internal void NextK(byte[] k)
{
for (;;)
{
drbg.GetBytes(k);
BigInt.RShift(k, (k.Length << 3) - qlen);
if (!BigInt.IsZero(k) && BigInt.CompareCT(k, q) < 0)
{
return;
}
}
}
/*
* Create a new instance with the provided element (unsigned,
* big-endian). This constructor checks the following rules:
*
* the modulus size must be at least 512 bits
* the modulus must be odd
* the exponent must be odd and greater than 1
*/
public RSAPublicKey(byte[] modulus, byte[] exponent)
{
mod = BigInt.NormalizeBE(modulus, false);
e = BigInt.NormalizeBE(exponent, false);
if (mod.Length < 64 || (mod.Length == 64 && mod[0] < 0x80))
{
throw new CryptoException(
"Invalid RSA public key (less than 512 bits)");
}
if ((mod[mod.Length - 1] & 0x01) == 0)
{
throw new CryptoException(
"Invalid RSA public key (even modulus)");
}
if (BigInt.IsZero(e))
{
throw new CryptoException(
"Invalid RSA public key (exponent is zero)");
}
if (BigInt.IsOne(e))
{
throw new CryptoException(
"Invalid RSA public key (exponent is one)");
}
if ((e[e.Length - 1] & 0x01) == 0)
{
throw new CryptoException(
"Invalid RSA public key (even exponent)");
}
/*
* A simple hash code that will work well because RSA
* keys are in practice quite randomish.
*/
hashCode = (int)(BigInt.HashInt(modulus)
^ BigInt.HashInt(exponent));
}