diff options
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r-- | src/lib/pubkey/nr/info.txt | 8 | ||||
-rw-r--r-- | src/lib/pubkey/nr/nr.cpp | 192 | ||||
-rw-r--r-- | src/lib/pubkey/nr/nr.h | 57 | ||||
-rw-r--r-- | src/lib/pubkey/pk_algs.cpp | 28 | ||||
-rw-r--r-- | src/lib/pubkey/rw/info.txt | 7 | ||||
-rw-r--r-- | src/lib/pubkey/rw/rw.cpp | 182 | ||||
-rw-r--r-- | src/lib/pubkey/rw/rw.h | 61 |
7 files changed, 0 insertions, 535 deletions
diff --git a/src/lib/pubkey/nr/info.txt b/src/lib/pubkey/nr/info.txt deleted file mode 100644 index 78ca6ef29..000000000 --- a/src/lib/pubkey/nr/info.txt +++ /dev/null @@ -1,8 +0,0 @@ -define NYBERG_RUEPPEL 20131128 - -<requires> -dl_algo -dl_group -keypair -numbertheory -</requires> diff --git a/src/lib/pubkey/nr/nr.cpp b/src/lib/pubkey/nr/nr.cpp deleted file mode 100644 index 5e2cb1be5..000000000 --- a/src/lib/pubkey/nr/nr.cpp +++ /dev/null @@ -1,192 +0,0 @@ -/* -* Nyberg-Rueppel -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/pk_utils.h> -#include <botan/nr.h> -#include <botan/keypair.h> -#include <botan/reducer.h> -#include <future> - -namespace Botan { - -NR_PublicKey::NR_PublicKey(const AlgorithmIdentifier& alg_id, - const secure_vector<byte>& key_bits) : - DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_57) - { - } - -/* -* NR_PublicKey Constructor -*/ -NR_PublicKey::NR_PublicKey(const DL_Group& grp, const BigInt& y1) - { - m_group = grp; - m_y = y1; - } - -/* -* Create a NR private key -*/ -NR_PrivateKey::NR_PrivateKey(RandomNumberGenerator& rng, - const DL_Group& grp, - const BigInt& x_arg) - { - m_group = grp; - m_x = x_arg; - - if(m_x == 0) - m_x = BigInt::random_integer(rng, 2, group_q() - 1); - - m_y = power_mod(group_g(), m_x, group_p()); - - if(x_arg == 0) - gen_check(rng); - else - load_check(rng); - } - -NR_PrivateKey::NR_PrivateKey(const AlgorithmIdentifier& alg_id, - const secure_vector<byte>& key_bits, - RandomNumberGenerator& rng) : - DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) - { - m_y = power_mod(group_g(), m_x, group_p()); - - load_check(rng); - } - -/* -* Check Private Nyberg-Rueppel Parameters -*/ -bool NR_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const - { - if(!DL_Scheme_PrivateKey::check_key(rng, strong) || m_x >= group_q()) - return false; - - if(!strong) - return true; - - return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)"); - } - -namespace { - -/** -* Nyberg-Rueppel signature operation -*/ -class NR_Signature_Operation : public PK_Ops::Signature_with_EMSA - { - public: - typedef NR_PrivateKey Key_Type; - NR_Signature_Operation(const NR_PrivateKey& nr, const std::string& emsa) : - PK_Ops::Signature_with_EMSA(emsa), - m_q(nr.group_q()), - m_x(nr.get_x()), - m_powermod_g_p(nr.group_g(), nr.group_p()), - m_mod_q(nr.group_q()) - { - } - - size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return m_q.bytes(); } - size_t max_input_bits() const override { return (m_q.bits() - 1); } - - secure_vector<byte> raw_sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng) override; - private: - const BigInt& m_q; - const BigInt& m_x; - Fixed_Base_Power_Mod m_powermod_g_p; - Modular_Reducer m_mod_q; - }; - -secure_vector<byte> -NR_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng) - { - rng.add_entropy(msg, msg_len); - - BigInt f(msg, msg_len); - - if(f >= m_q) - throw Invalid_Argument("NR_Signature_Operation: Input is out of range"); - - BigInt c, d; - - while(c == 0) - { - BigInt k; - do - k.randomize(rng, m_q.bits()); - while(k >= m_q); - - c = m_mod_q.reduce(m_powermod_g_p(k) + f); - d = m_mod_q.reduce(k - m_x * c); - } - - secure_vector<byte> output(2*m_q.bytes()); - c.binary_encode(&output[output.size() / 2 - c.bytes()]); - d.binary_encode(&output[output.size() - d.bytes()]); - return output; - } - - -/** -* Nyberg-Rueppel verification operation -*/ -class NR_Verification_Operation : public PK_Ops::Verification_with_EMSA - { - public: - typedef NR_PublicKey Key_Type; - NR_Verification_Operation(const NR_PublicKey& nr, const std::string& emsa) : - PK_Ops::Verification_with_EMSA(emsa), - m_q(nr.group_q()), m_y(nr.get_y()), m_powermod_g_p{Fixed_Base_Power_Mod(nr.group_g(), nr.group_p())}, - m_powermod_y_p{Fixed_Base_Power_Mod(m_y, nr.group_p())}, m_mod_p{Modular_Reducer(nr.group_p())}, - m_mod_q{Modular_Reducer(nr.group_q())} - {} - - size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return m_q.bytes(); } - size_t max_input_bits() const override { return (m_q.bits() - 1); } - - bool with_recovery() const override { return true; } - - secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) override; - private: - const BigInt& m_q; - const BigInt& m_y; - - Fixed_Base_Power_Mod m_powermod_g_p, m_powermod_y_p; - Modular_Reducer m_mod_p, m_mod_q; - }; - -secure_vector<byte> -NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) - { - const BigInt& q = m_mod_q.get_modulus(); - - if(msg_len != 2*q.bytes()) - throw Invalid_Argument("NR verification: Invalid signature"); - - BigInt c(msg, q.bytes()); - BigInt d(msg + q.bytes(), q.bytes()); - - if(c.is_zero() || c >= q || d >= q) - throw Invalid_Argument("NR verification: Invalid signature"); - - auto future_y_c = std::async(std::launch::async, m_powermod_y_p, c); - BigInt g_d = m_powermod_g_p(d); - - BigInt i = m_mod_p.multiply(g_d, future_y_c.get()); - return BigInt::encode_locked(m_mod_q.reduce(c - i)); - } -} - -BOTAN_REGISTER_PK_SIGNATURE_OP("NR", NR_Signature_Operation); -BOTAN_REGISTER_PK_VERIFY_OP("NR", NR_Verification_Operation); - -} diff --git a/src/lib/pubkey/nr/nr.h b/src/lib/pubkey/nr/nr.h deleted file mode 100644 index 425ad2642..000000000 --- a/src/lib/pubkey/nr/nr.h +++ /dev/null @@ -1,57 +0,0 @@ -/* -* Nyberg-Rueppel -* (C) 1999-2010 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_NYBERG_RUEPPEL_H__ -#define BOTAN_NYBERG_RUEPPEL_H__ - -#include <botan/dl_algo.h> - -namespace Botan { - -/** -* Nyberg-Rueppel Public Key -*/ -class BOTAN_DLL NR_PublicKey : public virtual DL_Scheme_PublicKey - { - public: - std::string algo_name() const override { return "NR"; } - - DL_Group::Format group_format() const override { return DL_Group::ANSI_X9_57; } - - size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return group_q().bytes(); } - size_t max_input_bits() const override { return (group_q().bits() - 1); } - - NR_PublicKey(const AlgorithmIdentifier& alg_id, - const secure_vector<byte>& key_bits); - - NR_PublicKey(const DL_Group& group, const BigInt& pub_key); - protected: - NR_PublicKey() {} - }; - -/** -* Nyberg-Rueppel Private Key -*/ -class BOTAN_DLL NR_PrivateKey : public NR_PublicKey, - public virtual DL_Scheme_PrivateKey - { - public: - bool check_key(RandomNumberGenerator& rng, bool strong) const override; - - NR_PrivateKey(const AlgorithmIdentifier& alg_id, - const secure_vector<byte>& key_bits, - RandomNumberGenerator& rng); - - NR_PrivateKey(RandomNumberGenerator& rng, - const DL_Group& group, - const BigInt& x = 0); - }; - -} - -#endif diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index 9dbde28af..ac6f4a11f 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -36,14 +36,6 @@ #include <botan/gost_3410.h> #endif -#if defined(BOTAN_HAS_NYBERG_RUEPPEL) - #include <botan/nr.h> -#endif - -#if defined(BOTAN_HAS_RW) - #include <botan/rw.h> -#endif - #if defined(BOTAN_HAS_ELGAMAL) #include <botan/elgamal.h> #endif @@ -74,11 +66,6 @@ Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, return new RSA_PublicKey(alg_id, key_bits); #endif -#if defined(BOTAN_HAS_RW) - if(alg_name == "RW") - return new RW_PublicKey(alg_id, key_bits); -#endif - #if defined(BOTAN_HAS_DSA) if(alg_name == "DSA") return new DSA_PublicKey(alg_id, key_bits); @@ -89,11 +76,6 @@ Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, return new DH_PublicKey(alg_id, key_bits); #endif -#if defined(BOTAN_HAS_NYBERG_RUEPPEL) - if(alg_name == "NR") - return new NR_PublicKey(alg_id, key_bits); -#endif - #if defined(BOTAN_HAS_ELGAMAL) if(alg_name == "ElGamal") return new ElGamal_PublicKey(alg_id, key_bits); @@ -150,11 +132,6 @@ Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, return new RSA_PrivateKey(alg_id, key_bits, rng); #endif -#if defined(BOTAN_HAS_RW) - if(alg_name == "RW") - return new RW_PrivateKey(alg_id, key_bits, rng); -#endif - #if defined(BOTAN_HAS_DSA) if(alg_name == "DSA") return new DSA_PrivateKey(alg_id, key_bits, rng); @@ -165,11 +142,6 @@ Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, return new DH_PrivateKey(alg_id, key_bits, rng); #endif -#if defined(BOTAN_HAS_NYBERG_RUEPPEL) - if(alg_name == "NR") - return new NR_PrivateKey(alg_id, key_bits, rng); -#endif - #if defined(BOTAN_HAS_ELGAMAL) if(alg_name == "ElGamal") return new ElGamal_PrivateKey(alg_id, key_bits, rng); diff --git a/src/lib/pubkey/rw/info.txt b/src/lib/pubkey/rw/info.txt deleted file mode 100644 index 7cf1d1780..000000000 --- a/src/lib/pubkey/rw/info.txt +++ /dev/null @@ -1,7 +0,0 @@ -define RW 20131128 - -<requires> -if_algo -keypair -numbertheory -</requires> diff --git a/src/lib/pubkey/rw/rw.cpp b/src/lib/pubkey/rw/rw.cpp deleted file mode 100644 index bf6b647a1..000000000 --- a/src/lib/pubkey/rw/rw.cpp +++ /dev/null @@ -1,182 +0,0 @@ -/* -* Rabin-Williams -* (C) 1999-2008 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/pk_utils.h> -#include <botan/rw.h> -#include <botan/keypair.h> -#include <botan/parsing.h> -#include <botan/reducer.h> -#include <botan/blinding.h> -#include <algorithm> -#include <future> - -namespace Botan { - -/* -* Create a Rabin-Williams private key -*/ -RW_PrivateKey::RW_PrivateKey(RandomNumberGenerator& rng, - size_t bits, size_t exp) - { - if(bits < 1024) - throw Invalid_Argument(algo_name() + ": Can't make a key that is only " + - std::to_string(bits) + " bits long"); - if(exp < 2 || exp % 2 == 1) - throw Invalid_Argument(algo_name() + ": Invalid encryption exponent"); - - m_e = exp; - - do - { - m_p = random_prime(rng, (bits + 1) / 2, m_e / 2, 3, 4); - m_q = random_prime(rng, bits - m_p.bits(), m_e / 2, ((m_p % 8 == 3) ? 7 : 3), 8); - m_n = m_p * m_q; - } while(m_n.bits() != bits); - - m_d = inverse_mod(m_e, lcm(m_p - 1, m_q - 1) >> 1); - m_d1 = m_d % (m_p - 1); - m_d2 = m_d % (m_q - 1); - m_c = inverse_mod(m_q, m_p); - - gen_check(rng); - } - -/* -* Check Private Rabin-Williams Parameters -*/ -bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const - { - if(!IF_Scheme_PrivateKey::check_key(rng, strong)) - return false; - - if(!strong) - return true; - - if((m_e * m_d) % (lcm(m_p - 1, m_q - 1) / 2) != 1) - return false; - - return KeyPair::signature_consistency_check(rng, *this, "EMSA2(SHA-1)"); - } - -namespace { - -/** -* Rabin-Williams Signature Operation -*/ -class RW_Signature_Operation : public PK_Ops::Signature_with_EMSA - { - public: - typedef RW_PrivateKey Key_Type; - - RW_Signature_Operation(const RW_PrivateKey& rw, - const std::string& emsa) : - PK_Ops::Signature_with_EMSA(emsa), - m_n(rw.get_n()), - m_e(rw.get_e()), - m_q(rw.get_q()), - m_c(rw.get_c()), - m_powermod_d1_p(rw.get_d1(), rw.get_p()), - m_powermod_d2_q(rw.get_d2(), rw.get_q()), - m_mod_p(rw.get_p()), - m_blinder(m_n, - [this](const BigInt& k) { return power_mod(k, m_e, m_n); }, - [this](const BigInt& k) { return inverse_mod(k, m_n); }) - { - } - - size_t max_input_bits() const override { return (m_n.bits() - 1); } - - secure_vector<byte> raw_sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng) override; - private: - const BigInt& m_n; - const BigInt& m_e; - const BigInt& m_q; - const BigInt& m_c; - - Fixed_Exponent_Power_Mod m_powermod_d1_p, m_powermod_d2_q; - Modular_Reducer m_mod_p; - Blinder m_blinder; - }; - -secure_vector<byte> -RW_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, - RandomNumberGenerator&) - { - BigInt i(msg, msg_len); - - if(i >= m_n || i % 16 != 12) - throw Invalid_Argument("Rabin-Williams: invalid input"); - - if(jacobi(i, m_n) != 1) - i >>= 1; - - i = m_blinder.blind(i); - - auto future_j1 = std::async(std::launch::async, m_powermod_d1_p, i); - const BigInt j2 = m_powermod_d2_q(i); - BigInt j1 = future_j1.get(); - - j1 = m_mod_p.reduce(sub_mul(j1, j2, m_c)); - - const BigInt r = m_blinder.unblind(mul_add(j1, m_q, j2)); - - return BigInt::encode_1363(std::min(r, m_n - r), m_n.bytes()); - } - -/** -* Rabin-Williams Verification Operation -*/ -class RW_Verification_Operation : public PK_Ops::Verification_with_EMSA - { - public: - typedef RW_PublicKey Key_Type; - - RW_Verification_Operation(const RW_PublicKey& rw, const std::string& emsa) : - PK_Ops::Verification_with_EMSA(emsa), - m_n(rw.get_n()), m_powermod_e_n(rw.get_e(), rw.get_n()) - {} - - size_t max_input_bits() const override { return (m_n.bits() - 1); } - bool with_recovery() const override { return true; } - - secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) override; - - private: - const BigInt& m_n; - Fixed_Exponent_Power_Mod m_powermod_e_n; - }; - -secure_vector<byte> -RW_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) - { - BigInt m(msg, msg_len); - - if((m > (m_n >> 1)) || m.is_negative()) - throw Invalid_Argument("RW signature verification: m > n / 2 || m < 0"); - - BigInt r = m_powermod_e_n(m); - if(r % 16 == 12) - return BigInt::encode_locked(r); - if(r % 8 == 6) - return BigInt::encode_locked(2*r); - - r = m_n - r; - if(r % 16 == 12) - return BigInt::encode_locked(r); - if(r % 8 == 6) - return BigInt::encode_locked(2*r); - - throw Invalid_Argument("RW signature verification: Invalid signature"); - } - -BOTAN_REGISTER_PK_SIGNATURE_OP("RW", RW_Signature_Operation); -BOTAN_REGISTER_PK_VERIFY_OP("RW", RW_Verification_Operation); - -} - -} diff --git a/src/lib/pubkey/rw/rw.h b/src/lib/pubkey/rw/rw.h deleted file mode 100644 index 2a010441e..000000000 --- a/src/lib/pubkey/rw/rw.h +++ /dev/null @@ -1,61 +0,0 @@ -/* -* Rabin-Williams -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_RW_H__ -#define BOTAN_RW_H__ - -#include <botan/if_algo.h> - -namespace Botan { - -/** -* Rabin-Williams Public Key -*/ -class BOTAN_DLL RW_PublicKey : public virtual IF_Scheme_PublicKey - { - public: - std::string algo_name() const override { return "RW"; } - - RW_PublicKey(const AlgorithmIdentifier& alg_id, - const secure_vector<byte>& key_bits) : - IF_Scheme_PublicKey(alg_id, key_bits) - {} - - RW_PublicKey(const BigInt& mod, const BigInt& exponent) : - IF_Scheme_PublicKey(mod, exponent) - {} - - protected: - RW_PublicKey() {} - }; - -/** -* Rabin-Williams Private Key -*/ -class BOTAN_DLL RW_PrivateKey : public RW_PublicKey, - public IF_Scheme_PrivateKey - { - public: - RW_PrivateKey(const AlgorithmIdentifier& alg_id, - const secure_vector<byte>& key_bits, - RandomNumberGenerator& rng) : - IF_Scheme_PrivateKey(rng, alg_id, key_bits) {} - - RW_PrivateKey(RandomNumberGenerator& rng, - const BigInt& p, const BigInt& q, - const BigInt& e, const BigInt& d = 0, - const BigInt& n = 0) : - IF_Scheme_PrivateKey(rng, p, q, e, d, n) {} - - RW_PrivateKey(RandomNumberGenerator& rng, size_t bits, size_t = 2); - - bool check_key(RandomNumberGenerator& rng, bool) const override; - }; - -} - -#endif |