public override bool Equals(object obj)
{
RSAPublicKey p = obj as RSAPublicKey;
if (p == null)
{
return(false);
}
return(BigInt.Compare(mod, p.mod) == 0 &&
BigInt.Compare(e, p.e) == 0);
}
internal bool Equals(ECCurvePrime curve)
{
if (this == curve)
{
return(true);
}
return(BigInt.Compare(mod, curve.mod) == 0 &&
BigInt.Compare(a, curve.a) == 0 &&
BigInt.Compare(b, curve.b) == 0 &&
BigInt.Compare(gx, curve.gx) == 0 &&
BigInt.Compare(gy, curve.gy) == 0);
}
public static bool Verify(RSAPublicKey pk,
byte[] header, byte[] headerAlt,
byte[] hash, int hashOff, int hashLen,
byte[] sig, int sigOff, int sigLen)
{
/*
* Signature must be an integer less than the modulus,
* but encoded over exactly the same size as the modulus.
*/
byte[] n = pk.Modulus;
int modLen = n.Length;
if (sigLen != modLen)
{
return(false);
}
byte[] x = new byte[modLen];
Array.Copy(sig, sigOff, x, 0, modLen);
if (BigInt.Compare(x, n) >= 0)
{
return(false);
}
/*
* Do the RSA exponentation, then verify and remove the
* "Type 1" padding (00 01 FF...FF 00 with at least
* eight bytes of value FF).
*/
x = BigInt.ModPow(x, pk.Exponent, n);
if (x.Length < 11 || x[0] != 0x00 || x[1] != 0x01)
{
return(false);
}
int k = 2;
while (k < x.Length && x[k] == 0xFF)
{
k++;
}
if (k < 10 || k == x.Length || x[k] != 0x00)
{
return(false);
}
k++;
/*
* Check that the remaining byte end with the provided
* hash value.
*/
int len = modLen - k;
if (len < hashLen)
{
return(false);
}
for (int i = 0; i < hashLen; i++)
{
if (x[modLen - hashLen + i] != hash[hashOff + i])
{
return(false);
}
}
len -= hashLen;
/*
* Header is at offset 'k', and length 'len'. Compare
* with the provided header(s).
*/
if (Eq(header, 0, header.Length, x, k, len))
{
return(true);
}
if (headerAlt != null)
{
if (Eq(headerAlt, 0, headerAlt.Length, x, k, len))
{
return(true);
}
}
return(false);
}
/*
* Create a new instance with the provided elements. Values are
* in unsigned big-endian representation.
*
* n modulus
* e public exponent
* d private exponent
* p first modulus factor
* q second modulus factor
* dp d mod (p-1)
* dq d mod (q-1)
* iq (1/q) mod p
*
* Rules verified by this constructor:
* n must be odd and at least 512 bits
* e must be odd
* p must be odd
* q must be odd
* p and q are greater than 1
* n is equal to p*q
* dp must be non-zero and lower than p-1
* dq must be non-zero and lower than q-1
* iq must be non-zero and lower than p
*
* This constructor does NOT verify that:
* p and q are prime
* d is equal to dp modulo p-1
* d is equal to dq modulo q-1
* dp is the inverse of e modulo p-1
* dq is the inverse of e modulo q-1
* iq is the inverse of q modulo p
*/
public RSAPrivateKey(byte[] n, byte[] e, byte[] d,
byte[] p, byte[] q, byte[] dp, byte[] dq, byte[] iq)
{
n = BigInt.NormalizeBE(n);
e = BigInt.NormalizeBE(e);
d = BigInt.NormalizeBE(d);
p = BigInt.NormalizeBE(p);
q = BigInt.NormalizeBE(q);
dp = BigInt.NormalizeBE(dp);
dq = BigInt.NormalizeBE(dq);
iq = BigInt.NormalizeBE(iq);
if (n.Length < 64 || (n.Length == 64 && n[0] < 0x80))
{
throw new CryptoException(
"Invalid RSA private key (less than 512 bits)");
}
if (!BigInt.IsOdd(n))
{
throw new CryptoException(
"Invalid RSA private key (even modulus)");
}
if (!BigInt.IsOdd(e))
{
throw new CryptoException(
"Invalid RSA private key (even exponent)");
}
if (!BigInt.IsOdd(p) || !BigInt.IsOdd(q))
{
throw new CryptoException(
"Invalid RSA private key (even factor)");
}
if (BigInt.IsOne(p) || BigInt.IsOne(q))
{
throw new CryptoException(
"Invalid RSA private key (trivial factor)");
}
if (BigInt.Compare(n, BigInt.Mul(p, q)) != 0)
{
throw new CryptoException(
"Invalid RSA private key (bad factors)");
}
if (dp.Length == 0 || dq.Length == 0)
{
throw new CryptoException(
"Invalid RSA private key"
+ " (null reduced private exponent)");
}
/*
* We can temporarily modify p[] and q[] (to compute
* p-1 and q-1) since these are freshly produced copies.
*/
p[p.Length - 1]--;
q[q.Length - 1]--;
if (BigInt.Compare(dp, p) >= 0 || BigInt.Compare(dq, q) >= 0)
{
throw new CryptoException(
"Invalid RSA private key"
+ " (oversized reduced private exponent)");
}
p[p.Length - 1]++;
q[q.Length - 1]++;
if (iq.Length == 0 || BigInt.Compare(iq, p) >= 0)
{
throw new CryptoException(
"Invalid RSA private key"
+ " (out of range CRT coefficient)");
}
this.n = n;
this.e = e;
this.d = d;
this.p = p;
this.q = q;
this.dp = dp;
this.dq = dq;
this.iq = iq;
}
