def generate_c(bits, randfunc, progress_func = None): # Generate the prime factors of n if progress_func: progress_func('p,q\n') p = q = 1L while number.size(p*q) < bits: p = pubkey.getPrime(bits/2, randfunc) q = pubkey.getPrime(bits/2, randfunc) # p shall be smaller than q (for calc of u) if p > q: (p, q)=(q, p) if progress_func: progress_func('u\n') u=pubkey.inverse(p, q) n=p*q e = 65537L if progress_func: progress_func('d\n') d=pubkey.inverse(e, (p-1)*(q-1)) key = _fastmath.rsa_construct(n,e,d,p,q,u) obj = RSAobj_c(key) ## print p ## print q ## print number.size(p), number.size(q), number.size(q*p), ## print obj.size(), bits assert bits <= 1+obj.size(), "Generated key is too small" return obj
def generate(nbits, randfunc, progress_func=None): obj=RSAobj() # Throughout this function, the idiom `(expr + 7) >> 3' is used to get # ceil(expr / 8). p_wanted_nbits = (nbits >> 1) pstr_wanted_len = (p_wanted_nbits + 7) >> 3 qstr_wanted_len = ((nbits >> 1) + 7 - 3 + 3 + 17 + 7) >> 3 # + 7 for the maximum value of difference; # - 3 for the foo handling below; # + 3 for the value of difference; # + 17 for the value of e_start; # + 7 for round-up division by 8. rand_str = randfunc(pstr_wanted_len + qstr_wanted_len) p_str = rand_str[:pstr_wanted_len] q_str_high = rand_str[pstr_wanted_len:-3] # Recycle a few bits. For justification, see comments in getPrimeFromLong, # especially the last paragraph. q_low_byte = ord(rand_str[-3]) q_low_byte ^= (q_low_byte >> 1) q_low_byte ^= (ord(p_str[-1]) >> 2) # p is from the first (nbits>>1) bits of p_str. # q is from the first ((nbits>>1) + difference) bits of # (q_str_high + chr(q_low_byte)), where difference in [0, 7]. # difference is from bits [nbits>>1, (nbits>>1) + 3) of rand_str. # Use the low 17+3 bits for e_start and difference. exp_diff = (ord(rand_str[-1]) + (ord(rand_str[-2]) << 8) + (ord(rand_str[-3]) << 16)) difference = exp_diff & 7 e_start = (exp_diff >> 3) & ((1 << 17) - 1) p_discard_nbits = (pstr_wanted_len << 3) - p_wanted_nbits p_start = number.bytestolong(p_str) >> p_discard_nbits q_wanted_nbits = (nbits >> 1) + difference q_discard_nbits = ((qstr_wanted_len - 2) << 3) - q_wanted_nbits q_start = number.bytestolong(q_str_high + chr(q_low_byte)) >> q_discard_nbits # Generate the prime factors of n if progress_func: apply(progress_func, ('p\n',)) obj.p=pubkey.getPrimeFromLong(p_start) if progress_func: apply(progress_func, ('q\n',)) obj.q=pubkey.getPrimeFromLong(q_start) obj.n=obj.p*obj.q # Generate encryption exponent if progress_func: apply(progress_func, ('e\n',)) obj.e=pubkey.getPrimeFromLong(long(e_start)) if progress_func: apply(progress_func, ('d\n',)) obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1)) return obj
def generate(bits, randfunc, progress_func=None): """generate(bits:int, randfunc:callable, progress_func:callable) Generate an RSA key of length 'bits', using 'randfunc' to get random data and 'progress_func', if present, to display the progress of the key generation. """ obj=RSAobj() # Generate the prime factors of n if progress_func: progress_func('p,q\n') p = q = 1L while number.size(p*q) < bits: p = pubkey.getPrime(bits/2, randfunc) q = pubkey.getPrime(bits/2, randfunc) # p shall be smaller than q (for calc of u) if p > q: (p, q)=(q, p) obj.p = p obj.q = q if progress_func: progress_func('u\n') obj.u = pubkey.inverse(obj.p, obj.q) obj.n = obj.p*obj.q obj.e = 65537L if progress_func: progress_func('d\n') obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1)) assert bits <= 1+obj.size(), "Generated key is too small" return obj
def construct(tuple): """construct(tuple:(long,) : RSAobj Construct an RSA object from a 2-, 3-, 5-, or 6-tuple of numbers. """ obj=RSAobj() if len(tuple) not in [2,3,5,6]: raise error, 'argument for construct() wrong length' for i in range(len(tuple)): field = obj.keydata[i] setattr(obj, field, tuple[i]) if len(tuple) >= 5: # Ensure p is smaller than q if obj.p>obj.q: (obj.p, obj.q)=(obj.q, obj.p) if len(tuple) == 5: # u not supplied, so we're going to have to compute it. obj.u=pubkey.inverse(obj.p, obj.q) return obj
def _unblind(self, M, B): tmp = pubkey.inverse(B, self.n) return (M * tmp) % self.n