Crypto++
8.2
Free C++ class library of cryptographic schemes
|
Go to the documentation of this file.
8 #ifndef CRYPTOPP_GFPCRYPT_H
9 #define CRYPTOPP_GFPCRYPT_H
13 #if CRYPTOPP_MSC_VERSION
14 # pragma warning(push)
15 # pragma warning(disable: 4189 4231 4275)
59 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
66 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
75 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
79 const Integer & GetSubgroupOrder()
const {
return m_q;}
83 bool FastSubgroupCheckAvailable()
const {
return GetCofactor() == 2;}
86 void EncodeElement(
bool reversible,
const Element &element,
byte *encoded)
const;
87 unsigned int GetEncodedElementSize(
bool reversible)
const;
89 Integer DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const;
93 static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {
return "";}
95 OID GetAlgorithmID()
const;
97 virtual const Integer & GetModulus()
const =0;
98 virtual void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g) =0;
100 void SetSubgroupOrder(
const Integer &q)
101 {m_q = q; ParametersChanged();}
105 {
return modulus-(GetFieldType() == 1 ? 1 : -1);}
108 virtual int GetFieldType()
const =0;
109 virtual unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const;
118 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<
typename GROUP_PRECOMP::Element> >
124 typedef typename GROUP_PRECOMP::Element Element;
129 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
130 {
return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();}
133 {AssignFromHelper<DL_GroupParameters_IntegerBased>(
this, source);}
140 const Integer & GetModulus()
const {
return this->m_groupPrecomputation.GetModulus();}
143 void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g)
144 {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->
GetGroupPrecomputation(), g); this->ParametersChanged();}
148 {
return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->
GetSubgroupOrder() == rhs.GetSubgroupOrder();}
166 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
168 return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();
172 Element MultiplyElements(
const Element &a,
const Element &b)
const;
173 Element CascadeExponentiate(
const Element &element1,
const Integer &exponent1,
const Element &element2,
const Integer &exponent2)
const;
176 int GetFieldType()
const {
return 1;}
188 unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const {
return modulusSize-1;}
197 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "DSA-1363";}
206 s = (kInv * (x*r + e)) % q;
213 if (r>=q || r<1 || s>=q || s<1)
230 template <
class T,
class H>
234 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "DSA-RFC6979";}
238 bool IsProbabilistic()
const
246 static const byte zero = 0, one = 1;
252 e.Encode(BH, BH.
size());
253 BH = bits2octets(BH, q);
257 x.Encode(BX, BX.
size());
261 std::fill(V.
begin(), V.
begin()+H::DIGESTSIZE, one);
265 std::fill(K.
begin(), K.
begin()+H::DIGESTSIZE, zero);
310 k = bits2int(temp, qlen);
332 size_t blen = bits.
size()*8;
347 if (block.size() == rlen)
352 if (block.size() > rlen)
354 size_t offset = block.size() - rlen;
355 std::memcpy(t, block + offset, rlen);
359 size_t offset = rlen - block.size();
360 memset(t,
'\x00', offset);
361 std::memcpy(t + offset, block, rlen - offset);
373 return int2octets(b1.
IsNegative() ? b2 : b1, q.ByteCount());
392 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "GDSA-ISO15946";}
402 s = (k * r - e) * x % q;
409 if (r>=q || r<1 || s>=q || s<1)
413 const Integer u1 = (rInv * e) % q;
414 const Integer u2 = (rInv * s) % q;
433 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "NR";}
448 if (r>=q || r<1 || s>=q)
469 {this->AccessGroupParameters().Initialize(params); this->
SetPublicElement(y);}
476 {this->AccessGroupParameters().Initialize(p, g); this->
SetPublicElement(y);}
484 {this->AccessGroupParameters().Initialize(p, q, g); this->
SetPublicElement(y);}
579 DL_SignatureKeys_GFP,
580 DL_Algorithm_GDSA<Integer>,
581 DL_SignatureMessageEncodingMethod_DSA,
591 DL_SignatureKeys_GFP,
592 DL_Algorithm_NR<Integer>,
593 DL_SignatureMessageEncodingMethod_NR,
612 static bool CRYPTOPP_API IsValidPrimeLength(
unsigned int pbits)
613 {
return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
615 enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
655 DL_Algorithm_GDSA<Integer>,
656 DL_SignatureMessageEncodingMethod_DSA,
661 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DSA/" + (std::string)H::StaticAlgorithmName();}
670 DL_SignatureKeys_GFP,
671 DL_Algorithm_DSA_RFC6979<Integer, H>,
672 DL_SignatureMessageEncodingMethod_DSA,
676 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(
"DSA-RFC6979/") + H::StaticAlgorithmName();}
699 template <
class MAC,
bool DHAES_MODE,
bool LABEL_OCTETS=false>
706 size_t GetSymmetricKeyLength(
size_t plaintextLength)
const
707 {
return plaintextLength +
static_cast<size_t>(MAC::DIGESTSIZE);}
708 size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const
709 {
return plaintextLength +
static_cast<size_t>(MAC::DIGESTSIZE);}
710 size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const
712 void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength,
byte *ciphertext,
const NameValuePairs ¶meters)
const
714 CRYPTOPP_UNUSED(rng);
715 const byte *cipherKey = NULLPTR, *macKey = NULLPTR;
719 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
724 macKey = key + plaintextLength;
731 xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
734 mac.Update(ciphertext, plaintextLength);
735 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
742 mac.Final(ciphertext + plaintextLength);
744 DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength,
byte *plaintext,
const NameValuePairs ¶meters)
const
746 size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
747 const byte *cipherKey, *macKey;
751 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
756 macKey = key + plaintextLength;
763 mac.Update(ciphertext, plaintextLength);
764 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
771 if (!mac.Verify(ciphertext + plaintextLength))
775 xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
782 template <
class T,
bool DHAES_MODE,
class KDF>
789 void Derive(
const DL_GroupParameters<T> ¶ms,
byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs ¶meters)
const
795 params.
EncodeElement(
true, ephemeralPublicKey, agreedSecret);
806 KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.
size(), derivationParameters.
begin(), derivationParameters.
size());
843 template <
class HASH = SHA1,
class COFACTOR_OPTION = NoCofactorMultiplication,
bool DHAES_MODE = true,
bool LABEL_OCTETS=false>
847 DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
848 DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<HASH> >,
849 DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
852 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DLIES";}
857 #if CRYPTOPP_MSC_VERSION
858 # pragma warning(pop)
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
void SetPrivateExponent(const Integer &x)
Sets the private exponent.
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Integer InverseMod(const Integer &n) const
Calculate multiplicative inverse.
size_t size() const
Length of the memory block.
void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Converts an enumeration to a type suitable for use as a template parameter.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Discrete Log (DL) private key base implementation.
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
Create a private key.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Discrete Log (DL) public key in GF(p) groups.
Discrete Log (DL) encryption scheme.
@ BIG_ENDIAN_ORDER
byte order is big-endian
P1363 based XOR Encryption Method.
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
Create a private key.
void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
Create a group parameters over integers.
Discrete Log (DL) signature scheme.
DSA deterministic signature scheme.
const char * KeyDerivationParameters()
ConstByteArrayParameter.
Encode and decode ASN.1 objects with additional information.
size_t MinEncodedSize(Signedness sign=UNSIGNED) const
Minimum number of bytes to encode this integer.
static const Integer & One()
Integer representing 1.
bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
Check the group for errors.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
const char * EncodingParameters()
ConstByteArrayParameter.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
Classes for automatic resource management.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
This file contains helper classes/functions for implementing public key algorithms.
void Initialize(const Integer &p, const Integer &g)
Initialize a group parameters over integers.
void TruncatedFinal(byte *mac, size_t size)
Computes the hash of the current message.
virtual void SetPublicElement(const Element &y)
Sets the public element.
const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const
Retrieves the group precomputation.
Interface for random number generators.
Discrete Log (DL) private key in GF(p) groups.
Discrete Log (DL) encryption/decryption keys in GF(p) groups.
Interface for symmetric encryption algorithms used in DL cryptosystems.
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
DSA signature algorithm based on RFC 6979.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
Utility functions for the Crypto++ library.
Classes for SHA-1 and SHA-2 family of message digests.
virtual void BERDecode(BufferedTransformation &bt)=0
Decode this object from a BufferedTransformation.
void DEREncodePublicKey(BufferedTransformation &bt) const
encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
void Initialize(const Integer &p, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
Create a private key.
Integer GenerateRandom(const Integer &x, const Integer &q, const Integer &e) const
Generate k.
Interface for Elgamal-like signature algorithms.
Interface for key derivation algorithms used in DL cryptosystems.
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &y)
Initialize a public key over GF(p)
void Initialize(const DL_GroupParameters_IntegerBased ¶ms)
Initialize a group parameters over integers.
Returns a decoding results.
virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const=0
Exponentiates a base to multiple exponents.
bool IsIdentity(const Integer &element) const
Determines if an element is an identity.
Classes and functions for working with ANS.1 objects.
Discrete Log Integrated Encryption Scheme.
void New(size_type newSize)
Change size without preserving contents.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const
Exponentiates an element.
void Initialize(const Integer &p, const Integer &q, const Integer &g)
Initialize a group parameters over integers.
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
size_type size() const
Provides the count of elements in the SecBlock.
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
const byte * begin() const
Pointer to the first byte in the memory block.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Crypto++ library namespace.
bool GetValue(const char *name, T &value) const
Get a named value.
Interface for deterministic signers.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
bool IsNegative() const
Determines if the Integer is negative.
Library configuration file.
virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms=g_nullNameValuePairs)
Sets or reset the key of this object.
Interface for Discrete Log (DL) public keys.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
virtual const Integer & GetSubgroupOrder() const=0
Retrieves the subgroup order.
bool IsDeterministic() const
Signature scheme flag.
German Digital Signature Algorithm.
bool operator!=(const OID &lhs, const OID &rhs)
Compare two OIDs for inequality.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &x)
Initialize a private key over GF(p)
virtual const Element & GetPublicElement() const
Retrieves the public element.
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
DSA2< SHA1 > DSA
DSA with SHA-1, typedef'd for backwards compatibility.
virtual void DEREncode(BufferedTransformation &bt) const =0
Encode this object into a BufferedTransformation.
Integer-based GroupParameters default implementation.
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
GF(p) group parameters that default to safe primes.
Base implementation of Discrete Log (DL) group parameters.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element's size.
Interface for retrieving values given their names.
void Initialize(const Integer &p, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
Abstract base classes that provide a uniform interface to this library.
Used to pass byte array input as part of a NameValuePairs object.
Classes for working with NameValuePairs.
Multiple precision integer with arithmetic operations.
Integer-based GroupParameters specialization.
Integer ConvertElementToInteger(const Element &element) const
Converts an element to an Integer.
Classes for HMAC message authentication codes.
Multiple precision integer with arithmetic operations.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Discrete Log (DL) public key base implementation.
Discrete Log (DL) signing/verification keys in GF(p) groups.