gfpcrypt.h

Go to the documentation of this file.
00001 #ifndef CRYPTOPP_GFPCRYPT_H
00002 #define CRYPTOPP_GFPCRYPT_H
00003 
00004 /** \file
00005     Implementation of schemes based on DL over GF(p)
00006 */
00007 
00008 #include "pubkey.h"
00009 #include "modexppc.h"
00010 #include "sha.h"
00011 #include "algparam.h"
00012 #include "asn.h"
00013 #include "smartptr.h"
00014 #include "hmac.h"
00015 
00016 #include <limits.h>
00017 
00018 NAMESPACE_BEGIN(CryptoPP)
00019 
00020 CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters<Integer>;
00021 
00022 //! _
00023 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBased : public ASN1CryptoMaterial<DL_GroupParameters<Integer> >
00024 {
00025     typedef DL_GroupParameters_IntegerBased ThisClass;
00026     
00027 public:
00028     void Initialize(const DL_GroupParameters_IntegerBased &params)
00029         {Initialize(params.GetModulus(), params.GetSubgroupOrder(), params.GetSubgroupGenerator());}
00030     void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
00031         {GenerateRandom(rng, MakeParameters("ModulusSize", (int)pbits));}
00032     void Initialize(const Integer &p, const Integer &g)
00033         {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
00034     void Initialize(const Integer &p, const Integer &q, const Integer &g)
00035         {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
00036 
00037     // ASN1Object interface
00038     void BERDecode(BufferedTransformation &bt);
00039     void DEREncode(BufferedTransformation &bt) const;
00040 
00041     // GeneratibleCryptoMaterial interface
00042     /*! parameters: (ModulusSize, SubgroupOrderSize (optional)) */
00043     void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
00044     bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
00045     void AssignFrom(const NameValuePairs &source);
00046     
00047     // DL_GroupParameters
00048     const Integer & GetSubgroupOrder() const {return m_q;}
00049     Integer GetGroupOrder() const {return GetFieldType() == 1 ? GetModulus()-Integer::One() : GetModulus()+Integer::One();}
00050     bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
00051     bool ValidateElement(unsigned int level, const Integer &element, const DL_FixedBasePrecomputation<Integer> *precomp) const;
00052     bool FastSubgroupCheckAvailable() const {return GetCofactor() == 2;}
00053     void EncodeElement(bool reversible, const Element &element, byte *encoded) const
00054         {element.Encode(encoded, GetModulus().ByteCount());}
00055     unsigned int GetEncodedElementSize(bool reversible) const {return GetModulus().ByteCount();}
00056     Integer DecodeElement(const byte *encoded, bool checkForGroupMembership) const;
00057     Integer ConvertElementToInteger(const Element &element) const
00058         {return element;}
00059     Integer GetMaxExponent() const;
00060     static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "";}
00061 
00062     OID GetAlgorithmID() const;
00063 
00064     virtual const Integer & GetModulus() const =0;
00065     virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) =0;
00066 
00067     void SetSubgroupOrder(const Integer &q)
00068         {m_q = q; ParametersChanged();}
00069 
00070 protected:
00071     Integer ComputeGroupOrder(const Integer &modulus) const
00072         {return modulus-(GetFieldType() == 1 ? 1 : -1);}
00073 
00074     // GF(p) = 1, GF(p^2) = 2
00075     virtual int GetFieldType() const =0;
00076     virtual unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const;
00077 
00078 private:
00079     Integer m_q;
00080 };
00081 
00082 //! _
00083 template <class GROUP_PRECOMP, class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element> >
00084 class CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBasedImpl : public DL_GroupParametersImpl<GROUP_PRECOMP, BASE_PRECOMP, DL_GroupParameters_IntegerBased>
00085 {
00086     typedef DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> ThisClass;
00087 
00088 public:
00089     typedef typename GROUP_PRECOMP::Element Element;
00090 
00091     // GeneratibleCryptoMaterial interface
00092     bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
00093         {return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();}
00094 
00095     void AssignFrom(const NameValuePairs &source)
00096         {AssignFromHelper<DL_GroupParameters_IntegerBased>(this, source);}
00097 
00098     // DL_GroupParameters
00099     const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;}
00100     DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;}
00101 
00102     // IntegerGroupParameters
00103     const Integer & GetModulus() const {return this->m_groupPrecomputation.GetModulus();}
00104     const Integer & GetGenerator() const {return this->m_gpc.GetBase(this->GetGroupPrecomputation());}
00105 
00106     void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g)     // these have to be set together
00107         {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->GetGroupPrecomputation(), g); this->ParametersChanged();}
00108 
00109     // non-inherited
00110     bool operator==(const DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> &rhs) const
00111         {return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->GetSubgroupOrder() == rhs.GetSubgroupOrder();}
00112     bool operator!=(const DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> &rhs) const
00113         {return !operator==(rhs);}
00114 };
00115 
00116 CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation>;
00117 
00118 //! GF(p) group parameters
00119 class CRYPTOPP_DLL DL_GroupParameters_GFP : public DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation>
00120 {
00121 public:
00122     // DL_GroupParameters
00123     bool IsIdentity(const Integer &element) const {return element == Integer::One();}
00124     void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
00125 
00126     // NameValuePairs interface
00127     bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
00128     {
00129         return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();
00130     }
00131 
00132     // used by MQV
00133     Element MultiplyElements(const Element &a, const Element &b) const;
00134     Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const;
00135 
00136 protected:
00137     int GetFieldType() const {return 1;}
00138 };
00139 
00140 //! GF(p) group parameters that default to same primes
00141 class CRYPTOPP_DLL DL_GroupParameters_GFP_DefaultSafePrime : public DL_GroupParameters_GFP
00142 {
00143 public:
00144     typedef NoCofactorMultiplication DefaultCofactorOption;
00145 
00146 protected:
00147     unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;}
00148 };
00149 
00150 //! GDSA algorithm
00151 template <class T>
00152 class DL_Algorithm_GDSA : public DL_ElgamalLikeSignatureAlgorithm<T>
00153 {
00154 public:
00155     static const char * CRYPTOPP_API StaticAlgorithmName() {return "DSA-1363";}
00156 
00157     void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
00158     {
00159         const Integer &q = params.GetSubgroupOrder();
00160         r %= q;
00161         Integer kInv = k.InverseMod(q);
00162         s = (kInv * (x*r + e)) % q;
00163         assert(!!r && !!s);
00164     }
00165 
00166     bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
00167     {
00168         const Integer &q = params.GetSubgroupOrder();
00169         if (r>=q || r<1 || s>=q || s<1)
00170             return false;
00171 
00172         Integer w = s.InverseMod(q);
00173         Integer u1 = (e * w) % q;
00174         Integer u2 = (r * w) % q;
00175         // verify r == (g^u1 * y^u2 mod p) mod q
00176         return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q;
00177     }
00178 };
00179 
00180 CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<Integer>;
00181 
00182 //! NR algorithm
00183 template <class T>
00184 class DL_Algorithm_NR : public DL_ElgamalLikeSignatureAlgorithm<T>
00185 {
00186 public:
00187     static const char * CRYPTOPP_API StaticAlgorithmName() {return "NR";}
00188 
00189     void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
00190     {
00191         const Integer &q = params.GetSubgroupOrder();
00192         r = (r + e) % q;
00193         s = (k - x*r) % q;
00194         assert(!!r);
00195     }
00196 
00197     bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
00198     {
00199         const Integer &q = params.GetSubgroupOrder();
00200         if (r>=q || r<1 || s>=q)
00201             return false;
00202 
00203         // check r == (m_g^s * m_y^r + m) mod m_q
00204         return r == (params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(s, r)) + e) % q;
00205     }
00206 };
00207 
00208 /*! DSA public key format is defined in 7.3.3 of RFC 2459. The
00209     private key format is defined in 12.9 of PKCS #11 v2.10. */
00210 template <class GP>
00211 class DL_PublicKey_GFP : public DL_PublicKeyImpl<GP>
00212 {
00213 public:
00214     void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &y)
00215         {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);}
00216     void Initialize(const Integer &p, const Integer &g, const Integer &y)
00217         {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);}
00218     void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
00219         {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);}
00220 
00221     // X509PublicKey
00222     void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
00223         {this->SetPublicElement(Integer(bt));}
00224     void DEREncodePublicKey(BufferedTransformation &bt) const
00225         {this->GetPublicElement().DEREncode(bt);}
00226 };
00227 
00228 //! DL private key (in GF(p) groups)
00229 template <class GP>
00230 class DL_PrivateKey_GFP : public DL_PrivateKeyImpl<GP>
00231 {
00232 public:
00233     void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
00234         {this->GenerateRandomWithKeySize(rng, modulusBits);}
00235     void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
00236         {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupGenerator", g));}
00237     void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
00238         {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupOrder", q)("SubgroupGenerator", g));}
00239     void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &x)
00240         {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);}
00241     void Initialize(const Integer &p, const Integer &g, const Integer &x)
00242         {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);}
00243     void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
00244         {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);}
00245 };
00246 
00247 //! DL signing/verification keys (in GF(p) groups)
00248 struct DL_SignatureKeys_GFP
00249 {
00250     typedef DL_GroupParameters_GFP GroupParameters;
00251     typedef DL_PublicKey_GFP<GroupParameters> PublicKey;
00252     typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey;
00253 };
00254 
00255 //! DL encryption/decryption keys (in GF(p) groups)
00256 struct DL_CryptoKeys_GFP
00257 {
00258     typedef DL_GroupParameters_GFP_DefaultSafePrime GroupParameters;
00259     typedef DL_PublicKey_GFP<GroupParameters> PublicKey;
00260     typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey;
00261 };
00262 
00263 //! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format
00264 template <class BASE>
00265 class DL_PublicKey_GFP_OldFormat : public BASE
00266 {
00267 public:
00268     void BERDecode(BufferedTransformation &bt)
00269     {
00270         BERSequenceDecoder seq(bt);
00271             Integer v1(seq);
00272             Integer v2(seq);
00273             Integer v3(seq);
00274 
00275             if (seq.EndReached())
00276             {
00277                 this->AccessGroupParameters().Initialize(v1, v1/2, v2);
00278                 this->SetPublicElement(v3);
00279             }
00280             else
00281             {
00282                 Integer v4(seq);
00283                 this->AccessGroupParameters().Initialize(v1, v2, v3);
00284                 this->SetPublicElement(v4);
00285             }
00286 
00287         seq.MessageEnd();
00288     }
00289 
00290     void DEREncode(BufferedTransformation &bt) const
00291     {
00292         DERSequenceEncoder seq(bt);
00293             this->GetGroupParameters().GetModulus().DEREncode(seq);
00294             if (this->GetGroupParameters().GetCofactor() != 2)
00295                 this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
00296             this->GetGroupParameters().GetGenerator().DEREncode(seq);
00297             this->GetPublicElement().DEREncode(seq);
00298         seq.MessageEnd();
00299     }
00300 };
00301 
00302 //! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format
00303 template <class BASE>
00304 class DL_PrivateKey_GFP_OldFormat : public BASE
00305 {
00306 public:
00307     void BERDecode(BufferedTransformation &bt)
00308     {
00309         BERSequenceDecoder seq(bt);
00310             Integer v1(seq);
00311             Integer v2(seq);
00312             Integer v3(seq);
00313             Integer v4(seq);
00314 
00315             if (seq.EndReached())
00316             {
00317                 this->AccessGroupParameters().Initialize(v1, v1/2, v2);
00318                 this->SetPrivateExponent(v4 % (v1/2));  // some old keys may have x >= q
00319             }
00320             else
00321             {
00322                 Integer v5(seq);
00323                 this->AccessGroupParameters().Initialize(v1, v2, v3);
00324                 this->SetPrivateExponent(v5);
00325             }
00326 
00327         seq.MessageEnd();
00328     }
00329 
00330     void DEREncode(BufferedTransformation &bt) const
00331     {
00332         DERSequenceEncoder seq(bt);
00333             this->GetGroupParameters().GetModulus().DEREncode(seq);
00334             if (this->GetGroupParameters().GetCofactor() != 2)
00335                 this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
00336             this->GetGroupParameters().GetGenerator().DEREncode(seq);
00337             this->GetGroupParameters().ExponentiateBase(this->GetPrivateExponent()).DEREncode(seq);
00338             this->GetPrivateExponent().DEREncode(seq);
00339         seq.MessageEnd();
00340     }
00341 };
00342 
00343 //! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a>
00344 template <class H>
00345 struct GDSA : public DL_SS<
00346     DL_SignatureKeys_GFP, 
00347     DL_Algorithm_GDSA<Integer>, 
00348     DL_SignatureMessageEncodingMethod_DSA,
00349     H>
00350 {
00351 };
00352 
00353 //! <a href="http://www.weidai.com/scan-mirror/sig.html#NR">NR</a>
00354 template <class H>
00355 struct NR : public DL_SS<
00356     DL_SignatureKeys_GFP, 
00357     DL_Algorithm_NR<Integer>, 
00358     DL_SignatureMessageEncodingMethod_NR,
00359     H>
00360 {
00361 };
00362 
00363 //! DSA group parameters, these are GF(p) group parameters that are allowed by the DSA standard
00364 class CRYPTOPP_DLL DL_GroupParameters_DSA : public DL_GroupParameters_GFP
00365 {
00366 public:
00367     /*! also checks that the lengths of p and q are allowed by the DSA standard */
00368     bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
00369     /*! parameters: (ModulusSize), or (Modulus, SubgroupOrder, SubgroupGenerator) */
00370     /*! ModulusSize must be between DSA::MIN_PRIME_LENGTH and DSA::MAX_PRIME_LENGTH, and divisible by DSA::PRIME_LENGTH_MULTIPLE */
00371     void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
00372 };
00373 
00374 struct DSA;
00375 
00376 //! DSA keys
00377 struct DL_Keys_DSA
00378 {
00379     typedef DL_PublicKey_GFP<DL_GroupParameters_DSA> PublicKey;
00380     typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA> PrivateKey;
00381 };
00382 
00383 //! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA">DSA</a>
00384 struct CRYPTOPP_DLL DSA : public DL_SS<
00385     DL_Keys_DSA, 
00386     DL_Algorithm_GDSA<Integer>, 
00387     DL_SignatureMessageEncodingMethod_DSA,
00388     SHA, 
00389     DSA>
00390 {
00391     static const char * CRYPTOPP_API StaticAlgorithmName() {return "DSA";}
00392 
00393     //! Generate DSA primes according to NIST standard
00394     /*! Both seedLength and primeLength are in bits, but seedLength should
00395         be a multiple of 8.
00396         If useInputCounterValue == true, the counter parameter is taken as input, otherwise it's used for output
00397     */
00398     static bool CRYPTOPP_API GeneratePrimes(const byte *seed, unsigned int seedLength, int &counter,
00399                                 Integer &p, unsigned int primeLength, Integer &q, bool useInputCounterValue = false);
00400 
00401     static bool CRYPTOPP_API IsValidPrimeLength(unsigned int pbits)
00402         {return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
00403 
00404     //! FIPS 186-2 Change Notice 1 changed the minimum modulus length to 1024
00405     enum {
00406 #if (DSA_1024_BIT_MODULUS_ONLY)
00407         MIN_PRIME_LENGTH = 1024,
00408 #else
00409         MIN_PRIME_LENGTH = 512,
00410 #endif
00411         MAX_PRIME_LENGTH = 1024, PRIME_LENGTH_MULTIPLE = 64};
00412 };
00413 
00414 CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_GFP<DL_GroupParameters_DSA>;
00415 CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_GFP<DL_GroupParameters_DSA>;
00416 CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA>;
00417 
00418 //! the XOR encryption method, for use with DL-based cryptosystems
00419 template <class MAC, bool DHAES_MODE>
00420 class DL_EncryptionAlgorithm_Xor : public DL_SymmetricEncryptionAlgorithm
00421 {
00422 public:
00423     bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;}
00424     size_t GetSymmetricKeyLength(size_t plaintextLength) const
00425         {return plaintextLength + MAC::DEFAULT_KEYLENGTH;}
00426     size_t GetSymmetricCiphertextLength(size_t plaintextLength) const
00427         {return plaintextLength + MAC::DIGESTSIZE;}
00428     size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const
00429         {return (unsigned int)SaturatingSubtract(ciphertextLength, (unsigned int)MAC::DIGESTSIZE);}
00430     void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters) const
00431     {
00432         const byte *cipherKey, *macKey;
00433         if (DHAES_MODE)
00434         {
00435             macKey = key;
00436             cipherKey = key + MAC::DEFAULT_KEYLENGTH;
00437         }
00438         else
00439         {
00440             cipherKey = key;
00441             macKey = key + plaintextLength;
00442         }
00443 
00444         ConstByteArrayParameter encodingParameters;
00445         parameters.GetValue(Name::EncodingParameters(), encodingParameters);
00446 
00447         xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
00448         MAC mac(macKey);
00449         mac.Update(ciphertext, plaintextLength);
00450         mac.Update(encodingParameters.begin(), encodingParameters.size());
00451         if (DHAES_MODE)
00452         {
00453             byte L[8] = {0,0,0,0};
00454             PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size()));
00455             mac.Update(L, 8);
00456         }
00457         mac.Final(ciphertext + plaintextLength);
00458     }
00459     DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters) const
00460     {
00461         size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
00462         const byte *cipherKey, *macKey;
00463         if (DHAES_MODE)
00464         {
00465             macKey = key;
00466             cipherKey = key + MAC::DEFAULT_KEYLENGTH;
00467         }
00468         else
00469         {
00470             cipherKey = key;
00471             macKey = key + plaintextLength;
00472         }
00473 
00474         ConstByteArrayParameter encodingParameters;
00475         parameters.GetValue(Name::EncodingParameters(), encodingParameters);
00476 
00477         MAC mac(macKey);
00478         mac.Update(ciphertext, plaintextLength);
00479         mac.Update(encodingParameters.begin(), encodingParameters.size());
00480         if (DHAES_MODE)
00481         {
00482             byte L[8] = {0,0,0,0};
00483             PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size()));
00484             mac.Update(L, 8);
00485         }
00486         if (!mac.Verify(ciphertext + plaintextLength))
00487             return DecodingResult();
00488 
00489         xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
00490         return DecodingResult(plaintextLength);
00491     }
00492 };
00493 
00494 //! _
00495 template <class T, bool DHAES_MODE, class KDF>
00496 class DL_KeyDerivationAlgorithm_P1363 : public DL_KeyDerivationAlgorithm<T>
00497 {
00498 public:
00499     bool ParameterSupported(const char *name) const {return strcmp(name, Name::KeyDerivationParameters()) == 0;}
00500     void Derive(const DL_GroupParameters<T> &params, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs &parameters) const
00501     {
00502         SecByteBlock agreedSecret;
00503         if (DHAES_MODE)
00504         {
00505             agreedSecret.New(params.GetEncodedElementSize(true) + params.GetEncodedElementSize(false));
00506             params.EncodeElement(true, ephemeralPublicKey, agreedSecret);
00507             params.EncodeElement(false, agreedElement, agreedSecret + params.GetEncodedElementSize(true));
00508         }
00509         else
00510         {
00511             agreedSecret.New(params.GetEncodedElementSize(false));
00512             params.EncodeElement(false, agreedElement, agreedSecret);
00513         }
00514 
00515         ConstByteArrayParameter derivationParameters;
00516         parameters.GetValue(Name::KeyDerivationParameters(), derivationParameters);
00517         KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.size(), derivationParameters.begin(), derivationParameters.size());
00518     }
00519 };
00520 
00521 //! Discrete Log Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#DLIES">DLIES</a>
00522 template <class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true>
00523 struct DLIES
00524     : public DL_ES<
00525         DL_CryptoKeys_GFP,
00526         DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
00527         DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >,
00528         DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
00529         DLIES<> >
00530 {
00531     static std::string CRYPTOPP_API StaticAlgorithmName() {return "DLIES";} // TODO: fix this after name is standardized
00532 };
00533 
00534 NAMESPACE_END
00535 
00536 #endif

Generated on Thu Jul 5 22:21:37 2007 for Crypto++ by  doxygen 1.5.2