8 #ifndef CRYPTOPP_GFPCRYPT_H
9 #define CRYPTOPP_GFPCRYPT_H
13 #if CRYPTOPP_MSC_VERSION
14 # pragma warning(push)
15 # pragma warning(disable: 4189 4231 4275)
59 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
66 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
91 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
116 void EncodeElement(
bool reversible,
const Element &element,
byte *encoded)
const;
162 {m_q = q; ParametersChanged();}
164 static std::string
CRYPTOPP_API StaticAlgorithmNamePrefix() {
return "";}
168 {
return modulus-(GetFieldType() == 1 ? 1 : -1);}
171 virtual int GetFieldType()
const =0;
172 virtual unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const;
181 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<
typename GROUP_PRECOMP::Element> >
187 typedef typename GROUP_PRECOMP::Element Element;
192 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
193 {
return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();}
196 {AssignFromHelper<DL_GroupParameters_IntegerBased>(
this, source);}
212 {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->
GetGroupPrecomputation(), g); this->ParametersChanged();}
260 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
262 return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();
266 Element MultiplyElements(
const Element &a,
const Element &b)
const;
267 Element CascadeExponentiate(
const Element &element1,
const Integer &exponent1,
const Element &element2,
const Integer &exponent2)
const;
270 int GetFieldType()
const {
return 1;}
282 unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const {
return modulusSize-1;}
291 CRYPTOPP_STATIC_CONSTEXPR
const char*
CRYPTOPP_API StaticAlgorithmName() {
return "DSA-1363";}
300 s = (kInv * (x*r + e)) % q;
307 if (r>=q || r<1 || s>=q || s<1)
324 template <
class T,
class H>
328 CRYPTOPP_STATIC_CONSTEXPR
const char*
CRYPTOPP_API StaticAlgorithmName() {
return "DSA-RFC6979";}
332 bool IsProbabilistic()
const
340 static const byte zero = 0, one = 1;
347 BH = bits2octets(BH, q);
351 x.Encode(BX, BX.
size());
355 std::fill(V.
begin(), V.
begin()+H::DIGESTSIZE, one);
359 std::fill(K.
begin(), K.
begin()+H::DIGESTSIZE, zero);
362 m_hmac.SetKey(K, K.
size());
363 m_hmac.Update(V, V.
size());
364 m_hmac.Update(&zero, 1);
365 m_hmac.Update(BX, BX.
size());
366 m_hmac.Update(BH, BH.
size());
367 m_hmac.TruncatedFinal(K, K.
size());
370 m_hmac.SetKey(K, K.
size());
371 m_hmac.Update(V, V.
size());
372 m_hmac.TruncatedFinal(V, V.
size());
375 m_hmac.SetKey(K, K.
size());
376 m_hmac.Update(V, V.
size());
377 m_hmac.Update(&one, 1);
378 m_hmac.Update(BX, BX.
size());
379 m_hmac.Update(BH, BH.
size());
380 m_hmac.TruncatedFinal(K, K.
size());
383 m_hmac.SetKey(K, K.
size());
384 m_hmac.Update(V, V.
size());
385 m_hmac.TruncatedFinal(V, V.
size());
396 m_hmac.Update(V, V.
size());
397 m_hmac.TruncatedFinal(V, V.
size());
404 k = bits2int(temp, qlen);
409 m_hmac.Update(V, V.
size());
410 m_hmac.Update(&zero, 1);
411 m_hmac.TruncatedFinal(K, K.
size());
413 m_hmac.SetKey(K, K.
size());
414 m_hmac.Update(V, V.
size());
415 m_hmac.TruncatedFinal(V, V.
size());
426 size_t blen = bits.
size()*8;
441 if (block.size() == rlen)
446 if (block.size() > rlen)
448 size_t offset = block.size() - rlen;
449 std::memcpy(t, block + offset, rlen);
453 size_t offset = rlen - block.size();
454 memset(t,
'\x00', offset);
455 std::memcpy(t + offset, block, rlen - offset);
486 CRYPTOPP_STATIC_CONSTEXPR
const char*
CRYPTOPP_API StaticAlgorithmName() {
return "GDSA-ISO15946";}
496 s = (k * r - e) * x % q;
503 if (r>=q || r<1 || s>=q || s<1)
507 const Integer u1 = (rInv * e) % q;
508 const Integer u2 = (rInv * s) % q;
527 CRYPTOPP_STATIC_CONSTEXPR
const char*
CRYPTOPP_API StaticAlgorithmName() {
return "NR";}
542 if (r>=q || r<1 || s>=q)
563 {this->AccessGroupParameters().Initialize(params); this->
SetPublicElement(y);}
570 {this->AccessGroupParameters().Initialize(p, g); this->
SetPublicElement(y);}
578 {this->AccessGroupParameters().Initialize(p, q, g); this->
SetPublicElement(y);}
673 DL_SignatureKeys_GFP,
674 DL_Algorithm_GDSA<Integer>,
675 DL_SignatureMessageEncodingMethod_DSA,
685 DL_SignatureKeys_GFP,
686 DL_Algorithm_NR<Integer>,
687 DL_SignatureMessageEncodingMethod_NR,
739 {
return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
744 MIN_PRIME_LENGTH = 1024,
746 MAX_PRIME_LENGTH = 3072,
748 PRIME_LENGTH_MULTIPLE = 1024
790 DL_Algorithm_GDSA<Integer>,
791 DL_SignatureMessageEncodingMethod_DSA,
796 static std::string
CRYPTOPP_API StaticAlgorithmName() {
return "DSA/" + (std::string)H::StaticAlgorithmName();}
805 DL_SignatureKeys_GFP,
806 DL_Algorithm_DSA_RFC6979<Integer, H>,
807 DL_SignatureMessageEncodingMethod_DSA,
811 static std::string
CRYPTOPP_API StaticAlgorithmName() {
return std::string(
"DSA-RFC6979/") + H::StaticAlgorithmName();}
834 template <
class MAC,
bool DHAES_MODE,
bool LABEL_OCTETS=false>
841 size_t GetSymmetricKeyLength(
size_t plaintextLength)
const
842 {
return plaintextLength +
static_cast<size_t>(MAC::DEFAULT_KEYLENGTH);}
843 size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const
844 {
return plaintextLength +
static_cast<size_t>(MAC::DIGESTSIZE);}
845 size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const
847 void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength,
byte *ciphertext,
const NameValuePairs ¶meters)
const
849 CRYPTOPP_UNUSED(rng);
850 const byte *cipherKey = NULLPTR, *macKey = NULLPTR;
854 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
859 macKey = key + plaintextLength;
866 xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
869 mac.Update(ciphertext, plaintextLength);
870 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
877 mac.Final(ciphertext + plaintextLength);
879 DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength,
byte *plaintext,
const NameValuePairs ¶meters)
const
881 size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
882 const byte *cipherKey, *macKey;
886 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
891 macKey = key + plaintextLength;
898 mac.Update(ciphertext, plaintextLength);
899 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
906 if (!mac.Verify(ciphertext + plaintextLength))
910 xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
917 template <
class T,
bool DHAES_MODE,
class KDF>
924 void Derive(
const DL_GroupParameters<T> ¶ms,
byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs ¶meters)
const
930 params.
EncodeElement(
true, ephemeralPublicKey, agreedSecret);
941 KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.
size(), derivationParameters.
begin(), derivationParameters.
size());
978 template <
class HASH = SHA1,
class COFACTOR_OPTION = NoCofactorMultiplication,
bool DHAES_MODE = true,
bool LABEL_OCTETS=false>
982 DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
983 DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<HASH> >,
984 DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
987 static std::string
CRYPTOPP_API StaticAlgorithmName() {
return "DLIES";}
992 #if CRYPTOPP_MSC_VERSION
993 # pragma warning(pop)
Classes for working with NameValuePairs.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Classes and functions for working with ANS.1 objects.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
bool operator!=(const OID &lhs, const OID &rhs)
Compare two OIDs for inequality.
Encode and decode ASN.1 objects with additional information.
Used to pass byte array input as part of a NameValuePairs object.
size_t size() const
Length of the memory block.
const byte * begin() const
Pointer to the first byte in the memory block.
DSA signature algorithm based on RFC 6979.
Integer GenerateRandom(const Integer &x, const Integer &q, const Integer &e) const
Generate k.
bool IsDeterministic() const
Signature scheme flag.
German Digital Signature Algorithm.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
Discrete Log (DL) encryption scheme.
Interface for Elgamal-like signature algorithms.
P1363 based XOR Encryption Method.
bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
Check the group for errors.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Generate a random key or crypto parameters.
static bool IsValidPrimeLength(unsigned int pbits)
Check the prime length for errors.
GF(p) group parameters that default to safe primes.
void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const
Exponentiates a base to multiple exponents.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
bool IsIdentity(const Integer &element) const
Determines if an element is an identity.
Integer-based GroupParameters specialization.
void AssignFrom(const NameValuePairs &source)
Initialize or reinitialize this key.
void Initialize(const Integer &p, const Integer &g)
Initialize a group parameters over integers.
Integer GetGroupOrder() const
Retrieves the order of the group.
virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g)=0
Set group parameters.
void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
Create a group parameters over integers.
OID GetAlgorithmID() const
Retrieve the OID of the algorithm.
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
virtual const Integer & GetModulus() const =0
Retrieve the modulus for the group.
Integer GetMaxExponent() const
Retrieve the maximum exponent for the group.
void SetSubgroupOrder(const Integer &q)
Set subgroup order.
Integer DecodeElement(const byte *encoded, bool checkForGroupMembership) const
Decodes the element.
Integer ConvertElementToInteger(const Element &element) const
Converts an element to an Integer.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Generate a random key.
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
Check the group for errors.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms)
Initialize a group parameters over integers.
bool FastSubgroupCheckAvailable() const
Determine if subgroup membership check is fast.
unsigned int GetEncodedElementSize(bool reversible) const
Retrieve the encoded element's size.
void Initialize(const Integer &p, const Integer &q, const Integer &g)
Initialize a group parameters over integers.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
const Integer & GetSubgroupOrder() const
Retrieves the subgroup order.
void EncodeElement(bool reversible, const Element &element, byte *encoded) const
Encodes the element.
Integer-based GroupParameters default implementation.
void AssignFrom(const NameValuePairs &source)
Initialize or reinitialize this key.
const Integer & GetGenerator() const
Retrieves a reference to the group generator.
const Integer & GetModulus() const
Retrieve the modulus for the group.
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g)
Set group parameters.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
Interface for Discrete Log (DL) group parameters.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element's size.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
virtual const Integer & GetSubgroupOrder() const=0
Retrieves the subgroup order.
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
Base implementation of Discrete Log (DL) group parameters.
const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const
Retrieves the group precomputation.
Interface for key derivation algorithms used in DL cryptosystems.
Discrete Log (DL) private key in GF(p) groups.
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
Create a private key.
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
Create a private key.
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
Create a private key.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
void Initialize(const Integer &p, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &x)
Initialize a private key over GF(p)
Discrete Log (DL) private key base implementation.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
void SetPrivateExponent(const Integer &x)
Sets the private exponent.
Discrete Log (DL) public key in GF(p) groups.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &y)
Initialize a public key over GF(p)
void Initialize(const Integer &p, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
void DEREncodePublicKey(BufferedTransformation &bt) const
Encode subjectPublicKey part of subjectPublicKeyInfo.
void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
Decode subjectPublicKey part of subjectPublicKeyInfo.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
Interface for Discrete Log (DL) public keys.
virtual void SetPublicElement(const Element &y)
Sets the public element.
virtual const Element & GetPublicElement() const
Retrieves the public element.
virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const
Exponentiates an element.
Discrete Log (DL) public key base implementation.
Discrete Log (DL) signature scheme.
Interface for symmetric encryption algorithms used in DL cryptosystems.
Interface for deterministic signers.
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
Multiple precision integer with arithmetic operations.
size_t MinEncodedSize(Signedness sign=UNSIGNED) const
Minimum number of bytes to encode this integer.
static const Integer & One()
Integer representing 1.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
bool IsNegative() const
Determines if the Integer is negative.
unsigned int ByteCount() const
Determines the number of bytes required to represent the Integer.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Integer InverseMod(const Integer &n) const
Calculate multiplicative inverse.
Interface for retrieving values given their names.
bool GetValue(const char *name, T &value) const
Get a named value.
Interface for random number generators.
iterator begin()
Provides an iterator pointing to the first element in the memory block.
void New(size_type newSize)
Change size without preserving contents.
size_type size() const
Provides the count of elements in the SecBlock.
Library configuration file.
#define CRYPTOPP_API
Win32 calling convention.
#define CRYPTOPP_DLL_TEMPLATE_CLASS
Instantiate templates in a dynamic library.
unsigned long long word64
64-bit unsigned datatype
Abstract base classes that provide a uniform interface to this library.
@ BIG_ENDIAN_ORDER
byte order is big-endian
DSA2< SHA1 > DSA
DSA with SHA-1, typedef'd for backwards compatibility.
Classes for HMAC message authentication codes.
Multiple precision integer with arithmetic operations.
Utility functions for the Crypto++ library.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
CRYPTOPP_DLL void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Crypto++ library namespace.
const char * KeyDerivationParameters()
ConstByteArrayParameter.
const char * EncodingParameters()
ConstByteArrayParameter.
This file contains helper classes/functions for implementing public key algorithms.
Classes for SHA-1 and SHA-2 family of message digests.
Classes for automatic resource management.
Discrete Log (DL) encryption/decryption keys in GF(p) groups.
Discrete Log (DL) signing/verification keys in GF(p) groups.
Discrete Log Integrated Encryption Scheme.
DSA deterministic signature scheme.
Returns a decoding results.
Converts an enumeration to a type suitable for use as a template parameter.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.