Fabcoin Core  0.16.2
P2P Digital Currency
rsa.cpp
Go to the documentation of this file.
1 // rsa.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 #include "rsa.h"
5 #include "asn.h"
6 #include "sha.h"
7 #include "oids.h"
8 #include "modarith.h"
9 #include "nbtheory.h"
10 #include "algparam.h"
11 #include "fips140.h"
12 
13 #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) && !defined(CRYPTOPP_IS_DLL)
14 #include "pssr.h"
16 void RSA_TestInstantiations()
17 {
21  RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey());
23 #ifndef __MWERKS__
25  x3 = x2;
26  x6 = x2;
27 #endif
29 #ifndef __GNUC__
31 #endif
32  RSAES<OAEP<SHA> >::Encryptor x9(x2);
33 
34  x4 = x2.GetKey();
35 }
37 #endif
38 
39 #ifndef CRYPTOPP_IMPORTS
40 
42 
43 OID RSAFunction::GetAlgorithmID() const
44 {
45  return ASN1::rsaEncryption();
46 }
47 
49 {
50  BERSequenceDecoder seq(bt);
51  m_n.BERDecode(seq);
52  m_e.BERDecode(seq);
53  seq.MessageEnd();
54 }
55 
57 {
58  DERSequenceEncoder seq(bt);
59  m_n.DEREncode(seq);
60  m_e.DEREncode(seq);
61  seq.MessageEnd();
62 }
63 
65 {
67  return a_exp_b_mod_c(x, m_e, m_n);
68 }
69 
70 bool RSAFunction::Validate(RandomNumberGenerator& rng, unsigned int level) const
71 {
72  CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(level);
73 
74  bool pass = true;
75  pass = pass && m_n > Integer::One() && m_n.IsOdd();
76  pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n;
77  return pass;
78 }
79 
80 bool RSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
81 {
82  return GetValueHelper(this, name, valueType, pValue).Assignable()
84  CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent)
85  ;
86 }
87 
89 {
90  AssignFromHelper(this, source)
92  CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent)
93  ;
94 }
95 
96 // *****************************************************************************
97 
99 {
100 public:
101  RSAPrimeSelector(const Integer &e) : m_e(e) {}
102  bool IsAcceptable(const Integer &candidate) const {return RelativelyPrime(m_e, candidate-Integer::One());}
104 };
105 
107 {
108  int modulusSize = 2048;
109  alg.GetIntValue(Name::ModulusSize(), modulusSize) || alg.GetIntValue(Name::KeySize(), modulusSize);
110 
111  CRYPTOPP_ASSERT(modulusSize >= 16);
112  if (modulusSize < 16)
113  throw InvalidArgument("InvertibleRSAFunction: specified modulus size is too small");
114 
115  m_e = alg.GetValueWithDefault(Name::PublicExponent(), Integer(17));
116 
118  if (m_e < 3 || m_e.IsEven())
119  throw InvalidArgument("InvertibleRSAFunction: invalid public exponent");
120 
121  RSAPrimeSelector selector(m_e);
123  (Name::PointerToPrimeSelector(), selector.GetSelectorPointer());
124  m_p.GenerateRandom(rng, primeParam);
125  m_q.GenerateRandom(rng, primeParam);
126 
127  m_d = m_e.InverseMod(LCM(m_p-1, m_q-1));
128  CRYPTOPP_ASSERT(m_d.IsPositive());
129 
130  m_dp = m_d % (m_p-1);
131  m_dq = m_d % (m_q-1);
132  m_n = m_p * m_q;
133  m_u = m_q.InverseMod(m_p);
134 
136  {
137  RSASS<PKCS1v15, SHA>::Signer signer(*this);
138  RSASS<PKCS1v15, SHA>::Verifier verifier(signer);
140 
141  RSAES<OAEP<SHA> >::Decryptor decryptor(*this);
142  RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor);
144  }
145 }
146 
147 void InvertibleRSAFunction::Initialize(RandomNumberGenerator &rng, unsigned int keybits, const Integer &e)
148 {
149  GenerateRandom(rng, MakeParameters(Name::ModulusSize(), (int)keybits)(Name::PublicExponent(), e+e.IsEven()));
150 }
151 
153 {
154  if (n.IsEven() || e.IsEven() | d.IsEven())
155  throw InvalidArgument("InvertibleRSAFunction: input is not a valid RSA private key");
156 
157  m_n = n;
158  m_e = e;
159  m_d = d;
160 
161  Integer r = --(d*e);
162  unsigned int s = 0;
163  while (r.IsEven())
164  {
165  r >>= 1;
166  s++;
167  }
168 
169  ModularArithmetic modn(n);
170  for (Integer i = 2; ; ++i)
171  {
172  Integer a = modn.Exponentiate(i, r);
173  if (a == 1)
174  continue;
175  Integer b;
176  unsigned int j = 0;
177  while (a != n-1)
178  {
179  b = modn.Square(a);
180  if (b == 1)
181  {
182  m_p = GCD(a-1, n);
183  m_q = n/m_p;
184  m_dp = m_d % (m_p-1);
185  m_dq = m_d % (m_q-1);
186  m_u = m_q.InverseMod(m_p);
187  return;
188  }
189  if (++j == s)
190  throw InvalidArgument("InvertibleRSAFunction: input is not a valid RSA private key");
191  a = b;
192  }
193  }
194 }
195 
197 {
198  BERSequenceDecoder privateKey(bt);
199  word32 version;
200  BERDecodeUnsigned<word32>(privateKey, version, INTEGER, 0, 0); // check version
201  m_n.BERDecode(privateKey);
202  m_e.BERDecode(privateKey);
203  m_d.BERDecode(privateKey);
204  m_p.BERDecode(privateKey);
205  m_q.BERDecode(privateKey);
206  m_dp.BERDecode(privateKey);
207  m_dq.BERDecode(privateKey);
208  m_u.BERDecode(privateKey);
209  privateKey.MessageEnd();
210 }
211 
213 {
214  DERSequenceEncoder privateKey(bt);
215  DEREncodeUnsigned<word32>(privateKey, 0); // version
216  m_n.DEREncode(privateKey);
217  m_e.DEREncode(privateKey);
218  m_d.DEREncode(privateKey);
219  m_p.DEREncode(privateKey);
220  m_q.DEREncode(privateKey);
221  m_dp.DEREncode(privateKey);
222  m_dq.DEREncode(privateKey);
223  m_u.DEREncode(privateKey);
224  privateKey.MessageEnd();
225 }
226 
228 {
230  ModularArithmetic modn(m_n);
231  Integer r, rInv;
232  do { // do this in a loop for people using small numbers for testing
233  r.Randomize(rng, Integer::One(), m_n - Integer::One());
234  rInv = modn.MultiplicativeInverse(r);
235  } while (rInv.IsZero());
236  Integer re = modn.Exponentiate(r, m_e);
237  re = modn.Multiply(re, x); // blind
238  // here we follow the notation of PKCS #1 and let u=q inverse mod p
239  // but in ModRoot, u=p inverse mod q, so we reverse the order of p and q
240  Integer y = ModularRoot(re, m_dq, m_dp, m_q, m_p, m_u);
241  y = modn.Multiply(y, rInv); // unblind
242  if (modn.Exponentiate(y, m_e) != x) // check
243  throw Exception(Exception::OTHER_ERROR, "InvertibleRSAFunction: computational error during private key operation");
244  return y;
245 }
246 
247 bool InvertibleRSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
248 {
249  bool pass = RSAFunction::Validate(rng, level);
250  pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n;
251  pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n;
252  pass = pass && m_d > Integer::One() && m_d.IsOdd() && m_d < m_n;
253  pass = pass && m_dp > Integer::One() && m_dp.IsOdd() && m_dp < m_p;
254  pass = pass && m_dq > Integer::One() && m_dq.IsOdd() && m_dq < m_q;
255  pass = pass && m_u.IsPositive() && m_u < m_p;
256  if (level >= 1)
257  {
258  pass = pass && m_p * m_q == m_n;
259  pass = pass && m_e*m_d % LCM(m_p-1, m_q-1) == 1;
260  pass = pass && m_dp == m_d%(m_p-1) && m_dq == m_d%(m_q-1);
261  pass = pass && m_u * m_q % m_p == 1;
262  }
263  if (level >= 2)
264  pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
265  return pass;
266 }
267 
268 bool InvertibleRSAFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
269 {
270  return GetValueHelper<RSAFunction>(this, name, valueType, pValue).Assignable()
273  CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent)
274  CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime1PrivateExponent)
275  CRYPTOPP_GET_FUNCTION_ENTRY(ModPrime2PrivateExponent)
276  CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
277  ;
278 }
279 
281 {
282  AssignFromHelper<RSAFunction>(this, source)
285  CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent)
286  CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime1PrivateExponent)
287  CRYPTOPP_SET_FUNCTION_ENTRY(ModPrime2PrivateExponent)
288  CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
289  ;
290 }
291 
292 // *****************************************************************************
293 
295 {
297  return t % 16 == 12 ? t : m_n - t;
298 }
299 
301 {
303  return STDMIN(t, m_n-t);
304 }
305 
307 
308 #endif
Base class for all exceptions thrown by the library.
Definition: cryptlib.h:140
Integer ModularRoot(const Integer &a, const Integer &dp, const Integer &dq, const Integer &p, const Integer &q, const Integer &u)
Definition: nbtheory.cpp:648
An invalid argument was detected.
Definition: cryptlib.h:184
Classes for working with NameValuePairs.
AlgorithmParameters MakeParametersForTwoPrimesOfEqualSize(unsigned int productBitLength)
Definition: nbtheory.cpp:267
void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier)
Definition: fips140.cpp:78
bool IsOdd() const
Determines if the Integer is odd parity.
Definition: integer.h:345
T GetValueWithDefault(const char *name, T defaultValue) const
Get a named value.
Definition: cryptlib.h:350
void DEREncodePublicKey(BufferedTransformation &bt) const
encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header ...
Definition: rsa.cpp:56
Definition: asn.h:30
void MessageEnd()
Definition: asn.cpp:524
#define NAMESPACE_BEGIN(x)
Definition: config.h:200
bool FIPS_140_2_ComplianceEnabled()
Determines whether the library provides FIPS validated cryptography.
Definition: fips140.cpp:29
void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size)
decode privateKey part of privateKeyInfo, without the OCTET STRING header
Definition: rsa.cpp:196
CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const
Get a named value with type int.
Definition: cryptlib.h:373
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Definition: rsa.cpp:106
bool IsEven() const
Determines if the Integer is even parity.
Definition: integer.h:342
Integer m_n
Definition: rsa.h:58
const Integer & MultiplicativeInverse(const Integer &a) const
Calculate the multiplicative inverse of an element in the ring.
Definition: modarith.h:190
Some other error occurred not belonging to other categories.
Definition: cryptlib.h:159
ASN.1 object identifiers for algorthms and schemes.
const Integer & Square(const Integer &a) const
Square an element in the ring.
Definition: modarith.h:177
Ring of congruence classes modulo n.
Definition: modarith.h:34
Interface for random number generators.
Definition: cryptlib.h:1188
void Randomize(RandomNumberGenerator &rng, size_t bitCount)
Set this Integer to random integer.
Definition: integer.cpp:3458
Integer m_e
Definition: rsa.h:58
BER Sequence Decoder.
Definition: asn.h:303
Interface for buffered transformations.
Definition: cryptlib.h:1352
static const Integer &CRYPTOPP_API One()
Integer representing 1.
Definition: integer.cpp:3035
bool IsAcceptable(const Integer &candidate) const
Definition: rsa.cpp:102
bool VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level)
Verifies a prime number.
Definition: nbtheory.cpp:249
void version()
Definition: main.cpp:53
void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size)
decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header ...
Definition: rsa.cpp:48
Integer GCD(const Integer &a, const Integer &b)
Definition: nbtheory.h:105
#define a(i)
const Integer & Multiply(const Integer &a, const Integer &b) const
Multiplies elements in the ring.
Definition: modarith.h:170
#define x(i)
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition: rsa.cpp:247
const char * source
Definition: rpcconsole.cpp:60
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &e=17)
Create a RSA private key.
Definition: rsa.cpp:147
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:498
const char * name
Definition: rest.cpp:36
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition: rsa.cpp:88
Integer ApplyFunction(const Integer &x) const
Applies the trapdoor.
Definition: rsa.cpp:294
void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
Definition: fips140.cpp:70
Application callback to signal suitability of a cabdidate prime.
Definition: nbtheory.h:80
Multiple precision integer with arithmetic operations.
Definition: integer.h:43
Integer LCM(const Integer &a, const Integer &b)
Definition: nbtheory.h:109
Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
Calculates the inverse of an element.
Definition: rsa.cpp:300
void DEREncodePrivateKey(BufferedTransformation &bt) const
encode privateKey part of privateKeyInfo, without the OCTET STRING header
Definition: rsa.cpp:212
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition: rsa.cpp:280
AssignFromHelperClass< T, BASE > AssignFromHelper(T *pObject, const NameValuePairs &source)
Definition: algparam.h:286
#define b(i, j)
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition: misc.h:477
#define CRYPTOPP_ASSERT(exp)
Definition: trap.h:92
bool IsZero() const
Determines if the Integer is 0.
Definition: integer.h:324
Classes and functions for working with ANS.1 objects.
Classes for SHA-1 and SHA-2 family of message digests.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: rsa.cpp:80
void MessageEnd()
Definition: asn.cpp:456
#define CRYPTOPP_SET_FUNCTION_ENTRY(name)
Definition: algparam.h:505
Classes and functions for number theoretic operations.
void DEREncode(BufferedTransformation &bt) const
Encode in DER format.
Definition: integer.cpp:3391
DER Sequence Encoder.
Definition: asn.h:313
Classes for the RSA cryptosystem.
#define pass(a, b, c, mul, X)
Classes and functions for the FIPS 140-2 validated library.
#define CRYPTOPP_GET_FUNCTION_ENTRY(name)
Definition: algparam.h:504
#define CRYPTOPP_UNUSED(x)
Definition: config.h:741
RandomNumberGenerator & NullRNG()
Random Number Generator that does not produce random numbers.
Definition: cryptlib.cpp:402
Integer m_e
Definition: rsa.cpp:103
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: rsa.cpp:268
bool RelativelyPrime(const Integer &a, const Integer &b)
Definition: nbtheory.h:107
An object that implements NameValuePairs.
Definition: algparam.h:433
Integer InverseMod(const Integer &n) const
calculate multiplicative inverse of *this mod n
Definition: integer.cpp:4370
RSA encryption algorithm.
Definition: rsa.h:178
#define NAMESPACE_END
Definition: config.h:201
#define e(i)
Definition: sha.cpp:733
void BERDecode(const byte *input, size_t inputLen)
Decode from BER format.
Definition: integer.cpp:3398
Class file for performing modular arithmetic.
Integer ApplyFunction(const Integer &x) const
Applies the trapdoor.
Definition: rsa.cpp:64
RSAPrimeSelector(const Integer &e)
Definition: rsa.cpp:101
#define d(i)
Definition: sha.cpp:732
Integer a_exp_b_mod_c(const Integer &x, const Integer &e, const Integer &m)
Definition: integer.cpp:4359
unsigned int word32
Definition: config.h:231
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition: rsa.cpp:70
const PrimeSelector * GetSelectorPointer() const
Definition: nbtheory.h:83
Object Identifier.
Definition: asn.h:166
Classes for probablistic signature schemes.
Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
Calculates the inverse of an element.
Definition: rsa.cpp:227
virtual Element Exponentiate(const Element &a, const Integer &e) const
Raises a base to an exponent in the group.
Definition: algebra.cpp:316
RSA trapdoor function using the public key.
Definition: rsa.h:24
Interface for retrieving values given their names.
Definition: cryptlib.h:279
void DoQuickSanityCheck() const
Perform a quick sanity check.
Definition: cryptlib.h:2145
Template implementing constructors for public key algorithm classes.
Definition: pubkey.h:1989
GetValueHelperClass< T, BASE > GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL)
Definition: algparam.h:224