Crypto++  5.6.5
Free C++ class library of cryptographic schemes
gfpcrypt.h
Go to the documentation of this file.
1 // gfpcrypt.h - originally written and placed in the public domain by Wei Dai
2 // RFC6979 deterministic signatures added by Douglas Roark
3 // ECGDSA added by Jeffrey Walton
4 
5 /// \file gfpcrypt.h
6 /// \brief Classes and functions for schemes based on Discrete Logs (DL) over GF(p)
7 
8 #ifndef CRYPTOPP_GFPCRYPT_H
9 #define CRYPTOPP_GFPCRYPT_H
10 
11 #include "config.h"
12 
13 #if CRYPTOPP_MSC_VERSION
14 # pragma warning(push)
15 # pragma warning(disable: 4189 4231 4275)
16 #endif
17 
18 #include "cryptlib.h"
19 #include "pubkey.h"
20 #include "integer.h"
21 #include "modexppc.h"
22 #include "algparam.h"
23 #include "smartptr.h"
24 #include "sha.h"
25 #include "asn.h"
26 #include "hmac.h"
27 #include "misc.h"
28 
29 NAMESPACE_BEGIN(CryptoPP)
30 
31 CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters<Integer>;
32 
33 /// \brief Integer-based GroupParameters specialization
34 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBased : public ASN1CryptoMaterial<DL_GroupParameters<Integer> >
35 {
37 
38 public:
40 
41  /// \brief Initialize a group parameters over integers
42  /// \param params the group parameters
44  {Initialize(params.GetModulus(), params.GetSubgroupOrder(), params.GetSubgroupGenerator());}
45 
46  /// \brief Create a group parameters over integers
47  /// \param rng a RandomNumberGenerator derived class
48  /// \param pbits the size of p, in bits
49  /// \details This function overload of Initialize() creates a new private key because it
50  /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
51  /// then use one of the other Initialize() overloads.
52  void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
53  {GenerateRandom(rng, MakeParameters("ModulusSize", (int)pbits));}
54 
55  /// \brief Initialize a group parameters over integers
56  /// \param p the modulus
57  /// \param g the generator
58  void Initialize(const Integer &p, const Integer &g)
59  {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
60 
61  /// \brief Initialize a group parameters over integers
62  /// \param p the modulus
63  /// \param q the subgroup order
64  /// \param g the generator
65  void Initialize(const Integer &p, const Integer &q, const Integer &g)
66  {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
67 
68  // ASN1Object interface
70  void DEREncode(BufferedTransformation &bt) const;
71 
72  // GeneratibleCryptoMaterial interface
73  /*! parameters: (ModulusSize, SubgroupOrderSize (optional)) */
74  void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
75  bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
76  void AssignFrom(const NameValuePairs &source);
77 
78  // DL_GroupParameters
79  const Integer & GetSubgroupOrder() const {return m_q;}
80  Integer GetGroupOrder() const {return GetFieldType() == 1 ? GetModulus()-Integer::One() : GetModulus()+Integer::One();}
81  bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
82  bool ValidateElement(unsigned int level, const Integer &element, const DL_FixedBasePrecomputation<Integer> *precomp) const;
83  bool FastSubgroupCheckAvailable() const {return GetCofactor() == 2;}
84 
85  // Cygwin i386 crash at -O3; see http://github.com/weidai11/cryptopp/issues/40.
86  void EncodeElement(bool reversible, const Element &element, byte *encoded) const;
87  unsigned int GetEncodedElementSize(bool reversible) const;
88 
89  Integer DecodeElement(const byte *encoded, bool checkForGroupMembership) const;
90  Integer ConvertElementToInteger(const Element &element) const
91  {return element;}
92  Integer GetMaxExponent() const;
93  static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "";}
94 
95  OID GetAlgorithmID() const;
96 
97  virtual const Integer & GetModulus() const =0;
98  virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) =0;
99 
100  void SetSubgroupOrder(const Integer &q)
101  {m_q = q; ParametersChanged();}
102 
103 protected:
104  Integer ComputeGroupOrder(const Integer &modulus) const
105  {return modulus-(GetFieldType() == 1 ? 1 : -1);}
106 
107  // GF(p) = 1, GF(p^2) = 2
108  virtual int GetFieldType() const =0;
109  virtual unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const;
110 
111 private:
112  Integer m_q;
113 };
114 
115 /// \brief Integer-based GroupParameters default implementation
116 /// \tparam GROUP_PRECOMP group parameters precomputation specialization
117 /// \tparam BASE_PRECOMP base class precomputation specialization
118 template <class GROUP_PRECOMP, class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<typename GROUP_PRECOMP::Element> >
119 class CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBasedImpl : public DL_GroupParametersImpl<GROUP_PRECOMP, BASE_PRECOMP, DL_GroupParameters_IntegerBased>
120 {
122 
123 public:
124  typedef typename GROUP_PRECOMP::Element Element;
125 
127 
128  // GeneratibleCryptoMaterial interface
129  bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
130  {return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();}
131 
132  void AssignFrom(const NameValuePairs &source)
133  {AssignFromHelper<DL_GroupParameters_IntegerBased>(this, source);}
134 
135  // DL_GroupParameters
136  const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;}
138 
139  // IntegerGroupParameters
140  const Integer & GetModulus() const {return this->m_groupPrecomputation.GetModulus();}
141  const Integer & GetGenerator() const {return this->m_gpc.GetBase(this->GetGroupPrecomputation());}
142 
143  void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) // these have to be set together
144  {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->GetGroupPrecomputation(), g); this->ParametersChanged();}
145 
146  // non-inherited
148  {return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->GetSubgroupOrder() == rhs.GetSubgroupOrder();}
150  {return !operator==(rhs);}
151 };
152 
154 
155 /// \brief GF(p) group parameters
156 class CRYPTOPP_DLL DL_GroupParameters_GFP : public DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation>
157 {
158 public:
159  virtual ~DL_GroupParameters_GFP() {}
160 
161  // DL_GroupParameters
162  bool IsIdentity(const Integer &element) const {return element == Integer::One();}
163  void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
164 
165  // NameValuePairs interface
166  bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
167  {
168  return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();
169  }
170 
171  // used by MQV
172  Element MultiplyElements(const Element &a, const Element &b) const;
173  Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const;
174 
175 protected:
176  int GetFieldType() const {return 1;}
177 };
178 
179 /// \brief GF(p) group parameters that default to safe primes
181 {
182 public:
184 
186 
187 protected:
188  unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;}
189 };
190 
191 /// \brief GDSA algorithm
192 /// \tparam T FieldElement type or class
193 template <class T>
195 {
196 public:
197  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "DSA-1363";}
198 
199  virtual ~DL_Algorithm_GDSA() {}
200 
201  void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
202  {
203  const Integer &q = params.GetSubgroupOrder();
204  r %= q;
205  Integer kInv = k.InverseMod(q);
206  s = (kInv * (x*r + e)) % q;
207  CRYPTOPP_ASSERT(!!r && !!s);
208  }
209 
210  bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
211  {
212  const Integer &q = params.GetSubgroupOrder();
213  if (r>=q || r<1 || s>=q || s<1)
214  return false;
215 
216  Integer w = s.InverseMod(q);
217  Integer u1 = (e * w) % q;
218  Integer u2 = (r * w) % q;
219  // verify r == (g^u1 * y^u2 mod p) mod q
220  return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q;
221  }
222 };
223 
224 /// \brief DSA signature algorithm based on RFC 6979
225 /// \tparam T FieldElement type or class
226 /// \tparam H HashTransformation derived class
227 /// \sa <a href="http://tools.ietf.org/rfc/rfc6979.txt">RFC 6979, Deterministic Usage of the
228 /// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)</a>
229 /// \since Crypto++ 6.0
230 template <class T, class H>
232 {
233 public:
234  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "DSA-RFC6979";}
235 
236  virtual ~DL_Algorithm_DSA_RFC6979() {}
237 
238  bool IsProbabilistic() const
239  {return false;}
240  bool IsDeterministic() const
241  {return true;}
242 
243  // Deterministic K
244  Integer GenerateRandom(const Integer &x, const Integer &q, const Integer &e) const
245  {
246  static const byte zero = 0, one = 1;
247  const size_t qlen = q.BitCount();
248  const size_t rlen = BitsToBytes(qlen);
249 
250  // Step (a) - formatted E(m)
252  e.Encode(BH, BH.size());
253  BH = bits2octets(BH, q);
254 
255  // Step (a) - private key to byte array
256  SecByteBlock BX(STDMAX(rlen, x.MinEncodedSize()));
257  x.Encode(BX, BX.size());
258 
259  // Step (b)
260  SecByteBlock V(H::DIGESTSIZE);
261  std::fill(V.begin(), V.begin()+H::DIGESTSIZE, one);
262 
263  // Step (c)
264  SecByteBlock K(H::DIGESTSIZE);
265  std::fill(K.begin(), K.begin()+H::DIGESTSIZE, zero);
266 
267  // Step (d)
268  m_hmac.SetKey(K, K.size());
269  m_hmac.Update(V, V.size());
270  m_hmac.Update(&zero, 1);
271  m_hmac.Update(BX, BX.size());
272  m_hmac.Update(BH, BH.size());
273  m_hmac.TruncatedFinal(K, K.size());
274 
275  // Step (e)
276  m_hmac.SetKey(K, K.size());
277  m_hmac.Update(V, V.size());
278  m_hmac.TruncatedFinal(V, V.size());
279 
280  // Step (f)
281  m_hmac.SetKey(K, K.size());
282  m_hmac.Update(V, V.size());
283  m_hmac.Update(&one, 1);
284  m_hmac.Update(BX, BX.size());
285  m_hmac.Update(BH, BH.size());
286  m_hmac.TruncatedFinal(K, K.size());
287 
288  // Step (g)
289  m_hmac.SetKey(K, K.size());
290  m_hmac.Update(V, V.size());
291  m_hmac.TruncatedFinal(V, V.size());
292 
293  Integer k;
294  SecByteBlock temp(rlen);
295  for (;;)
296  {
297  // We want qlen bits, but we support only hash functions with an output length
298  // multiple of 8; hence, we will gather rlen bits, i.e., rolen octets.
299  size_t toff = 0;
300  while (toff < rlen)
301  {
302  m_hmac.Update(V, V.size());
303  m_hmac.TruncatedFinal(V, V.size());
304 
305  size_t cc = STDMIN(V.size(), temp.size() - toff);
306  memcpy_s(temp+toff, temp.size() - toff, V, cc);
307  toff += cc;
308  }
309 
310  k = bits2int(temp, qlen);
311  if (k > 0 && k < q)
312  break;
313 
314  // k is not in the proper range; update K and V, and loop.
315  m_hmac.Update(V, V.size());
316  m_hmac.Update(&zero, 1);
317  m_hmac.TruncatedFinal(K, K.size());
318 
319  m_hmac.SetKey(K, K.size());
320  m_hmac.Update(V, V.size());
321  m_hmac.TruncatedFinal(V, V.size());
322  }
323 
324  return k;
325  }
326 
327 protected:
328 
329  Integer bits2int(const SecByteBlock& bits, size_t qlen) const
330  {
331  Integer ret(bits, bits.size());
332  size_t blen = bits.size()*8;
333 
334  if (blen > qlen)
335  ret >>= blen - qlen;
336 
337  return ret;
338  }
339 
340  // RFC 6979 support function. Takes an integer and converts it into bytes that
341  // are the same length as an elliptic curve's order.
342  SecByteBlock int2octets(const Integer& val, size_t rlen) const
343  {
344  SecByteBlock block(val.MinEncodedSize());
345  val.Encode(block, val.MinEncodedSize());
346 
347  if (block.size() == rlen)
348  return block;
349 
350  // The least significant bytes are the ones we need to preserve.
351  SecByteBlock t(rlen);
352  if (block.size() > rlen)
353  {
354  size_t offset = block.size() - rlen;
355  std::memcpy(t, block + offset, rlen);
356  }
357  else // block.size() < rlen
358  {
359  size_t offset = rlen - block.size();
360  memset(t, '\x00', offset);
361  std::memcpy(t + offset, block, rlen - offset);
362  }
363 
364  return t;
365  }
366 
367  // Turn a stream of bits into a set of bytes with the same length as an elliptic
368  // curve's order.
369  SecByteBlock bits2octets(const SecByteBlock& in, const Integer& q) const
370  {
371  Integer b2 = bits2int(in, q.BitCount());
372  Integer b1 = b2 - q;
373  return int2octets(b1.IsNegative() ? b2 : b1, q.ByteCount());
374  }
375 
376 private:
377  mutable H m_hash;
378  mutable HMAC<H> m_hmac;
379 };
380 
381 /// \brief German Digital Signature Algorithm
382 /// \tparam T FieldElement type or class
383 /// \details The Digital Signature Scheme ECGDSA does not define the algorithm over integers. Rather, the
384 /// signature algorithm is only defined over elliptic curves. However, The library design is such that the
385 /// generic algorithm reside in <tt>gfpcrypt.h</tt>.
386 /// \sa Erwin Hess, Marcus Schafheutle, and Pascale Serf <A HREF="http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf">
387 /// The Digital Signature Scheme ECGDSA (October 24, 2006)</A>
388 template <class T>
390 {
391 public:
392  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "GDSA-ISO15946";}
393 
394  virtual ~DL_Algorithm_GDSA_ISO15946() {}
395 
396  void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
397  {
398  const Integer &q = params.GetSubgroupOrder();
399  // r = x(k * G) mod q
400  r = params.ConvertElementToInteger(params.ExponentiateBase(k)) % q;
401  // s = (k * r - h(m)) * d_A mod q
402  s = (k * r - e) * x % q;
403  CRYPTOPP_ASSERT(!!r && !!s);
404  }
405 
406  bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
407  {
408  const Integer &q = params.GetSubgroupOrder();
409  if (r>=q || r<1 || s>=q || s<1)
410  return false;
411 
412  const Integer& rInv = r.InverseMod(q);
413  const Integer u1 = (rInv * e) % q;
414  const Integer u2 = (rInv * s) % q;
415  // verify x(G^u1 + P_A^u2) mod q
416  return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q;
417  }
418 };
419 
420 CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<Integer>;
421 CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA1>;
422 CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA224>;
423 CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA256>;
424 CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA384>;
425 CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA512>;
426 
427 /// \brief NR algorithm
428 /// \tparam T FieldElement type or class
429 template <class T>
431 {
432 public:
433  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "NR";}
434 
435  virtual ~DL_Algorithm_NR() {}
436 
437  void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
438  {
439  const Integer &q = params.GetSubgroupOrder();
440  r = (r + e) % q;
441  s = (k - x*r) % q;
442  CRYPTOPP_ASSERT(!!r);
443  }
444 
445  bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
446  {
447  const Integer &q = params.GetSubgroupOrder();
448  if (r>=q || r<1 || s>=q)
449  return false;
450 
451  // check r == (m_g^s * m_y^r + m) mod m_q
452  return r == (params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(s, r)) + e) % q;
453  }
454 };
455 
456 /// \brief Discrete Log (DL) public key in GF(p) groups
457 /// \tparam GP GroupParameters derived class
458 /// \details DSA public key format is defined in 7.3.3 of RFC 2459. The private key format is defined in 12.9 of PKCS #11 v2.10.
459 template <class GP>
461 {
462 public:
463  virtual ~DL_PublicKey_GFP() {}
464 
465  /// \brief Initialize a public key over GF(p)
466  /// \param params the group parameters
467  /// \param y the public element
468  void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &y)
469  {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);}
470 
471  /// \brief Initialize a public key over GF(p)
472  /// \param p the modulus
473  /// \param g the generator
474  /// \param y the public element
475  void Initialize(const Integer &p, const Integer &g, const Integer &y)
476  {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);}
477 
478  /// \brief Initialize a public key over GF(p)
479  /// \param p the modulus
480  /// \param q the subgroup order
481  /// \param g the generator
482  /// \param y the public element
483  void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
484  {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);}
485 
486  // X509PublicKey
488  {this->SetPublicElement(Integer(bt));}
490  {this->GetPublicElement().DEREncode(bt);}
491 };
492 
493 /// \brief Discrete Log (DL) private key in GF(p) groups
494 /// \tparam GP GroupParameters derived class
495 template <class GP>
497 {
498 public:
499  virtual ~DL_PrivateKey_GFP();
500 
501  /// \brief Create a private key
502  /// \param rng a RandomNumberGenerator derived class
503  /// \param modulusBits the size of the modulus, in bits
504  /// \details This function overload of Initialize() creates a new private key because it
505  /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
506  /// then use one of the other Initialize() overloads.
507  void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
508  {this->GenerateRandomWithKeySize(rng, modulusBits);}
509 
510  /// \brief Create a private key
511  /// \param rng a RandomNumberGenerator derived class
512  /// \param p the modulus
513  /// \param g the generator
514  /// \details This function overload of Initialize() creates a new private key because it
515  /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
516  /// then use one of the other Initialize() overloads.
517  void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
518  {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupGenerator", g));}
519 
520  /// \brief Create a private key
521  /// \param rng a RandomNumberGenerator derived class
522  /// \param p the modulus
523  /// \param q the subgroup order
524  /// \param g the generator
525  /// \details This function overload of Initialize() creates a new private key because it
526  /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
527  /// then use one of the other Initialize() overloads.
528  void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
529  {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupOrder", q)("SubgroupGenerator", g));}
530 
531  /// \brief Initialize a private key over GF(p)
532  /// \param params the group parameters
533  /// \param x the private exponent
534  void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &x)
535  {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);}
536 
537  /// \brief Initialize a private key over GF(p)
538  /// \param p the modulus
539  /// \param g the generator
540  /// \param x the private exponent
541  void Initialize(const Integer &p, const Integer &g, const Integer &x)
542  {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);}
543 
544  /// \brief Initialize a private key over GF(p)
545  /// \param p the modulus
546  /// \param q the subgroup order
547  /// \param g the generator
548  /// \param x the private exponent
549  void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
550  {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);}
551 };
552 
553 // Out-of-line dtor due to AIX and GCC, http://github.com/weidai11/cryptopp/issues/499
554 template <class GP>
556 
557 /// \brief Discrete Log (DL) signing/verification keys in GF(p) groups
559 {
563 };
564 
565 /// \brief Discrete Log (DL) encryption/decryption keys in GF(p) groups
567 {
571 };
572 
573 /// \brief DSA signature scheme
574 /// \tparam H HashTransformation derived class
575 /// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a>
576 /// \since Crypto++ 1.0 for DSA, Crypto++ 5.6.2 for DSA2
577 template <class H>
578 struct GDSA : public DL_SS<
579  DL_SignatureKeys_GFP,
580  DL_Algorithm_GDSA<Integer>,
581  DL_SignatureMessageEncodingMethod_DSA,
582  H>
583 {
584 };
585 
586 /// \brief NR signature scheme
587 /// \tparam H HashTransformation derived class
588 /// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#NR">NR</a>
589 template <class H>
590 struct NR : public DL_SS<
591  DL_SignatureKeys_GFP,
592  DL_Algorithm_NR<Integer>,
593  DL_SignatureMessageEncodingMethod_NR,
594  H>
595 {
596 };
597 
598 /// \brief DSA group parameters
599 /// \details These are GF(p) group parameters that are allowed by the DSA standard
600 /// \sa DL_Keys_DSA
602 {
603 public:
604  virtual ~DL_GroupParameters_DSA() {}
605 
606  /*! also checks that the lengths of p and q are allowed by the DSA standard */
607  bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
608  /*! parameters: (ModulusSize), or (Modulus, SubgroupOrder, SubgroupGenerator) */
609  /*! ModulusSize must be between DSA::MIN_PRIME_LENGTH and DSA::MAX_PRIME_LENGTH, and divisible by DSA::PRIME_LENGTH_MULTIPLE */
610  void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
611 
612  static bool CRYPTOPP_API IsValidPrimeLength(unsigned int pbits)
613  {return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
614 
615  enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
616 };
617 
618 template <class H>
619 class DSA2;
620 
621 /// \brief DSA keys
622 /// \sa DL_GroupParameters_DSA
624 {
627 };
628 
629 /// \brief DSA signature scheme
630 /// \tparam H HashTransformation derived class
631 /// \details The class is named DSA2 instead of DSA for backwards compatibility because DSA was a non-template class.
632 /// \sa <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">DSA</a>, as specified in FIPS 186-3
633 /// \since Crypto++ 1.0 for DSA, Crypto++ 5.6.2 for DSA2
634 template <class H>
635 class DSA2 : public DL_SS<
636  DL_Keys_DSA,
637  DL_Algorithm_GDSA<Integer>,
638  DL_SignatureMessageEncodingMethod_DSA,
639  H,
640  DSA2<H> >
641 {
642 public:
643  static std::string CRYPTOPP_API StaticAlgorithmName() {return "DSA/" + (std::string)H::StaticAlgorithmName();}
644 };
645 
646 /// \brief DSA deterministic signature scheme
647 /// \tparam H HashTransformation derived class
648 /// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a>
649 /// \since Crypto++ 1.0 for DSA, Crypto++ 5.6.2 for DSA2
650 template <class H>
651 struct DSA_RFC6979 : public DL_SS<
652  DL_SignatureKeys_GFP,
653  DL_Algorithm_DSA_RFC6979<Integer, H>,
654  DL_SignatureMessageEncodingMethod_DSA,
655  H,
656  DSA_RFC6979<H> >
657 {
658  static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string("DSA-RFC6979/") + H::StaticAlgorithmName();}
659 };
660 
661 /// DSA with SHA-1, typedef'd for backwards compatibility
662 typedef DSA2<SHA1> DSA;
663 
664 CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_GFP<DL_GroupParameters_DSA>;
665 CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_GFP<DL_GroupParameters_DSA>;
667 
668 /// \brief P1363 based XOR Encryption Method
669 /// \tparam MAC MessageAuthenticationCode derived class used for MAC computation
670 /// \tparam DHAES_MODE flag indicating DHAES mode
671 /// \tparam LABEL_OCTETS flag indicating the label is octet count
672 /// \details DL_EncryptionAlgorithm_Xor is based on an early P1363 draft, which itself appears to be based on an
673 /// early Certicom SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used it in its Integrated
674 /// Ecryption Schemes with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
675 /// \details If you need this method for Crypto++ 4.2 compatibility, then use the ECIES template class with
676 /// <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
677 /// \details If you need this method for Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the ECIES template class with
678 /// <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=ture</tt> and <tt>LABEL_OCTETS=false</tt>.
679 /// \details Bouncy Castle 1.54 and Botan 1.11 compatibility are the default template parameters.
680 /// \since Crypto++ 4.0
681 template <class MAC, bool DHAES_MODE, bool LABEL_OCTETS=false>
683 {
684 public:
685  virtual ~DL_EncryptionAlgorithm_Xor() {}
686 
687  bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;}
688  size_t GetSymmetricKeyLength(size_t plaintextLength) const
689  {return plaintextLength + static_cast<size_t>(MAC::DIGESTSIZE);}
690  size_t GetSymmetricCiphertextLength(size_t plaintextLength) const
691  {return plaintextLength + static_cast<size_t>(MAC::DIGESTSIZE);}
692  size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const
693  {return SaturatingSubtract(ciphertextLength, static_cast<size_t>(MAC::DIGESTSIZE));}
694  void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters) const
695  {
696  CRYPTOPP_UNUSED(rng);
697  const byte *cipherKey = NULLPTR, *macKey = NULLPTR;
698  if (DHAES_MODE)
699  {
700  macKey = key;
701  cipherKey = key + MAC::DEFAULT_KEYLENGTH;
702  }
703  else
704  {
705  cipherKey = key;
706  macKey = key + plaintextLength;
707  }
708 
709  ConstByteArrayParameter encodingParameters;
710  parameters.GetValue(Name::EncodingParameters(), encodingParameters);
711 
712  if (plaintextLength) // Coverity finding
713  xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
714 
715  MAC mac(macKey);
716  mac.Update(ciphertext, plaintextLength);
717  mac.Update(encodingParameters.begin(), encodingParameters.size());
718  if (DHAES_MODE)
719  {
720  byte L[8];
721  PutWord(false, BIG_ENDIAN_ORDER, L, (LABEL_OCTETS ? word64(encodingParameters.size()) : 8 * word64(encodingParameters.size())));
722  mac.Update(L, 8);
723  }
724  mac.Final(ciphertext + plaintextLength);
725  }
726  DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters) const
727  {
728  size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
729  const byte *cipherKey, *macKey;
730  if (DHAES_MODE)
731  {
732  macKey = key;
733  cipherKey = key + MAC::DEFAULT_KEYLENGTH;
734  }
735  else
736  {
737  cipherKey = key;
738  macKey = key + plaintextLength;
739  }
740 
741  ConstByteArrayParameter encodingParameters;
742  parameters.GetValue(Name::EncodingParameters(), encodingParameters);
743 
744  MAC mac(macKey);
745  mac.Update(ciphertext, plaintextLength);
746  mac.Update(encodingParameters.begin(), encodingParameters.size());
747  if (DHAES_MODE)
748  {
749  byte L[8];
750  PutWord(false, BIG_ENDIAN_ORDER, L, (LABEL_OCTETS ? word64(encodingParameters.size()) : 8 * word64(encodingParameters.size())));
751  mac.Update(L, 8);
752  }
753  if (!mac.Verify(ciphertext + plaintextLength))
754  return DecodingResult();
755 
756  if (plaintextLength) // Coverity finding
757  xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
758 
759  return DecodingResult(plaintextLength);
760  }
761 };
762 
763 /// _
764 template <class T, bool DHAES_MODE, class KDF>
766 {
767 public:
768  virtual ~DL_KeyDerivationAlgorithm_P1363() {}
769 
770  bool ParameterSupported(const char *name) const {return strcmp(name, Name::KeyDerivationParameters()) == 0;}
771  void Derive(const DL_GroupParameters<T> &params, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs &parameters) const
772  {
773  SecByteBlock agreedSecret;
774  if (DHAES_MODE)
775  {
776  agreedSecret.New(params.GetEncodedElementSize(true) + params.GetEncodedElementSize(false));
777  params.EncodeElement(true, ephemeralPublicKey, agreedSecret);
778  params.EncodeElement(false, agreedElement, agreedSecret + params.GetEncodedElementSize(true));
779  }
780  else
781  {
782  agreedSecret.New(params.GetEncodedElementSize(false));
783  params.EncodeElement(false, agreedElement, agreedSecret);
784  }
785 
786  ConstByteArrayParameter derivationParameters;
787  parameters.GetValue(Name::KeyDerivationParameters(), derivationParameters);
788  KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.size(), derivationParameters.begin(), derivationParameters.size());
789  }
790 };
791 
792 /// \brief Discrete Log Integrated Encryption Scheme
793 /// \tparam COFACTOR_OPTION cofactor multiplication option
794 /// \tparam HASH HashTransformation derived class used for key drivation and MAC computation
795 /// \tparam DHAES_MODE flag indicating if the MAC includes addition context parameters such as the label
796 /// \tparam LABEL_OCTETS flag indicating if the label size is specified in octets or bits
797 /// \details DLIES is an Integer based Integrated Encryption Scheme (IES). The scheme combines a Key Encapsulation Method (KEM)
798 /// with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is
799 /// <A HREF="http://en.wikipedia.org/wiki/ciphertext_indistinguishability">IND-CCA2</A>, which is a strong notion of security.
800 /// You should prefer an Integrated Encryption Scheme over homegrown schemes.
801 /// \details The library's original implementation is based on an early P1363 draft, which itself appears to be based on an early Certicom
802 /// SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used the early draft in its Integrated Ecryption
803 /// Schemes with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
804 /// \details If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the DLIES template class with
805 /// <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
806 /// \details If you desire an Integrated Encryption Scheme with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the DLIES
807 /// template class with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=true</tt> and <tt>LABEL_OCTETS=false</tt>.
808 /// \details The default template parameters ensure compatibility with Bouncy Castle 1.54 and Botan 1.11. The combination of
809 /// <tt>IncompatibleCofactorMultiplication</tt> and <tt>DHAES_MODE=true</tt> is recommended for best efficiency and security.
810 /// SHA1 is used for compatibility reasons, but it can be changed if desired. SHA-256 or another hash will likely improve the
811 /// security provided by the MAC. The hash is also used in the key derivation function as a PRF.
812 /// \details Below is an example of constructing a Crypto++ 4.2 compatible DLIES encryptor and decryptor.
813 /// <pre>
814 /// AutoSeededRandomPool prng;
815 /// DL_PrivateKey_GFP<DL_GroupParameters_GFP> key;
816 /// key.Initialize(prng, 2048);
817 ///
818 /// DLIES<SHA1,NoCofactorMultiplication,true,true>::Decryptor decryptor(key);
819 /// DLIES<SHA1,NoCofactorMultiplication,true,true>::Encryptor encryptor(decryptor);
820 /// </pre>
821 /// \sa ECIES, <a href="http://www.weidai.com/scan-mirror/ca.html#DLIES">Discrete Log Integrated Encryption Scheme (DLIES)</a>,
822 /// Martínez, Encinas, and Ávila's <A HREF="http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf">A Survey of the Elliptic
823 /// Curve Integrated Encryption Schemes</A>
824 /// \since Crypto++ 4.0, Crypto++ 5.7 for Bouncy Castle and Botan compatibility
825 template <class HASH = SHA1, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true, bool LABEL_OCTETS=false>
826 struct DLIES
827  : public DL_ES<
828  DL_CryptoKeys_GFP,
829  DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
830  DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<HASH> >,
831  DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
832  DLIES<> >
833 {
834  static std::string CRYPTOPP_API StaticAlgorithmName() {return "DLIES";} // TODO: fix this after name is standardized
835 };
836 
837 NAMESPACE_END
838 
839 #if CRYPTOPP_MSC_VERSION
840 # pragma warning(pop)
841 #endif
842 
843 #endif
Used to pass byte array input as part of a NameValuePairs object.
Definition: algparam.h:30
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
Create a private key.
Definition: gfpcrypt.h:528
Discrete Log Integrated Encryption Scheme.
Definition: gfpcrypt.h:826
virtual void DEREncode(BufferedTransformation &bt) const =0
Encode this object into a BufferedTransformation.
Classes for working with NameValuePairs.
Utility functions for the Crypto++ library.
GF(p) group parameters.
Definition: gfpcrypt.h:156
void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &y)
Initialize a public key over GF(p)
Definition: gfpcrypt.h:468
Integer GetGroupOrder() const
Retrieves the order of the group.
Definition: gfpcrypt.h:80
size_t size() const
Length of the memory block.
Definition: algparam.h:94
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
Definition: misc.h:786
This file contains helper classes/functions for implementing public key algorithms.
Interface for deterministic signers.
Definition: pubkey.h:1400
void Sign(const DL_GroupParameters< T > &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
Definition: gfpcrypt.h:201
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
Create a private key.
Definition: gfpcrypt.h:507
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: gfpcrypt.h:166
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
Definition: misc.h:2291
void Initialize(const Integer &p, const Integer &g)
Initialize a group parameters over integers.
Definition: gfpcrypt.h:58
P1363 based XOR Encryption Method.
Definition: gfpcrypt.h:682
Converts an enumeration to a type suitable for use as a template parameter.
Definition: cryptlib.h:133
Abstract base classes that provide a uniform interface to this library.
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
Definition: misc.h:383
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
GF(p) group parameters that default to safe primes.
Definition: gfpcrypt.h:180
Interface for key derivation algorithms used in DL cryptosystems.
Definition: pubkey.h:1429
Classes for automatic resource management.
Library configuration file.
DSA keys.
Definition: gfpcrypt.h:623
Interface for random number generators.
Definition: cryptlib.h:1327
void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
Create a group parameters over integers.
Definition: gfpcrypt.h:52
void New(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:729
Integer InverseMod(const Integer &n) const
calculate multiplicative inverse of *this mod n
Definition: integer.cpp:4384
Discrete Log (DL) encryption scheme.
Definition: pubkey.h:2279
SecBlock<byte> typedef.
Definition: secblock.h:822
Interface for buffered transformations.
Definition: cryptlib.h:1472
DSA signature scheme.
Definition: gfpcrypt.h:578
virtual Element ExponentiateBase(const Integer &exponent) const
Retrieves the subgroup generator.
Definition: pubkey.h:820
static const Integer & One()
Integer representing 1.
Definition: integer.cpp:4806
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
Interface for Discrete Log (DL) public keys.
Definition: pubkey.h:1009
void DEREncodePublicKey(BufferedTransformation &bt) const
encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header ...
Definition: gfpcrypt.h:489
void Initialize(const Integer &p, const Integer &q, const Integer &g)
Initialize a group parameters over integers.
Definition: gfpcrypt.h:65
Discrete Log (DL) signature scheme.
Definition: pubkey.h:2256
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
Create a private key.
Definition: gfpcrypt.h:517
unsigned int ByteCount() const
Determines the number of bytes required to represent the Integer.
Definition: integer.cpp:3306
bool operator!=(const OID &lhs, const OID &rhs)
Compare two OIDs for inequality.
void Sign(const DL_GroupParameters< T > &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
Definition: gfpcrypt.h:396
size_t MinEncodedSize(Signedness sign=UNSIGNED) const
Minimum number of bytes to encode this integer.
Definition: integer.cpp:3363
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
Definition: gfpcrypt.h:137
Returns a decoding results.
Definition: cryptlib.h:253
Discrete Log (DL) private key base implementation.
Definition: pubkey.h:1189
DSA2< SHA1 > DSA
DSA with SHA-1, typedef&#39;d for backwards compatibility.
Definition: gfpcrypt.h:662
Classes for HMAC message authentication codes.
DSA signature scheme.
Definition: gfpcrypt.h:619
const byte * begin() const
Pointer to the first byte in the memory block.
Definition: algparam.h:90
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:509
Integer ConvertElementToInteger(const Element &element) const
Converts an element to an Integer.
Definition: gfpcrypt.h:90
Interface for Elgamal-like signature algorithms.
Definition: pubkey.h:1347
virtual void BERDecode(BufferedTransformation &bt)=0
Decode this object from a BufferedTransformation.
void Initialize(const Integer &p, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
Definition: gfpcrypt.h:475
const char * EncodingParameters()
ConstByteArrayParameter.
Definition: argnames.h:66
Discrete Log (DL) signing/verification keys in GF(p) groups.
Definition: gfpcrypt.h:558
DSA deterministic signature scheme.
Definition: gfpcrypt.h:651
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
Definition: pubkey.h:810
Discrete Log (DL) encryption/decryption keys in GF(p) groups.
Definition: gfpcrypt.h:566
Multiple precision integer with arithmetic operations.
Definition: integer.h:49
NR signature scheme.
Definition: gfpcrypt.h:590
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
Definition: misc.h:886
Integer-based GroupParameters default implementation.
Definition: gfpcrypt.h:119
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
Definition: gfpcrypt.h:136
bool IsIdentity(const Integer &element) const
Determines if an element is an identity.
Definition: gfpcrypt.h:162
byte order is big-endian
Definition: cryptlib.h:145
bool IsDeterministic() const
Signature scheme flag.
Definition: gfpcrypt.h:240
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition: misc.h:503
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:60
DSA group parameters.
Definition: gfpcrypt.h:601
Classes and functions for working with ANS.1 objects.
Classes for SHA-1 and SHA-2 family of message digests.
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
Definition: gfpcrypt.h:549
void Initialize(const DL_GroupParameters_IntegerBased &params)
Initialize a group parameters over integers.
Definition: gfpcrypt.h:43
Discrete Log (DL) public key in GF(p) groups.
Definition: gfpcrypt.h:460
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Definition: secblock.h:536
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
Definition: integer.cpp:3315
virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const
Exponentiates an element.
Definition: pubkey.h:1061
DSA signature algorithm based on RFC 6979.
Definition: gfpcrypt.h:231
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Definition: integer.cpp:3379
bool Verify(const DL_GroupParameters< T > &params, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Definition: gfpcrypt.h:445
bool Verify(const DL_GroupParameters< T > &params, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Definition: gfpcrypt.h:210
Discrete Log (DL) private key in GF(p) groups.
Definition: gfpcrypt.h:496
GDSA algorithm.
Definition: gfpcrypt.h:194
void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Definition: misc.cpp:28
void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &x)
Initialize a private key over GF(p)
Definition: gfpcrypt.h:534
Integer GenerateRandom(const Integer &x, const Integer &q, const Integer &e) const
Generate k.
Definition: gfpcrypt.h:244
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element&#39;s size.
NR algorithm.
Definition: gfpcrypt.h:430
Discrete Log (DL) public key base implementation.
Definition: pubkey.h:1279
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition: gfpcrypt.h:132
Multiple precision integer with arithmetic operations.
const Integer & GetSubgroupOrder() const
Retrieves the subgroup order.
Definition: gfpcrypt.h:79
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
Definition: misc.h:514
const char * KeyDerivationParameters()
ConstByteArrayParameter.
Definition: argnames.h:67
Crypto++ library namespace.
bool GetValue(const char *name, T &value) const
Get a named value.
Definition: cryptlib.h:348
Interface for symmetric encryption algorithms used in DL cryptosystems.
Definition: pubkey.h:1440
Base implementation of Discrete Log (DL) group parameters.
Definition: pubkey.h:964
void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header ...
Definition: gfpcrypt.h:487
void Sign(const DL_GroupParameters< T > &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
Definition: gfpcrypt.h:437
German Digital Signature Algorithm.
Definition: gfpcrypt.h:389
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
Definition: gfpcrypt.h:483
Integer-based GroupParameters specialization.
Definition: gfpcrypt.h:34
Encode and decode ASN.1 objects with additional information.
Definition: asn.h:374
void Initialize(const Integer &p, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
Definition: gfpcrypt.h:541
Object Identifier.
Definition: asn.h:166
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: gfpcrypt.h:129
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:561
bool Verify(const DL_GroupParameters< T > &params, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Definition: gfpcrypt.h:406
Interface for retrieving values given their names.
Definition: cryptlib.h:291
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.