Botan 3.0.0-alpha0
Crypto and TLS for C&
rsa.cpp
Go to the documentation of this file.
1/*
2* RSA
3* (C) 1999-2010,2015,2016,2018,2019 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/rsa.h>
9#include <botan/internal/pk_ops_impl.h>
10#include <botan/internal/keypair.h>
11#include <botan/internal/blinding.h>
12#include <botan/reducer.h>
13#include <botan/internal/workfactor.h>
14#include <botan/der_enc.h>
15#include <botan/ber_dec.h>
16#include <botan/internal/monty.h>
17#include <botan/internal/divide.h>
18#include <botan/internal/monty_exp.h>
19
20#if defined(BOTAN_HAS_THREAD_UTILS)
21 #include <botan/internal/thread_pool.h>
22#endif
23
24namespace Botan {
25
26class RSA_Public_Data final
27 {
28 public:
29 RSA_Public_Data(BigInt&& n, BigInt&& e) :
30 m_n(n),
31 m_e(e),
32 m_monty_n(std::make_shared<Montgomery_Params>(m_n)),
33 m_public_modulus_bits(m_n.bits()),
34 m_public_modulus_bytes(m_n.bytes())
35 {}
36
37 BigInt public_op(const BigInt& m) const
38 {
39 const size_t powm_window = 1;
40 auto powm_m_n = monty_precompute(m_monty_n, m, powm_window, false);
41 return monty_execute_vartime(*powm_m_n, m_e);
42 }
43
44 const BigInt& get_n() const { return m_n; }
45 const BigInt& get_e() const { return m_e; }
46 size_t public_modulus_bits() const { return m_public_modulus_bits; }
47 size_t public_modulus_bytes() const { return m_public_modulus_bytes; }
48
49 private:
50 BigInt m_n;
51 BigInt m_e;
52 std::shared_ptr<const Montgomery_Params> m_monty_n;
53 size_t m_public_modulus_bits;
54 size_t m_public_modulus_bytes;
55 };
56
57class RSA_Private_Data final
58 {
59 public:
60 RSA_Private_Data(BigInt&& d, BigInt&& p, BigInt&& q,
61 BigInt&& d1, BigInt&& d2, BigInt&& c) :
62 m_d(d),
63 m_p(p),
64 m_q(q),
65 m_d1(d1),
66 m_d2(d2),
67 m_c(c),
68 m_mod_p(m_p),
69 m_mod_q(m_q),
70 m_monty_p(std::make_shared<Montgomery_Params>(m_p, m_mod_p)),
71 m_monty_q(std::make_shared<Montgomery_Params>(m_q, m_mod_q)),
72 m_p_bits(m_p.bits()),
73 m_q_bits(m_q.bits())
74 {}
75
76 const BigInt& get_d() const { return m_d; }
77 const BigInt& get_p() const { return m_p; }
78 const BigInt& get_q() const { return m_q; }
79 const BigInt& get_d1() const { return m_d1; }
80 const BigInt& get_d2() const { return m_d2; }
81 const BigInt& get_c() const { return m_c; }
82
83 //private:
84 BigInt m_d;
85 BigInt m_p;
86 BigInt m_q;
87 BigInt m_d1;
88 BigInt m_d2;
89 BigInt m_c;
90
91 Modular_Reducer m_mod_p;
92 Modular_Reducer m_mod_q;
93 std::shared_ptr<const Montgomery_Params> m_monty_p;
94 std::shared_ptr<const Montgomery_Params> m_monty_q;
95 size_t m_p_bits;
96 size_t m_q_bits;
97 };
98
99std::shared_ptr<const RSA_Public_Data> RSA_PublicKey::public_data() const
100 {
101 return m_public;
102 }
103
104const BigInt& RSA_PublicKey::get_n() const { return m_public->get_n(); }
105const BigInt& RSA_PublicKey::get_e() const { return m_public->get_e(); }
106
108 {
109 if(n.is_negative() || n.is_even() || n.bits() < 5 /* n >= 3*5 */ || e.is_negative() || e.is_even())
110 throw Decoding_Error("Invalid RSA public key parameters");
111 m_public = std::make_shared<RSA_Public_Data>(std::move(n), std::move(e));
112 }
113
115 const std::vector<uint8_t>& key_bits)
116 {
117 BigInt n, e;
118 BER_Decoder(key_bits)
120 .decode(n)
121 .decode(e)
122 .end_cons();
123
124 init(std::move(n), std::move(e));
125 }
126
127RSA_PublicKey::RSA_PublicKey(const BigInt& modulus, const BigInt& exponent)
128 {
129 BigInt n = modulus;
130 BigInt e = exponent;
131 init(std::move(n), std::move(e));
132 }
133
135 {
136 return m_public->public_modulus_bits();
137 }
138
140 {
141 return if_work_factor(key_length());
142 }
143
145 {
147 }
148
149std::vector<uint8_t> RSA_PublicKey::public_key_bits() const
150 {
151 std::vector<uint8_t> output;
152 DER_Encoder der(output);
153 der.start_sequence()
154 .encode(get_n())
155 .encode(get_e())
156 .end_cons();
157
158 return output;
159 }
160
161/*
162* Check RSA Public Parameters
163*/
164bool RSA_PublicKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const
165 {
166 if(get_n() < 35 || get_n().is_even() || get_e() < 3 || get_e().is_even())
167 return false;
168 return true;
169 }
170
171std::shared_ptr<const RSA_Private_Data> RSA_PrivateKey::private_data() const
172 {
173 return m_private;
174 }
175
177 {
178 return DER_Encoder()
180 .encode(static_cast<size_t>(0))
181 .encode(get_n())
182 .encode(get_e())
183 .encode(get_d())
184 .encode(get_p())
185 .encode(get_q())
186 .encode(get_d1())
187 .encode(get_d2())
188 .encode(get_c())
189 .end_cons()
190 .get_contents();
191 }
192
193const BigInt& RSA_PrivateKey::get_p() const { return m_private->get_p(); }
194const BigInt& RSA_PrivateKey::get_q() const { return m_private->get_q(); }
195const BigInt& RSA_PrivateKey::get_d() const { return m_private->get_d(); }
196const BigInt& RSA_PrivateKey::get_c() const { return m_private->get_c(); }
197const BigInt& RSA_PrivateKey::get_d1() const { return m_private->get_d1(); }
198const BigInt& RSA_PrivateKey::get_d2() const { return m_private->get_d2(); }
199
200void RSA_PrivateKey::init(BigInt&& d, BigInt&& p, BigInt&& q,
201 BigInt&& d1, BigInt&& d2, BigInt&& c)
202 {
203 m_private = std::make_shared<RSA_Private_Data>(
204 std::move(d), std::move(p), std::move(q), std::move(d1), std::move(d2), std::move(c));
205 }
206
208 const secure_vector<uint8_t>& key_bits)
209 {
210 BigInt n, e, d, p, q, d1, d2, c;
211
212 BER_Decoder(key_bits)
214 .decode_and_check<size_t>(0, "Unknown PKCS #1 key format version")
215 .decode(n)
216 .decode(e)
217 .decode(d)
218 .decode(p)
219 .decode(q)
220 .decode(d1)
221 .decode(d2)
222 .decode(c)
223 .end_cons();
224
225 RSA_PublicKey::init(std::move(n), std::move(e));
226
227 RSA_PrivateKey::init(std::move(d), std::move(p), std::move(q),
228 std::move(d1), std::move(d2), std::move(c));
229 }
230
232 const BigInt& prime2,
233 const BigInt& exp,
234 const BigInt& d_exp,
235 const BigInt& mod)
236 {
237 BigInt p = prime1;
238 BigInt q = prime2;
239 BigInt n = mod;
240 if(n.is_zero())
241 n = p * q;
242
243 BigInt e = exp;
244
245 BigInt d = d_exp;
246
247 const BigInt p_minus_1 = p - 1;
248 const BigInt q_minus_1 = q - 1;
249
250 if(d.is_zero())
251 {
252 const BigInt phi_n = lcm(p_minus_1, q_minus_1);
253 d = inverse_mod(e, phi_n);
254 }
255
256 BigInt d1 = ct_modulo(d, p_minus_1);
257 BigInt d2 = ct_modulo(d, q_minus_1);
258 BigInt c = inverse_mod(q, p);
259
260 RSA_PublicKey::init(std::move(n), std::move(e));
261
262 RSA_PrivateKey::init(std::move(d), std::move(p), std::move(q),
263 std::move(d1), std::move(d2), std::move(c));
264 }
265
266/*
267* Create a RSA private key
268*/
270 size_t bits, size_t exp)
271 {
272 if(bits < 1024)
273 throw Invalid_Argument(algo_name() + ": Can't make a key that is only " +
274 std::to_string(bits) + " bits long");
275 if(exp < 3 || exp % 2 == 0)
276 throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
277
278 BigInt n, e, d, p, q, d1, d2, c;
279
280 e = exp;
281
282 const size_t p_bits = (bits + 1) / 2;
283 const size_t q_bits = bits - p_bits;
284
285 for(size_t attempt = 0; ; ++attempt)
286 {
287 if(attempt > 10)
288 throw Internal_Error("RNG failure during RSA key generation");
289
290 // TODO could generate primes in thread pool
291 p = generate_rsa_prime(rng, rng, p_bits, e);
292 q = generate_rsa_prime(rng, rng, q_bits, e);
293
294 const BigInt diff = p - q;
295 if(diff.bits() < (bits/2) - 100)
296 continue;
297
298 n = p * q;
299
300 if(n.bits() != bits)
301 continue;
302
303 break;
304 }
305
306 const BigInt p_minus_1 = p - 1;
307 const BigInt q_minus_1 = q - 1;
308
309 const BigInt phi_n = lcm(p_minus_1, q_minus_1);
310 // This is guaranteed because p,q == 3 mod 4
312 d = inverse_mod(e, phi_n);
313 d1 = ct_modulo(d, p_minus_1);
314 d2 = ct_modulo(d, q_minus_1);
315 c = inverse_mod(q, p);
316
317 RSA_PublicKey::init(std::move(n), std::move(e));
318
319 RSA_PrivateKey::init(std::move(d), std::move(p), std::move(q),
320 std::move(d1), std::move(d2), std::move(c));
321 }
322
323std::unique_ptr<Public_Key> RSA_PrivateKey::public_key() const
324 {
325 return std::make_unique<RSA_PublicKey>(get_n(), get_e());
326 }
327
328/*
329* Check Private RSA Parameters
330*/
332 {
333 if(get_n() < 35 || get_n().is_even() || get_e() < 3 || get_e().is_even())
334 return false;
335
336 if(get_d() < 2 || get_p() < 3 || get_q() < 3)
337 return false;
338
339 if(get_p() * get_q() != get_n())
340 return false;
341
342 if(get_p() == get_q())
343 return false;
344
345 if(get_d1() != ct_modulo(get_d(), get_p() - 1))
346 return false;
347 if(get_d2() != ct_modulo(get_d(), get_q() - 1))
348 return false;
349 if(get_c() != inverse_mod(get_q(), get_p()))
350 return false;
351
352 const size_t prob = (strong) ? 128 : 12;
353
354 if(!is_prime(get_p(), rng, prob))
355 return false;
356 if(!is_prime(get_q(), rng, prob))
357 return false;
358
359 if(strong)
360 {
361 if(ct_modulo(get_e() * get_d(), lcm(get_p() - 1, get_q() - 1)) != 1)
362 return false;
363
364 return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-256)");
365 }
366
367 return true;
368 }
369
370namespace {
371
372/**
373* RSA private (decrypt/sign) operation
374*/
375class RSA_Private_Operation
376 {
377 protected:
378 size_t public_modulus_bits() const { return m_public->public_modulus_bits(); }
379 size_t public_modulus_bytes() const { return m_public->public_modulus_bytes(); }
380
381 explicit RSA_Private_Operation(const RSA_PrivateKey& rsa, RandomNumberGenerator& rng) :
382 m_public(rsa.public_data()),
383 m_private(rsa.private_data()),
384 m_blinder(m_public->get_n(), rng,
385 [this](const BigInt& k) { return m_public->public_op(k); },
386 [this](const BigInt& k) { return inverse_mod(k, m_public->get_n()); }),
387 m_blinding_bits(64),
388 m_max_d1_bits(m_private->m_p_bits + m_blinding_bits),
389 m_max_d2_bits(m_private->m_q_bits + m_blinding_bits)
390 {
391 }
392
393 secure_vector<uint8_t> raw_op(const uint8_t input[], size_t input_len)
394 {
395 const BigInt input_bn(input, input_len);
396 if(input_bn >= m_public->get_n())
397 throw Invalid_Argument("RSA private op - input is too large");
398
399 // TODO: This should be a function on blinder
400 // BigInt Blinder::run_blinded_function(std::function<BigInt, BigInt> fn, const BigInt& input);
401
402 const BigInt recovered = m_blinder.unblind(rsa_private_op(m_blinder.blind(input_bn)));
403 BOTAN_ASSERT(input_bn == m_public->public_op(recovered), "RSA consistency check");
404 return BigInt::encode_1363(recovered, m_public->public_modulus_bytes());
405 }
406
407 private:
408
409 BigInt rsa_private_op(const BigInt& m) const
410 {
411 /*
412 TODO
413 Consider using Montgomery reduction instead of Barrett, using
414 the "Smooth RSA-CRT" method. https://eprint.iacr.org/2007/039.pdf
415 */
416
417 static constexpr size_t powm_window = 4;
418
419 // Compute this in main thread to avoid racing on the rng
420 const BigInt d1_mask(m_blinder.rng(), m_blinding_bits);
421
422#if defined(BOTAN_HAS_THREAD_UTILS) && !defined(BOTAN_HAS_VALGRIND)
423 #define BOTAN_RSA_USE_ASYNC
424#endif
425
426#if defined(BOTAN_RSA_USE_ASYNC)
427 /*
428 * Precompute m.sig_words in the main thread before calling async. Otherwise
429 * the two threads race (during Modular_Reducer::reduce) and while the output
430 * is correct in both threads, helgrind warns.
431 */
432 m.sig_words();
433
434 auto future_j1 = Thread_Pool::global_instance().run([this, &m, &d1_mask]() {
435#endif
436 const BigInt masked_d1 = m_private->get_d1() + (d1_mask * (m_private->get_p() - 1));
437 auto powm_d1_p = monty_precompute(m_private->m_monty_p, m_private->m_mod_p.reduce(m), powm_window);
438 BigInt j1 = monty_execute(*powm_d1_p, masked_d1, m_max_d1_bits);
439
440#if defined(BOTAN_RSA_USE_ASYNC)
441 return j1;
442 });
443#endif
444
445 const BigInt d2_mask(m_blinder.rng(), m_blinding_bits);
446 const BigInt masked_d2 = m_private->get_d2() + (d2_mask * (m_private->get_q() - 1));
447 auto powm_d2_q = monty_precompute(m_private->m_monty_q, m_private->m_mod_q.reduce(m), powm_window);
448 const BigInt j2 = monty_execute(*powm_d2_q, masked_d2, m_max_d2_bits);
449
450#if defined(BOTAN_RSA_USE_ASYNC)
451 BigInt j1 = future_j1.get();
452#endif
453
454 /*
455 * To recover the final value from the CRT representation (j1,j2)
456 * we use Garner's algorithm:
457 * c = q^-1 mod p (this is precomputed)
458 * h = c*(j1-j2) mod p
459 * m = j2 + h*q
460 *
461 * We must avoid leaking if j1 >= j2 or not, as doing so allows deriving
462 * information about the secret prime. Do this by first adding p to j1,
463 * which should ensure the subtraction of j2 does not underflow. But
464 * this may still underflow if p and q are imbalanced in size.
465 */
466
467 j1 = m_private->m_mod_p.multiply(m_private->m_mod_p.reduce((m_private->get_p() + j1) - j2), m_private->get_c());
468 return j1*m_private->get_q() + j2;
469 }
470
471 std::shared_ptr<const RSA_Public_Data> m_public;
472 std::shared_ptr<const RSA_Private_Data> m_private;
473
474 // XXX could the blinder starting pair be shared?
475 Blinder m_blinder;
476 const size_t m_blinding_bits;
477 const size_t m_max_d1_bits;
478 const size_t m_max_d2_bits;
479 };
480
481class RSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA,
482 private RSA_Private_Operation
483 {
484 public:
485 size_t max_input_bits() const override { return public_modulus_bits() - 1; }
486
487 size_t signature_length() const override { return public_modulus_bytes(); }
488
489 RSA_Signature_Operation(const RSA_PrivateKey& rsa, const std::string& emsa, RandomNumberGenerator& rng) :
490 PK_Ops::Signature_with_EMSA(emsa, true),
491 RSA_Private_Operation(rsa, rng)
492 {
493 }
494
495 secure_vector<uint8_t> raw_sign(const uint8_t input[], size_t input_len,
496 RandomNumberGenerator& /*rng*/) override
497 {
498 return raw_op(input, input_len);
499 }
500 };
501
502class RSA_Decryption_Operation final : public PK_Ops::Decryption_with_EME,
503 private RSA_Private_Operation
504 {
505 public:
506
507 RSA_Decryption_Operation(const RSA_PrivateKey& rsa, const std::string& eme, RandomNumberGenerator& rng) :
508 PK_Ops::Decryption_with_EME(eme),
509 RSA_Private_Operation(rsa, rng)
510 {
511 }
512
513 size_t plaintext_length(size_t /*ctext_len*/) const override { return public_modulus_bytes(); }
514
515 secure_vector<uint8_t> raw_decrypt(const uint8_t input[], size_t input_len) override
516 {
517 return raw_op(input, input_len);
518 }
519 };
520
521class RSA_KEM_Decryption_Operation final : public PK_Ops::KEM_Decryption_with_KDF,
522 private RSA_Private_Operation
523 {
524 public:
525
526 RSA_KEM_Decryption_Operation(const RSA_PrivateKey& key,
527 const std::string& kdf,
528 RandomNumberGenerator& rng) :
529 PK_Ops::KEM_Decryption_with_KDF(kdf),
530 RSA_Private_Operation(key, rng)
531 {}
532
533 secure_vector<uint8_t>
534 raw_kem_decrypt(const uint8_t encap_key[], size_t len) override
535 {
536 return raw_op(encap_key, len);
537 }
538 };
539
540/**
541* RSA public (encrypt/verify) operation
542*/
543class RSA_Public_Operation
544 {
545 public:
546 explicit RSA_Public_Operation(const RSA_PublicKey& rsa) :
547 m_public(rsa.public_data())
548 {}
549
550 size_t get_max_input_bits() const
551 {
552 const size_t n_bits = m_public->public_modulus_bits();
553
554 /*
555 Make Coverity happy that n_bits - 1 won't underflow
556
557 5 bit minimum: smallest possible RSA key is 3*5
558 */
559 BOTAN_ASSERT_NOMSG(n_bits >= 5);
560 return n_bits - 1;
561 }
562
563 protected:
564 BigInt public_op(const BigInt& m) const
565 {
566 if(m >= m_public->get_n())
567 throw Invalid_Argument("RSA public op - input is too large");
568
569 return m_public->public_op(m);
570 }
571
572 size_t public_modulus_bytes() const { return m_public->public_modulus_bytes(); }
573
574 const BigInt& get_n() const { return m_public->get_n(); }
575
576 std::shared_ptr<const RSA_Public_Data> m_public;
577 };
578
579class RSA_Encryption_Operation final : public PK_Ops::Encryption_with_EME,
580 private RSA_Public_Operation
581 {
582 public:
583
584 RSA_Encryption_Operation(const RSA_PublicKey& rsa, const std::string& eme) :
585 PK_Ops::Encryption_with_EME(eme),
586 RSA_Public_Operation(rsa)
587 {
588 }
589
590 size_t ciphertext_length(size_t /*ptext_len*/) const override { return public_modulus_bytes(); }
591
592 size_t max_raw_input_bits() const override { return get_max_input_bits(); }
593
594 secure_vector<uint8_t> raw_encrypt(const uint8_t input[], size_t input_len,
595 RandomNumberGenerator& /*rng*/) override
596 {
597 BigInt input_bn(input, input_len);
598 return BigInt::encode_1363(public_op(input_bn), public_modulus_bytes());
599 }
600 };
601
602class RSA_Verify_Operation final : public PK_Ops::Verification_with_EMSA,
603 private RSA_Public_Operation
604 {
605 public:
606
607 size_t max_input_bits() const override { return get_max_input_bits(); }
608
609 RSA_Verify_Operation(const RSA_PublicKey& rsa, const std::string& emsa) :
610 PK_Ops::Verification_with_EMSA(emsa, true),
611 RSA_Public_Operation(rsa)
612 {
613 }
614
615 bool with_recovery() const override { return true; }
616
617 secure_vector<uint8_t> verify_mr(const uint8_t input[], size_t input_len) override
618 {
619 BigInt input_bn(input, input_len);
620 return BigInt::encode_locked(public_op(input_bn));
621 }
622 };
623
624class RSA_KEM_Encryption_Operation final : public PK_Ops::KEM_Encryption_with_KDF,
625 private RSA_Public_Operation
626 {
627 public:
628
629 RSA_KEM_Encryption_Operation(const RSA_PublicKey& key,
630 const std::string& kdf) :
631 PK_Ops::KEM_Encryption_with_KDF(kdf),
632 RSA_Public_Operation(key) {}
633
634 private:
635 void raw_kem_encrypt(secure_vector<uint8_t>& out_encapsulated_key,
636 secure_vector<uint8_t>& raw_shared_key,
637 Botan::RandomNumberGenerator& rng) override
638 {
639 const BigInt r = BigInt::random_integer(rng, 1, get_n());
640 const BigInt c = public_op(r);
641
642 out_encapsulated_key = BigInt::encode_locked(c);
643 raw_shared_key = BigInt::encode_locked(r);
644 }
645 };
646
647}
648
649std::unique_ptr<PK_Ops::Encryption>
651 const std::string& params,
652 const std::string& provider) const
653 {
654 if(provider == "base" || provider.empty())
655 return std::make_unique<RSA_Encryption_Operation>(*this, params);
656 throw Provider_Not_Found(algo_name(), provider);
657 }
658
659std::unique_ptr<PK_Ops::KEM_Encryption>
661 const std::string& params,
662 const std::string& provider) const
663 {
664 if(provider == "base" || provider.empty())
665 return std::make_unique<RSA_KEM_Encryption_Operation>(*this, params);
666 throw Provider_Not_Found(algo_name(), provider);
667 }
668
669std::unique_ptr<PK_Ops::Verification>
671 const std::string& provider) const
672 {
673 if(provider == "base" || provider.empty())
674 return std::make_unique<RSA_Verify_Operation>(*this, params);
675
676 throw Provider_Not_Found(algo_name(), provider);
677 }
678
679std::unique_ptr<PK_Ops::Decryption>
681 const std::string& params,
682 const std::string& provider) const
683 {
684 if(provider == "base" || provider.empty())
685 return std::make_unique<RSA_Decryption_Operation>(*this, params, rng);
686
687 throw Provider_Not_Found(algo_name(), provider);
688 }
689
690std::unique_ptr<PK_Ops::KEM_Decryption>
692 const std::string& params,
693 const std::string& provider) const
694 {
695 if(provider == "base" || provider.empty())
696 return std::make_unique<RSA_KEM_Decryption_Operation>(*this, params, rng);
697
698 throw Provider_Not_Found(algo_name(), provider);
699 }
700
701std::unique_ptr<PK_Ops::Signature>
703 const std::string& params,
704 const std::string& provider) const
705 {
706 if(provider == "base" || provider.empty())
707 return std::make_unique<RSA_Signature_Operation>(*this, params, rng);
708
709 throw Provider_Not_Found(algo_name(), provider);
710 }
711
712}
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
#define BOTAN_DEBUG_ASSERT(expr)
Definition: assert.h:122
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:54
BER_Decoder & decode(bool &out)
Definition: ber_dec.h:187
BER_Decoder & decode_and_check(const T &expected, const std::string &error_msg)
Definition: ber_dec.h:294
BER_Decoder & end_cons()
Definition: ber_dec.cpp:303
BER_Decoder start_sequence()
Definition: ber_dec.h:111
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition: big_rand.cpp:45
static secure_vector< uint8_t > encode_locked(const BigInt &n)
Definition: bigint.h:777
size_t bits() const
Definition: bigint.cpp:309
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:106
bool is_zero() const
Definition: bigint.h:430
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:155
DER_Encoder & start_sequence()
Definition: der_enc.h:66
DER_Encoder & end_cons()
Definition: der_enc.cpp:194
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:288
virtual OID get_oid() const
Definition: pk_keys.cpp:53
std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:680
const BigInt & get_q() const
Definition: rsa.cpp:194
std::shared_ptr< const RSA_Private_Data > private_data() const
Definition: rsa.cpp:171
const BigInt & get_c() const
Definition: rsa.cpp:196
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:702
const BigInt & get_p() const
Definition: rsa.cpp:193
const BigInt & get_d2() const
Definition: rsa.cpp:198
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition: rsa.cpp:331
const BigInt & get_d() const
Definition: rsa.cpp:195
secure_vector< uint8_t > private_key_bits() const override
Definition: rsa.cpp:176
RSA_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
Definition: rsa.cpp:207
std::unique_ptr< Public_Key > public_key() const override
Definition: rsa.cpp:323
std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:691
const BigInt & get_d1() const
Definition: rsa.cpp:197
std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:660
void init(BigInt &&n, BigInt &&e)
Definition: rsa.cpp:107
size_t key_length() const override
Definition: rsa.cpp:134
std::string algo_name() const override
Definition: rsa.h:43
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:670
std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: rsa.cpp:650
const BigInt & get_n() const
Definition: rsa.cpp:104
size_t estimated_strength() const override
Definition: rsa.cpp:139
AlgorithmIdentifier algorithm_identifier() const override
Definition: rsa.cpp:144
std::vector< uint8_t > public_key_bits() const override
Definition: rsa.cpp:149
std::shared_ptr< const RSA_Public_Data > m_public
Definition: rsa.h:86
std::shared_ptr< const RSA_Public_Data > public_data() const
Definition: rsa.cpp:99
const BigInt & get_e() const
Definition: rsa.cpp:105
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition: rsa.cpp:164
auto run(F &&f, Args &&... args) -> std::future< typename std::invoke_result< F, Args... >::type >
Definition: thread_pool.h:69
static Thread_Pool & global_instance()
Definition: thread_pool.cpp:38
int(* final)(unsigned char *, CTX *)
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:209
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, const std::string &padding)
Definition: keypair.cpp:47
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:66
Definition: alg_id.cpp:13
BigInt lcm(const BigInt &a, const BigInt &b)
Definition: numthry.cpp:282
size_t low_zero_bits(const BigInt &n)
Definition: numthry.cpp:181
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:370
BigInt ct_modulo(const BigInt &x, const BigInt &y)
Definition: divide.cpp:124
BigInt generate_rsa_prime(RandomNumberGenerator &keygen_rng, RandomNumberGenerator &prime_test_rng, size_t bits, const BigInt &coprime, size_t prob)
Definition: make_prm.cpp:229
BigInt monty_execute_vartime(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k)
Definition: monty_exp.cpp:168
size_t if_work_factor(size_t bits)
Definition: workfactor.cpp:38
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: mod_inv.cpp:177
BigInt monty_execute(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
Definition: monty_exp.cpp:162
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute(const std::shared_ptr< const Montgomery_Params > &params, const BigInt &g, size_t window_bits, bool const_time)
Definition: monty_exp.cpp:154
Definition: bigint.h:1077