/// <summary>
/// Create a new elliptic curve keypair.
/// </summary>
/// <param name="domain">Elliptic curve to use as the basis.</param>
/// <param name="Q">Raw public key component.</param>
/// <param name="d">Raw private key component.</param>
/// <returns>Elliptic curve keypair.</returns>
public static void GenerateECKeypair(ECDomainParameters domain, out ECPoint Q, out BigInteger d)
{
ECPoint g = domain.G;
BigInteger n = domain.N;
int minWeight = n.BitLength >> 2;
for (;;)
{
d = new BigInteger(n.BitLength, StratCom.EntropySupplier);
if (d.CompareTo(BigInteger.Two) < 0 || d.CompareTo(n) >= 0)
{
continue;
}
/*
* Require a minimum weight of the NAF representation, since low-weight primes may be
* weak against a version of the number-field-sieve for the discrete-logarithm-problem.
*
* See "The number field sieve for integers of low weight", Oliver Schirokauer.
*/
if (WNafUtilities.GetNafWeight(d) < minWeight)
{
continue;
}
break;
}
Q = EcBasePointMultiplier.Multiply(g, d);
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
BigInteger n = parameters.N;
BigInteger d;
int minWeight = n.BitLength >> 2;
for (;;)
{
d = new BigInteger(n.BitLength, random);
if (d.CompareTo(BigInteger.Two) < 0 || d.CompareTo(n) >= 0)
{
continue;
}
if (WNafUtilities.GetNafWeight(d) < minWeight)
{
continue;
}
break;
}
ECPoint q = CreateBasePointMultiplier().Multiply(parameters.G, d);
return(new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(algorithm, q, parameters),
new ECPrivateKeyParameters(algorithm, d, parameters)));
}
public virtual AsymmetricCipherKeyPair GenerateKeyPair()
{
int num2;
BigInteger publicExponent;
BigInteger bigInteger;
BigInteger bigInteger2;
BigInteger bigInteger4;
BigInteger bigInteger6;
BigInteger bigInteger7;
BigInteger bigInteger8;
do
{
int strength = parameters.Strength;
int num = (strength + 1) / 2;
num2 = strength - num;
int num3 = strength / 3;
int num4 = strength >> 2;
publicExponent = parameters.PublicExponent;
bigInteger = ChooseRandomPrime(num, publicExponent);
while (true)
{
bigInteger2 = ChooseRandomPrime(num2, publicExponent);
BigInteger bigInteger3 = bigInteger2.Subtract(bigInteger).Abs();
if (bigInteger3.BitLength >= num3)
{
bigInteger4 = bigInteger.Multiply(bigInteger2);
if (bigInteger4.BitLength != strength)
{
bigInteger = bigInteger.Max(bigInteger2);
}
else
{
if (WNafUtilities.GetNafWeight(bigInteger4) >= num4)
{
break;
}
bigInteger = ChooseRandomPrime(num, publicExponent);
}
}
}
if (bigInteger.CompareTo(bigInteger2) < 0)
{
BigInteger bigInteger5 = bigInteger;
bigInteger = bigInteger2;
bigInteger2 = bigInteger5;
}
bigInteger6 = bigInteger.Subtract(One);
bigInteger7 = bigInteger2.Subtract(One);
BigInteger val = bigInteger6.Gcd(bigInteger7);
BigInteger m = bigInteger6.Divide(val).Multiply(bigInteger7);
bigInteger8 = publicExponent.ModInverse(m);
}while (bigInteger8.BitLength <= num2);
BigInteger dP = bigInteger8.Remainder(bigInteger6);
BigInteger dQ = bigInteger8.Remainder(bigInteger7);
BigInteger qInv = bigInteger2.ModInverse(bigInteger);
return(new AsymmetricCipherKeyPair(new RsaKeyParameters(isPrivate: false, bigInteger4, publicExponent), new RsaPrivateCrtKeyParameters(bigInteger4, publicExponent, bigInteger8, bigInteger, bigInteger2, dP, dQ, qInv)));
}
private static BigInteger GeneratePrivateKey(BigInteger q, SecureRandom random)
{
int num = q.BitLength >> 2;
BigInteger bigInteger;
do
{
bigInteger = BigIntegers.CreateRandomInRange(DsaKeyPairGenerator.One, q.Subtract(DsaKeyPairGenerator.One), random);
}while (WNafUtilities.GetNafWeight(bigInteger) < num);
return(bigInteger);
}
public virtual AsymmetricCipherKeyPair GenerateKeyPair()
{
int num;
BigInteger integer3;
Label_0005:
num = this.parameters.Strength;
int bitlength = (num + 1) / 2;
int num3 = num - bitlength;
int num4 = num / 3;
int num5 = num >> 2;
BigInteger publicExponent = this.parameters.PublicExponent;
BigInteger n = this.ChooseRandomPrime(bitlength, publicExponent);
Label_0041:
integer3 = this.ChooseRandomPrime(num3, publicExponent);
if (integer3.Subtract(n).Abs().BitLength < num4)
{
goto Label_0041;
}
BigInteger k = n.Multiply(integer3);
if (k.BitLength != num)
{
n = n.Max(integer3);
goto Label_0041;
}
if (WNafUtilities.GetNafWeight(k) < num5)
{
n = this.ChooseRandomPrime(bitlength, publicExponent);
goto Label_0041;
}
if (n.CompareTo(integer3) < 0)
{
BigInteger integer6 = n;
n = integer3;
integer3 = integer6;
}
BigInteger integer7 = n.Subtract(One);
BigInteger integer8 = integer3.Subtract(One);
BigInteger val = integer7.Gcd(integer8);
BigInteger m = integer7.Divide(val).Multiply(integer8);
BigInteger privateExponent = publicExponent.ModInverse(m);
if (privateExponent.BitLength <= num3)
{
goto Label_0005;
}
BigInteger dP = privateExponent.Remainder(integer7);
BigInteger dQ = privateExponent.Remainder(integer8);
BigInteger qInv = integer3.ModInverse(n);
return(new AsymmetricCipherKeyPair(new RsaKeyParameters(false, k, publicExponent), new RsaPrivateCrtKeyParameters(k, publicExponent, privateExponent, n, integer3, dP, dQ, qInv)));
}
private static BigInteger GeneratePrivateKey(BigInteger q, SecureRandom random)
{
BigInteger integer;
int num = q.BitLength >> 2;
do
{
integer = BigIntegers.CreateRandomInRange(One, q.Subtract(One), random);
}while (WNafUtilities.GetNafWeight(integer) < num);
return(integer);
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
SecureRandom random = param.Random;
Gost3410Parameters gost3410Params = param.Parameters;
BigInteger q = gost3410Params.Q, x;
int minWeight = 64;
for (;;)
{
x = new BigInteger(256, random);
if (x.SignValue < 1 || x.CompareTo(q) >= 0)
{
continue;
}
/*
* Require a minimum weight of the NAF representation, since low-weight primes may be
* weak against a version of the number-field-sieve for the discrete-logarithm-problem.
*
* See "The number field sieve for integers of low weight", Oliver Schirokauer.
*/
if (WNafUtilities.GetNafWeight(x) < minWeight)
{
continue;
}
break;
}
BigInteger p = gost3410Params.P;
BigInteger a = gost3410Params.A;
// calculate the public key.
BigInteger y = a.ModPow(x, p);
if (param.PublicKeyParamSet != null)
{
return(new AsymmetricCipherKeyPair(
new Gost3410PublicKeyParameters(y, param.PublicKeyParamSet),
new Gost3410PrivateKeyParameters(x, param.PublicKeyParamSet)));
}
return(new AsymmetricCipherKeyPair(
new Gost3410PublicKeyParameters(y, gost3410Params),
new Gost3410PrivateKeyParameters(x, gost3410Params)));
}
internal BigInteger CalculatePrivate(
DHParameters dhParams,
SecureRandom random)
{
int limit = dhParams.L;
if (limit != 0)
{
int minWeight = limit >> 2;
for (;;)
{
BigInteger x = new BigInteger(limit, random).SetBit(limit - 1);
if (WNafUtilities.GetNafWeight(x) >= minWeight)
{
return(x);
}
}
}
BigInteger min = BigInteger.Two;
int m = dhParams.M;
if (m != 0)
{
min = BigInteger.One.ShiftLeft(m - 1);
}
BigInteger q = dhParams.Q;
if (q == null)
{
q = dhParams.P;
}
BigInteger max = q.Subtract(BigInteger.Two);
{
int minWeight = max.BitLength >> 2;
for (;;)
{
BigInteger x = BigIntegers.CreateRandomInRange(min, max, random);
if (WNafUtilities.GetNafWeight(x) >= minWeight)
{
return(x);
}
}
}
}
private static BigInteger GeneratePrivateKey(BigInteger q, SecureRandom random)
{
// B.1.2 Key Pair Generation by Testing Candidates
int minWeight = q.BitLength >> 2;
for (;;)
{
// TODO Prefer this method? (change test cases that used fixed random)
// B.1.1 Key Pair Generation Using Extra Random Bits
//BigInteger x = new BigInteger(q.BitLength + 64, random).Mod(q.Subtract(One)).Add(One);
BigInteger x = BigIntegers.CreateRandomInRange(One, q.Subtract(One), random);
if (WNafUtilities.GetNafWeight(x) >= minWeight)
{
return x;
}
}
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
SecureRandom random = param.Random;
Gost3410Parameters gost3410Params = param.Parameters;
BigInteger q = gost3410Params.Q, x;
int minWeight = 64;
for (;;)
{
x = new BigInteger(256, random);
if (x.SignValue < 1 || x.CompareTo(q) >= 0)
{
continue;
}
if (WNafUtilities.GetNafWeight(x) < minWeight)
{
continue;
}
break;
}
BigInteger p = gost3410Params.P;
BigInteger a = gost3410Params.A;
// calculate the public key.
BigInteger y = a.ModPow(x, p);
if (param.PublicKeyParamSet != null)
{
return(new AsymmetricCipherKeyPair(
new Gost3410PublicKeyParameters(y, param.PublicKeyParamSet),
new Gost3410PrivateKeyParameters(x, param.PublicKeyParamSet)));
}
return(new AsymmetricCipherKeyPair(
new Gost3410PublicKeyParameters(y, gost3410Params),
new Gost3410PrivateKeyParameters(x, gost3410Params)));
}
public static byte[] GeneratePrivateKey(SecureRandom random = null)
{
if (random == null)
{
random = new SecureRandom();
}
// generates a private key that will always
// have 32 bits of info and have a a positive
// public key Y coordinate
BigInteger n = domainParms.N;
BigInteger d;
int minWeight = n.BitLength / 4;
for (; ;)
{
var bytes = new byte[32];
random.NextBytes(bytes);
while (bytes[0] > 127 || bytes[0] == 0)
{
bytes[0] = (byte)random.Next();
}
d = new BigInteger(bytes);
var dbytes = d.ToByteArray();
var nafWeight = WNafUtilities.GetNafWeight(d);
if (nafWeight < minWeight)
{
continue;
}
var m = new FixedPointCombMultiplier();
ECPoint q = m.Multiply(domainParms.G, d).Normalize();
bool isOdd = q.AffineYCoord.TestBitZero();
if (!isOdd)
{
return(dbytes);
}
}
}
/**
* Given the domain parameters this routine generates an EC key
* pair in accordance with X9.62 section 5.2.1 pages 26, 27.
*/
public AsymmetricCipherKeyPair GenerateKeyPair()
{
BigInteger n = parameters.N;
BigInteger d;
int minWeight = n.BitLength >> 2;
for (;;)
{
d = new BigInteger(n.BitLength, random);
if (d.CompareTo(BigInteger.Two) < 0 || d.CompareTo(n) >= 0)
{
continue;
}
/*
* Require a minimum weight of the NAF representation, since low-weight primes may be
* weak against a version of the number-field-sieve for the discrete-logarithm-problem.
*
* See "The number field sieve for integers of low weight", Oliver Schirokauer.
*/
if (WNafUtilities.GetNafWeight(d) < minWeight)
{
continue;
}
break;
}
ECPoint q = CreateBasePointMultiplier().Multiply(parameters.G, d);
if (publicKeyParamSet != null)
{
return(new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(algorithm, q, publicKeyParamSet),
new ECPrivateKeyParameters(algorithm, d, publicKeyParamSet)));
}
return(new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(algorithm, q, parameters),
new ECPrivateKeyParameters(algorithm, d, parameters)));
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
SecureRandom random = param.Random;
Gost3410Parameters parameters = param.Parameters;
BigInteger q = parameters.Q;
int num = 64;
BigInteger bigInteger;
do
{
bigInteger = new BigInteger(256, random);
}while (bigInteger.SignValue < 1 || bigInteger.CompareTo(q) >= 0 || WNafUtilities.GetNafWeight(bigInteger) < num);
BigInteger p = parameters.P;
BigInteger a = parameters.A;
BigInteger y = a.ModPow(bigInteger, p);
if (param.PublicKeyParamSet != null)
{
return(new AsymmetricCipherKeyPair(new Gost3410PublicKeyParameters(y, param.PublicKeyParamSet), new Gost3410PrivateKeyParameters(bigInteger, param.PublicKeyParamSet)));
}
return(new AsymmetricCipherKeyPair(new Gost3410PublicKeyParameters(y, parameters), new Gost3410PrivateKeyParameters(bigInteger, parameters)));
}
/**
* Given the domain parameters this routine generates an EC key
* pair in accordance with X9.62 section 5.2.1 pages 26, 27.
*/
public AsymmetricCipherKeyPair GenerateKeyPair()
{
BigInteger n = parameters.N;
BigInteger upper = n.Subtract(BigInteger.Two);
BigInteger d;
int minWeight = n.BitLength >> 2;
for (;;)
{
d = new BigInteger(n.BitLength, random);
if (d.CompareTo(upper) > 0)
{
continue;
}
if (WNafUtilities.GetNafWeight(d) < minWeight)
{
continue;
}
break;
}
d = d.Add(BigInteger.One);
ECPoint q = CreateBasePointMultiplier().Multiply(parameters.G, d);
if (publicKeyParamSet != null)
{
return(new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(algorithm, q, publicKeyParamSet),
new ECPrivateKeyParameters(algorithm, d, publicKeyParamSet)));
}
return(new AsymmetricCipherKeyPair(
new ECPublicKeyParameters(algorithm, q, parameters),
new ECPrivateKeyParameters(algorithm, d, parameters)));
}
internal BigInteger CalculatePrivate(DHParameters dhParams, SecureRandom random)
{
BigInteger integer5;
int l = dhParams.L;
if (l != 0)
{
BigInteger integer;
int num2 = l >> 2;
do
{
integer = new BigInteger(l, random).SetBit(l - 1);
}while (WNafUtilities.GetNafWeight(integer) < num2);
return(integer);
}
BigInteger two = BigInteger.Two;
int m = dhParams.M;
if (m != 0)
{
two = BigInteger.One.ShiftLeft(m - 1);
}
BigInteger q = dhParams.Q;
if (q == null)
{
q = dhParams.P;
}
BigInteger max = q.Subtract(BigInteger.Two);
int num4 = max.BitLength >> 2;
do
{
integer5 = BigIntegers.CreateRandomInRange(two, max, random);
}while (WNafUtilities.GetNafWeight(integer5) < num4);
return(integer5);
}
internal BigInteger CalculatePrivate(DHParameters dhParams, SecureRandom random)
{
int l = dhParams.L;
if (l != 0)
{
int num = l >> 2;
BigInteger bigInteger;
do
{
bigInteger = new BigInteger(l, random).SetBit(l - 1);
}while (WNafUtilities.GetNafWeight(bigInteger) < num);
return(bigInteger);
}
BigInteger min = BigInteger.Two;
int m = dhParams.M;
if (m != 0)
{
min = BigInteger.One.ShiftLeft(m - 1);
}
BigInteger bigInteger2 = dhParams.Q;
if (bigInteger2 == null)
{
bigInteger2 = dhParams.P;
}
BigInteger bigInteger3 = bigInteger2.Subtract(BigInteger.Two);
int num2 = bigInteger3.BitLength >> 2;
BigInteger bigInteger4;
do
{
bigInteger4 = BigIntegers.CreateRandomInRange(min, bigInteger3, random);
}while (WNafUtilities.GetNafWeight(bigInteger4) < num2);
return(bigInteger4);
}
public BigInteger GenerateRandom()
{
BigInteger d;
int minWeight = curve.N.BitLength >> 2;
for (; ;)
{
d = new BigInteger(curve.N.BitLength, random);
if (d.CompareTo(BigInteger.Two) < 0 || d.CompareTo(curve.N) >= 0)
{
continue;
}
if (WNafUtilities.GetNafWeight(d) < minWeight)
{
continue;
}
break;
}
return(d);
}
/*
* Finds a pair of prime BigInteger's {p, q: p = 2q + 1}
*
* (see: Handbook of Applied Cryptography 4.86)
*/
internal static BigInteger[] GenerateSafePrimes(int size, int certainty, SecureRandom random)
{
BigInteger p, q;
int qLength = size - 1;
int minWeight = size >> 2;
if (size <= 32)
{
for (;;)
{
q = new BigInteger(qLength, 2, random);
p = q.ShiftLeft(1).Add(BigInteger.One);
if (!p.IsProbablePrime(certainty, true))
{
continue;
}
if (certainty > 2 && !q.IsProbablePrime(certainty, true))
{
continue;
}
break;
}
}
else
{
// Note: Modified from Java version for speed
for (;;)
{
q = new BigInteger(qLength, 0, random);
retry:
for (int i = 0; i < primeLists.Length; ++i)
{
int test = q.Remainder(BigPrimeProducts[i]).IntValue;
if (i == 0)
{
int rem3 = test % 3;
if (rem3 != 2)
{
int diff = 2 * rem3 + 2;
q = q.Add(BigInteger.ValueOf(diff));
test = (test + diff) % primeProducts[i];
}
}
int[] primeList = primeLists[i];
for (int j = 0; j < primeList.Length; ++j)
{
int prime = primeList[j];
int qRem = test % prime;
if (qRem == 0 || qRem == (prime >> 1))
{
q = q.Add(Six);
goto retry;
}
}
}
if (q.BitLength != qLength)
{
continue;
}
if (!q.RabinMillerTest(2, random, true))
{
continue;
}
p = q.ShiftLeft(1).Add(BigInteger.One);
if (!p.RabinMillerTest(certainty, random, true))
{
continue;
}
if (certainty > 2 && !q.RabinMillerTest(certainty - 2, random, true))
{
continue;
}
/*
* Require a minimum weight of the NAF representation, since low-weight primes may be
* weak against a version of the number-field-sieve for the discrete-logarithm-problem.
*
* See "The number field sieve for integers of low weight", Oliver Schirokauer.
*/
if (WNafUtilities.GetNafWeight(p) < minWeight)
{
continue;
}
break;
}
}
return(new BigInteger[] { p, q });
}
internal static BigInteger[] GenerateSafePrimes(int size, int certainty, SecureRandom random)
{
int num = size - 1;
int num2 = size >> 2;
BigInteger bigInteger;
BigInteger bigInteger2;
if (size <= 32)
{
while (true)
{
bigInteger = new BigInteger(num, 2, random);
bigInteger2 = bigInteger.ShiftLeft(1).Add(BigInteger.One);
if (bigInteger2.IsProbablePrime(certainty))
{
if (certainty <= 2 || bigInteger.IsProbablePrime(certainty - 2))
{
break;
}
}
}
}
else
{
while (true)
{
bigInteger = new BigInteger(num, 0, random);
while (true)
{
IL_51:
for (int i = 0; i < DHParametersHelper.primeLists.Length; i++)
{
int num3 = bigInteger.Remainder(DHParametersHelper.BigPrimeProducts[i]).IntValue;
if (i == 0)
{
int num4 = num3 % 3;
if (num4 != 2)
{
int num5 = 2 * num4 + 2;
bigInteger = bigInteger.Add(BigInteger.ValueOf((long)num5));
num3 = (num3 + num5) % DHParametersHelper.primeProducts[i];
}
}
int[] array = DHParametersHelper.primeLists[i];
for (int j = 0; j < array.Length; j++)
{
int num6 = array[j];
int num7 = num3 % num6;
if (num7 == 0 || num7 == num6 >> 1)
{
bigInteger = bigInteger.Add(DHParametersHelper.Six);
goto IL_51;
}
}
}
break;
}
if (bigInteger.BitLength == num && bigInteger.RabinMillerTest(2, random))
{
bigInteger2 = bigInteger.ShiftLeft(1).Add(BigInteger.One);
if (bigInteger2.RabinMillerTest(certainty, random) && (certainty <= 2 || bigInteger.RabinMillerTest(certainty - 2, random)) && WNafUtilities.GetNafWeight(bigInteger2) >= num2)
{
break;
}
}
}
}
return(new BigInteger[]
{
bigInteger2,
bigInteger
});
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
BigInteger integer2;
BigInteger n = this.parameters.N;
int num = n.BitLength >> 2;
do
{
integer2 = new BigInteger(n.BitLength, this.random);
}while (((integer2.CompareTo(BigInteger.Two) < 0) || (integer2.CompareTo(n) >= 0)) || (WNafUtilities.GetNafWeight(integer2) < num));
ECPoint q = this.CreateBasePointMultiplier().Multiply(this.parameters.G, integer2);
if (this.publicKeyParamSet != null)
{
return(new AsymmetricCipherKeyPair(new ECPublicKeyParameters(this.algorithm, q, this.publicKeyParamSet), new ECPrivateKeyParameters(this.algorithm, integer2, this.publicKeyParamSet)));
}
return(new AsymmetricCipherKeyPair(new ECPublicKeyParameters(this.algorithm, q, this.parameters), new ECPrivateKeyParameters(this.algorithm, integer2, this.parameters)));
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
BigInteger n = parameters.N;
int num = n.BitLength >> 2;
BigInteger bigInteger;
do
{
bigInteger = new BigInteger(n.BitLength, random);
}while (bigInteger.CompareTo(BigInteger.Two) < 0 || bigInteger.CompareTo(n) >= 0 || WNafUtilities.GetNafWeight(bigInteger) < num);
ECPoint q = CreateBasePointMultiplier().Multiply(parameters.G, bigInteger);
if (publicKeyParamSet != null)
{
return(new AsymmetricCipherKeyPair(new ECPublicKeyParameters(algorithm, q, publicKeyParamSet), new ECPrivateKeyParameters(algorithm, bigInteger, publicKeyParamSet)));
}
return(new AsymmetricCipherKeyPair(new ECPublicKeyParameters(algorithm, q, parameters), new ECPrivateKeyParameters(algorithm, bigInteger, parameters)));
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
AsymmetricCipherKeyPair result = null;
bool done = false;
//
// p and q values should have a length of half the strength in bits
//
int strength = param.Strength;
int pbitlength = (strength + 1) / 2;
int qbitlength = strength - pbitlength;
int mindiffbits = (strength / 2) - 100;
int minWeight = strength >> 2;
// for approved mode operation this will never happen, but in case
// someone is doing something "different" we make sure mindiffbits is
// always sensible.
if (mindiffbits < strength / 3)
{
mindiffbits = strength / 3;
}
// d lower bound is 2^(strength / 2)
BigInteger dLowerBound = BigInteger.Two.Pow(strength / 2);
// squared bound (sqrt(2)*2^(nlen/2-1))^2
BigInteger squaredBound = BigInteger.One.ShiftLeft(strength - 1);
// 2^(nlen/2 - 100)
BigInteger minDiff = BigInteger.One.ShiftLeft(mindiffbits);
while (!done)
{
BigInteger p, q, n, d, e, pSub1, qSub1, gcd, lcm;
e = param.PublicExponent;
p = chooseRandomPrime(pbitlength, e, squaredBound);
//
// generate a modulus of the required length
//
for (;;)
{
q = chooseRandomPrime(qbitlength, e, squaredBound);
// p and q should not be too close together (or equal!)
BigInteger diff = q.Subtract(p).Abs();
if (diff.BitLength < mindiffbits || diff.CompareTo(minDiff) <= 0)
{
continue;
}
//
// calculate the modulus
//
n = p.Multiply(q);
if (n.BitLength != strength)
{
//
// if we get here our primes aren't big enough, make the largest
// of the two p and try again
//
p = p.Max(q);
continue;
}
/*
* Require a minimum weight of the NAF representation, since low-weight composites may
* be weak against a version of the number-field-sieve for factoring.
*
* See "The number field sieve for integers of low weight", Oliver Schirokauer.
*/
if (WNafUtilities.GetNafWeight(n) < minWeight)
{
p = chooseRandomPrime(pbitlength, e, squaredBound);
continue;
}
break;
}
if (p.CompareTo(q) < 0)
{
gcd = p;
p = q;
q = gcd;
}
pSub1 = p.Subtract(BigInteger.One);
qSub1 = q.Subtract(BigInteger.One);
gcd = pSub1.Gcd(qSub1);
lcm = pSub1.Divide(gcd).Multiply(qSub1);
//
// calculate the private exponent
//
d = e.ModInverse(lcm);
if (d.CompareTo(dLowerBound) <= 0)
{
continue;
}
else
{
done = true;
}
//
// calculate the CRT factors
//
BigInteger dP, dQ, qInv;
dP = d.Remainder(pSub1);
dQ = d.Remainder(qSub1);
qInv = q.ModInverse(p);
result = new AsymmetricCipherKeyPair(
new RsaKeyParameters(false, n, e),
new RsaPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv));
}
return(result);
}
internal static BigInteger[] GenerateSafePrimes(int size, int certainty, SecureRandom random)
{
int num = size - 1;
int num2 = size >> 2;
BigInteger bigInteger;
BigInteger bigInteger2;
if (size <= 32)
{
do
{
bigInteger = new BigInteger(num, 2, (Random)(object)random);
bigInteger2 = bigInteger.ShiftLeft(1).Add(BigInteger.One);
}while (!bigInteger2.IsProbablePrime(certainty, randomlySelected: true) || (certainty > 2 && !bigInteger.IsProbablePrime(certainty, randomlySelected: true)));
}
else
{
while (true)
{
bigInteger = new BigInteger(num, 0, (Random)(object)random);
while (true)
{
for (int i = 0; i < primeLists.Length; i++)
{
int num3 = bigInteger.Remainder(BigPrimeProducts[i]).IntValue;
if (i == 0)
{
int num4 = num3 % 3;
if (num4 != 2)
{
int num5 = 2 * num4 + 2;
bigInteger = bigInteger.Add(BigInteger.ValueOf(num5));
num3 = (num3 + num5) % primeProducts[i];
}
}
int[] array = primeLists[i];
foreach (int num6 in array)
{
int num7 = num3 % num6;
if (num7 == 0 || num7 == num6 >> 1)
{
goto IL_00cd;
}
}
}
break;
IL_00cd:
bigInteger = bigInteger.Add(Six);
}
if (bigInteger.BitLength == num && bigInteger.RabinMillerTest(2, (Random)(object)random, randomlySelected: true))
{
bigInteger2 = bigInteger.ShiftLeft(1).Add(BigInteger.One);
if (bigInteger2.RabinMillerTest(certainty, (Random)(object)random, randomlySelected: true) && (certainty <= 2 || bigInteger.RabinMillerTest(certainty - 2, (Random)(object)random, randomlySelected: true)) && WNafUtilities.GetNafWeight(bigInteger2) >= num2)
{
break;
}
}
}
}
return(new BigInteger[2] {
bigInteger2, bigInteger
});
}
public override AsymmetricCipherKeyPair GenerateKeyPair()
{
for (; ;)
{
//
// p and q values should have a length of half the strength in bits
//
int strength = this.parameters.Strength;
int pBitLength = (strength + 1) / 2;
int qBitLength = strength - pBitLength;
int mindiffbits = strength / 3;
int minWeight = strength >> 2;
if ((pBitLength % 8 != 0) || (qBitLength % 8 != 0))
{
throw new Exception($"The bitlength of both p and q must be a multilple of 8.");
}
byte[] pBytes = this.generatorKey.Take(pBitLength / 8).ToArray();
BigInteger pStartValue = new BigInteger(+1, pBytes);
byte[] qBytes = this.generatorKey.Skip(Math.Max(0, this.generatorKey.Count() - (qBitLength / 8))).ToArray();
BigInteger qStartValue = new BigInteger(+1, qBytes);
BigInteger e = this.parameters.PublicExponent;
// p should always be higher than q
if (pStartValue.CompareTo(qStartValue) < 0)
{
BigInteger temp = pStartValue;
pStartValue = qStartValue;
qStartValue = temp;
}
BigInteger p = ChooseNthPrime(pStartValue, e, +1, pBitLength);
BigInteger q = ChooseNthPrime(qStartValue, e, -1, qBitLength);
BigInteger n;
//
// generate a modulus of the required length
//
bool changeP = false;
for (; ;)
{
if (changeP)
{
p = ChooseNthPrime(p, e, +1, pBitLength);
}
else
{
q = ChooseNthPrime(q, e, -1, qBitLength);
}
changeP = !changeP;
// p and q should not be too close together (or equal!)
BigInteger diff = p.Subtract(q).Abs();
if (diff.BitLength < mindiffbits)
{
Console.WriteLine($" -NOTE- The difference between the two primes are only {diff.BitLength} and the requirement is {mindiffbits}. Retrying...");
continue;
}
//
// calculate the modulus
//
n = p.Multiply(q);
if (n.BitLength != strength)
{
//
// if we get here our primes aren't big enough, make the largest
// of the two p and try again
//
Console.WriteLine($" -NOTE- The modulus bit strength is {n.BitLength} and the requirement is {strength}. Retrying...");
if (!p.TestBit(p.BitLength - 2))
{
p = p.SetBit(p.BitLength - 2);
changeP = true;
}
else if (!q.TestBit(q.BitLength - 2))
{
q = q.SetBit(q.BitLength - 2);
changeP = false;
}
continue;
}
/*
* Require a minimum weight of the NAF representation, since low-weight composites may
* be weak against a version of the number-field-sieve for factoring.
*
* See "The number field sieve for integers of low weight", Oliver Schirokauer.
*/
if (WNafUtilities.GetNafWeight(n) < minWeight)
{
Console.WriteLine($" -NOTE- The NAF weight is {WNafUtilities.GetNafWeight(n)} and the requirement is {minWeight}. Retrying...");
continue;
}
break;
}
if (p.CompareTo(q) < 0)
{
BigInteger tmp = p;
p = q;
q = tmp;
}
BigInteger pSub1 = p.Subtract(One);
BigInteger qSub1 = q.Subtract(One);
//BigInteger phi = pSub1.Multiply(qSub1);
BigInteger gcd = pSub1.Gcd(qSub1);
BigInteger lcm = pSub1.Divide(gcd).Multiply(qSub1);
//
// calculate the private exponent
//
BigInteger d = e.ModInverse(lcm);
if (d.BitLength <= qBitLength)
{
continue;
}
//
// calculate the CRT factors
//
BigInteger dP = d.Remainder(pSub1);
BigInteger dQ = d.Remainder(qSub1);
BigInteger qInv = q.ModInverse(p);
return(new AsymmetricCipherKeyPair(
new RsaKeyParameters(false, n, e),
new RsaPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv)));
}
}
internal static BigInteger[] GenerateSafePrimes(int size, int certainty, SecureRandom random)
{
int num = size - 1;
int num2 = size >> 2;
BigInteger bigInteger;
BigInteger bigInteger2;
if (size > 32)
{
while (true)
{
bigInteger = new BigInteger(num, 0, random);
while (true)
{
for (int i = 0; i < primeLists.Length; i++)
{
int num3 = bigInteger.Remainder(BigPrimeProducts[i]).IntValue;
if (i == 0)
{
int num4 = num3 % 3;
if (num4 != 2)
{
int num5 = 2 * num4 + 2;
bigInteger = bigInteger.Add(BigInteger.ValueOf(num5));
num3 = (num3 + num5) % primeProducts[i];
}
}
int[] array = primeLists[i];
int num6 = 0;
while (num6 < array.Length)
{
int num7 = array[num6];
int num8 = num3 % num7;
if (num8 != 0 && num8 != num7 >> 1)
{
num6++;
continue;
}
goto IL_0103;
}
}
break;
IL_0103:
bigInteger = bigInteger.Add(Six);
}
if (bigInteger.BitLength == num && bigInteger.RabinMillerTest(2, random))
{
bigInteger2 = bigInteger.ShiftLeft(1).Add(BigInteger.One);
if (bigInteger2.RabinMillerTest(certainty, random) && (certainty <= 2 || bigInteger.RabinMillerTest(certainty - 2, random)) && WNafUtilities.GetNafWeight(bigInteger2) >= num2)
{
break;
}
}
}
}
else
{
do
{
bigInteger = new BigInteger(num, 2, random);
bigInteger2 = bigInteger.ShiftLeft(1).Add(BigInteger.One);
}while (!bigInteger2.IsProbablePrime(certainty) || (certainty > 2 && !bigInteger.IsProbablePrime(certainty - 2)));
}
return(new BigInteger[2]
{
bigInteger2,
bigInteger
});
}
public virtual AsymmetricCipherKeyPair GenerateKeyPair()
{
for (;;)
{
//
// p and q values should have a length of half the strength in bits
//
int strength = parameters.Strength;
int pBitlength = (strength + 1) / 2;
int qBitlength = strength - pBitlength;
int mindiffbits = strength / 3;
int minWeight = strength >> 2;
BigInteger e = parameters.PublicExponent;
// TODO Consider generating safe primes for p, q (see DHParametersHelper.generateSafePrimes)
// (then p-1 and q-1 will not consist of only small factors - see "Pollard's algorithm")
BigInteger p = ChooseRandomPrime(pBitlength, e);
BigInteger q, n;
//
// generate a modulus of the required length
//
for (;;)
{
q = ChooseRandomPrime(qBitlength, e);
// p and q should not be too close together (or equal!)
BigInteger diff = q.Subtract(p).Abs();
if (diff.BitLength < mindiffbits)
{
continue;
}
//
// calculate the modulus
//
n = p.Multiply(q);
if (n.BitLength != strength)
{
//
// if we get here our primes aren't big enough, make the largest
// of the two p and try again
//
p = p.Max(q);
continue;
}
/*
* Require a minimum weight of the NAF representation, since low-weight composites may
* be weak against a version of the number-field-sieve for factoring.
*
* See "The number field sieve for integers of low weight", Oliver Schirokauer.
*/
if (WNafUtilities.GetNafWeight(n) < minWeight)
{
p = ChooseRandomPrime(pBitlength, e);
continue;
}
break;
}
if (p.CompareTo(q) < 0)
{
BigInteger tmp = p;
p = q;
q = tmp;
}
BigInteger pSub1 = p.Subtract(One);
BigInteger qSub1 = q.Subtract(One);
//BigInteger phi = pSub1.Multiply(qSub1);
BigInteger gcd = pSub1.Gcd(qSub1);
BigInteger lcm = pSub1.Divide(gcd).Multiply(qSub1);
//
// calculate the private exponent
//
BigInteger d = e.ModInverse(lcm);
if (d.BitLength <= qBitlength)
{
continue;
}
//
// calculate the CRT factors
//
BigInteger dP = d.Remainder(pSub1);
BigInteger dQ = d.Remainder(qSub1);
BigInteger qInv = q.ModInverse(p);
return(new AsymmetricCipherKeyPair(
new RsaKeyParameters(false, n, e),
new RsaPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv)));
}
}
internal static BigInteger[] GenerateSafePrimes(int size, int certainty, SecureRandom random)
{
BigInteger integer;
BigInteger integer2;
int num3;
int bitLength = size - 1;
int num2 = size >> 2;
if (size <= 0x20)
{
while (true)
{
integer2 = new BigInteger(bitLength, 2, random);
integer = integer2.ShiftLeft(1).Add(BigInteger.One);
if (integer.IsProbablePrime(certainty, true) && ((certainty <= 2) || integer2.IsProbablePrime(certainty, true)))
{
goto Label_01B9;
}
}
}
Label_006F:
integer2 = new BigInteger(bitLength, 0, random);
Label_0078:
num3 = 0;
while (num3 < primeLists.Length)
{
int intValue = integer2.Remainder(BigPrimeProducts[num3]).IntValue;
if (num3 == 0)
{
int num5 = intValue % 3;
if (num5 != 2)
{
int num6 = (2 * num5) + 2;
integer2 = integer2.Add(BigInteger.ValueOf((long)num6));
intValue = (intValue + num6) % primeProducts[num3];
}
}
foreach (int num8 in primeLists[num3])
{
int num9 = intValue % num8;
if ((num9 == 0) || (num9 == (num8 >> 1)))
{
integer2 = integer2.Add(Six);
goto Label_0078;
}
}
num3++;
}
if ((integer2.BitLength != bitLength) || !integer2.RabinMillerTest(2, random, true))
{
goto Label_006F;
}
integer = integer2.ShiftLeft(1).Add(BigInteger.One);
if ((!integer.RabinMillerTest(certainty, random, true) || ((certainty > 2) && !integer2.RabinMillerTest(certainty - 2, random, true))) || (WNafUtilities.GetNafWeight(integer) < num2))
{
goto Label_006F;
}
Label_01B9:
return(new BigInteger[] { integer, integer2 });
}