34 #ifndef CRYPTOPP_PUBKEY_H 35 #define CRYPTOPP_PUBKEY_H 39 #if CRYPTOPP_MSC_VERSION 40 # pragma warning(push) 41 # pragma warning(disable: 4702) 58 #if defined(__SUNPRO_CC) 59 # define MAYBE_RETURN(x) return x 61 # define MAYBE_RETURN(x) CRYPTOPP_UNUSED(x) 79 virtual ~TrapdoorFunctionBounds() {}
84 virtual Integer PreimageBound()
const =0;
88 virtual Integer ImageBound()
const =0;
108 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 136 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 148 {CRYPTOPP_UNUSED(rng);
return ApplyFunction(x);}
203 {
return CalculateInverse(rng, x);}
226 virtual bool ParameterSupported(
const char *name)
const 227 {CRYPTOPP_UNUSED(name);
return false;}
230 virtual size_t MaxUnpaddedLength(
size_t paddedLength)
const =0;
243 template <
class TFI,
class MEI>
247 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 253 typedef TFI TrapdoorFunctionInterface;
254 virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const =0;
256 typedef MEI MessageEncodingInterface;
257 virtual const MessageEncodingInterface & GetMessageEncodingInterface()
const =0;
265 template <
class BASE>
269 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 273 size_t MaxPlaintextLength(
size_t ciphertextLength)
const 274 {
return ciphertextLength == FixedCiphertextLength() ? FixedMaxPlaintextLength() : 0;}
275 size_t CiphertextLength(
size_t plaintextLength)
const 276 {
return plaintextLength <= FixedMaxPlaintextLength() ? FixedCiphertextLength() : 0;}
278 virtual size_t FixedMaxPlaintextLength()
const =0;
279 virtual size_t FixedCiphertextLength()
const =0;
286 template <
class INTERFACE,
class BASE>
290 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 294 bool ParameterSupported(
const char *name)
const {
return this->GetMessageEncodingInterface().ParameterSupported(name);}
295 size_t FixedMaxPlaintextLength()
const {
return this->GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());}
296 size_t FixedCiphertextLength()
const {
return this->GetTrapdoorFunctionBounds().MaxImage().ByteCount();}
299 size_t PaddedBlockByteLength()
const {
return BitsToBytes(PaddedBlockBitLength());}
301 size_t PaddedBlockBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().PreimageBound().BitCount(),1U);}
309 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 321 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 331 typedef std::pair<const byte *, unsigned int> HashIdentifier;
344 virtual size_t MinRepresentativeBitLength(
size_t hashIdentifierLength,
size_t digestLength)
const 345 {CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
346 virtual size_t MaxRecoverableLength(
size_t representativeBitLength,
size_t hashIdentifierLength,
size_t digestLength)
const 347 {CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength);
return 0;}
349 bool IsProbabilistic()
const 351 bool AllowNonrecoverablePart()
const 352 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
353 virtual bool RecoverablePartFirst()
const 354 {
throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
357 virtual void ProcessSemisignature(
HashTransformation &hash,
const byte *semisignature,
size_t semisignatureLength)
const 358 {CRYPTOPP_UNUSED(hash); CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength);}
362 const byte *recoverableMessage,
size_t recoverableMessageLength,
363 const byte *presignature,
size_t presignatureLength,
366 CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(recoverableMessage); CRYPTOPP_UNUSED(recoverableMessageLength);
367 CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength); CRYPTOPP_UNUSED(semisignature);
368 if (RecoverablePartFirst())
373 const byte *recoverableMessage,
size_t recoverableMessageLength,
375 byte *representative,
size_t representativeBitLength)
const =0;
377 virtual bool VerifyMessageRepresentative(
379 byte *representative,
size_t representativeBitLength)
const =0;
383 byte *representative,
size_t representativeBitLength,
384 byte *recoveredMessage)
const 385 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(messageEmpty);
386 CRYPTOPP_UNUSED(representative); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(recoveredMessage);
387 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
391 const byte *presignature,
size_t presignatureLength,
392 const byte *semisignature,
size_t semisignatureLength,
393 byte *recoveredMessage)
const 394 {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength);
395 CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength); CRYPTOPP_UNUSED(recoveredMessage);
396 throw NotImplemented(
"PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
403 static HashIdentifier CRYPTOPP_API Lookup()
405 return HashIdentifier((
const byte *)NULL, 0);
418 bool VerifyMessageRepresentative(
420 byte *representative,
size_t representativeBitLength)
const;
430 bool VerifyMessageRepresentative(
432 byte *representative,
size_t representativeBitLength)
const;
443 const byte *recoverableMessage,
size_t recoverableMessageLength,
445 byte *representative,
size_t representativeBitLength)
const;
456 const byte *recoverableMessage,
size_t recoverableMessageLength,
458 byte *representative,
size_t representativeBitLength)
const;
472 void Update(
const byte *input,
size_t length)
474 AccessHash().Update(input, length);
475 m_empty = m_empty && length == 0;
478 SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature;
487 template <
class HASH_ALGORITHM>
495 template <
class INTERFACE,
class BASE>
499 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 503 size_t SignatureLength()
const 504 {
return this->GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();}
505 size_t MaxRecoverableLength()
const 506 {
return this->GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());}
507 size_t MaxRecoverableLengthFromSignatureLength(
size_t signatureLength)
const 508 {CRYPTOPP_UNUSED(signatureLength);
return this->MaxRecoverableLength();}
510 bool IsProbabilistic()
const 511 {
return this->GetTrapdoorFunctionInterface().IsRandomized() || this->GetMessageEncodingInterface().IsProbabilistic();}
512 bool AllowNonrecoverablePart()
const 513 {
return this->GetMessageEncodingInterface().AllowNonrecoverablePart();}
514 bool RecoverablePartFirst()
const 515 {
return this->GetMessageEncodingInterface().RecoverablePartFirst();}
518 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
520 size_t MessageRepresentativeBitLength()
const {
return SaturatingSubtract(this->GetTrapdoorFunctionBounds().ImageBound().BitCount(),1U);}
521 virtual HashIdentifier GetHashIdentifier()
const =0;
522 virtual size_t GetDigestSize()
const =0;
529 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 533 void InputRecoverableMessage(
PK_MessageAccumulator &messageAccumulator,
const byte *recoverableMessage,
size_t recoverableMessageLength)
const;
541 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 545 void InputSignature(
PK_MessageAccumulator &messageAccumulator,
const byte *signature,
size_t signatureLength)
const;
553 template <
class T1,
class T2,
class T3>
556 typedef T1 AlgorithmInfo;
559 typedef typename Keys::PublicKey
PublicKey;
560 typedef T3 MessageEncodingMethod;
564 template <
class T1,
class T2,
class T3,
class T4>
567 typedef T4 HashFunction;
571 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
575 typedef SCHEME_OPTIONS SchemeOptions;
576 typedef KEY_CLASS KeyClass;
578 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 582 PublicKey & AccessPublicKey() {
return AccessKey();}
583 const PublicKey & GetPublicKey()
const {
return GetKey();}
585 PrivateKey & AccessPrivateKey() {
return AccessKey();}
586 const PrivateKey & GetPrivateKey()
const {
return GetKey();}
588 virtual const KeyClass & GetKey()
const =0;
589 virtual KeyClass & AccessKey() =0;
591 const KeyClass & GetTrapdoorFunction()
const {
return GetKey();}
595 CRYPTOPP_UNUSED(rng);
604 const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface()
const 608 const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface()
const 612 HashIdentifier GetHashIdentifier()
const 614 typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L;
617 size_t GetDigestSize()
const 619 typedef CPP_TYPENAME SchemeOptions::HashFunction H;
620 return H::DIGESTSIZE;
625 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
629 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 634 void SetKeyPtr(
const KEY *pKey) {m_pKey = pKey;}
636 const KEY & GetKey()
const {
return *m_pKey;}
637 KEY & AccessKey() {
throw NotImplemented(
"TF_ObjectImplExtRef: cannot modify refererenced key");}
644 template <
class BASE,
class SCHEME_OPTIONS,
class KEY_CLASS>
648 typedef KEY_CLASS KeyClass;
650 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 654 const KeyClass & GetKey()
const {
return m_trapdoorFunction;}
655 KeyClass & AccessKey() {
return m_trapdoorFunction;}
658 KeyClass m_trapdoorFunction;
662 template <
class SCHEME_OPTIONS>
668 template <
class SCHEME_OPTIONS>
674 template <
class SCHEME_OPTIONS>
680 template <
class SCHEME_OPTIONS>
701 virtual void GenerateAndMask(
HashTransformation &hash, byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
bool mask =
true)
const =0;
715 CRYPTOPP_DLL
void CRYPTOPP_API P1363_MGF1KDF2_Common(
HashTransformation &hash, byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength,
bool mask,
unsigned int counterStart);
722 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName() {
return "MGF1";}
725 P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, NULL, 0, mask, 0);
738 static void CRYPTOPP_API DeriveKey(byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength)
741 P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, derivationParams, derivationParamsLength,
false, 1);
766 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 775 if (!GetBasePrecomputation().IsInitialized())
778 if (m_validationLevel > level)
781 bool pass = ValidateGroup(rng, level);
782 pass = pass && ValidateElement(level, GetSubgroupGenerator(), &GetBasePrecomputation());
784 m_validationLevel = pass ? level+1 : 0;
789 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 791 return GetValueHelper(
this, name, valueType, pValue)
801 AccessBasePrecomputation().Precompute(GetGroupPrecomputation(), GetSubgroupOrder().BitCount(), precomputationStorage);
806 AccessBasePrecomputation().Load(GetGroupPrecomputation(), storedPrecomputation);
807 m_validationLevel = 0;
812 GetBasePrecomputation().Save(GetGroupPrecomputation(), storedPrecomputation);
818 virtual const Element &
GetSubgroupGenerator()
const {
return GetBasePrecomputation().GetBase(GetGroupPrecomputation());}
823 virtual void SetSubgroupGenerator(
const Element &base) {AccessBasePrecomputation().SetBase(GetGroupPrecomputation(), base);}
830 return GetBasePrecomputation().Exponentiate(GetGroupPrecomputation(), exponent);
841 SimultaneousExponentiate(&result, base, &exponent, 1);
859 virtual const Integer & GetSubgroupOrder()
const =0;
863 virtual Integer GetMaxExponent()
const =0;
881 virtual unsigned int GetEncodedElementSize(
bool reversible)
const =0;
889 virtual void EncodeElement(
bool reversible,
const Element &element, byte *encoded)
const =0;
897 virtual Element DecodeElement(
const byte *encoded,
bool checkForGroupMembership)
const =0;
903 virtual Integer ConvertElementToInteger(
const Element &element)
const =0;
938 virtual bool FastSubgroupCheckAvailable()
const =0;
946 virtual bool IsIdentity(
const Element &element)
const =0;
958 virtual void SimultaneousExponentiate(Element *results,
const Element &base,
const Integer *exponents,
unsigned int exponentsCount)
const =0;
961 void ParametersChanged() {m_validationLevel = 0;}
964 mutable unsigned int m_validationLevel;
971 template <
class GROUP_PRECOMP,
class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element>,
class BASE = DL_GroupParameters<CPP_TYPENAME GROUP_PRECOMP::Element> >
975 typedef GROUP_PRECOMP GroupPrecomputation;
976 typedef typename GROUP_PRECOMP::Element Element;
977 typedef BASE_PRECOMP BasePrecomputation;
979 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 996 GROUP_PRECOMP m_groupPrecomputation;
1007 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1028 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1032 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 1034 return GetValueHelper(
this, name, valueType, pValue, &this->GetAbstractGroupParameters())
1041 virtual const Element & GetPublicElement()
const {
return GetPublicPrecomputation().GetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation());}
1042 virtual void SetPublicElement(
const Element &y) {AccessPublicPrecomputation().SetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation(), y);}
1043 virtual Element ExponentiatePublicElement(
const Integer &exponent)
const 1048 virtual Element CascadeExponentiateBaseAndPublicElement(
const Integer &baseExp,
const Integer &publicExp)
const 1067 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1074 pub.SetPublicElement(this->GetAbstractGroupParameters().ExponentiateBase(GetPrivateExponent()));
1077 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 1079 return GetValueHelper(
this, name, valueType, pValue, &this->GetAbstractGroupParameters())
1085 this->AccessAbstractGroupParameters().AssignFrom(source);
1086 AssignFromHelper(
this, source)
1090 virtual const Integer & GetPrivateExponent()
const =0;
1091 virtual void SetPrivateExponent(
const Integer &x) =0;
1099 pPrivateKey->MakePublicKey(*
this);
1102 this->AccessAbstractGroupParameters().AssignFrom(source);
1103 AssignFromHelper(
this, source)
1111 template <
class PK,
class GP,
class O = OID>
1115 typedef GP GroupParameters;
1117 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1121 O GetAlgorithmID()
const {
return GetGroupParameters().GetAlgorithmID();}
1127 {AccessGroupParameters().BERDecode(bt);
return true;}
1129 {GetGroupParameters().DEREncode(bt);
return true;}
1131 const GP & GetGroupParameters()
const {
return m_groupParameters;}
1132 GP & AccessGroupParameters() {
return m_groupParameters;}
1135 GP m_groupParameters;
1146 typedef typename GP::Element Element;
1148 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1155 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1157 const Integer &q = GetAbstractGroupParameters().GetSubgroupOrder();
1158 const Integer &x = GetPrivateExponent();
1166 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 1168 return GetValueHelper<DL_PrivateKey<Element> >(
this, name, valueType, pValue).Assignable();
1173 AssignFromHelper<DL_PrivateKey<Element> >(
this, source);
1179 this->AccessGroupParameters().GenerateRandom(rng, params);
1184 SetPrivateExponent(x);
1190 {AccessAbstractGroupParameters().Precompute(precomputationStorage);}
1193 {AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation);}
1196 {GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);}
1203 const Integer & GetPrivateExponent()
const {
return m_x;}
1204 void SetPrivateExponent(
const Integer &x) {m_x = x;}
1208 {m_x.BERDecode(bt);}
1210 {m_x.DEREncode(bt);}
1217 template <
class BASE,
class SIGNATURE_SCHEME>
1221 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1227 BASE::GenerateRandom(rng, params);
1231 typename SIGNATURE_SCHEME::Signer signer(*
this);
1232 typename SIGNATURE_SCHEME::Verifier verifier(signer);
1233 SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
1243 typedef typename GP::Element Element;
1245 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1252 bool pass = GetAbstractGroupParameters().Validate(rng, level);
1253 pass = pass && GetAbstractGroupParameters().ValidateElement(level, this->GetPublicElement(), &GetPublicPrecomputation());
1257 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const 1259 return GetValueHelper<DL_PublicKey<Element> >(
this, name, valueType, pValue).Assignable();
1264 AssignFromHelper<DL_PublicKey<Element> >(
this, source);
1271 AccessAbstractGroupParameters().Precompute(precomputationStorage);
1272 AccessPublicPrecomputation().Precompute(GetAbstractGroupParameters().GetGroupPrecomputation(), GetAbstractGroupParameters().GetSubgroupOrder().BitCount(), precomputationStorage);
1277 AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation);
1278 AccessPublicPrecomputation().Load(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation);
1283 GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);
1284 GetPublicPrecomputation().Save(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation);
1297 {
return this->GetGroupParameters() == rhs.GetGroupParameters() && this->GetPublicElement() == rhs.GetPublicElement();}
1300 typename GP::BasePrecomputation m_ypc;
1308 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1316 CRYPTOPP_UNUSED(params); CRYPTOPP_UNUSED(publicKey); CRYPTOPP_UNUSED(r); CRYPTOPP_UNUSED(s);
1317 throw NotImplemented(
"DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery");
1333 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1338 virtual Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const =0;
1346 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1350 virtual bool ParameterSupported(
const char *name)
const 1351 {CRYPTOPP_UNUSED(name);
return false;}
1352 virtual void Derive(
const DL_GroupParameters<T> &groupParams, byte *derivedKey,
size_t derivedLength,
const T &agreedElement,
const T &ephemeralPublicKey,
const NameValuePairs &derivationParams)
const =0;
1359 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1363 virtual bool ParameterSupported(
const char *name)
const 1364 {CRYPTOPP_UNUSED(name);
return false;}
1365 virtual size_t GetSymmetricKeyLength(
size_t plaintextLength)
const =0;
1366 virtual size_t GetSymmetricCiphertextLength(
size_t plaintextLength)
const =0;
1367 virtual size_t GetMaxSymmetricPlaintextLength(
size_t ciphertextLength)
const =0;
1368 virtual void SymmetricEncrypt(
RandomNumberGenerator &rng,
const byte *key,
const byte *plaintext,
size_t plaintextLength, byte *ciphertext,
const NameValuePairs ¶meters)
const =0;
1369 virtual DecodingResult SymmetricDecrypt(
const byte *key,
const byte *ciphertext,
size_t ciphertextLength, byte *plaintext,
const NameValuePairs ¶meters)
const =0;
1378 typedef KI KeyInterface;
1379 typedef typename KI::Element Element;
1381 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1388 virtual KeyInterface & AccessKeyInterface() =0;
1389 virtual const KeyInterface & GetKeyInterface()
const =0;
1397 template <
class INTERFACE,
class KEY_INTERFACE>
1401 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1410 return GetSignatureAlgorithm().RLen(this->GetAbstractGroupParameters())
1411 + GetSignatureAlgorithm().SLen(this->GetAbstractGroupParameters());
1417 {
return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());}
1434 {
return GetMessageEncodingInterface().AllowNonrecoverablePart();}
1439 {
return GetMessageEncodingInterface().RecoverablePartFirst();}
1442 size_t MessageRepresentativeLength()
const {
return BitsToBytes(MessageRepresentativeBitLength());}
1443 size_t MessageRepresentativeBitLength()
const {
return this->GetAbstractGroupParameters().GetSubgroupOrder().BitCount();}
1447 virtual HashIdentifier GetHashIdentifier()
const =0;
1448 virtual size_t GetDigestSize()
const =0;
1457 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1473 alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
1479 ma.m_recoverableMessage.
Assign(recoverableMessage, recoverableMessageLength);
1480 this->GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(),
1481 recoverableMessage, recoverableMessageLength,
1482 ma.m_presignature, ma.m_presignature.
size(),
1483 ma.m_semisignature);
1488 this->GetMaterial().DoQuickSanityCheck();
1495 SecByteBlock representative(this->MessageRepresentativeLength());
1496 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1498 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1499 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1500 representative, this->MessageRepresentativeBitLength());
1511 alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
1522 size_t rLen = alg.RLen(params);
1523 r.Encode(signature, rLen);
1524 s.Encode(signature+rLen, alg.SLen(params));
1527 RestartMessageAccumulator(rng, ma);
1529 return this->SignatureLength();
1546 CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(ma);
1555 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1561 CRYPTOPP_UNUSED(signature); CRYPTOPP_UNUSED(signatureLength);
1566 size_t rLen = alg.RLen(params);
1567 ma.m_semisignature.
Assign(signature, rLen);
1568 ma.m_s.
Decode(signature+rLen, alg.SLen(params));
1570 this->GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.
size());
1575 this->GetMaterial().DoQuickSanityCheck();
1582 SecByteBlock representative(this->MessageRepresentativeLength());
1583 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1584 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1585 representative, this->MessageRepresentativeBitLength());
1589 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1590 return alg.Verify(params, key, e, r, ma.m_s);
1595 this->GetMaterial().DoQuickSanityCheck();
1602 SecByteBlock representative(this->MessageRepresentativeLength());
1603 this->GetMessageEncodingInterface().ComputeMessageRepresentative(
1605 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
1606 ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty,
1607 representative, this->MessageRepresentativeBitLength());
1612 Integer r(ma.m_semisignature, ma.m_semisignature.
size());
1613 alg.RecoverPresignature(params, key, r, ma.m_s).
Encode(ma.m_presignature, ma.m_presignature.
size());
1615 return this->GetMessageEncodingInterface().RecoverMessageFromSemisignature(
1616 ma.AccessHash(), this->GetHashIdentifier(),
1617 ma.m_presignature, ma.m_presignature.
size(),
1618 ma.m_semisignature, ma.m_semisignature.
size(),
1626 template <
class PK,
class KI>
1630 typedef typename DL_Base<KI>::Element Element;
1632 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1636 size_t MaxPlaintextLength(
size_t ciphertextLength)
const 1638 unsigned int minLen = this->GetAbstractGroupParameters().GetEncodedElementSize(
true);
1639 return ciphertextLength < minLen ? 0 : GetSymmetricEncryptionAlgorithm().GetMaxSymmetricPlaintextLength(ciphertextLength - minLen);
1642 size_t CiphertextLength(
size_t plaintextLength)
const 1644 size_t len = GetSymmetricEncryptionAlgorithm().GetSymmetricCiphertextLength(plaintextLength);
1645 return len == 0 ? 0 : this->GetAbstractGroupParameters().GetEncodedElementSize(
true) + len;
1648 bool ParameterSupported(
const char *name)
const 1649 {
return GetKeyDerivationAlgorithm().ParameterSupported(name) || GetSymmetricEncryptionAlgorithm().ParameterSupported(name);}
1665 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1673 CRYPTOPP_UNUSED(rng);
1682 ciphertext += elementSize;
1683 ciphertextLength -= elementSize;
1685 Element z = agreeAlg.AgreeWithStaticPrivateKey(params, q,
true, key.GetPrivateExponent());
1687 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength)));
1688 derivAlg.Derive(params, derivedKey, derivedKey.
size(), z, q, parameters);
1690 return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters);
1707 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1723 ciphertext += elementSize;
1725 Element z = agreeAlg.AgreeWithEphemeralPrivateKey(params, key.GetPublicPrecomputation(), x);
1727 SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(plaintextLength));
1728 derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters);
1730 encAlg.SymmetricEncrypt(rng, derivedKey, plaintext, plaintextLength, ciphertext, parameters);
1737 template <
class T1,
class T2>
1740 typedef T1 AlgorithmInfo;
1741 typedef T2 GroupParameters;
1742 typedef typename GroupParameters::Element Element;
1748 template <
class T1,
class T2>
1752 typedef typename Keys::PrivateKey
PrivateKey;
1753 typedef typename Keys::PublicKey
PublicKey;
1762 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1765 typedef T3 SignatureAlgorithm;
1766 typedef T4 MessageEncodingMethod;
1767 typedef T5 HashFunction;
1776 template <
class T1,
class T2,
class T3,
class T4,
class T5>
1780 typedef T4 KeyDerivationAlgorithm;
1781 typedef T5 SymmetricEncryptionAlgorithm;
1788 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1792 typedef SCHEME_OPTIONS SchemeOptions;
1793 typedef typename KEY::Element Element;
1795 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1799 PrivateKey & AccessPrivateKey() {
return m_key;}
1800 PublicKey & AccessPublicKey() {
return m_key;}
1803 const KEY & GetKey()
const {
return m_key;}
1804 KEY & AccessKey() {
return m_key;}
1807 typename BASE::KeyInterface & AccessKeyInterface() {
return m_key;}
1808 const typename BASE::KeyInterface & GetKeyInterface()
const {
return m_key;}
1811 HashIdentifier GetHashIdentifier()
const 1813 typedef typename SchemeOptions::MessageEncodingMethod::HashIdentifierLookup HashLookup;
1814 return HashLookup::template HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction>::Lookup();
1816 size_t GetDigestSize()
const 1818 typedef CPP_TYPENAME SchemeOptions::HashFunction H;
1819 return H::DIGESTSIZE;
1830 template <
class BASE,
class SCHEME_OPTIONS,
class KEY>
1834 typedef typename KEY::Element Element;
1836 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1849 HashIdentifier GetHashIdentifier()
const 1850 {
return HashIdentifier();}
1857 template <
class SCHEME_OPTIONS>
1864 this->RestartMessageAccumulator(rng, *p);
1871 template <
class SCHEME_OPTIONS>
1883 template <
class SCHEME_OPTIONS>
1890 template <
class SCHEME_OPTIONS>
1905 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1910 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
1911 unsigned int PrivateKeyLength()
const {
return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}
1912 unsigned int PublicKeyLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
true);}
1917 x.
Encode(privateKey, PrivateKeyLength());
1922 CRYPTOPP_UNUSED(rng);
1924 Integer x(privateKey, PrivateKeyLength());
1929 bool Agree(byte *agreedValue,
const byte *privateKey,
const byte *otherPublicKey,
bool validateOtherPublicKey=
true)
const 1934 Integer x(privateKey, PrivateKeyLength());
1935 Element w = params.
DecodeElement(otherPublicKey, validateOtherPublicKey);
1937 Element z = GetKeyAgreementAlgorithm().AgreeWithStaticPrivateKey(
1938 GetAbstractGroupParameters(), w, validateOtherPublicKey, x);
1950 const Element &
GetGenerator()
const {
return GetAbstractGroupParameters().GetSubgroupGenerator();}
1979 template <
class ELEMENT,
class COFACTOR_OPTION>
1983 typedef ELEMENT Element;
1985 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 1989 CRYPTOPP_CONSTEXPR
static const char * CRYPTOPP_API StaticAlgorithmName()
1998 Element AgreeWithStaticPrivateKey(
const DL_GroupParameters<Element> ¶ms,
const Element &publicElement,
bool validateOtherPublicKey,
const Integer &privateExponent)
const 2012 if (!validateOtherPublicKey)
2015 if (params.FastSubgroupCheckAvailable())
2037 template <
class BASE>
2044 {this->AccessKey().AssignFrom(key);}
2047 {this->AccessKey().BERDecode(bt);}
2050 {this->AccessKey().AssignFrom(algorithm.
GetMaterial());}
2053 {this->AccessKey().Initialize(v1);}
2055 #if (defined(_MSC_VER) && _MSC_VER < 1300) 2057 template <
class T1,
class T2>
2059 {this->AccessKey().Initialize(v1, v2);}
2061 template <
class T1,
class T2,
class T3>
2063 {this->AccessKey().Initialize(v1, v2, v3);}
2065 template <
class T1,
class T2,
class T3,
class T4>
2067 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2069 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2071 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2073 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2075 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2077 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2079 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2081 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2082 PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7, T8 &v8)
2083 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2087 template <
class T1,
class T2>
2089 {this->AccessKey().Initialize(v1, v2);}
2091 template <
class T1,
class T2,
class T3>
2093 {this->AccessKey().Initialize(v1, v2, v3);}
2095 template <
class T1,
class T2,
class T3,
class T4>
2097 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2099 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2100 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2101 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2103 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2104 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2105 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2107 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2108 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2109 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2111 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2112 PK_FinalTemplate(
const T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2113 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2115 template <
class T1,
class T2>
2117 {this->AccessKey().Initialize(v1, v2);}
2119 template <
class T1,
class T2,
class T3>
2121 {this->AccessKey().Initialize(v1, v2, v3);}
2123 template <
class T1,
class T2,
class T3,
class T4>
2125 {this->AccessKey().Initialize(v1, v2, v3, v4);}
2127 template <
class T1,
class T2,
class T3,
class T4,
class T5>
2128 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5)
2129 {this->AccessKey().Initialize(v1, v2, v3, v4, v5);}
2131 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6>
2132 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6)
2133 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);}
2135 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7>
2136 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7)
2137 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);}
2139 template <
class T1,
class T2,
class T3,
class T4,
class T5,
class T6,
class T7,
class T8>
2140 PK_FinalTemplate(T1 &v1,
const T2 &v2,
const T3 &v3,
const T4 &v4,
const T5 &v5,
const T6 &v6,
const T7 &v7,
const T8 &v8)
2141 {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);}
2160 template <
class STANDARD,
class KEYS,
class ALG_INFO>
2163 template <
class STANDARD,
class KEYS,
class ALG_INFO = TF_ES<STANDARD, KEYS,
int> >
2164 class TF_ES :
public KEYS
2166 typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod;
2173 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName();}
2187 template <
class STANDARD,
class H,
class KEYS,
class ALG_INFO>
2190 template <
class STANDARD,
class H,
class KEYS,
class ALG_INFO = TF_SS<STANDARD, H, KEYS,
int> >
2191 class TF_SS :
public KEYS
2196 typedef typename Standard::SignatureMessageEncodingMethod MessageEncodingMethod;
2199 static std::string CRYPTOPP_API StaticAlgorithmName() {
return std::string(KEYS::StaticAlgorithmName()) +
"/" + MessageEncodingMethod::StaticAlgorithmName() +
"(" + H::StaticAlgorithmName() +
")";}
2214 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO>
2217 template <
class KEYS,
class SA,
class MEM,
class H,
class ALG_INFO = DL_SS<KEYS, SA, MEM, H,
int> >
2218 class DL_SS :
public KEYS
2223 static std::string StaticAlgorithmName() {
return SA::StaticAlgorithmName() + std::string(
"/EMSA1(") + H::StaticAlgorithmName() +
")";}
2237 template <
class KEYS,
class AA,
class DA,
class EA,
class ALG_INFO>
2251 #if CRYPTOPP_MSC_VERSION 2252 # pragma warning(pop) Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const
Applies the trapdoor function.
Standard names for retrieving values by name when working with NameValuePairs.
virtual const CryptoMaterial & GetMaterial() const =0
Retrieves a reference to CryptoMaterial.
Discrete Log (DL) key options.
Applies the trapdoor function, using random data if required.
const Element & GetGenerator() const
Retrieves a reference to the group generator.
PK_FinalTemplate< DL_DecryptorImpl< SchemeOptions > > Decryptor
implements PK_Decryptor interface
size_t SignatureLength() const
Provides the signature length.
Interface for asymmetric algorithms.
virtual Integer GetCofactor() const
Retrieves the cofactor.
Interface for message encoding method for public key signature schemes.
Trapdoor Function (TF) encryption scheme.
const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const
Retrieves the group precomputation.
Restricts the instantiation of a class to one static object without locks.
Discrete Log (DL) signer implementation.
bool RecoverablePartFirst() const
Determines if the scheme allows recoverable part first.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
Input signature into a message accumulator.
void DEREncodePrivateKey(BufferedTransformation &bt) const
encode privateKey part of privateKeyInfo, without the OCTET STRING header
static Integer Gcd(const Integer &a, const Integer &n)
greatest common divisor
Encodes and decodesprivateKeyInfo.
void BERDecodePrivateKey(BufferedTransformation &bt, bool, size_t)
decode privateKey part of privateKeyInfo, without the OCTET STRING header
virtual void SetSubgroupGenerator(const Element &base)
Set the subgroup generator.
The base for trapdoor based cryptosystems.
Interface for Discrete Log (DL) group parameters.
Converts a typename to an enumerated value.
bool GetThisObject(T &object) const
Get a copy of this object or subobject.
Interface for message encoding method for public key signature schemes.
Abstract base classes that provide a uniform interface to this library.
const DL_GroupParameters< Element > & GetAbstractGroupParameters() const
Retrieves abstract group parameters.
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
void GenerateAndMask(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, bool mask=true) const
Generate and apply mask.
Message encoding method for public key encryption.
Interface for key derivation algorithms used in DL cryptosystems.
Classes for automatic resource management.
void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
Save precomputation for later use.
bool IsProbabilistic() const
Determines if the scheme is probabilistic.
Library configuration file.
Interface for Discrete Log (DL) private keys.
virtual Integer GetGroupOrder() const
Retrieves the order of the group.
Ring of congruence classes modulo n.
Interface for random number generators.
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
virtual Integer MaxPreimage() const
Returns the maximum size of a message before the trapdoor function is applied bound to a public key...
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Discrete Log (DL) base interface.
void New(size_type newSize)
Change size without preserving contents.
Trapdoor function cryptosystems decryption base class.
Discrete Log (DL) scheme options.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Discrete Log (DL) encryption scheme.
Discrete Log (DL) crypto scheme options.
void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate private key in this domain.
Classes for performing mathematics over different fields.
unsigned int AgreedValueLength() const
Provides the size of the agreed value.
void RawSign(const Integer &k, const Integer &e, Integer &r, Integer &s) const
Testing interface.
Provides range for plaintext and ciphertext lengths.
Interface for private keys.
virtual Element ExponentiateBase(const Integer &exponent) const
Retrieves the subgroup generator.
bool IsPositive() const
Determines if the Integer is positive.
bool SupportsPrecomputation() const
Determines whether the object supports precomputation.
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
static const Integer & One()
Integer representing 1.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
Interface for Discrete Log (DL) public keys.
Base class for public key signature standard classes.
const char * PrivateExponent()
Integer.
CryptoParameters & AccessCryptoParameters()
Retrieves a reference to Crypto Parameters.
Pointer that overloads operator ->
void Precompute(unsigned int precomputationStorage=16)
Perform precomputation.
PK_FinalTemplate< TF_VerifierImpl< SchemeOptions > > Verifier
implements PK_Verifier interface
Discrete Log (DL) signature scheme.
unsigned int ByteCount() const
Determines the number of bytes required to represent the Integer.
virtual bool IsRandomized() const
Determines if the encryption algorithm is randomized.
Base class for a Discrete Log (DL) key.
Interface for domains of simple key agreement protocols.
bool FIPS_140_2_ComplianceEnabled()
Determines whether the library provides FIPS validated cryptography.
Applies the inverse of the trapdoor function.
Returns a decoding results.
Uses encapsulation to hide an object in derived classes.
void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate a public key from a private key in this domain.
void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters=g_nullNameValuePairs) const
Encrypt a byte string.
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
P1363 mask generation function.
void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
Retrieve previously saved precomputation.
Cofactor multiplication compatible with ordinary Diffie-Hellman.
PK_FinalTemplate< TF_EncryptorImpl< SchemeOptions > > Encryptor
implements PK_Encryptor interface
A method was called which was not implemented.
bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
Check whether messageAccumulator contains a valid signature and message, and restart messageAccumulat...
bool AllowNonrecoverablePart() const
Determines if the scheme has non-recoverable part.
No cofactor multiplication applied.
Interface for Elgamal-like signature algorithms.
Discrete Log (DL) signature scheme signer base implementation.
Interface for message encoding method for public key signature schemes.
size_t MaxRecoverableLength() const
Provides the maximum recoverable length.
PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const
Create a new HashTransformation to accumulate the message to be signed.
virtual const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const =0
Retrieves the group precomputation.
bool IsRandomized() const
Determines if the encryption algorithm is randomized.
Interface for message encoding method for public key signature schemes.
virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const =0
Exponentiates a base to multiple exponents.
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
Base class for public key encryption standard classes.
virtual Integer MaxImage() const
Returns the maximum size of a message after the trapdoor function is applied bound to a public key...
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
Discrete Log (DL) object implementation.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
Retrieve previously saved precomputation.
Multiple precision integer with arithmetic operations.
STANDARD Standard
see SignatureStandard for a list of standards
Discrete Log (DL) verifier implementation.
void Precompute(unsigned int precomputationStorage=16)
Perform precomputation.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
Discrete Log (DL) signature scheme base implementation.
Discrete Log (DL) base object implementation.
Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const
Applies the inverse of the trapdoor function.
const NameValuePairs & g_nullNameValuePairs
An empty set of name-value pairs.
const char * SubgroupGenerator()
Integer, ECP::Point, or EC2N::Point.
Applies the trapdoor function.
virtual bool CanIncorporateEntropy() const
Determines if a generator can accept additional entropy.
bool IsRandomized() const
Determines if the decryption algorithm is randomized.
unsigned int PublicKeyLength() const
Provides the size of the public key.
Discrete Log (DL) cryptosystem base implementation.
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.
void Precompute(unsigned int precomputationStorage=16)
Perform precomputation.
Mask generation function interface.
bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const
Derive agreed value.
PK_FinalTemplate< DL_EncryptorImpl< SchemeOptions > > Encryptor
implements PK_Encryptor interface
Public key trapdoor function default implementation.
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Exception thrown when an invalid group element is encountered.
RandomNumberGenerator & NullRNG()
Random Number Generator that does not produce random numbers.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation< Element > *precomp) const =0
Check the element for errors.
DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters=g_nullNameValuePairs) const
Decrypt a byte string.
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Implementation of BufferedTransformation's attachment interface.
DL_GroupParameters< Element > & AccessAbstractGroupParameters()
Retrieves abstract group parameters.
Interface for accumulating messages to be signed or verified.
Interface for key agreement algorithms.
Discrete Log (DL) encryptor base implementation.
Classes for precomputation in a group.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
PK_FinalTemplate< DL_SignerImpl< SchemeOptions > > Signer
implements PK_Signer interface
virtual const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const =0
Retrieves the group precomputation.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Classes and functions for the FIPS 140-2 validated library.
STANDARD Standard
see EncryptionStandard for a list of standards
Interface for crypto material, such as public and private keys, and crypto parameters.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
CofactorMultiplicationOption
Methods for avoiding "Small-Subgroup" attacks on Diffie-Hellman Key Agreement.
unsigned int PrivateKeyLength() const
Provides the size of the private key.
PK_FinalTemplate< TF_SignerImpl< SchemeOptions > > Signer
implements PK_Signer interface
DL_GroupParameters< Element > & AccessAbstractGroupParameters()
Retrieves abstract group parameters.
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element's size.
void Decode(const byte *input, size_t inputLen, Signedness sign=UNSIGNED)
Decode from big-endian byte array.
Discrete Log (DL) encryptor implementation.
bool SupportsPrecomputation() const
Determines whether the object supports precomputation.
Multiple precision integer with arithmetic operations.
Cofactor multiplication incompatible with ordinary Diffie-Hellman.
static const Integer & Zero()
Integer representing 0.
Interface for crypto prameters.
bool GetThisPointer(T *&ptr) const
Get a pointer to this object.
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.
Discrete Log (DL) decryptor implementation.
void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const
Input a recoverable message to an accumulator.
size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
Sign and restart messageAccumulator.
PK_FinalTemplate< TF_DecryptorImpl< SchemeOptions > > Decryptor
implements PK_Decryptor interface
Class file for performing modular arithmetic.
Interface for public keys.
Crypto++ library namespace.
PK_MessageAccumulator * NewVerificationAccumulator() const
Create a new HashTransformation to accumulate the message to be verified.
Applies the inverse of the trapdoor function, using random data if required.
Interface for symmetric encryption algorithms used in DL cryptosystems.
Base implmentation of Discrete Log (DL) group parameters.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
virtual bool IsRandomized() const
Determines if the decryption algorithm is randomized.
Encodes and decodes subjectPublicKeyInfo.
Trapdoor function cryptosystem base class.
virtual DL_GroupParameters< T > & AccessAbstractGroupParameters()=0
Retrieves abstract group parameters.
void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
Retrieve previously saved precomputation.
bool SupportsPrecomputation() const
Determines whether the object supports precomputation.
PK_FinalTemplate< DL_VerifierImpl< SchemeOptions > > Verifier
implements PK_Verifier interface
Discrete Log (DL) signature scheme options.
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
Interface for message encoding method for public key signature schemes.
const char * SubgroupOrder()
Integer.
Discrete Log (DL) decryptor base implementation.
Interface for message encoding method for public key signature schemes.
const char * PublicElement()
Integer.
Interface for DL key agreement algorithms.
size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const
Provides the maximum recoverable length.
DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const
Recover a message from its signature.
size_type size() const
Provides the count of elements in the SecBlock.
Discrete Log (DL) simple key agreement base implementation.
virtual bool IsIdentity(const Element &element) const =0
Determines if an element is an identity.
virtual void IncorporateEntropy(const byte *input, size_t length)
Update RNG state with additional unpredictable values.
void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
Save precomputation for later use.
void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
Save precomputation for later use.
Interface for message encoding method for public key signature schemes.
const DL_GroupParameters< Element > & GetAbstractGroupParameters() const
Retrieves abstract group parameters.
Interface for retrieving values given their names.
Template implementing constructors for public key algorithm classes.
Trapdoor Function (TF) Signature Scheme.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.
Base class for identifying alogorithm.