/** * Generates client's credentials given the client's salt, identity and password * @param salt The salt used in the client's verifier. * @param identity The user's identity (eg. username) * @param password The user's password * @return Client's public value to send to server */ public virtual IBigInteger GenerateClientCredentials(byte[] salt, byte[] identity, byte[] password) { this.x = Srp6Utilities.CalculateX(digest, N, salt, identity, password); this.privA = SelectPrivateValue(); this.pubA = g.ModPow(privA, N); return(pubA); }
public IAsymmetricCipherKeyPair GenerateKeyPair() { ISecureRandom random = param.Random; Gost3410Parameters gost3410Params = param.Parameters; IBigInteger q = gost3410Params.Q; IBigInteger x; do { x = new BigInteger(256, random); }while (x.SignValue < 1 || x.CompareTo(q) >= 0); IBigInteger p = gost3410Params.P; IBigInteger a = gost3410Params.A; // calculate the public key. IBigInteger y = a.ModPow(x, p); if (param.PublicKeyParamSet != null) { return(new AsymmetricCipherKeyPair( new Gost3410PublicKeyParameters(y, param.PublicKeyParamSet), new Gost3410PrivateKeyParameters(x, param.PublicKeyParamSet))); } return(new AsymmetricCipherKeyPair( new Gost3410PublicKeyParameters(y, gost3410Params), new Gost3410PrivateKeyParameters(x, gost3410Params))); }
/** * Generates the server's credentials that are to be sent to the client. * @return The server's public value to the client */ public virtual IBigInteger GenerateServerCredentials() { IBigInteger k = Srp6Utilities.CalculateK(digest, N, g); this.privB = SelectPrivateValue(); this.pubB = k.Multiply(v).Mod(N).Add(g.ModPow(privB, N)).Mod(N); return(pubB); }
/* * Blind message with the blind factor. */ private IBigInteger BlindMessage( IBigInteger msg) { IBigInteger blindMsg = blindingFactor; blindMsg = msg.Multiply(blindMsg.ModPow(key.Exponent, key.Modulus)); blindMsg = blindMsg.Mod(key.Modulus); return(blindMsg); }
public void TestModPow() { try { two.ModPow(one, zero); Assert.Fail("expected ArithmeticException"); } catch (ArithmeticException) {} Assert.AreEqual(zero, zero.ModPow(zero, one)); Assert.AreEqual(one, zero.ModPow(zero, two)); Assert.AreEqual(zero, two.ModPow(one, one)); Assert.AreEqual(one, two.ModPow(zero, two)); for (int i = 0; i < 10; ++i) { IBigInteger m = BigInteger.ProbablePrime(10 + i * 3, _random); IBigInteger x = new BigInteger(m.BitLength - 1, _random); Assert.AreEqual(x, x.ModPow(m, m)); if (x.SignValue != 0) { Assert.AreEqual(zero, zero.ModPow(x, m)); Assert.AreEqual(one, x.ModPow(m.Subtract(one), m)); } IBigInteger y = new BigInteger(m.BitLength - 1, _random); IBigInteger n = new BigInteger(m.BitLength - 1, _random); IBigInteger n3 = n.ModPow(three, m); IBigInteger resX = n.ModPow(x, m); IBigInteger resY = n.ModPow(y, m); IBigInteger res = resX.Multiply(resY).Mod(m); IBigInteger res3 = res.ModPow(three, m); Assert.AreEqual(res3, n3.ModPow(x.Add(y), m)); IBigInteger a = x.Add(one); // Make sure it's not zero IBigInteger b = y.Add(one); // Make sure it's not zero Assert.AreEqual(a.ModPow(b, m).ModInverse(m), a.ModPow(b.Negate(), m)); } }
/** * given a message from a given party and the corresponding public key * calculate the next message in the agreement sequence. In this case * this will represent the shared secret. */ public IBigInteger CalculateAgreement(DHPublicKeyParameters pub, IBigInteger message) { if (pub == null) throw new ArgumentNullException("pub"); if (message == null) throw new ArgumentNullException("message"); if (!pub.Parameters.Equals(_dhParams)) { throw new ArgumentException("Diffie-Hellman public key has wrong parameters."); } var p = _dhParams.P; return message.ModPow(_key.X, p).Multiply(pub.Y.ModPow(_privateValue, p)).Mod(p); }
private static IBigInteger CalculateGenerator_FIPS186_2(IBigInteger p, IBigInteger q, SecureRandom r) { IBigInteger e = p.Subtract(BigInteger.One).Divide(q); IBigInteger pSub2 = p.Subtract(BigInteger.Two); for (;;) { IBigInteger h = BigIntegers.CreateRandomInRange(BigInteger.Two, pSub2, r); IBigInteger g = h.ModPow(e, p); if (g.BitLength > 1) { return(g); } } }
/** * Process a single block using the basic RSA algorithm. * * @param inBuf the input array. * @param inOff the offset into the input buffer where the data starts. * @param inLen the length of the data to be processed. * @return the result of the RSA process. * @exception DataLengthException the input block is too large. */ public byte[] ProcessBlock( byte[] inBuf, int inOff, int inLen) { if (key == null) { throw new InvalidOperationException("RSA engine not initialised"); } IBigInteger input = core.ConvertInput(inBuf, inOff, inLen); IBigInteger result; if (key is RsaPrivateCrtKeyParameters) { RsaPrivateCrtKeyParameters k = (RsaPrivateCrtKeyParameters)key; IBigInteger e = k.PublicExponent; if (e != null) // can't do blinding without a public exponent { IBigInteger m = k.Modulus; IBigInteger r = BigIntegers.CreateRandomInRange( BigInteger.One, m.Subtract(BigInteger.One), random); IBigInteger blindedInput = r.ModPow(e, m).Multiply(input).Mod(m); IBigInteger blindedResult = core.ProcessBlock(blindedInput); IBigInteger rInv = r.ModInverse(m); result = blindedResult.Multiply(rInv).Mod(m); } else { result = core.ProcessBlock(input); } } else { result = core.ProcessBlock(input); } return(core.ConvertOutput(result)); }
/** * given a message from a given party and the corresponding public key * calculate the next message in the agreement sequence. In this case * this will represent the shared secret. */ public IBigInteger CalculateAgreement(DHPublicKeyParameters pub, IBigInteger message) { if (pub == null) { throw new ArgumentNullException("pub"); } if (message == null) { throw new ArgumentNullException("message"); } if (!pub.Parameters.Equals(_dhParams)) { throw new ArgumentException("Diffie-Hellman public key has wrong parameters."); } var p = _dhParams.P; return(message.ModPow(_key.X, p).Multiply(pub.Y.ModPow(_privateValue, p)).Mod(p)); }
public IBigInteger ProcessBlock( IBigInteger input) { if (key is RsaPrivateCrtKeyParameters) { // // we have the extra factors, use the Chinese Remainder Theorem - the author // wishes to express his thanks to Dirk Bonekaemper at rtsffm.com for // advice regarding the expression of this. // RsaPrivateCrtKeyParameters crtKey = (RsaPrivateCrtKeyParameters)key; IBigInteger p = crtKey.P;; IBigInteger q = crtKey.Q; IBigInteger dP = crtKey.DP; IBigInteger dQ = crtKey.DQ; IBigInteger qInv = crtKey.QInv; IBigInteger mP, mQ, h, m; // mP = ((input Mod p) ^ dP)) Mod p mP = (input.Remainder(p)).ModPow(dP, p); // mQ = ((input Mod q) ^ dQ)) Mod q mQ = (input.Remainder(q)).ModPow(dQ, q); // h = qInv * (mP - mQ) Mod p h = mP.Subtract(mQ); h = h.Multiply(qInv); h = h.Mod(p); // Mod (in Java) returns the positive residual // m = h * q + mQ m = h.Multiply(q); m = m.Add(mQ); return(m); } return(input.ModPow(key.Exponent, key.Modulus)); }
private static IBigInteger CalculatePublicKey(IBigInteger p, IBigInteger g, IBigInteger x) { return(g.ModPow(x, p)); }
public IBigInteger ProcessBlock( IBigInteger input) { if (key is RsaPrivateCrtKeyParameters) { // // we have the extra factors, use the Chinese Remainder Theorem - the author // wishes to express his thanks to Dirk Bonekaemper at rtsffm.com for // advice regarding the expression of this. // RsaPrivateCrtKeyParameters crtKey = (RsaPrivateCrtKeyParameters)key; IBigInteger p = crtKey.P;; IBigInteger q = crtKey.Q; IBigInteger dP = crtKey.DP; IBigInteger dQ = crtKey.DQ; IBigInteger qInv = crtKey.QInv; IBigInteger mP, mQ, h, m; // mP = ((input Mod p) ^ dP)) Mod p mP = (input.Remainder(p)).ModPow(dP, p); // mQ = ((input Mod q) ^ dQ)) Mod q mQ = (input.Remainder(q)).ModPow(dQ, q); // h = qInv * (mP - mQ) Mod p h = mP.Subtract(mQ); h = h.Multiply(qInv); h = h.Mod(p); // Mod (in Java) returns the positive residual // m = h * q + mQ m = h.Multiply(q); m = m.Add(mQ); return m; } return input.ModPow(key.Exponent, key.Modulus); }
private static IBigInteger CalculatePublicKey(IBigInteger p, IBigInteger g, IBigInteger x) { return g.ModPow(x, p); }
/** * Creates a new SRP verifier * @param salt The salt to use, generally should be large and random * @param identity The user's identifying information (eg. username) * @param password The user's password * @return A new verifier for use in future SRP authentication */ public virtual IBigInteger GenerateVerifier(byte[] salt, byte[] identity, byte[] password) { IBigInteger x = Srp6Utilities.CalculateX(digest, N, salt, identity, password); return(g.ModPow(x, N)); }
private IBigInteger CalculateS() { return(v.ModPow(u, N).Multiply(A).Mod(N).ModPow(privB, N)); }
/* * (non-Javadoc) * * @see org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator#generateKeyPair() */ public IAsymmetricCipherKeyPair GenerateKeyPair() { int strength = param.Strength; ISecureRandom rand = param.Random; int certainty = param.Certainty; bool debug = param.IsDebug; #if !NETFX_CORE if (debug) { Console.WriteLine("Fetching first " + param.CountSmallPrimes + " primes."); } #endif IList smallPrimes = findFirstPrimes(param.CountSmallPrimes); smallPrimes = PermuteList(smallPrimes, rand); IBigInteger u = BigInteger.One; IBigInteger v = BigInteger.One; for (int i = 0; i < smallPrimes.Count / 2; i++) { u = u.Multiply((BigInteger)smallPrimes[i]); } for (int i = smallPrimes.Count / 2; i < smallPrimes.Count; i++) { v = v.Multiply((BigInteger)smallPrimes[i]); } IBigInteger sigma = u.Multiply(v); // n = (2 a u _p + 1 ) ( 2 b v _q + 1) // -> |n| = strength // |2| = 1 in bits // -> |a| * |b| = |n| - |u| - |v| - |_p| - |_q| - |2| -|2| // remainingStrength = strength - sigma.bitLength() - _p.bitLength() - // _q.bitLength() - 1 -1 int remainingStrength = strength - sigma.BitLength - 48; IBigInteger a = GeneratePrime(remainingStrength / 2 + 1, certainty, rand); IBigInteger b = GeneratePrime(remainingStrength / 2 + 1, certainty, rand); IBigInteger _p; IBigInteger _q; IBigInteger p; IBigInteger q; long tries = 0; #if !NETFX_CORE if (debug) { Console.WriteLine("generating p and q"); } #endif IBigInteger _2au = a.Multiply(u).ShiftLeft(1); IBigInteger _2bv = b.Multiply(v).ShiftLeft(1); for (; ;) { tries++; _p = GeneratePrime(24, certainty, rand); p = _p.Multiply(_2au).Add(BigInteger.One); if (!p.IsProbablePrime(certainty)) { continue; } for (; ;) { _q = GeneratePrime(24, certainty, rand); if (_p.Equals(_q)) { continue; } q = _q.Multiply(_2bv).Add(BigInteger.One); if (q.IsProbablePrime(certainty)) { break; } } if (!sigma.Gcd(_p.Multiply(_q)).Equals(BigInteger.One)) { #if !NETFX_CORE Console.WriteLine("sigma.gcd(_p.mult(_q)) != 1!\n _p: " + _p + "\n _q: " + _q); #endif continue; } if (p.Multiply(q).BitLength < strength) { #if !NETFX_CORE if (debug) { Console.WriteLine("key size too small. Should be " + strength + " but is actually " + p.Multiply(q).BitLength); } #endif continue; } break; } #if !NETFX_CORE if (debug) { Console.WriteLine("needed " + tries + " tries to generate p and q."); } #endif IBigInteger n = p.Multiply(q); IBigInteger phi_n = p.Subtract(BigInteger.One).Multiply(q.Subtract(BigInteger.One)); IBigInteger g; tries = 0; #if !NETFX_CORE if (debug) { Console.WriteLine("generating g"); } #endif for (; ;) { // TODO After the first loop, just regenerate one randomly-selected gPart each time? IList gParts = Platform.CreateArrayList(); for (int ind = 0; ind != smallPrimes.Count; ind++) { IBigInteger i = (BigInteger)smallPrimes[ind]; IBigInteger e = phi_n.Divide(i); for (; ;) { tries++; g = GeneratePrime(strength, certainty, rand); if (!g.ModPow(e, n).Equals(BigInteger.One)) { gParts.Add(g); break; } } } g = BigInteger.One; for (int i = 0; i < smallPrimes.Count; i++) { IBigInteger gPart = (BigInteger)gParts[i]; IBigInteger smallPrime = (BigInteger)smallPrimes[i]; g = g.Multiply(gPart.ModPow(sigma.Divide(smallPrime), n)).Mod(n); } // make sure that g is not divisible by p_i or q_i bool divisible = false; for (int i = 0; i < smallPrimes.Count; i++) { if (g.ModPow(phi_n.Divide((BigInteger)smallPrimes[i]), n).Equals(BigInteger.One)) { #if !NETFX_CORE if (debug) { Console.WriteLine("g has order phi(n)/" + smallPrimes[i] + "\n g: " + g); } #endif divisible = true; break; } } if (divisible) { continue; } // make sure that g has order > phi_n/4 //if (g.ModPow(phi_n.Divide(BigInteger.ValueOf(4)), n).Equals(BigInteger.One)) if (g.ModPow(phi_n.ShiftRight(2), n).Equals(BigInteger.One)) { #if !NETFX_CORE if (debug) { Console.WriteLine("g has order phi(n)/4\n g:" + g); } #endif continue; } if (g.ModPow(phi_n.Divide(_p), n).Equals(BigInteger.One)) { #if !NETFX_CORE if (debug) { Console.WriteLine("g has order phi(n)/p'\n g: " + g); } #endif continue; } if (g.ModPow(phi_n.Divide(_q), n).Equals(BigInteger.One)) { #if !NETFX_CORE if (debug) { Console.WriteLine("g has order phi(n)/q'\n g: " + g); } #endif continue; } if (g.ModPow(phi_n.Divide(a), n).Equals(BigInteger.One)) { #if !NETFX_CORE if (debug) { Console.WriteLine("g has order phi(n)/a\n g: " + g); } #endif continue; } if (g.ModPow(phi_n.Divide(b), n).Equals(BigInteger.One)) { #if !NETFX_CORE if (debug) { Console.WriteLine("g has order phi(n)/b\n g: " + g); } #endif continue; } break; } #if !NETFX_CORE if (debug) { Console.WriteLine("needed " + tries + " tries to generate g"); Console.WriteLine(); Console.WriteLine("found new NaccacheStern cipher variables:"); Console.WriteLine("smallPrimes: " + CollectionUtilities.ToString(smallPrimes)); Console.WriteLine("sigma:...... " + sigma + " (" + sigma.BitLength + " bits)"); Console.WriteLine("a:.......... " + a); Console.WriteLine("b:.......... " + b); Console.WriteLine("p':......... " + _p); Console.WriteLine("q':......... " + _q); Console.WriteLine("p:.......... " + p); Console.WriteLine("q:.......... " + q); Console.WriteLine("n:.......... " + n); Console.WriteLine("phi(n):..... " + phi_n); Console.WriteLine("g:.......... " + g); Console.WriteLine(); } #endif return(new AsymmetricCipherKeyPair(new NaccacheSternKeyParameters(false, g, n, sigma.BitLength), new NaccacheSternPrivateKeyParameters(g, n, sigma.BitLength, smallPrimes, phi_n))); }