer x2(NullRNG(), 1);
00026         RSASS<PKCS1v15, SHA>::Verifier x3(x2);
00027         RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey());
00028         RSASS<PSS, SHA>::Verifier x5(x3);
00029 #ifndef __MWERKS__
00030         RSASS<PSSR, SHA>::Signer x6 = x2;
00031         x3 = x2;
00032         x6 = x2;
00033 #endif
00034         RSAES<PKCS1v15>::Encryptor x7(x2);
00035 #ifndef __GNUC__
00036         RSAES<PKCS1v15>::Encryptor x8(x3);
00037 #endif
00038         RSAES<OAEP<SHA> >::Encryptor x9(x2);
00039 
00040         x4 = x2.GetKey();
00041 }
00042 #endif
00043 
00044 template class OAEP<SHA>;
00045 
00046 OID RSAFunction::GetAlgorithmID() const
00047 {
00048         return ASN1::rsaEncryption();
00049 }
00050 
00051 void RSAFunction::BERDecodeKey(BufferedTransformation &bt)
00052 {
00053         BERSequenceDecoder seq(bt);
00054                 m_n.BERDecode(seq);
00055                 m_e.BERDecode(seq);
00056         seq.MessageEnd();
00057 }
00058 
00059 void RSAFunction::DEREncodeKey(BufferedTransformation &bt) const
00060 {
00061         DERSequenceEncoder seq(bt);
00062                 m_n.DEREncode(seq);
00063                 m_e.DEREncode(seq);
00064         seq.MessageEnd();
00065 }
00066 
00067 Integer RSAFunction::ApplyFunction(const Integer &x) const
00068 {
00069         DoQuickSanityCheck();
00070         return a_exp_b_mod_c(x, m_e, m_n);
00071 }
00072 
00073 bool RSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
00074 {
00075         bool pass = true;
00076         pass = pass && m_n > Integer::One() && m_n.IsOdd();
00077         pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n;
00078         return pass;
00079 }
00080 
00081 bool RSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
00082 {
00083         return GetValueHelper(this, name, valueType, pValue).Assignable()
00084                 CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
00085                 CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent)
00086                 ;
00087 }
00088 
00089 void RSAFunction::AssignFrom(const NameValuePairs &source)
00090 {
00091         AssignFromHelper(this, source)
00092                 CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
00093                 CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent)
00094                 ;
00095 }
00096 
00097 // *****************************************************************************
00098 
00099 class RSAPrimeSelector : public PrimeSelector
00100 {
00101 public:
00102         RSAPrimeSelector(const Integer &e) : m_e(e) {}
00103         bool IsAcceptable(const Integer &candidate) const {return RelativelyPrime(m_e, candidate-Integer::One());}
00104         Integer m_e;
00105 };
00106 
00107 void InvertibleRSAFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
00108 {
00109         int modulusSize = 2048;
00110         alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
00111 
00112         if (modulusSize < 16)
00113                 throw InvalidArgument("InvertibleRSAFunction: specified modulus size is too small");
00114 
00115         m_e = alg.GetValueWithDefault("PublicExponent", Integer(17));
00116 
00117         if (m_e < 3 || m_e.IsEven())
00118                 throw InvalidArgument("InvertibleRSAFunction: invalid public exponent");
00119 
00120         RSAPrimeSelector selector(m_e);
00121         const NameValuePairs &primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize)
00122                 ("PointerToPrimeSelector", selector.GetSelectorPointer());
00123         m_p.GenerateRandom(rng, primeParam);
00124         m_q.GenerateRandom(rng, primeParam);
00125 
00126         m_d = EuclideanMultiplicativeInverse(m_e, LCM(m_p-1, m_q-1));
00127         assert(m_d.IsPositive());
00128 
00129         m_dp = m_d % (m_p-1);
00130         m_dq = m_d % (m_q-1);
00131         m_n = m_p * m_q;
00132         m_u = m_q.InverseMod(m_p);
00133 
00134         if (FIPS_140_2_ComplianceEnabled())
00135         {
00136                 RSASS<PKCS1v15, SHA>::Signer signer(*this);
00137                 RSASS<PKCS1v15, SHA>::Verifier verifier(signer);
00138                 SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
00139 
00140                 RSAES<OAEP<SHA> >::Decryptor decryptor(*this);
00141                 RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor);
00142                 EncryptionPairwiseConsistencyTest_FIPS_140_Only(encryptor, decryptor);
00143         }
00144 }
00145 
00146 void InvertibleRSAFunction::Initialize(RandomNumberGenerator &rng, unsigned int keybits, const Integer &e)
00147 {
00148         GenerateRandom(rng, MakeParameters("ModulusSize", (int)keybits)("PublicExponent", e+e.IsEven()));
00149 }
00150 
00151 void InvertibleRSAFunction::Initialize(const Integer &n, const Integer &e, const Integer &d)
00152 {
00153         m_n = n;
00154         m_e = e;
00155         m_d = d;
00156 
00157         Integer r = --(d*e);
00158         while (r.IsEven())
00159                 r >>= 1;
00160 
00161         ModularArithmetic modn(n);
00162         for (Integer i = 2; ; ++i)
00163         {
00164                 Integer a = modn.Exponentiate(i, r);
00165                 if (a == 1)
00166                         continue;
00167                 Integer b;
00168                 while (a != -1)
00169                 {
00170                         b = modn.Square(a);
00171                         if (b == 1)
00172                         {
00173                                 m_p = GCD(a-1, n);
00174                                 m_q = n/m_p;
00175                                 m_dp = m_d % (m_p-1);
00176                                 m_dq = m_d % (m_q-1);
00177                                 m_u = m_q.InverseMod(m_p);
00178                                 return;
00179                         }
00180                         a = b;
00181                 }
00182         }
00183 }
00184 
00185 void InvertibleRSAFunction::BERDecodeKey(BufferedTransformation &bt)
00186 {
00187         BERSequenceDecoder privateKey(bt);
00188                 word32 version;
00189                 BERDecodeUnsigned<word32>(privateKey, version, INTEGER, 0, 0);  // check version
00190                 m_n.BERDecode(privateKey);
00191                 m_e.BERDecode(privateKey);
00192                 m_d.BERDecode(privateKey);
00193                 m_p.BERDecode(privateKey);
00194                 m_q.BERDecode(privateKey);
00195                 m_dp.BERDecode(privateKey);
00196                 m_dq.BERDecode(privateKey);
00197                 m_u.BERDecode(privateKey);
00198         privateKey.MessageEnd();
00199 }
00200 
00201 void InvertibleRSAFunction::DEREncodeKey(BufferedTransformation &bt) const
00202 {
00203         DERSequenceEncoder privateKey(bt);
00204                 DEREncodeUnsigned<word32>(privateKey, 0);       // version
00205                 m_n.DEREncode(privateKey);
00206                 m_e.DEREncode(privateKey);
00207                 m_d.DEREncode(privateKey);
00208                 m_p.DEREncode(privateKey);
00209                 m_q.DEREncode(privateKey);
00210                 m_dp.DEREncode(privateKey);
00211                 m_dq.DEREncode(privateKey);
00212                 m_u.DEREncode(privateKey);
00213         privateKey.MessageEnd();
00214 }
00215 
00216 Integer InvertibleRSAFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const 
00217 {
00218         DoQuickSanityCheck();
00219         ModularArithmetic modn(m_n);
00220         Integer r(rng, Integer::One(), m_n - Integer::One());
00221         Integer re = modn.Exponentiate(r, m_e);
00222         re = modn.Multiply(re, x);                      // blind
00223         // here we follow the notation of PKCS #1 and let u=q inverse mod p
00224         // but in ModRoot, u=p inverse mod q, so we reverse the order of p and q
00225         Integer y = ModularRoot(re, m_dq, m_dp, m_q, m_p, m_u);
00226         y = modn.Divide(y, r);                          // unblind
00227         if (modn.Exponentiate(y, m_e) != x)             // check
00228                 throw Exception(Exception::OTHER_ERROR, "InvertibleRSAFunction: computational error during private key operation");
00229         return y;
00230 }
00231 
00232 bool InvertibleRSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
00233 {
00234         bool pass = RSAFunction::Validate(rng, level);
00235         pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n;
00236         pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n;
00237         pass = pass && m_d > Integer::One() && m_d.IsOdd() && m_d < m_n;
00238         pass = pass && m_dp > Integer::One() && m_dp.IsOdd() && m_dp < m_p;
00239         pass = pass && m_dq > Integer::One() && m_dq.IsOdd() && m_dq < m_q;
00240         pass = pass && m_u.IsPositive() && m_u < m_p;
00241         if (level >= 1)
00242         {
00243                 pass = pass && m_p * m_q == m_n;
00244                 pass = pass && m_e*m_d % LCM(m_p-1, m_q-1) == 1;
00245                 pass = pass && m_dp == m_d%(m_p-1) && m_dq == m_d%(m_q-1);
00246                 pass = pass && m_u * m_q % m_p == 1;
00247         }
00248         if (level >= 2)
00249                 pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
00250         return pass;
00251 }
00252 
00253 bool InvertibleRSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
00254 {
00255         return GetValueHelper<RSAFunction>(this, name, valueType, pValue).Assignable()
00256                 CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
00257                 CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
00258                 CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent)
00259                 CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime1PrivateExponent)
00260                 CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime2PrivateExponent)
00261                 CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
00262                 ;
00263 }
00264 
00265 void InvertibleRSAFunction::AssignFrom(const NameValuePairs &source)
00266 {
00267         AssignFromHelper<RSAFunction>(this, source)
00268                 CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
00269                 CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
00270                 CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent)
00271                 CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime1PrivateExponent)
00272                 CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime2PrivateExponent)
00273                 CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
00274                 ;
00275 }
00276 
00277 NAMESPACE_END

Generated on Sun Mar 14 20:44:28 2004 for Crypto++ by doxygen 1.3.6-20040222