aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey/rsa/rsa.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-01-10 03:41:59 +0000
committerlloyd <[email protected]>2014-01-10 03:41:59 +0000
commit6894dca64c04936d07048c0e8cbf7e25858548c3 (patch)
tree5d572bfde9fe667dab14e3f04b5285a85d8acd95 /src/lib/pubkey/rsa/rsa.cpp
parent9efa3be92442afb3d0b69890a36c7f122df18eda (diff)
Move lib into src
Diffstat (limited to 'src/lib/pubkey/rsa/rsa.cpp')
-rw-r--r--src/lib/pubkey/rsa/rsa.cpp121
1 files changed, 121 insertions, 0 deletions
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
new file mode 100644
index 000000000..199ce6ad8
--- /dev/null
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -0,0 +1,121 @@
+/*
+* RSA
+* (C) 1999-2010 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/rsa.h>
+#include <botan/parsing.h>
+#include <botan/numthry.h>
+#include <botan/keypair.h>
+#include <future>
+
+namespace Botan {
+
+/*
+* Create a RSA private key
+*/
+RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng,
+ size_t bits, size_t exp)
+ {
+ if(bits < 1024)
+ throw Invalid_Argument(algo_name() + ": Can't make a key that is only " +
+ std::to_string(bits) + " bits long");
+ if(exp < 3 || exp % 2 == 0)
+ throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
+
+ e = exp;
+
+ do
+ {
+ p = random_prime(rng, (bits + 1) / 2, e);
+ q = random_prime(rng, bits - p.bits(), e);
+ n = p * q;
+ } while(n.bits() != bits);
+
+ d = inverse_mod(e, lcm(p - 1, q - 1));
+ d1 = d % (p - 1);
+ d2 = d % (q - 1);
+ c = inverse_mod(q, p);
+
+ gen_check(rng);
+ }
+
+/*
+* Check Private RSA Parameters
+*/
+bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const
+ {
+ if(!IF_Scheme_PrivateKey::check_key(rng, strong))
+ return false;
+
+ if(!strong)
+ return true;
+
+ if((e * d) % lcm(p - 1, q - 1) != 1)
+ return false;
+
+ return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-1)");
+ }
+
+RSA_Private_Operation::RSA_Private_Operation(const RSA_PrivateKey& rsa,
+ RandomNumberGenerator& rng) :
+ n(rsa.get_n()),
+ q(rsa.get_q()),
+ c(rsa.get_c()),
+ powermod_e_n(rsa.get_e(), rsa.get_n()),
+ powermod_d1_p(rsa.get_d1(), rsa.get_p()),
+ powermod_d2_q(rsa.get_d2(), rsa.get_q()),
+ mod_p(rsa.get_p())
+ {
+ BigInt k(rng, n.bits() - 1);
+ blinder = Blinder(powermod_e_n(k), inverse_mod(k, n), n);
+ }
+
+BigInt RSA_Private_Operation::private_op(const BigInt& m) const
+ {
+ if(m >= n)
+ throw Invalid_Argument("RSA private op - input is too large");
+
+ auto future_j1 = std::async(std::launch::async, powermod_d1_p, m);
+ BigInt j2 = powermod_d2_q(m);
+ BigInt j1 = future_j1.get();
+
+ j1 = mod_p.reduce(sub_mul(j1, j2, c));
+
+ return mul_add(j1, q, j2);
+ }
+
+secure_vector<byte>
+RSA_Private_Operation::sign(const byte msg[], size_t msg_len,
+ RandomNumberGenerator& rng)
+ {
+ rng.add_entropy(msg, msg_len);
+
+ /* We don't check signatures against powermod_e_n here because
+ PK_Signer checks verification consistency for all signature
+ algorithms.
+ */
+
+ const BigInt m(msg, msg_len);
+ const BigInt x = blinder.unblind(private_op(blinder.blind(m)));
+ return BigInt::encode_1363(x, n.bytes());
+ }
+
+/*
+* RSA Decryption Operation
+*/
+secure_vector<byte>
+RSA_Private_Operation::decrypt(const byte msg[], size_t msg_len)
+ {
+ const BigInt m(msg, msg_len);
+ const BigInt x = blinder.unblind(private_op(blinder.blind(m)));
+
+ BOTAN_ASSERT(m == powermod_e_n(x),
+ "RSA decrypt passed consistency check");
+
+ return BigInt::encode_locked(x);
+ }
+
+}