34 #ifndef CRYPTOPP_PUBKEY_H
35 #define CRYPTOPP_PUBKEY_H
39 #if CRYPTOPP_MSC_VERSION
40 # pragma warning(push)
41 # pragma warning(disable: 4702)
55 #if defined(__SUNPRO_CC)
56 # define MAYBE_RETURN(x) return x
58 # define MAYBE_RETURN(x) CRYPTOPP_UNUSED(x)
80 virtual Integer PreimageBound()
const =0;
84 virtual Integer ImageBound()
const =0;
138 {CRYPTOPP_UNUSED(rng);
return ApplyFunction(x);}
191 {
return CalculateInverse(rng, x);}
213 virtual bool ParameterSupported(
const char *name)
const
214 {CRYPTOPP_UNUSED(name);
return false;}
217 virtual size_t MaxUnpaddedLength(
size_t paddedLength)
const =0;
229 template <
class TFI,
class MEI>
237 typedef TFI TrapdoorFunctionInterface;
238 virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const =0;
240 typedef MEI MessageEncodingInterface;
241 virtual const MessageEncodingInterface & GetMessageEncodingInterface()
const =0;
248 template <
class BASE>
254 size_t MaxPlaintextLength(
size_t ciphertextLength)
const
255 {
return ciphertextLength == FixedCiphertextLength() ? FixedMaxPlaintextLength() : 0;}
256 size_t CiphertextLength(
size_t plaintextLength)
const
257 {
return plaintextLength <= FixedMaxPlaintextLength() ? FixedCiphertextLength() : 0;}
259 virtual size_t FixedMaxPlaintextLength()
const =0;
260 virtual size_t FixedCiphertextLength()
const =0;
266 template <
class INTFACE,
class BASE>
272 bool ParameterSupported(
const char *name)
const {
return this->GetMessageEncodingInterface().ParameterSupported(name);}
273 size_t FixedMaxPlaintextLength()
const {
return this->GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());}
274 size_t FixedCiphertextLength()
const {
return this->GetTrapdoorFunctionBounds().MaxImage().ByteCount();}
277 size_t PaddedBlockByteLength()
const {
return BitsToBytes(PaddedBlockBitLength());}
279 size_t PaddedBlockBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().PreimageBound().BitCount(),1U);}
303 typedef std::pair<const byte *, unsigned int> HashIdentifier;
315 virtual size_t MinRepresentativeBitLength(
size_t hashIdentifierLength,
size_t digestLength)
const
316 {CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
317 virtual size_t MaxRecoverableLength(
size_t representativeBitLength,
size_t hashIdentifierLength,
size_t digestLength)
const
318 {CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
328 bool AllowNonrecoverablePart()
const
329 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
330 virtual bool RecoverablePartFirst()
const
331 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
334 virtual void ProcessSemisignature(
HashTransformation &hash,
const byte *semisignature,
size_t semisignatureLength)
const
335 {CRYPTOPP_UNUSED(hash); CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength);}
339 const byte *recoverableMessage,
size_t recoverableMessageLength,
340 const byte *presignature,
size_t presignatureLength,
343 CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(recoverableMessage); CRYPTOPP_UNUSED(recoverableMessageLength);
344 CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength); CRYPTOPP_UNUSED(semisignature);
345 if (RecoverablePartFirst())
350 const byte *recoverableMessage,
size_t recoverableMessageLength,
352 byte *representative,
size_t representativeBitLength)
const =0;
354 virtual bool VerifyMessageRepresentative(
356 byte *representative,
size_t representativeBitLength)
const =0;
360 byte *representative,
size_t representativeBitLength,
361 byte *recoveredMessage)
const
362 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(messageEmpty);
363 CRYPTOPP_UNUSED(representative); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(recoveredMessage);
364 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
368 const byte *presignature,
size_t presignatureLength,
369 const byte *semisignature,
size_t semisignatureLength,
370 byte *recoveredMessage)
const
371 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength);
372 CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength); CRYPTOPP_UNUSED(recoveredMessage);
373 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
380 static HashIdentifier CRYPTOPP_API Lookup()
382 return HashIdentifier(
static_cast<const byte *
>(NULLPTR), 0);
394 bool VerifyMessageRepresentative(
396 byte *representative,
size_t representativeBitLength)
const;
405 bool VerifyMessageRepresentative(
407 byte *representative,
size_t representativeBitLength)
const;
417 const byte *recoverableMessage,
size_t recoverableMessageLength,
419 byte *representative,
size_t representativeBitLength)
const;
429 const byte *recoverableMessage,
size_t recoverableMessageLength,
431 byte *representative,
size_t representativeBitLength)
const;
442 const byte *recoverableMessage,
size_t recoverableMessageLength,
444 byte *representative,
size_t representativeBitLength)
const;
458 void Update(
const byte *input,
size_t length)
460 AccessHash().Update(input, length);
461 m_empty = m_empty && length == 0;
464 SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature;
472 template <
class HASH_ALGORITHM>
482 template <
class INTFACE,
class BASE>
488 size_t SignatureLength()
const
489 {
return this->GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();}
490 size_t MaxRecoverableLength()
const
491 {
return this->GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());}
492 size_t MaxRecoverableLengthFromSignatureLength(
size_t signatureLength)
const
493 {CRYPTOPP_UNUSED(signatureLength);
return this->MaxRecoverableLength();}
495 bool IsProbabilistic()
const
496 {
return this->GetTrapdoorFunctionInterface().IsRandomized() || this->GetMessageEncodingInterface().IsProbabilistic();}
497 bool AllowNonrecoverablePart()
const
498 {
return this->GetMessageEncodingInterface().AllowNonrecoverablePart();}
499 bool RecoverablePartFirst()
const
500 {
return this->GetMessageEncodingInterface().RecoverablePartFirst();}
503 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
505 size_t MessageRepresentativeBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().ImageBound().BitCount(),1U);}
506 virtual HashIdentifier GetHashIdentifier()
const =0;
507 virtual size_t GetDigestSize()
const =0;
516 void InputRecoverableMessage(
PK_MessageAccumulator &messageAccumulator,
const byte *recoverableMessage,
size_t recoverableMessageLength)
const;
526 void InputSignature(
PK_MessageAccumulator &messageAccumulator,
const byte *signature,
size_t signatureLength)
const;
537 template <
class T1,
class T2,
class T3>
540 typedef T1 AlgorithmInfo;
543 typedef typename Keys::PublicKey
PublicKey;
544 typedef T3 MessageEncodingMethod;
552 template <
class T1,
class T2,
class T3,
class T4>
555 typedef T4 HashFunction;
562 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
566 typedef SCHEME_OPTIONS SchemeOptions;
567 typedef KEY_CLASS KeyClass;
571 PublicKey & AccessPublicKey() {
return AccessKey();}
572 const PublicKey & GetPublicKey()
const {
return GetKey();}
574 PrivateKey & AccessPrivateKey() {
return AccessKey();}
575 const PrivateKey & GetPrivateKey()
const {
return GetKey();}
577 virtual const KeyClass & GetKey()
const =0;
578 virtual KeyClass & AccessKey() =0;
580 const KeyClass & GetTrapdoorFunction()
const {
return GetKey();}
584 CRYPTOPP_UNUSED(rng);
593 const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface()
const
597 const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const
601 HashIdentifier GetHashIdentifier()
const
603 typedef typename SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::template HashIdentifierLookup2<typename SchemeOptions::HashFunction> L;
606 size_t GetDigestSize()
const
608 typedef typename SchemeOptions::HashFunction H;
609 return H::DIGESTSIZE;
618 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
625 void SetKeyPtr(
const KEY *pKey) {m_pKey = pKey;}
627 const KEY & GetKey()
const {
return *m_pKey;}
628 KEY & AccessKey() {
throw NotImplemented(
"TF_ObjectImplExtRef: cannot modify refererenced key");}
639 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
643 typedef KEY_CLASS KeyClass;
647 const KeyClass & GetKey()
const {
return m_trapdoorFunction;}
648 KeyClass & AccessKey() {
return m_trapdoorFunction;}
651 KeyClass m_trapdoorFunction;
656 template <
class SCHEME_OPTIONS>
663 template <
class SCHEME_OPTIONS>
670 template <
class SCHEME_OPTIONS>
677 template <
class SCHEME_OPTIONS>
697 virtual void GenerateAndMask(
HashTransformation &hash,
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
bool mask =
true)
const =0;
711 CRYPTOPP_DLL
void CRYPTOPP_API P1363_MGF1KDF2_Common(
HashTransformation &hash,
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength,
bool mask,
unsigned int counterStart);
717 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName() {
return "MGF1";}
720 P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, NULLPTR, 0, mask, 0);
732 static void CRYPTOPP_API DeriveKey(
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength)
735 P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, derivationParams, derivationParamsLength,
false, 1);
767 if (!GetBasePrecomputation().IsInitialized())
770 if (m_validationLevel > level)
773 bool pass = ValidateGroup(rng, level);
774 pass = pass && ValidateElement(level, GetSubgroupGenerator(), &GetBasePrecomputation());
776 m_validationLevel = pass ? level+1 : 0;
781 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
783 return GetValueHelper(
this, name, valueType, pValue)
784 CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupOrder)
785 CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupGenerator)
804 AccessBasePrecomputation().Precompute(GetGroupPrecomputation(), GetSubgroupOrder().BitCount(), precomputationStorage);
813 AccessBasePrecomputation().Load(GetGroupPrecomputation(), storedPrecomputation);
814 m_validationLevel = 0;
823 GetBasePrecomputation().Save(GetGroupPrecomputation(), storedPrecomputation);
829 virtual const Element &
GetSubgroupGenerator()
const {
return GetBasePrecomputation().GetBase(GetGroupPrecomputation());}
834 virtual void SetSubgroupGenerator(
const Element &base) {AccessBasePrecomputation().SetBase(GetGroupPrecomputation(), base);}
841 return GetBasePrecomputation().Exponentiate(GetGroupPrecomputation(), exponent);
852 SimultaneousExponentiate(&result, base, &exponent, 1);
870 virtual const Integer & GetSubgroupOrder()
const =0;
874 virtual Integer GetMaxExponent()
const =0;
892 virtual unsigned int GetEncodedElementSize(
bool reversible)
const =0;
900 virtual void EncodeElement(
bool reversible,
const Element &element,
byte *encoded)
const =0;
908 virtual Element DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const =0;
914 virtual Integer ConvertElementToInteger(
const Element &element)
const =0;
949 virtual bool FastSubgroupCheckAvailable()
const =0;
957 virtual bool IsIdentity(
const Element &element)
const =0;
969 virtual void SimultaneousExponentiate(Element *results,
const Element &base,
const Integer *exponents,
unsigned int exponentsCount)
const =0;
972 void ParametersChanged() {m_validationLevel = 0;}
975 mutable unsigned int m_validationLevel;
982 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<
typename GROUP_PRECOMP::Element>,
class BASE = DL_GroupParameters<
typename GROUP_PRECOMP::Element> >
986 typedef GROUP_PRECOMP GroupPrecomputation;
987 typedef typename GROUP_PRECOMP::Element Element;
988 typedef BASE_PRECOMP BasePrecomputation;
1005 GROUP_PRECOMP m_groupPrecomputation;
1047 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1050 CRYPTOPP_GET_FUNCTION_ENTRY(PublicElement);
1132 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1135 CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent);
1143 AssignFromHelper(
this, source)
1144 CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent);
1150 virtual const Integer & GetPrivateExponent()
const =0;
1154 virtual void SetPrivateExponent(
const Integer &x) =0;
1169 this->AccessAbstractGroupParameters().AssignFrom(source);
1170 AssignFromHelper(
this, source)
1171 CRYPTOPP_SET_FUNCTION_ENTRY(PublicElement);
1181 template <
class PK,
class GP,
class O = OID>
1185 typedef GP GroupParameters;
1189 O GetAlgorithmID()
const {
return GetGroupParameters().GetAlgorithmID();}
1191 {AccessGroupParameters().BERDecode(bt);
return true;}
1193 {GetGroupParameters().DEREncode(bt);
return true;}
1195 const GP & GetGroupParameters()
const {
return m_groupParameters;}
1196 GP & AccessGroupParameters() {
return m_groupParameters;}
1199 GP m_groupParameters;
1211 typedef typename GP::Element Element;
1218 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1220 const Integer &q = GetAbstractGroupParameters().GetSubgroupOrder();
1221 const Integer &x = GetPrivateExponent();
1223 pass = pass && x.IsPositive() && x < q;
1229 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1231 return GetValueHelper<DL_PrivateKey<Element> >(
this, name, valueType, pValue).Assignable();
1236 AssignFromHelper<DL_PrivateKey<Element> >(
this, source);
1242 this->AccessGroupParameters().GenerateRandom(rng, params);
1256 {GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);}
1263 const Integer & GetPrivateExponent()
const {
return m_x;}
1276 template <
class BASE,
class SIGNATURE_SCHEME>
1284 BASE::GenerateRandom(rng, params);
1288 typename SIGNATURE_SCHEME::Signer signer(*
this);
1289 typename SIGNATURE_SCHEME::Verifier verifier(signer);
1290 SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
1301 typedef typename GP::Element Element;
1308 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1309 pass = pass && GetAbstractGroupParameters().ValidateElement(level, this->
GetPublicElement(), &GetPublicPrecomputation());
1313 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const
1315 return GetValueHelper<DL_PublicKey<Element> >(
this, name, valueType, pValue).Assignable();
1320 AssignFromHelper<DL_PublicKey<Element> >(
this, source);
1328 AccessPublicPrecomputation().Precompute(GetAbstractGroupParameters().GetGroupPrecomputation(), GetAbstractGroupParameters().GetSubgroupOrder().BitCount(), precomputationStorage);
1339 GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);
1340 GetPublicPrecomputation().Save(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation);
1356 typename GP::BasePrecomputation m_ypc;
1395 CRYPTOPP_UNUSED(params); CRYPTOPP_UNUSED(publicKey); CRYPTOPP_UNUSED(r); CRYPTOPP_UNUSED(s);
1396 throw NotImplemented(
"DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery");
1442 virtual Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const =0;
1453 virtual bool ParameterSupported(
const char *name)
const
1454 {CRYPTOPP_UNUSED(name);
return false;}
1455 virtual void Derive(
const DL_GroupParameters<T> &groupParams,
byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs &derivationParams)
const =0;
1464 virtual bool ParameterSupported(
const char *name)
const
1465 {CRYPTOPP_UNUSED(name);
return false;}
1466 virtual size_t GetSymmetricKeyLength(
size_t plaintextLength)
const =0;
1467 virtual size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const =0;
1468 virtual size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const =0;
1469 virtual void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength,
byte *ciphertext,
const NameValuePairs ¶meters)
const =0;
1470 virtual DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength,
byte *plaintext,
const NameValuePairs ¶meters)
const =0;
1479 typedef KI KeyInterface;
1480 typedef typename KI::Element Element;
1487 virtual KeyInterface & AccessKeyInterface() =0;
1488 virtual const KeyInterface & GetKeyInterface()
const =0;
1496 template <
class INTFACE,
class KEY_INTFACE>
1507 return GetSignatureAlgorithm().RLen(this->GetAbstractGroupParameters())
1508 + GetSignatureAlgorithm().SLen(this->GetAbstractGroupParameters());
1514 {
return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());}
1531 {
return GetMessageEncodingInterface().AllowNonrecoverablePart();}
1536 {
return GetMessageEncodingInterface().RecoverablePartFirst();}
1539 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
1540 size_t MessageRepresentativeBitLength()
const {
return this->GetAbstractGroupParameters().GetSubgroupOrder().BitCount();}
1543 virtual bool IsDeterministic()
const {
return false;}
1547 virtual HashIdentifier GetHashIdentifier()
const =0;
1548 virtual size_t GetDigestSize()
const =0;
1577 ma.m_recoverableMessage.
Assign(recoverableMessage, recoverableMessageLength);
1578 this->GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(),
1579 recoverableMessage, recoverableMessageLength,
1580 ma.m_presignature, ma.m_presignature.
size(),
1581 ma.m_semisignature);
1586 this->GetMaterial().DoQuickSanityCheck();
1593 SecByteBlock representative(this->MessageRepresentativeLength());
1594 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1596 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1597 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1598 representative, this->MessageRepresentativeBitLength());
1623 if (ks.
BitCount() == q.BitCount()) {
1640 const size_t rLen = alg.
RLen(params);
1641 r.Encode(signature, rLen);
1645 RestartMessageAccumulator(rng, ma);
1664 CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(ma);
1678 CRYPTOPP_UNUSED(signature); CRYPTOPP_UNUSED(signatureLength);
1683 size_t rLen = alg.
RLen(params);
1684 ma.m_semisignature.
Assign(signature, rLen);
1685 ma.m_s.
Decode(signature+rLen, alg.
SLen(params));
1687 this->GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.
size());
1692 this->GetMaterial().DoQuickSanityCheck();
1699 SecByteBlock representative(this->MessageRepresentativeLength());
1700 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1701 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1702 representative, this->MessageRepresentativeBitLength());
1706 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1707 return alg.
Verify(params, key, e, r, ma.m_s);
1712 this->GetMaterial().DoQuickSanityCheck();
1719 SecByteBlock representative(this->MessageRepresentativeLength());
1720 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1722 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1723 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1724 representative, this->MessageRepresentativeBitLength());
1729 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1732 return this->GetMessageEncodingInterface().RecoverMessageFromSemisignature(
1733 ma.AccessHash(), this->GetHashIdentifier(),
1734 ma.m_presignature, ma.m_presignature.
size(),
1735 ma.m_semisignature, ma.m_semisignature.
size(),
1743 template <
class PK,
class KI>
1747 typedef typename DL_Base<KI>::Element Element;
1751 size_t MaxPlaintextLength(
size_t ciphertextLength)
const
1753 unsigned int minLen = this->GetAbstractGroupParameters().GetEncodedElementSize(
true);
1754 return ciphertextLength < minLen ? 0 : GetSymmetricEncryptionAlgorithm().GetMaxSymmetricPlaintextLength(ciphertextLength - minLen);
1757 size_t CiphertextLength(
size_t plaintextLength)
const
1759 size_t len = GetSymmetricEncryptionAlgorithm().GetSymmetricCiphertextLength(plaintextLength);
1760 return len == 0 ? 0 : this->GetAbstractGroupParameters().GetEncodedElementSize(
true) + len;
1763 bool ParameterSupported(
const char *name)
const
1764 {
return GetKeyDerivationAlgorithm().ParameterSupported(name) || GetSymmetricEncryptionAlgorithm().ParameterSupported(name);}
1786 CRYPTOPP_UNUSED(rng);
1795 ciphertext += elementSize;
1796 ciphertextLength -= elementSize;
1798 Element z = agreeAlg.AgreeWithStaticPrivateKey(params, q,
true, key.
GetPrivateExponent());
1800 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength)));
1801 derivAlg.Derive(params, derivedKey, derivedKey.
size(), z, q, parameters);
1803 return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
1834 ciphertext += elementSize;
1838 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(plaintextLength));
1839 derivAlg.Derive(params, derivedKey, derivedKey.
size(), z, q, parameters);
1841 encAlg.SymmetricEncrypt(rng, derivedKey, plaintext, plaintextLength, ciphertext, parameters);
1848 template <
class T1,
class T2>
1851 typedef T1 AlgorithmInfo;
1852 typedef T2 GroupParameters;
1853 typedef typename GroupParameters::Element Element;
1859 template <
class T1,
class T2>
1863 typedef typename Keys::PrivateKey
PrivateKey;
1864 typedef typename Keys::PublicKey
PublicKey;
1873 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1876 typedef T3 SignatureAlgorithm;
1877 typedef T4 MessageEncodingMethod;
1878 typedef T5 HashFunction;
1887 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1891 typedef T4 KeyDerivationAlgorithm;
1892 typedef T5 SymmetricEncryptionAlgorithm;
1899 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1903 typedef SCHEME_OPTIONS SchemeOptions;
1904 typedef typename KEY::Element Element;
1908 PrivateKey & AccessPrivateKey() {
return m_key;}
1909 PublicKey & AccessPublicKey() {
return m_key;}
1912 const KEY & GetKey()
const {
return m_key;}
1913 KEY & AccessKey() {
return m_key;}
1916 typename BASE::KeyInterface & AccessKeyInterface() {
return m_key;}
1917 const typename BASE::KeyInterface & GetKeyInterface()
const {
return m_key;}
1920 HashIdentifier GetHashIdentifier()
const
1922 typedef typename SchemeOptions::MessageEncodingMethod::HashIdentifierLookup HashLookup;
1923 return HashLookup::template HashIdentifierLookup2<typename SchemeOptions::HashFunction>::Lookup();
1925 size_t GetDigestSize()
const
1927 typedef typename SchemeOptions::HashFunction H;
1928 return H::DIGESTSIZE;
1939 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1943 typedef typename KEY::Element Element;
1956 HashIdentifier GetHashIdentifier()
const
1957 {
return HashIdentifier();}
1964 template <
class SCHEME_OPTIONS>
1971 this->RestartMessageAccumulator(rng, *p);
1978 template <
class SCHEME_OPTIONS>
1990 template <
class SCHEME_OPTIONS>
1997 template <
class SCHEME_OPTIONS>
2015 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
2016 unsigned int PrivateKeyLength()
const {
return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}
2017 unsigned int PublicKeyLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
true);}
2027 CRYPTOPP_UNUSED(rng);
2034 bool Agree(
byte *agreedValue,
const byte *privateKey,
const byte *otherPublicKey,
bool validateOtherPublicKey=
true)
const
2040 Element w = params.
DecodeElement(otherPublicKey, validateOtherPublicKey);
2042 Element z = GetKeyAgreementAlgorithm().AgreeWithStaticPrivateKey(
2043 GetAbstractGroupParameters(), w, validateOtherPublicKey, x);
2055 const Element &
GetGenerator()
const {
return GetAbstractGroupParameters().GetSubgroupGenerator();}
2084 template <
class ELEMENT,
class COFACTOR_OPTION>
2088 typedef ELEMENT Element;
2090 CRYPTOPP_STATIC_CONSTEXPR
const char* CRYPTOPP_API StaticAlgorithmName()
2101 Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const
2115 if (!validateOtherPublicKey)
2118 if (params.FastSubgroupCheckAvailable())
2140 template <
class BASE>
2147 {this->AccessKey().AssignFrom(key);}
2150 {this->AccessKey().BERDecode(bt);}
2153 {this->AccessKey().AssignFrom(algorithm.
GetMaterial());}
2156 {this->AccessKey().Initialize(v1);}
2158 template <
class T1,
class T2>
2160 {this->AccessKey().Initialize(v1, v2);}
2162 template <
class T1,
class T2,
class T3>
2164 {this->AccessKey().Initialize(v1, v2, v3);}
2166 template <
class T1,
class T2,
class T3,
class T4>
2168 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2170 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2171 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2172 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2174 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2175 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2176 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2178 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2179 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2180 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2182 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2183 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2184 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2186 template <
class T1,
class T2>
2188 {this->AccessKey().Initialize(v1, v2);}
2190 template <
class T1,
class T2,
class T3>
2192 {this->AccessKey().Initialize(v1, v2, v3);}
2194 template <
class T1,
class T2,
class T3,
class T4>
2196 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2198 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2199 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2200 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2202 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2203 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2204 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2206 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2207 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2208 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2210 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2211 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2212 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2229 template <
class KEYS,
class STANDARD,
class ALG_INFO>
2232 template <
class KEYS,
class STANDARD,
class ALG_INFO = TF_ES<KEYS, STANDARD,
int> >
2233 class TF_ES :
public KEYS
2235 typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod;
2242 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName();}
2255 template <
class KEYS,
class STANDARD,
class H,
class ALG_INFO>
2258 template <
class KEYS,
class STANDARD,
class H,
class ALG_INFO = TF_SS<KEYS, STANDARD, H,
int> >
2259 class TF_SS :
public KEYS
2267 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName() +
"(" + H::StaticAlgorithmName() +
")";}
2281 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO>
2284 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO = DL_SS<KEYS, SA, MEM, H,
int> >
2285 class DL_SS :
public KEYS
2290 static std::string StaticAlgorithmName() {
return SA::StaticAlgorithmName() + std::string(
"/EMSA1(") + H::StaticAlgorithmName() +
")";}
2304 template <
class KEYS,
class AA,
class DA,
class EA,
class ALG_INFO>
2318 #if CRYPTOPP_MSC_VERSION
2319 # pragma warning(pop)