4#ifndef CRYPTOPP_FHMQV_H
5#define CRYPTOPP_FHMQV_H
23template <
class GROUP_PARAMETERS,
class COFACTOR_OPTION =
typename GROUP_PARAMETERS::DefaultCofactorOption,
class HASH = SHA512>
27 typedef GROUP_PARAMETERS GroupParameters;
28 typedef typename GroupParameters::Element Element;
33 FHMQV_Domain(
bool clientRole =
true): m_role(clientRole ? RoleClient : RoleServer) {}
35 FHMQV_Domain(
const GroupParameters ¶ms,
bool clientRole =
true)
36 : m_role(clientRole ? RoleClient : RoleServer), m_groupParameters(params) {}
39 : m_role(clientRole ? RoleClient : RoleServer)
40 {m_groupParameters.BERDecode(bt);}
44 : m_role(clientRole ? RoleClient : RoleServer)
45 {m_groupParameters.Initialize(v1);}
47 template <
class T1,
class T2>
49 : m_role(clientRole ? RoleClient : RoleServer)
50 {m_groupParameters.Initialize(v1, v2);}
52 template <
class T1,
class T2,
class T3>
53 FHMQV_Domain(T1 v1, T2 v2, T3 v3,
bool clientRole =
true)
54 : m_role(clientRole ? RoleClient : RoleServer)
55 {m_groupParameters.Initialize(v1, v2, v3);}
57 template <
class T1,
class T2,
class T3,
class T4>
58 FHMQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4,
bool clientRole =
true)
59 : m_role(clientRole ? RoleClient : RoleServer)
60 {m_groupParameters.Initialize(v1, v2, v3, v4);}
64 const GroupParameters & GetGroupParameters()
const {
return m_groupParameters;}
65 GroupParameters & AccessGroupParameters(){
return m_groupParameters;}
70 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
111 CRYPTOPP_UNUSED(rng);
125 const byte *staticPrivateKey,
const byte *ephemeralPrivateKey,
126 const byte *staticOtherPublicKey,
const byte *ephemeralOtherPublicKey,
127 bool validateStaticOtherPublicKey=
true)
const
129 byte *XX = NULLPTR, *YY = NULLPTR, *AA = NULLPTR, *BB = NULLPTR;
130 size_t xxs = 0, yys = 0, aas = 0, bbs = 0;
141 if(m_role == RoleServer)
147 XX =
const_cast<byte*
>(ephemeralOtherPublicKey);
151 AA =
const_cast<byte*
>(staticOtherPublicKey);
156 else if(m_role == RoleClient)
164 YY =
const_cast<byte*
>(ephemeralOtherPublicKey);
168 BB =
const_cast<byte*
>(staticOtherPublicKey);
180 Element VV1 = params.
DecodeElement(staticOtherPublicKey,
false);
181 if(!params.
ValidateElement(validateStaticOtherPublicKey ? 3 : 1, VV1, NULLPTR))
186 Element VV2 = params.
DecodeElement(ephemeralOtherPublicKey,
false);
191 const unsigned int len = (((q.
BitCount()+1)/2 +7)/8);
196 Hash(NULLPTR, XX, xxs, YY, yys, AA, aas, BB, bbs, dd.BytePtr(), dd.SizeInBytes());
197 d.Decode(dd.BytePtr(), dd.SizeInBytes());
199 Hash(NULLPTR, YY, yys, XX, xxs, AA, aas, BB, bbs, ee.
BytePtr(), ee.
SizeInBytes());
203 if(m_role == RoleServer)
213 Element t2 = m_groupParameters.MultiplyElements(X, t1);
227 Element t2 = m_groupParameters.MultiplyElements(Y, t1);
232 Hash(&sigma, XX, xxs, YY, yys, AA, aas, BB, bbs, agreedValue,
AgreedValueLength());
243 inline void Hash(
const Element* sigma,
244 const byte* e1,
size_t e1len,
const byte* e2,
size_t e2len,
245 const byte* s1,
size_t s1len,
const byte* s2,
size_t s2len,
246 byte* digest,
size_t dlen)
const
249 size_t idx = 0, req = dlen;
250 size_t blk =
STDMIN(dlen, (
size_t)HASH::DIGESTSIZE);
254 Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma);
256 x.Encode(sbb.BytePtr(), sbb.SizeInBytes());
257 hash.Update(sbb.BytePtr(), sbb.SizeInBytes());
260 hash.Update(e1, e1len);
261 hash.Update(e2, e2len);
262 hash.Update(s1, s1len);
263 hash.Update(s2, s2len);
265 hash.TruncatedFinal(digest, blk);
271 hash.Update(&digest[idx], (
size_t)HASH::DIGESTSIZE);
273 idx += (size_t)HASH::DIGESTSIZE;
274 blk =
STDMIN(req, (
size_t)HASH::DIGESTSIZE);
275 hash.TruncatedFinal(&digest[idx], blk);
284 enum KeyAgreementRole{ RoleServer = 1, RoleClient };
289 GroupParameters m_groupParameters;
290 KeyAgreementRole m_role;
Classes for performing mathematics over different fields.
Interface for domains of authenticated key agreement protocols.
void DoQuickSanityCheck() const
Perform a quick sanity check.
Interface for crypto prameters.
Exception thrown when an invalid group element is encountered.
Interface for Discrete Log (DL) group parameters.
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation< Element > *precomp) const =0
Check the element for errors.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.
Fully Hashed Menezes-Qu-Vanstone in GF(p)
unsigned int AgreedValueLength() const
return length of agreed value produced
unsigned int EphemeralPublicKeyLength() const
Provides the size of ephemeral public key.
CryptoParameters & AccessCryptoParameters()
Retrieves a reference to Crypto Parameters.
void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
generate static public key
unsigned int EphemeralPrivateKeyLength() const
Provides the size of ephemeral private key.
void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
return length of ephemeral public keys in this domain
void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
generate static private key
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
derive agreed value from your private keys and couterparty's public keys, return false in case of fai...
void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
return length of ephemeral private keys in this domain
unsigned int StaticPrivateKeyLength() const
return length of static private keys in this domain
unsigned int StaticPublicKeyLength() const
return length of static public keys in this domain
Multiple precision integer with arithmetic operations.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
static const Integer & One()
Integer representing 1.
const CryptoMaterial & GetMaterial() const
Retrieves a reference to Crypto Parameters.
Interface for random number generators.
size_type SizeInBytes() const
Provides the number of bytes in the SecBlock.
byte * BytePtr()
Provides a byte pointer to the first element in the memory block.
FHMQV_Domain< DL_GroupParameters_GFP_DefaultSafePrime > FHMQV
Fully Hashed Menezes-Qu-Vanstone in GF(p)
Classes and functions for schemes based on Discrete Logs (DL) over GF(p)
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Crypto++ library namespace.
Classes for SHA-1 and SHA-2 family of message digests.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.