34 #ifndef CRYPTOPP_PUBKEY_H
35 #define CRYPTOPP_PUBKEY_H
39 #if CRYPTOPP_MSC_VERSION
40 # pragma warning(push)
41 # pragma warning(disable: 4702)
58 #if defined(__SUNPRO_CC)
59 # define MAYBE_RETURN(x) return x
61 # define MAYBE_RETURN(x) CRYPTOPP_UNUSED(x)
84 virtual Integer PreimageBound()
const =0;
88 virtual Integer ImageBound()
const =0;
108 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
136 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
148 {CRYPTOPP_UNUSED(rng);
return ApplyFunction(x);}
203 {
return CalculateInverse(rng, x);}
226 virtual bool ParameterSupported(
const char *name)
const
227 {CRYPTOPP_UNUSED(name);
return false;}
230 virtual size_t MaxUnpaddedLength(
size_t paddedLength)
const =0;
243 template <
class TFI,
class MEI>
247 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
253 typedef TFI TrapdoorFunctionInterface;
254 virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const =0;
256 typedef MEI MessageEncodingInterface;
257 virtual const MessageEncodingInterface & GetMessageEncodingInterface()
const =0;
265 template <
class BASE>
269 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
273 size_t MaxPlaintextLength(
size_t ciphertextLength)
const
274 {
return ciphertextLength == FixedCiphertextLength() ? FixedMaxPlaintextLength() : 0;}
275 size_t CiphertextLength(
size_t plaintextLength)
const
276 {
return plaintextLength <= FixedMaxPlaintextLength() ? FixedCiphertextLength() : 0;}
278 virtual size_t FixedMaxPlaintextLength()
const =0;
279 virtual size_t FixedCiphertextLength()
const =0;
286 template <
class INTERFACE,
class BASE>
290 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
294 bool ParameterSupported(
const char *name)
const {
return this->GetMessageEncodingInterface().ParameterSupported(name);}
295 size_t FixedMaxPlaintextLength()
const {
return this->GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());}
296 size_t FixedCiphertextLength()
const {
return this->GetTrapdoorFunctionBounds().MaxImage().ByteCount();}
299 size_t PaddedBlockByteLength()
const {
return BitsToBytes(PaddedBlockBitLength());}
301 size_t PaddedBlockBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().PreimageBound().BitCount(),1U);}
309 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
321 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
331 typedef std::pair<const byte *, unsigned int> HashIdentifier;
344 virtual size_t MinRepresentativeBitLength(
size_t hashIdentifierLength,
size_t digestLength)
const
345 {CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
346 virtual size_t MaxRecoverableLength(
size_t representativeBitLength,
size_t hashIdentifierLength,
size_t digestLength)
const
347 {CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
349 bool IsProbabilistic()
const
351 bool AllowNonrecoverablePart()
const
352 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
353 virtual bool RecoverablePartFirst()
const
354 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
357 virtual void ProcessSemisignature(
HashTransformation &hash,
const byte *semisignature,
size_t semisignatureLength)
const
358 {CRYPTOPP_UNUSED(hash); CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength);}
362 const byte *recoverableMessage,
size_t recoverableMessageLength,
363 const byte *presignature,
size_t presignatureLength,
366 CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(recoverableMessage); CRYPTOPP_UNUSED(recoverableMessageLength);
367 CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength); CRYPTOPP_UNUSED(semisignature);
368 if (RecoverablePartFirst())
373 const byte *recoverableMessage,
size_t recoverableMessageLength,
375 byte *representative,
size_t representativeBitLength)
const =0;
377 virtual bool VerifyMessageRepresentative(
379 byte *representative,
size_t representativeBitLength)
const =0;
383 byte *representative,
size_t representativeBitLength,
384 byte *recoveredMessage)
const
385 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(messageEmpty);
386 CRYPTOPP_UNUSED(representative); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(recoveredMessage);
387 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
391 const byte *presignature,
size_t presignatureLength,
392 const byte *semisignature,
size_t semisignatureLength,
393 byte *recoveredMessage)
const
394 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength);
395 CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength); CRYPTOPP_UNUSED(recoveredMessage);
396 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
403 static HashIdentifier CRYPTOPP_API Lookup()
405 return HashIdentifier((
const byte *)NULL, 0);
418 bool VerifyMessageRepresentative(
420 byte *representative,
size_t representativeBitLength)
const;
430 bool VerifyMessageRepresentative(
432 byte *representative,
size_t representativeBitLength)
const;
443 const byte *recoverableMessage,
size_t recoverableMessageLength,
445 byte *representative,
size_t representativeBitLength)
const;
456 const byte *recoverableMessage,
size_t recoverableMessageLength,
458 byte *representative,
size_t representativeBitLength)
const;
472 void Update(
const byte *input,
size_t length)
474 AccessHash().Update(input, length);
475 m_empty = m_empty && length == 0;
478 SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature;
487 template <
class HASH_ALGORITHM>
495 template <
class INTERFACE,
class BASE>
499 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
503 size_t SignatureLength()
const
504 {
return this->GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();}
505 size_t MaxRecoverableLength()
const
506 {
return this->GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());}
507 size_t MaxRecoverableLengthFromSignatureLength(
size_t signatureLength)
const
508 {CRYPTOPP_UNUSED(signatureLength);
return this->MaxRecoverableLength();}
510 bool IsProbabilistic()
const
511 {
return this->GetTrapdoorFunctionInterface().IsRandomized() || this->GetMessageEncodingInterface().IsProbabilistic();}
512 bool AllowNonrecoverablePart()
const
513 {
return this->GetMessageEncodingInterface().AllowNonrecoverablePart();}
514 bool RecoverablePartFirst()
const
515 {
return this->GetMessageEncodingInterface().RecoverablePartFirst();}
518 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
520 size_t MessageRepresentativeBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().ImageBound().BitCount(),1U);}
521 virtual HashIdentifier GetHashIdentifier()
const =0;
522 virtual size_t GetDigestSize()
const =0;
529 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
533 void InputRecoverableMessage(
PK_MessageAccumulator &messageAccumulator,
const byte *recoverableMessage,
size_t recoverableMessageLength)
const;
541 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
545 void InputSignature(
PK_MessageAccumulator &messageAccumulator,
const byte *signature,
size_t signatureLength)
const;
553 template <
class T1,
class T2,
class T3>
556 typedef T1 AlgorithmInfo;
559 typedef typename Keys::PublicKey
PublicKey;
560 typedef T3 MessageEncodingMethod;
564 template <
class T1,
class T2,
class T3,
class T4>
567 typedef T4 HashFunction;
571 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
575 typedef SCHEME_OPTIONS SchemeOptions;
576 typedef KEY_CLASS KeyClass;
578 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
582 PublicKey & AccessPublicKey() {
return AccessKey();}
583 const PublicKey & GetPublicKey()
const {
return GetKey();}
585 PrivateKey & AccessPrivateKey() {
return AccessKey();}
586 const PrivateKey & GetPrivateKey()
const {
return GetKey();}
588 virtual const KeyClass & GetKey()
const =0;
589 virtual KeyClass & AccessKey() =0;
591 const KeyClass & GetTrapdoorFunction()
const {
return GetKey();}
595 CRYPTOPP_UNUSED(rng);
604 const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface()
const
608 const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const
612 HashIdentifier GetHashIdentifier()
const
614 typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L;
617 size_t GetDigestSize()
const
619 typedef CPP_TYPENAME SchemeOptions::HashFunction H;
620 return H::DIGESTSIZE;
625 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
629 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
634 void SetKeyPtr(
const KEY *pKey) {m_pKey = pKey;}
636 const KEY & GetKey()
const {
return *m_pKey;}
637 KEY & AccessKey() {
throw NotImplemented(
"TF_ObjectImplExtRef: cannot modify refererenced key");}
644 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
648 typedef KEY_CLASS KeyClass;
650 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
654 const KeyClass & GetKey()
const {
return m_trapdoorFunction;}
655 KeyClass & AccessKey() {
return m_trapdoorFunction;}
658 KeyClass m_trapdoorFunction;
662 template <
class SCHEME_OPTIONS>
668 template <
class SCHEME_OPTIONS>
674 template <
class SCHEME_OPTIONS>
680 template <
class SCHEME_OPTIONS>
701 virtual void GenerateAndMask(
HashTransformation &hash,
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
bool mask =
true)
const =0;
715 CRYPTOPP_DLL
void CRYPTOPP_API P1363_MGF1KDF2_Common(
HashTransformation &hash,
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength,
bool mask,
unsigned int counterStart);
722 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName() {
return "MGF1";}
725 P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, NULL, 0, mask, 0);
738 static void CRYPTOPP_API DeriveKey(
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength)
741 P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, derivationParams, derivationParamsLength,
false, 1);
766 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
775 if (!GetBasePrecomputation().IsInitialized())
778 if (m_validationLevel > level)
781 bool pass = ValidateGroup(rng, level);
782 pass = pass && ValidateElement(level, GetSubgroupGenerator(), &GetBasePrecomputation());
784 m_validationLevel = pass ? level+1 : 0;
789 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
791 return GetValueHelper(
this, name, valueType, pValue)
792 CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupOrder)
793 CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupGenerator)
801 AccessBasePrecomputation().Precompute(GetGroupPrecomputation(), GetSubgroupOrder().BitCount(), precomputationStorage);
806 AccessBasePrecomputation().Load(GetGroupPrecomputation(), storedPrecomputation);
807 m_validationLevel = 0;
812 GetBasePrecomputation().Save(GetGroupPrecomputation(), storedPrecomputation);
818 virtual const Element &
GetSubgroupGenerator()
const {
return GetBasePrecomputation().GetBase(GetGroupPrecomputation());}
823 virtual void SetSubgroupGenerator(
const Element &base) {AccessBasePrecomputation().SetBase(GetGroupPrecomputation(), base);}
830 return GetBasePrecomputation().Exponentiate(GetGroupPrecomputation(), exponent);
841 SimultaneousExponentiate(&result, base, &exponent, 1);
859 virtual const Integer & GetSubgroupOrder()
const =0;
863 virtual Integer GetMaxExponent()
const =0;
881 virtual unsigned int GetEncodedElementSize(
bool reversible)
const =0;
889 virtual void EncodeElement(
bool reversible,
const Element &element,
byte *encoded)
const =0;
897 virtual Element DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const =0;
903 virtual Integer ConvertElementToInteger(
const Element &element)
const =0;
938 virtual bool FastSubgroupCheckAvailable()
const =0;
946 virtual bool IsIdentity(
const Element &element)
const =0;
958 virtual void SimultaneousExponentiate(Element *results,
const Element &base,
const Integer *exponents,
unsigned int exponentsCount)
const =0;
961 void ParametersChanged() {m_validationLevel = 0;}
964 mutable unsigned int m_validationLevel;
971 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element>,
class BASE = DL_GroupParameters<CPP_TYPENAME GROUP_PRECOMP::Element> >
975 typedef GROUP_PRECOMP GroupPrecomputation;
976 typedef typename GROUP_PRECOMP::Element Element;
977 typedef BASE_PRECOMP BasePrecomputation;
979 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
996 GROUP_PRECOMP m_groupPrecomputation;
1007 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1028 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1032 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1035 CRYPTOPP_GET_FUNCTION_ENTRY(PublicElement);
1041 virtual const Element & GetPublicElement()
const {
return GetPublicPrecomputation().GetBase(this->
GetAbstractGroupParameters().GetGroupPrecomputation());}
1042 virtual void SetPublicElement(
const Element &y) {AccessPublicPrecomputation().SetBase(this->
GetAbstractGroupParameters().GetGroupPrecomputation(), y);}
1043 virtual Element ExponentiatePublicElement(
const Integer &exponent)
const
1048 virtual Element CascadeExponentiateBaseAndPublicElement(
const Integer &baseExp,
const Integer &publicExp)
const
1067 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1077 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1080 CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent);
1086 AssignFromHelper(
this, source)
1087 CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent);
1090 virtual const Integer & GetPrivateExponent()
const =0;
1091 virtual void SetPrivateExponent(
const Integer &x) =0;
1099 pPrivateKey->MakePublicKey(*
this);
1102 this->AccessAbstractGroupParameters().AssignFrom(source);
1103 AssignFromHelper(
this, source)
1104 CRYPTOPP_SET_FUNCTION_ENTRY(PublicElement);
1111 template <
class PK,
class GP,
class O = OID>
1115 typedef GP GroupParameters;
1117 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1121 O GetAlgorithmID()
const {
return GetGroupParameters().GetAlgorithmID();}
1127 {AccessGroupParameters().BERDecode(bt);
return true;}
1129 {GetGroupParameters().DEREncode(bt);
return true;}
1131 const GP & GetGroupParameters()
const {
return m_groupParameters;}
1132 GP & AccessGroupParameters() {
return m_groupParameters;}
1135 GP m_groupParameters;
1146 typedef typename GP::Element Element;
1148 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1155 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1157 const Integer &q = GetAbstractGroupParameters().GetSubgroupOrder();
1158 const Integer &x = GetPrivateExponent();
1160 pass = pass && x.IsPositive() && x < q;
1166 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1168 return GetValueHelper<DL_PrivateKey<Element> >(
this, name, valueType, pValue).Assignable();
1173 AssignFromHelper<DL_PrivateKey<Element> >(
this, source);
1179 this->AccessGroupParameters().GenerateRandom(rng, params);
1184 SetPrivateExponent(x);
1196 {GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);}
1203 const Integer & GetPrivateExponent()
const {
return m_x;}
1204 void SetPrivateExponent(
const Integer &x) {m_x = x;}
1217 template <
class BASE,
class SIGNATURE_SCHEME>
1221 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1227 BASE::GenerateRandom(rng, params);
1231 typename SIGNATURE_SCHEME::Signer signer(*
this);
1232 typename SIGNATURE_SCHEME::Verifier verifier(signer);
1233 SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
1243 typedef typename GP::Element Element;
1245 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1252 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1253 pass = pass && GetAbstractGroupParameters().ValidateElement(level, this->GetPublicElement(), &GetPublicPrecomputation());
1257 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1259 return GetValueHelper<DL_PublicKey<Element> >(
this, name, valueType, pValue).Assignable();
1264 AssignFromHelper<DL_PublicKey<Element> >(
this, source);
1272 AccessPublicPrecomputation().Precompute(GetAbstractGroupParameters().GetGroupPrecomputation(), GetAbstractGroupParameters().GetSubgroupOrder().BitCount(), precomputationStorage);
1278 AccessPublicPrecomputation().Load(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation);
1283 GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);
1284 GetPublicPrecomputation().Save(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation);
1297 {
return this->GetGroupParameters() == rhs.GetGroupParameters() && this->GetPublicElement() == rhs.GetPublicElement();}
1300 typename GP::BasePrecomputation m_ypc;
1308 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1316 CRYPTOPP_UNUSED(params); CRYPTOPP_UNUSED(publicKey); CRYPTOPP_UNUSED(r); CRYPTOPP_UNUSED(s);
1317 throw NotImplemented(
"DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery");
1333 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1338 virtual Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const =0;
1346 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1350 virtual bool ParameterSupported(
const char *name)
const
1351 {CRYPTOPP_UNUSED(name);
return false;}
1352 virtual void Derive(
const DL_GroupParameters<T> &groupParams,
byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs &derivationParams)
const =0;
1359 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1363 virtual bool ParameterSupported(
const char *name)
const
1364 {CRYPTOPP_UNUSED(name);
return false;}
1365 virtual size_t GetSymmetricKeyLength(
size_t plaintextLength)
const =0;
1366 virtual size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const =0;
1367 virtual size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const =0;
1368 virtual void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength,
byte *ciphertext,
const NameValuePairs ¶meters)
const =0;
1369 virtual DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength,
byte *plaintext,
const NameValuePairs ¶meters)
const =0;
1378 typedef KI KeyInterface;
1379 typedef typename KI::Element Element;
1381 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1388 virtual KeyInterface & AccessKeyInterface() =0;
1389 virtual const KeyInterface & GetKeyInterface()
const =0;
1397 template <
class INTERFACE,
class KEY_INTERFACE>
1401 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1410 return GetSignatureAlgorithm().RLen(this->GetAbstractGroupParameters())
1411 + GetSignatureAlgorithm().SLen(this->GetAbstractGroupParameters());
1417 {
return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());}
1434 {
return GetMessageEncodingInterface().AllowNonrecoverablePart();}
1439 {
return GetMessageEncodingInterface().RecoverablePartFirst();}
1442 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
1443 size_t MessageRepresentativeBitLength()
const {
return this->GetAbstractGroupParameters().GetSubgroupOrder().BitCount();}
1447 virtual HashIdentifier GetHashIdentifier()
const =0;
1448 virtual size_t GetDigestSize()
const =0;
1457 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1473 alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
1479 ma.m_recoverableMessage.
Assign(recoverableMessage, recoverableMessageLength);
1480 this->GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(),
1481 recoverableMessage, recoverableMessageLength,
1482 ma.m_presignature, ma.m_presignature.
size(),
1483 ma.m_semisignature);
1488 this->GetMaterial().DoQuickSanityCheck();
1495 SecByteBlock representative(this->MessageRepresentativeLength());
1496 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1498 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1499 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1500 representative, this->MessageRepresentativeBitLength());
1511 alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
1522 size_t rLen = alg.RLen(params);
1523 r.
Encode(signature, rLen);
1524 s.
Encode(signature+rLen, alg.SLen(params));
1527 RestartMessageAccumulator(rng, ma);
1546 CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(ma);
1555 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1561 CRYPTOPP_UNUSED(signature); CRYPTOPP_UNUSED(signatureLength);
1566 size_t rLen = alg.RLen(params);
1567 ma.m_semisignature.
Assign(signature, rLen);
1568 ma.m_s.
Decode(signature+rLen, alg.SLen(params));
1570 this->GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.
size());
1575 this->GetMaterial().DoQuickSanityCheck();
1582 SecByteBlock representative(this->MessageRepresentativeLength());
1583 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1584 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1585 representative, this->MessageRepresentativeBitLength());
1589 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1590 return alg.Verify(params, key, e, r, ma.m_s);
1595 this->GetMaterial().DoQuickSanityCheck();
1602 SecByteBlock representative(this->MessageRepresentativeLength());
1603 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1605 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1606 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1607 representative, this->MessageRepresentativeBitLength());
1612 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1613 alg.RecoverPresignature(params, key, r, ma.m_s).
Encode(ma.m_presignature, ma.m_presignature.
size());
1615 return this->GetMessageEncodingInterface().RecoverMessageFromSemisignature(
1616 ma.AccessHash(), this->GetHashIdentifier(),
1617 ma.m_presignature, ma.m_presignature.
size(),
1618 ma.m_semisignature, ma.m_semisignature.
size(),
1626 template <
class PK,
class KI>
1630 typedef typename DL_Base<KI>::Element Element;
1632 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1636 size_t MaxPlaintextLength(
size_t ciphertextLength)
const
1638 unsigned int minLen = this->GetAbstractGroupParameters().GetEncodedElementSize(
true);
1639 return ciphertextLength < minLen ? 0 : GetSymmetricEncryptionAlgorithm().GetMaxSymmetricPlaintextLength(ciphertextLength - minLen);
1642 size_t CiphertextLength(
size_t plaintextLength)
const
1644 size_t len = GetSymmetricEncryptionAlgorithm().GetSymmetricCiphertextLength(plaintextLength);
1645 return len == 0 ? 0 : this->GetAbstractGroupParameters().GetEncodedElementSize(
true) + len;
1648 bool ParameterSupported(
const char *name)
const
1649 {
return GetKeyDerivationAlgorithm().ParameterSupported(name) || GetSymmetricEncryptionAlgorithm().ParameterSupported(name);}
1665 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1673 CRYPTOPP_UNUSED(rng);
1682 ciphertext += elementSize;
1683 ciphertextLength -= elementSize;
1685 Element z = agreeAlg.AgreeWithStaticPrivateKey(params, q,
true, key.GetPrivateExponent());
1687 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength)));
1688 derivAlg.Derive(params, derivedKey, derivedKey.
size(), z, q, parameters);
1690 return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
1707 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1723 ciphertext += elementSize;
1725 Element z = agreeAlg.AgreeWithEphemeralPrivateKey(params, key.GetPublicPrecomputation(), x);
1727 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(plaintextLength));
1728 derivAlg.Derive(params, derivedKey, derivedKey.
size(), z, q, parameters);
1730 encAlg.SymmetricEncrypt(rng, derivedKey, plaintext, plaintextLength, ciphertext, parameters);
1737 template <
class T1,
class T2>
1740 typedef T1 AlgorithmInfo;
1741 typedef T2 GroupParameters;
1742 typedef typename GroupParameters::Element Element;
1748 template <
class T1,
class T2>
1752 typedef typename Keys::PrivateKey
PrivateKey;
1753 typedef typename Keys::PublicKey
PublicKey;
1762 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1765 typedef T3 SignatureAlgorithm;
1766 typedef T4 MessageEncodingMethod;
1767 typedef T5 HashFunction;
1776 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1780 typedef T4 KeyDerivationAlgorithm;
1781 typedef T5 SymmetricEncryptionAlgorithm;
1788 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1792 typedef SCHEME_OPTIONS SchemeOptions;
1793 typedef typename KEY::Element Element;
1795 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1799 PrivateKey & AccessPrivateKey() {
return m_key;}
1800 PublicKey & AccessPublicKey() {
return m_key;}
1803 const KEY & GetKey()
const {
return m_key;}
1804 KEY & AccessKey() {
return m_key;}
1807 typename BASE::KeyInterface & AccessKeyInterface() {
return m_key;}
1808 const typename BASE::KeyInterface & GetKeyInterface()
const {
return m_key;}
1811 HashIdentifier GetHashIdentifier()
const
1813 typedef typename SchemeOptions::MessageEncodingMethod::HashIdentifierLookup HashLookup;
1814 return HashLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction>::Lookup();
1816 size_t GetDigestSize()
const
1818 typedef CPP_TYPENAME SchemeOptions::HashFunction H;
1819 return H::DIGESTSIZE;
1830 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1834 typedef typename KEY::Element Element;
1836 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1849 HashIdentifier GetHashIdentifier()
const
1850 {
return HashIdentifier();}
1857 template <
class SCHEME_OPTIONS>
1864 this->RestartMessageAccumulator(rng, *p);
1871 template <
class SCHEME_OPTIONS>
1883 template <
class SCHEME_OPTIONS>
1890 template <
class SCHEME_OPTIONS>
1905 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1910 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
1911 unsigned int PrivateKeyLength()
const {
return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}
1912 unsigned int PublicKeyLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
true);}
1922 CRYPTOPP_UNUSED(rng);
1929 bool Agree(
byte *agreedValue,
const byte *privateKey,
const byte *otherPublicKey,
bool validateOtherPublicKey=
true)
const
1935 Element w = params.
DecodeElement(otherPublicKey, validateOtherPublicKey);
1937 Element z = GetKeyAgreementAlgorithm().AgreeWithStaticPrivateKey(
1938 GetAbstractGroupParameters(), w, validateOtherPublicKey, x);
1950 const Element &
GetGenerator()
const {
return GetAbstractGroupParameters().GetSubgroupGenerator();}
1979 template <
class ELEMENT,
class COFACTOR_OPTION>
1983 typedef ELEMENT Element;
1985 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1989 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName()
1998 Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const
2012 if (!validateOtherPublicKey)
2015 if (params.FastSubgroupCheckAvailable())
2037 template <
class BASE>
2044 {this->AccessKey().AssignFrom(key);}
2047 {this->AccessKey().BERDecode(bt);}
2050 {this->AccessKey().AssignFrom(algorithm.
GetMaterial());}
2053 {this->AccessKey().Initialize(v1);}
2055 #if (defined(_MSC_VER) && _MSC_VER < 1300)
2057 template <
class T1,
class T2>
2059 {this->AccessKey().Initialize(v1, v2);}
2061 template <
class T1,
class T2,
class T3>
2063 {this->AccessKey().Initialize(v1, v2, v3);}
2065 template <
class T1,
class T2,
class T3,
class T4>
2067 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2069 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2071 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2073 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2075 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2077 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2079 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2081 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2082 PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7, T8 &v8)
2083 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2087 template <
class T1,
class T2>
2089 {this->AccessKey().Initialize(v1, v2);}
2091 template <
class T1,
class T2,
class T3>
2093 {this->AccessKey().Initialize(v1, v2, v3);}
2095 template <
class T1,
class T2,
class T3,
class T4>
2097 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2099 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2100 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2101 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2103 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2104 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2105 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2107 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2108 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2109 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2111 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2112 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2113 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2115 template <
class T1,
class T2>
2117 {this->AccessKey().Initialize(v1, v2);}
2119 template <
class T1,
class T2,
class T3>
2121 {this->AccessKey().Initialize(v1, v2, v3);}
2123 template <
class T1,
class T2,
class T3,
class T4>
2125 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2127 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2128 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2129 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2131 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2132 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2133 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2135 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2136 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2137 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2139 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2140 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2141 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2160 template <
class STANDARD,
class KEYS,
class ALG_INFO>
2163 template <
class STANDARD,
class KEYS,
class ALG_INFO = TF_ES<STANDARD, KEYS,
int> >
2164 class TF_ES :
public KEYS
2166 typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod;
2173 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName();}
2187 template <
class STANDARD,
class H,
class KEYS,
class ALG_INFO>
2190 template <
class STANDARD,
class H,
class KEYS,
class ALG_INFO = TF_SS<STANDARD, H, KEYS,
int> >
2191 class TF_SS :
public KEYS
2196 typedef typename Standard::SignatureMessageEncodingMethod MessageEncodingMethod;
2199 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName() +
"(" + H::StaticAlgorithmName() +
")";}
2214 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO>
2217 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO = DL_SS<KEYS, SA, MEM, H,
int> >
2218 class DL_SS :
public KEYS
2223 static std::string StaticAlgorithmName() {
return SA::StaticAlgorithmName() + std::string(
"/EMSA1(") + H::StaticAlgorithmName() +
")";}
2237 template <
class KEYS,
class AA,
class DA,
class EA,
class ALG_INFO>
2251 #if CRYPTOPP_MSC_VERSION
2252 # pragma warning(pop)