1 #ifndef CRYPTOPP_GFPCRYPT_H
2 #define CRYPTOPP_GFPCRYPT_H
10 #if CRYPTOPP_MSC_VERSION
11 # pragma warning(push)
12 # pragma warning(disable: 4189)
41 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
43 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
52 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
56 const Integer & GetSubgroupOrder()
const {
return m_q;}
60 bool FastSubgroupCheckAvailable()
const {
return GetCofactor() == 2;}
62 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
64 void EncodeElement(
bool reversible,
const Element &element,
byte *encoded)
const;
65 unsigned int GetEncodedElementSize(
bool reversible)
const;
67 void EncodeElement(
bool reversible,
const Element &element,
byte *encoded)
const
68 {CRYPTOPP_UNUSED(reversible); element.Encode(encoded, GetModulus().ByteCount());}
69 unsigned int GetEncodedElementSize(
bool reversible)
const
70 {CRYPTOPP_UNUSED(reversible);
return GetModulus().ByteCount();}
73 Integer DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const;
77 static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {
return "";}
79 OID GetAlgorithmID()
const;
81 virtual const Integer & GetModulus()
const =0;
82 virtual void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g) =0;
84 void SetSubgroupOrder(
const Integer &q)
85 {m_q = q; ParametersChanged();}
87 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
93 {
return modulus-(GetFieldType() == 1 ? 1 : -1);}
96 virtual int GetFieldType()
const =0;
97 virtual unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const;
104 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element> >
110 typedef typename GROUP_PRECOMP::Element Element;
113 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
114 {
return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();}
117 {AssignFromHelper<DL_GroupParameters_IntegerBased>(
this, source);}
124 const Integer & GetModulus()
const {
return this->m_groupPrecomputation.GetModulus();}
127 void SetModulusAndSubgroupGenerator(
const Integer &p,
const Integer &g)
128 {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->
GetGroupPrecomputation(), g); this->ParametersChanged();}
132 {
return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->
GetSubgroupOrder() == rhs.GetSubgroupOrder();}
136 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
152 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
154 return GetValueHelper<DL_GroupParameters_IntegerBased>(
this, name, valueType, pValue).Assignable();
158 Element MultiplyElements(
const Element &a,
const Element &b)
const;
159 Element CascadeExponentiate(
const Element &element1,
const Integer &exponent1,
const Element &element2,
const Integer &exponent2)
const;
161 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
166 int GetFieldType()
const {
return 1;}
175 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
180 unsigned int GetDefaultSubgroupOrderSize(
unsigned int modulusSize)
const {
return modulusSize-1;}
188 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName() {
return "DSA-1363";}
195 s = (kInv * (x*r + e)) % q;
202 if (r>=q || r<1 || s>=q || s<1)
212 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
224 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName() {
return "NR";}
237 if (r>=q || r<1 || s>=q)
244 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
256 {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);}
258 {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);}
260 {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);}
264 {this->SetPublicElement(
Integer(bt));}
266 {this->GetPublicElement().DEREncode(bt);}
268 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
285 {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);}
287 {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);}
289 {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);}
291 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
303 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
315 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
321 template <
class BASE>
332 if (seq.EndReached())
334 this->AccessGroupParameters().Initialize(v1, v1/2, v2);
335 this->SetPublicElement(v3);
340 this->AccessGroupParameters().Initialize(v1, v2, v3);
341 this->SetPublicElement(v4);
350 this->GetGroupParameters().GetModulus().DEREncode(seq);
351 if (this->GetGroupParameters().GetCofactor() != 2)
352 this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
353 this->GetGroupParameters().GetGenerator().DEREncode(seq);
354 this->GetPublicElement().DEREncode(seq);
358 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
364 template <
class BASE>
376 if (seq.EndReached())
378 this->AccessGroupParameters().Initialize(v1, v1/2, v2);
379 this->SetPrivateExponent(v4 % (v1/2));
384 this->AccessGroupParameters().Initialize(v1, v2, v3);
385 this->SetPrivateExponent(v5);
394 this->GetGroupParameters().GetModulus().DEREncode(seq);
395 if (this->GetGroupParameters().GetCofactor() != 2)
396 this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
397 this->GetGroupParameters().GetGenerator().DEREncode(seq);
398 this->GetGroupParameters().ExponentiateBase(this->GetPrivateExponent()).DEREncode(seq);
399 this->GetPrivateExponent().DEREncode(seq);
403 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
411 DL_SignatureKeys_GFP,
412 DL_Algorithm_GDSA<Integer>,
413 DL_SignatureMessageEncodingMethod_DSA,
416 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
424 DL_SignatureKeys_GFP,
425 DL_Algorithm_NR<Integer>,
426 DL_SignatureMessageEncodingMethod_NR,
429 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
444 static bool CRYPTOPP_API IsValidPrimeLength(
unsigned int pbits)
445 {
return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
447 enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
449 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
463 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
473 DL_Algorithm_GDSA<Integer>,
474 DL_SignatureMessageEncodingMethod_DSA,
479 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DSA/" + (std::string)H::StaticAlgorithmName();}
481 #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
482 enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
485 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
498 template <
class MAC,
bool DHAES_MODE>
502 bool ParameterSupported(
const char *name)
const {
return strcmp(name, Name::EncodingParameters()) == 0;}
503 size_t GetSymmetricKeyLength(
size_t plaintextLength)
const
504 {
return plaintextLength + MAC::DEFAULT_KEYLENGTH;}
505 size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const
506 {
return plaintextLength + MAC::DIGESTSIZE;}
507 size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const
508 {
return (
unsigned int)
SaturatingSubtract(ciphertextLength, (
unsigned int)MAC::DIGESTSIZE);}
509 void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength,
byte *ciphertext,
const NameValuePairs ¶meters)
const
511 CRYPTOPP_UNUSED(rng);
512 const byte *cipherKey = NULL, *macKey = NULL;
516 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
521 macKey = key + plaintextLength;
525 parameters.
GetValue(Name::EncodingParameters(), encodingParameters);
528 xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
531 mac.Update(ciphertext, plaintextLength);
532 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
535 byte L[8] = {0,0,0,0};
539 mac.Final(ciphertext + plaintextLength);
541 DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength,
byte *plaintext,
const NameValuePairs ¶meters)
const
543 size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
544 const byte *cipherKey, *macKey;
548 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
553 macKey = key + plaintextLength;
557 parameters.
GetValue(Name::EncodingParameters(), encodingParameters);
560 mac.Update(ciphertext, plaintextLength);
561 mac.Update(encodingParameters.
begin(), encodingParameters.
size());
564 byte L[8] = {0,0,0,0};
568 if (!mac.Verify(ciphertext + plaintextLength))
572 xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
577 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
583 template <
class T,
bool DHAES_MODE,
class KDF>
587 bool ParameterSupported(
const char *name)
const {
return strcmp(name, Name::KeyDerivationParameters()) == 0;}
588 void Derive(
const DL_GroupParameters<T> ¶ms,
byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs ¶meters)
const
594 params.
EncodeElement(
true, ephemeralPublicKey, agreedSecret);
604 parameters.
GetValue(Name::KeyDerivationParameters(), derivationParameters);
605 KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.
size(), derivationParameters.
begin(), derivationParameters.
size());
608 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
614 template <
class COFACTOR_OPTION = NoCofactorMultiplication,
bool DHAES_MODE = true>
618 DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
619 DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >,
620 DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
623 static std::string CRYPTOPP_API StaticAlgorithmName() {
return "DLIES";}
625 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
632 #if CRYPTOPP_MSC_VERSION
633 # pragma warning(pop)