/**
* An implementation of the RSASP method: Assuming that the designated
* RSA private key is a valid one, this method computes a signature
* representative for a designated message representative signed
* by the holder of the designated RSA private key.
*
* @param K the RSA private key.
* @param m the message representative: an integer between
* 0 and n - 1, where n
* is the RSA modulus.
* @return the signature representative, an integer between
* 0 and n - 1, where n
* is the RSA modulus.
*/
public static BigInteger RSASP1(RSAKey K, BigInteger m)
{
// 1. If the representative c is not between 0 and n - 1, output
// "representative out of range" and stop.
BigInteger n = K.getModulus();
if (m.CompareTo(BigInteger.Zero) < 0 || m.CompareTo(n - BigInteger.One) > 0)
throw new ArgumentException();
// 2. The representative m is computed as follows.
BigInteger result;
// a. If the first form (n, d) of K is used, let m = c^d mod n.
BigInteger d = K.getExponent();
result = BigInteger.ModPow(m, d, n);
// 3. Output m
return result;
}
private void btnGeneratePublicKey_Click(object sender, EventArgs e)
{
BigInteger p = PrimeNumberGenerator.GenerateLargePrime(155);
BigInteger q = PrimeNumberGenerator.GenerateLargePrime(152);
BigInteger n = p * q;
BigInteger publ_e = PrimeNumberGenerator.GenerateLargePrime(6);
RSAKey publicKey = new RSAKey(n, publ_e);
inputPublicModulus.Text = publicKey.getModulus().ToString();
inputPublicExponent.Text = publicKey.getExponent().ToString();
}
private void btnGeneratePrivateKey_Click(object sender, EventArgs e)
{
RSAKey privateKey;
RSAKey publicKey;
BigInteger encrypted;
BigInteger decrypted;
BigInteger test = new BigInteger(11);
do
{
BigInteger p = PrimeNumberGenerator.GenerateLargePrime(155);
BigInteger q = PrimeNumberGenerator.GenerateLargePrime(152);
BigInteger n = p * q;
BigInteger fi = (p - 1) * (q - 1);
BigInteger publ_e = genCoPrime(fi);
BigInteger d = modInverse(publ_e, fi);
privateKey = new RSAKey(n, d);
publicKey = new RSAKey(n, publ_e);
encrypted = RSAPKCS1V1_5Signature.RSASP1(privateKey, test);
decrypted = RSAPKCS1V1_5Signature.RSAVP1(publicKey, encrypted);
} while (test != decrypted);
//BigInteger n = BigInteger.Parse("145906768007583323230186939349070635292401872375357164399581871019873438799005358938369571402670149802121818086292467422828157022922076746906543401224889672472407926969987100581290103199317858753663710862357656510507883714297115637342788911463535102712032765166518411726859837988672111837205085526346618740053");
//BigInteger publ_e = BigInteger.Parse("65537");
//BigInteger d = BigInteger.Parse("89489425009274444368228545921773093919669586065884257445497854456487674839629818390934941973262879616797970608917283679875499331574161113854088813275488110588247193077582527278437906504015680623423550067240042466665654232383502922215493623289472138866445818789127946123407807725702626644091036502372545139713");
inputPrivateModulus.Text = privateKey.getModulus().ToString();
inputPrivateExponent.Text = privateKey.getExponent().ToString();
inputPublicModulus.Text = publicKey.getModulus().ToString();
inputPublicExponent.Text = publicKey.getExponent().ToString();
}
/**
* Signature verification operation.
*
* @param K signer's RSA public key
* @param M message whose signature is to be verified, an octet string
* @param S signature to be verified, an octet string of length k, where
* k is the length in octets of the RSA modulus n
*
* @return true/false - "valid signature"/"invalid signature"
*/
public static bool verify(RSAKey K, String M, byte[] S)
{
// 1. Length checking: If the length of the signature S is not k octets,
// output "invalid signature" and stop.
int modBits = bitLength(K.getModulus());
int k = (modBits + 7) / 8;
if (S.Length != k)
return false;
// 2. RSA verification:
// a. Convert the signature S to an integer signature representative
// s (see Section 4.2): s = OS2IP (S).
BigInteger s = OS2IP(S);
// b. Apply the RSAVP1 verification primitive (Section 5.2.2) to the
// RSA public key (n, e) and the signature representative s to
// produce an integer message representative m:
// m = RSAVP1 ((n, e), s).
// If RSAVP1 outputs "signature representative out of range,"
// output "invalid signature" and stop.
BigInteger m;
try
{
m = RSAVP1(K, s);
}
catch (ArgumentException x)
{
return false;
}
// c. Convert the message representative m to an encoded message EM
// of length k octets (see Section 4.1): EM = I2OSP (m, k).
// If I2OSP outputs "integer too large," output "invalid signature"
// and stop.
byte[] EM;
try
{
EM = I2OSP(m, k);
}
catch (ArgumentException x)
{
return false;
}
// 3. EMSA-PKCS1-v1_5 encoding: Apply the EMSA-PKCS1-v1_5 encoding
// operation (Section 9.2) to the message M to produce a second
// encoded message EM' of length k octets:
// EM' = EMSA-PKCS1-V1_5-ENCODE (M, k).
// If the encoding operation outputs "message too long," output
// "message too long" and stop. If the encoding operation outputs
// "intended encoded message length too short," output "RSA modulus
// too short" and stop.
byte[] EMp = EMSA_PKCS1_V1_5_ENCODE(M, k).Reverse().ToArray();
// 4. Compare the encoded message EM and the second encoded message EM'.
// If they are the same, output "valid signature"; otherwise, output
// "invalid signature."
for (int i = 0; i < EM.Length; i++)
{
if (EM[i] != EMp[i])
{
return false;
}
}
return true;
}
/**
* Signature generation operation.
*
* @param K signer's RSA private key
* @param M message to be signed, an octet string
* @return signature, an octet string of length k, where k is the length in octets of the RSA modulus n
*/
public static byte[] sign(RSAKey K, String M)
{
// 1. EMSA-PKCS1-v1_5 encoding: Apply the EMSA-PKCS1-v1_5 encoding
// operation (Section 9.2) to the message M to produce an encoded
// message EM of length k octets:
//
// EM = EMSA-PKCS1-V1_5-ENCODE (M, k).
//
// If the encoding operation outputs "message too long," output
// "message too long" and stop. If the encoding operation outputs
// "intended encoded message length too short," output "RSA modulus
// too short" and stop.
int modBits = bitLength(K.getModulus());
int k = (modBits + 7) / 8;
byte[] EM = EMSA_PKCS1_V1_5_ENCODE(M, k);
BigInteger test = OS2IP(EM);
// 2. RSA signature:
// a. Convert the encoded message EM to an integer message epresentative
// m (see Section 4.2): m = OS2IP (EM).
BigInteger m = OS2IP(EM);
// b. Apply the RSASP1 signature primitive (Section 5.2.1) to the RSA
// private key K and the message representative m to produce an
// integer signature representative s: s = RSASP1 (K, m).
BigInteger s = RSASP1(K, m);
// c. Convert the signature representative s to a signature S of length
// k octets (see Section 4.1): S = I2OSP (s, k).
// 3. Output the signature S.
return I2OSP(s, k);
}
/**
* An implementation of the RSAVP method: Assuming that the designated
* RSA public key is a valid one, this method computes a message
* representative for the designated signature representative
* generated by an RSA private key, for a message intended for the holder of
* the designated RSA public key.
*
* @param K the RSA public key.
* @param s the signature representative, an integer between
* 0 and n - 1, where n is the RSA modulus.
* @return a message representative: an integer between 0
* and n - 1, where n is the RSA modulus.
*/
public static BigInteger RSAVP1(RSAKey K, BigInteger s)
{
// 1. If the representative m is not between 0 and n - 1, output
// "representative out of range" and stop.
BigInteger n = K.getModulus();
if (s.CompareTo(BigInteger.Zero) < 0 || s.CompareTo(n - BigInteger.One) > 0)
throw new ArgumentException();
// 2. Let c = m^e mod n.
BigInteger e = K.getExponent();
BigInteger result = BigInteger.ModPow(s, e, n); ;
// 3. Output c.
return result;
}