Crypto++
8.6
Free C++ class library of cryptographic schemes
|
Go to the documentation of this file.
8 #ifndef CRYPTOPP_GFPCRYPT_H
9 #define CRYPTOPP_GFPCRYPT_H
13 #if CRYPTOPP_MSC_VERSION
14 # pragma warning(push)
15 # pragma warning(disable: 4189 4231 4275)
59 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
66 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
91 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
98 const Integer & GetSubgroupOrder()
const {
return m_q;}
162 {m_q = q; ParametersChanged();}
164 static std::string
CRYPTOPP_API StaticAlgorithmNamePrefix() {
return "";}
168 {
return modulus-(GetFieldType() == 1 ? 1 : -1);}
171 virtual int GetFieldType()
const =0;
172 virtual unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const;
181 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<
typename GROUP_PRECOMP::Element> >
187 typedef typename GROUP_PRECOMP::Element Element;
192 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
193 {
return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();}
196 {AssignFromHelper<DL_GroupParameters_IntegerBased>(
this, source);}
212 {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->
GetGroupPrecomputation(), g); this->ParametersChanged();}
260 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
262 return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();
266 Element MultiplyElements(
const Element &a,
const Element &b)
const;
267 Element CascadeExponentiate(
const Element &element1,
const Integer &exponent1,
const Element &element2,
const Integer &exponent2)
const;
270 int GetFieldType()
const {
return 1;}
282 unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const {
return modulusSize-1;}
300 return GetSubgroupOrder()-1;
311 CRYPTOPP_STATIC_CONSTEXPR
const char*
CRYPTOPP_API StaticAlgorithmName() {
return "DSA-1363";}
320 s = (kInv * (x*r + e)) % q;
327 if (r>=q || r<1 || s>=q || s<1)
345 template <
class T,
class H>
349 CRYPTOPP_STATIC_CONSTEXPR
const char*
CRYPTOPP_API StaticAlgorithmName() {
return "DSA-RFC6979";}
353 bool IsProbabilistic()
const
361 static const byte zero = 0, one = 1;
368 BH = bits2octets(BH, q);
372 x.Encode(BX, BX.
size());
376 std::fill(V.
begin(), V.
begin()+H::DIGESTSIZE, one);
380 std::fill(K.
begin(), K.
begin()+H::DIGESTSIZE, zero);
425 k = bits2int(temp, qlen);
447 size_t blen = bits.
size()*8;
462 if (block.size() == rlen)
467 if (block.size() > rlen)
469 size_t offset = block.size() - rlen;
470 std::memcpy(t, block + offset, rlen);
474 size_t offset = rlen - block.size();
475 memset(t,
'\x00', offset);
476 std::memcpy(t + offset, block, rlen - offset);
488 return int2octets(b1.
IsNegative() ? b2 : b1, q.ByteCount());
508 CRYPTOPP_STATIC_CONSTEXPR
const char*
CRYPTOPP_API StaticAlgorithmName() {
return "GDSA-ISO15946";}
518 s = (k * r - e) * x % q;
525 if (r>=q || r<1 || s>=q || s<1)
529 const Integer u1 = (rInv * e) % q;
530 const Integer u2 = (rInv * s) % q;
550 CRYPTOPP_STATIC_CONSTEXPR
const char*
CRYPTOPP_API StaticAlgorithmName() {
return "NR";}
565 if (r>=q || r<1 || s>=q)
586 {this->AccessGroupParameters().Initialize(params); this->
SetPublicElement(y);}
593 {this->AccessGroupParameters().Initialize(p, g); this->
SetPublicElement(y);}
601 {this->AccessGroupParameters().Initialize(p, q, g); this->
SetPublicElement(y);}
709 DL_SignatureKeys_GFP,
710 DL_Algorithm_GDSA<Integer>,
711 DL_SignatureMessageEncodingMethod_DSA,
721 DL_SignatureKeys_GFP,
722 DL_Algorithm_NR<Integer>,
723 DL_SignatureMessageEncodingMethod_NR,
775 {
return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
780 MIN_PRIME_LENGTH = 1024,
782 MAX_PRIME_LENGTH = 3072,
784 PRIME_LENGTH_MULTIPLE = 1024
826 DL_Algorithm_GDSA<Integer>,
827 DL_SignatureMessageEncodingMethod_DSA,
832 static std::string
CRYPTOPP_API StaticAlgorithmName() {
return "DSA/" + (std::string)H::StaticAlgorithmName();}
841 DL_SignatureKeys_GFP,
842 DL_Algorithm_DSA_RFC6979<Integer, H>,
843 DL_SignatureMessageEncodingMethod_DSA,
847 static std::string
CRYPTOPP_API StaticAlgorithmName() {
return std::string(
"DSA-RFC6979/") + H::StaticAlgorithmName();}
870 template <
class MAC,
bool DHAES_MODE,
bool LABEL_OCTETS=false>
877 size_t GetSymmetricKeyLength(
size_t plaintextLength)
const
878 {
return plaintextLength +
static_cast<size_t>(MAC::DEFAULT_KEYLENGTH);}
879 size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const
880 {
return plaintextLength +
static_cast<size_t>(MAC::DIGESTSIZE);}
881 size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const
883 void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength,
byte *ciphertext,
const NameValuePairs ¶meters)
const
885 CRYPTOPP_UNUSED(rng);
886 const byte *cipherKey = NULLPTR, *macKey = NULLPTR;
890 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
895 macKey = key + plaintextLength;
902 xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
905 mac.Update(ciphertext, plaintextLength);
906 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
913 mac.Final(ciphertext + plaintextLength);
915 DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength,
byte *plaintext,
const NameValuePairs ¶meters)
const
917 size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
918 const byte *cipherKey, *macKey;
922 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
927 macKey = key + plaintextLength;
934 mac.Update(ciphertext, plaintextLength);
935 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
942 if (!mac.Verify(ciphertext + plaintextLength))
946 xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
957 template <
class T,
bool DHAES_MODE,
class KDF>
964 void Derive(
const DL_GroupParameters<T> ¶ms,
byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs ¶meters)
const
970 params.
EncodeElement(
true, ephemeralPublicKey, agreedSecret);
981 KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.
size(), derivationParameters.
begin(), derivationParameters.
size());
1018 template <
class HASH = SHA1,
class COFACTOR_OPTION = NoCofactorMultiplication,
bool DHAES_MODE = true,
bool LABEL_OCTETS=false>
1022 DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
1023 DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<HASH> >,
1024 DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
1027 static std::string
CRYPTOPP_API StaticAlgorithmName() {
return "DLIES";}
1032 #if CRYPTOPP_MSC_VERSION
1033 # pragma warning(pop)
void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g)
Set group parameters.
virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms=g_nullNameValuePairs)
Sets or reset the key of this object.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
void SetPrivateExponent(const Integer &x)
Sets the private exponent.
Integer GetMaxExponent() const
Retrieve the maximum exponent for the group.
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Integer InverseMod(const Integer &n) const
Calculate multiplicative inverse.
size_t size() const
Length of the memory block.
Converts an enumeration to a type suitable for use as a template parameter.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
void Update(const byte *input, size_t length)
Updates a hash with additional input.
void AssignFrom(const NameValuePairs &source)
Initialize or reinitialize this key.
Discrete Log (DL) private key base implementation.
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
Create a private key.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Generate a random key.
Discrete Log (DL) public key in GF(p) groups.
Discrete Log (DL) encryption scheme.
@ BIG_ENDIAN_ORDER
byte order is big-endian
P1363 based XOR Encryption Method.
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
Create a private key.
const Integer & GetGenerator() const
Retrieves a reference to the group generator.
void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
Create a group parameters over integers.
Discrete Log (DL) signature scheme.
DSA deterministic signature scheme.
const char * KeyDerivationParameters()
ConstByteArrayParameter.
Encode and decode ASN.1 objects with additional information.
const Integer & GetModulus() const
Retrieve the modulus for the group.
OID GetAlgorithmID() const
Retrieve the OID of the algorithm.
size_t MinEncodedSize(Signedness sign=UNSIGNED) const
Minimum number of bytes to encode this integer.
bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
Check the group for errors.
void AssignFrom(const NameValuePairs &source)
Initialize or reinitialize this key.
void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
Decode subjectPublicKey part of subjectPublicKeyInfo.
bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
Check the group for errors.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
const char * EncodingParameters()
ConstByteArrayParameter.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
bool FastSubgroupCheckAvailable() const
Determine if subgroup membership check is fast.
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
Classes for automatic resource management.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
This file contains helper classes/functions for implementing public key algorithms.
void Initialize(const Integer &p, const Integer &g)
Initialize a group parameters over integers.
void TruncatedFinal(byte *mac, size_t size)
Computes the hash of the current message.
virtual void SetPublicElement(const Element &y)
Sets the public element.
unsigned long long word64
64-bit unsigned datatype
void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const
Exponentiates a base to multiple exponents.
void SetSubgroupOrder(const Integer &q)
Set subgroup order.
const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const
Retrieves the group precomputation.
Interface for random number generators.
Discrete Log (DL) private key in GF(p) groups.
Discrete Log (DL) encryption/decryption keys in GF(p) groups.
Interface for symmetric encryption algorithms used in DL cryptosystems.
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
virtual const Integer & GetModulus() const =0
Retrieve the modulus for the group.
void EncodeElement(bool reversible, const Element &element, byte *encoded) const
Encodes the element.
DSA signature algorithm based on RFC 6979.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
Utility functions for the Crypto++ library.
Classes for SHA-1 and SHA-2 family of message digests.
void DEREncodePublicKey(BufferedTransformation &bt) const
Encode subjectPublicKey part of subjectPublicKeyInfo.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Generate a random key or crypto parameters.
Integer DecodeElement(const byte *encoded, bool checkForGroupMembership) const
Decodes the element.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
void Sign(const DL_GroupParameters< T > ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
void Initialize(const Integer &p, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
Create a private key.
Integer GenerateRandom(const Integer &x, const Integer &q, const Integer &e) const
Generate k.
Interface for Elgamal-like signature algorithms.
Interface for key derivation algorithms used in DL cryptosystems.
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
static bool IsValidPrimeLength(unsigned int pbits)
Check the prime length for errors.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &y)
Initialize a public key over GF(p)
void Initialize(const DL_GroupParameters_IntegerBased ¶ms)
Initialize a group parameters over integers.
Returns a decoding results.
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
bool IsIdentity(const Integer &element) const
Determines if an element is an identity.
Classes and functions for working with ANS.1 objects.
Discrete Log Integrated Encryption Scheme.
void New(size_type newSize)
Change size without preserving contents.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const
Exponentiates an element.
void Initialize(const Integer &p, const Integer &q, const Integer &g)
Initialize a group parameters over integers.
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
unsigned int GetEncodedElementSize(bool reversible) const
Retrieve the encoded element's size.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
size_type size() const
Provides the count of elements in the SecBlock.
P1363 based Key Derivation Method.
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
const byte * begin() const
Pointer to the first byte in the memory block.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Crypto++ library namespace.
virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g)=0
Set group parameters.
bool GetValue(const char *name, T &value) const
Get a named value.
#define CRYPTOPP_API
Win32 calling convention.
#define CRYPTOPP_DLL_TEMPLATE_CLASS
Instantiate templates in a dynamic library.
Interface for deterministic signers.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
bool IsNegative() const
Determines if the Integer is negative.
Library configuration file.
CRYPTOPP_DLL void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Interface for Discrete Log (DL) public keys.
bool ValidateElement(unsigned int level, const Integer &element, const DL_FixedBasePrecomputation< Integer > *precomp) const
Check the element for errors.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
virtual const Integer & GetSubgroupOrder() const=0
Retrieves the subgroup order.
bool IsDeterministic() const
Signature scheme flag.
German Digital Signature Algorithm.
ElGamal encryption for safe interop.
bool operator!=(const OID &lhs, const OID &rhs)
Compare two OIDs for inequality.
void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &x)
Initialize a private key over GF(p)
virtual const Element & GetPublicElement() const
Retrieves the public element.
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
DSA2< SHA1 > DSA
DSA with SHA-1, typedef'd for backwards compatibility.
Integer-based GroupParameters default implementation.
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
GF(p) group parameters that default to safe primes.
Base implementation of Discrete Log (DL) group parameters.
ElGamal encryption keys for safe interop.
static const Integer & One()
Integer representing 1.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element's size.
Interface for retrieving values given their names.
void Initialize(const Integer &p, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
Abstract base classes that provide a uniform interface to this library.
Used to pass byte array input as part of a NameValuePairs object.
Classes for working with NameValuePairs.
Multiple precision integer with arithmetic operations.
Integer-based GroupParameters specialization.
Integer ConvertElementToInteger(const Element &element) const
Converts an element to an Integer.
Classes for HMAC message authentication codes.
Multiple precision integer with arithmetic operations.
bool Verify(const DL_GroupParameters< T > ¶ms, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Discrete Log (DL) public key base implementation.
Discrete Log (DL) signing/verification keys in GF(p) groups.