private unsafe BigInteger OddPow (uint b, BigInteger exp) {
exp.Normalize ();
uint [] wkspace = new uint [mod.length << 1 + 1];
BigInteger resultNum = Montgomery.ToMont ((BigInteger)b, this.mod);
resultNum = new BigInteger (resultNum, mod.length << 1 +1);
uint mPrime = Montgomery.Inverse (mod.data [0]);
uint pos = (uint)exp.bitCount () - 2;
//
// We know that the first itr will make the val b
//
do {
//
// r = r ^ 2 % m
//
Kernel.SquarePositive (resultNum, ref wkspace);
resultNum = Montgomery.Reduce (resultNum, mod, mPrime);
if (exp.testBit (pos)) {
//
// r = r * b % m
//
// TODO: Is Unsafe really speeding things up?
fixed (uint* u = resultNum.data) {
uint i = 0;
ulong mc = 0;
do {
mc += (ulong)u [i] * (ulong)b;
u [i] = (uint)mc;
mc >>= 32;
} while (++i < resultNum.length);
if (resultNum.length < mod.length) {
if (mc != 0) {
u [i] = (uint)mc;
resultNum.length++;
while (resultNum >= mod)
Kernel.MinusEq (resultNum, mod);
}
} else if (mc != 0) {
//
// First, we estimate the quotient by dividing
// the first part of each of the numbers. Then
// we correct this, if necessary, with a subtraction.
//
uint cc = (uint)mc;
// We would rather have this estimate overshoot,
// so we add one to the divisor
uint divEstimate = (uint) ((((ulong)cc << 32) | (ulong) u [i -1]) /
(mod.data [mod.length-1] + 1));
uint t;
i = 0;
mc = 0;
do {
mc += (ulong)mod.data [i] * (ulong)divEstimate;
t = u [i];
u [i] -= (uint)mc;
mc >>= 32;
if (u [i] > t) mc++;
i++;
} while (i < resultNum.length);
cc -= (uint)mc;
if (cc != 0) {
uint sc = 0, j = 0;
uint [] s = mod.data;
do {
uint a = s [j];
if (((a += sc) < sc) | ((u [j] -= a) > ~a)) sc = 1;
else sc = 0;
j++;
} while (j < resultNum.length);
cc -= sc;
}
while (resultNum >= mod)
Kernel.MinusEq (resultNum, mod);
} else {
while (resultNum >= mod)
Kernel.MinusEq (resultNum, mod);
}
}
}
} while (pos-- > 0);
resultNum = Montgomery.Reduce (resultNum, mod, mPrime);
return resultNum;
}
private BigInteger OddPow (BigInteger b, BigInteger exp) {
BigInteger resultNum = new BigInteger (Montgomery.ToMont (1, mod), mod.length << 1);
BigInteger tempNum = new BigInteger (Montgomery.ToMont (b, mod), mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint mPrime = Montgomery.Inverse (mod.data [0]);
uint totalBits = (uint)exp.bitCount ();
uint [] wkspace = new uint [mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++) {
if (exp.testBit (pos)) {
Array.Clear (wkspace, 0, wkspace.Length);
Kernel.Multiply (resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint [] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
Montgomery.Reduce (resultNum, mod, mPrime);
}
Kernel.SquarePositive (tempNum, ref wkspace);
Montgomery.Reduce (tempNum, mod, mPrime);
}
Montgomery.Reduce (resultNum, mod, mPrime);
return resultNum;
}
private unsafe BigInteger OddModTwoPow (BigInteger exp) {
uint [] wkspace = new uint [mod.length << 1 + 1];
BigInteger resultNum = Montgomery.ToMont ((BigInteger)2, this.mod);
resultNum = new BigInteger (resultNum, mod.length << 1 +1);
uint mPrime = Montgomery.Inverse (mod.data [0]);
//
// TODO: eat small bits, the ones we can do with no modular reduction
//
uint pos = (uint)exp.bitCount () - 2;
do {
Kernel.SquarePositive (resultNum, ref wkspace);
resultNum = Montgomery.Reduce (resultNum, mod, mPrime);
if (exp.testBit (pos)) {
//
// resultNum = (resultNum * 2) % mod
//
fixed (uint* u = resultNum.data) {
//
// Double
//
uint* uu = u;
uint* uuE = u + resultNum.length;
uint x, carry = 0;
while (uu < uuE) {
x = *uu;
*uu = (x << 1) | carry;
carry = x >> (32 - 1);
uu++;
}
// subtraction inlined because we know it is square
if (carry != 0 || resultNum >= mod) {
fixed (uint* s = mod.data) {
uu = u;
uint c = 0;
uint* ss = s;
do {
uint a = *ss++;
if (((a += c) < c) | ((* (uu++) -= a) > ~a))
c = 1;
else
c = 0;
} while (uu < uuE);
}
}
}
}
} while (pos-- > 0);
resultNum = Montgomery.Reduce (resultNum, mod, mPrime);
return resultNum;
}
public BigInteger EvenPow (BigInteger b, BigInteger exp) {
BigInteger resultNum = new BigInteger ((BigInteger)1, mod.length << 1);
BigInteger tempNum = new BigInteger (b % mod, mod.length << 1); // ensures (tempNum * tempNum) < b^ (2k)
uint totalBits = (uint)exp.bitCount ();
uint [] wkspace = new uint [mod.length << 1];
// perform squaring and multiply exponentiation
for (uint pos = 0; pos < totalBits; pos++) {
if (exp.testBit (pos)) {
Array.Clear (wkspace, 0, wkspace.Length);
Kernel.Multiply (resultNum.data, 0, resultNum.length, tempNum.data, 0, tempNum.length, wkspace, 0);
resultNum.length += tempNum.length;
uint [] t = wkspace;
wkspace = resultNum.data;
resultNum.data = t;
BarrettReduction (resultNum);
}
Kernel.SquarePositive (tempNum, ref wkspace);
BarrettReduction (tempNum);
if (tempNum == 1) {
return resultNum;
}
}
return resultNum;
}
/// <summary>
/// Creates a new RSA secret key and returns it as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.
/// </summary>
/// <remarks>
/// Creates a new RSA secret key and returns it as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.<br></br>
/// The order of the public components is n, e.
/// The order of the secret components is d, p,
/// q and u.
/// </remarks>
/// <param name="nbits">The size of the key in bits.</param>
/// <returns>A new RSA secret key as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.<br></br>
/// The order of the public components is n, e.
/// The order of the secret components is d, p,
/// q and u.</returns>
/// <exception cref="System.ArgumentException">Throws an
/// Argumentexception if the keysize is not between 768
/// and 4096 bits.</exception>
public override BigInteger[][] Generate(int nbits)
{
BigInteger p, q; /* the two primes */
BigInteger d; /* the private key */
BigInteger u;
BigInteger t1, t2;
BigInteger n = new BigInteger(); /* the public key */
BigInteger e; /* the exponent */
BigInteger phi; /* helper: (p-1)(q-1) */
BigInteger g;
BigInteger f;
Random rand = new Random();
if ((nbits < 768) || (nbits > 4096))
throw new ArgumentException("Only keysizes betwen 768 and 4096 bit are allowed!");
/* make sure that nbits is even so that we generate p, q of equal size */
if ( (nbits&1)==1 )
nbits++;
do {
/* select two (very secret) primes */
p = new BigInteger();
q = new BigInteger();
p = BigInteger.genPseudoPrime(nbits / 2);
q = BigInteger.genPseudoPrime(nbits / 2);
/* p shall be smaller than q (for calc of u)*/
if (q > p) {
BigInteger tmp = p;
p = q;
q = tmp;
}
/* calculate the modulus */
n = p * q;
} while ( n.bitCount() != nbits );
/* calculate Euler totient: phi = (p-1)(q-1) */
t1 = p - new BigInteger(1);
t2 = q - new BigInteger(1);
phi = t1 * t2;
g = t1.gcd(t2);
f = phi / g;
/* find an public exponent.
We use 41 as this is quite fast and more secure than the
commonly used 17.
*/
e = new BigInteger(41);
t1 = e.gcd(phi);
if( t1 != new BigInteger(1) ) {
e = new BigInteger(257);
t1 = e.gcd(phi);
if( t1 != new BigInteger(1) ) {
e = new BigInteger(65537);
t1 = e.gcd(phi);
/* (while gcd is not 1) */
while( t1 != new BigInteger(1) ) {
e += 2;
t1 = e.gcd(phi);
}
}
}
/* calculate the secret key d = e^1 mod phi */
d = e.modInverse(f);
/* calculate the inverse of p and q (used for chinese remainder theorem)*/
u = p.modInverse(q);
RSA_Secret_Key sk = new RSA_Secret_Key();
sk.n = n;
sk.e = e;
sk.p = p;
sk.q = q;
sk.d = d;
sk.u = u;
this.biGeneratedKey = ParseSecretKey(sk);
return this.biGeneratedKey;
/* now we can test our keys (this should never fail!) */
// test_keys( sk, nbits - 64 );
}
