9 #include <botan/internal/pk_ops_impl.h>
10 #include <botan/parsing.h>
11 #include <botan/keypair.h>
12 #include <botan/blinding.h>
13 #include <botan/reducer.h>
14 #include <botan/workfactor.h>
15 #include <botan/der_enc.h>
16 #include <botan/ber_dec.h>
18 #if defined(BOTAN_HAS_OPENSSL)
19 #include <botan/internal/openssl.h>
22 #if defined(BOTAN_TARGET_OS_HAS_THREADS)
55 const std::vector<uint8_t>& key_bits)
78 .
encode(static_cast<size_t>(0))
120 BigInt inv_for_d =
lcm(
m_p - 1, m_q - 1);
127 m_d1 = m_d % (
m_p - 1);
128 m_d2 = m_d % (m_q - 1);
135 size_t bits,
size_t exp)
140 if(exp < 3 || exp % 2 == 0)
153 m_d1 = m_d % (m_p - 1);
154 m_d2 = m_d % (m_q - 1);
163 if(
m_n < 35 ||
m_n.
is_even() ||
m_e < 2 || m_d < 2 || m_p < 3 || m_q < 3 || m_p*m_q !=
m_n)
166 if(m_d1 != m_d % (m_p - 1) || m_d2 != m_d % (m_q - 1) || m_c !=
inverse_mod(m_q, m_p))
169 const size_t prob = (strong) ? 128 : 12;
176 if((
m_e * m_d) %
lcm(m_p - 1, m_q - 1) != 1)
190 class RSA_Private_Operation
193 size_t get_max_input_bits()
const {
return (
m_n.bits() - 1); }
195 explicit RSA_Private_Operation(
const RSA_PrivateKey& rsa, RandomNumberGenerator& rng) :
210 BigInt blinded_private_op(
const BigInt& m)
const
213 throw Invalid_Argument(
"RSA private op - input is too large");
218 BigInt private_op(
const BigInt& m)
const
220 #if defined(BOTAN_TARGET_OS_HAS_THREADS)
223 BigInt j1 = future_j1.get();
242 class RSA_Signature_Operation :
public PK_Ops::Signature_with_EMSA,
243 private RSA_Private_Operation
247 size_t max_input_bits()
const override {
return get_max_input_bits(); }
249 RSA_Signature_Operation(
const RSA_PrivateKey& rsa,
const std::string& emsa, RandomNumberGenerator& rng) :
250 PK_Ops::Signature_with_EMSA(emsa),
251 RSA_Private_Operation(rsa, rng)
255 secure_vector<uint8_t> raw_sign(
const uint8_t msg[],
size_t msg_len,
256 RandomNumberGenerator&)
override
258 const BigInt m(msg, msg_len);
259 const BigInt x = blinded_private_op(m);
266 class RSA_Decryption_Operation :
public PK_Ops::Decryption_with_EME,
267 private RSA_Private_Operation
271 size_t max_raw_input_bits()
const override {
return get_max_input_bits(); }
273 RSA_Decryption_Operation(
const RSA_PrivateKey& rsa,
const std::string& eme, RandomNumberGenerator& rng) :
274 PK_Ops::Decryption_with_EME(eme),
275 RSA_Private_Operation(rsa, rng)
279 secure_vector<uint8_t> raw_decrypt(
const uint8_t msg[],
size_t msg_len)
override
281 const BigInt m(msg, msg_len);
282 const BigInt x = blinded_private_op(m);
289 class RSA_KEM_Decryption_Operation :
public PK_Ops::KEM_Decryption_with_KDF,
290 private RSA_Private_Operation
294 RSA_KEM_Decryption_Operation(
const RSA_PrivateKey& key,
295 const std::string& kdf,
296 RandomNumberGenerator& rng) :
297 PK_Ops::KEM_Decryption_with_KDF(kdf),
298 RSA_Private_Operation(key, rng)
301 secure_vector<uint8_t>
302 raw_kem_decrypt(
const uint8_t encap_key[],
size_t len)
override
304 const BigInt m(encap_key, len);
305 const BigInt x = blinded_private_op(m);
315 class RSA_Public_Operation
318 explicit RSA_Public_Operation(
const RSA_PublicKey& rsa) :
322 size_t get_max_input_bits()
const {
return (
m_n.bits() - 1); }
325 BigInt public_op(
const BigInt& m)
const
328 throw Invalid_Argument(
"RSA public op - input is too large");
332 const BigInt& get_n()
const {
return m_n; }
338 class RSA_Encryption_Operation :
public PK_Ops::Encryption_with_EME,
339 private RSA_Public_Operation
343 RSA_Encryption_Operation(
const RSA_PublicKey& rsa,
const std::string& eme) :
344 PK_Ops::Encryption_with_EME(eme),
345 RSA_Public_Operation(rsa)
349 size_t max_raw_input_bits()
const override {
return get_max_input_bits(); }
351 secure_vector<uint8_t> raw_encrypt(
const uint8_t msg[],
size_t msg_len,
352 RandomNumberGenerator&)
override
354 BigInt m(msg, msg_len);
359 class RSA_Verify_Operation :
public PK_Ops::Verification_with_EMSA,
360 private RSA_Public_Operation
364 size_t max_input_bits()
const override {
return get_max_input_bits(); }
366 RSA_Verify_Operation(
const RSA_PublicKey& rsa,
const std::string& emsa) :
367 PK_Ops::Verification_with_EMSA(emsa),
368 RSA_Public_Operation(rsa)
372 bool with_recovery()
const override {
return true; }
374 secure_vector<uint8_t> verify_mr(
const uint8_t msg[],
size_t msg_len)
override
376 BigInt m(msg, msg_len);
381 class RSA_KEM_Encryption_Operation :
public PK_Ops::KEM_Encryption_with_KDF,
382 private RSA_Public_Operation
386 RSA_KEM_Encryption_Operation(
const RSA_PublicKey& key,
387 const std::string& kdf) :
388 PK_Ops::KEM_Encryption_with_KDF(kdf),
389 RSA_Public_Operation(key) {}
392 void raw_kem_encrypt(secure_vector<uint8_t>& out_encapsulated_key,
393 secure_vector<uint8_t>& raw_shared_key,
397 const BigInt c = public_op(r);
406 std::unique_ptr<PK_Ops::Encryption>
408 const std::string& params,
409 const std::string& provider)
const
411 #if defined(BOTAN_HAS_OPENSSL)
412 if(provider ==
"openssl" || provider.empty())
416 return make_openssl_rsa_enc_op(*
this, params);
425 if(provider ==
"openssl")
426 throw Exception(
"OpenSSL RSA provider rejected key:", e.
what());
431 if(provider ==
"base" || provider.empty())
432 return std::unique_ptr<PK_Ops::Encryption>(
new RSA_Encryption_Operation(*
this, params));
436 std::unique_ptr<PK_Ops::KEM_Encryption>
438 const std::string& params,
439 const std::string& provider)
const
441 if(provider ==
"base" || provider.empty())
442 return std::unique_ptr<PK_Ops::KEM_Encryption>(
new RSA_KEM_Encryption_Operation(*
this, params));
446 std::unique_ptr<PK_Ops::Verification>
448 const std::string& provider)
const
450 #if defined(BOTAN_HAS_OPENSSL)
451 if(provider ==
"openssl" || provider.empty())
453 std::unique_ptr<PK_Ops::Verification> res = make_openssl_rsa_ver_op(*
this, params);
459 if(provider ==
"base" || provider.empty())
460 return std::unique_ptr<PK_Ops::Verification>(
new RSA_Verify_Operation(*
this, params));
465 std::unique_ptr<PK_Ops::Decryption>
467 const std::string& params,
468 const std::string& provider)
const
470 #if defined(BOTAN_HAS_OPENSSL)
471 if(provider ==
"openssl" || provider.empty())
475 return make_openssl_rsa_dec_op(*
this, params);
479 if(provider ==
"openssl")
480 throw Exception(
"OpenSSL RSA provider rejected key:", e.
what());
485 if(provider ==
"base" || provider.empty())
486 return std::unique_ptr<PK_Ops::Decryption>(
new RSA_Decryption_Operation(*
this, params, rng));
491 std::unique_ptr<PK_Ops::KEM_Decryption>
493 const std::string& params,
494 const std::string& provider)
const
496 if(provider ==
"base" || provider.empty())
497 return std::unique_ptr<PK_Ops::KEM_Decryption>(
new RSA_KEM_Decryption_Operation(*
this, params, rng));
502 std::unique_ptr<PK_Ops::Signature>
504 const std::string& params,
505 const std::string& provider)
const
507 #if defined(BOTAN_HAS_OPENSSL)
508 if(provider ==
"openssl" || provider.empty())
510 std::unique_ptr<PK_Ops::Signature> res = make_openssl_rsa_sig_op(*
this, params);
516 if(provider ==
"base" || provider.empty())
517 return std::unique_ptr<PK_Ops::Signature>(
new RSA_Signature_Operation(*
this, params, rng));
std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
bool check_key(RandomNumberGenerator &rng, bool) const override
size_t estimated_strength() const override
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
std::vector< uint8_t > get_contents_unlocked()
size_t key_length() const override
std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
secure_vector< uint8_t > private_key_bits() const override
BER_Decoder & decode_and_check(const T &expected, const std::string &error_msg)
Fixed_Exponent_Power_Mod m_powermod_d1_p
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
secure_vector< uint8_t > get_contents()
BER_Decoder & decode(bool &v)
std::string to_string(const BER_Object &obj)
Fixed_Exponent_Power_Mod m_powermod_e_n
Fixed_Exponent_Power_Mod m_powermod_d2_q
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
virtual OID get_oid() const
static secure_vector< uint8_t > encode_locked(const BigInt &n, Base base=Binary)
#define BOTAN_ASSERT(expr, assertion_made)
DER_Encoder & encode(bool b)
std::vector< T, secure_allocator< T >> secure_vector
size_t if_work_factor(size_t bits)
std::vector< uint8_t > public_key_bits() const override
std::string algo_name() const override
const char * what() const BOTAN_NOEXCEPT override
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, const std::string &padding)
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
AlgorithmIdentifier algorithm_identifier() const override
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string ¶ms, const std::string &provider) const override
RSA_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
BigInt sub_mul(const BigInt &a, const BigInt &b, const BigInt &c)
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
bool check_key(RandomNumberGenerator &rng, bool) const override
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
BigInt lcm(const BigInt &a, const BigInt &b)
BigInt mul_add(const BigInt &a, const BigInt &b, const BigInt &c)
BigInt random_prime(RandomNumberGenerator &rng, size_t bits, const BigInt &coprime, size_t equiv, size_t modulo)