140 lines
3.5 KiB
C#
140 lines
3.5 KiB
C#
using System;
|
|
|
|
using Org.BouncyCastle.Crypto;
|
|
using Org.BouncyCastle.Crypto.Parameters;
|
|
using Org.BouncyCastle.Math;
|
|
|
|
namespace Org.BouncyCastle.Crypto.Generators
|
|
{
|
|
/**
|
|
* an RSA key pair generator.
|
|
*/
|
|
public class RsaKeyPairGenerator
|
|
: IAsymmetricCipherKeyPairGenerator
|
|
{
|
|
private static readonly BigInteger DefaultPublicExponent = BigInteger.ValueOf(0x10001);
|
|
private const int DefaultTests = 12;
|
|
|
|
private RsaKeyGenerationParameters param;
|
|
|
|
public void Init(
|
|
KeyGenerationParameters parameters)
|
|
{
|
|
if (parameters is RsaKeyGenerationParameters)
|
|
{
|
|
this.param = (RsaKeyGenerationParameters)parameters;
|
|
}
|
|
else
|
|
{
|
|
this.param = new RsaKeyGenerationParameters(
|
|
DefaultPublicExponent, parameters.Random, parameters.Strength, DefaultTests);
|
|
}
|
|
}
|
|
|
|
public AsymmetricCipherKeyPair GenerateKeyPair()
|
|
{
|
|
BigInteger p, q, n, d, e, pSub1, qSub1, phi;
|
|
|
|
//
|
|
// p and q values should have a length of half the strength in bits
|
|
//
|
|
int strength = param.Strength;
|
|
int pbitlength = (strength + 1) / 2;
|
|
int qbitlength = (strength - pbitlength);
|
|
int mindiffbits = strength / 3;
|
|
|
|
e = param.PublicExponent;
|
|
|
|
// TODO Consider generating safe primes for p, q (see DHParametersHelper.generateSafePrimes)
|
|
// (then p-1 and q-1 will not consist of only small factors - see "Pollard's algorithm")
|
|
|
|
//
|
|
// Generate p, prime and (p-1) relatively prime to e
|
|
//
|
|
for (;;)
|
|
{
|
|
p = new BigInteger(pbitlength, 1, param.Random);
|
|
|
|
if (p.Mod(e).Equals(BigInteger.One))
|
|
continue;
|
|
|
|
if (!p.IsProbablePrime(param.Certainty))
|
|
continue;
|
|
|
|
if (e.Gcd(p.Subtract(BigInteger.One)).Equals(BigInteger.One))
|
|
break;
|
|
}
|
|
|
|
//
|
|
// Generate a modulus of the required length
|
|
//
|
|
for (;;)
|
|
{
|
|
// Generate q, prime and (q-1) relatively prime to e,
|
|
// and not equal to p
|
|
//
|
|
for (;;)
|
|
{
|
|
q = new BigInteger(qbitlength, 1, param.Random);
|
|
|
|
if (q.Subtract(p).Abs().BitLength < mindiffbits)
|
|
continue;
|
|
|
|
if (q.Mod(e).Equals(BigInteger.One))
|
|
continue;
|
|
|
|
if (!q.IsProbablePrime(param.Certainty))
|
|
continue;
|
|
|
|
if (e.Gcd(q.Subtract(BigInteger.One)).Equals(BigInteger.One))
|
|
break;
|
|
}
|
|
|
|
//
|
|
// calculate the modulus
|
|
//
|
|
n = p.Multiply(q);
|
|
|
|
if (n.BitLength == param.Strength)
|
|
break;
|
|
|
|
//
|
|
// if we Get here our primes aren't big enough, make the largest
|
|
// of the two p and try again
|
|
//
|
|
p = p.Max(q);
|
|
}
|
|
|
|
if (p.CompareTo(q) < 0)
|
|
{
|
|
phi = p;
|
|
p = q;
|
|
q = phi;
|
|
}
|
|
|
|
pSub1 = p.Subtract(BigInteger.One);
|
|
qSub1 = q.Subtract(BigInteger.One);
|
|
phi = pSub1.Multiply(qSub1);
|
|
|
|
//
|
|
// calculate the private exponent
|
|
//
|
|
d = e.ModInverse(phi);
|
|
|
|
//
|
|
// calculate the CRT factors
|
|
//
|
|
BigInteger dP, dQ, qInv;
|
|
|
|
dP = d.Remainder(pSub1);
|
|
dQ = d.Remainder(qSub1);
|
|
qInv = q.ModInverse(p);
|
|
|
|
return new AsymmetricCipherKeyPair(
|
|
new RsaKeyParameters(false, n, e),
|
|
new RsaPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv));
|
|
}
|
|
}
|
|
|
|
}
|