34 #ifndef CRYPTOPP_PUBKEY_H 35 #define CRYPTOPP_PUBKEY_H 39 #if CRYPTOPP_MSC_VERSION 40 # pragma warning(push) 41 # pragma warning(disable: 4702) 73 virtual ~TrapdoorFunctionBounds() {}
78 virtual Integer PreimageBound()
const =0;
82 virtual Integer ImageBound()
const =0;
102 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 130 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 142 {CRYPTOPP_UNUSED(rng);
return ApplyFunction(x);}
197 {
return CalculateInverse(rng, x);}
220 virtual bool ParameterSupported(
const char *name)
const 221 {CRYPTOPP_UNUSED(name);
return false;}
224 virtual size_t MaxUnpaddedLength(
size_t paddedLength)
const =0;
237 template <
class TFI,
class MEI>
241 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 247 typedef TFI TrapdoorFunctionInterface;
248 virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const =0;
250 typedef MEI MessageEncodingInterface;
251 virtual const MessageEncodingInterface & GetMessageEncodingInterface()
const =0;
259 template <
class BASE>
263 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 267 size_t MaxPlaintextLength(
size_t ciphertextLength)
const 268 {
return ciphertextLength == FixedCiphertextLength() ? FixedMaxPlaintextLength() : 0;}
269 size_t CiphertextLength(
size_t plaintextLength)
const 270 {
return plaintextLength <= FixedMaxPlaintextLength() ? FixedCiphertextLength() : 0;}
272 virtual size_t FixedMaxPlaintextLength()
const =0;
273 virtual size_t FixedCiphertextLength()
const =0;
280 template <
class INTERFACE,
class BASE>
284 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 288 bool ParameterSupported(
const char *name)
const {
return this->GetMessageEncodingInterface().ParameterSupported(name);}
289 size_t FixedMaxPlaintextLength()
const {
return this->GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());}
290 size_t FixedCiphertextLength()
const {
return this->GetTrapdoorFunctionBounds().MaxImage().ByteCount();}
293 size_t PaddedBlockByteLength()
const {
return BitsToBytes(PaddedBlockBitLength());}
295 size_t PaddedBlockBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().PreimageBound().BitCount(),1U);}
303 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 315 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 324 typedef std::pair<const byte *, size_t> HashIdentifier;
337 virtual size_t MinRepresentativeBitLength(
size_t hashIdentifierLength,
size_t digestLength)
const 338 {CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
339 virtual size_t MaxRecoverableLength(
size_t representativeBitLength,
size_t hashIdentifierLength,
size_t digestLength)
const 340 {CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
342 bool IsProbabilistic()
const 344 bool AllowNonrecoverablePart()
const 345 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
346 virtual bool RecoverablePartFirst()
const 347 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
350 virtual void ProcessSemisignature(
HashTransformation &hash,
const byte *semisignature,
size_t semisignatureLength)
const 351 {CRYPTOPP_UNUSED(hash); CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength);}
355 const byte *recoverableMessage,
size_t recoverableMessageLength,
356 const byte *presignature,
size_t presignatureLength,
359 CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(recoverableMessage); CRYPTOPP_UNUSED(recoverableMessageLength);
360 CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength); CRYPTOPP_UNUSED(semisignature);
361 if (RecoverablePartFirst())
362 assert(!
"ProcessRecoverableMessage() not implemented");
366 const byte *recoverableMessage,
size_t recoverableMessageLength,
368 byte *representative,
size_t representativeBitLength)
const =0;
370 virtual bool VerifyMessageRepresentative(
372 byte *representative,
size_t representativeBitLength)
const =0;
376 byte *representative,
size_t representativeBitLength,
377 byte *recoveredMessage)
const 378 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(messageEmpty);
379 CRYPTOPP_UNUSED(representative); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(recoveredMessage);
380 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
384 const byte *presignature,
size_t presignatureLength,
385 const byte *semisignature,
size_t semisignatureLength,
386 byte *recoveredMessage)
const 387 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength);
388 CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength); CRYPTOPP_UNUSED(recoveredMessage);
389 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
396 static HashIdentifier CRYPTOPP_API Lookup()
398 return HashIdentifier((
const byte *)NULL, 0);
411 bool VerifyMessageRepresentative(
413 byte *representative,
size_t representativeBitLength)
const;
423 bool VerifyMessageRepresentative(
425 byte *representative,
size_t representativeBitLength)
const;
436 const byte *recoverableMessage,
size_t recoverableMessageLength,
438 byte *representative,
size_t representativeBitLength)
const;
449 const byte *recoverableMessage,
size_t recoverableMessageLength,
451 byte *representative,
size_t representativeBitLength)
const;
465 void Update(
const byte *input,
size_t length)
467 AccessHash().Update(input, length);
468 m_empty = m_empty && length == 0;
471 SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature;
480 template <
class HASH_ALGORITHM>
488 template <
class INTERFACE,
class BASE>
492 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 496 size_t SignatureLength()
const 497 {
return this->GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();}
498 size_t MaxRecoverableLength()
const 499 {
return this->GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());}
500 size_t MaxRecoverableLengthFromSignatureLength(
size_t signatureLength)
const 501 {CRYPTOPP_UNUSED(signatureLength);
return this->MaxRecoverableLength();}
503 bool IsProbabilistic()
const 504 {
return this->GetTrapdoorFunctionInterface().IsRandomized() || this->GetMessageEncodingInterface().IsProbabilistic();}
505 bool AllowNonrecoverablePart()
const 506 {
return this->GetMessageEncodingInterface().AllowNonrecoverablePart();}
507 bool RecoverablePartFirst()
const 508 {
return this->GetMessageEncodingInterface().RecoverablePartFirst();}
511 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
513 size_t MessageRepresentativeBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().ImageBound().BitCount(),1U);}
514 virtual HashIdentifier GetHashIdentifier()
const =0;
515 virtual size_t GetDigestSize()
const =0;
522 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 526 void InputRecoverableMessage(
PK_MessageAccumulator &messageAccumulator,
const byte *recoverableMessage,
size_t recoverableMessageLength)
const;
534 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 538 void InputSignature(
PK_MessageAccumulator &messageAccumulator,
const byte *signature,
size_t signatureLength)
const;
546 template <
class T1,
class T2,
class T3>
549 typedef T1 AlgorithmInfo;
552 typedef typename Keys::PublicKey
PublicKey;
553 typedef T3 MessageEncodingMethod;
557 template <
class T1,
class T2,
class T3,
class T4>
560 typedef T4 HashFunction;
564 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
568 typedef SCHEME_OPTIONS SchemeOptions;
569 typedef KEY_CLASS KeyClass;
571 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 575 PublicKey & AccessPublicKey() {
return AccessKey();}
576 const PublicKey & GetPublicKey()
const {
return GetKey();}
578 PrivateKey & AccessPrivateKey() {
return AccessKey();}
579 const PrivateKey & GetPrivateKey()
const {
return GetKey();}
581 virtual const KeyClass & GetKey()
const =0;
582 virtual KeyClass & AccessKey() =0;
584 const KeyClass & GetTrapdoorFunction()
const {
return GetKey();}
588 CRYPTOPP_UNUSED(rng);
597 const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface()
const 601 const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const 605 HashIdentifier GetHashIdentifier()
const 607 typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L;
610 size_t GetDigestSize()
const 612 typedef CPP_TYPENAME SchemeOptions::HashFunction H;
613 return H::DIGESTSIZE;
618 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
622 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 627 void SetKeyPtr(
const KEY *pKey) {m_pKey = pKey;}
629 const KEY & GetKey()
const {
return *m_pKey;}
630 KEY & AccessKey() {
throw NotImplemented(
"TF_ObjectImplExtRef: cannot modify refererenced key");}
637 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
641 typedef KEY_CLASS KeyClass;
643 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 647 const KeyClass & GetKey()
const {
return m_trapdoorFunction;}
648 KeyClass & AccessKey() {
return m_trapdoorFunction;}
651 KeyClass m_trapdoorFunction;
655 template <
class SCHEME_OPTIONS>
661 template <
class SCHEME_OPTIONS>
667 template <
class SCHEME_OPTIONS>
673 template <
class SCHEME_OPTIONS>
694 virtual void GenerateAndMask(
HashTransformation &hash, byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
bool mask =
true)
const =0;
708 CRYPTOPP_DLL
void CRYPTOPP_API P1363_MGF1KDF2_Common(
HashTransformation &hash, byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength,
bool mask,
unsigned int counterStart);
715 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName() {
return "MGF1";}
718 P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, NULL, 0, mask, 0);
731 static void CRYPTOPP_API DeriveKey(byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength)
734 P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, derivationParams, derivationParamsLength,
false, 1);
759 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 768 if (!GetBasePrecomputation().IsInitialized())
771 if (m_validationLevel > level)
774 bool pass = ValidateGroup(rng, level);
775 pass = pass && ValidateElement(level, GetSubgroupGenerator(), &GetBasePrecomputation());
777 m_validationLevel = pass ? level+1 : 0;
782 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 784 return GetValueHelper(
this, name, valueType, pValue)
794 AccessBasePrecomputation().Precompute(GetGroupPrecomputation(), GetSubgroupOrder().BitCount(), precomputationStorage);
799 AccessBasePrecomputation().Load(GetGroupPrecomputation(), storedPrecomputation);
800 m_validationLevel = 0;
805 GetBasePrecomputation().Save(GetGroupPrecomputation(), storedPrecomputation);
811 virtual const Element &
GetSubgroupGenerator()
const {
return GetBasePrecomputation().GetBase(GetGroupPrecomputation());}
816 virtual void SetSubgroupGenerator(
const Element &base) {AccessBasePrecomputation().SetBase(GetGroupPrecomputation(), base);}
823 return GetBasePrecomputation().Exponentiate(GetGroupPrecomputation(), exponent);
834 SimultaneousExponentiate(&result, base, &exponent, 1);
852 virtual const Integer & GetSubgroupOrder()
const =0;
856 virtual Integer GetMaxExponent()
const =0;
874 virtual unsigned int GetEncodedElementSize(
bool reversible)
const =0;
882 virtual void EncodeElement(
bool reversible,
const Element &element, byte *encoded)
const =0;
890 virtual Element DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const =0;
896 virtual Integer ConvertElementToInteger(
const Element &element)
const =0;
931 virtual bool FastSubgroupCheckAvailable()
const =0;
939 virtual bool IsIdentity(
const Element &element)
const =0;
951 virtual void SimultaneousExponentiate(Element *results,
const Element &base,
const Integer *exponents,
unsigned int exponentsCount)
const =0;
954 void ParametersChanged() {m_validationLevel = 0;}
957 mutable unsigned int m_validationLevel;
964 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element>,
class BASE = DL_GroupParameters<CPP_TYPENAME GROUP_PRECOMP::Element> >
968 typedef GROUP_PRECOMP GroupPrecomputation;
969 typedef typename GROUP_PRECOMP::Element Element;
970 typedef BASE_PRECOMP BasePrecomputation;
972 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 989 GROUP_PRECOMP m_groupPrecomputation;
1000 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1021 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1025 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 1027 return GetValueHelper(
this, name, valueType, pValue, &this->GetAbstractGroupParameters())
1034 virtual const Element & GetPublicElement()
const {
return GetPublicPrecomputation().GetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation());}
1035 virtual void SetPublicElement(
const Element &y) {AccessPublicPrecomputation().SetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation(), y);}
1036 virtual Element ExponentiatePublicElement(
const Integer &exponent)
const 1041 virtual Element CascadeExponentiateBaseAndPublicElement(
const Integer &baseExp,
const Integer &publicExp)
const 1060 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1067 pub.SetPublicElement(this->GetAbstractGroupParameters().ExponentiateBase(GetPrivateExponent()));
1070 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 1072 return GetValueHelper(
this, name, valueType, pValue, &this->GetAbstractGroupParameters())
1078 this->AccessAbstractGroupParameters().AssignFrom(source);
1079 AssignFromHelper(
this, source)
1083 virtual const Integer & GetPrivateExponent()
const =0;
1084 virtual void SetPrivateExponent(
const Integer &x) =0;
1092 pPrivateKey->MakePublicKey(*
this);
1095 this->AccessAbstractGroupParameters().AssignFrom(source);
1096 AssignFromHelper(
this, source)
1104 template <
class PK,
class GP,
class O = OID>
1108 typedef GP GroupParameters;
1110 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1114 O GetAlgorithmID()
const {
return GetGroupParameters().GetAlgorithmID();}
1120 {AccessGroupParameters().BERDecode(bt);
return true;}
1122 {GetGroupParameters().DEREncode(bt);
return true;}
1124 const GP & GetGroupParameters()
const {
return m_groupParameters;}
1125 GP & AccessGroupParameters() {
return m_groupParameters;}
1128 GP m_groupParameters;
1139 typedef typename GP::Element Element;
1141 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1148 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1150 const Integer &q = GetAbstractGroupParameters().GetSubgroupOrder();
1151 const Integer &x = GetPrivateExponent();
1159 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 1161 return GetValueHelper<DL_PrivateKey<Element> >(
this, name, valueType, pValue).Assignable();
1166 AssignFromHelper<DL_PrivateKey<Element> >(
this, source);
1172 this->AccessGroupParameters().GenerateRandom(rng, params);
1177 SetPrivateExponent(x);
1183 {AccessAbstractGroupParameters().Precompute(precomputationStorage);}
1186 {AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation);}
1189 {GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);}
1196 const Integer & GetPrivateExponent()
const {
return m_x;}
1197 void SetPrivateExponent(
const Integer &x) {m_x = x;}
1201 {m_x.BERDecode(bt);}
1203 {m_x.DEREncode(bt);}
1210 template <
class BASE,
class SIGNATURE_SCHEME>
1214 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1220 BASE::GenerateRandom(rng, params);
1224 typename SIGNATURE_SCHEME::Signer signer(*
this);
1225 typename SIGNATURE_SCHEME::Verifier verifier(signer);
1226 SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
1236 typedef typename GP::Element Element;
1238 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1245 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1246 pass = pass && GetAbstractGroupParameters().ValidateElement(level, this->GetPublicElement(), &GetPublicPrecomputation());
1250 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 1252 return GetValueHelper<DL_PublicKey<Element> >(
this, name, valueType, pValue).Assignable();
1257 AssignFromHelper<DL_PublicKey<Element> >(
this, source);
1264 AccessAbstractGroupParameters().Precompute(precomputationStorage);
1265 AccessPublicPrecomputation().Precompute(GetAbstractGroupParameters().GetGroupPrecomputation(), GetAbstractGroupParameters().GetSubgroupOrder().BitCount(), precomputationStorage);
1270 AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation);
1271 AccessPublicPrecomputation().Load(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation);
1276 GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);
1277 GetPublicPrecomputation().Save(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation);
1290 {
return this->GetGroupParameters() == rhs.GetGroupParameters() && this->GetPublicElement() == rhs.GetPublicElement();}
1293 typename GP::BasePrecomputation m_ypc;
1301 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1309 CRYPTOPP_UNUSED(params); CRYPTOPP_UNUSED(publicKey); CRYPTOPP_UNUSED(r); CRYPTOPP_UNUSED(s);
1310 throw NotImplemented(
"DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery");
1325 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1330 virtual Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const =0;
1338 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1342 virtual bool ParameterSupported(
const char *name)
const 1343 {CRYPTOPP_UNUSED(name);
return false;}
1344 virtual void Derive(
const DL_GroupParameters<T> &groupParams, byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs &derivationParams)
const =0;
1351 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1355 virtual bool ParameterSupported(
const char *name)
const 1356 {CRYPTOPP_UNUSED(name);
return false;}
1357 virtual size_t GetSymmetricKeyLength(
size_t plaintextLength)
const =0;
1358 virtual size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const =0;
1359 virtual size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const =0;
1360 virtual void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength, byte *ciphertext,
const NameValuePairs ¶meters)
const =0;
1361 virtual DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength, byte *plaintext,
const NameValuePairs ¶meters)
const =0;
1370 typedef KI KeyInterface;
1371 typedef typename KI::Element Element;
1373 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1380 virtual KeyInterface & AccessKeyInterface() =0;
1381 virtual const KeyInterface & GetKeyInterface()
const =0;
1389 template <
class INTERFACE,
class KEY_INTERFACE>
1393 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1402 return GetSignatureAlgorithm().RLen(this->GetAbstractGroupParameters())
1403 + GetSignatureAlgorithm().SLen(this->GetAbstractGroupParameters());
1409 {
return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());}
1416 {CRYPTOPP_UNUSED(signatureLength); assert(
false);
return 0;}
1426 {
return GetMessageEncodingInterface().AllowNonrecoverablePart();}
1431 {
return GetMessageEncodingInterface().RecoverablePartFirst();}
1434 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
1435 size_t MessageRepresentativeBitLength()
const {
return this->GetAbstractGroupParameters().GetSubgroupOrder().BitCount();}
1439 virtual HashIdentifier GetHashIdentifier()
const =0;
1440 virtual size_t GetDigestSize()
const =0;
1449 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1465 alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
1471 ma.m_recoverableMessage.
Assign(recoverableMessage, recoverableMessageLength);
1472 this->GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(),
1473 recoverableMessage, recoverableMessageLength,
1474 ma.m_presignature, ma.m_presignature.
size(),
1475 ma.m_semisignature);
1480 this->GetMaterial().DoQuickSanityCheck();
1487 SecByteBlock representative(this->MessageRepresentativeLength());
1488 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1490 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1491 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1492 representative, this->MessageRepresentativeBitLength());
1503 alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
1514 size_t rLen = alg.RLen(params);
1515 r.Encode(signature, rLen);
1516 s.Encode(signature+rLen, alg.SLen(params));
1519 RestartMessageAccumulator(rng, ma);
1521 return this->SignatureLength();
1538 CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(ma);
1547 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1553 CRYPTOPP_UNUSED(signature); CRYPTOPP_UNUSED(signatureLength);
1558 size_t rLen = alg.RLen(params);
1559 ma.m_semisignature.
Assign(signature, rLen);
1560 ma.m_s.
Decode(signature+rLen, alg.SLen(params));
1562 this->GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.
size());
1567 this->GetMaterial().DoQuickSanityCheck();
1574 SecByteBlock representative(this->MessageRepresentativeLength());
1575 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1576 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1577 representative, this->MessageRepresentativeBitLength());
1581 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1582 return alg.Verify(params, key, e, r, ma.m_s);
1587 this->GetMaterial().DoQuickSanityCheck();
1594 SecByteBlock representative(this->MessageRepresentativeLength());
1595 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1597 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1598 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1599 representative, this->MessageRepresentativeBitLength());
1604 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1605 alg.RecoverPresignature(params, key, r, ma.m_s).
Encode(ma.m_presignature, ma.m_presignature.
size());
1607 return this->GetMessageEncodingInterface().RecoverMessageFromSemisignature(
1608 ma.AccessHash(), this->GetHashIdentifier(),
1609 ma.m_presignature, ma.m_presignature.
size(),
1610 ma.m_semisignature, ma.m_semisignature.
size(),
1618 template <
class PK,
class KI>
1622 typedef typename DL_Base<KI>::Element Element;
1624 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1628 size_t MaxPlaintextLength(
size_t ciphertextLength)
const 1630 unsigned int minLen = this->GetAbstractGroupParameters().GetEncodedElementSize(
true);
1631 return ciphertextLength < minLen ? 0 : GetSymmetricEncryptionAlgorithm().GetMaxSymmetricPlaintextLength(ciphertextLength - minLen);
1634 size_t CiphertextLength(
size_t plaintextLength)
const 1636 size_t len = GetSymmetricEncryptionAlgorithm().GetSymmetricCiphertextLength(plaintextLength);
1637 return len == 0 ? 0 : this->GetAbstractGroupParameters().GetEncodedElementSize(
true) + len;
1640 bool ParameterSupported(
const char *name)
const 1641 {
return GetKeyDerivationAlgorithm().ParameterSupported(name) || GetSymmetricEncryptionAlgorithm().ParameterSupported(name);}
1657 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1665 CRYPTOPP_UNUSED(rng);
1674 ciphertext += elementSize;
1675 ciphertextLength -= elementSize;
1677 Element z = agreeAlg.AgreeWithStaticPrivateKey(params, q,
true, key.GetPrivateExponent());
1679 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength)));
1680 derivAlg.Derive(params, derivedKey, derivedKey.
size(), z, q, parameters);
1682 return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
1699 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1715 ciphertext += elementSize;
1717 Element z = agreeAlg.AgreeWithEphemeralPrivateKey(params, key.GetPublicPrecomputation(), x);
1719 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(plaintextLength));
1720 derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters);
1722 encAlg.SymmetricEncrypt(rng, derivedKey, plaintext, plaintextLength, ciphertext, parameters);
1729 template <
class T1,
class T2>
1732 typedef T1 AlgorithmInfo;
1733 typedef T2 GroupParameters;
1734 typedef typename GroupParameters::Element Element;
1740 template <
class T1,
class T2>
1744 typedef typename Keys::PrivateKey
PrivateKey;
1745 typedef typename Keys::PublicKey
PublicKey;
1754 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1757 typedef T3 SignatureAlgorithm;
1758 typedef T4 MessageEncodingMethod;
1759 typedef T5 HashFunction;
1768 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1772 typedef T4 KeyDerivationAlgorithm;
1773 typedef T5 SymmetricEncryptionAlgorithm;
1780 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1784 typedef SCHEME_OPTIONS SchemeOptions;
1785 typedef typename KEY::Element Element;
1787 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1791 PrivateKey & AccessPrivateKey() {
return m_key;}
1792 PublicKey & AccessPublicKey() {
return m_key;}
1795 const KEY & GetKey()
const {
return m_key;}
1796 KEY & AccessKey() {
return m_key;}
1799 typename BASE::KeyInterface & AccessKeyInterface() {
return m_key;}
1800 const typename BASE::KeyInterface & GetKeyInterface()
const {
return m_key;}
1803 HashIdentifier GetHashIdentifier()
const 1805 typedef typename SchemeOptions::MessageEncodingMethod::HashIdentifierLookup HashLookup;
1806 return HashLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction>::Lookup();
1808 size_t GetDigestSize()
const 1810 typedef CPP_TYPENAME SchemeOptions::HashFunction H;
1811 return H::DIGESTSIZE;
1822 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1826 typedef typename KEY::Element Element;
1828 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1841 HashIdentifier GetHashIdentifier()
const 1842 {
return HashIdentifier();}
1849 template <
class SCHEME_OPTIONS>
1856 this->RestartMessageAccumulator(rng, *p);
1863 template <
class SCHEME_OPTIONS>
1875 template <
class SCHEME_OPTIONS>
1882 template <
class SCHEME_OPTIONS>
1897 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1902 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
1903 unsigned int PrivateKeyLength()
const {
return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}
1904 unsigned int PublicKeyLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
true);}
1909 x.
Encode(privateKey, PrivateKeyLength());
1914 CRYPTOPP_UNUSED(rng);
1916 Integer x(privateKey, PrivateKeyLength());
1921 bool Agree(byte *agreedValue,
const byte *privateKey,
const byte *otherPublicKey,
bool validateOtherPublicKey=
true)
const 1926 Integer x(privateKey, PrivateKeyLength());
1927 Element w = params.
DecodeElement(otherPublicKey, validateOtherPublicKey);
1929 Element z = GetKeyAgreementAlgorithm().AgreeWithStaticPrivateKey(
1930 GetAbstractGroupParameters(), w, validateOtherPublicKey, x);
1942 const Element &
GetGenerator()
const {
return GetAbstractGroupParameters().GetSubgroupGenerator();}
1971 template <
class ELEMENT,
class COFACTOR_OPTION>
1975 typedef ELEMENT Element;
1977 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1981 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName()
1990 Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const 2004 if (!validateOtherPublicKey)
2007 if (params.FastSubgroupCheckAvailable())
2029 template <
class BASE>
2036 {this->AccessKey().AssignFrom(key);}
2039 {this->AccessKey().BERDecode(bt);}
2042 {this->AccessKey().AssignFrom(algorithm.
GetMaterial());}
2045 {this->AccessKey().Initialize(v1);}
2047 #if (defined(_MSC_VER) && _MSC_VER < 1300) 2049 template <
class T1,
class T2>
2051 {this->AccessKey().Initialize(v1, v2);}
2053 template <
class T1,
class T2,
class T3>
2055 {this->AccessKey().Initialize(v1, v2, v3);}
2057 template <
class T1,
class T2,
class T3,
class T4>
2059 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2061 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2063 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2065 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2067 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2069 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2071 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2073 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2074 PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7, T8 &v8)
2075 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2079 template <
class T1,
class T2>
2081 {this->AccessKey().Initialize(v1, v2);}
2083 template <
class T1,
class T2,
class T3>
2085 {this->AccessKey().Initialize(v1, v2, v3);}
2087 template <
class T1,
class T2,
class T3,
class T4>
2089 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2091 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2092 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2093 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2095 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2096 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2097 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2099 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2100 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2101 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2103 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2104 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2105 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2107 template <
class T1,
class T2>
2109 {this->AccessKey().Initialize(v1, v2);}
2111 template <
class T1,
class T2,
class T3>
2113 {this->AccessKey().Initialize(v1, v2, v3);}
2115 template <
class T1,
class T2,
class T3,
class T4>
2117 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2119 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2120 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2121 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2123 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2124 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2125 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2127 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2128 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2129 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2131 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2132 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2133 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2152 template <
class STANDARD,
class KEYS,
class ALG_INFO>
2155 template <
class STANDARD,
class KEYS,
class ALG_INFO = TF_ES<STANDARD, KEYS,
int> >
2156 class TF_ES :
public KEYS
2158 typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod;
2165 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName();}
2179 template <
class STANDARD,
class H,
class KEYS,
class ALG_INFO>
2182 template <
class STANDARD,
class H,
class KEYS,
class ALG_INFO = TF_SS<STANDARD, H, KEYS,
int> >
2183 class TF_SS :
public KEYS
2188 typedef typename Standard::SignatureMessageEncodingMethod MessageEncodingMethod;
2191 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName() +
"(" + H::StaticAlgorithmName() +
")";}
2206 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO>
2209 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO = DL_SS<KEYS, SA, MEM, H,
int> >
2210 class DL_SS :
public KEYS
2215 static std::string StaticAlgorithmName() {
return SA::StaticAlgorithmName() + std::string(
"/EMSA1(") + H::StaticAlgorithmName() +
")";}
2229 template <
class KEYS,
class AA,
class DA,
class EA,
class ALG_INFO>
2243 #if CRYPTOPP_MSC_VERSION 2244 # pragma warning(pop) Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const
Applies the trapdoor function.
Standard names for retrieving values by name when working with NameValuePairs.
virtual const CryptoMaterial & GetMaterial() const =0
Retrieves a reference to CryptoMaterial.
Discrete Log (DL) key options.
Applies the trapdoor function, using random data if required.
const Element & GetGenerator() const
Retrieves a reference to the group generator.
PK_FinalTemplate< DL_DecryptorImpl< SchemeOptions > > Decryptor
implements PK_Decryptor interface
size_t SignatureLength() const
Provides the signature length.
Interface for asymmetric algorithms.
virtual Integer GetCofactor() const
Retrieves the cofactor.
Interface for message encoding method for public key signature schemes.
Trapdoor Function (TF) encryption scheme.
const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const
Retrieves the group precomputation.
Restricts the instantiation of a class to one static object without locks.
Discrete Log (DL) signer implementation.
bool RecoverablePartFirst() const
Determines if the scheme allows recoverable part first.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
Input signature into a message accumulator.
void DEREncodePrivateKey(BufferedTransformation &bt) const
encode privateKey part of privateKeyInfo, without the OCTET STRING header
static Integer Gcd(const Integer &a, const Integer &n)
greatest common divisor
Encodes and decodesprivateKeyInfo.
void BERDecodePrivateKey(BufferedTransformation &bt, bool, size_t)
decode privateKey part of privateKeyInfo, without the OCTET STRING header
virtual void SetSubgroupGenerator(const Element &base)
Set the subgroup generator.
The base for trapdoor based cryptosystems.
Interface for Discrete Log (DL) group parameters.
Converts a typename to an enumerated value.
bool GetThisObject(T &object) const
Get a copy of this object or subobject.
Interface for message encoding method for public key signature schemes.
Abstract base classes that provide a uniform interface to this library.
const DL_GroupParameters< Element > & GetAbstractGroupParameters() const
Retrieves abstract group parameters.
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
void GenerateAndMask(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, bool mask=true) const
Generate and apply mask.
Message encoding method for public key encryption.
Interface for key derivation algorithms used in DL cryptosystems.
Classes for automatic resource management.
void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
Save precomputation for later use.
bool IsProbabilistic() const
Determines if the scheme is probabilistic.
Library configuration file.
Interface for Discrete Log (DL) private keys.
virtual Integer GetGroupOrder() const
Retrieves the order of the group.
Ring of congruence classes modulo n.
Interface for random number generators.
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
virtual Integer MaxPreimage() const
Returns the maximum size of a message before the trapdoor function is applied bound to a public key...
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Discrete Log (DL) base interface.
void New(size_type newSize)
Change size without preserving contents.
Trapdoor function cryptosystems decryption base class.
Discrete Log (DL) scheme options.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Discrete Log (DL) encryption scheme.
Discrete Log (DL) crypto scheme options.
void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate private key in this domain.
Classes for performing mathematics over different fields.
unsigned int AgreedValueLength() const
Provides the size of the agreed value.
void RawSign(const Integer &k, const Integer &e, Integer &r, Integer &s) const
Testing interface.
Provides range for plaintext and ciphertext lengths.
Interface for private keys.
virtual Element ExponentiateBase(const Integer &exponent) const
Retrieves the subgroup generator.
bool IsPositive() const
Determines if the Integer is positive.
bool SupportsPrecomputation() const
Determines whether the object supports precomputation.
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
static const Integer & One()
Integer representing 1.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
Interface for Discrete Log (DL) public keys.
Base class for public key signature standard classes.
const char * PrivateExponent()
Integer.
CryptoParameters & AccessCryptoParameters()
Retrieves a reference to Crypto Parameters.
Pointer that overloads operator ->
void Precompute(unsigned int precomputationStorage=16)
Perform precomputation.
PK_FinalTemplate< TF_VerifierImpl< SchemeOptions > > Verifier
implements PK_Verifier interface
Discrete Log (DL) signature scheme.
unsigned int ByteCount() const
Determines the number of bytes required to represent the Integer.
virtual bool IsRandomized() const
Determines if the encryption algorithm is randomized.
Base class for a Discrete Log (DL) key.
Interface for domains of simple key agreement protocols.
bool FIPS_140_2_ComplianceEnabled()
Determines whether the library provides FIPS validated cryptography.
Applies the inverse of the trapdoor function.
Returns a decoding results.
Uses encapsulation to hide an object in derived classes.
void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate a public key from a private key in this domain.
void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters=g_nullNameValuePairs) const
Encrypt a byte string.
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
P1363 mask generation function.
void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
Retrieve previously saved precomputation.
Cofactor multiplication compatible with ordinary Diffie-Hellman.
PK_FinalTemplate< TF_EncryptorImpl< SchemeOptions > > Encryptor
implements PK_Encryptor interface
A method was called which was not implemented.
bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
Check whether messageAccumulator contains a valid signature and message, and restart messageAccumulat...
bool AllowNonrecoverablePart() const
Determines if the scheme has non-recoverable part.
No cofactor multiplication applied.
Interface for Elgamal-like signature algorithms.
Discrete Log (DL) signature scheme signer base implementation.
Interface for message encoding method for public key signature schemes.
size_t MaxRecoverableLength() const
Provides the maximum recoverable length.
PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const
Create a new HashTransformation to accumulate the message to be signed.
virtual const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const =0
Retrieves the group precomputation.
bool IsRandomized() const
Determines if the encryption algorithm is randomized.
Interface for message encoding method for public key signature schemes.
virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const =0
Exponentiates a base to multiple exponents.
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
Base class for public key encryption standard classes.
virtual Integer MaxImage() const
Returns the maximum size of a message after the trapdoor function is applied bound to a public key...
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
Discrete Log (DL) object implementation.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
Retrieve previously saved precomputation.
Multiple precision integer with arithmetic operations.
STANDARD Standard
see SignatureStandard for a list of standards
Discrete Log (DL) verifier implementation.
void Precompute(unsigned int precomputationStorage=16)
Perform precomputation.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
Discrete Log (DL) signature scheme base implementation.
Discrete Log (DL) base object implementation.
Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const
Applies the inverse of the trapdoor function.
const NameValuePairs & g_nullNameValuePairs
An empty set of name-value pairs.
const char * SubgroupGenerator()
Integer, ECP::Point, or EC2N::Point.
Applies the trapdoor function.
virtual bool CanIncorporateEntropy() const
Determines if a generator can accept additional entropy.
bool IsRandomized() const
Determines if the decryption algorithm is randomized.
unsigned int PublicKeyLength() const
Provides the size of the public key.
Discrete Log (DL) cryptosystem base implementation.
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.
void Precompute(unsigned int precomputationStorage=16)
Perform precomputation.
Mask generation function interface.
bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const
Derive agreed value.
PK_FinalTemplate< DL_EncryptorImpl< SchemeOptions > > Encryptor
implements PK_Encryptor interface
Public key trapdoor function default implementation.
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Exception thrown when an invalid group element is encountered.
RandomNumberGenerator & NullRNG()
Random Number Generator that does not produce random numbers.
virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation< Element > *precomp) const =0
Check the element for errors.
DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters=g_nullNameValuePairs) const
Decrypt a byte string.
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Implementation of BufferedTransformation's attachment interface.
DL_GroupParameters< Element > & AccessAbstractGroupParameters()
Retrieves abstract group parameters.
Interface for accumulating messages to be signed or verified.
Interface for key agreement algorithms.
Discrete Log (DL) encryptor base implementation.
Classes for precomputation in a group.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
PK_FinalTemplate< DL_SignerImpl< SchemeOptions > > Signer
implements PK_Signer interface
virtual const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const =0
Retrieves the group precomputation.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Classes and functions for the FIPS 140-2 validated library.
STANDARD Standard
see EncryptionStandard for a list of standards
Interface for crypto material, such as public and private keys, and crypto parameters.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
CofactorMultiplicationOption
Methods for avoiding "Small-Subgroup" attacks on Diffie-Hellman Key Agreement.
unsigned int PrivateKeyLength() const
Provides the size of the private key.
PK_FinalTemplate< TF_SignerImpl< SchemeOptions > > Signer
implements PK_Signer interface
DL_GroupParameters< Element > & AccessAbstractGroupParameters()
Retrieves abstract group parameters.
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element's size.
void Decode(const byte *input, size_t inputLen, Signedness sign=UNSIGNED)
Decode from big-endian byte array.
Discrete Log (DL) encryptor implementation.
bool SupportsPrecomputation() const
Determines whether the object supports precomputation.
Multiple precision integer with arithmetic operations.
Cofactor multiplication incompatible with ordinary Diffie-Hellman.
Interface for crypto prameters.
bool GetThisPointer(T *&ptr) const
Get a pointer to this object.
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.
Discrete Log (DL) decryptor implementation.
void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const
Input a recoverable message to an accumulator.
size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
Sign and restart messageAccumulator.
PK_FinalTemplate< TF_DecryptorImpl< SchemeOptions > > Decryptor
implements PK_Decryptor interface
Class file for performing modular arithmetic.
Interface for public keys.
Crypto++ library namespace.
PK_MessageAccumulator * NewVerificationAccumulator() const
Create a new HashTransformation to accumulate the message to be verified.
Applies the inverse of the trapdoor function, using random data if required.
Interface for symmetric encryption algorithms used in DL cryptosystems.
Base implmentation of Discrete Log (DL) group parameters.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
virtual bool IsRandomized() const
Determines if the decryption algorithm is randomized.
Encodes and decodes subjectPublicKeyInfo.
Trapdoor function cryptosystem base class.
virtual DL_GroupParameters< T > & AccessAbstractGroupParameters()=0
Retrieves abstract group parameters.
void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
Retrieve previously saved precomputation.
bool SupportsPrecomputation() const
Determines whether the object supports precomputation.
PK_FinalTemplate< DL_VerifierImpl< SchemeOptions > > Verifier
implements PK_Verifier interface
Discrete Log (DL) signature scheme options.
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
Interface for message encoding method for public key signature schemes.
const char * SubgroupOrder()
Integer.
Discrete Log (DL) decryptor base implementation.
Interface for message encoding method for public key signature schemes.
const char * PublicElement()
Integer.
Interface for DL key agreement algorithms.
size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const
Provides the maximum recoverable length.
DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const
Recover a message from its signature.
size_type size() const
Provides the count of elements in the SecBlock.
Discrete Log (DL) simple key agreement base implementation.
virtual bool IsIdentity(const Element &element) const =0
Determines if an element is an identity.
virtual void IncorporateEntropy(const byte *input, size_t length)
Update RNG state with additional unpredictable values.
void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
Save precomputation for later use.
void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
Save precomputation for later use.
Interface for message encoding method for public key signature schemes.
const DL_GroupParameters< Element > & GetAbstractGroupParameters() const
Retrieves abstract group parameters.
Interface for retrieving values given their names.
Template implementing constructors for public key algorithm classes.
Trapdoor Function (TF) Signature Scheme.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.
Base class for identifying alogorithm.