8 #ifndef CRYPTOPP_GFPCRYPT_H
9 #define CRYPTOPP_GFPCRYPT_H
13 #if CRYPTOPP_MSC_VERSION
14 # pragma warning(push)
15 # pragma warning(disable: 4189 4231 4275)
59 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
66 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
75 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
83 bool FastSubgroupCheckAvailable()
const {
return GetCofactor() == 2;}
86 void EncodeElement(
bool reversible,
const Element &element,
byte *encoded)
const;
87 unsigned int GetEncodedElementSize(
bool reversible)
const;
89 Integer DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const;
93 static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {
return "";}
95 OID GetAlgorithmID()
const;
97 virtual const Integer & GetModulus()
const =0;
98 virtual void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g) =0;
100 void SetSubgroupOrder(
const Integer &q)
101 {m_q = q; ParametersChanged();}
105 {
return modulus-(GetFieldType() == 1 ? 1 : -1);}
108 virtual int GetFieldType()
const =0;
109 virtual unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const;
118 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<
typename GROUP_PRECOMP::Element> >
124 typedef typename GROUP_PRECOMP::Element Element;
129 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
130 {
return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();}
133 {AssignFromHelper<DL_GroupParameters_IntegerBased>(
this, source);}
140 const Integer & GetModulus()
const {
return this->m_groupPrecomputation.GetModulus();}
143 void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g)
144 {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->
GetGroupPrecomputation(), g); this->ParametersChanged();}
163 void SimultaneousExponentiate(Element *results,
const Element &base,
const Integer *exponents,
unsigned int exponentsCount)
const;
166 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
168 return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();
172 Element MultiplyElements(
const Element &a,
const Element &b)
const;
173 Element CascadeExponentiate(
const Element &element1,
const Integer &exponent1,
const Element &element2,
const Integer &exponent2)
const;
176 int GetFieldType()
const {
return 1;}
188 unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const {
return modulusSize-1;}
205 return GetSubgroupOrder()-1;
215 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "DSA-1363";}
224 s = (kInv * (x*r + e)) % q;
231 if (r>=q || r<1 || s>=q || s<1)
248 template <
class T,
class H>
252 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "DSA-RFC6979";}
256 bool IsProbabilistic()
const
264 static const byte zero = 0, one = 1;
270 e.Encode(BH, BH.
size());
271 BH = bits2octets(BH, q);
275 x.Encode(BX, BX.
size());
279 std::fill(V.
begin(), V.
begin()+H::DIGESTSIZE, one);
283 std::fill(K.
begin(), K.
begin()+H::DIGESTSIZE, zero);
286 m_hmac.SetKey(K, K.
size());
287 m_hmac.Update(V, V.
size());
288 m_hmac.Update(&zero, 1);
289 m_hmac.Update(BX, BX.
size());
290 m_hmac.Update(BH, BH.
size());
291 m_hmac.TruncatedFinal(K, K.
size());
294 m_hmac.SetKey(K, K.
size());
295 m_hmac.Update(V, V.
size());
296 m_hmac.TruncatedFinal(V, V.
size());
299 m_hmac.SetKey(K, K.
size());
300 m_hmac.Update(V, V.
size());
301 m_hmac.Update(&one, 1);
302 m_hmac.Update(BX, BX.
size());
303 m_hmac.Update(BH, BH.
size());
304 m_hmac.TruncatedFinal(K, K.
size());
307 m_hmac.SetKey(K, K.
size());
308 m_hmac.Update(V, V.
size());
309 m_hmac.TruncatedFinal(V, V.
size());
320 m_hmac.Update(V, V.
size());
321 m_hmac.TruncatedFinal(V, V.
size());
328 k = bits2int(temp, qlen);
333 m_hmac.Update(V, V.
size());
334 m_hmac.Update(&zero, 1);
335 m_hmac.TruncatedFinal(K, K.
size());
337 m_hmac.SetKey(K, K.
size());
338 m_hmac.Update(V, V.
size());
339 m_hmac.TruncatedFinal(V, V.
size());
350 size_t blen = bits.
size()*8;
365 if (block.size() == rlen)
370 if (block.size() > rlen)
372 size_t offset = block.size() - rlen;
373 std::memcpy(t, block + offset, rlen);
377 size_t offset = rlen - block.size();
378 memset(t,
'\x00', offset);
379 std::memcpy(t + offset, block, rlen - offset);
410 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "GDSA-ISO15946";}
420 s = (k * r - e) * x % q;
427 if (r>=q || r<1 || s>=q || s<1)
431 const Integer u1 = (rInv * e) % q;
432 const Integer u2 = (rInv * s) % q;
451 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "NR";}
466 if (r>=q || r<1 || s>=q)
487 {this->AccessGroupParameters().Initialize(params); this->
SetPublicElement(y);}
494 {this->AccessGroupParameters().Initialize(p, g); this->
SetPublicElement(y);}
502 {this->AccessGroupParameters().Initialize(p, q, g); this->
SetPublicElement(y);}
609 DL_SignatureKeys_GFP,
610 DL_Algorithm_GDSA<Integer>,
611 DL_SignatureMessageEncodingMethod_DSA,
621 DL_SignatureKeys_GFP,
622 DL_Algorithm_NR<Integer>,
623 DL_SignatureMessageEncodingMethod_NR,
642 static bool CRYPTOPP_API IsValidPrimeLength(
unsigned int pbits)
643 {
return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
645 enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
685 DL_Algorithm_GDSA<Integer>,
686 DL_SignatureMessageEncodingMethod_DSA,
691 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DSA/" + (std::string)H::StaticAlgorithmName();}
700 DL_SignatureKeys_GFP,
701 DL_Algorithm_DSA_RFC6979<Integer, H>,
702 DL_SignatureMessageEncodingMethod_DSA,
706 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(
"DSA-RFC6979/") + H::StaticAlgorithmName();}
729 template <
class MAC,
bool DHAES_MODE,
bool LABEL_OCTETS=false>
736 size_t GetSymmetricKeyLength(
size_t plaintextLength)
const
737 {
return plaintextLength +
static_cast<size_t>(MAC::DIGESTSIZE);}
738 size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const
739 {
return plaintextLength +
static_cast<size_t>(MAC::DIGESTSIZE);}
740 size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const
742 void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength,
byte *ciphertext,
const NameValuePairs ¶meters)
const
744 CRYPTOPP_UNUSED(rng);
745 const byte *cipherKey = NULLPTR, *macKey = NULLPTR;
749 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
754 macKey = key + plaintextLength;
761 xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
764 mac.Update(ciphertext, plaintextLength);
765 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
772 mac.Final(ciphertext + plaintextLength);
774 DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength,
byte *plaintext,
const NameValuePairs ¶meters)
const
776 size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
777 const byte *cipherKey, *macKey;
781 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
786 macKey = key + plaintextLength;
793 mac.Update(ciphertext, plaintextLength);
794 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
801 if (!mac.Verify(ciphertext + plaintextLength))
805 xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
812 template <
class T,
bool DHAES_MODE,
class KDF>
819 void Derive(
const DL_GroupParameters<T> ¶ms,
byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs ¶meters)
const
825 params.
EncodeElement(
true, ephemeralPublicKey, agreedSecret);
836 KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.
size(), derivationParameters.
begin(), derivationParameters.
size());
873 template <
class HASH = SHA1,
class COFACTOR_OPTION = NoCofactorMultiplication,
bool DHAES_MODE = true,
bool LABEL_OCTETS=false>
877 DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
878 DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<HASH> >,
879 DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
882 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DLIES";}
887 #if CRYPTOPP_MSC_VERSION
888 # pragma warning(pop)
Classes for working with NameValuePairs.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Classes and functions for working with ANS.1 objects.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
bool operator!=(const OID &lhs, const OID &rhs)
Compare two OIDs for inequality.
Encode and decode ASN.1 objects with additional information.
virtual void DEREncode(BufferedTransformation &bt) const =0
Encode this object into a BufferedTransformation.
virtual void BERDecode(BufferedTransformation &bt)=0
Decode this object from a BufferedTransformation.
Used to pass byte array input as part of a NameValuePairs object.
size_t size() const
Length of the memory block.
const byte * begin() const
Pointer to the first byte in the memory block.
DSA signature algorithm based on RFC 6979.
Integer GenerateRandom(const Integer &x, const Integer &q, const Integer &e) const
Generate k.
bool IsDeterministic() const
Signature scheme flag.
German Digital Signature Algorithm.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
Discrete Log (DL) encryption scheme.
Interface for Elgamal-like signature algorithms.
P1363 based XOR Encryption Method.
ElGamal encryption due to due to ElGamal safe interop.
Integer GetMaxExponent() const
Retrieves the maximum exponent for the group.
GF(p) group parameters that default to safe primes.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Integer-based GroupParameters specialization.
void Initialize(const Integer &p, const Integer &g)
Initialize a group parameters over integers.
Integer GetGroupOrder() const
Retrieves the order of the group.
void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
Create a group parameters over integers.
Integer ConvertElementToInteger(const Element &element) const
Converts an element to an Integer.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms)
Initialize a group parameters over integers.
void Initialize(const Integer &p, const Integer &q, const Integer &g)
Initialize a group parameters over integers.
const Integer & GetSubgroupOrder() const
Retrieves the subgroup order.
Integer-based GroupParameters default implementation.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
Interface for Discrete Log (DL) group parameters.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element's size.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
virtual const Integer & GetSubgroupOrder() const=0
Retrieves the subgroup order.
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
Base implementation of Discrete Log (DL) group parameters.
const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const
Retrieves the group precomputation.
Interface for key derivation algorithms used in DL cryptosystems.
Discrete Log (DL) private key in GF(p) groups.
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
Create a private key.
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
Create a private key.
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
Create a private key.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
void Initialize(const Integer &p, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &x)
Initialize a private key over GF(p)
Discrete Log (DL) private key base implementation.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
void SetPrivateExponent(const Integer &x)
Sets the private exponent.
Discrete Log (DL) public key in GF(p) groups.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &y)
Initialize a public key over GF(p)
void Initialize(const Integer &p, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
void DEREncodePublicKey(BufferedTransformation &bt) const
encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
Interface for Discrete Log (DL) public keys.
virtual void SetPublicElement(const Element &y)
Sets the public element.
virtual const Element & GetPublicElement() const
Retrieves the public element.
virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const
Exponentiates an element.
Discrete Log (DL) public key base implementation.
Discrete Log (DL) signature scheme.
Interface for symmetric encryption algorithms used in DL cryptosystems.
Interface for deterministic signers.
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
Multiple precision integer with arithmetic operations.
size_t MinEncodedSize(Signedness sign=UNSIGNED) const
Minimum number of bytes to encode this integer.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
static const Integer & One()
Integer representing 1.
bool IsNegative() const
Determines if the Integer is negative.
unsigned int ByteCount() const
Determines the number of bytes required to represent the Integer.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Integer InverseMod(const Integer &n) const
Calculate multiplicative inverse.
Interface for retrieving values given their names.
bool GetValue(const char *name, T &value) const
Get a named value.
Interface for random number generators.
iterator begin()
Provides an iterator pointing to the first element in the memory block.
void New(size_type newSize)
Change size without preserving contents.
size_type size() const
Provides the count of elements in the SecBlock.
Library configuration file.
Abstract base classes that provide a uniform interface to this library.
@ BIG_ENDIAN_ORDER
byte order is big-endian
DSA2< SHA1 > DSA
DSA with SHA-1, typedef'd for backwards compatibility.
Classes for HMAC message authentication codes.
Multiple precision integer with arithmetic operations.
Utility functions for the Crypto++ library.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
Crypto++ library namespace.
const char * KeyDerivationParameters()
ConstByteArrayParameter.
const char * EncodingParameters()
ConstByteArrayParameter.
This file contains helper classes/functions for implementing public key algorithms.
Classes for SHA-1 and SHA-2 family of message digests.
Classes for automatic resource management.
ElGamal encryption keys due to ElGamal safe interop.
Discrete Log (DL) encryption/decryption keys in GF(p) groups.
Discrete Log (DL) signing/verification keys in GF(p) groups.
Discrete Log Integrated Encryption Scheme.
DSA deterministic signature scheme.
Returns a decoding results.
Converts an enumeration to a type suitable for use as a template parameter.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.