00001
00002
00003
#include "pch.h"
00004
#include "rsa.h"
00005
#include "asn.h"
00006
#include "oids.h"
00007
#include "modarith.h"
00008
#include "nbtheory.h"
00009
#include "sha.h"
00010
#include "algparam.h"
00011
#include "fips140.h"
00012
00013
#ifndef NDEBUG
00014
#include "pssr.h"
00015
#endif
00016
00017
#include "oaep.cpp"
00018
00019 NAMESPACE_BEGIN(CryptoPP)
00020
00021 #ifndef NDEBUG
00022
void RSA_TestInstantiations()
00023 {
00024
RSASS<PKCS1v15, SHA>::Verifier x1(1, 1);
00025
RSASS<PKCS1v15, SHA>::Signer x2(NullRNG(), 1);
00026
RSASS<PKCS1v15, SHA>::Verifier x3(x2);
00027
RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey());
00028
RSASS<PSS, SHA>::Verifier x5(x3);
00029
#ifndef __MWERKS__
00030
RSASS<PSSR, SHA>::Signer x6 = x2;
00031 x3 = x2;
00032 x6 = x2;
00033
#endif
00034
RSAES<PKCS1v15>::Encryptor x7(x2);
00035
#ifndef __GNUC__
00036
RSAES<PKCS1v15>::Encryptor x8(x3);
00037
#endif
00038
RSAES<OAEP<SHA> >::Encryptor x9(x2);
00039
00040 x4 = x2.GetKey();
00041 }
00042
#endif
00043
00044
template class OAEP<SHA>;
00045
00046
OID RSAFunction::GetAlgorithmID()
const
00047
{
00048
return ASN1::rsaEncryption();
00049 }
00050
00051 void RSAFunction::BERDecodeKey(
BufferedTransformation &bt)
00052 {
00053
BERSequenceDecoder seq(bt);
00054 m_n.
BERDecode(seq);
00055 m_e.
BERDecode(seq);
00056 seq.
MessageEnd();
00057 }
00058
00059 void RSAFunction::DEREncodeKey(
BufferedTransformation &bt)
const
00060
{
00061
DERSequenceEncoder seq(bt);
00062 m_n.
DEREncode(seq);
00063 m_e.
DEREncode(seq);
00064 seq.
MessageEnd();
00065 }
00066
00067
Integer RSAFunction::ApplyFunction(
const Integer &x)
const
00068
{
00069 DoQuickSanityCheck();
00070
return a_exp_b_mod_c(x, m_e, m_n);
00071 }
00072
00073 bool RSAFunction::Validate(
RandomNumberGenerator &rng,
unsigned int level)
const
00074
{
00075
bool pass =
true;
00076 pass = pass && m_n >
Integer::One() && m_n.
IsOdd();
00077 pass = pass && m_e >
Integer::One() && m_e.
IsOdd() && m_e < m_n;
00078
return pass;
00079 }
00080
00081 bool RSAFunction::GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
00082
{
00083
return GetValueHelper(
this, name, valueType, pValue).Assignable()
00084 CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
00085 CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent)
00086 ;
00087 }
00088
00089 void RSAFunction::AssignFrom(
const NameValuePairs &source)
00090 {
00091 AssignFromHelper(
this, source)
00092 CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
00093 CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent)
00094 ;
00095 }
00096
00097
00098
00099
class RSAPrimeSelector :
public PrimeSelector
00100 {
00101
public:
00102 RSAPrimeSelector(
const Integer &e) : m_e(e) {}
00103
bool IsAcceptable(
const Integer &candidate)
const {
return RelativelyPrime(m_e, candidate-Integer::One());}
00104
Integer m_e;
00105 };
00106
00107 void InvertibleRSAFunction::GenerateRandom(
RandomNumberGenerator &rng,
const NameValuePairs &alg)
00108 {
00109
int modulusSize = 2048;
00110 alg.
GetIntValue(
"ModulusSize", modulusSize) || alg.
GetIntValue(
"KeySize", modulusSize);
00111
00112
if (modulusSize < 16)
00113
throw InvalidArgument(
"InvertibleRSAFunction: specified modulus size is too small");
00114
00115 m_e = alg.
GetValueWithDefault(
"PublicExponent",
Integer(17));
00116
00117
if (m_e < 3 || m_e.
IsEven())
00118
throw InvalidArgument(
"InvertibleRSAFunction: invalid public exponent");
00119
00120 RSAPrimeSelector selector(m_e);
00121
const NameValuePairs &primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize)
00122 (
"PointerToPrimeSelector", selector.GetSelectorPointer());
00123 m_p.
GenerateRandom(rng, primeParam);
00124 m_q.
GenerateRandom(rng, primeParam);
00125
00126 m_d = EuclideanMultiplicativeInverse(m_e, LCM(m_p-1, m_q-1));
00127 assert(m_d.
IsPositive());
00128
00129 m_dp = m_d % (m_p-1);
00130 m_dq = m_d % (m_q-1);
00131 m_n = m_p * m_q;
00132 m_u = m_q.
InverseMod(m_p);
00133
00134
if (FIPS_140_2_ComplianceEnabled())
00135 {
00136
RSASS<PKCS1v15, SHA>::Signer signer(*
this);
00137
RSASS<PKCS1v15, SHA>::Verifier verifier(signer);
00138 SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
00139
00140
RSAES<OAEP<SHA> >::Decryptor decryptor(*
this);
00141
RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor);
00142 EncryptionPairwiseConsistencyTest_FIPS_140_Only(encryptor, decryptor);
00143 }
00144 }
00145
00146
void InvertibleRSAFunction::Initialize(
RandomNumberGenerator &rng,
unsigned int keybits,
const Integer &e)
00147 {
00148 GenerateRandom(rng, MakeParameters(
"ModulusSize", (
int)keybits)(
"PublicExponent", e+e.IsEven()));
00149 }
00150
00151 void InvertibleRSAFunction::Initialize(
const Integer &n,
const Integer &e,
const Integer &d)
00152 {
00153 m_n = n;
00154 m_e = e;
00155 m_d = d;
00156
00157
Integer r = --(d*e);
00158
while (r.
IsEven())
00159 r >>= 1;
00160
00161
ModularArithmetic modn(n);
00162
for (
Integer i = 2; ; ++i)
00163 {
00164
Integer a = modn.
Exponentiate(i, r);
00165
if (a == 1)
00166
continue;
00167
Integer b;
00168
while (a != -1)
00169 {
00170 b = modn.
Square(a);
00171
if (b == 1)
00172 {
00173 m_p = GCD(a-1, n);
00174 m_q = n/m_p;
00175 m_dp = m_d % (m_p-1);
00176 m_dq = m_d % (m_q-1);
00177 m_u = m_q.
InverseMod(m_p);
00178
return;
00179 }
00180 a = b;
00181 }
00182 }
00183 }
00184
00185 void InvertibleRSAFunction::BERDecodeKey(
BufferedTransformation &bt)
00186 {
00187
BERSequenceDecoder privateKey(bt);
00188 word32 version;
00189 BERDecodeUnsigned<word32>(privateKey, version, INTEGER, 0, 0);
00190 m_n.
BERDecode(privateKey);
00191 m_e.
BERDecode(privateKey);
00192 m_d.
BERDecode(privateKey);
00193 m_p.
BERDecode(privateKey);
00194 m_q.
BERDecode(privateKey);
00195 m_dp.
BERDecode(privateKey);
00196 m_dq.
BERDecode(privateKey);
00197 m_u.
BERDecode(privateKey);
00198 privateKey.MessageEnd();
00199 }
00200
00201 void InvertibleRSAFunction::DEREncodeKey(
BufferedTransformation &bt)
const
00202
{
00203
DERSequenceEncoder privateKey(bt);
00204 DEREncodeUnsigned<word32>(privateKey, 0);
00205 m_n.
DEREncode(privateKey);
00206 m_e.
DEREncode(privateKey);
00207 m_d.
DEREncode(privateKey);
00208 m_p.
DEREncode(privateKey);
00209 m_q.
DEREncode(privateKey);
00210 m_dp.
DEREncode(privateKey);
00211 m_dq.
DEREncode(privateKey);
00212 m_u.
DEREncode(privateKey);
00213 privateKey.MessageEnd();
00214 }
00215
00216
Integer InvertibleRSAFunction::CalculateInverse(
RandomNumberGenerator &rng,
const Integer &x)
const
00217
{
00218 DoQuickSanityCheck();
00219
ModularArithmetic modn(m_n);
00220
Integer r(rng, Integer::One(), m_n - Integer::One());
00221
Integer re = modn.
Exponentiate(r, m_e);
00222 re = modn.
Multiply(re, x);
00223
00224
00225
Integer y = ModularRoot(re, m_dq, m_dp, m_q, m_p, m_u);
00226 y = modn.
Divide(y, r);
00227
if (modn.
Exponentiate(y, m_e) != x)
00228
throw Exception(Exception::OTHER_ERROR,
"InvertibleRSAFunction: computational error during private key operation");
00229
return y;
00230 }
00231
00232 bool InvertibleRSAFunction::Validate(
RandomNumberGenerator &rng,
unsigned int level)
const
00233
{
00234
bool pass = RSAFunction::Validate(rng, level);
00235 pass = pass && m_p >
Integer::One() && m_p.
IsOdd() && m_p < m_n;
00236 pass = pass && m_q >
Integer::One() && m_q.
IsOdd() && m_q < m_n;
00237 pass = pass && m_d >
Integer::One() && m_d.
IsOdd() && m_d < m_n;
00238 pass = pass && m_dp >
Integer::One() && m_dp.
IsOdd() && m_dp < m_p;
00239 pass = pass && m_dq >
Integer::One() && m_dq.
IsOdd() && m_dq < m_q;
00240 pass = pass && m_u.
IsPositive() && m_u < m_p;
00241
if (level >= 1)
00242 {
00243 pass = pass && m_p * m_q == m_n;
00244 pass = pass && m_e*m_d % LCM(m_p-1, m_q-1) == 1;
00245 pass = pass && m_dp == m_d%(m_p-1) && m_dq == m_d%(m_q-1);
00246 pass = pass && m_u * m_q % m_p == 1;
00247 }
00248
if (level >= 2)
00249 pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
00250
return pass;
00251 }
00252
00253 bool InvertibleRSAFunction::GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
00254
{
00255
return GetValueHelper<RSAFunction>(
this, name, valueType, pValue).Assignable()
00256 CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
00257 CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
00258 CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent)
00259 CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime1PrivateExponent)
00260 CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime2PrivateExponent)
00261 CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
00262 ;
00263 }
00264
00265 void InvertibleRSAFunction::AssignFrom(
const NameValuePairs &source)
00266 {
00267 AssignFromHelper<RSAFunction>(
this, source)
00268 CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
00269 CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
00270 CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent)
00271 CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime1PrivateExponent)
00272 CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime2PrivateExponent)
00273 CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
00274 ;
00275 }
00276
00277 NAMESPACE_END