1 #ifndef CRYPTOPP_GFPCRYPT_H
2 #define CRYPTOPP_GFPCRYPT_H
10 #if CRYPTOPP_MSC_VERSION
11 # pragma warning(push)
12 # pragma warning(disable: 4189)
26 NAMESPACE_BEGIN(CryptoPP)
40 void Initialize(
const Integer &p,
const Integer &g)
41 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
42 void Initialize(
const Integer &p,
const Integer &q,
const Integer &g)
43 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
52 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
60 bool FastSubgroupCheckAvailable()
const {
return GetCofactor() == 2;}
62 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
64 void EncodeElement(
bool reversible,
const Element &element, byte *encoded)
const;
65 unsigned int GetEncodedElementSize(
bool reversible)
const;
68 {CRYPTOPP_UNUSED(reversible); element.
Encode(encoded, GetModulus().ByteCount());}
70 {CRYPTOPP_UNUSED(reversible);
return GetModulus().ByteCount();}
73 Integer DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const;
76 Integer GetMaxExponent()
const;
77 static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {
return "";}
79 OID GetAlgorithmID()
const;
81 virtual const Integer & GetModulus()
const =0;
82 virtual void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g) =0;
84 void SetSubgroupOrder(
const Integer &q)
85 {m_q = q; ParametersChanged();}
87 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
92 Integer ComputeGroupOrder(
const Integer &modulus)
const
93 {
return modulus-(GetFieldType() == 1 ? 1 : -1);}
96 virtual int GetFieldType()
const =0;
97 virtual unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const;
104 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element> >
110 typedef typename GROUP_PRECOMP::Element Element;
113 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
114 {
return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();}
117 {AssignFromHelper<DL_GroupParameters_IntegerBased>(
this, source);}
124 const Integer & GetModulus()
const {
return this->m_groupPrecomputation.GetModulus();}
127 void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g)
128 {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->
GetGroupPrecomputation(), g); this->ParametersChanged();}
132 {
return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->GetSubgroupOrder() == rhs.
GetSubgroupOrder();}
136 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
152 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
154 return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();
158 Element MultiplyElements(
const Element &a,
const Element &b)
const;
159 Element CascadeExponentiate(
const Element &element1,
const Integer &exponent1,
const Element &element2,
const Integer &exponent2)
const;
161 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
166 int GetFieldType()
const {
return 1;}
175 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
180 unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const {
return modulusSize-1;}
188 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName() {
return "DSA-1363";}
195 s = (kInv * (x*r + e)) % q;
202 if (r>=q || r<1 || s>=q || s<1)
212 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
224 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName() {
return "NR";}
237 if (r>=q || r<1 || s>=q)
244 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
256 {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);}
258 {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);}
260 {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);}
264 {this->SetPublicElement(
Integer(bt));}
266 {this->GetPublicElement().DEREncode(bt);}
268 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
285 {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);}
287 {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);}
289 {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);}
291 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
303 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
315 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
321 template <
class BASE>
332 if (seq.EndReached())
334 this->AccessGroupParameters().Initialize(v1, v1/2, v2);
335 this->SetPublicElement(v3);
340 this->AccessGroupParameters().Initialize(v1, v2, v3);
341 this->SetPublicElement(v4);
350 this->GetGroupParameters().GetModulus().DEREncode(seq);
351 if (this->GetGroupParameters().GetCofactor() != 2)
352 this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
353 this->GetGroupParameters().GetGenerator().DEREncode(seq);
354 this->GetPublicElement().DEREncode(seq);
358 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
364 template <
class BASE>
376 if (seq.EndReached())
378 this->AccessGroupParameters().Initialize(v1, v1/2, v2);
379 this->SetPrivateExponent(v4 % (v1/2));
384 this->AccessGroupParameters().Initialize(v1, v2, v3);
385 this->SetPrivateExponent(v5);
394 this->GetGroupParameters().GetModulus().DEREncode(seq);
395 if (this->GetGroupParameters().GetCofactor() != 2)
396 this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
397 this->GetGroupParameters().GetGenerator().DEREncode(seq);
398 this->GetGroupParameters().ExponentiateBase(this->GetPrivateExponent()).DEREncode(seq);
399 this->GetPrivateExponent().DEREncode(seq);
403 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
411 DL_SignatureKeys_GFP,
412 DL_Algorithm_GDSA<Integer>,
413 DL_SignatureMessageEncodingMethod_DSA,
416 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
424 DL_SignatureKeys_GFP,
425 DL_Algorithm_NR<Integer>,
426 DL_SignatureMessageEncodingMethod_NR,
429 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
444 static bool CRYPTOPP_API IsValidPrimeLength(
unsigned int pbits)
445 {
return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
447 enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
449 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
463 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
473 DL_Algorithm_GDSA<Integer>,
474 DL_SignatureMessageEncodingMethod_DSA,
479 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DSA/" + (std::string)H::StaticAlgorithmName();}
481 #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
482 enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
485 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
498 template <
class MAC,
bool DHAES_MODE>
503 size_t GetSymmetricKeyLength(
size_t plaintextLength)
const
504 {
return plaintextLength + MAC::DEFAULT_KEYLENGTH;}
505 size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const
506 {
return plaintextLength + MAC::DIGESTSIZE;}
507 size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const
508 {
return (
unsigned int)
SaturatingSubtract(ciphertextLength, (
unsigned int)MAC::DIGESTSIZE);}
509 void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength, byte *ciphertext,
const NameValuePairs ¶meters)
const
511 CRYPTOPP_UNUSED(rng);
512 const byte *cipherKey = NULL, *macKey = NULL;
516 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
521 macKey = key + plaintextLength;
528 xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
531 mac.Update(ciphertext, plaintextLength);
532 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
535 byte L[8] = {0,0,0,0};
539 mac.Final(ciphertext + plaintextLength);
541 DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength, byte *plaintext,
const NameValuePairs ¶meters)
const
543 size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
544 const byte *cipherKey, *macKey;
548 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
553 macKey = key + plaintextLength;
560 mac.Update(ciphertext, plaintextLength);
561 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
564 byte L[8] = {0,0,0,0};
568 if (!mac.Verify(ciphertext + plaintextLength))
572 xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
577 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
583 template <
class T,
bool DHAES_MODE,
class KDF>
588 void Derive(
const DL_GroupParameters<T> ¶ms, byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs ¶meters)
const
594 params.
EncodeElement(
true, ephemeralPublicKey, agreedSecret);
605 KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.
size(), derivationParameters.
begin(), derivationParameters.
size());
608 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
614 template <
class COFACTOR_OPTION = NoCofactorMultiplication,
bool DHAES_MODE = true>
618 DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
619 DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >,
620 DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
623 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DLIES";}
625 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
632 #if CRYPTOPP_MSC_VERSION
633 # pragma warning(pop)
Used to pass byte array input as part of a NameValuePairs object.
DSA2< SHA > DSA
DSA with SHA-1, typedef'd for backwards compatibility.
bool IsIdentity(const Integer &element) const
Determines if an element is an identity.
Discrete Log Integrated Encryption Scheme, AKA DLIES
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Classes for working with NameValuePairs.
Utility functions for the Crypto++ library.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Integer GetGroupOrder() const
Retrieves the order of the group.
This file contains helper classes/functions for implementing public key algorithms.
Interface for Discrete Log (DL) group parameters.
the XOR encryption method, for use with DL-based cryptosystems
Converts a typename to an enumerated value.
Abstract base classes that provide a uniform interface to this library.
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
GF(p) group parameters that default to same primes.
size_type size() const
Provides the count of elements in the SecBlock.
Interface for key derivation algorithms used in DL cryptosystems.
Classes for automatic resource management.
void EncodeElement(bool reversible, const Element &element, byte *encoded) const
Encodes the element.
size_t size() const
Length of the memory block.
Library configuration file.
Interface for random number generators.
void New(size_type newSize)
Change size without preserving contents.
Discrete Log (DL) encryption scheme.
SecBlock<byte> typedef.
const byte * begin() const
Pointer to the first byte in the memory block.
static const Integer & One()
Integer representing 1.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
Interface for Discrete Log (DL) public keys.
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
Discrete Log (DL) signature scheme.
Integer ConvertElementToInteger(const Element &element) const
Converts an element to an Integer.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
bool operator!=(const OID &lhs, const OID &rhs)
Compare two OIDs for inequality.
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
Returns a decoding results.
Classes for HMAC message authentication codes.
bool GetValue(const char *name, T &value) const
Get a named value.
DSA, as specified in FIPS 186-3
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Interface for Elgamal-like signature algorithms.
const char * EncodingParameters()
ConstByteArrayParameter.
DL signing/verification keys (in GF(p) groups)
virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const =0
Exponentiates a base to multiple exponents.
DL encryption/decryption keys (in GF(p) groups)
const Integer & GetSubgroupOrder() const
Retrieves the subgroup order.
Multiple precision integer with arithmetic operations.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const
Retrieves the group precomputation.
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
unsigned int GetEncodedElementSize(bool reversible) const
Retrieves the encoded element's size.
DSA group parameters, these are GF(p) group parameters that are allowed by the DSA standard...
Classes and functions for working with ANS.1 objects.
Classes for SHA-1 and SHA-2 family of message digests.
DL private key (in GF(p) groups)
void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
Check the group for errors.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
Integer InverseMod(const Integer &n) const
calculate multiplicative inverse of *this mod n
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element's size.
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Multiple precision integer with arithmetic operations.
void DEREncodePublicKey(BufferedTransformation &bt) const
encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header ...
const char * KeyDerivationParameters()
ConstByteArrayParameter.
Interface for symmetric encryption algorithms used in DL cryptosystems.
Base implmentation of Discrete Log (DL) group parameters.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header ...
Encode and decode ASN.1 objects with additional information.
Interface for retrieving values given their names.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.