Botan 2.19.1
Crypto and TLS for C&
rsa.cpp
Go to the documentation of this file.
1/*
2* RSA
3* (C) 1999-2010,2015,2016,2018,2019 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/rsa.h>
9#include <botan/internal/pk_ops_impl.h>
10#include <botan/keypair.h>
11#include <botan/blinding.h>
12#include <botan/reducer.h>
13#include <botan/workfactor.h>
14#include <botan/der_enc.h>
15#include <botan/ber_dec.h>
16#include <botan/monty.h>
17#include <botan/divide.h>
18#include <botan/internal/monty_exp.h>
19
20#if defined(BOTAN_HAS_OPENSSL)
21 #include <botan/internal/openssl.h>
22#endif
23
24#if defined(BOTAN_HAS_THREAD_UTILS)
25 #include <botan/internal/thread_pool.h>
26#endif
27
28namespace Botan {
29
30class RSA_Public_Data final
31 {
32 public:
33 RSA_Public_Data(BigInt&& n, BigInt&& e) :
34 m_n(n),
35 m_e(e),
36 m_monty_n(std::make_shared<Montgomery_Params>(m_n)),
37 m_public_modulus_bits(m_n.bits()),
38 m_public_modulus_bytes(m_n.bytes())
39 {}
40
41 BigInt public_op(const BigInt& m) const
42 {
43 const size_t powm_window = 1;
44 auto powm_m_n = monty_precompute(m_monty_n, m, powm_window, false);
45 return monty_execute_vartime(*powm_m_n, m_e);
46 }
47
48 const BigInt& get_n() const { return m_n; }
49 const BigInt& get_e() const { return m_e; }
50 size_t public_modulus_bits() const { return m_public_modulus_bits; }
51 size_t public_modulus_bytes() const { return m_public_modulus_bytes; }
52
53 private:
54 BigInt m_n;
55 BigInt m_e;
56 std::shared_ptr<const Montgomery_Params> m_monty_n;
57 size_t m_public_modulus_bits;
58 size_t m_public_modulus_bytes;
59 };
60
61class RSA_Private_Data final
62 {
63 public:
64 RSA_Private_Data(BigInt&& d, BigInt&& p, BigInt&& q,
65 BigInt&& d1, BigInt&& d2, BigInt&& c) :
66 m_d(d),
67 m_p(p),
68 m_q(q),
69 m_d1(d1),
70 m_d2(d2),
71 m_c(c),
72 m_mod_p(m_p),
73 m_mod_q(m_q),
74 m_monty_p(std::make_shared<Montgomery_Params>(m_p, m_mod_p)),
75 m_monty_q(std::make_shared<Montgomery_Params>(m_q, m_mod_q)),
76 m_p_bits(m_p.bits()),
77 m_q_bits(m_q.bits())
78 {}
79
80 const BigInt& get_d() const { return m_d; }
81 const BigInt& get_p() const { return m_p; }
82 const BigInt& get_q() const { return m_q; }
83 const BigInt& get_d1() const { return m_d1; }
84 const BigInt& get_d2() const { return m_d2; }
85 const BigInt& get_c() const { return m_c; }
86
87 //private:
88 BigInt m_d;
89 BigInt m_p;
90 BigInt m_q;
91 BigInt m_d1;
92 BigInt m_d2;
93 BigInt m_c;
94
95 Modular_Reducer m_mod_p;
96 Modular_Reducer m_mod_q;
97 std::shared_ptr<const Montgomery_Params> m_monty_p;
98 std::shared_ptr<const Montgomery_Params> m_monty_q;
99 size_t m_p_bits;
100 size_t m_q_bits;
101 };
102
103std::shared_ptr<const RSA_Public_Data> RSA_PublicKey::public_data() const
104 {
105 return m_public;
106 }
107
108const BigInt& RSA_PublicKey::get_n() const { return m_public->get_n(); }
109const BigInt& RSA_PublicKey::get_e() const { return m_public->get_e(); }
110
112 {
113 if(n.is_negative() || n.is_even() || e.is_negative() || e.is_even())
114 throw Decoding_Error("Invalid RSA public key parameters");
115 m_public = std::make_shared<RSA_Public_Data>(std::move(n), std::move(e));
116 }
117
119 const std::vector<uint8_t>& key_bits)
120 {
121 BigInt n, e;
122 BER_Decoder(key_bits)
124 .decode(n)
125 .decode(e)
126 .end_cons();
127
128 init(std::move(n), std::move(e));
129 }
130
131RSA_PublicKey::RSA_PublicKey(const BigInt& modulus, const BigInt& exponent)
132 {
133 BigInt n = modulus;
134 BigInt e = exponent;
135 init(std::move(n), std::move(e));
136 }
137
139 {
140 return m_public->public_modulus_bits();
141 }
142
144 {
145 return if_work_factor(key_length());
146 }
147
149 {
151 }
152
153std::vector<uint8_t> RSA_PublicKey::public_key_bits() const
154 {
155 std::vector<uint8_t> output;
156 DER_Encoder der(output);
158 .encode(get_n())
159 .encode(get_e())
160 .end_cons();
161
162 return output;
163 }
164
165/*
166* Check RSA Public Parameters
167*/
169 {
170 if(get_n() < 35 || get_n().is_even() || get_e() < 3 || get_e().is_even())
171 return false;
172 return true;
173 }
174
175std::shared_ptr<const RSA_Private_Data> RSA_PrivateKey::private_data() const
176 {
177 return m_private;
178 }
179
181 {
182 return DER_Encoder()
184 .encode(static_cast<size_t>(0))
185 .encode(get_n())
186 .encode(get_e())
187 .encode(get_d())
188 .encode(get_p())
189 .encode(get_q())
190 .encode(get_d1())
191 .encode(get_d2())
192 .encode(get_c())
193 .end_cons()
194 .get_contents();
195 }
196
197const BigInt& RSA_PrivateKey::get_p() const { return m_private->get_p(); }
198const BigInt& RSA_PrivateKey::get_q() const { return m_private->get_q(); }
199const BigInt& RSA_PrivateKey::get_d() const { return m_private->get_d(); }
200const BigInt& RSA_PrivateKey::get_c() const { return m_private->get_c(); }
201const BigInt& RSA_PrivateKey::get_d1() const { return m_private->get_d1(); }
202const BigInt& RSA_PrivateKey::get_d2() const { return m_private->get_d2(); }
203
204void RSA_PrivateKey::init(BigInt&& d, BigInt&& p, BigInt&& q,
205 BigInt&& d1, BigInt&& d2, BigInt&& c)
206 {
207 m_private = std::make_shared<RSA_Private_Data>(
208 std::move(d), std::move(p), std::move(q), std::move(d1), std::move(d2), std::move(c));
209 }
210
212 const secure_vector<uint8_t>& key_bits)
213 {
214 BigInt n, e, d, p, q, d1, d2, c;
215
216 BER_Decoder(key_bits)
218 .decode_and_check<size_t>(0, "Unknown PKCS #1 key format version")
219 .decode(n)
220 .decode(e)
221 .decode(d)
222 .decode(p)
223 .decode(q)
224 .decode(d1)
225 .decode(d2)
226 .decode(c)
227 .end_cons();
228
229 RSA_PublicKey::init(std::move(n), std::move(e));
230
231 RSA_PrivateKey::init(std::move(d), std::move(p), std::move(q),
232 std::move(d1), std::move(d2), std::move(c));
233 }
234
236 const BigInt& prime2,
237 const BigInt& exp,
238 const BigInt& d_exp,
239 const BigInt& mod)
240 {
241 BigInt p = prime1;
242 BigInt q = prime2;
243 BigInt n = mod;
244 if(n.is_zero())
245 n = p * q;
246
247 BigInt e = exp;
248
249 BigInt d = d_exp;
250
251 const BigInt p_minus_1 = p - 1;
252 const BigInt q_minus_1 = q - 1;
253
254 if(d.is_zero())
255 {
256 const BigInt phi_n = lcm(p_minus_1, q_minus_1);
257 d = inverse_mod(e, phi_n);
258 }
259
260 BigInt d1 = ct_modulo(d, p_minus_1);
261 BigInt d2 = ct_modulo(d, q_minus_1);
262 BigInt c = inverse_mod(q, p);
263
264 RSA_PublicKey::init(std::move(n), std::move(e));
265
266 RSA_PrivateKey::init(std::move(d), std::move(p), std::move(q),
267 std::move(d1), std::move(d2), std::move(c));
268 }
269
270/*
271* Create a RSA private key
272*/
274 size_t bits, size_t exp)
275 {
276 if(bits < 1024)
277 throw Invalid_Argument(algo_name() + ": Can't make a key that is only " +
278 std::to_string(bits) + " bits long");
279 if(exp < 3 || exp % 2 == 0)
280 throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
281
282 BigInt n, e, d, p, q, d1, d2, c;
283
284 e = exp;
285
286 const size_t p_bits = (bits + 1) / 2;
287 const size_t q_bits = bits - p_bits;
288
289 do
290 {
291 // TODO could generate primes in thread pool
292 p = generate_rsa_prime(rng, rng, p_bits, e);
293 q = generate_rsa_prime(rng, rng, q_bits, e);
294
295 if(p == q)
296 throw Internal_Error("RNG failure during RSA key generation");
297
298 n = p * q;
299 } while(n.bits() != bits);
300
301 const BigInt p_minus_1 = p - 1;
302 const BigInt q_minus_1 = q - 1;
303
304 const BigInt phi_n = lcm(p_minus_1, q_minus_1);
305 d = inverse_mod(e, phi_n);
306 d1 = ct_modulo(d, p_minus_1);
307 d2 = ct_modulo(d, q_minus_1);
308 c = inverse_mod(q, p);
309
310 RSA_PublicKey::init(std::move(n), std::move(e));
311
312 RSA_PrivateKey::init(std::move(d), std::move(p), std::move(q),
313 std::move(d1), std::move(d2), std::move(c));
314 }
315
316/*
317* Check Private RSA Parameters
318*/
320 {
321 if(get_n() < 35 || get_n().is_even() || get_e() < 3 || get_e().is_even())
322 return false;
323
324 if(get_d() < 2 || get_p() < 3 || get_q() < 3)
325 return false;
326
327 if(get_p() * get_q() != get_n())
328 return false;
329
330 if(get_p() == get_q())
331 return false;
332
333 if(get_d1() != ct_modulo(get_d(), get_p() - 1))
334 return false;
335 if(get_d2() != ct_modulo(get_d(), get_q() - 1))
336 return false;
337 if(get_c() != inverse_mod(get_q(), get_p()))
338 return false;
339
340 const size_t prob = (strong) ? 128 : 12;
341
342 if(!is_prime(get_p(), rng, prob))
343 return false;
344 if(!is_prime(get_q(), rng, prob))
345 return false;
346
347 if(strong)
348 {
349 if(ct_modulo(get_e() * get_d(), lcm(get_p() - 1, get_q() - 1)) != 1)
350 return false;
351
352 return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-256)");
353 }
354
355 return true;
356 }
357
358namespace {
359
360/**
361* RSA private (decrypt/sign) operation
362*/
363class RSA_Private_Operation
364 {
365 protected:
366 size_t public_modulus_bits() const { return m_public->public_modulus_bits(); }
367 size_t public_modulus_bytes() const { return m_public->public_modulus_bytes(); }
368
369 explicit RSA_Private_Operation(const RSA_PrivateKey& rsa, RandomNumberGenerator& rng) :
370 m_public(rsa.public_data()),
371 m_private(rsa.private_data()),
372 m_blinder(m_public->get_n(), rng,
373 [this](const BigInt& k) { return m_public->public_op(k); },
374 [this](const BigInt& k) { return inverse_mod(k, m_public->get_n()); }),
375 m_blinding_bits(64),
376 m_max_d1_bits(m_private->m_p_bits + m_blinding_bits),
377 m_max_d2_bits(m_private->m_q_bits + m_blinding_bits)
378 {
379 }
380
381 secure_vector<uint8_t> raw_op(const uint8_t input[], size_t input_len)
382 {
383 const BigInt input_bn(input, input_len);
384 if(input_bn >= m_public->get_n())
385 throw Invalid_Argument("RSA private op - input is too large");
386
387 // TODO: This should be a function on blinder
388 // BigInt Blinder::run_blinded_function(std::function<BigInt, BigInt> fn, const BigInt& input);
389
390 const BigInt recovered = m_blinder.unblind(rsa_private_op(m_blinder.blind(input_bn)));
391 BOTAN_ASSERT(input_bn == m_public->public_op(recovered), "RSA consistency check");
392 return BigInt::encode_1363(recovered, m_public->public_modulus_bytes());
393 }
394
395 private:
396
397 BigInt rsa_private_op(const BigInt& m) const
398 {
399 /*
400 TODO
401 Consider using Montgomery reduction instead of Barrett, using
402 the "Smooth RSA-CRT" method. https://eprint.iacr.org/2007/039.pdf
403 */
404
405 static constexpr size_t powm_window = 4;
406
407 // Compute this in main thread to avoid racing on the rng
408 const BigInt d1_mask(m_blinder.rng(), m_blinding_bits);
409
410#if defined(BOTAN_HAS_THREAD_UTILS) && !defined(BOTAN_HAS_VALGRIND)
411 #define BOTAN_RSA_USE_ASYNC
412#endif
413
414#if defined(BOTAN_RSA_USE_ASYNC)
415 /*
416 * Precompute m.sig_words in the main thread before calling async. Otherwise
417 * the two threads race (during Modular_Reducer::reduce) and while the output
418 * is correct in both threads, helgrind warns.
419 */
420 m.sig_words();
421
422 auto future_j1 = Thread_Pool::global_instance().run([this, &m, &d1_mask]() {
423#endif
424 const BigInt masked_d1 = m_private->get_d1() + (d1_mask * (m_private->get_p() - 1));
425 auto powm_d1_p = monty_precompute(m_private->m_monty_p, m_private->m_mod_p.reduce(m), powm_window);
426 BigInt j1 = monty_execute(*powm_d1_p, masked_d1, m_max_d1_bits);
427
428#if defined(BOTAN_RSA_USE_ASYNC)
429 return j1;
430 });
431#endif
432
433 const BigInt d2_mask(m_blinder.rng(), m_blinding_bits);
434 const BigInt masked_d2 = m_private->get_d2() + (d2_mask * (m_private->get_q() - 1));
435 auto powm_d2_q = monty_precompute(m_private->m_monty_q, m_private->m_mod_q.reduce(m), powm_window);
436 const BigInt j2 = monty_execute(*powm_d2_q, masked_d2, m_max_d2_bits);
437
438#if defined(BOTAN_RSA_USE_ASYNC)
439 BigInt j1 = future_j1.get();
440#endif
441
442 /*
443 * To recover the final value from the CRT representation (j1,j2)
444 * we use Garner's algorithm:
445 * c = q^-1 mod p (this is precomputed)
446 * h = c*(j1-j2) mod p
447 * m = j2 + h*q
448 *
449 * We must avoid leaking if j1 >= j2 or not, as doing so allows deriving
450 * information about the secret prime. Do this by first adding p to j1,
451 * which should ensure the subtraction of j2 does not underflow. But
452 * this may still underflow if p and q are imbalanced in size.
453 */
454
455 j1 = m_private->m_mod_p.multiply(m_private->m_mod_p.reduce((m_private->get_p() + j1) - j2), m_private->get_c());
456 return mul_add(j1, m_private->get_q(), j2);
457 }
458
459 std::shared_ptr<const RSA_Public_Data> m_public;
460 std::shared_ptr<const RSA_Private_Data> m_private;
461
462 // XXX could the blinder starting pair be shared?
463 Blinder m_blinder;
464 const size_t m_blinding_bits;
465 const size_t m_max_d1_bits;
466 const size_t m_max_d2_bits;
467 };
468
469class RSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA,
470 private RSA_Private_Operation
471 {
472 public:
473 size_t max_input_bits() const override { return public_modulus_bits() - 1; }
474
475 size_t signature_length() const override { return public_modulus_bytes(); }
476
477 RSA_Signature_Operation(const RSA_PrivateKey& rsa, const std::string& emsa, RandomNumberGenerator& rng) :
478 PK_Ops::Signature_with_EMSA(emsa),
479 RSA_Private_Operation(rsa, rng)
480 {
481 }
482
483 secure_vector<uint8_t> raw_sign(const uint8_t input[], size_t input_len,
484 RandomNumberGenerator&) override
485 {
486 return raw_op(input, input_len);
487 }
488 };
489
490class RSA_Decryption_Operation final : public PK_Ops::Decryption_with_EME,
491 private RSA_Private_Operation
492 {
493 public:
494
495 RSA_Decryption_Operation(const RSA_PrivateKey& rsa, const std::string& eme, RandomNumberGenerator& rng) :
496 PK_Ops::Decryption_with_EME(eme),
497 RSA_Private_Operation(rsa, rng)
498 {
499 }
500
501 size_t plaintext_length(size_t) const override { return public_modulus_bytes(); }
502
503 secure_vector<uint8_t> raw_decrypt(const uint8_t input[], size_t input_len) override
504 {
505 return raw_op(input, input_len);
506 }
507 };
508
509class RSA_KEM_Decryption_Operation final : public PK_Ops::KEM_Decryption_with_KDF,
510 private RSA_Private_Operation
511 {
512 public:
513
514 RSA_KEM_Decryption_Operation(const RSA_PrivateKey& key,
515 const std::string& kdf,
516 RandomNumberGenerator& rng) :
517 PK_Ops::KEM_Decryption_with_KDF(kdf),
518 RSA_Private_Operation(key, rng)
519 {}
520
521 secure_vector<uint8_t>
522 raw_kem_decrypt(const uint8_t encap_key[], size_t len) override
523 {
524 return raw_op(encap_key, len);
525 }
526 };
527
528/**
529* RSA public (encrypt/verify) operation
530*/
531class RSA_Public_Operation
532 {
533 public:
534 explicit RSA_Public_Operation(const RSA_PublicKey& rsa) :
535 m_public(rsa.public_data())
536 {}
537
538 size_t get_max_input_bits() const
539 {
540 const size_t n_bits = m_public->public_modulus_bits();
541
542 /*
543 Make Coverity happy that n_bits - 1 won't underflow
544
545 5 bit minimum: smallest possible RSA key is 3*5
546 */
547 BOTAN_ASSERT_NOMSG(n_bits >= 5);
548 return n_bits - 1;
549 }
550
551 protected:
552 BigInt public_op(const BigInt& m) const
553 {
554 if(m >= m_public->get_n())
555 throw Invalid_Argument("RSA public op - input is too large");
556
557 return m_public->public_op(m);
558 }
559
560 size_t public_modulus_bytes() const { return m_public->public_modulus_bytes(); }
561
562 const BigInt& get_n() const { return m_public->get_n(); }
563
564 std::shared_ptr<const RSA_Public_Data> m_public;
565 };
566
567class RSA_Encryption_Operation final : public PK_Ops::Encryption_with_EME,
568 private RSA_Public_Operation
569 {
570 public:
571
572 RSA_Encryption_Operation(const RSA_PublicKey& rsa, const std::string& eme) :
573 PK_Ops::Encryption_with_EME(eme),
574 RSA_Public_Operation(rsa)
575 {
576 }
577
578 size_t ciphertext_length(size_t) const override { return public_modulus_bytes(); }
579
580 size_t max_raw_input_bits() const override { return get_max_input_bits(); }
581
582 secure_vector<uint8_t> raw_encrypt(const uint8_t input[], size_t input_len,
583 RandomNumberGenerator&) override
584 {
585 BigInt input_bn(input, input_len);
586 return BigInt::encode_1363(public_op(input_bn), public_modulus_bytes());
587 }
588 };
589
590class RSA_Verify_Operation final : public PK_Ops::Verification_with_EMSA,
591 private RSA_Public_Operation
592 {
593 public:
594
595 size_t max_input_bits() const override { return get_max_input_bits(); }
596
597 RSA_Verify_Operation(const RSA_PublicKey& rsa, const std::string& emsa) :
598 PK_Ops::Verification_with_EMSA(emsa),
599 RSA_Public_Operation(rsa)
600 {
601 }
602
603 bool with_recovery() const override { return true; }
604
605 secure_vector<uint8_t> verify_mr(const uint8_t input[], size_t input_len) override
606 {
607 BigInt input_bn(input, input_len);
608 return BigInt::encode_locked(public_op(input_bn));
609 }
610 };
611
612class RSA_KEM_Encryption_Operation final : public PK_Ops::KEM_Encryption_with_KDF,
613 private RSA_Public_Operation
614 {
615 public:
616
617 RSA_KEM_Encryption_Operation(const RSA_PublicKey& key,
618 const std::string& kdf) :
619 PK_Ops::KEM_Encryption_with_KDF(kdf),
620 RSA_Public_Operation(key) {}
621
622 private:
623 void raw_kem_encrypt(secure_vector<uint8_t>& out_encapsulated_key,
624 secure_vector<uint8_t>& raw_shared_key,
625 Botan::RandomNumberGenerator& rng) override
626 {
627 const BigInt r = BigInt::random_integer(rng, 1, get_n());
628 const BigInt c = public_op(r);
629
630 out_encapsulated_key = BigInt::encode_locked(c);
631 raw_shared_key = BigInt::encode_locked(r);
632 }
633 };
634
635}
636
637std::unique_ptr<PK_Ops::Encryption>
639 const std::string& params,
640 const std::string& provider) const
641 {
642#if defined(BOTAN_HAS_OPENSSL)
643 if(provider == "openssl" || provider.empty())
644 {
645 try
646 {
647 return make_openssl_rsa_enc_op(*this, params);
648 }
649 catch(Exception& e)
650 {
651 /*
652 * If OpenSSL for some reason could not handle this (eg due to OAEP params),
653 * throw if openssl was specifically requested but otherwise just fall back
654 * to the normal version.
655 */
656 if(provider == "openssl")
657 throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what()));
658 }
659 }
660#endif
661
662 if(provider == "base" || provider.empty())
663 return std::unique_ptr<PK_Ops::Encryption>(new RSA_Encryption_Operation(*this, params));
664 throw Provider_Not_Found(algo_name(), provider);
665 }
666
667std::unique_ptr<PK_Ops::KEM_Encryption>
669 const std::string& params,
670 const std::string& provider) const
671 {
672 if(provider == "base" || provider.empty())
673 return std::unique_ptr<PK_Ops::KEM_Encryption>(new RSA_KEM_Encryption_Operation(*this, params));
674 throw Provider_Not_Found(algo_name(), provider);
675 }
676
677std::unique_ptr<PK_Ops::Verification>
679 const std::string& provider) const
680 {
681#if defined(BOTAN_HAS_OPENSSL)
682 if(provider == "openssl" || provider.empty())
683 {
684 std::unique_ptr<PK_Ops::Verification> res = make_openssl_rsa_ver_op(*this, params);
685 if(res)
686 return res;
687 }
688#endif
689
690 if(provider == "base" || provider.empty())
691 return std::unique_ptr<PK_Ops::Verification>(new RSA_Verify_Operation(*this, params));
692
693 throw Provider_Not_Found(algo_name(), provider);
694 }
695
696std::unique_ptr<PK_Ops::Decryption>
698 const std::string& params,
699 const std::string& provider) const
700 {
701#if defined(BOTAN_HAS_OPENSSL)
702 if(provider == "openssl" || provider.empty())
703 {
704 try
705 {
706 return make_openssl_rsa_dec_op(*this, params);
707 }
708 catch(Exception& e)
709 {
710 if(provider == "openssl")
711 throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what()));
712 }
713 }
714#endif
715
716 if(provider == "base" || provider.empty())
717 return std::unique_ptr<PK_Ops::Decryption>(new RSA_Decryption_Operation(*this, params, rng));
718
719 throw Provider_Not_Found(algo_name(), provider);
720 }
721
722std::unique_ptr<PK_Ops::KEM_Decryption>
724 const std::string& params,
725 const std::string& provider) const
726 {
727 if(provider == "base" || provider.empty())
728 return std::unique_ptr<PK_Ops::KEM_Decryption>(new RSA_KEM_Decryption_Operation(*this, params, rng));
729
730 throw Provider_Not_Found(algo_name(), provider);
731 }
732
733std::unique_ptr<PK_Ops::Signature>
735 const std::string& params,
736 const std::string& provider) const
737 {
738#if defined(BOTAN_HAS_OPENSSL)
739 if(provider == "openssl" || provider.empty())
740 {
741 std::unique_ptr<PK_Ops::Signature> res = make_openssl_rsa_sig_op(*this, params);
742 if(res)
743 return res;
744 }
745#endif
746
747 if(provider == "base" || provider.empty())
748 return std::unique_ptr<PK_Ops::Signature>(new RSA_Signature_Operation(*this, params, rng));
749
750 throw Provider_Not_Found(algo_name(), provider);
751 }
752
753}
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:68
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:290
BER_Decoder & decode(bool &out)
Definition: ber_dec.h:170
BER_Decoder & decode_and_check(const T &expected, const std::string &error_msg)
Definition: ber_dec.h:277
BER_Decoder & end_cons()
Definition: ber_dec.cpp:300
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition: big_rand.cpp:45
static secure_vector< uint8_t > encode_locked(const BigInt &n)
Definition: bigint.h:782
size_t bits() const
Definition: bigint.cpp:296
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:111
bool is_zero() const
Definition: bigint.h:421
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:152
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: der_enc.cpp:181
DER_Encoder & end_cons()
Definition: der_enc.cpp:191
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:285
const char * what() const noexcept override
Definition: exceptn.h:96
virtual OID get_oid() const
Definition: pk_keys.cpp:53
std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:697
const BigInt & get_q() const
Definition: rsa.cpp:198
std::shared_ptr< const RSA_Private_Data > private_data() const
Definition: rsa.cpp:175
const BigInt & get_c() const
Definition: rsa.cpp:200
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:734
const BigInt & get_p() const
Definition: rsa.cpp:197
const BigInt & get_d2() const
Definition: rsa.cpp:202
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition: rsa.cpp:319
const BigInt & get_d() const
Definition: rsa.cpp:199
secure_vector< uint8_t > private_key_bits() const override
Definition: rsa.cpp:180
RSA_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
Definition: rsa.cpp:211
std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:723
const BigInt & get_d1() const
Definition: rsa.cpp:201
std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:668
void init(BigInt &&n, BigInt &&e)
Definition: rsa.cpp:111
size_t key_length() const override
Definition: rsa.cpp:138
std::string algo_name() const override
Definition: rsa.h:43
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:678
std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:638
const BigInt & get_n() const
Definition: rsa.cpp:108
size_t estimated_strength() const override
Definition: rsa.cpp:143
AlgorithmIdentifier algorithm_identifier() const override
Definition: rsa.cpp:148
std::vector< uint8_t > public_key_bits() const override
Definition: rsa.cpp:153
std::shared_ptr< const RSA_Public_Data > m_public
Definition: rsa.h:86
std::shared_ptr< const RSA_Public_Data > public_data() const
Definition: rsa.cpp:103
const BigInt & get_e() const
Definition: rsa.cpp:109
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition: rsa.cpp:168
auto run(F &&f, Args &&... args) -> std::future< typename std::result_of< F(Args...)>::type >
Definition: thread_pool.h:57
static Thread_Pool & global_instance()
Definition: thread_pool.cpp:15
int(* final)(unsigned char *, CTX *)
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, const std::string &padding)
Definition: keypair.cpp:49
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:68
Definition: alg_id.cpp:13
BigInt lcm(const BigInt &a, const BigInt &b)
Definition: numthry.cpp:143
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:228
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute(std::shared_ptr< const Montgomery_Params > params, const BigInt &g, size_t window_bits, bool const_time)
Definition: monty_exp.cpp:157
BigInt generate_rsa_prime(RandomNumberGenerator &keygen_rng, RandomNumberGenerator &prime_test_rng, size_t bits, const BigInt &coprime, size_t prob)
Definition: make_prm.cpp:197
size_t if_work_factor(size_t bits)
Definition: workfactor.cpp:38
@ SEQUENCE
Definition: asn1_obj.h:42
BigInt monty_execute_vartime(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k)
Definition: monty_exp.cpp:171
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: mod_inv.cpp:250
BigInt monty_execute(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
Definition: monty_exp.cpp:165
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
BigInt mul_add(const BigInt &a, const BigInt &b, const BigInt &c)
Definition: mp_numth.cpp:30
BigInt ct_modulo(const BigInt &x, const BigInt &y)
Definition: divide.cpp:118
Definition: bigint.h:1143