121 public key cryptography (via PKCS \#1 RSA, DH or ECCDH), and a plethora of support routines.  
172 that for the PRNG needs within the library (\textit{e.g. making a RSA key}).  All the developer has to do
331     /* ... Make up the RSA key somehow ... */
343     printf("RSA exported key takes %d bytes\n", x);
351 In the above example if the size of the RSA public key was more than 1024 bytes this function would return an error code
377     /* make a 1024-bit RSA key with the system RNG */
3054 \chapter{RSA Public Key Cryptography}
3057 RSA wrote the PKCS \#1 specifications which detail RSA Public Key Cryptography.  In the specifications are
3107 PKCS \#1 RSA Encryption amounts to OAEP padding of the input message followed by the modular exponentiation.  As far as this portion of
3140 $m - 2h - 2$.  For example, with a $1024$--bit RSA key and SHA--1 as the hash the maximum payload is $86$ bytes.  
3142 Note that when the message is padded it still has not been RSA encrypted.  You must pass the output of this function to 
3163 match what was used during encoding this function will not decode the packet.  \textit{modulus\_bitlen} is the size of the RSA modulus in bits
3195 Similar to OAEP encoding \textit{modulus\_bitlen} is the size of the RSA modulus (in bits).  It limits the size of the salt.  If $m$ is the length
3222 \mysection{RSA Key Operations}
3225 RSA is a public key algorithm that is based on the inability to find the \textit{e-th} root modulo a composite of unknown 
3226 factorization.  Normally the difficulty of breaking RSA is associated with the integer factoring problem but they are
3241 Currently RSA is a difficult system to cryptanalyze provided that both primes are large and not close to each other.  
3247 It is important to pad the input to RSA since it has particular mathematical structure.  For instance  
3253 \subsection{RSA Key Generation}
3255 For RSA routines a single \textit{rsa\_key} structure is used.  To make a new RSA key call:
3265 Where \textit{wprng} is the index into the PRNG descriptor array.  The \textit{size} parameter is the size in bytes of the RSA modulus desired.
3276 There are two types of RSA keys.  The types are {\bf PK\_PRIVATE} and {\bf PK\_PUBLIC}.  The first type is a private 
3277 RSA key which includes the CRT parameters\footnote{As of v0.99 the PK\_PRIVATE\_OPTIMIZED type has been deprecated, and has been replaced by the 
3278 PK\_PRIVATE type.} in the form of a RSAPrivateKey (PKCS \#1 compliant).  The second type, is a public RSA key which only includes the modulus and public exponent.  
3281 \subsection{RSA Exponentiation}
3282 To do raw work with the RSA function, that is without padding, use the following function:
3298 \mysection{RSA Key Encryption}
3299 Normally RSA is used to encrypt short symmetric keys which are then used in block ciphers to encrypt a message.
3316 This function will OAEP pad \textit{in} of length \textit{inlen} bytes, RSA encrypt it, and store the ciphertext
3346 \mysection{RSA Key Decryption}
3360 This function will RSA decrypt \textit{in} of length \textit{inlen} then OAEP de-pad the resulting data and store it in
3364 If the RSA decrypted data is not a valid OAEP packet then \textit{stat} is set to $0$.  Otherwise, it is set to $1$.
3391 \mysection{RSA Signature Generation}
3392 Similar to RSA key encryption RSA is also used to \textit{digitally sign} message digests (hashes).  To facilitate this
3408 This will PSS encode the message digest pointed to by \textit{in} of length \textit{inlen} octets.  Next, the PSS encoded hash will be RSA 
3414 the RSA modulus (in octets), and \textit{hLen} is the length of the message digest produced by the chosen hash.  
3435 This will PKCS encode the message digest pointed to by \textit{in} of length \textit{inlen} octets.  Next, the PKCS encoded hash will be RSA 
3443 \mysection{RSA Signature Verification}
3456 This will RSA \textit{verify} the signature pointed to by \textit{sig} of length \textit{siglen} octets.  Next, the RSA decoded data is PSS decoded
3459 If the RSA decoded data is not a valid PSS message, or if the PSS decoded hash does not match the \textit{msghash} 
3480 This will RSA \textit{verify} the signature pointed to by \textit{sig} of length \textit{siglen} octets.  Next, the RSA decoded data is PKCS decoded
3483 If the RSA decoded data is not a valid PSS message, or if the PKCS decoded hash does not match the \textit{msghash} 
3489 \mysection{RSA Encryption Example}
3516    /* make an RSA-1024 key */
3538                             &key) /* our RSA key */
3554                              &key) /* our RSA key */ 
3564 \mysection{RSA Key Format}
3566 The RSA key format adopted for exporting and importing keys is the PKCS \#1 format defined by the ASN.1 constructs known as 
3569 \subsection{RSA Key Export}
3570 To export a RSA key use the following function.
3579 This will export the RSA key in either a RSAPublicKey or RSAPrivateKey (PKCS \#1 types) depending on the value of \textit{type}.  When it is 
3582 \subsection{RSA Key Import}
3583 To import a RSA key use the following function.
3595 As of v1.06 this function can also import OpenSSL DER formatted public RSA keys.  They are essentially encapsulated RSAPublicKeys.  LibTomCrypt will
4890 When making random primes the trial division step is in fact an optimized implementation of \textit{Implementation of Fast RSA Key Generation on Smart Cards}\footnote{Chenghuai Lu, Andre L. M. dos Santos and Francisco R. Pimentel}.
4897 instance, in RSA two primes $p$ and $q$ are required.  The order of the multiplicative sub-group (modulo $pq$) is given 
4900 the multi-prime RSA.  Suppose $q = rs$ for two primes $r$ and $s$ then $\phi(pq) = (p - 1)(r - 1)(s - 1)$ which clearly is 
4958 The following chart gives the work factor for solving a DH/RSA public key using the NFS.  The work factor for a key of order
4969     \hline RSA/DH Key Size (bits) & Work Factor ($log_2$) \\
4981 \caption{RSA/DH Key Strength}
5007     \hline Security Goal & RSA/DH Key Size (bits) & ECC Key Size (bits) \\
6360    /** RSA Key Generation 
6375    /** RSA exponentiation
6381       @param which    PK_PUBLIC for public RSA and PK_PRIVATE for private RSA
6382       @param key      The RSA key to use 
6447 \subsection{RSA Functions}
6448 The RSA Modular Exponentiation (ME) function is used by the RSA API to perform exponentiations for private and public key operations.  In particular for
6449 private key operations it uses the CRT approach to lower the time required.  It is passed an RSA key with the following format.
6452 /** RSA PKCS style key */
6477 for RSA--1024 the output is always 128 bytes regardless of how small the numerical value of the exponentiation is.
6479 Since the function is given the entire RSA key (for private keys only) CRT is possible as prescribed in the PKCS \#1 v2.1 specification.

Indexes created Sat Jan 04 08:25:12 CET 2014