|
public ModInverse ( |
||
| m | ||
| return | ||
public BigInteger ModInverse(
BigInteger m)
{
if (m.sign < 1)
throw new ArithmeticException("Modulus must be positive");
// TODO Too slow at the moment
// // "Fast Key Exchange with Elliptic Curve Systems" R.Schoeppel
// if (m.TestBit(0))
// {
// //The Almost Inverse Algorithm
// int k = 0;
// BigInteger B = One, C = Zero, F = this, G = m, tmp;
//
// for (;;)
// {
// // While F is even, do F=F/u, C=C*u, k=k+1.
// int zeroes = F.GetLowestSetBit();
// if (zeroes > 0)
// {
// F = F.ShiftRight(zeroes);
// C = C.ShiftLeft(zeroes);
// k += zeroes;
// }
//
// // If F = 1, then return B,k.
// if (F.Equals(One))
// {
// BigInteger half = m.Add(One).ShiftRight(1);
// BigInteger halfK = half.ModPow(BigInteger.ValueOf(k), m);
// return B.Multiply(halfK).Mod(m);
// }
//
// if (F.CompareTo(G) < 0)
// {
// tmp = G; G = F; F = tmp;
// tmp = B; B = C; C = tmp;
// }
//
// F = F.Add(G);
// B = B.Add(C);
// }
// }
BigInteger x;
BigInteger gcd = ExtEuclid(this.Mod(m), m, out x);
if (!gcd.Equals(One))
throw new ArithmeticException("Numbers not relatively prime.");
if (x.sign < 0)
{
x = x.Add(m);
}
return x;
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
BigInteger p, q, n, d, e, pSub1, qSub1, phi;
//
// p and q values should have a length of half the strength in bits
//
int strength = param.Strength;
int pbitlength = (strength + 1) / 2;
int qbitlength = (strength - pbitlength);
int mindiffbits = strength / 3;
e = param.PublicExponent;
// TODO Consider generating safe primes for p, q (see DHParametersHelper.generateSafePrimes)
// (then p-1 and q-1 will not consist of only small factors - see "Pollard's algorithm")
//
// Generate p, prime and (p-1) relatively prime to e
//
for (;;)
{
p = new BigInteger(pbitlength, 1, param.Random);
if (p.Mod(e).Equals(BigInteger.One))
continue;
if (!p.IsProbablePrime(param.Certainty))
continue;
if (e.Gcd(p.Subtract(BigInteger.One)).Equals(BigInteger.One))
break;
}
//
// Generate a modulus of the required length
//
for (;;)
{
// Generate q, prime and (q-1) relatively prime to e,
// and not equal to p
//
for (;;)
{
q = new BigInteger(qbitlength, 1, param.Random);
if (q.Subtract(p).Abs().BitLength < mindiffbits)
continue;
if (q.Mod(e).Equals(BigInteger.One))
continue;
if (!q.IsProbablePrime(param.Certainty))
continue;
if (e.Gcd(q.Subtract(BigInteger.One)).Equals(BigInteger.One))
break;
}
//
// calculate the modulus
//
n = p.Multiply(q);
if (n.BitLength == param.Strength)
break;
//
// if we Get here our primes aren't big enough, make the largest
// of the two p and try again
//
p = p.Max(q);
}
if (p.CompareTo(q) < 0)
{
phi = p;
p = q;
q = phi;
}
pSub1 = p.Subtract(BigInteger.One);
qSub1 = q.Subtract(BigInteger.One);
phi = pSub1.Multiply(qSub1);
//
// calculate the private exponent
//
d = e.ModInverse(phi);
//
// calculate the CRT factors
//
BigInteger dP, dQ, qInv;
dP = d.Remainder(pSub1);
dQ = d.Remainder(qSub1);
qInv = q.ModInverse(p);
return new AsymmetricCipherKeyPair(
new RsaKeyParameters(false, n, e),
new RsaPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv));
}
