Crypto++
8.3
Free C++ class library of cryptographic schemes
|
Go to the documentation of this file.
8 #ifndef CRYPTOPP_GFPCRYPT_H
9 #define CRYPTOPP_GFPCRYPT_H
13 #if CRYPTOPP_MSC_VERSION
14 # pragma warning(push)
15 # pragma warning(disable: 4189 4231 4275)
59 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
66 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
91 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
98 const Integer & GetSubgroupOrder()
const {
return m_q;}
116 void EncodeElement(
bool reversible,
const Element &element,
byte *encoded)
const;
124 unsigned int GetEncodedElementSize(
bool reversible)
const;
133 Integer DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const;
144 Integer GetMaxExponent()
const;
148 OID GetAlgorithmID()
const;
162 {m_q = q; ParametersChanged();}
164 static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {
return "";}
168 {
return modulus-(GetFieldType() == 1 ? 1 : -1);}
171 virtual int GetFieldType()
const =0;
172 virtual unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const;
181 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<
typename GROUP_PRECOMP::Element> >
187 typedef typename GROUP_PRECOMP::Element Element;
192 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
193 {
return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();}
196 {AssignFromHelper<DL_GroupParameters_IntegerBased>(
this, source);}
212 {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->
GetGroupPrecomputation(), g); this->ParametersChanged();}
260 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
262 return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();
266 Element MultiplyElements(
const Element &a,
const Element &b)
const;
267 Element CascadeExponentiate(
const Element &element1,
const Integer &exponent1,
const Element &element2,
const Integer &exponent2)
const;
270 int GetFieldType()
const {
return 1;}
282 unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const {
return modulusSize-1;}
291 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "DSA-1363";}
300 s = (kInv * (x*r + e)) % q;
307 if (r>=q || r<1 || s>=q || s<1)
324 template <
class T,
class H>
328 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "DSA-RFC6979";}
332 bool IsProbabilistic()
const
340 static const byte zero = 0, one = 1;
346 e.Encode(BH, BH.
size());
347 BH = bits2octets(BH, q);
351 x.Encode(BX, BX.
size());
355 std::fill(V.
begin(), V.
begin()+H::DIGESTSIZE, one);
359 std::fill(K.
begin(), K.
begin()+H::DIGESTSIZE, zero);
404 k = bits2int(temp, qlen);
426 size_t blen = bits.
size()*8;
441 if (block.size() == rlen)
446 if (block.size() > rlen)
448 size_t offset = block.size() - rlen;
449 std::memcpy(t, block + offset, rlen);
453 size_t offset = rlen - block.size();
454 memset(t,
'\x00', offset);
455 std::memcpy(t + offset, block, rlen - offset);
467 return int2octets(b1.
IsNegative() ? b2 : b1, q.ByteCount());
486 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "GDSA-ISO15946";}
496 s = (k * r - e) * x % q;
503 if (r>=q || r<1 || s>=q || s<1)
507 const Integer u1 = (rInv * e) % q;
508 const Integer u2 = (rInv * s) % q;
527 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "NR";}
542 if (r>=q || r<1 || s>=q)
563 {this->AccessGroupParameters().Initialize(params); this->
SetPublicElement(y);}
570 {this->AccessGroupParameters().Initialize(p, g); this->
SetPublicElement(y);}
578 {this->AccessGroupParameters().Initialize(p, q, g); this->
SetPublicElement(y);}
673 DL_SignatureKeys_GFP,
674 DL_Algorithm_GDSA<Integer>,
675 DL_SignatureMessageEncodingMethod_DSA,
685 DL_SignatureKeys_GFP,
686 DL_Algorithm_NR<Integer>,
687 DL_SignatureMessageEncodingMethod_NR,
739 {
return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
744 MIN_PRIME_LENGTH = 1024,
746 MAX_PRIME_LENGTH = 3072,
748 PRIME_LENGTH_MULTIPLE = 1024
790 DL_Algorithm_GDSA<Integer>,
791 DL_SignatureMessageEncodingMethod_DSA,
796 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DSA/" + (std::string)H::StaticAlgorithmName();}
805 DL_SignatureKeys_GFP,
806 DL_Algorithm_DSA_RFC6979<Integer, H>,
807 DL_SignatureMessageEncodingMethod_DSA,
811 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(
"DSA-RFC6979/") + H::StaticAlgorithmName();}
834 template <
class MAC,
bool DHAES_MODE,
bool LABEL_OCTETS=false>
841 size_t GetSymmetricKeyLength(
size_t plaintextLength)
const
842 {
return plaintextLength +
static_cast<size_t>(MAC::DEFAULT_KEYLENGTH);}
843 size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const
844 {
return plaintextLength +
static_cast<size_t>(MAC::DIGESTSIZE);}
845 size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const
847 void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength,
byte *ciphertext,
const NameValuePairs ¶meters)
const
849 CRYPTOPP_UNUSED(rng);
850 const byte *cipherKey = NULLPTR, *macKey = NULLPTR;
854 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
859 macKey = key + plaintextLength;
866 xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
869 mac.Update(ciphertext, plaintextLength);
870 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
877 mac.Final(ciphertext + plaintextLength);
879 DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength,
byte *plaintext,
const NameValuePairs ¶meters)
const
881 size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
882 const byte *cipherKey, *macKey;
886 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
891 macKey = key + plaintextLength;
898 mac.Update(ciphertext, plaintextLength);
899 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
906 if (!mac.Verify(ciphertext + plaintextLength))
910 xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
917 template <
class T,
bool DHAES_MODE,
class KDF>
924 void Derive(
const DL_GroupParameters<T> ¶ms,
byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs ¶meters)
const
930 params.
EncodeElement(
true, ephemeralPublicKey, agreedSecret);
941 KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.
size(), derivationParameters.
begin(), derivationParameters.
size());
978 template <
class HASH = SHA1,
class COFACTOR_OPTION = NoCofactorMultiplication,
bool DHAES_MODE = true,
bool LABEL_OCTETS=false>
982 DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
983 DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<HASH> >,
984 DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
987 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DLIES";}
992 #if CRYPTOPP_MSC_VERSION
993 # pragma warning(pop)
void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g)
Set group parameters.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
void SetPrivateExponent(const Integer &x)
Sets the private exponent.
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Integer InverseMod(const Integer &n) const
Calculate multiplicative inverse.
size_t size() const
Length of the memory block.
Converts an enumeration to a type suitable for use as a template parameter.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Discrete Log (DL) private key base implementation.
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
Create a private key.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Generate a random key.
Discrete Log (DL) public key in GF(p) groups.
Discrete Log (DL) encryption scheme.
@ BIG_ENDIAN_ORDER
byte order is big-endian
P1363 based XOR Encryption Method.
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
Create a private key.
const Integer & GetGenerator() const
Retrieves a reference to the group generator.
void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
Create a group parameters over integers.
Discrete Log (DL) signature scheme.
DSA deterministic signature scheme.
const char * KeyDerivationParameters()
ConstByteArrayParameter.
Encode and decode ASN.1 objects with additional information.
const Integer & GetModulus() const
Retrieve the modulus for the group.
size_t MinEncodedSize(Signedness sign=UNSIGNED) const
Minimum number of bytes to encode this integer.
static const Integer &CRYPTOPP_API One()
Integer representing 1.
bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
Check the group for errors.
void AssignFrom(const NameValuePairs &source)
Initialize or reinitialize this key.
void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
Decode subjectPublicKey part of subjectPublicKeyInfo.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
const char * EncodingParameters()
ConstByteArrayParameter.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
bool FastSubgroupCheckAvailable() const
Determine if subgroup membership check is fast.
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
Classes for automatic resource management.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
This file contains helper classes/functions for implementing public key algorithms.
void Initialize(const Integer &p, const Integer &g)
Initialize a group parameters over integers.
void TruncatedFinal(byte *mac, size_t size)
Computes the hash of the current message.
virtual void SetPublicElement(const Element &y)
Sets the public element.
void SetSubgroupOrder(const Integer &q)
Set subgroup order.
const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const
Retrieves the group precomputation.
Interface for random number generators.
Discrete Log (DL) private key in GF(p) groups.
Discrete Log (DL) encryption/decryption keys in GF(p) groups.
Interface for symmetric encryption algorithms used in DL cryptosystems.
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
virtual const Integer & GetModulus() const =0
Retrieve the modulus for the group.
DSA signature algorithm based on RFC 6979.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
Utility functions for the Crypto++ library.
Classes for SHA-1 and SHA-2 family of message digests.
virtual void BERDecode(BufferedTransformation &bt)=0
Decode this object from a BufferedTransformation.
void DEREncodePublicKey(BufferedTransformation &bt) const
Encode subjectPublicKey part of subjectPublicKeyInfo.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
void Initialize(const Integer &p, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
Create a private key.
Integer GenerateRandom(const Integer &x, const Integer &q, const Integer &e) const
Generate k.
CRYPTOPP_DLL void CRYPTOPP_API xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Interface for Elgamal-like signature algorithms.
Interface for key derivation algorithms used in DL cryptosystems.
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &y)
Initialize a public key over GF(p)
void Initialize(const DL_GroupParameters_IntegerBased ¶ms)
Initialize a group parameters over integers.
Returns a decoding results.
virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const=0
Exponentiates a base to multiple exponents.
bool IsIdentity(const Integer &element) const
Determines if an element is an identity.
Classes and functions for working with ANS.1 objects.
static bool CRYPTOPP_API IsValidPrimeLength(unsigned int pbits)
Check the prime length for errors.
Discrete Log Integrated Encryption Scheme.
void New(size_type newSize)
Change size without preserving contents.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const
Exponentiates an element.
void Initialize(const Integer &p, const Integer &q, const Integer &g)
Initialize a group parameters over integers.
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
size_type size() const
Provides the count of elements in the SecBlock.
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
const byte * begin() const
Pointer to the first byte in the memory block.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Crypto++ library namespace.
virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g)=0
Set group parameters.
bool GetValue(const char *name, T &value) const
Get a named value.
Interface for deterministic signers.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
bool IsNegative() const
Determines if the Integer is negative.
Library configuration file.
virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms=g_nullNameValuePairs)
Sets or reset the key of this object.
Interface for Discrete Log (DL) public keys.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
virtual const Integer & GetSubgroupOrder() const=0
Retrieves the subgroup order.
bool IsDeterministic() const
Signature scheme flag.
German Digital Signature Algorithm.
bool operator!=(const OID &lhs, const OID &rhs)
Compare two OIDs for inequality.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &x)
Initialize a private key over GF(p)
virtual const Element & GetPublicElement() const
Retrieves the public element.
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
DSA2< SHA1 > DSA
DSA with SHA-1, typedef'd for backwards compatibility.
virtual void DEREncode(BufferedTransformation &bt) const =0
Encode this object into a BufferedTransformation.
Integer-based GroupParameters default implementation.
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
GF(p) group parameters that default to safe primes.
Base implementation of Discrete Log (DL) group parameters.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element's size.
Interface for retrieving values given their names.
void Initialize(const Integer &p, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
Abstract base classes that provide a uniform interface to this library.
Used to pass byte array input as part of a NameValuePairs object.
Classes for working with NameValuePairs.
Multiple precision integer with arithmetic operations.
Integer-based GroupParameters specialization.
Integer ConvertElementToInteger(const Element &element) const
Converts an element to an Integer.
Classes for HMAC message authentication codes.
Multiple precision integer with arithmetic operations.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Discrete Log (DL) public key base implementation.
Discrete Log (DL) signing/verification keys in GF(p) groups.