| 322 | | |
| 323 | | def gen_pubpriv_keys(nbits): |
| 324 | | """Generates public and private keys, and returns them as (pub, |
| 325 | | priv). |
| 326 | | |
| 327 | | The public key consists of a dict {e: ..., , n: ....). The private |
| 328 | | key consists of a dict {d: ...., p: ...., q: ....). |
| 329 | | """ |
| 330 | | return (dummypub,dummypriv) |
| 331 | | (p, q, e, d) = gen_keys(nbits) |
| 332 | | |
| 333 | | return ( {'e': e, 'n': p*q}, {'d': d, 'p': p, 'q': q} ) |
| 518 | | |
| 519 | | |
| 520 | | |
| 521 | | |
| 522 | | |
| | 506 | def gen_pubpriv_keys_old(nbits): |
| | 507 | """Generates public and private keys, and returns them as (pub, |
| | 508 | priv). |
| | 509 | |
| | 510 | The public key consists of a dict {e: ..., , n: ....). The private |
| | 511 | key consists of a dict {d: ...., p: ...., q: ....). |
| | 512 | """ |
| | 513 | #return (dummypub,dummypriv) |
| | 514 | (p, q, e, d) = gen_keys(nbits) |
| | 515 | |
| | 516 | return ( {'e': e, 'n': p*q}, {'d': d, 'p': p, 'q': q} ) |
| | 517 | |
| | 518 | |
| | 519 | |
| | 520 | def generate(bits): |
| | 521 | p = getRandomPrime(bits/2, False) |
| | 522 | q = getRandomPrime(bits/2, False) |
| | 523 | t = lcm(p-1, q-1) |
| | 524 | n = p * q |
| | 525 | e = 3L #Needed to be long, for Java |
| | 526 | d = invMod(e, t) |
| | 527 | p = p |
| | 528 | q = q |
| | 529 | #dP = key.d % (p-1) |
| | 530 | #dQ = key.d % (q-1) |
| | 531 | #qInv = invMod(q, p) |
| | 532 | return ( {'e': e, 'n': n}, {'d': d, 'p': p, 'q': q} ) |
| | 533 | |
| | 534 | gen_pubpriv_keys = generate |
| | 535 | def getRandomPrime(bits, display=False): |
| | 536 | if bits < 10: |
| | 537 | raise AssertionError() |
| | 538 | #The 1.5 ensures the 2 MSBs are set |
| | 539 | #Thus, when used for p,q in RSA, n will have its MSB set |
| | 540 | # |
| | 541 | #Since 30 is lcm(2,3,5), we'll set our test numbers to |
| | 542 | #29 % 30 and keep them there |
| | 543 | low = (2L ** (bits-1)) * 3/2 |
| | 544 | high = 2L ** bits - 30 |
| | 545 | p = randint(low, high) |
| | 546 | p += 29 - (p % 30) |
| | 547 | while 1: |
| | 548 | if display: print ".", |
| | 549 | p += 30 |
| | 550 | if p >= high: |
| | 551 | p = randint(low, high) |
| | 552 | p += 29 - (p % 30) |
| | 553 | if isPrime(p, display=display): |
| | 554 | return p |
| | 555 | |
| | 556 | #Pre-calculate a sieve of the ~100 primes < 1000: |
| | 557 | def makeSieve(n): |
| | 558 | sieve = range(n) |
| | 559 | for count in range(2, int(math.sqrt(n))): |
| | 560 | if sieve[count] == 0: |
| | 561 | continue |
| | 562 | x = sieve[count] * 2 |
| | 563 | while x < len(sieve): |
| | 564 | sieve[x] = 0 |
| | 565 | x += sieve[count] |
| | 566 | sieve = [x for x in sieve[2:] if x] |
| | 567 | return sieve |
| | 568 | |
| | 569 | sieve = makeSieve(1000) |
| | 570 | |
| | 571 | def isPrime(n, iterations=5, display=False): |
| | 572 | #Trial division with sieve |
| | 573 | for x in sieve: |
| | 574 | if x >= n: return True |
| | 575 | if n % x == 0: return False |
| | 576 | #Passed trial division, proceed to Rabin-Miller |
| | 577 | #Rabin-Miller implemented per Ferguson & Schneier |
| | 578 | #Compute s, t for Rabin-Miller |
| | 579 | if display: print "*", |
| | 580 | s, t = n-1, 0 |
| | 581 | while s % 2 == 0: |
| | 582 | s, t = s/2, t+1 |
| | 583 | #Repeat Rabin-Miller x times |
| | 584 | a = 2 #Use 2 as a base for first iteration speedup, per HAC |
| | 585 | for count in range(iterations): |
| | 586 | v = powMod(a, s, n) |
| | 587 | if v==1: |
| | 588 | continue |
| | 589 | i = 0 |
| | 590 | while v != n-1: |
| | 591 | if i == t-1: |
| | 592 | return False |
| | 593 | else: |
| | 594 | v, i = powMod(v, 2, n), i+1 |
| | 595 | a = randint(2, n) |
| | 596 | return True |
| | 597 | |
| | 598 | def lcm(a, b): |
| | 599 | #This will break when python division changes, but we can't use // cause |
| | 600 | #of Jython |
| | 601 | return (a * b) / gcd(a, b) |
