Security Scol plugin
rabin.cpp
1// rabin.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4#include "rabin.h"
5#include "integer.h"
6#include "nbtheory.h"
7#include "modarith.h"
8#include "asn.h"
9#include "sha.h"
10
11NAMESPACE_BEGIN(CryptoPP)
12
13void RabinFunction::BERDecode(BufferedTransformation &bt)
14{
15 BERSequenceDecoder seq(bt);
16 m_n.BERDecode(seq);
17 m_r.BERDecode(seq);
18 m_s.BERDecode(seq);
19 seq.MessageEnd();
20}
21
22void RabinFunction::DEREncode(BufferedTransformation &bt) const
23{
24 DERSequenceEncoder seq(bt);
25 m_n.DEREncode(seq);
26 m_r.DEREncode(seq);
27 m_s.DEREncode(seq);
28 seq.MessageEnd();
29}
30
32{
34
35 Integer out = in.Squared()%m_n;
36 if (in.IsOdd())
37 out = out*m_r%m_n;
38 if (Jacobi(in, m_n)==-1)
39 out = out*m_s%m_n;
40 return out;
41}
42
43bool RabinFunction::Validate(RandomNumberGenerator& /*rng*/, unsigned int level) const
44{
45 bool pass = true;
46 pass = pass && m_n > Integer::One() && m_n%4 == 1;
47 CRYPTOPP_ASSERT(pass);
48 pass = pass && m_r > Integer::One() && m_r < m_n;
49 CRYPTOPP_ASSERT(pass);
50 pass = pass && m_s > Integer::One() && m_s < m_n;
51 CRYPTOPP_ASSERT(pass);
52 if (level >= 1)
53 {
54 pass = pass && Jacobi(m_r, m_n) == -1 && Jacobi(m_s, m_n) == -1;
55 CRYPTOPP_ASSERT(pass);
56 }
57 return pass;
58}
59
60bool RabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
61{
62 return GetValueHelper(this, name, valueType, pValue).Assignable()
63 CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
64 CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime1)
65 CRYPTOPP_GET_FUNCTION_ENTRY(QuadraticResidueModPrime2)
66 ;
67}
68
70{
71 AssignFromHelper(this, source)
72 CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
73 CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime1)
74 CRYPTOPP_SET_FUNCTION_ENTRY(QuadraticResidueModPrime2)
75 ;
76}
77
78// *****************************************************************************
79// private key operations:
80
81// generate a random private key
83{
84 int modulusSize = 2048;
85 alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
86
87 if (modulusSize < 16)
88 throw InvalidArgument("InvertibleRabinFunction: specified modulus size is too small");
89
90 // VC70 workaround: putting these after primeParam causes overlapped stack allocation
91 bool rFound=false, sFound=false;
92 Integer t=2;
93
94 AlgorithmParameters primeParam = MakeParametersForTwoPrimesOfEqualSize(modulusSize)
95 ("EquivalentTo", 3)("Mod", 4);
96 m_p.GenerateRandom(rng, primeParam);
97 m_q.GenerateRandom(rng, primeParam);
98
99 while (!(rFound && sFound))
100 {
101 int jp = Jacobi(t, m_p);
102 int jq = Jacobi(t, m_q);
103
104 if (!rFound && jp==1 && jq==-1)
105 {
106 m_r = t;
107 rFound = true;
108 }
109
110 if (!sFound && jp==-1 && jq==1)
111 {
112 m_s = t;
113 sFound = true;
114 }
115
116 ++t;
117 }
118
119 m_n = m_p * m_q;
120 m_u = m_q.InverseMod(m_p);
121}
122
123void InvertibleRabinFunction::BERDecode(BufferedTransformation &bt)
124{
125 BERSequenceDecoder seq(bt);
126 m_n.BERDecode(seq);
127 m_r.BERDecode(seq);
128 m_s.BERDecode(seq);
129 m_p.BERDecode(seq);
130 m_q.BERDecode(seq);
131 m_u.BERDecode(seq);
132 seq.MessageEnd();
133}
134
135void InvertibleRabinFunction::DEREncode(BufferedTransformation &bt) const
136{
137 DERSequenceEncoder seq(bt);
138 m_n.DEREncode(seq);
139 m_r.DEREncode(seq);
140 m_s.DEREncode(seq);
141 m_p.DEREncode(seq);
142 m_q.DEREncode(seq);
143 m_u.DEREncode(seq);
144 seq.MessageEnd();
145}
146
148{
150
151 ModularArithmetic modn(m_n);
152 Integer r(rng, Integer::One(), m_n - Integer::One());
153 r = modn.Square(r);
154 Integer r2 = modn.Square(r);
155 Integer c = modn.Multiply(in, r2); // blind
156
157 Integer cp=c%m_p, cq=c%m_q;
158
159 int jp = Jacobi(cp, m_p);
160 int jq = Jacobi(cq, m_q);
161
162 if (jq==-1)
163 {
164 cp = cp*EuclideanMultiplicativeInverse(m_r, m_p)%m_p;
165 cq = cq*EuclideanMultiplicativeInverse(m_r, m_q)%m_q;
166 }
167
168 if (jp==-1)
169 {
170 cp = cp*EuclideanMultiplicativeInverse(m_s, m_p)%m_p;
171 cq = cq*EuclideanMultiplicativeInverse(m_s, m_q)%m_q;
172 }
173
174 cp = ModularSquareRoot(cp, m_p);
175 cq = ModularSquareRoot(cq, m_q);
176
177 if (jp==-1)
178 cp = m_p-cp;
179
180 Integer out = CRT(cq, m_q, cp, m_p, m_u);
181
182 out = modn.Divide(out, r); // unblind
183
184 if ((jq==-1 && out.IsEven()) || (jq==1 && out.IsOdd()))
185 out = m_n-out;
186
187 return out;
188}
189
191{
192 bool pass = RabinFunction::Validate(rng, level);
193 CRYPTOPP_ASSERT(pass);
194 pass = pass && m_p > Integer::One() && m_p%4 == 3 && m_p < m_n;
195 CRYPTOPP_ASSERT(pass);
196 pass = pass && m_q > Integer::One() && m_q%4 == 3 && m_q < m_n;
197 CRYPTOPP_ASSERT(pass);
198 pass = pass && m_u.IsPositive() && m_u < m_p;
199 CRYPTOPP_ASSERT(pass);
200 if (level >= 1)
201 {
202 pass = pass && m_p * m_q == m_n;
203 CRYPTOPP_ASSERT(pass);
204 pass = pass && m_u * m_q % m_p == 1;
205 CRYPTOPP_ASSERT(pass);
206 pass = pass && Jacobi(m_r, m_p) == 1;
207 CRYPTOPP_ASSERT(pass);
208 pass = pass && Jacobi(m_r, m_q) == -1;
209 CRYPTOPP_ASSERT(pass);
210 pass = pass && Jacobi(m_s, m_p) == -1;
211 CRYPTOPP_ASSERT(pass);
212 pass = pass && Jacobi(m_s, m_q) == 1;
213 CRYPTOPP_ASSERT(pass);
214 }
215 if (level >= 2)
216 {
217 pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
218 CRYPTOPP_ASSERT(pass);
219 }
220 return pass;
221}
222
223bool InvertibleRabinFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
224{
225 return GetValueHelper<RabinFunction>(this, name, valueType, pValue).Assignable()
226 CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
227 CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
228 CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
229 ;
230}
231
233{
234 AssignFromHelper<RabinFunction>(this, source)
235 CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
236 CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
237 CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
238 ;
239}
240
241NAMESPACE_END
Classes and functions for working with ANS.1 objects.
An object that implements NameValuePairs.
Definition algparam.h:426
BER Sequence Decoder.
Definition asn.h:525
Interface for buffered transformations.
Definition cryptlib.h:1652
void DoQuickSanityCheck() const
Perform a quick sanity check.
Definition cryptlib.h:2493
DER Sequence Encoder.
Definition asn.h:557
Multiple precision integer with arithmetic operations.
Definition integer.h:50
void DEREncode(BufferedTransformation &bt) const
Encode in DER format.
Definition integer.cpp:3449
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params=g_nullNameValuePairs)
Generate a random number.
Definition integer.h:508
bool IsPositive() const
Determines if the Integer is positive.
Definition integer.h:347
Integer Squared() const
Multiply this integer by itself.
Definition integer.h:633
void BERDecode(const byte *input, size_t inputLen)
Decode from BER format.
Definition integer.cpp:3456
static const Integer &CRYPTOPP_API One()
Integer representing 1.
Definition integer.cpp:4920
bool IsOdd() const
Determines if the Integer is odd parity.
Definition integer.h:356
Integer InverseMod(const Integer &n) const
Calculate multiplicative inverse.
Definition integer.cpp:4473
bool IsEven() const
Determines if the Integer is even parity.
Definition integer.h:353
An invalid argument was detected.
Definition cryptlib.h:203
Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
Calculates the inverse of an element.
Definition rabin.cpp:147
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Definition rabin.cpp:82
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition rabin.cpp:232
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition rabin.cpp:190
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition rabin.cpp:223
Ring of congruence classes modulo n.
Definition modarith.h:44
const Integer & Square(const Integer &a) const
Square an element in the ring.
Definition modarith.h:197
const Integer & Multiply(const Integer &a, const Integer &b) const
Multiplies elements in the ring.
Definition modarith.h:190
const Integer & Divide(const Integer &a, const Integer &b) const
Divides elements in the ring.
Definition modarith.h:218
Interface for retrieving values given their names.
Definition cryptlib.h:322
CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const
Get a named value with type int.
Definition cryptlib.h:415
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition rabin.cpp:60
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition rabin.cpp:43
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition rabin.cpp:69
Integer ApplyFunction(const Integer &x) const
Applies the trapdoor.
Definition rabin.cpp:31
Interface for random number generators.
Definition cryptlib.h:1435
Multiple precision integer with arithmetic operations.
Class file for performing modular arithmetic.
Classes and functions for number theoretic operations.
Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b)
Calculate multiplicative inverse.
Definition nbtheory.h:166
Precompiled header file.
Classes for Rabin encryption and signature schemes.
Classes for SHA-1 and SHA-2 family of message digests.