34 #ifndef CRYPTOPP_PUBKEY_H
35 #define CRYPTOPP_PUBKEY_H
39 #if CRYPTOPP_MSC_VERSION
40 # pragma warning(push)
41 # pragma warning(disable: 4702)
78 virtual Integer PreimageBound()
const =0;
82 virtual Integer ImageBound()
const =0;
102 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
130 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
142 {CRYPTOPP_UNUSED(rng);
return ApplyFunction(x);}
197 {
return CalculateInverse(rng, x);}
220 virtual bool ParameterSupported(
const char *name)
const
221 {CRYPTOPP_UNUSED(name);
return false;}
224 virtual size_t MaxUnpaddedLength(
size_t paddedLength)
const =0;
237 template <
class TFI,
class MEI>
241 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
247 typedef TFI TrapdoorFunctionInterface;
248 virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const =0;
250 typedef MEI MessageEncodingInterface;
251 virtual const MessageEncodingInterface & GetMessageEncodingInterface()
const =0;
259 template <
class BASE>
263 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
267 size_t MaxPlaintextLength(
size_t ciphertextLength)
const
268 {
return ciphertextLength == FixedCiphertextLength() ? FixedMaxPlaintextLength() : 0;}
269 size_t CiphertextLength(
size_t plaintextLength)
const
270 {
return plaintextLength <= FixedMaxPlaintextLength() ? FixedCiphertextLength() : 0;}
272 virtual size_t FixedMaxPlaintextLength()
const =0;
273 virtual size_t FixedCiphertextLength()
const =0;
280 template <
class INTERFACE,
class BASE>
284 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
288 bool ParameterSupported(
const char *name)
const {
return this->GetMessageEncodingInterface().ParameterSupported(name);}
289 size_t FixedMaxPlaintextLength()
const {
return this->GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());}
290 size_t FixedCiphertextLength()
const {
return this->GetTrapdoorFunctionBounds().MaxImage().ByteCount();}
293 size_t PaddedBlockByteLength()
const {
return BitsToBytes(PaddedBlockBitLength());}
295 size_t PaddedBlockBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().PreimageBound().BitCount(),1U);}
303 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
315 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
324 typedef std::pair<const byte *, size_t> HashIdentifier;
337 virtual size_t MinRepresentativeBitLength(
size_t hashIdentifierLength,
size_t digestLength)
const
338 {CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
339 virtual size_t MaxRecoverableLength(
size_t representativeBitLength,
size_t hashIdentifierLength,
size_t digestLength)
const
340 {CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
342 bool IsProbabilistic()
const
344 bool AllowNonrecoverablePart()
const
345 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
346 virtual bool RecoverablePartFirst()
const
347 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
350 virtual void ProcessSemisignature(
HashTransformation &hash,
const byte *semisignature,
size_t semisignatureLength)
const
351 {CRYPTOPP_UNUSED(hash); CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength);}
355 const byte *recoverableMessage,
size_t recoverableMessageLength,
356 const byte *presignature,
size_t presignatureLength,
359 CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(recoverableMessage); CRYPTOPP_UNUSED(recoverableMessageLength);
360 CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength); CRYPTOPP_UNUSED(semisignature);
361 if (RecoverablePartFirst())
362 assert(!
"ProcessRecoverableMessage() not implemented");
366 const byte *recoverableMessage,
size_t recoverableMessageLength,
368 byte *representative,
size_t representativeBitLength)
const =0;
370 virtual bool VerifyMessageRepresentative(
372 byte *representative,
size_t representativeBitLength)
const =0;
376 byte *representative,
size_t representativeBitLength,
377 byte *recoveredMessage)
const
378 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(messageEmpty);
379 CRYPTOPP_UNUSED(representative); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(recoveredMessage);
380 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
384 const byte *presignature,
size_t presignatureLength,
385 const byte *semisignature,
size_t semisignatureLength,
386 byte *recoveredMessage)
const
387 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength);
388 CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength); CRYPTOPP_UNUSED(recoveredMessage);
389 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
396 static HashIdentifier CRYPTOPP_API Lookup()
398 return HashIdentifier((
const byte *)NULL, 0);
411 bool VerifyMessageRepresentative(
413 byte *representative,
size_t representativeBitLength)
const;
423 bool VerifyMessageRepresentative(
425 byte *representative,
size_t representativeBitLength)
const;
436 const byte *recoverableMessage,
size_t recoverableMessageLength,
438 byte *representative,
size_t representativeBitLength)
const;
449 const byte *recoverableMessage,
size_t recoverableMessageLength,
451 byte *representative,
size_t representativeBitLength)
const;
465 void Update(
const byte *input,
size_t length)
467 AccessHash().Update(input, length);
468 m_empty = m_empty && length == 0;
471 SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature;
480 template <
class HASH_ALGORITHM>
488 template <
class INTERFACE,
class BASE>
492 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
496 size_t SignatureLength()
const
497 {
return this->GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();}
498 size_t MaxRecoverableLength()
const
499 {
return this->GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());}
500 size_t MaxRecoverableLengthFromSignatureLength(
size_t signatureLength)
const
501 {CRYPTOPP_UNUSED(signatureLength);
return this->MaxRecoverableLength();}
503 bool IsProbabilistic()
const
504 {
return this->GetTrapdoorFunctionInterface().IsRandomized() || this->GetMessageEncodingInterface().IsProbabilistic();}
505 bool AllowNonrecoverablePart()
const
506 {
return this->GetMessageEncodingInterface().AllowNonrecoverablePart();}
507 bool RecoverablePartFirst()
const
508 {
return this->GetMessageEncodingInterface().RecoverablePartFirst();}
511 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
513 size_t MessageRepresentativeBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().ImageBound().BitCount(),1U);}
514 virtual HashIdentifier GetHashIdentifier()
const =0;
515 virtual size_t GetDigestSize()
const =0;
522 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
526 void InputRecoverableMessage(
PK_MessageAccumulator &messageAccumulator,
const byte *recoverableMessage,
size_t recoverableMessageLength)
const;
534 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
538 void InputSignature(
PK_MessageAccumulator &messageAccumulator,
const byte *signature,
size_t signatureLength)
const;
546 template <
class T1,
class T2,
class T3>
549 typedef T1 AlgorithmInfo;
552 typedef typename Keys::PublicKey
PublicKey;
553 typedef T3 MessageEncodingMethod;
557 template <
class T1,
class T2,
class T3,
class T4>
560 typedef T4 HashFunction;
564 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
568 typedef SCHEME_OPTIONS SchemeOptions;
569 typedef KEY_CLASS KeyClass;
571 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
575 PublicKey & AccessPublicKey() {
return AccessKey();}
576 const PublicKey & GetPublicKey()
const {
return GetKey();}
578 PrivateKey & AccessPrivateKey() {
return AccessKey();}
579 const PrivateKey & GetPrivateKey()
const {
return GetKey();}
581 virtual const KeyClass & GetKey()
const =0;
582 virtual KeyClass & AccessKey() =0;
584 const KeyClass & GetTrapdoorFunction()
const {
return GetKey();}
588 CRYPTOPP_UNUSED(rng);
597 const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface()
const
601 const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const
605 HashIdentifier GetHashIdentifier()
const
607 typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L;
610 size_t GetDigestSize()
const
612 typedef CPP_TYPENAME SchemeOptions::HashFunction H;
613 return H::DIGESTSIZE;
618 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
622 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
627 void SetKeyPtr(
const KEY *pKey) {m_pKey = pKey;}
629 const KEY & GetKey()
const {
return *m_pKey;}
630 KEY & AccessKey() {
throw NotImplemented(
"TF_ObjectImplExtRef: cannot modify refererenced key");}
637 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
641 typedef KEY_CLASS KeyClass;
643 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
647 const KeyClass & GetKey()
const {
return m_trapdoorFunction;}
648 KeyClass & AccessKey() {
return m_trapdoorFunction;}
651 KeyClass m_trapdoorFunction;
655 template <
class SCHEME_OPTIONS>
661 template <
class SCHEME_OPTIONS>
667 template <
class SCHEME_OPTIONS>
673 template <
class SCHEME_OPTIONS>
694 virtual void GenerateAndMask(
HashTransformation &hash,
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
bool mask =
true)
const =0;
708 CRYPTOPP_DLL
void CRYPTOPP_API P1363_MGF1KDF2_Common(
HashTransformation &hash,
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength,
bool mask,
unsigned int counterStart);
715 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName() {
return "MGF1";}
718 P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, NULL, 0, mask, 0);
731 static void CRYPTOPP_API DeriveKey(
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength)
734 P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, derivationParams, derivationParamsLength,
false, 1);
759 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
768 if (!GetBasePrecomputation().IsInitialized())
771 if (m_validationLevel > level)
774 bool pass = ValidateGroup(rng, level);
775 pass = pass && ValidateElement(level, GetSubgroupGenerator(), &GetBasePrecomputation());
777 m_validationLevel = pass ? level+1 : 0;
782 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
784 return GetValueHelper(
this, name, valueType, pValue)
785 CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupOrder)
786 CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupGenerator)
794 AccessBasePrecomputation().Precompute(GetGroupPrecomputation(), GetSubgroupOrder().BitCount(), precomputationStorage);
799 AccessBasePrecomputation().Load(GetGroupPrecomputation(), storedPrecomputation);
800 m_validationLevel = 0;
805 GetBasePrecomputation().Save(GetGroupPrecomputation(), storedPrecomputation);
811 virtual const Element &
GetSubgroupGenerator()
const {
return GetBasePrecomputation().GetBase(GetGroupPrecomputation());}
816 virtual void SetSubgroupGenerator(
const Element &base) {AccessBasePrecomputation().SetBase(GetGroupPrecomputation(), base);}
823 return GetBasePrecomputation().Exponentiate(GetGroupPrecomputation(), exponent);
834 SimultaneousExponentiate(&result, base, &exponent, 1);
852 virtual const Integer & GetSubgroupOrder()
const =0;
856 virtual Integer GetMaxExponent()
const =0;
874 virtual unsigned int GetEncodedElementSize(
bool reversible)
const =0;
882 virtual void EncodeElement(
bool reversible,
const Element &element,
byte *encoded)
const =0;
890 virtual Element DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const =0;
896 virtual Integer ConvertElementToInteger(
const Element &element)
const =0;
931 virtual bool FastSubgroupCheckAvailable()
const =0;
939 virtual bool IsIdentity(
const Element &element)
const =0;
951 virtual void SimultaneousExponentiate(Element *results,
const Element &base,
const Integer *exponents,
unsigned int exponentsCount)
const =0;
954 void ParametersChanged() {m_validationLevel = 0;}
957 mutable unsigned int m_validationLevel;
964 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element>,
class BASE = DL_GroupParameters<CPP_TYPENAME GROUP_PRECOMP::Element> >
968 typedef GROUP_PRECOMP GroupPrecomputation;
969 typedef typename GROUP_PRECOMP::Element Element;
970 typedef BASE_PRECOMP BasePrecomputation;
972 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
989 GROUP_PRECOMP m_groupPrecomputation;
1000 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1021 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1025 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1028 CRYPTOPP_GET_FUNCTION_ENTRY(PublicElement);
1034 virtual const Element & GetPublicElement()
const {
return GetPublicPrecomputation().GetBase(this->
GetAbstractGroupParameters().GetGroupPrecomputation());}
1035 virtual void SetPublicElement(
const Element &y) {AccessPublicPrecomputation().SetBase(this->
GetAbstractGroupParameters().GetGroupPrecomputation(), y);}
1036 virtual Element ExponentiatePublicElement(
const Integer &exponent)
const
1041 virtual Element CascadeExponentiateBaseAndPublicElement(
const Integer &baseExp,
const Integer &publicExp)
const
1060 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1070 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1073 CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent);
1079 AssignFromHelper(
this, source)
1080 CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent);
1083 virtual const Integer & GetPrivateExponent()
const =0;
1084 virtual void SetPrivateExponent(
const Integer &x) =0;
1092 pPrivateKey->MakePublicKey(*
this);
1095 this->AccessAbstractGroupParameters().AssignFrom(source);
1096 AssignFromHelper(
this, source)
1097 CRYPTOPP_SET_FUNCTION_ENTRY(PublicElement);
1104 template <
class PK,
class GP,
class O = OID>
1108 typedef GP GroupParameters;
1110 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1114 O GetAlgorithmID()
const {
return GetGroupParameters().GetAlgorithmID();}
1120 {AccessGroupParameters().BERDecode(bt);
return true;}
1122 {GetGroupParameters().DEREncode(bt);
return true;}
1124 const GP & GetGroupParameters()
const {
return m_groupParameters;}
1125 GP & AccessGroupParameters() {
return m_groupParameters;}
1128 GP m_groupParameters;
1139 typedef typename GP::Element Element;
1141 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1148 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1150 const Integer &q = GetAbstractGroupParameters().GetSubgroupOrder();
1151 const Integer &x = GetPrivateExponent();
1153 pass = pass && x.IsPositive() && x < q;
1159 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1161 return GetValueHelper<DL_PrivateKey<Element> >(
this, name, valueType, pValue).Assignable();
1166 AssignFromHelper<DL_PrivateKey<Element> >(
this, source);
1172 this->AccessGroupParameters().GenerateRandom(rng, params);
1177 SetPrivateExponent(x);
1189 {GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);}
1196 const Integer & GetPrivateExponent()
const {
return m_x;}
1197 void SetPrivateExponent(
const Integer &x) {m_x = x;}
1210 template <
class BASE,
class SIGNATURE_SCHEME>
1214 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1220 BASE::GenerateRandom(rng, params);
1224 typename SIGNATURE_SCHEME::Signer signer(*
this);
1225 typename SIGNATURE_SCHEME::Verifier verifier(signer);
1226 SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
1236 typedef typename GP::Element Element;
1238 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1245 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1246 pass = pass && GetAbstractGroupParameters().ValidateElement(level, this->GetPublicElement(), &GetPublicPrecomputation());
1250 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1252 return GetValueHelper<DL_PublicKey<Element> >(
this, name, valueType, pValue).Assignable();
1257 AssignFromHelper<DL_PublicKey<Element> >(
this, source);
1265 AccessPublicPrecomputation().Precompute(GetAbstractGroupParameters().GetGroupPrecomputation(), GetAbstractGroupParameters().GetSubgroupOrder().BitCount(), precomputationStorage);
1271 AccessPublicPrecomputation().Load(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation);
1276 GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);
1277 GetPublicPrecomputation().Save(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation);
1290 {
return this->GetGroupParameters() == rhs.GetGroupParameters() && this->GetPublicElement() == rhs.GetPublicElement();}
1293 typename GP::BasePrecomputation m_ypc;
1301 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1309 CRYPTOPP_UNUSED(params); CRYPTOPP_UNUSED(publicKey); CRYPTOPP_UNUSED(r); CRYPTOPP_UNUSED(s);
1310 throw NotImplemented(
"DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery");
1325 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1330 virtual Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const =0;
1338 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1342 virtual bool ParameterSupported(
const char *name)
const
1343 {CRYPTOPP_UNUSED(name);
return false;}
1344 virtual void Derive(
const DL_GroupParameters<T> &groupParams,
byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs &derivationParams)
const =0;
1351 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1355 virtual bool ParameterSupported(
const char *name)
const
1356 {CRYPTOPP_UNUSED(name);
return false;}
1357 virtual size_t GetSymmetricKeyLength(
size_t plaintextLength)
const =0;
1358 virtual size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const =0;
1359 virtual size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const =0;
1360 virtual void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength,
byte *ciphertext,
const NameValuePairs ¶meters)
const =0;
1361 virtual DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength,
byte *plaintext,
const NameValuePairs ¶meters)
const =0;
1370 typedef KI KeyInterface;
1371 typedef typename KI::Element Element;
1373 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1380 virtual KeyInterface & AccessKeyInterface() =0;
1381 virtual const KeyInterface & GetKeyInterface()
const =0;
1389 template <
class INTERFACE,
class KEY_INTERFACE>
1393 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1402 return GetSignatureAlgorithm().RLen(this->GetAbstractGroupParameters())
1403 + GetSignatureAlgorithm().SLen(this->GetAbstractGroupParameters());
1409 {
return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());}
1416 {CRYPTOPP_UNUSED(signatureLength); assert(
false);
return 0;}
1426 {
return GetMessageEncodingInterface().AllowNonrecoverablePart();}
1431 {
return GetMessageEncodingInterface().RecoverablePartFirst();}
1434 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
1435 size_t MessageRepresentativeBitLength()
const {
return this->GetAbstractGroupParameters().GetSubgroupOrder().BitCount();}
1439 virtual HashIdentifier GetHashIdentifier()
const =0;
1440 virtual size_t GetDigestSize()
const =0;
1449 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1465 alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
1471 ma.m_recoverableMessage.
Assign(recoverableMessage, recoverableMessageLength);
1472 this->GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(),
1473 recoverableMessage, recoverableMessageLength,
1474 ma.m_presignature, ma.m_presignature.
size(),
1475 ma.m_semisignature);
1480 this->GetMaterial().DoQuickSanityCheck();
1487 SecByteBlock representative(this->MessageRepresentativeLength());
1488 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1490 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1491 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1492 representative, this->MessageRepresentativeBitLength());
1507 if (ks.
BitCount() == q.BitCount()) {
1513 alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
1524 size_t rLen = alg.RLen(params);
1525 r.
Encode(signature, rLen);
1526 s.
Encode(signature+rLen, alg.SLen(params));
1529 RestartMessageAccumulator(rng, ma);
1548 CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(ma);
1557 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1563 CRYPTOPP_UNUSED(signature); CRYPTOPP_UNUSED(signatureLength);
1568 size_t rLen = alg.RLen(params);
1569 ma.m_semisignature.
Assign(signature, rLen);
1570 ma.m_s.
Decode(signature+rLen, alg.SLen(params));
1572 this->GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.
size());
1577 this->GetMaterial().DoQuickSanityCheck();
1584 SecByteBlock representative(this->MessageRepresentativeLength());
1585 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1586 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1587 representative, this->MessageRepresentativeBitLength());
1591 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1592 return alg.Verify(params, key, e, r, ma.m_s);
1597 this->GetMaterial().DoQuickSanityCheck();
1604 SecByteBlock representative(this->MessageRepresentativeLength());
1605 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1607 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1608 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1609 representative, this->MessageRepresentativeBitLength());
1614 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1615 alg.RecoverPresignature(params, key, r, ma.m_s).
Encode(ma.m_presignature, ma.m_presignature.
size());
1617 return this->GetMessageEncodingInterface().RecoverMessageFromSemisignature(
1618 ma.AccessHash(), this->GetHashIdentifier(),
1619 ma.m_presignature, ma.m_presignature.
size(),
1620 ma.m_semisignature, ma.m_semisignature.
size(),
1628 template <
class PK,
class KI>
1632 typedef typename DL_Base<KI>::Element Element;
1634 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1638 size_t MaxPlaintextLength(
size_t ciphertextLength)
const
1640 unsigned int minLen = this->GetAbstractGroupParameters().GetEncodedElementSize(
true);
1641 return ciphertextLength < minLen ? 0 : GetSymmetricEncryptionAlgorithm().GetMaxSymmetricPlaintextLength(ciphertextLength - minLen);
1644 size_t CiphertextLength(
size_t plaintextLength)
const
1646 size_t len = GetSymmetricEncryptionAlgorithm().GetSymmetricCiphertextLength(plaintextLength);
1647 return len == 0 ? 0 : this->GetAbstractGroupParameters().GetEncodedElementSize(
true) + len;
1650 bool ParameterSupported(
const char *name)
const
1651 {
return GetKeyDerivationAlgorithm().ParameterSupported(name) || GetSymmetricEncryptionAlgorithm().ParameterSupported(name);}
1667 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1675 CRYPTOPP_UNUSED(rng);
1684 ciphertext += elementSize;
1685 ciphertextLength -= elementSize;
1687 Element z = agreeAlg.AgreeWithStaticPrivateKey(params, q,
true, key.GetPrivateExponent());
1689 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength)));
1690 derivAlg.Derive(params, derivedKey, derivedKey.
size(), z, q, parameters);
1692 return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
1709 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1725 ciphertext += elementSize;
1727 Element z = agreeAlg.AgreeWithEphemeralPrivateKey(params, key.GetPublicPrecomputation(), x);
1729 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(plaintextLength));
1730 derivAlg.Derive(params, derivedKey, derivedKey.
size(), z, q, parameters);
1732 encAlg.SymmetricEncrypt(rng, derivedKey, plaintext, plaintextLength, ciphertext, parameters);
1739 template <
class T1,
class T2>
1742 typedef T1 AlgorithmInfo;
1743 typedef T2 GroupParameters;
1744 typedef typename GroupParameters::Element Element;
1750 template <
class T1,
class T2>
1754 typedef typename Keys::PrivateKey
PrivateKey;
1755 typedef typename Keys::PublicKey
PublicKey;
1764 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1767 typedef T3 SignatureAlgorithm;
1768 typedef T4 MessageEncodingMethod;
1769 typedef T5 HashFunction;
1778 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1782 typedef T4 KeyDerivationAlgorithm;
1783 typedef T5 SymmetricEncryptionAlgorithm;
1790 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1794 typedef SCHEME_OPTIONS SchemeOptions;
1795 typedef typename KEY::Element Element;
1797 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1801 PrivateKey & AccessPrivateKey() {
return m_key;}
1802 PublicKey & AccessPublicKey() {
return m_key;}
1805 const KEY & GetKey()
const {
return m_key;}
1806 KEY & AccessKey() {
return m_key;}
1809 typename BASE::KeyInterface & AccessKeyInterface() {
return m_key;}
1810 const typename BASE::KeyInterface & GetKeyInterface()
const {
return m_key;}
1813 HashIdentifier GetHashIdentifier()
const
1815 typedef typename SchemeOptions::MessageEncodingMethod::HashIdentifierLookup HashLookup;
1816 return HashLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction>::Lookup();
1818 size_t GetDigestSize()
const
1820 typedef CPP_TYPENAME SchemeOptions::HashFunction H;
1821 return H::DIGESTSIZE;
1832 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1836 typedef typename KEY::Element Element;
1838 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1851 HashIdentifier GetHashIdentifier()
const
1852 {
return HashIdentifier();}
1859 template <
class SCHEME_OPTIONS>
1866 this->RestartMessageAccumulator(rng, *p);
1873 template <
class SCHEME_OPTIONS>
1885 template <
class SCHEME_OPTIONS>
1892 template <
class SCHEME_OPTIONS>
1907 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1912 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
1913 unsigned int PrivateKeyLength()
const {
return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}
1914 unsigned int PublicKeyLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
true);}
1924 CRYPTOPP_UNUSED(rng);
1931 bool Agree(
byte *agreedValue,
const byte *privateKey,
const byte *otherPublicKey,
bool validateOtherPublicKey=
true)
const
1937 Element w = params.
DecodeElement(otherPublicKey, validateOtherPublicKey);
1939 Element z = GetKeyAgreementAlgorithm().AgreeWithStaticPrivateKey(
1940 GetAbstractGroupParameters(), w, validateOtherPublicKey, x);
1952 const Element &
GetGenerator()
const {
return GetAbstractGroupParameters().GetSubgroupGenerator();}
1981 template <
class ELEMENT,
class COFACTOR_OPTION>
1985 typedef ELEMENT Element;
1987 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
1991 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName()
2000 Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const
2014 if (!validateOtherPublicKey)
2017 if (params.FastSubgroupCheckAvailable())
2039 template <
class BASE>
2046 {this->AccessKey().AssignFrom(key);}
2049 {this->AccessKey().BERDecode(bt);}
2052 {this->AccessKey().AssignFrom(algorithm.
GetMaterial());}
2055 {this->AccessKey().Initialize(v1);}
2057 #if (defined(_MSC_VER) && _MSC_VER < 1300)
2059 template <
class T1,
class T2>
2061 {this->AccessKey().Initialize(v1, v2);}
2063 template <
class T1,
class T2,
class T3>
2065 {this->AccessKey().Initialize(v1, v2, v3);}
2067 template <
class T1,
class T2,
class T3,
class T4>
2069 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2071 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2073 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2075 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2077 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2079 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2081 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2083 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2084 PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7, T8 &v8)
2085 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2089 template <
class T1,
class T2>
2091 {this->AccessKey().Initialize(v1, v2);}
2093 template <
class T1,
class T2,
class T3>
2095 {this->AccessKey().Initialize(v1, v2, v3);}
2097 template <
class T1,
class T2,
class T3,
class T4>
2099 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2101 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2102 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2103 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2105 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2106 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2107 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2109 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2110 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2111 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2113 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2114 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2115 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2117 template <
class T1,
class T2>
2119 {this->AccessKey().Initialize(v1, v2);}
2121 template <
class T1,
class T2,
class T3>
2123 {this->AccessKey().Initialize(v1, v2, v3);}
2125 template <
class T1,
class T2,
class T3,
class T4>
2127 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2129 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2130 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2131 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2133 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2134 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2135 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2137 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2138 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2139 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2141 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2142 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2143 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2162 template <
class STANDARD,
class KEYS,
class ALG_INFO>
2165 template <
class STANDARD,
class KEYS,
class ALG_INFO = TF_ES<STANDARD, KEYS,
int> >
2166 class TF_ES :
public KEYS
2168 typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod;
2175 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName();}
2189 template <
class STANDARD,
class H,
class KEYS,
class ALG_INFO>
2192 template <
class STANDARD,
class H,
class KEYS,
class ALG_INFO = TF_SS<STANDARD, H, KEYS,
int> >
2193 class TF_SS :
public KEYS
2198 typedef typename Standard::SignatureMessageEncodingMethod MessageEncodingMethod;
2201 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName() +
"(" + H::StaticAlgorithmName() +
")";}
2216 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO>
2219 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO = DL_SS<KEYS, SA, MEM, H,
int> >
2220 class DL_SS :
public KEYS
2225 static std::string StaticAlgorithmName() {
return SA::StaticAlgorithmName() + std::string(
"/EMSA1(") + H::StaticAlgorithmName() +
")";}
2239 template <
class KEYS,
class AA,
class DA,
class EA,
class ALG_INFO>
2253 #if CRYPTOPP_MSC_VERSION
2254 # pragma warning(pop)