Botan  2.7.0
Crypto and TLS for C++11
rsa.cpp
Go to the documentation of this file.
1 /*
2 * RSA
3 * (C) 1999-2010,2015,2016,2018 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/rsa.h>
9 #include <botan/internal/pk_ops_impl.h>
10 #include <botan/keypair.h>
11 #include <botan/blinding.h>
12 #include <botan/reducer.h>
13 #include <botan/workfactor.h>
14 #include <botan/der_enc.h>
15 #include <botan/ber_dec.h>
16 #include <botan/pow_mod.h>
17 #include <botan/monty.h>
18 #include <botan/internal/monty_exp.h>
19 
20 #if defined(BOTAN_HAS_OPENSSL)
21  #include <botan/internal/openssl.h>
22 #endif
23 
24 #if defined(BOTAN_TARGET_OS_HAS_THREADS)
25  #include <future>
26 #endif
27 
28 namespace Botan {
29 
31  {
32  return m_n.bits();
33  }
34 
36  {
37  return if_work_factor(key_length());
38  }
39 
41  {
44  }
45 
46 std::vector<uint8_t> RSA_PublicKey::public_key_bits() const
47  {
48  std::vector<uint8_t> output;
49  DER_Encoder der(output);
50  der.start_cons(SEQUENCE)
51  .encode(m_n)
52  .encode(m_e)
53  .end_cons();
54 
55  return output;
56  }
57 
59  const std::vector<uint8_t>& key_bits)
60  {
61  BER_Decoder(key_bits)
63  .decode(m_n)
64  .decode(m_e)
65  .end_cons();
66  }
67 
68 /*
69 * Check RSA Public Parameters
70 */
72  {
73  if(m_n < 35 || m_n.is_even() || m_e < 3 || m_e.is_even())
74  return false;
75  return true;
76  }
77 
79  {
80  return DER_Encoder()
82  .encode(static_cast<size_t>(0))
83  .encode(m_n)
84  .encode(m_e)
85  .encode(m_d)
86  .encode(m_p)
87  .encode(m_q)
88  .encode(m_d1)
89  .encode(m_d2)
90  .encode(m_c)
91  .end_cons()
92  .get_contents();
93  }
94 
96  const secure_vector<uint8_t>& key_bits)
97  {
98  BER_Decoder(key_bits)
100  .decode_and_check<size_t>(0, "Unknown PKCS #1 key format version")
101  .decode(m_n)
102  .decode(m_e)
103  .decode(m_d)
104  .decode(m_p)
105  .decode(m_q)
106  .decode(m_d1)
107  .decode(m_d2)
108  .decode(m_c)
109  .end_cons();
110  }
111 
113  const BigInt& prime2,
114  const BigInt& exp,
115  const BigInt& d_exp,
116  const BigInt& mod) :
117  m_d{ d_exp }, m_p{ prime1 }, m_q{ prime2 }, m_d1{}, m_d2{}, m_c{ inverse_mod( m_q, m_p ) }
118  {
119  m_n = mod.is_nonzero() ? mod : m_p * m_q;
120  m_e = exp;
121 
122  if(m_d == 0)
123  {
124  const BigInt phi_n = lcm(m_p - 1, m_q - 1);
125  m_d = inverse_mod(m_e, phi_n);
126  }
127 
128  m_d1 = m_d % (m_p - 1);
129  m_d2 = m_d % (m_q - 1);
130  }
131 
132 /*
133 * Create a RSA private key
134 */
136  size_t bits, size_t exp)
137  {
138  if(bits < 1024)
139  throw Invalid_Argument(algo_name() + ": Can't make a key that is only " +
140  std::to_string(bits) + " bits long");
141  if(exp < 3 || exp % 2 == 0)
142  throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
143 
144  m_e = exp;
145 
146  const size_t p_bits = (bits + 1) / 2;
147  const size_t q_bits = bits - p_bits;
148 
149  do
150  {
151  m_p = generate_rsa_prime(rng, rng, p_bits, m_e);
152  m_q = generate_rsa_prime(rng, rng, q_bits, m_e);
153  m_n = m_p * m_q;
154  } while(m_n.bits() != bits);
155 
156  // FIXME: lcm calls gcd which is not const time
157  const BigInt phi_n = lcm(m_p - 1, m_q - 1);
158  // FIXME: this uses binary ext gcd because phi_n is even
159  m_d = inverse_mod(m_e, phi_n);
160  m_d1 = m_d % (m_p - 1);
161  m_d2 = m_d % (m_q - 1);
162  m_c = inverse_mod(m_q, m_p);
163  }
164 
165 /*
166 * Check Private RSA Parameters
167 */
169  {
170  if(m_n < 35 || m_n.is_even() || m_e < 3 || m_e.is_even())
171  return false;
172 
173  if(m_d < 2 || m_p < 3 || m_q < 3 || m_p*m_q != m_n)
174  return false;
175 
176  if(m_d1 != m_d % (m_p - 1) || m_d2 != m_d % (m_q - 1) || m_c != inverse_mod(m_q, m_p))
177  return false;
178 
179  const size_t prob = (strong) ? 128 : 12;
180 
181  if(!is_prime(m_p, rng, prob) || !is_prime(m_q, rng, prob))
182  return false;
183 
184  if(strong)
185  {
186  if((m_e * m_d) % lcm(m_p - 1, m_q - 1) != 1)
187  return false;
188 
189  return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-256)");
190  }
191 
192  return true;
193  }
194 
195 namespace {
196 
197 /**
198 * RSA private (decrypt/sign) operation
199 */
200 class RSA_Private_Operation
201  {
202  protected:
203  size_t get_max_input_bits() const { return (m_mod_bits - 1); }
204 
205  const size_t exp_blinding_bits = 64;
206 
207  explicit RSA_Private_Operation(const RSA_PrivateKey& rsa, RandomNumberGenerator& rng) :
208  m_key(rsa),
209  m_mod_p(m_key.get_p()),
210  m_mod_q(m_key.get_q()),
211  m_monty_p(std::make_shared<Montgomery_Params>(m_key.get_p(), m_mod_p)),
212  m_monty_q(std::make_shared<Montgomery_Params>(m_key.get_q(), m_mod_q)),
213  m_powermod_e_n(m_key.get_e(), m_key.get_n()),
214  m_blinder(m_key.get_n(),
215  rng,
216  [this](const BigInt& k) { return m_powermod_e_n(k); },
217  [this](const BigInt& k) { return inverse_mod(k, m_key.get_n()); }),
218  m_blinding_bits(64),
219  m_mod_bytes(m_key.get_n().bytes()),
220  m_mod_bits(m_key.get_n().bits()),
221  m_max_d1_bits(m_key.get_p().bits() + m_blinding_bits),
222  m_max_d2_bits(m_key.get_q().bits() + m_blinding_bits)
223  {
224  }
225 
226  BigInt blinded_private_op(const BigInt& m) const
227  {
228  if(m >= m_key.get_n())
229  throw Invalid_Argument("RSA private op - input is too large");
230 
231  return m_blinder.unblind(private_op(m_blinder.blind(m)));
232  }
233 
234  BigInt private_op(const BigInt& m) const
235  {
236  const size_t powm_window = 4;
237 
238  const BigInt d1_mask(m_blinder.rng(), m_blinding_bits);
239 
240 #if defined(BOTAN_TARGET_OS_HAS_THREADS)
241  auto future_j1 = std::async(std::launch::async, [this, &m, &d1_mask, powm_window]() {
242  const BigInt masked_d1 = m_key.get_d1() + (d1_mask * (m_key.get_p() - 1));
243  auto powm_d1_p = monty_precompute(m_monty_p, m, powm_window);
244  return monty_execute(*powm_d1_p, masked_d1, m_max_d1_bits);
245  });
246 #else
247  const BigInt masked_d1 = m_key.get_d1() + (d1_mask * (m_key.get_p() - 1));
248  auto powm_d1_p = monty_precompute(m_monty_p, m, powm_window);
249  BigInt j1 = monty_execute(*powm_d1_p, masked_d1, m_max_d1_bits);
250 #endif
251 
252  const BigInt d2_mask(m_blinder.rng(), m_blinding_bits);
253  const BigInt masked_d2 = m_key.get_d2() + (d2_mask * (m_key.get_q() - 1));
254  auto powm_d2_q = monty_precompute(m_monty_q, m, powm_window);
255  const BigInt j2 = monty_execute(*powm_d2_q, masked_d2, m_max_d2_bits);
256 
257  /*
258  * To recover the final value from the CRT representation (j1,j2)
259  * we use Garner's algorithm:
260  * c = q^-1 mod p (this is precomputed)
261  * h = c*(j1-j2) mod p
262  * m = j2 + h*q
263  */
264 
265 #if defined(BOTAN_TARGET_OS_HAS_THREADS)
266  BigInt j1 = future_j1.get();
267 #endif
268 
269  /*
270  To prevent a side channel that allows detecting case where j1 < j2,
271  add p to j1 before reducing [computing c*(p+j1-j2) mod p]
272  */
273  j1 = m_mod_p.reduce(sub_mul(m_key.get_p() + j1, j2, m_key.get_c()));
274  return mul_add(j1, m_key.get_q(), j2);
275  }
276 
277  const RSA_PrivateKey& m_key;
278 
279  // TODO these could all be computed once and stored in the key object
280  Modular_Reducer m_mod_p;
281  Modular_Reducer m_mod_q;
282  std::shared_ptr<const Montgomery_Params> m_monty_p;
283  std::shared_ptr<const Montgomery_Params> m_monty_q;
284 
285  Fixed_Exponent_Power_Mod m_powermod_e_n;
286  Blinder m_blinder;
287  const size_t m_blinding_bits;
288  const size_t m_mod_bytes;
289  const size_t m_mod_bits;
290  const size_t m_max_d1_bits;
291  const size_t m_max_d2_bits;
292  };
293 
294 class RSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA,
295  private RSA_Private_Operation
296  {
297  public:
298 
299  size_t max_input_bits() const override { return get_max_input_bits(); }
300 
301  RSA_Signature_Operation(const RSA_PrivateKey& rsa, const std::string& emsa, RandomNumberGenerator& rng) :
302  PK_Ops::Signature_with_EMSA(emsa),
303  RSA_Private_Operation(rsa, rng)
304  {
305  }
306 
307  secure_vector<uint8_t> raw_sign(const uint8_t msg[], size_t msg_len,
308  RandomNumberGenerator&) override
309  {
310  const BigInt m(msg, msg_len);
311  const BigInt x = blinded_private_op(m);
312  const BigInt c = m_powermod_e_n(x);
313  BOTAN_ASSERT(m == c, "RSA sign consistency check");
314  return BigInt::encode_1363(x, m_mod_bytes);
315  }
316  };
317 
318 class RSA_Decryption_Operation final : public PK_Ops::Decryption_with_EME,
319  private RSA_Private_Operation
320  {
321  public:
322 
323  RSA_Decryption_Operation(const RSA_PrivateKey& rsa, const std::string& eme, RandomNumberGenerator& rng) :
324  PK_Ops::Decryption_with_EME(eme),
325  RSA_Private_Operation(rsa, rng)
326  {
327  }
328 
329  secure_vector<uint8_t> raw_decrypt(const uint8_t msg[], size_t msg_len) override
330  {
331  const BigInt m(msg, msg_len);
332  const BigInt x = blinded_private_op(m);
333  const BigInt c = m_powermod_e_n(x);
334  BOTAN_ASSERT(m == c, "RSA decrypt consistency check");
335  return BigInt::encode_1363(x, m_mod_bytes);
336  }
337  };
338 
339 class RSA_KEM_Decryption_Operation final : public PK_Ops::KEM_Decryption_with_KDF,
340  private RSA_Private_Operation
341  {
342  public:
343 
344  RSA_KEM_Decryption_Operation(const RSA_PrivateKey& key,
345  const std::string& kdf,
346  RandomNumberGenerator& rng) :
347  PK_Ops::KEM_Decryption_with_KDF(kdf),
348  RSA_Private_Operation(key, rng)
349  {}
350 
351  secure_vector<uint8_t>
352  raw_kem_decrypt(const uint8_t encap_key[], size_t len) override
353  {
354  const BigInt m(encap_key, len);
355  const BigInt x = blinded_private_op(m);
356  const BigInt c = m_powermod_e_n(x);
357  BOTAN_ASSERT(m == c, "RSA KEM consistency check");
358  return BigInt::encode_1363(x, m_mod_bytes);
359  }
360  };
361 
362 /**
363 * RSA public (encrypt/verify) operation
364 */
365 class RSA_Public_Operation
366  {
367  public:
368  explicit RSA_Public_Operation(const RSA_PublicKey& rsa) :
369  m_n(rsa.get_n()),
370  m_e(rsa.get_e()),
371  m_monty_n(std::make_shared<Montgomery_Params>(m_n))
372  {}
373 
374  size_t get_max_input_bits() const { return (m_n.bits() - 1); }
375 
376  protected:
377  BigInt public_op(const BigInt& m) const
378  {
379  if(m >= m_n)
380  throw Invalid_Argument("RSA public op - input is too large");
381 
382  const size_t powm_window = 1;
383 
384  auto powm_m_n = monty_precompute(m_monty_n, m, powm_window, false);
385  return monty_execute_vartime(*powm_m_n, m_e);
386  }
387 
388  const BigInt& get_n() const { return m_n; }
389 
390  const BigInt& m_n;
391  const BigInt& m_e;
392  std::shared_ptr<Montgomery_Params> m_monty_n;
393  };
394 
395 class RSA_Encryption_Operation final : public PK_Ops::Encryption_with_EME,
396  private RSA_Public_Operation
397  {
398  public:
399 
400  RSA_Encryption_Operation(const RSA_PublicKey& rsa, const std::string& eme) :
401  PK_Ops::Encryption_with_EME(eme),
402  RSA_Public_Operation(rsa)
403  {
404  }
405 
406  size_t max_raw_input_bits() const override { return get_max_input_bits(); }
407 
408  secure_vector<uint8_t> raw_encrypt(const uint8_t msg[], size_t msg_len,
409  RandomNumberGenerator&) override
410  {
411  BigInt m(msg, msg_len);
412  return BigInt::encode_1363(public_op(m), m_n.bytes());
413  }
414  };
415 
416 class RSA_Verify_Operation final : public PK_Ops::Verification_with_EMSA,
417  private RSA_Public_Operation
418  {
419  public:
420 
421  size_t max_input_bits() const override { return get_max_input_bits(); }
422 
423  RSA_Verify_Operation(const RSA_PublicKey& rsa, const std::string& emsa) :
424  PK_Ops::Verification_with_EMSA(emsa),
425  RSA_Public_Operation(rsa)
426  {
427  }
428 
429  bool with_recovery() const override { return true; }
430 
431  secure_vector<uint8_t> verify_mr(const uint8_t msg[], size_t msg_len) override
432  {
433  BigInt m(msg, msg_len);
434  return BigInt::encode_locked(public_op(m));
435  }
436  };
437 
438 class RSA_KEM_Encryption_Operation final : public PK_Ops::KEM_Encryption_with_KDF,
439  private RSA_Public_Operation
440  {
441  public:
442 
443  RSA_KEM_Encryption_Operation(const RSA_PublicKey& key,
444  const std::string& kdf) :
445  PK_Ops::KEM_Encryption_with_KDF(kdf),
446  RSA_Public_Operation(key) {}
447 
448  private:
449  void raw_kem_encrypt(secure_vector<uint8_t>& out_encapsulated_key,
450  secure_vector<uint8_t>& raw_shared_key,
451  Botan::RandomNumberGenerator& rng) override
452  {
453  const BigInt r = BigInt::random_integer(rng, 1, get_n());
454  const BigInt c = public_op(r);
455 
456  out_encapsulated_key = BigInt::encode_locked(c);
457  raw_shared_key = BigInt::encode_locked(r);
458  }
459  };
460 
461 }
462 
463 std::unique_ptr<PK_Ops::Encryption>
465  const std::string& params,
466  const std::string& provider) const
467  {
468 #if defined(BOTAN_HAS_OPENSSL)
469  if(provider == "openssl" || provider.empty())
470  {
471  try
472  {
473  return make_openssl_rsa_enc_op(*this, params);
474  }
475  catch(Exception& e)
476  {
477  /*
478  * If OpenSSL for some reason could not handle this (eg due to OAEP params),
479  * throw if openssl was specifically requested but otherwise just fall back
480  * to the normal version.
481  */
482  if(provider == "openssl")
483  throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what()));
484  }
485  }
486 #endif
487 
488  if(provider == "base" || provider.empty())
489  return std::unique_ptr<PK_Ops::Encryption>(new RSA_Encryption_Operation(*this, params));
490  throw Provider_Not_Found(algo_name(), provider);
491  }
492 
493 std::unique_ptr<PK_Ops::KEM_Encryption>
495  const std::string& params,
496  const std::string& provider) const
497  {
498  if(provider == "base" || provider.empty())
499  return std::unique_ptr<PK_Ops::KEM_Encryption>(new RSA_KEM_Encryption_Operation(*this, params));
500  throw Provider_Not_Found(algo_name(), provider);
501  }
502 
503 std::unique_ptr<PK_Ops::Verification>
504 RSA_PublicKey::create_verification_op(const std::string& params,
505  const std::string& provider) const
506  {
507 #if defined(BOTAN_HAS_OPENSSL)
508  if(provider == "openssl" || provider.empty())
509  {
510  std::unique_ptr<PK_Ops::Verification> res = make_openssl_rsa_ver_op(*this, params);
511  if(res)
512  return res;
513  }
514 #endif
515 
516  if(provider == "base" || provider.empty())
517  return std::unique_ptr<PK_Ops::Verification>(new RSA_Verify_Operation(*this, params));
518 
519  throw Provider_Not_Found(algo_name(), provider);
520  }
521 
522 std::unique_ptr<PK_Ops::Decryption>
524  const std::string& params,
525  const std::string& provider) const
526  {
527 #if defined(BOTAN_HAS_OPENSSL)
528  if(provider == "openssl" || provider.empty())
529  {
530  try
531  {
532  return make_openssl_rsa_dec_op(*this, params);
533  }
534  catch(Exception& e)
535  {
536  if(provider == "openssl")
537  throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what()));
538  }
539  }
540 #endif
541 
542  if(provider == "base" || provider.empty())
543  return std::unique_ptr<PK_Ops::Decryption>(new RSA_Decryption_Operation(*this, params, rng));
544 
545  throw Provider_Not_Found(algo_name(), provider);
546  }
547 
548 std::unique_ptr<PK_Ops::KEM_Decryption>
550  const std::string& params,
551  const std::string& provider) const
552  {
553  if(provider == "base" || provider.empty())
554  return std::unique_ptr<PK_Ops::KEM_Decryption>(new RSA_KEM_Decryption_Operation(*this, params, rng));
555 
556  throw Provider_Not_Found(algo_name(), provider);
557  }
558 
559 std::unique_ptr<PK_Ops::Signature>
561  const std::string& params,
562  const std::string& provider) const
563  {
564 #if defined(BOTAN_HAS_OPENSSL)
565  if(provider == "openssl" || provider.empty())
566  {
567  std::unique_ptr<PK_Ops::Signature> res = make_openssl_rsa_sig_op(*this, params);
568  if(res)
569  return res;
570  }
571 #endif
572 
573  if(provider == "base" || provider.empty())
574  return std::unique_ptr<PK_Ops::Signature>(new RSA_Signature_Operation(*this, params, rng));
575 
576  throw Provider_Not_Found(algo_name(), provider);
577  }
578 
579 }
BigInt mul_add(const BigInt &a, const BigInt &b, const BigInt &c)
Definition: mp_numth.cpp:30
std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:523
size_t if_work_factor(size_t bits)
Definition: workfactor.cpp:38
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition: rsa.cpp:71
size_t estimated_strength() const override
Definition: rsa.cpp:35
std::shared_ptr< const Montgomery_Params > m_monty_p
Definition: rsa.cpp:282
size_t key_length() const override
Definition: rsa.cpp:30
Modular_Reducer m_mod_q
Definition: rsa.cpp:281
const BigInt & m_e
Definition: rsa.cpp:391
std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:494
secure_vector< uint8_t > private_key_bits() const override
Definition: rsa.cpp:78
size_t bits() const
Definition: bigint.cpp:228
BER_Decoder & decode_and_check(const T &expected, const std::string &error_msg)
Definition: ber_dec.h:277
std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:549
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:152
Definition: bigint.h:796
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:507
bool is_even() const
Definition: bigint.h:337
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
Fixed_Exponent_Power_Mod m_powermod_e_n
Definition: rsa.cpp:285
bool is_nonzero() const
Definition: bigint.h:349
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition: big_rand.cpp:45
DER_Encoder & end_cons()
Definition: der_enc.cpp:191
BER_Decoder & decode(bool &out)
Definition: ber_dec.h:170
BigInt m_e
Definition: rsa.h:76
static secure_vector< uint8_t > encode_locked(const BigInt &n, Base base=Binary)
Definition: big_code.cpp:68
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:43
BigInt sub_mul(const BigInt &a, const BigInt &b, const BigInt &c)
Definition: mp_numth.cpp:59
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:285
BigInt monty_execute_vartime(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k)
Definition: monty_exp.cpp:165
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, const std::string &padding)
Definition: keypair.cpp:49
virtual OID get_oid() const
Definition: pk_keys.cpp:53
const size_t m_max_d2_bits
Definition: rsa.cpp:291
BER_Decoder & end_cons()
Definition: ber_dec.cpp:300
std::shared_ptr< Montgomery_Params > m_monty_n
Definition: rsa.cpp:392
BigInt lcm(const BigInt &a, const BigInt &b)
Definition: numthry.cpp:83
std::vector< uint8_t > public_key_bits() const override
Definition: rsa.cpp:46
const size_t exp_blinding_bits
Definition: rsa.cpp:205
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: numthry.cpp:288
const size_t m_max_d1_bits
Definition: rsa.cpp:290
std::shared_ptr< const Montgomery_Params > m_monty_q
Definition: rsa.cpp:283
std::string algo_name() const override
Definition: rsa.h:38
const char * what() const BOTAN_NOEXCEPT override
Definition: exceptn.h:25
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:68
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:290
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute(std::shared_ptr< const Montgomery_Params > params, const BigInt &g, size_t window_bits, bool const_time)
Definition: monty_exp.cpp:151
Definition: alg_id.cpp:13
AlgorithmIdentifier algorithm_identifier() const override
Definition: rsa.cpp:40
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:504
RSA_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
Definition: rsa.cpp:95
Blinder m_blinder
Definition: rsa.cpp:286
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: der_enc.cpp:181
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:82
std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:464
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition: rsa.cpp:168
BigInt generate_rsa_prime(RandomNumberGenerator &keygen_rng, RandomNumberGenerator &prime_test_rng, size_t bits, const BigInt &coprime, size_t prob)
Definition: make_prm.cpp:176
BigInt m_n
Definition: rsa.h:76
const size_t m_mod_bits
Definition: rsa.cpp:289
BigInt monty_execute(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
Definition: monty_exp.cpp:159
const size_t m_blinding_bits
Definition: rsa.cpp:287
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:560
const RSA_PrivateKey & m_key
Definition: rsa.cpp:277
const size_t m_mod_bytes
Definition: rsa.cpp:288
const BigInt & m_n
Definition: rsa.cpp:390
Modular_Reducer m_mod_p
Definition: rsa.cpp:280