public void ModPow_0_Even ()
{
BigInteger x = new BigInteger (1);
BigInteger y = new BigInteger (0);
BigInteger z = x.ModPow (y, 1024);
Assert.AreEqual ("1", z.ToString (), "1 pow 0 == 1");
}
/* get plaintext using biginteger class. This is required because default int cannot handle large modpow function */
public byte[] getMyPlainText(int [] a, int d, int n)
{
int l = a.Length;
byte [] r = new byte[l];
for (int i = 0; i < a.Length; i++)
{
int temp = a[i];
/* if temp=199 which represents blankspace, handle it differently */
if (temp == 199 || temp == 200 || temp == 201)
{
r[i] = (byte)temp;
continue;
}
Mono.Math.BigInteger bi = temp;
bi = bi.ModPow(d, n);
string tempString = bi.ToString();
int g = Int32.Parse(tempString);
r[i] = (byte)g;
}
return(r);
}
public void WikipediaSanityChecks()
{
// http://en.wikipedia.org/wiki/RSA on 25 May 2009
var c = new BigInteger(855);
var d = new BigInteger(2753);
var n = new BigInteger(3233);
var m = c.ModPow(d, n);
Assert.AreEqual("123", m.ToString());
}
/// <summary>
/// Performs the RSA operation Result = <paramref name="message"/>^<paramref name="exponent"/> (mod <paramref name="modulus"/>).
/// </summary>
/// <param name="message">The message to perform the operation on.</param>
/// <param name="exponent">The exponent value to raise the message by.</param>
/// <param name="modulus">The modulus to divide the results by.</param>
/// <returns>The value C, such that C = <paramref name="message"/>^<paramref name="exponent"/> (mod <paramref name="modulus"/>).</returns>
public static byte[] PublicKeyOperation(byte[] message, byte[] exponent, byte[] modulus)
{
var m = new BigInteger(message);
var e = new BigInteger(exponent);
var n = new BigInteger(modulus);
var c = m.ModPow(e, n);
var resultBytes = c.GetBytes();
return resultBytes;
}
public static byte[] Calculate(BigInteger a, BigInteger b)
{
byte[] bytes;
lock (locker)
bytes = a.ModPow(b, prime).GetBytes();
if (bytes.Length < 96)
{
byte[] oldBytes = bytes;
bytes = new byte[96];
Array.Copy(oldBytes, 0, bytes, 96 - oldBytes.Length, oldBytes.Length);
for (int i = 0; i < (96 - oldBytes.Length); i++)
bytes[i] = 0;
}
return bytes;
}
public static byte[] GenerateSharedKey(byte[] publicKey, byte[] privateKey, byte[] prime)
{
byte[] publicKeyReversed = new byte[publicKey.Length];
Array.Copy(publicKey, publicKeyReversed, publicKeyReversed.Length);
Array.Reverse(publicKeyReversed);
BigInteger a = new BigInteger(publicKeyReversed);
BigInteger x = new BigInteger(privateKey);
BigInteger p = new BigInteger(prime);
BigInteger b = a.ModPow(x, p);
byte[] sharedKey = b.GetBytes();
Array.Reverse(sharedKey);
return sharedKey;
}
public override void ImportParameters (DSAParameters parameters)
{
if (m_disposed)
throw new ObjectDisposedException (Locale.GetText ("Keypair was disposed"));
// if missing "mandatory" parameters
if ((parameters.P == null) || (parameters.Q == null) || (parameters.G == null))
throw new CryptographicException (Locale.GetText ("Missing mandatory DSA parameters (P, Q or G)."));
// We can calculate Y from X, but both can't be missing
if ((parameters.X == null) && (parameters.Y == null))
throw new CryptographicException (Locale.GetText ("Missing both public (Y) and private (X) keys."));
p = new BigInteger (parameters.P);
q = new BigInteger (parameters.Q);
g = new BigInteger (parameters.G);
// optional parameter - private key
if (parameters.X != null)
x = new BigInteger (parameters.X);
else
x = null;
// we can calculate Y from X if required
if (parameters.Y != null)
y = new BigInteger (parameters.Y);
else
y = g.ModPow (x, p);
// optional parameter - pre-computation
if (parameters.J != null) {
j = new BigInteger (parameters.J);
} else {
j = (p - 1) / q;
j_missing = true;
}
// optional - seed and counter must both be present (or absent)
if (parameters.Seed != null) {
seed = new BigInteger (parameters.Seed);
counter = parameters.Counter;
}
else
seed = 0;
// we now have a keypair
keypairGenerated = true;
}
public BigInteger Encrypt(BigInteger plain)
{
return plain.ModPow (exponent, module);
}
public override byte[] EncryptValue (byte[] rgb)
{
if (m_disposed)
throw new ObjectDisposedException ("public key");
if (!keypairGenerated)
GenerateKeyPair ();
BigInteger input = new BigInteger (rgb);
BigInteger output = input.ModPow (e, n);
byte[] result = output.GetBytes ();
// zeroize value
input.Clear ();
output.Clear ();
return result;
}
public override byte[] DecryptValue (byte[] rgb)
{
if (m_disposed)
throw new ObjectDisposedException ("private key");
// decrypt operation is used for signature
if (!keypairGenerated)
GenerateKeyPair ();
BigInteger input = new BigInteger (rgb);
BigInteger r = null;
// we use key blinding (by default) against timing attacks
if (keyBlinding) {
// x = (r^e * g) mod n
// *new* random number (so it's timing is also random)
r = BigInteger.GenerateRandom (n.BitCount ());
input = r.ModPow (e, n) * input % n;
}
BigInteger output;
// decrypt (which uses the private key) can be
// optimized by using CRT (Chinese Remainder Theorem)
if (isCRTpossible) {
// m1 = c^dp mod p
BigInteger m1 = input.ModPow (dp, p);
// m2 = c^dq mod q
BigInteger m2 = input.ModPow (dq, q);
BigInteger h;
if (m2 > m1) {
// thanks to benm!
h = p - ((m2 - m1) * qInv % p);
output = m2 + q * h;
} else {
// h = (m1 - m2) * qInv mod p
h = (m1 - m2) * qInv % p;
// m = m2 + q * h;
output = m2 + q * h;
}
} else {
// m = c^d mod n
output = input.ModPow (d, n);
}
if (keyBlinding) {
// Complete blinding
// x^e / r mod n
output = output * r.ModInverse (n) % n;
r.Clear ();
}
byte[] result = output.GetBytes ();
// zeroize values
input.Clear ();
output.Clear ();
return result;
}
public override byte[] EncryptValue (byte[] rgb)
{
if (m_disposed)
throw new ObjectDisposedException ("public key");
if (!keypairGenerated)
GenerateKeyPair ();
BigInteger input = new BigInteger (rgb);
BigInteger output = input.ModPow (e, n);
// it's sometimes possible for the results to be a byte short
// and this can break some software (see #79502) so we 0x00 pad the result
byte[] result = GetPaddedValue (output, (KeySize >> 3));
// zeroize value
input.Clear ();
output.Clear ();
return result;
}
public override byte[] DecryptValue (byte[] rgb)
{
if (m_disposed)
throw new ObjectDisposedException ("private key");
// decrypt operation is used for signature
if (!keypairGenerated)
GenerateKeyPair ();
BigInteger input = new BigInteger (rgb);
BigInteger output;
// decrypt (which uses the private key) can be
// optimized by using CRT (Chinese Remainder Theorem)
if (isCRTpossible) {
// m1 = c^dp mod p
BigInteger m1 = input.ModPow (dp, p);
// m2 = c^dq mod q
BigInteger m2 = input.ModPow (dq, q);
BigInteger h;
if (m2 > m1) {
// thanks to benm!
h = p - ((m2 - m1) * qInv % p);
output = m2 + q * h;
}
else {
// h = (m1 - m2) * qInv mod p
h = (m1 - m2) * qInv % p;
// m = m2 + q * h;
output = m2 + q * h;
}
}
else {
// m = c^d mod n
output = input.ModPow (d, n);
}
byte[] result = output.GetBytes ();
// zeroize value
input.Clear ();
output.Clear ();
return result;
}
public void ModPow_3 ()
{
BigInteger b = new BigInteger (2);
BigInteger m = new BigInteger (myalias.Int32.MaxValue);
// after 62 we start loosing double precision and result will differ
for (int i = 1; i < 62; i++) {
long expected = (long) myalias.Math.Pow (2, i) % myalias.Int32.MaxValue;
BigInteger e = new BigInteger (i);
BigInteger r = b.ModPow (e, m);
Assert.AreEqual (expected.ToString (), r.ToString (), i.ToString ());
}
}
public void ModPow_2 ()
{
// #70169
BigInteger b = new BigInteger (10);
BigInteger m = new BigInteger (32);
// after 40 we start loosing double precision and result will differ
for (int i=1; i < 40; i++) {
BigInteger e = new BigInteger (i);
BigInteger r = e.ModPow (b, m);
long expected = (long) myalias.Math.Pow (i, 10) % 32;
Assert.AreEqual (expected.ToString (), r.ToString (), i.ToString ());
}
}
public override byte[] DecryptValue (byte[] rgb)
{
if (m_disposed)
throw new ObjectDisposedException ("private key");
// decrypt operation is used for signature
if (!keypairGenerated)
GenerateKeyPair ();
BigInteger input = new BigInteger (rgb);
BigInteger r = null;
// we use key blinding (by default) against timing attacks
if (keyBlinding) {
// x = (r^e * g) mod n
// *new* random number (so it's timing is also random)
r = BigInteger.GenerateRandom (n.BitCount ());
input = r.ModPow (e, n) * input % n;
}
BigInteger output;
// decrypt (which uses the private key) can be
// optimized by using CRT (Chinese Remainder Theorem)
if (isCRTpossible) {
// m1 = c^dp mod p
BigInteger m1 = input.ModPow (dp, p);
// m2 = c^dq mod q
BigInteger m2 = input.ModPow (dq, q);
BigInteger h;
if (m2 > m1) {
// thanks to benm!
h = p - ((m2 - m1) * qInv % p);
output = m2 + q * h;
} else {
// h = (m1 - m2) * qInv mod p
h = (m1 - m2) * qInv % p;
// m = m2 + q * h;
output = m2 + q * h;
}
} else if (!PublicOnly) {
// m = c^d mod n
output = input.ModPow (d, n);
} else {
throw new CryptographicException (Locale.GetText ("Missing private key to decrypt value."));
}
if (keyBlinding) {
// Complete blinding
// x^e / r mod n
output = output * r.ModInverse (n) % n;
r.Clear ();
}
// it's sometimes possible for the results to be a byte short
// and this can break some software (see #79502) so we 0x00 pad the result
byte[] result = GetPaddedValue (output, (KeySize >> 3));
// zeroize values
input.Clear ();
output.Clear ();
return result;
}
/// <summary>
/// Extracts secret information from the key exchange data.
/// </summary>
/// <param name="keyEx">The key exchange data within which the shared key is hidden.</param>
/// <returns>The shared key derived from the key exchange data.</returns>
public override byte[] DecryptKeyExchange(byte[] keyEx)
{
BigInteger pvr = new BigInteger(keyEx);
BigInteger z = pvr.ModPow(m_X, m_P);
byte[] ret = z.GetBytes();
z.Clear();
return ret;
}
//for that it s strange because it s a quite different of DecryptValue and encryptvalue
//but maybe it s the same thanks to math ;)
//so need to do some math to check...
public byte[] RSAExptmod(byte[] PacketIn, eRSAKeyFormat format)
{
BigInteger tmp, tmpa, tmpb;
//todo more check key generate format packet in and out null...
tmp = new BigInteger(PacketIn);
/* are we using the private exponent */
if (format == eRSAKeyFormat.PK_PRIVATE )
{
// m1 = c^dp mod p
tmpa = tmp.ModPow (dp, p);
tmpb = tmp.ModPow (dq, q);
tmp = (tmpa * qP + tmpb*pQ).ModPow (0, n);
}
else
{
tmp = tmp.ModPow (e, n);
}
/* convert it */
return tmp.GetBytes();
}
