00001
00002
00003 #include "pch.h"
00004 #include "rsa.h"
00005 #include "asn.h"
00006 #include "sha.h"
00007 #include "oids.h"
00008 #include "modarith.h"
00009 #include "nbtheory.h"
00010 #include "algparam.h"
00011 #include "fips140.h"
00012
00013 #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) && !defined(CRYPTOPP_IS_DLL)
00014 #include "pssr.h"
00015 NAMESPACE_BEGIN(CryptoPP)
00016 void RSA_TestInstantiations()
00017 {
00018 RSASS<PKCS1v15, SHA>::Verifier x1(1, 1);
00019 RSASS<PKCS1v15, SHA>::Signer x2(NullRNG(), 1);
00020 RSASS<PKCS1v15, SHA>::Verifier x3(x2);
00021 RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey());
00022 RSASS<PSS, SHA>::Verifier x5(x3);
00023 #ifndef __MWERKS__
00024 RSASS<PSSR, SHA>::Signer x6 = x2;
00025 x3 = x2;
00026 x6 = x2;
00027 #endif
00028 RSAES<PKCS1v15>::Encryptor x7(x2);
00029 #ifndef __GNUC__
00030 RSAES<PKCS1v15>::Encryptor x8(x3);
00031 #endif
00032 RSAES<OAEP<SHA> >::Encryptor x9(x2);
00033
00034 x4 = x2.GetKey();
00035 }
00036 NAMESPACE_END
00037 #endif
00038
00039 #ifndef CRYPTOPP_IMPORTS
00040
00041 NAMESPACE_BEGIN(CryptoPP)
00042
00043 OID RSAFunction::GetAlgorithmID() const
00044 {
00045 return ASN1::rsaEncryption();
00046 }
00047
00048 void RSAFunction::BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
00049 {
00050 BERSequenceDecoder seq(bt);
00051 m_n.BERDecode(seq);
00052 m_e.BERDecode(seq);
00053 seq.MessageEnd();
00054 }
00055
00056 void RSAFunction::DEREncodePublicKey(BufferedTransformation &bt) const
00057 {
00058 DERSequenceEncoder seq(bt);
00059 m_n.DEREncode(seq);
00060 m_e.DEREncode(seq);
00061 seq.MessageEnd();
00062 }
00063
00064 Integer RSAFunction::ApplyFunction(const Integer &x) const
00065 {
00066 DoQuickSanityCheck();
00067 return a_exp_b_mod_c(x, m_e, m_n);
00068 }
00069
00070 bool RSAFunction::Validate(RandomNumberGenerator& rng, unsigned int level) const
00071 {
00072 CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(level);
00073
00074 bool pass = true;
00075 pass = pass && m_n > Integer::One() && m_n.IsOdd();
00076 pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n;
00077 return pass;
00078 }
00079
00080 bool RSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
00081 {
00082 return GetValueHelper(this, name, valueType, pValue).Assignable()
00083 CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
00084 CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent)
00085 ;
00086 }
00087
00088 void RSAFunction::AssignFrom(const NameValuePairs &source)
00089 {
00090 AssignFromHelper(this, source)
00091 CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
00092 CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent)
00093 ;
00094 }
00095
00096
00097
00098 class RSAPrimeSelector : public PrimeSelector
00099 {
00100 public:
00101 RSAPrimeSelector(const Integer &e) : m_e(e) {}
00102 bool IsAcceptable(const Integer &candidate) const {return RelativelyPrime(m_e, candidate-Integer::One());}
00103 Integer m_e;
00104 };
00105
00106 void InvertibleRSAFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
00107 {
00108 int modulusSize = 2048;
00109 alg.GetIntValue(Name::ModulusSize(), modulusSize) || alg.GetIntValue(Name::KeySize(), modulusSize);
00110
00111 assert(modulusSize >= 16);
00112 if (modulusSize < 16)
00113 throw InvalidArgument("InvertibleRSAFunction: specified modulus size is too small");
00114
00115 m_e = alg.GetValueWithDefault(Name::PublicExponent(), Integer(17));
00116
00117 assert(m_e >= 3); assert(!m_e.IsEven());
00118 if (m_e < 3 || m_e.IsEven())
00119 throw InvalidArgument("InvertibleRSAFunction: invalid public exponent");
00120
00121 RSAPrimeSelector selector(m_e);
00122 AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize)
00123 (Name::PointerToPrimeSelector(), selector.GetSelectorPointer());
00124 m_p.GenerateRandom(rng, primeParam);
00125 m_q.GenerateRandom(rng, primeParam);
00126
00127 m_d = m_e.InverseMod(LCM(m_p-1, m_q-1));
00128 assert(m_d.IsPositive());
00129
00130 m_dp = m_d % (m_p-1);
00131 m_dq = m_d % (m_q-1);
00132 m_n = m_p * m_q;
00133 m_u = m_q.InverseMod(m_p);
00134
00135 if (FIPS_140_2_ComplianceEnabled())
00136 {
00137 RSASS<PKCS1v15, SHA>::Signer signer(*this);
00138 RSASS<PKCS1v15, SHA>::Verifier verifier(signer);
00139 SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
00140
00141 RSAES<OAEP<SHA> >::Decryptor decryptor(*this);
00142 RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor);
00143 EncryptionPairwiseConsistencyTest_FIPS_140_Only(encryptor, decryptor);
00144 }
00145 }
00146
00147 void InvertibleRSAFunction::Initialize(RandomNumberGenerator &rng, unsigned int keybits, const Integer &e)
00148 {
00149 GenerateRandom(rng, MakeParameters(Name::ModulusSize(), (int)keybits)(Name::PublicExponent(), e+e.IsEven()));
00150 }
00151
00152 void InvertibleRSAFunction::Initialize(const Integer &n, const Integer &e, const Integer &d)
00153 {
00154 if (n.IsEven() || e.IsEven() | d.IsEven())
00155 throw InvalidArgument("InvertibleRSAFunction: input is not a valid RSA private key");
00156
00157 m_n = n;
00158 m_e = e;
00159 m_d = d;
00160
00161 Integer r = --(d*e);
00162 unsigned int s = 0;
00163 while (r.IsEven())
00164 {
00165 r >>= 1;
00166 s++;
00167 }
00168
00169 ModularArithmetic modn(n);
00170 for (Integer i = 2; ; ++i)
00171 {
00172 Integer a = modn.Exponentiate(i, r);
00173 if (a == 1)
00174 continue;
00175 Integer b;
00176 unsigned int j = 0;
00177 while (a != n-1)
00178 {
00179 b = modn.Square(a);
00180 if (b == 1)
00181 {
00182 m_p = GCD(a-1, n);
00183 m_q = n/m_p;
00184 m_dp = m_d % (m_p-1);
00185 m_dq = m_d % (m_q-1);
00186 m_u = m_q.InverseMod(m_p);
00187 return;
00188 }
00189 if (++j == s)
00190 throw InvalidArgument("InvertibleRSAFunction: input is not a valid RSA private key");
00191 a = b;
00192 }
00193 }
00194 }
00195
00196 void InvertibleRSAFunction::BERDecodePrivateKey(BufferedTransformation &bt, bool, size_t)
00197 {
00198 BERSequenceDecoder privateKey(bt);
00199 word32 version;
00200 BERDecodeUnsigned<word32>(privateKey, version, INTEGER, 0, 0);
00201 m_n.BERDecode(privateKey);
00202 m_e.BERDecode(privateKey);
00203 m_d.BERDecode(privateKey);
00204 m_p.BERDecode(privateKey);
00205 m_q.BERDecode(privateKey);
00206 m_dp.BERDecode(privateKey);
00207 m_dq.BERDecode(privateKey);
00208 m_u.BERDecode(privateKey);
00209 privateKey.MessageEnd();
00210 }
00211
00212 void InvertibleRSAFunction::DEREncodePrivateKey(BufferedTransformation &bt) const
00213 {
00214 DERSequenceEncoder privateKey(bt);
00215 DEREncodeUnsigned<word32>(privateKey, 0);
00216 m_n.DEREncode(privateKey);
00217 m_e.DEREncode(privateKey);
00218 m_d.DEREncode(privateKey);
00219 m_p.DEREncode(privateKey);
00220 m_q.DEREncode(privateKey);
00221 m_dp.DEREncode(privateKey);
00222 m_dq.DEREncode(privateKey);
00223 m_u.DEREncode(privateKey);
00224 privateKey.MessageEnd();
00225 }
00226
00227 Integer InvertibleRSAFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
00228 {
00229 DoQuickSanityCheck();
00230 ModularArithmetic modn(m_n);
00231 Integer r, rInv;
00232 do {
00233 r.Randomize(rng, Integer::One(), m_n - Integer::One());
00234 rInv = modn.MultiplicativeInverse(r);
00235 } while (rInv.IsZero());
00236 Integer re = modn.Exponentiate(r, m_e);
00237 re = modn.Multiply(re, x);
00238
00239
00240 Integer y = ModularRoot(re, m_dq, m_dp, m_q, m_p, m_u);
00241 y = modn.Multiply(y, rInv);
00242 if (modn.Exponentiate(y, m_e) != x)
00243 throw Exception(Exception::OTHER_ERROR, "InvertibleRSAFunction: computational error during private key operation");
00244 return y;
00245 }
00246
00247 bool InvertibleRSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
00248 {
00249 bool pass = RSAFunction::Validate(rng, level);
00250 pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n;
00251 pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n;
00252 pass = pass && m_d > Integer::One() && m_d.IsOdd() && m_d < m_n;
00253 pass = pass && m_dp > Integer::One() && m_dp.IsOdd() && m_dp < m_p;
00254 pass = pass && m_dq > Integer::One() && m_dq.IsOdd() && m_dq < m_q;
00255 pass = pass && m_u.IsPositive() && m_u < m_p;
00256 if (level >= 1)
00257 {
00258 pass = pass && m_p * m_q == m_n;
00259 pass = pass && m_e*m_d % LCM(m_p-1, m_q-1) == 1;
00260 pass = pass && m_dp == m_d%(m_p-1) && m_dq == m_d%(m_q-1);
00261 pass = pass && m_u * m_q % m_p == 1;
00262 }
00263 if (level >= 2)
00264 pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
00265 return pass;
00266 }
00267
00268 bool InvertibleRSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
00269 {
00270 return GetValueHelper<RSAFunction>(this, name, valueType, pValue).Assignable()
00271 CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
00272 CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
00273 CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent)
00274 CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime1PrivateExponent)
00275 CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime2PrivateExponent)
00276 CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
00277 ;
00278 }
00279
00280 void InvertibleRSAFunction::AssignFrom(const NameValuePairs &source)
00281 {
00282 AssignFromHelper<RSAFunction>(this, source)
00283 CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
00284 CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
00285 CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent)
00286 CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime1PrivateExponent)
00287 CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime2PrivateExponent)
00288 CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
00289 ;
00290 }
00291
00292
00293
00294 Integer RSAFunction_ISO::ApplyFunction(const Integer &x) const
00295 {
00296 Integer t = RSAFunction::ApplyFunction(x);
00297 return t % 16 == 12 ? t : m_n - t;
00298 }
00299
00300 Integer InvertibleRSAFunction_ISO::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
00301 {
00302 Integer t = InvertibleRSAFunction::CalculateInverse(rng, x);
00303 return STDMIN(t, m_n-t);
00304 }
00305
00306 NAMESPACE_END
00307
00308 #endif