init: v1.0.0
This commit is contained in:
yaole
@@ -0,0 +1,130 @@
|
||||
//go:build gmp
|
||||
// +build gmp
|
||||
|
||||
package internal
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"io"
|
||||
"math/big"
|
||||
|
||||
"xdx.jelly/xgcl/api/common"
|
||||
"xdx.jelly/xgcl/internal/gmp"
|
||||
"xdx.jelly/xgcl/internal/randutil"
|
||||
)
|
||||
|
||||
type Int = gmp.Int
|
||||
|
||||
var bigOne = big.NewInt(1)
|
||||
|
||||
func FromBigInt(src *big.Int) *Int {
|
||||
dst := new(Int)
|
||||
dst.SetBytes(src.Bytes())
|
||||
return dst
|
||||
}
|
||||
|
||||
func IntoBigInt(src *Int) *big.Int {
|
||||
dst := new(big.Int)
|
||||
dst.SetBytes(src.Bytes())
|
||||
return dst
|
||||
}
|
||||
|
||||
func encrypt(c *big.Int, pub *PublicKey, m *big.Int) *big.Int {
|
||||
e := new(Int).SetInt64(int64(pub.E))
|
||||
cc := FromBigInt(c)
|
||||
cc.Exp(FromBigInt(m), e, FromBigInt(pub.N))
|
||||
c.SetBytes(cc.Bytes())
|
||||
return c
|
||||
}
|
||||
|
||||
// decrypt performs an RSA decryption, resulting in a plaintext integer. If a
|
||||
// random source is given, RSA blinding is used.
|
||||
func decrypt(random io.Reader, priv *PrivateKey, c *big.Int) (m *big.Int, err error) {
|
||||
// TODO(agl): can we get away with reusing blinds?
|
||||
if c.Cmp(priv.N) > 0 {
|
||||
err = common.SDR_KEYERR
|
||||
return
|
||||
}
|
||||
if priv.N.Sign() == 0 {
|
||||
return nil, common.SDR_KEYERR
|
||||
}
|
||||
|
||||
var ir *Int
|
||||
modulus := FromBigInt(priv.N)
|
||||
d := FromBigInt(priv.D)
|
||||
// if random != nil {
|
||||
if false {
|
||||
randutil.MaybeReadByte(random)
|
||||
|
||||
// Blinding enabled. Blinding involves multiplying c by r^e.
|
||||
// Then the decryption operation performs (m^e * r^e)^d mod n
|
||||
// which equals mr mod n. The factor of r can then be removed
|
||||
// by multiplying by the multiplicative inverse of r.
|
||||
var r *Int
|
||||
ir = new(Int)
|
||||
|
||||
for {
|
||||
var R *big.Int
|
||||
R, err = rand.Int(random, priv.N)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
if R.Sign() == 0 {
|
||||
R = bigOne
|
||||
}
|
||||
r = FromBigInt(R)
|
||||
ok := ir.ModInverse(r, modulus)
|
||||
if ok != nil {
|
||||
break
|
||||
}
|
||||
}
|
||||
bigE := new(Int).SetInt64(int64(priv.E))
|
||||
rpowe := new(Int).Exp(r, bigE, modulus) // N != 0
|
||||
cCopy := new(Int).Set(FromBigInt(c))
|
||||
cCopy.Mul(cCopy, rpowe)
|
||||
cCopy.Mod(cCopy, modulus)
|
||||
c = IntoBigInt(cCopy)
|
||||
}
|
||||
|
||||
var mm *Int
|
||||
if priv.Precomputed.Dp == nil {
|
||||
m = IntoBigInt(new(Int).Exp(FromBigInt(c), d, modulus))
|
||||
} else {
|
||||
// We have the precalculated values needed for the CRT.
|
||||
cc := FromBigInt(c)
|
||||
primes0 := FromBigInt(priv.Primes[0])
|
||||
primes1 := FromBigInt(priv.Primes[1])
|
||||
mm = new(Int).Exp(cc, FromBigInt(priv.Precomputed.Dp), primes0)
|
||||
mm2 := new(Int).Exp(cc, FromBigInt(priv.Precomputed.Dq), primes1)
|
||||
mm.Sub(mm, mm2)
|
||||
if mm.Sign() < 0 {
|
||||
mm.Add(mm, primes0)
|
||||
}
|
||||
mm.Mul(mm, FromBigInt(priv.Precomputed.Qinv))
|
||||
mm.Mod(mm, primes0)
|
||||
mm.Mul(mm, primes1)
|
||||
mm.Add(mm, mm2)
|
||||
|
||||
for i, values := range priv.Precomputed.CRTValues {
|
||||
prime := FromBigInt(priv.Primes[2+i])
|
||||
mm2.Exp(cc, FromBigInt(values.Exp), prime)
|
||||
mm2.Sub(mm2, mm)
|
||||
mm2.Mul(mm2, FromBigInt(values.Coeff))
|
||||
mm2.Mod(mm2, prime)
|
||||
if mm2.Sign() < 0 {
|
||||
mm2.Add(mm2, prime)
|
||||
}
|
||||
mm2.Mul(mm2, FromBigInt(values.R))
|
||||
mm.Add(mm, mm2)
|
||||
}
|
||||
}
|
||||
|
||||
if ir != nil {
|
||||
// Unblind.
|
||||
mm.Mul(mm, ir)
|
||||
mm.Mod(mm, modulus)
|
||||
}
|
||||
m = IntoBigInt(mm)
|
||||
|
||||
return
|
||||
}
|
||||
Reference in New Issue
Block a user