Botan  1.10.9
rsa.cpp
Go to the documentation of this file.
1 /*
2 * RSA
3 * (C) 1999-2010 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/rsa.h>
9 #include <botan/libstate.h>
10 #include <botan/parsing.h>
11 #include <botan/numthry.h>
12 #include <botan/keypair.h>
13 #include <botan/internal/assert.h>
14 
15 namespace Botan {
16 
17 /*
18 * Create a RSA private key
19 */
21  size_t bits, size_t exp)
22  {
23  if(bits < 512)
24  throw Invalid_Argument(algo_name() + ": Can't make a key that is only " +
25  to_string(bits) + " bits long");
26  if(exp < 3 || exp % 2 == 0)
27  throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
28 
29  e = exp;
30 
31  do
32  {
33  p = random_prime(rng, (bits + 1) / 2, e);
34  q = random_prime(rng, bits - p.bits(), e);
35  n = p * q;
36  } while(n.bits() != bits);
37 
38  d = inverse_mod(e, lcm(p - 1, q - 1));
39  d1 = d % (p - 1);
40  d2 = d % (q - 1);
41  c = inverse_mod(q, p);
42 
43  gen_check(rng);
44  }
45 
46 /*
47 * Check Private RSA Parameters
48 */
50  {
51  if(!IF_Scheme_PrivateKey::check_key(rng, strong))
52  return false;
53 
54  if(!strong)
55  return true;
56 
57  if((e * d) % lcm(p - 1, q - 1) != 1)
58  return false;
59 
60  return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-1)");
61  }
62 
64  n(rsa.get_n()),
65  q(rsa.get_q()),
66  c(rsa.get_c()),
67  powermod_e_n(rsa.get_e(), rsa.get_n()),
68  powermod_d1_p(rsa.get_d1(), rsa.get_p()),
69  powermod_d2_q(rsa.get_d2(), rsa.get_q()),
70  mod_p(rsa.get_p())
71  {
72  BigInt k(global_state().global_rng(), n.bits() - 1);
73  blinder = Blinder(powermod_e_n(k), inverse_mod(k, n), n);
74  }
75 
76 BigInt RSA_Private_Operation::private_op(const BigInt& m) const
77  {
78  if(m >= n)
79  throw Invalid_Argument("RSA private op - input is too large");
80 
81  BigInt j1 = powermod_d1_p(m);
82  BigInt j2 = powermod_d2_q(m);
83 
84  j1 = mod_p.reduce(sub_mul(j1, j2, c));
85 
86  return mul_add(j1, q, j2);
87  }
88 
89 SecureVector<byte>
90 RSA_Private_Operation::sign(const byte msg[], size_t msg_len,
92  {
93  /* We don't check signatures against powermod_e_n here because
94  PK_Signer checks verification consistency for all signature
95  algorithms.
96  */
97 
98  BigInt m(msg, msg_len);
99  BigInt x = blinder.unblind(private_op(blinder.blind(m)));
100  return BigInt::encode_1363(x, n.bytes());
101  }
102 
103 /*
104 * RSA Decryption Operation
105 */
107 RSA_Private_Operation::decrypt(const byte msg[], size_t msg_len)
108  {
109  BigInt m(msg, msg_len);
110  BigInt x = blinder.unblind(private_op(blinder.blind(m)));
111 
112  BOTAN_ASSERT(m == powermod_e_n(x),
113  "RSA private op failed consistency check");
114 
115  return BigInt::encode(x);
116  }
117 
118 }
SecureVector< byte > sign(const byte msg[], size_t msg_len, RandomNumberGenerator &rng)
Definition: rsa.cpp:90
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &key, const std::string &padding)
Definition: keypair.cpp:47
BigInt n
Definition: numthry.cpp:26
std::string algo_name() const
Definition: rsa.h:24
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
static SecureVector< byte > encode(const BigInt &n, Base base=Binary)
Definition: big_code.cpp:64
RSA_Private_Operation(const RSA_PrivateKey &rsa)
Definition: rsa.cpp:63
#define BOTAN_ASSERT(expr, msg)
Definition: assert.h:19
unsigned char byte
Definition: types.h:22
size_t bits() const
Definition: bigint.cpp:253
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
Library_State & global_state()
SecureVector< byte > decrypt(const byte msg[], size_t msg_len)
Definition: rsa.cpp:107
GMP_MPZ exp
Definition: gmp_powm.cpp:29
BigInt unblind(const BigInt &x) const
Definition: blinding.cpp:42
BigInt reduce(const BigInt &x) const
Definition: reducer.cpp:32
bool check_key(RandomNumberGenerator &rng, bool) const
Definition: if_algo.cpp:121
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: numthry.cpp:202
BigInt blind(const BigInt &x) const
Definition: blinding.cpp:29
BigInt sub_mul(const BigInt &a, const BigInt &b, const BigInt &c)
Definition: mp_numth.cpp:60
std::string to_string(u64bit n, size_t min_len)
Definition: parsing.cpp:42
void gen_check(RandomNumberGenerator &rng) const
Definition: pk_keys.cpp:49
RSA_PrivateKey(const AlgorithmIdentifier &alg_id, const MemoryRegion< byte > &key_bits, RandomNumberGenerator &rng)
Definition: rsa.h:53
static SecureVector< byte > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:78
BigInt lcm(const BigInt &a, const BigInt &b)
Definition: numthry.cpp:194
BigInt mul_add(const BigInt &a, const BigInt &b, const BigInt &c)
Definition: mp_numth.cpp:33
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo)
Definition: make_prm.cpp:17
bool check_key(RandomNumberGenerator &rng, bool) const
Definition: rsa.cpp:49
size_t bytes() const
Definition: bigint.cpp:245