1 #ifndef CRYPTOPP_GFPCRYPT_H 2 #define CRYPTOPP_GFPCRYPT_H 10 #if CRYPTOPP_MSC_VERSION 11 # pragma warning(push) 12 # pragma warning(disable: 4189) 37 {Initialize(params.GetModulus(), params.GetSubgroupOrder(), params.GetSubgroupGenerator());}
40 void Initialize(
const Integer &p,
const Integer &g)
41 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
42 void Initialize(
const Integer &p,
const Integer &q,
const Integer &g)
43 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
52 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
56 const Integer & GetSubgroupOrder()
const {
return m_q;}
57 Integer GetGroupOrder()
const {
return GetFieldType() == 1 ? GetModulus()-
Integer::One() : GetModulus()+
Integer::One();}
60 bool FastSubgroupCheckAvailable()
const {
return GetCofactor() == 2;}
62 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 64 void EncodeElement(
bool reversible,
const Element &element, byte *encoded)
const;
65 unsigned int GetEncodedElementSize(
bool reversible)
const;
67 void EncodeElement(
bool reversible,
const Element &element, byte *encoded)
const 68 {CRYPTOPP_UNUSED(reversible); element.
Encode(encoded, GetModulus().ByteCount());}
69 unsigned int GetEncodedElementSize(
bool reversible)
const 70 {CRYPTOPP_UNUSED(reversible);
return GetModulus().ByteCount();}
73 Integer DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const;
74 Integer ConvertElementToInteger(
const Element &element)
const 76 Integer GetMaxExponent()
const;
77 static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {
return "";}
79 OID GetAlgorithmID()
const;
81 virtual const Integer & GetModulus()
const =0;
82 virtual void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g) =0;
84 void SetSubgroupOrder(
const Integer &q)
85 {m_q = q; ParametersChanged();}
87 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 92 Integer ComputeGroupOrder(
const Integer &modulus)
const 93 {
return modulus-(GetFieldType() == 1 ? 1 : -1);}
96 virtual int GetFieldType()
const =0;
97 virtual unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const;
104 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element> >
110 typedef typename GROUP_PRECOMP::Element Element;
113 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 114 {
return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();}
117 {AssignFromHelper<DL_GroupParameters_IntegerBased>(
this, source);}
124 const Integer & GetModulus()
const {
return this->m_groupPrecomputation.GetModulus();}
125 const Integer & GetGenerator()
const {
return this->m_gpc.GetBase(this->GetGroupPrecomputation());}
127 void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g)
128 {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->GetGroupPrecomputation(), g); this->ParametersChanged();}
132 {
return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->GetSubgroupOrder() == rhs.GetSubgroupOrder();}
134 {
return !operator==(rhs);}
136 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 149 void SimultaneousExponentiate(Element *results,
const Element &base,
const Integer *exponents,
unsigned int exponentsCount)
const;
152 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 154 return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();
158 Element MultiplyElements(
const Element &a,
const Element &b)
const;
159 Element CascadeExponentiate(
const Element &element1,
const Integer &exponent1,
const Element &element2,
const Integer &exponent2)
const;
161 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 166 int GetFieldType()
const {
return 1;}
175 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 180 unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const {
return modulusSize-1;}
188 static const char * CRYPTOPP_API StaticAlgorithmName() {
return "DSA-1363";}
192 const Integer &q = params.GetSubgroupOrder();
195 s = (kInv * (x*r + e)) % q;
201 const Integer &q = params.GetSubgroupOrder();
202 if (r>=q || r<1 || s>=q || s<1)
209 return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q;
212 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 224 static const char * CRYPTOPP_API StaticAlgorithmName() {
return "NR";}
228 const Integer &q = params.GetSubgroupOrder();
236 const Integer &q = params.GetSubgroupOrder();
237 if (r>=q || r<1 || s>=q)
241 return r == (params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(s, r)) + e) % q;
244 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 256 {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);}
258 {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);}
260 {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);}
264 {this->SetPublicElement(
Integer(bt));}
266 {this->GetPublicElement().DEREncode(bt);}
268 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 279 {this->GenerateRandomWithKeySize(rng, modulusBits);}
281 {this->GenerateRandom(rng,
MakeParameters(
"Modulus", p)(
"SubgroupGenerator", g));}
283 {this->GenerateRandom(rng,
MakeParameters(
"Modulus", p)(
"SubgroupOrder", q)(
"SubgroupGenerator", g));}
285 {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);}
287 {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);}
289 {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);}
291 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 303 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 315 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 321 template <
class BASE>
332 if (seq.EndReached())
334 this->AccessGroupParameters().Initialize(v1, v1/2, v2);
335 this->SetPublicElement(v3);
340 this->AccessGroupParameters().Initialize(v1, v2, v3);
341 this->SetPublicElement(v4);
350 this->GetGroupParameters().GetModulus().DEREncode(seq);
351 if (this->GetGroupParameters().GetCofactor() != 2)
352 this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
353 this->GetGroupParameters().GetGenerator().DEREncode(seq);
354 this->GetPublicElement().DEREncode(seq);
358 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 364 template <
class BASE>
376 if (seq.EndReached())
378 this->AccessGroupParameters().Initialize(v1, v1/2, v2);
379 this->SetPrivateExponent(v4 % (v1/2));
384 this->AccessGroupParameters().Initialize(v1, v2, v3);
385 this->SetPrivateExponent(v5);
394 this->GetGroupParameters().GetModulus().DEREncode(seq);
395 if (this->GetGroupParameters().GetCofactor() != 2)
396 this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
397 this->GetGroupParameters().GetGenerator().DEREncode(seq);
398 this->GetGroupParameters().ExponentiateBase(this->GetPrivateExponent()).DEREncode(seq);
399 this->GetPrivateExponent().DEREncode(seq);
403 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 411 DL_SignatureKeys_GFP,
412 DL_Algorithm_GDSA<Integer>,
413 DL_SignatureMessageEncodingMethod_DSA,
416 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 424 DL_SignatureKeys_GFP,
425 DL_Algorithm_NR<Integer>,
426 DL_SignatureMessageEncodingMethod_NR,
429 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 444 static bool CRYPTOPP_API IsValidPrimeLength(
unsigned int pbits)
445 {
return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
447 enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
449 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 463 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 473 DL_Algorithm_GDSA<Integer>,
474 DL_SignatureMessageEncodingMethod_DSA,
479 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DSA/" + (std::string)H::StaticAlgorithmName();}
481 #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY 482 enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
485 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 498 template <
class MAC,
bool DHAES_MODE>
503 size_t GetSymmetricKeyLength(
size_t plaintextLength)
const 504 {
return plaintextLength + MAC::DEFAULT_KEYLENGTH;}
505 size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const 506 {
return plaintextLength + MAC::DIGESTSIZE;}
507 size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const 508 {
return (
unsigned int)
SaturatingSubtract(ciphertextLength, (
unsigned int)MAC::DIGESTSIZE);}
509 void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength, byte *ciphertext,
const NameValuePairs ¶meters)
const 511 CRYPTOPP_UNUSED(rng);
512 const byte *cipherKey = NULL, *macKey = NULL;
516 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
521 macKey = key + plaintextLength;
528 xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
531 mac.Update(ciphertext, plaintextLength);
532 mac.Update(encodingParameters.begin(), encodingParameters.size());
535 byte L[8] = {0,0,0,0};
536 PutWord(
false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size()));
539 mac.Final(ciphertext + plaintextLength);
541 DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength, byte *plaintext,
const NameValuePairs ¶meters)
const 543 size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
544 const byte *cipherKey, *macKey;
548 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
553 macKey = key + plaintextLength;
560 mac.Update(ciphertext, plaintextLength);
561 mac.Update(encodingParameters.begin(), encodingParameters.size());
564 byte L[8] = {0,0,0,0};
565 PutWord(
false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size()));
568 if (!mac.Verify(ciphertext + plaintextLength))
572 xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
577 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 583 template <
class T,
bool DHAES_MODE,
class KDF>
588 void Derive(
const DL_GroupParameters<T> ¶ms, byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs ¶meters)
const 593 agreedSecret.
New(params.GetEncodedElementSize(
true) + params.GetEncodedElementSize(
false));
594 params.EncodeElement(
true, ephemeralPublicKey, agreedSecret);
595 params.EncodeElement(
false, agreedElement, agreedSecret + params.GetEncodedElementSize(
true));
599 agreedSecret.
New(params.GetEncodedElementSize(
false));
600 params.EncodeElement(
false, agreedElement, agreedSecret);
605 KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.
size(), derivationParameters.begin(), derivationParameters.size());
608 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 614 template <
class COFACTOR_OPTION = NoCofactorMultiplication,
bool DHAES_MODE = true>
618 DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
619 DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >,
620 DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
623 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DLIES";}
625 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 632 #if CRYPTOPP_MSC_VERSION 633 # pragma warning(pop) used to pass byte array input as part of a NameValuePairs object
DSA2< SHA > DSA
DSA with SHA-1, typedef'd for backwards compatibility.
Discrete Log Integrated Encryption Scheme, AKA DLIES
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Classes for working with NameValuePairs.
Utility functions for the Crypto++ library.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
This file contains helper classes/functions for implementing public key algorithms.
interface for DL group parameters
the XOR encryption method, for use with DL-based cryptosystems
Converts a typename to an enumerated value.
Abstract base classes that provide a uniform interface to this library.
GF(p) group parameters that default to same primes.
size_type size() const
Provides the count of elements in the SecBlock.
interface for key derivation algorithms used in DL cryptosystems
Classes for automatic resource management.
Library configuration file.
Interface for random number generators.
void New(size_type newSize)
Change size without preserving contents.
Discrete Log Based Encryption Scheme.
SecByteBlock is a SecBlock<byte> typedef.
static const Integer & One()
Integer representing 1.
interface for DL public keys
Discrete Log Based Signature Scheme.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Returns a decoding results.
Classes for HMAC message authentication codes.
bool GetValue(const char *name, T &value) const
Get a named value.
DSA, as specified in FIPS 186-3
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
interface for Elgamal-like signature algorithms
const char * EncodingParameters()
ConstByteArrayParameter.
DL signing/verification keys (in GF(p) groups)
DL encryption/decryption keys (in GF(p) groups)
Multiple precision integer with arithmetic operations.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
DSA group parameters, these are GF(p) group parameters that are allowed by the DSA standard...
Classes and functions for working with ANS.1 objects.
Classes for SHA-1 and SHA-2 family of message digests.
DL private key (in GF(p) groups)
void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Integer InverseMod(const Integer &n) const
calculate multiplicative inverse of *this mod n
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
void DEREncodePublicKey(BufferedTransformation &bt) const
encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header ...
const char * KeyDerivationParameters()
ConstByteArrayParameter.
Crypto++ library namespace.
interface for symmetric encryption algorithms used in DL cryptosystems
void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header ...
Interface for retrieving values given their names.