felixm
/
cryptopals
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
cryptopals/src/rsa.rs

149 lines
4.4 KiB
Rust
Raw Blame History

use num_bigint::BigUint;
use num_bigint::RandBigInt;
use openssl::bn::BigNum;
use openssl::bn::BigNumContext;
use openssl::error::ErrorStack;
#[derive(Clone)]
pub struct PublicKey(pub BigUint);
#[derive(Clone)]
pub struct PrivateKey(pub BigUint);
#[derive(Clone)]
pub struct Keypair {
pub private: PrivateKey,
pub public: PublicKey,
}
impl Keypair {
pub fn make(p: &BigUint, g: &BigUint) -> Self {
let mut rng = rand::thread_rng();
let private = rng.gen_biguint_below(p);
let public = g.modpow(&private, p);
Self {
private: PrivateKey(private),
public: PublicKey(public),
}
}
}
pub struct RsaPublicKey {
pub e: BigNum,
pub n: BigNum,
}
pub struct RsaPrivateKey {
d: BigNum,
n: BigNum,
}
pub fn rsa_gen_keys() -> Result<(RsaPublicKey, RsaPrivateKey), ErrorStack> {
let mut ctx = BigNumContext::new()?;
// Generate 2 random primes. We'll use small numbers to start, so you can just pick them out of a prime table. Call them "p" and "q".
let mut p = BigNum::new()?;
let mut q = BigNum::new()?;
p.generate_prime(256, true, None, None)?;
q.generate_prime(256, true, None, None)?;
// Let n be p * q. Your RSA math is modulo n.
let mut n = BigNum::new()?;
n.checked_mul(&p, &q, &mut ctx)?;
// This is stupid but I couldn't figure out how to clone a bignum so we do this.
let mut n2 = BigNum::new()?;
n2.checked_mul(&p, &q, &mut ctx)?;
// Let et be (p-1)*(q-1) (the "totient"). You need this value only for keygen.
let mut et = BigNum::new()?;
q.sub_word(1)?;
p.sub_word(1)?;
et.checked_mul(&p, &q, &mut ctx)?;
// Let e be 3.
// Compute d = invmod(e, et). invmod(17, 3120) is 2753.
let e = BigNum::from_u32(3)?;
let d = invmod(&e, &et)?;
// Your public key is [e, n]. Your private key is [d, n].
Ok((RsaPublicKey { e, n }, RsaPrivateKey { d, n: n2 }))
}
pub fn invmod(a: &BigNum, n: &BigNum) -> Result<BigNum, ErrorStack> {
fn extended_gcd(a: BigNum, b: BigNum) -> Result<(BigNum, BigNum, BigNum), ErrorStack> {
// credit: https://www.dcode.fr/extended-gcd
// r1 = b, r2 = a, u1 = 0, v1 = 1, u2 = 1, v2 = 0
let mut r1 = b;
let mut r2 = a;
let mut u1 = BigNum::from_u32(0)?;
let mut v1 = BigNum::from_u32(1)?;
let mut u2 = BigNum::from_u32(1)?;
let mut v2 = BigNum::from_u32(0)?;
// while (r2! = 0) do
while r2.num_bits() != 0 {
// q = r1 ÷ r2 (integer division)
let q = &r1 / &r2;
// r3 = r1, u3 = u1, v3 = v1,
let r3 = r1;
let u3 = u1;
let v3 = v1;
// r1 = r2, u1 = u2, v1 = v2,
r1 = r2;
u1 = u2;
v1 = v2;
// r2 = r3 - q * r2, u2 = u3 - q * u2, v2 = v3 - q * v2
r2 = &r3 - &(&q * &r1);
u2 = &u3 - &(&q * &u1);
v2 = &v3 - &(&q * &v1);
}
// return (r1, u1, v1) (r1 natural integer and u1, v1 rational integers)
Ok((r1, u1, v1))
}
// No, couldn't think of a worse way to do that.
let a_cloned = BigNum::from_hex_str(&a.to_hex_str()?)?;
let n_cloned = BigNum::from_hex_str(&n.to_hex_str()?)?;
let (_, u1, _) = extended_gcd(a_cloned, n_cloned)?;
let r_manual = &(&(&u1 % n) + n) % n;
let mut ctx = BigNumContext::new()?;
let mut r = BigNum::new()?;
r.mod_inverse(&a, &n, &mut ctx)?;
assert_eq!(r_manual, r, "invmod implementation incorrect");
Ok(r_manual)
}
pub fn rsa_encrypt(m: &BigNum, p: &RsaPublicKey) -> Result<BigNum, ErrorStack> {
let mut ctx = BigNumContext::new()?;
let mut c = BigNum::new()?;
// To encrypt: c = m**e%n.
c.mod_exp(&m, &p.e, &p.n, &mut ctx)?;
Ok(c)
}
pub fn rsa_decrypt(c: &BigNum, p: &RsaPrivateKey) -> Result<BigNum, ErrorStack> {
let mut ctx = BigNumContext::new()?;
let mut m = BigNum::new()?;
// To decrypt: m = c**d%n.
m.mod_exp(&c, &p.d, &p.n, &mut ctx)?;
Ok(m)
}
pub fn rsa_encrypt_str(m: &str, p: &RsaPublicKey) -> Result<BigNum, ErrorStack> {
// Finally, to encrypt a string, do something cheesy.
let m = BigNum::from_slice(&m.as_bytes())?;
assert!(m < p.n);
rsa_encrypt(&m, p)
}
pub fn rsa_decrypt_str(c: &BigNum, p: &RsaPrivateKey) -> Result<String, ErrorStack> {
let m = rsa_decrypt(c, p)?;
Ok(String::from(std::str::from_utf8(&m.to_vec()).unwrap()))
}
Reference in New Issue View Git Blame Copy Permalink