aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey/rsa
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-01-10 03:41:59 +0000
committerlloyd <[email protected]>2014-01-10 03:41:59 +0000
commit6894dca64c04936d07048c0e8cbf7e25858548c3 (patch)
tree5d572bfde9fe667dab14e3f04b5285a85d8acd95 /src/lib/pubkey/rsa
parent9efa3be92442afb3d0b69890a36c7f122df18eda (diff)
Move lib into src
Diffstat (limited to 'src/lib/pubkey/rsa')
-rw-r--r--src/lib/pubkey/rsa/info.txt8
-rw-r--r--src/lib/pubkey/rsa/rsa.cpp121
-rw-r--r--src/lib/pubkey/rsa/rsa.h155
3 files changed, 284 insertions, 0 deletions
diff --git a/src/lib/pubkey/rsa/info.txt b/src/lib/pubkey/rsa/info.txt
new file mode 100644
index 000000000..6171642bc
--- /dev/null
+++ b/src/lib/pubkey/rsa/info.txt
@@ -0,0 +1,8 @@
+define RSA 20131128
+
+<requires>
+if_algo
+keypair
+libstate
+numbertheory
+</requires>
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
new file mode 100644
index 000000000..199ce6ad8
--- /dev/null
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -0,0 +1,121 @@
+/*
+* RSA
+* (C) 1999-2010 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/rsa.h>
+#include <botan/parsing.h>
+#include <botan/numthry.h>
+#include <botan/keypair.h>
+#include <future>
+
+namespace Botan {
+
+/*
+* Create a RSA private key
+*/
+RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng,
+ size_t bits, size_t exp)
+ {
+ if(bits < 1024)
+ throw Invalid_Argument(algo_name() + ": Can't make a key that is only " +
+ std::to_string(bits) + " bits long");
+ if(exp < 3 || exp % 2 == 0)
+ throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
+
+ e = exp;
+
+ do
+ {
+ p = random_prime(rng, (bits + 1) / 2, e);
+ q = random_prime(rng, bits - p.bits(), e);
+ n = p * q;
+ } while(n.bits() != bits);
+
+ d = inverse_mod(e, lcm(p - 1, q - 1));
+ d1 = d % (p - 1);
+ d2 = d % (q - 1);
+ c = inverse_mod(q, p);
+
+ gen_check(rng);
+ }
+
+/*
+* Check Private RSA Parameters
+*/
+bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const
+ {
+ if(!IF_Scheme_PrivateKey::check_key(rng, strong))
+ return false;
+
+ if(!strong)
+ return true;
+
+ if((e * d) % lcm(p - 1, q - 1) != 1)
+ return false;
+
+ return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-1)");
+ }
+
+RSA_Private_Operation::RSA_Private_Operation(const RSA_PrivateKey& rsa,
+ RandomNumberGenerator& rng) :
+ n(rsa.get_n()),
+ q(rsa.get_q()),
+ c(rsa.get_c()),
+ powermod_e_n(rsa.get_e(), rsa.get_n()),
+ powermod_d1_p(rsa.get_d1(), rsa.get_p()),
+ powermod_d2_q(rsa.get_d2(), rsa.get_q()),
+ mod_p(rsa.get_p())
+ {
+ BigInt k(rng, n.bits() - 1);
+ blinder = Blinder(powermod_e_n(k), inverse_mod(k, n), n);
+ }
+
+BigInt RSA_Private_Operation::private_op(const BigInt& m) const
+ {
+ if(m >= n)
+ throw Invalid_Argument("RSA private op - input is too large");
+
+ auto future_j1 = std::async(std::launch::async, powermod_d1_p, m);
+ BigInt j2 = powermod_d2_q(m);
+ BigInt j1 = future_j1.get();
+
+ j1 = mod_p.reduce(sub_mul(j1, j2, c));
+
+ return mul_add(j1, q, j2);
+ }
+
+secure_vector<byte>
+RSA_Private_Operation::sign(const byte msg[], size_t msg_len,
+ RandomNumberGenerator& rng)
+ {
+ rng.add_entropy(msg, msg_len);
+
+ /* We don't check signatures against powermod_e_n here because
+ PK_Signer checks verification consistency for all signature
+ algorithms.
+ */
+
+ const BigInt m(msg, msg_len);
+ const BigInt x = blinder.unblind(private_op(blinder.blind(m)));
+ return BigInt::encode_1363(x, n.bytes());
+ }
+
+/*
+* RSA Decryption Operation
+*/
+secure_vector<byte>
+RSA_Private_Operation::decrypt(const byte msg[], size_t msg_len)
+ {
+ const BigInt m(msg, msg_len);
+ const BigInt x = blinder.unblind(private_op(blinder.blind(m)));
+
+ BOTAN_ASSERT(m == powermod_e_n(x),
+ "RSA decrypt passed consistency check");
+
+ return BigInt::encode_locked(x);
+ }
+
+}
diff --git a/src/lib/pubkey/rsa/rsa.h b/src/lib/pubkey/rsa/rsa.h
new file mode 100644
index 000000000..4d9189d20
--- /dev/null
+++ b/src/lib/pubkey/rsa/rsa.h
@@ -0,0 +1,155 @@
+/*
+* RSA
+* (C) 1999-2008 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_RSA_H__
+#define BOTAN_RSA_H__
+
+#include <botan/if_algo.h>
+#include <botan/pk_ops.h>
+#include <botan/reducer.h>
+#include <botan/blinding.h>
+
+namespace Botan {
+
+/**
+* RSA Public Key
+*/
+class BOTAN_DLL RSA_PublicKey : public virtual IF_Scheme_PublicKey
+ {
+ public:
+ std::string algo_name() const { return "RSA"; }
+
+ RSA_PublicKey(const AlgorithmIdentifier& alg_id,
+ const secure_vector<byte>& key_bits) :
+ IF_Scheme_PublicKey(alg_id, key_bits)
+ {}
+
+ /**
+ * Create a RSA_PublicKey
+ * @arg n the modulus
+ * @arg e the exponent
+ */
+ RSA_PublicKey(const BigInt& n, const BigInt& e) :
+ IF_Scheme_PublicKey(n, e)
+ {}
+
+ protected:
+ RSA_PublicKey() {}
+ };
+
+/**
+* RSA Private Key
+*/
+class BOTAN_DLL RSA_PrivateKey : public RSA_PublicKey,
+ public IF_Scheme_PrivateKey
+ {
+ public:
+ bool check_key(RandomNumberGenerator& rng, bool) const;
+
+ RSA_PrivateKey(const AlgorithmIdentifier& alg_id,
+ const secure_vector<byte>& key_bits,
+ RandomNumberGenerator& rng) :
+ IF_Scheme_PrivateKey(rng, alg_id, key_bits) {}
+
+ /**
+ * Construct a private key from the specified parameters.
+ * @param rng a random number generator
+ * @param p the first prime
+ * @param q the second prime
+ * @param e the exponent
+ * @param d if specified, this has to be d with
+ * exp * d = 1 mod (p - 1, q - 1). Leave it as 0 if you wish to
+ * the constructor to calculate it.
+ * @param n if specified, this must be n = p * q. Leave it as 0
+ * if you wish to the constructor to calculate it.
+ */
+ RSA_PrivateKey(RandomNumberGenerator& rng,
+ const BigInt& p, const BigInt& q,
+ const BigInt& e, const BigInt& d = 0,
+ const BigInt& n = 0) :
+ IF_Scheme_PrivateKey(rng, p, q, e, d, n) {}
+
+ /**
+ * Create a new private key with the specified bit length
+ * @param rng the random number generator to use
+ * @param bits the desired bit length of the private key
+ * @param exp the public exponent to be used
+ */
+ RSA_PrivateKey(RandomNumberGenerator& rng,
+ size_t bits, size_t exp = 65537);
+ };
+
+/**
+* RSA private (decrypt/sign) operation
+*/
+class BOTAN_DLL RSA_Private_Operation : public PK_Ops::Signature,
+ public PK_Ops::Decryption
+ {
+ public:
+ RSA_Private_Operation(const RSA_PrivateKey& rsa,
+ RandomNumberGenerator& rng);
+
+ size_t max_input_bits() const { return (n.bits() - 1); }
+
+ secure_vector<byte> sign(const byte msg[], size_t msg_len,
+ RandomNumberGenerator& rng);
+
+ secure_vector<byte> decrypt(const byte msg[], size_t msg_len);
+
+ private:
+ BigInt private_op(const BigInt& m) const;
+
+ const BigInt& n;
+ const BigInt& q;
+ const BigInt& c;
+ Fixed_Exponent_Power_Mod powermod_e_n, powermod_d1_p, powermod_d2_q;
+ Modular_Reducer mod_p;
+ Blinder blinder;
+ };
+
+/**
+* RSA public (encrypt/verify) operation
+*/
+class BOTAN_DLL RSA_Public_Operation : public PK_Ops::Verification,
+ public PK_Ops::Encryption
+ {
+ public:
+ RSA_Public_Operation(const RSA_PublicKey& rsa) :
+ n(rsa.get_n()), powermod_e_n(rsa.get_e(), rsa.get_n())
+ {}
+
+ size_t max_input_bits() const { return (n.bits() - 1); }
+ bool with_recovery() const { return true; }
+
+ secure_vector<byte> encrypt(const byte msg[], size_t msg_len,
+ RandomNumberGenerator&)
+ {
+ BigInt m(msg, msg_len);
+ return BigInt::encode_1363(public_op(m), n.bytes());
+ }
+
+ secure_vector<byte> verify_mr(const byte msg[], size_t msg_len)
+ {
+ BigInt m(msg, msg_len);
+ return BigInt::encode_locked(public_op(m));
+ }
+
+ private:
+ BigInt public_op(const BigInt& m) const
+ {
+ if(m >= n)
+ throw Invalid_Argument("RSA public op - input is too large");
+ return powermod_e_n(m);
+ }
+
+ const BigInt& n;
+ Fixed_Exponent_Power_Mod powermod_e_n;
+ };
+
+}
+
+#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-14 18:30:02 +0000