refactor: reimplement rsa to be pkcs #1 v2.2 compliant

Author: NegaScout

Diff for: src/rsa.jl

@@ -18,9 +18,9 @@ struct RSAPrivateKey
     modulus::BigInt
     public_exponent::BigInt
     exponent::BigInt
-    primes::Tuple{BigInt,BigInt}
-    crt_exponents::Tuple{BigInt,BigInt}
-    crt_coefficients::Tuple{BigInt,BigInt}
+    primes::Vector{BigInt}
+    crt_exponents::Vector{BigInt}
+    crt_coefficients::Vector{BigInt}
 end
 
 """
@@ -48,19 +48,20 @@ const RSAKey = Union{RSAPrivateKey,RSAPublicKey}
 Fast implementation of the RSA exponentiation step when RSAPrivateKey is provided.
 It uses [Chinese remainer theorem](https://en.wikipedia.org/wiki/Chinese_remainder_theorem) for very fast `exp() mod n` calculations.
 """
-function RSAStep(::pkcs1_v1_5_t, msg::BigInt, key::RSAPrivateKey)
+function RSAEP(::pkcs1_v1_5_t, msg::BigInt, key::RSAPrivateKey)
     if !(0 <= msg < key.modulus)
         error("msg has to be 0 <= msg < n, got: msg = $msg, n = $key.modulus")
     end
-    return power_crt(
+    ret = power_crt(
         msg,
         key.primes[1],
         key.primes[2],
         key.crt_exponents[1],
-        key.crt_coefficients[1],
         key.crt_exponents[2],
         key.crt_coefficients[2],
     )
+    ret < 0 && (ret += msg) #???
+    return ret
 end
 
 """
@@ -70,13 +71,16 @@ RSA exponentiation step when only public key is available.
 Uses [repeated squares](https://en.wikipedia.org/wiki/Exponentiation_by_squaring)
 and other fast modulo exponentiation tricks in its GMP implementation (Base.GMP.MPZ.powm).
 """
-function RSAStep(::pkcs1_v1_5_t, msg::BigInt, key::RSAPublicKey)
+function RSADP(::pkcs1_v1_5_t, msg::BigInt, key::RSAPublicKey)
     if !(0 <= msg < key.modulus)
         error("msg has to be 0 <= msg < n, got: msg = $msg, n = $key.modulus")
     end
     return Base.GMP.MPZ.powm(msg, key.exponent, key.modulus)
 end
 
+RSAStep(a::pkcs1_v1_5_t, msg::BigInt, key::RSAPrivateKey) = RSAEP(a, msg, key)
+RSAStep(a::pkcs1_v1_5_t, msg::BigInt, key::RSAPublicKey) = RSADP(a, msg, key)
+
 """
     RSAStep(::pkcs1_v1_5_t, msg::AbstractVector{T}, key::RSAKey) where {T<:Base.BitInteger}
 
@@ -177,9 +181,11 @@ function generate_rsa_key_pair(::pkcs1_v1_5_t, bits::Integer)
     end
     d = BigInt()
     Base.GMP.MPZ.invert!(d, big"65537", carm_tot)
-    p_pow, q_param_p, q_pow, q_param_q = power_crt_components(d, p, q)
+    d_p, d_q, q_inv, p_inv = power_crt_components(d, p, q)
     return (
-        RSAPrivateKey(0, m, e, d, (p, q), (p_pow, q_pow), (q_param_p, q_param_q)),
+        RSAPrivateKey(0, m, e, d, [p, q],
+                                  [d_p, d_q],
+                                  [q_inv, p_inv]),
         RSAPublicKey(0, m, e),
     )
 end

Diff for: src/utils/number_theory.jl

@@ -1,31 +1,26 @@
 """
-    power_crt(
+    function power_crt(
         base::BigInt,
         p::BigInt,
         q::BigInt,
-        p_pow::BigInt,
-        q_param_p::BigInt,
-        q_pow::BigInt,
-        q_param_q::BigInt,
+        d_p::BigInt,
+        d_q::BigInt,
+        q_inv::BigInt,
     )
 
-Core implementation of exponentiation over modulus using [CRT](https://en.wikipedia.org/wiki/Chinese_remainder_theorem).
+CRT for PKCS #1 based parameters.
 """
 function power_crt(
     base::BigInt,
     p::BigInt,
     q::BigInt,
-    p_pow::BigInt,
-    q_param_p::BigInt,
-    q_pow::BigInt,
-    q_param_q::BigInt,
+    d_p::BigInt,
+    d_q::BigInt,
+    q_inv::BigInt,
 )
-    p_base = base % p
-    z_p_result = Base.GMP.MPZ.powm(p_base, p_pow, p)
-
-    q_base = base % q
-    z_q_result = Base.GMP.MPZ.powm(q_base, q_pow, q)
-    return (z_p_result * q_param_p + z_q_result * q_param_q) % (p * q)
+    m1 = Base.GMP.MPZ.powm(base, d_p, p)
+    m2 = Base.GMP.MPZ.powm(base, d_q, q)
+    return (m2 + ((m1 - m2) * q_inv) * q) % (p*q)
 end
 
 """
@@ -34,25 +29,30 @@ end
 Wrapper around core implementation, only for generating the parameters if they are not provided. 
 """
 function power_crt(base::BigInt, pow::BigInt, p::BigInt, q::BigInt)
-    p_pow, q_param_p, q_pow, q_param_q = power_crt_components(pow, p, q)
-    return power_crt(base, p, q, p_pow, q_param_p, q_pow, q_param_q)
+    d_p, d_q, q_inv, _ = power_crt_components(pow, p, q)
+    return power_crt(base, p, q, d_p, d_q, q_inv)
 end
 
 """
-    power_crt_components(pow::BigInt, p::BigInt, q::BigInt)
+    power_crt_components(d::BigInt, p::BigInt, q::BigInt)
 
-Utility function for calculating the [CRT](https://en.wikipedia.org/wiki/Chinese_remainder_theorem) parameters.
+Utility function for calculating dth power in p*q mod [CRT](https://en.wikipedia.org/wiki/Chinese_remainder_theorem) parameters for PKCS #1.
 """
-function power_crt_components(pow::BigInt, p::BigInt, q::BigInt)
-    p_pow = pow % (p - 1) # pow % φ(p)
-    q_param_p = BigInt()
-    Base.GMP.MPZ.invert!(q_param_p, q, p)
-    q_param_p *= q
+function power_crt_components(d::BigInt, p::BigInt, q::BigInt)
+    d_p = d % (p - 1) # e. totient for primes
+    d_q = d % (q - 1)
+    q_inv = BigInt()
+    Base.GMP.MPZ.invert!(q_inv, q, p)
+    p_inv = BigInt()
+    Base.GMP.MPZ.invert!(p_inv, p, q)
+    return (d_p, d_q, q_inv, p_inv)
+end
 
-    q_pow = pow % (q - 1) # pow % φ(q)
-    q_param_q = BigInt()
-    Base.GMP.MPZ.invert!(q_param_q, p, q)
-    q_param_q *= p
+"""
+    power_crt_components(e::BigInt, d::BigInt, primes::Vector{BigInt})
 
-    return (p_pow, q_param_p, q_pow, q_param_q)
+Utility function for calculating the [CRT](https://en.wikipedia.org/wiki/Chinese_remainder_theorem) parameters for PKCS #1.
+"""
+function power_crt_components(pow::BigInt, primes::Vector{BigInt})
+    error("not implemented") |> throw
 end

Diff for: test/rsa.jl

@@ -20,16 +20,51 @@
     @test pass_trough_GMP(test_str) == "this_is_test_str"
 end
 
+@testset "power_crt_components" begin
+    factor1 = big"9679"
+    factor2 = big"7883"
+    pow = big"654321"
+    d_p, d_q, q_inv, p_inv = ToyPublicKeys.power_crt_components(pow, factor1, factor2)
+    @test (d_p == 5895)
+    @test (d_q == 115)
+    @test (q_inv == 6785)
+    @test (p_inv == 2357)
+end
+
+@testset "power_crt from power_crt_components" begin
+    base = big"123456"
+    modul = big"76299557"
+    factor1 = big"9679"
+    factor2 = big"7883"
+    pow = big"654321"
+    d_p, d_q, q_inv, _ = ToyPublicKeys.power_crt_components(pow, factor1, factor2)
+    pow_crt = ToyPublicKeys.power_crt(base, factor1, factor2, d_p, d_q, q_inv)
+    pow_m = Base.GMP.MPZ.powm(base, pow, modul)
+    @test pow_crt == pow_m
+end
+
 @testset "power_crt" begin
     base = big"123456"
-    modul = big"265277633"
-    f1 = big"38561"
-    f2 = big"15107"
-    pow_crt = ToyPublicKeys.power_crt(base, modul, f1, f2)
-    pow_m = Base.GMP.MPZ.powm(base, modul, f1*f2)
+    modul = big"76299557"
+    factor1 = big"9679"
+    factor2 = big"7883"
+    pow = big"654321"
+    pow_crt = ToyPublicKeys.power_crt(base, pow, factor1, factor2)
+    pow_m = Base.GMP.MPZ.powm(base, pow, modul)
     @test pow_crt == pow_m
 end
 
+@testset "validate generate_rsa_key_pair" begin
+    Random.seed!(42)
+    private_key, public_key = ToyPublicKeys.generate_rsa_key_pair(ToyPublicKeys.pkcs1_v1_5, 2048)
+    @test try
+        ToyPublicKeys.validate(private_key)
+        true
+    catch
+        false
+    end
+end
+
 @testset "RSAStep(RSAStep) is identity ~ BigInt" begin
     Random.seed!(42)
     private_key, public_key = ToyPublicKeys.generate_rsa_key_pair(ToyPublicKeys.pkcs1_v1_5, 2048)
@@ -80,5 +115,5 @@ end
     private_key, public_key = ToyPublicKeys.generate_rsa_key_pair(ToyPublicKeys.pkcs1_v1_5, 2048)
     msg = "1"
     signature = ToyPublicKeys.sign(ToyPublicKeys.pkcs1_v1_5, msg, private_key)
-    @test ToyPublicKeys.verify_signature(ToyPublicKeys.pkcs1_v1_5, msg, signature, public_key)
+    @test ToyPublicKeys.verify_signature(ToyPublicKeys.pkcs1_v1_5, msg, signature, public_key) == true
 end