4 #ifndef CRYPTOPP_FHMQV_H
5 #define CRYPTOPP_FHMQV_H
15 NAMESPACE_BEGIN(CryptoPP)
23 template <class GROUP_PARAMETERS, class COFACTOR_OPTION = CPP_TYPENAME GROUP_PARAMETERS::DefaultCofactorOption, class HASH =
SHA512>
27 typedef GROUP_PARAMETERS GroupParameters;
28 typedef typename GroupParameters::Element Element;
31 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
35 FHMQV_Domain(
bool clientRole =
true): m_role(clientRole ? RoleClient : RoleServer) {}
37 FHMQV_Domain(
const GroupParameters ¶ms,
bool clientRole =
true)
38 : m_role(clientRole ? RoleClient : RoleServer), m_groupParameters(params) {}
41 : m_role(clientRole ? RoleClient : RoleServer)
42 {m_groupParameters.BERDecode(bt);}
46 : m_role(clientRole ? RoleClient : RoleServer)
47 {m_groupParameters.Initialize(v1);}
49 template <
class T1,
class T2>
51 : m_role(clientRole ? RoleClient : RoleServer)
52 {m_groupParameters.Initialize(v1, v2);}
54 template <
class T1,
class T2,
class T3>
55 FHMQV_Domain(T1 v1, T2 v2, T3 v3,
bool clientRole =
true)
56 : m_role(clientRole ? RoleClient : RoleServer)
57 {m_groupParameters.Initialize(v1, v2, v3);}
59 template <
class T1,
class T2,
class T3,
class T4>
60 FHMQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4,
bool clientRole =
true)
61 : m_role(clientRole ? RoleClient : RoleServer)
62 {m_groupParameters.Initialize(v1, v2, v3, v4);}
66 const GroupParameters & GetGroupParameters()
const {
return m_groupParameters;}
67 GroupParameters & AccessGroupParameters(){
return m_groupParameters;}
72 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
83 x.
Encode(privateKey, StaticPrivateKeyLength());
92 Integer x(privateKey, StaticPrivateKeyLength());
105 x.Encode(privateKey, StaticPrivateKeyLength());
107 params.
EncodeElement(
true, y, privateKey+StaticPrivateKeyLength());
113 CRYPTOPP_UNUSED(rng);
114 memcpy(publicKey, privateKey+StaticPrivateKeyLength(), EphemeralPublicKeyLength());
127 const byte *staticPrivateKey,
const byte *ephemeralPrivateKey,
128 const byte *staticOtherPublicKey,
const byte *ephemeralOtherPublicKey,
129 bool validateStaticOtherPublicKey=
true)
const
131 byte *XX = NULL, *YY = NULL, *AA = NULL, *BB = NULL;
132 size_t xxs = 0, yys = 0, aas = 0, bbs = 0;
142 if(m_role == RoleServer)
144 Integer b(staticPrivateKey, StaticPrivateKeyLength());
148 XX =
const_cast<byte*
>(ephemeralOtherPublicKey);
149 xxs = EphemeralPublicKeyLength();
150 YY =
const_cast<byte*
>(ephemeralPrivateKey) + StaticPrivateKeyLength();
151 yys = EphemeralPublicKeyLength();
152 AA =
const_cast<byte*
>(staticOtherPublicKey);
153 aas = StaticPublicKeyLength();
157 else if(m_role == RoleClient)
159 Integer a(staticPrivateKey, StaticPrivateKeyLength());
163 XX =
const_cast<byte*
>(ephemeralPrivateKey) + StaticPrivateKeyLength();
164 xxs = EphemeralPublicKeyLength();
165 YY =
const_cast<byte*
>(ephemeralOtherPublicKey);
166 yys = EphemeralPublicKeyLength();
169 BB =
const_cast<byte*
>(staticOtherPublicKey);
170 bbs = StaticPublicKeyLength();
181 Element VV1 = params.
DecodeElement(staticOtherPublicKey,
false);
182 if(!params.
ValidateElement(validateStaticOtherPublicKey ? 3 : 1, VV1, NULL))
187 Element VV2 = params.
DecodeElement(ephemeralOtherPublicKey,
false);
192 const unsigned int len = (((q.
BitCount()+1)/2 +7)/8);
197 Hash(NULL, XX, xxs, YY, yys, AA, aas, BB, bbs, dd.BytePtr(), dd.SizeInBytes());
198 d.
Decode(dd.BytePtr(), dd.SizeInBytes());
200 Hash(NULL, YY, yys, XX, xxs, AA, aas, BB, bbs, ee.
BytePtr(), ee.
SizeInBytes());
204 if(m_role == RoleServer)
206 Integer y(ephemeralPrivateKey, StaticPrivateKeyLength());
207 Integer b(staticPrivateKey, StaticPrivateKeyLength());
214 Element t2 = m_groupParameters.MultiplyElements(X, t1);
220 Integer x(ephemeralPrivateKey, StaticPrivateKeyLength());
221 Integer a(staticPrivateKey, StaticPrivateKeyLength());
228 Element t2 = m_groupParameters.MultiplyElements(Y, t1);
233 Hash(&sigma, XX, xxs, YY, yys, AA, aas, BB, bbs, agreedValue, AgreedValueLength());
244 inline void Hash(
const Element* sigma,
245 const byte* e1,
size_t e1len,
const byte* e2,
size_t e2len,
246 const byte* s1,
size_t s1len,
const byte* s2,
size_t s2len,
247 byte* digest,
size_t dlen)
const
250 size_t idx = 0, req = dlen;
251 size_t blk =
STDMIN(dlen, (
size_t)HASH::DIGESTSIZE);
255 Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma);
257 x.
Encode(sbb.BytePtr(), sbb.SizeInBytes());
258 hash.Update(sbb.BytePtr(), sbb.SizeInBytes());
261 hash.Update(e1, e1len);
262 hash.Update(e2, e2len);
263 hash.Update(s1, s1len);
264 hash.Update(s2, s2len);
266 hash.TruncatedFinal(digest, blk);
272 hash.Update(&digest[idx], (
size_t)HASH::DIGESTSIZE);
274 idx += (size_t)HASH::DIGESTSIZE;
275 blk =
STDMIN(req, (
size_t)HASH::DIGESTSIZE);
276 hash.TruncatedFinal(&digest[idx], blk);
285 enum KeyAgreementRole{ RoleServer = 1, RoleClient };
290 GroupParameters m_groupParameters;
291 KeyAgreementRole m_role;
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Fully Hashed Menezes-Qu-Vanstone in GF(p)
unsigned int AgreedValueLength() const
return length of agreed value produced
Interface for Discrete Log (DL) group parameters.
unsigned int EphemeralPublicKeyLength() const
Provides the size of ephemeral public key.
Interface for random number generators.
size_t MinEncodedSize(Signedness sign=UNSIGNED) const
The minimum number of bytes to encode this integer.
SecBlock<byte> typedef.
Classes for performing mathematics over different fields.
static const Integer & One()
Integer representing 1.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
unsigned int EphemeralPrivateKeyLength() const
Provides the size of ephemeral private key.
implements the SHA-512 standard
void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
generate static public key
Multiple precision integer with arithmetic operations.
unsigned int StaticPublicKeyLength() const
return length of static public keys in this domain
CryptoParameters & AccessCryptoParameters()
Retrieves a reference to Crypto Parameters.
unsigned int StaticPrivateKeyLength() const
return length of static private keys in this domain
Implementation of schemes based on DL over GF(p)
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.
Exception thrown when an invalid group element is encountered.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation< Element > *precomp) const =0
Check the element for errors.
Classes for SHA-1 and SHA-2 family of message digests.
void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
return length of ephemeral public keys in this domain
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
void Decode(const byte *input, size_t inputLen, Signedness sign=UNSIGNED)
Decode from big-endian byte array.
Interface for crypto prameters.
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
derive agreed value from your private keys and couterparty's public keys, return false in case of fai...
Interface for domains of authenticated key agreement protocols.
size_type SizeInBytes() const
Provides the number of bytes in the SecBlock.
virtual Element ExponentiateBase(const Integer &exponent) const
Retrieves the subgroup generator.
void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
return length of ephemeral private keys in this domain
FHMQV_Domain< DL_GroupParameters_GFP_DefaultSafePrime > FHMQV
Fully Hashed Menezes-Qu-Vanstone in GF(p)
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
generate static private key
byte * BytePtr()
Provides a byte pointer to the first element in the memory block.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.