Botan 2.19.3
Crypto and TLS for C&
rsa.cpp
Go to the documentation of this file.
1/*
2* RSA
3* (C) 1999-2010,2015,2016,2018,2019 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/rsa.h>
9#include <botan/internal/pk_ops_impl.h>
10#include <botan/keypair.h>
11#include <botan/blinding.h>
12#include <botan/reducer.h>
13#include <botan/workfactor.h>
14#include <botan/der_enc.h>
15#include <botan/ber_dec.h>
16#include <botan/monty.h>
17#include <botan/divide.h>
18#include <botan/internal/monty_exp.h>
19
20#if defined(BOTAN_HAS_THREAD_UTILS)
21 #include <botan/internal/thread_pool.h>
22#endif
23
24namespace Botan {
25
26class RSA_Public_Data final
27 {
28 public:
29 RSA_Public_Data(BigInt&& n, BigInt&& e) :
30 m_n(n),
31 m_e(e),
32 m_monty_n(std::make_shared<Montgomery_Params>(m_n)),
33 m_public_modulus_bits(m_n.bits()),
34 m_public_modulus_bytes(m_n.bytes())
35 {}
36
37 BigInt public_op(const BigInt& m) const
38 {
39 const size_t powm_window = 1;
40 auto powm_m_n = monty_precompute(m_monty_n, m, powm_window, false);
41 return monty_execute_vartime(*powm_m_n, m_e);
42 }
43
44 const BigInt& get_n() const { return m_n; }
45 const BigInt& get_e() const { return m_e; }
46 size_t public_modulus_bits() const { return m_public_modulus_bits; }
47 size_t public_modulus_bytes() const { return m_public_modulus_bytes; }
48
49 private:
50 BigInt m_n;
51 BigInt m_e;
52 std::shared_ptr<const Montgomery_Params> m_monty_n;
53 size_t m_public_modulus_bits;
54 size_t m_public_modulus_bytes;
55 };
56
57class RSA_Private_Data final
58 {
59 public:
60 RSA_Private_Data(BigInt&& d, BigInt&& p, BigInt&& q,
61 BigInt&& d1, BigInt&& d2, BigInt&& c) :
62 m_d(d),
63 m_p(p),
64 m_q(q),
65 m_d1(d1),
66 m_d2(d2),
67 m_c(c),
68 m_mod_p(m_p),
69 m_mod_q(m_q),
70 m_monty_p(std::make_shared<Montgomery_Params>(m_p, m_mod_p)),
71 m_monty_q(std::make_shared<Montgomery_Params>(m_q, m_mod_q)),
72 m_p_bits(m_p.bits()),
73 m_q_bits(m_q.bits())
74 {}
75
76 const BigInt& get_d() const { return m_d; }
77 const BigInt& get_p() const { return m_p; }
78 const BigInt& get_q() const { return m_q; }
79 const BigInt& get_d1() const { return m_d1; }
80 const BigInt& get_d2() const { return m_d2; }
81 const BigInt& get_c() const { return m_c; }
82
83 //private:
84 BigInt m_d;
85 BigInt m_p;
86 BigInt m_q;
87 BigInt m_d1;
88 BigInt m_d2;
89 BigInt m_c;
90
91 Modular_Reducer m_mod_p;
92 Modular_Reducer m_mod_q;
93 std::shared_ptr<const Montgomery_Params> m_monty_p;
94 std::shared_ptr<const Montgomery_Params> m_monty_q;
95 size_t m_p_bits;
96 size_t m_q_bits;
97 };
98
99std::shared_ptr<const RSA_Public_Data> RSA_PublicKey::public_data() const
100 {
101 return m_public;
102 }
103
104const BigInt& RSA_PublicKey::get_n() const { return m_public->get_n(); }
105const BigInt& RSA_PublicKey::get_e() const { return m_public->get_e(); }
106
108 {
109 if(n.is_negative() || n.is_even() || e.is_negative() || e.is_even())
110 throw Decoding_Error("Invalid RSA public key parameters");
111 m_public = std::make_shared<RSA_Public_Data>(std::move(n), std::move(e));
112 }
113
115 const std::vector<uint8_t>& key_bits)
116 {
117 BigInt n, e;
118 BER_Decoder(key_bits)
120 .decode(n)
121 .decode(e)
122 .end_cons();
123
124 init(std::move(n), std::move(e));
125 }
126
127RSA_PublicKey::RSA_PublicKey(const BigInt& modulus, const BigInt& exponent)
128 {
129 BigInt n = modulus;
130 BigInt e = exponent;
131 init(std::move(n), std::move(e));
132 }
133
135 {
136 return m_public->public_modulus_bits();
137 }
138
140 {
141 return if_work_factor(key_length());
142 }
143
148
149std::vector<uint8_t> RSA_PublicKey::public_key_bits() const
150 {
151 std::vector<uint8_t> output;
152 DER_Encoder der(output);
154 .encode(get_n())
155 .encode(get_e())
156 .end_cons();
157
158 return output;
159 }
160
161/*
162* Check RSA Public Parameters
163*/
165 {
166 if(get_n() < 35 || get_n().is_even() || get_e() < 3 || get_e().is_even())
167 return false;
168 return true;
169 }
170
171std::shared_ptr<const RSA_Private_Data> RSA_PrivateKey::private_data() const
172 {
173 return m_private;
174 }
175
177 {
178 return DER_Encoder()
180 .encode(static_cast<size_t>(0))
181 .encode(get_n())
182 .encode(get_e())
183 .encode(get_d())
184 .encode(get_p())
185 .encode(get_q())
186 .encode(get_d1())
187 .encode(get_d2())
188 .encode(get_c())
189 .end_cons()
190 .get_contents();
191 }
192
193const BigInt& RSA_PrivateKey::get_p() const { return m_private->get_p(); }
194const BigInt& RSA_PrivateKey::get_q() const { return m_private->get_q(); }
195const BigInt& RSA_PrivateKey::get_d() const { return m_private->get_d(); }
196const BigInt& RSA_PrivateKey::get_c() const { return m_private->get_c(); }
197const BigInt& RSA_PrivateKey::get_d1() const { return m_private->get_d1(); }
198const BigInt& RSA_PrivateKey::get_d2() const { return m_private->get_d2(); }
199
200void RSA_PrivateKey::init(BigInt&& d, BigInt&& p, BigInt&& q,
201 BigInt&& d1, BigInt&& d2, BigInt&& c)
202 {
203 m_private = std::make_shared<RSA_Private_Data>(
204 std::move(d), std::move(p), std::move(q), std::move(d1), std::move(d2), std::move(c));
205 }
206
208 const secure_vector<uint8_t>& key_bits)
209 {
210 BigInt n, e, d, p, q, d1, d2, c;
211
212 BER_Decoder(key_bits)
214 .decode_and_check<size_t>(0, "Unknown PKCS #1 key format version")
215 .decode(n)
216 .decode(e)
217 .decode(d)
218 .decode(p)
219 .decode(q)
220 .decode(d1)
221 .decode(d2)
222 .decode(c)
223 .end_cons();
224
225 RSA_PublicKey::init(std::move(n), std::move(e));
226
227 RSA_PrivateKey::init(std::move(d), std::move(p), std::move(q),
228 std::move(d1), std::move(d2), std::move(c));
229 }
230
232 const BigInt& prime2,
233 const BigInt& exp,
234 const BigInt& d_exp,
235 const BigInt& mod)
236 {
237 BigInt p = prime1;
238 BigInt q = prime2;
239 BigInt n = mod;
240 if(n.is_zero())
241 n = p * q;
242
243 BigInt e = exp;
244
245 BigInt d = d_exp;
246
247 const BigInt p_minus_1 = p - 1;
248 const BigInt q_minus_1 = q - 1;
249
250 if(d.is_zero())
251 {
252 const BigInt phi_n = lcm(p_minus_1, q_minus_1);
253 d = inverse_mod(e, phi_n);
254 }
255
256 BigInt d1 = ct_modulo(d, p_minus_1);
257 BigInt d2 = ct_modulo(d, q_minus_1);
258 BigInt c = inverse_mod(q, p);
259
260 RSA_PublicKey::init(std::move(n), std::move(e));
261
262 RSA_PrivateKey::init(std::move(d), std::move(p), std::move(q),
263 std::move(d1), std::move(d2), std::move(c));
264 }
265
266/*
267* Create a RSA private key
268*/
270 size_t bits, size_t exp)
271 {
272 if(bits < 1024)
273 throw Invalid_Argument(algo_name() + ": Can't make a key that is only " +
274 std::to_string(bits) + " bits long");
275 if(exp < 3 || exp % 2 == 0)
276 throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
277
278 BigInt n, e, d, p, q, d1, d2, c;
279
280 e = exp;
281
282 const size_t p_bits = (bits + 1) / 2;
283 const size_t q_bits = bits - p_bits;
284
285 do
286 {
287 // TODO could generate primes in thread pool
288 p = generate_rsa_prime(rng, rng, p_bits, e);
289 q = generate_rsa_prime(rng, rng, q_bits, e);
290
291 if(p == q)
292 throw Internal_Error("RNG failure during RSA key generation");
293
294 n = p * q;
295 } while(n.bits() != bits);
296
297 const BigInt p_minus_1 = p - 1;
298 const BigInt q_minus_1 = q - 1;
299
300 const BigInt phi_n = lcm(p_minus_1, q_minus_1);
301 d = inverse_mod(e, phi_n);
302 d1 = ct_modulo(d, p_minus_1);
303 d2 = ct_modulo(d, q_minus_1);
304 c = inverse_mod(q, p);
305
306 RSA_PublicKey::init(std::move(n), std::move(e));
307
308 RSA_PrivateKey::init(std::move(d), std::move(p), std::move(q),
309 std::move(d1), std::move(d2), std::move(c));
310 }
311
312/*
313* Check Private RSA Parameters
314*/
316 {
317 if(get_n() < 35 || get_n().is_even() || get_e() < 3 || get_e().is_even())
318 return false;
319
320 if(get_d() < 2 || get_p() < 3 || get_q() < 3)
321 return false;
322
323 if(get_p() * get_q() != get_n())
324 return false;
325
326 if(get_p() == get_q())
327 return false;
328
329 if(get_d1() != ct_modulo(get_d(), get_p() - 1))
330 return false;
331 if(get_d2() != ct_modulo(get_d(), get_q() - 1))
332 return false;
333 if(get_c() != inverse_mod(get_q(), get_p()))
334 return false;
335
336 const size_t prob = (strong) ? 128 : 12;
337
338 if(!is_prime(get_p(), rng, prob))
339 return false;
340 if(!is_prime(get_q(), rng, prob))
341 return false;
342
343 if(strong)
344 {
345 if(ct_modulo(get_e() * get_d(), lcm(get_p() - 1, get_q() - 1)) != 1)
346 return false;
347
348 return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-256)");
349 }
350
351 return true;
352 }
353
354namespace {
355
356/**
357* RSA private (decrypt/sign) operation
358*/
359class RSA_Private_Operation
360 {
361 protected:
362 size_t public_modulus_bits() const { return m_public->public_modulus_bits(); }
363 size_t public_modulus_bytes() const { return m_public->public_modulus_bytes(); }
364
365 explicit RSA_Private_Operation(const RSA_PrivateKey& rsa, RandomNumberGenerator& rng) :
366 m_public(rsa.public_data()),
367 m_private(rsa.private_data()),
368 m_blinder(m_public->get_n(), rng,
369 [this](const BigInt& k) { return m_public->public_op(k); },
370 [this](const BigInt& k) { return inverse_mod(k, m_public->get_n()); }),
371 m_blinding_bits(64),
372 m_max_d1_bits(m_private->m_p_bits + m_blinding_bits),
373 m_max_d2_bits(m_private->m_q_bits + m_blinding_bits)
374 {
375 }
376
377 secure_vector<uint8_t> raw_op(const uint8_t input[], size_t input_len)
378 {
379 const BigInt input_bn(input, input_len);
380 if(input_bn >= m_public->get_n())
381 throw Invalid_Argument("RSA private op - input is too large");
382
383 // TODO: This should be a function on blinder
384 // BigInt Blinder::run_blinded_function(std::function<BigInt, BigInt> fn, const BigInt& input);
385
386 const BigInt recovered = m_blinder.unblind(rsa_private_op(m_blinder.blind(input_bn)));
387 BOTAN_ASSERT(input_bn == m_public->public_op(recovered), "RSA consistency check");
388 return BigInt::encode_1363(recovered, m_public->public_modulus_bytes());
389 }
390
391 private:
392
393 BigInt rsa_private_op(const BigInt& m) const
394 {
395 /*
396 TODO
397 Consider using Montgomery reduction instead of Barrett, using
398 the "Smooth RSA-CRT" method. https://eprint.iacr.org/2007/039.pdf
399 */
400
401 static constexpr size_t powm_window = 4;
402
403 // Compute this in main thread to avoid racing on the rng
404 const BigInt d1_mask(m_blinder.rng(), m_blinding_bits);
405
406#if defined(BOTAN_HAS_THREAD_UTILS) && !defined(BOTAN_HAS_VALGRIND)
407 #define BOTAN_RSA_USE_ASYNC
408#endif
409
410#if defined(BOTAN_RSA_USE_ASYNC)
411 /*
412 * Precompute m.sig_words in the main thread before calling async. Otherwise
413 * the two threads race (during Modular_Reducer::reduce) and while the output
414 * is correct in both threads, helgrind warns.
415 */
416 m.sig_words();
417
418 auto future_j1 = Thread_Pool::global_instance().run([this, &m, &d1_mask]() {
419#endif
420 const BigInt masked_d1 = m_private->get_d1() + (d1_mask * (m_private->get_p() - 1));
421 auto powm_d1_p = monty_precompute(m_private->m_monty_p, m_private->m_mod_p.reduce(m), powm_window);
422 BigInt j1 = monty_execute(*powm_d1_p, masked_d1, m_max_d1_bits);
423
424#if defined(BOTAN_RSA_USE_ASYNC)
425 return j1;
426 });
427#endif
428
429 const BigInt d2_mask(m_blinder.rng(), m_blinding_bits);
430 const BigInt masked_d2 = m_private->get_d2() + (d2_mask * (m_private->get_q() - 1));
431 auto powm_d2_q = monty_precompute(m_private->m_monty_q, m_private->m_mod_q.reduce(m), powm_window);
432 const BigInt j2 = monty_execute(*powm_d2_q, masked_d2, m_max_d2_bits);
433
434#if defined(BOTAN_RSA_USE_ASYNC)
435 BigInt j1 = future_j1.get();
436#endif
437
438 /*
439 * To recover the final value from the CRT representation (j1,j2)
440 * we use Garner's algorithm:
441 * c = q^-1 mod p (this is precomputed)
442 * h = c*(j1-j2) mod p
443 * m = j2 + h*q
444 *
445 * We must avoid leaking if j1 >= j2 or not, as doing so allows deriving
446 * information about the secret prime. Do this by first adding p to j1,
447 * which should ensure the subtraction of j2 does not underflow. But
448 * this may still underflow if p and q are imbalanced in size.
449 */
450
451 j1 = m_private->m_mod_p.multiply(m_private->m_mod_p.reduce((m_private->get_p() + j1) - j2), m_private->get_c());
452 return mul_add(j1, m_private->get_q(), j2);
453 }
454
455 std::shared_ptr<const RSA_Public_Data> m_public;
456 std::shared_ptr<const RSA_Private_Data> m_private;
457
458 // XXX could the blinder starting pair be shared?
459 Blinder m_blinder;
460 const size_t m_blinding_bits;
461 const size_t m_max_d1_bits;
462 const size_t m_max_d2_bits;
463 };
464
465class RSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA,
466 private RSA_Private_Operation
467 {
468 public:
469 size_t max_input_bits() const override { return public_modulus_bits() - 1; }
470
471 size_t signature_length() const override { return public_modulus_bytes(); }
472
473 RSA_Signature_Operation(const RSA_PrivateKey& rsa, const std::string& emsa, RandomNumberGenerator& rng) :
474 PK_Ops::Signature_with_EMSA(emsa),
475 RSA_Private_Operation(rsa, rng)
476 {
477 }
478
479 secure_vector<uint8_t> raw_sign(const uint8_t input[], size_t input_len,
480 RandomNumberGenerator&) override
481 {
482 return raw_op(input, input_len);
483 }
484 };
485
486class RSA_Decryption_Operation final : public PK_Ops::Decryption_with_EME,
487 private RSA_Private_Operation
488 {
489 public:
490
491 RSA_Decryption_Operation(const RSA_PrivateKey& rsa, const std::string& eme, RandomNumberGenerator& rng) :
492 PK_Ops::Decryption_with_EME(eme),
493 RSA_Private_Operation(rsa, rng)
494 {
495 }
496
497 size_t plaintext_length(size_t) const override { return public_modulus_bytes(); }
498
499 secure_vector<uint8_t> raw_decrypt(const uint8_t input[], size_t input_len) override
500 {
501 return raw_op(input, input_len);
502 }
503 };
504
505class RSA_KEM_Decryption_Operation final : public PK_Ops::KEM_Decryption_with_KDF,
506 private RSA_Private_Operation
507 {
508 public:
509
510 RSA_KEM_Decryption_Operation(const RSA_PrivateKey& key,
511 const std::string& kdf,
512 RandomNumberGenerator& rng) :
513 PK_Ops::KEM_Decryption_with_KDF(kdf),
514 RSA_Private_Operation(key, rng)
515 {}
516
517 secure_vector<uint8_t>
518 raw_kem_decrypt(const uint8_t encap_key[], size_t len) override
519 {
520 return raw_op(encap_key, len);
521 }
522 };
523
524/**
525* RSA public (encrypt/verify) operation
526*/
527class RSA_Public_Operation
528 {
529 public:
530 explicit RSA_Public_Operation(const RSA_PublicKey& rsa) :
531 m_public(rsa.public_data())
532 {}
533
534 size_t get_max_input_bits() const
535 {
536 const size_t n_bits = m_public->public_modulus_bits();
537
538 /*
539 Make Coverity happy that n_bits - 1 won't underflow
540
541 5 bit minimum: smallest possible RSA key is 3*5
542 */
543 BOTAN_ASSERT_NOMSG(n_bits >= 5);
544 return n_bits - 1;
545 }
546
547 protected:
548 BigInt public_op(const BigInt& m) const
549 {
550 if(m >= m_public->get_n())
551 throw Invalid_Argument("RSA public op - input is too large");
552
553 return m_public->public_op(m);
554 }
555
556 size_t public_modulus_bytes() const { return m_public->public_modulus_bytes(); }
557
558 const BigInt& get_n() const { return m_public->get_n(); }
559
560 std::shared_ptr<const RSA_Public_Data> m_public;
561 };
562
563class RSA_Encryption_Operation final : public PK_Ops::Encryption_with_EME,
564 private RSA_Public_Operation
565 {
566 public:
567
568 RSA_Encryption_Operation(const RSA_PublicKey& rsa, const std::string& eme) :
569 PK_Ops::Encryption_with_EME(eme),
570 RSA_Public_Operation(rsa)
571 {
572 }
573
574 size_t ciphertext_length(size_t) const override { return public_modulus_bytes(); }
575
576 size_t max_raw_input_bits() const override { return get_max_input_bits(); }
577
578 secure_vector<uint8_t> raw_encrypt(const uint8_t input[], size_t input_len,
579 RandomNumberGenerator&) override
580 {
581 BigInt input_bn(input, input_len);
582 return BigInt::encode_1363(public_op(input_bn), public_modulus_bytes());
583 }
584 };
585
586class RSA_Verify_Operation final : public PK_Ops::Verification_with_EMSA,
587 private RSA_Public_Operation
588 {
589 public:
590
591 size_t max_input_bits() const override { return get_max_input_bits(); }
592
593 RSA_Verify_Operation(const RSA_PublicKey& rsa, const std::string& emsa) :
594 PK_Ops::Verification_with_EMSA(emsa),
595 RSA_Public_Operation(rsa)
596 {
597 }
598
599 bool with_recovery() const override { return true; }
600
601 secure_vector<uint8_t> verify_mr(const uint8_t input[], size_t input_len) override
602 {
603 BigInt input_bn(input, input_len);
604 return BigInt::encode_locked(public_op(input_bn));
605 }
606 };
607
608class RSA_KEM_Encryption_Operation final : public PK_Ops::KEM_Encryption_with_KDF,
609 private RSA_Public_Operation
610 {
611 public:
612
613 RSA_KEM_Encryption_Operation(const RSA_PublicKey& key,
614 const std::string& kdf) :
615 PK_Ops::KEM_Encryption_with_KDF(kdf),
616 RSA_Public_Operation(key) {}
617
618 private:
619 void raw_kem_encrypt(secure_vector<uint8_t>& out_encapsulated_key,
620 secure_vector<uint8_t>& raw_shared_key,
621 Botan::RandomNumberGenerator& rng) override
622 {
623 const BigInt r = BigInt::random_integer(rng, 1, get_n());
624 const BigInt c = public_op(r);
625
626 out_encapsulated_key = BigInt::encode_locked(c);
627 raw_shared_key = BigInt::encode_locked(r);
628 }
629 };
630
631}
632
633std::unique_ptr<PK_Ops::Encryption>
635 const std::string& params,
636 const std::string& provider) const
637 {
638 if(provider == "base" || provider.empty())
639 return std::unique_ptr<PK_Ops::Encryption>(new RSA_Encryption_Operation(*this, params));
640 throw Provider_Not_Found(algo_name(), provider);
641 }
642
643std::unique_ptr<PK_Ops::KEM_Encryption>
645 const std::string& params,
646 const std::string& provider) const
647 {
648 if(provider == "base" || provider.empty())
649 return std::unique_ptr<PK_Ops::KEM_Encryption>(new RSA_KEM_Encryption_Operation(*this, params));
650 throw Provider_Not_Found(algo_name(), provider);
651 }
652
653std::unique_ptr<PK_Ops::Verification>
655 const std::string& provider) const
656 {
657 if(provider == "base" || provider.empty())
658 return std::unique_ptr<PK_Ops::Verification>(new RSA_Verify_Operation(*this, params));
659
660 throw Provider_Not_Found(algo_name(), provider);
661 }
662
663std::unique_ptr<PK_Ops::Decryption>
665 const std::string& params,
666 const std::string& provider) const
667 {
668 if(provider == "base" || provider.empty())
669 return std::unique_ptr<PK_Ops::Decryption>(new RSA_Decryption_Operation(*this, params, rng));
670
671 throw Provider_Not_Found(algo_name(), provider);
672 }
673
674std::unique_ptr<PK_Ops::KEM_Decryption>
676 const std::string& params,
677 const std::string& provider) const
678 {
679 if(provider == "base" || provider.empty())
680 return std::unique_ptr<PK_Ops::KEM_Decryption>(new RSA_KEM_Decryption_Operation(*this, params, rng));
681
682 throw Provider_Not_Found(algo_name(), provider);
683 }
684
685std::unique_ptr<PK_Ops::Signature>
687 const std::string& params,
688 const std::string& provider) const
689 {
690 if(provider == "base" || provider.empty())
691 return std::unique_ptr<PK_Ops::Signature>(new RSA_Signature_Operation(*this, params, rng));
692
693 throw Provider_Not_Found(algo_name(), provider);
694 }
695
696}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:68
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:55
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition ber_dec.cpp:290
BER_Decoder & decode(bool &out)
Definition ber_dec.h:170
BER_Decoder & decode_and_check(const T &expected, const std::string &error_msg)
Definition ber_dec.h:277
BER_Decoder & end_cons()
Definition ber_dec.cpp:300
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition big_rand.cpp:45
static secure_vector< uint8_t > encode_locked(const BigInt &n)
Definition bigint.h:782
size_t bits() const
Definition bigint.cpp:296
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition big_code.cpp:111
bool is_zero() const
Definition bigint.h:421
secure_vector< uint8_t > get_contents()
Definition der_enc.cpp:152
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition der_enc.cpp:181
DER_Encoder & end_cons()
Definition der_enc.cpp:191
DER_Encoder & encode(bool b)
Definition der_enc.cpp:285
virtual OID get_oid() const
Definition pk_keys.cpp:53
std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition rsa.cpp:664
const BigInt & get_q() const
Definition rsa.cpp:194
std::shared_ptr< const RSA_Private_Data > private_data() const
Definition rsa.cpp:171
const BigInt & get_c() const
Definition rsa.cpp:196
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition rsa.cpp:686
const BigInt & get_p() const
Definition rsa.cpp:193
const BigInt & get_d2() const
Definition rsa.cpp:198
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition rsa.cpp:315
const BigInt & get_d() const
Definition rsa.cpp:195
secure_vector< uint8_t > private_key_bits() const override
Definition rsa.cpp:176
RSA_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
Definition rsa.cpp:207
std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition rsa.cpp:675
const BigInt & get_d1() const
Definition rsa.cpp:197
std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition rsa.cpp:644
void init(BigInt &&n, BigInt &&e)
Definition rsa.cpp:107
size_t key_length() const override
Definition rsa.cpp:134
std::string algo_name() const override
Definition rsa.h:43
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string &params, const std::string &provider) const override
Definition rsa.cpp:654
std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition rsa.cpp:634
const BigInt & get_n() const
Definition rsa.cpp:104
size_t estimated_strength() const override
Definition rsa.cpp:139
AlgorithmIdentifier algorithm_identifier() const override
Definition rsa.cpp:144
std::vector< uint8_t > public_key_bits() const override
Definition rsa.cpp:149
std::shared_ptr< const RSA_Public_Data > m_public
Definition rsa.h:86
std::shared_ptr< const RSA_Public_Data > public_data() const
Definition rsa.cpp:99
const BigInt & get_e() const
Definition rsa.cpp:105
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition rsa.cpp:164
auto run(F &&f, Args &&... args) -> std::future< typename std::result_of< F(Args...)>::type >
Definition thread_pool.h:57
static Thread_Pool & global_instance()
int(* init)(CTX *)
int(* final)(unsigned char *, CTX *)
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, const std::string &padding)
Definition keypair.cpp:49
BigInt lcm(const BigInt &a, const BigInt &b)
Definition numthry.cpp:143
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition numthry.cpp:228
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute(std::shared_ptr< const Montgomery_Params > params, const BigInt &g, size_t window_bits, bool const_time)
BigInt generate_rsa_prime(RandomNumberGenerator &keygen_rng, RandomNumberGenerator &prime_test_rng, size_t bits, const BigInt &coprime, size_t prob)
Definition make_prm.cpp:197
size_t if_work_factor(size_t bits)
@ SEQUENCE
Definition asn1_obj.h:42
BigInt monty_execute_vartime(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k)
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition mod_inv.cpp:250
BigInt monty_execute(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
BigInt mul_add(const BigInt &a, const BigInt &b, const BigInt &c)
Definition mp_numth.cpp:30
BigInt ct_modulo(const BigInt &x, const BigInt &y)
Definition divide.cpp:118
Definition bigint.h:1143