def generate_c(bits, randfunc, progress_func = None):
# Generate the prime factors of n
if progress_func:
progress_func('p,q\n')
p = q = 1L
while number.size(p*q) < bits:
p = pubkey.getPrime(bits/2, randfunc)
q = pubkey.getPrime(bits/2, randfunc)
# p shall be smaller than q (for calc of u)
if p > q:
(p, q)=(q, p)
if progress_func:
progress_func('u\n')
u=pubkey.inverse(p, q)
n=p*q
e = 65537L
if progress_func:
progress_func('d\n')
d=pubkey.inverse(e, (p-1)*(q-1))
key = _fastmath.rsa_construct(n,e,d,p,q,u)
obj = RSAobj_c(key)
## print p
## print q
## print number.size(p), number.size(q), number.size(q*p),
## print obj.size(), bits
assert bits <= 1+obj.size(), "Generated key is too small"
return obj
def generate(nbits, randfunc, progress_func=None):
obj=RSAobj()
# Throughout this function, the idiom `(expr + 7) >> 3' is used to get
# ceil(expr / 8).
p_wanted_nbits = (nbits >> 1)
pstr_wanted_len = (p_wanted_nbits + 7) >> 3
qstr_wanted_len = ((nbits >> 1) + 7 - 3 + 3 + 17 + 7) >> 3
# + 7 for the maximum value of difference;
# - 3 for the foo handling below;
# + 3 for the value of difference;
# + 17 for the value of e_start;
# + 7 for round-up division by 8.
rand_str = randfunc(pstr_wanted_len + qstr_wanted_len)
p_str = rand_str[:pstr_wanted_len]
q_str_high = rand_str[pstr_wanted_len:-3]
# Recycle a few bits. For justification, see comments in getPrimeFromLong,
# especially the last paragraph.
q_low_byte = ord(rand_str[-3])
q_low_byte ^= (q_low_byte >> 1)
q_low_byte ^= (ord(p_str[-1]) >> 2)
# p is from the first (nbits>>1) bits of p_str.
# q is from the first ((nbits>>1) + difference) bits of
# (q_str_high + chr(q_low_byte)), where difference in [0, 7].
# difference is from bits [nbits>>1, (nbits>>1) + 3) of rand_str.
# Use the low 17+3 bits for e_start and difference.
exp_diff = (ord(rand_str[-1])
+ (ord(rand_str[-2]) << 8)
+ (ord(rand_str[-3]) << 16))
difference = exp_diff & 7
e_start = (exp_diff >> 3) & ((1 << 17) - 1)
p_discard_nbits = (pstr_wanted_len << 3) - p_wanted_nbits
p_start = number.bytestolong(p_str) >> p_discard_nbits
q_wanted_nbits = (nbits >> 1) + difference
q_discard_nbits = ((qstr_wanted_len - 2) << 3) - q_wanted_nbits
q_start = number.bytestolong(q_str_high + chr(q_low_byte)) >> q_discard_nbits
# Generate the prime factors of n
if progress_func: apply(progress_func, ('p\n',))
obj.p=pubkey.getPrimeFromLong(p_start)
if progress_func: apply(progress_func, ('q\n',))
obj.q=pubkey.getPrimeFromLong(q_start)
obj.n=obj.p*obj.q
# Generate encryption exponent
if progress_func: apply(progress_func, ('e\n',))
obj.e=pubkey.getPrimeFromLong(long(e_start))
if progress_func: apply(progress_func, ('d\n',))
obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1))
return obj
def generate(bits, randfunc, progress_func=None):
"""generate(bits:int, randfunc:callable, progress_func:callable)
Generate an RSA key of length 'bits', using 'randfunc' to get
random data and 'progress_func', if present, to display
the progress of the key generation.
"""
obj=RSAobj()
# Generate the prime factors of n
if progress_func:
progress_func('p,q\n')
p = q = 1L
while number.size(p*q) < bits:
p = pubkey.getPrime(bits/2, randfunc)
q = pubkey.getPrime(bits/2, randfunc)
# p shall be smaller than q (for calc of u)
if p > q:
(p, q)=(q, p)
obj.p = p
obj.q = q
if progress_func:
progress_func('u\n')
obj.u = pubkey.inverse(obj.p, obj.q)
obj.n = obj.p*obj.q
obj.e = 65537L
if progress_func:
progress_func('d\n')
obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1))
assert bits <= 1+obj.size(), "Generated key is too small"
return obj
def construct(tuple):
"""construct(tuple:(long,) : RSAobj
Construct an RSA object from a 2-, 3-, 5-, or 6-tuple of numbers.
"""
obj=RSAobj()
if len(tuple) not in [2,3,5,6]:
raise error, 'argument for construct() wrong length'
for i in range(len(tuple)):
field = obj.keydata[i]
setattr(obj, field, tuple[i])
if len(tuple) >= 5:
# Ensure p is smaller than q
if obj.p>obj.q:
(obj.p, obj.q)=(obj.q, obj.p)
if len(tuple) == 5:
# u not supplied, so we're going to have to compute it.
obj.u=pubkey.inverse(obj.p, obj.q)
return obj
def _unblind(self, M, B):
tmp = pubkey.inverse(B, self.n)
return (M * tmp) % self.n
