Crypto++ 8.2
Free C&
gfpcrypt.h
Go to the documentation of this file.
1// gfpcrypt.h - originally written and placed in the public domain by Wei Dai
2// RFC6979 deterministic signatures added by Douglas Roark
3// ECGDSA added by Jeffrey Walton
4
5/// \file gfpcrypt.h
6/// \brief Classes and functions for schemes based on Discrete Logs (DL) over GF(p)
7
8#ifndef CRYPTOPP_GFPCRYPT_H
9#define CRYPTOPP_GFPCRYPT_H
10
11#include "config.h"
12
13#if CRYPTOPP_MSC_VERSION
14# pragma warning(push)
15# pragma warning(disable: 4189 4231 4275)
16#endif
17
18#include "cryptlib.h"
19#include "pubkey.h"
20#include "integer.h"
21#include "modexppc.h"
22#include "algparam.h"
23#include "smartptr.h"
24#include "sha.h"
25#include "asn.h"
26#include "hmac.h"
27#include "misc.h"
28
29NAMESPACE_BEGIN(CryptoPP)
30
31CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters<Integer>;
32
33/// \brief Integer-based GroupParameters specialization
34class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBased : public ASN1CryptoMaterial<DL_GroupParameters<Integer> >
35{
37
38public:
40
41 /// \brief Initialize a group parameters over integers
42 /// \param params the group parameters
44 {Initialize(params.GetModulus(), params.GetSubgroupOrder(), params.GetSubgroupGenerator());}
45
46 /// \brief Create a group parameters over integers
47 /// \param rng a RandomNumberGenerator derived class
48 /// \param pbits the size of p, in bits
49 /// \details This function overload of Initialize() creates a new private key because it
50 /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
51 /// then use one of the other Initialize() overloads.
52 void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
53 {GenerateRandom(rng, MakeParameters("ModulusSize", (int)pbits));}
54
55 /// \brief Initialize a group parameters over integers
56 /// \param p the modulus
57 /// \param g the generator
58 void Initialize(const Integer &p, const Integer &g)
59 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
60
61 /// \brief Initialize a group parameters over integers
62 /// \param p the modulus
63 /// \param q the subgroup order
64 /// \param g the generator
65 void Initialize(const Integer &p, const Integer &q, const Integer &g)
66 {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
67
68 // ASN1Object interface
70 void DEREncode(BufferedTransformation &bt) const;
71
72 // GeneratibleCryptoMaterial interface
73 /*! parameters: (ModulusSize, SubgroupOrderSize (optional)) */
74 void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
75 bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
76 void AssignFrom(const NameValuePairs &source);
77
78 // DL_GroupParameters
79 const Integer & GetSubgroupOrder() const {return m_q;}
80 Integer GetGroupOrder() const {return GetFieldType() == 1 ? GetModulus()-Integer::One() : GetModulus()+Integer::One();}
81 bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
82 bool ValidateElement(unsigned int level, const Integer &element, const DL_FixedBasePrecomputation<Integer> *precomp) const;
83 bool FastSubgroupCheckAvailable() const {return GetCofactor() == 2;}
84
85 // Cygwin i386 crash at -O3; see http://github.com/weidai11/cryptopp/issues/40.
86 void EncodeElement(bool reversible, const Element &element, byte *encoded) const;
87 unsigned int GetEncodedElementSize(bool reversible) const;
88
89 Integer DecodeElement(const byte *encoded, bool checkForGroupMembership) const;
90 Integer ConvertElementToInteger(const Element &element) const
91 {return element;}
92 Integer GetMaxExponent() const;
93 static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "";}
94
95 OID GetAlgorithmID() const;
96
97 virtual const Integer & GetModulus() const =0;
98 virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) =0;
99
100 void SetSubgroupOrder(const Integer &q)
101 {m_q = q; ParametersChanged();}
102
103protected:
104 Integer ComputeGroupOrder(const Integer &modulus) const
105 {return modulus-(GetFieldType() == 1 ? 1 : -1);}
106
107 // GF(p) = 1, GF(p^2) = 2
108 virtual int GetFieldType() const =0;
109 virtual unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const;
110
111private:
112 Integer m_q;
113};
114
115/// \brief Integer-based GroupParameters default implementation
116/// \tparam GROUP_PRECOMP group parameters precomputation specialization
117/// \tparam BASE_PRECOMP base class precomputation specialization
118template <class GROUP_PRECOMP, class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<typename GROUP_PRECOMP::Element> >
119class CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBasedImpl : public DL_GroupParametersImpl<GROUP_PRECOMP, BASE_PRECOMP, DL_GroupParameters_IntegerBased>
120{
122
123public:
124 typedef typename GROUP_PRECOMP::Element Element;
125
127
128 // GeneratibleCryptoMaterial interface
129 bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
130 {return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();}
131
132 void AssignFrom(const NameValuePairs &source)
133 {AssignFromHelper<DL_GroupParameters_IntegerBased>(this, source);}
134
135 // DL_GroupParameters
136 const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;}
138
139 // IntegerGroupParameters
140 const Integer & GetModulus() const {return this->m_groupPrecomputation.GetModulus();}
141 const Integer & GetGenerator() const {return this->m_gpc.GetBase(this->GetGroupPrecomputation());}
142
143 void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) // these have to be set together
144 {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->GetGroupPrecomputation(), g); this->ParametersChanged();}
145
146 // non-inherited
148 {return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->GetSubgroupOrder() == rhs.GetSubgroupOrder();}
150 {return !operator==(rhs);}
151};
152
154
155/// \brief GF(p) group parameters
156class CRYPTOPP_DLL DL_GroupParameters_GFP : public DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation>
157{
158public:
159 virtual ~DL_GroupParameters_GFP() {}
160
161 // DL_GroupParameters
162 bool IsIdentity(const Integer &element) const {return element == Integer::One();}
163 void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
164
165 // NameValuePairs interface
166 bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
167 {
168 return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();
169 }
170
171 // used by MQV
172 Element MultiplyElements(const Element &a, const Element &b) const;
173 Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const;
174
175protected:
176 int GetFieldType() const {return 1;}
177};
178
179/// \brief GF(p) group parameters that default to safe primes
181{
182public:
184
186
187protected:
188 unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;}
189};
190
191/// \brief GDSA algorithm
192/// \tparam T FieldElement type or class
193template <class T>
195{
196public:
197 CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "DSA-1363";}
198
199 virtual ~DL_Algorithm_GDSA() {}
200
201 void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
202 {
203 const Integer &q = params.GetSubgroupOrder();
204 r %= q;
205 Integer kInv = k.InverseMod(q);
206 s = (kInv * (x*r + e)) % q;
207 CRYPTOPP_ASSERT(!!r && !!s);
208 }
209
210 bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
211 {
212 const Integer &q = params.GetSubgroupOrder();
213 if (r>=q || r<1 || s>=q || s<1)
214 return false;
215
216 Integer w = s.InverseMod(q);
217 Integer u1 = (e * w) % q;
218 Integer u2 = (r * w) % q;
219 // verify r == (g^u1 * y^u2 mod p) mod q
220 return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q;
221 }
222};
223
224/// \brief DSA signature algorithm based on RFC 6979
225/// \tparam T FieldElement type or class
226/// \tparam H HashTransformation derived class
227/// \sa <a href="http://tools.ietf.org/rfc/rfc6979.txt">RFC 6979, Deterministic Usage of the
228/// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)</a>
229/// \since Crypto++ 6.0
230template <class T, class H>
232{
233public:
234 CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "DSA-RFC6979";}
235
236 virtual ~DL_Algorithm_DSA_RFC6979() {}
237
238 bool IsProbabilistic() const
239 {return false;}
240 bool IsDeterministic() const
241 {return true;}
242
243 // Deterministic K
244 Integer GenerateRandom(const Integer &x, const Integer &q, const Integer &e) const
245 {
246 static const byte zero = 0, one = 1;
247 const size_t qlen = q.BitCount();
248 const size_t rlen = BitsToBytes(qlen);
249
250 // Step (a) - formatted E(m)
251 SecByteBlock BH(e.MinEncodedSize());
252 e.Encode(BH, BH.size());
253 BH = bits2octets(BH, q);
254
255 // Step (a) - private key to byte array
256 SecByteBlock BX(STDMAX(rlen, x.MinEncodedSize()));
257 x.Encode(BX, BX.size());
258
259 // Step (b)
260 SecByteBlock V(H::DIGESTSIZE);
261 std::fill(V.begin(), V.begin()+H::DIGESTSIZE, one);
262
263 // Step (c)
264 SecByteBlock K(H::DIGESTSIZE);
265 std::fill(K.begin(), K.begin()+H::DIGESTSIZE, zero);
266
267 // Step (d)
268 m_hmac.SetKey(K, K.size());
269 m_hmac.Update(V, V.size());
270 m_hmac.Update(&zero, 1);
271 m_hmac.Update(BX, BX.size());
272 m_hmac.Update(BH, BH.size());
273 m_hmac.TruncatedFinal(K, K.size());
274
275 // Step (e)
276 m_hmac.SetKey(K, K.size());
277 m_hmac.Update(V, V.size());
278 m_hmac.TruncatedFinal(V, V.size());
279
280 // Step (f)
281 m_hmac.SetKey(K, K.size());
282 m_hmac.Update(V, V.size());
283 m_hmac.Update(&one, 1);
284 m_hmac.Update(BX, BX.size());
285 m_hmac.Update(BH, BH.size());
286 m_hmac.TruncatedFinal(K, K.size());
287
288 // Step (g)
289 m_hmac.SetKey(K, K.size());
290 m_hmac.Update(V, V.size());
291 m_hmac.TruncatedFinal(V, V.size());
292
293 Integer k;
294 SecByteBlock temp(rlen);
295 for (;;)
296 {
297 // We want qlen bits, but we support only hash functions with an output length
298 // multiple of 8; hence, we will gather rlen bits, i.e., rolen octets.
299 size_t toff = 0;
300 while (toff < rlen)
301 {
302 m_hmac.Update(V, V.size());
303 m_hmac.TruncatedFinal(V, V.size());
304
305 size_t cc = STDMIN(V.size(), temp.size() - toff);
306 memcpy_s(temp+toff, temp.size() - toff, V, cc);
307 toff += cc;
308 }
309
310 k = bits2int(temp, qlen);
311 if (k > 0 && k < q)
312 break;
313
314 // k is not in the proper range; update K and V, and loop.
315 m_hmac.Update(V, V.size());
316 m_hmac.Update(&zero, 1);
317 m_hmac.TruncatedFinal(K, K.size());
318
319 m_hmac.SetKey(K, K.size());
320 m_hmac.Update(V, V.size());
321 m_hmac.TruncatedFinal(V, V.size());
322 }
323
324 return k;
325 }
326
327protected:
328
329 Integer bits2int(const SecByteBlock& bits, size_t qlen) const
330 {
331 Integer ret(bits, bits.size());
332 size_t blen = bits.size()*8;
333
334 if (blen > qlen)
335 ret >>= blen - qlen;
336
337 return ret;
338 }
339
340 // RFC 6979 support function. Takes an integer and converts it into bytes that
341 // are the same length as an elliptic curve's order.
342 SecByteBlock int2octets(const Integer& val, size_t rlen) const
343 {
344 SecByteBlock block(val.MinEncodedSize());
345 val.Encode(block, val.MinEncodedSize());
346
347 if (block.size() == rlen)
348 return block;
349
350 // The least significant bytes are the ones we need to preserve.
351 SecByteBlock t(rlen);
352 if (block.size() > rlen)
353 {
354 size_t offset = block.size() - rlen;
355 std::memcpy(t, block + offset, rlen);
356 }
357 else // block.size() < rlen
358 {
359 size_t offset = rlen - block.size();
360 memset(t, '\x00', offset);
361 std::memcpy(t + offset, block, rlen - offset);
362 }
363
364 return t;
365 }
366
367 // Turn a stream of bits into a set of bytes with the same length as an elliptic
368 // curve's order.
369 SecByteBlock bits2octets(const SecByteBlock& in, const Integer& q) const
370 {
371 Integer b2 = bits2int(in, q.BitCount());
372 Integer b1 = b2 - q;
373 return int2octets(b1.IsNegative() ? b2 : b1, q.ByteCount());
374 }
375
376private:
377 mutable H m_hash;
378 mutable HMAC<H> m_hmac;
379};
380
381/// \brief German Digital Signature Algorithm
382/// \tparam T FieldElement type or class
383/// \details The Digital Signature Scheme ECGDSA does not define the algorithm over integers. Rather, the
384/// signature algorithm is only defined over elliptic curves. However, The library design is such that the
385/// generic algorithm reside in <tt>gfpcrypt.h</tt>.
386/// \sa Erwin Hess, Marcus Schafheutle, and Pascale Serf <A HREF="http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf">
387/// The Digital Signature Scheme ECGDSA (October 24, 2006)</A>
388template <class T>
390{
391public:
392 CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "GDSA-ISO15946";}
393
394 virtual ~DL_Algorithm_GDSA_ISO15946() {}
395
396 void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
397 {
398 const Integer &q = params.GetSubgroupOrder();
399 // r = x(k * G) mod q
400 r = params.ConvertElementToInteger(params.ExponentiateBase(k)) % q;
401 // s = (k * r - h(m)) * d_A mod q
402 s = (k * r - e) * x % q;
403 CRYPTOPP_ASSERT(!!r && !!s);
404 }
405
406 bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
407 {
408 const Integer &q = params.GetSubgroupOrder();
409 if (r>=q || r<1 || s>=q || s<1)
410 return false;
411
412 const Integer& rInv = r.InverseMod(q);
413 const Integer u1 = (rInv * e) % q;
414 const Integer u2 = (rInv * s) % q;
415 // verify x(G^u1 + P_A^u2) mod q
416 return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q;
417 }
418};
419
420CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<Integer>;
421CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA1>;
422CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA224>;
423CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA256>;
424CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA384>;
425CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_DSA_RFC6979<Integer, SHA512>;
426
427/// \brief NR algorithm
428/// \tparam T FieldElement type or class
429template <class T>
431{
432public:
433 CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "NR";}
434
435 virtual ~DL_Algorithm_NR() {}
436
437 void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
438 {
439 const Integer &q = params.GetSubgroupOrder();
440 r = (r + e) % q;
441 s = (k - x*r) % q;
442 CRYPTOPP_ASSERT(!!r);
443 }
444
445 bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
446 {
447 const Integer &q = params.GetSubgroupOrder();
448 if (r>=q || r<1 || s>=q)
449 return false;
450
451 // check r == (m_g^s * m_y^r + m) mod m_q
452 return r == (params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(s, r)) + e) % q;
453 }
454};
455
456/// \brief Discrete Log (DL) public key in GF(p) groups
457/// \tparam GP GroupParameters derived class
458/// \details DSA public key format is defined in 7.3.3 of RFC 2459. The private key format is defined in 12.9 of PKCS #11 v2.10.
459template <class GP>
461{
462public:
463 virtual ~DL_PublicKey_GFP() {}
464
465 /// \brief Initialize a public key over GF(p)
466 /// \param params the group parameters
467 /// \param y the public element
469 {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);}
470
471 /// \brief Initialize a public key over GF(p)
472 /// \param p the modulus
473 /// \param g the generator
474 /// \param y the public element
475 void Initialize(const Integer &p, const Integer &g, const Integer &y)
476 {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);}
477
478 /// \brief Initialize a public key over GF(p)
479 /// \param p the modulus
480 /// \param q the subgroup order
481 /// \param g the generator
482 /// \param y the public element
483 void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
484 {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);}
485
486 // X509PublicKey
488 {this->SetPublicElement(Integer(bt));}
490 {this->GetPublicElement().DEREncode(bt);}
491};
492
493/// \brief Discrete Log (DL) private key in GF(p) groups
494/// \tparam GP GroupParameters derived class
495template <class GP>
497{
498public:
499 virtual ~DL_PrivateKey_GFP();
500
501 /// \brief Create a private key
502 /// \param rng a RandomNumberGenerator derived class
503 /// \param modulusBits the size of the modulus, in bits
504 /// \details This function overload of Initialize() creates a new private key because it
505 /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
506 /// then use one of the other Initialize() overloads.
507 void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
508 {this->GenerateRandomWithKeySize(rng, modulusBits);}
509
510 /// \brief Create a private key
511 /// \param rng a RandomNumberGenerator derived class
512 /// \param p the modulus
513 /// \param g the generator
514 /// \details This function overload of Initialize() creates a new private key because it
515 /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
516 /// then use one of the other Initialize() overloads.
517 void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
518 {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupGenerator", g));}
519
520 /// \brief Create a private key
521 /// \param rng a RandomNumberGenerator derived class
522 /// \param p the modulus
523 /// \param q the subgroup order
524 /// \param g the generator
525 /// \details This function overload of Initialize() creates a new private key because it
526 /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
527 /// then use one of the other Initialize() overloads.
528 void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
529 {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupOrder", q)("SubgroupGenerator", g));}
530
531 /// \brief Initialize a private key over GF(p)
532 /// \param params the group parameters
533 /// \param x the private exponent
535 {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);}
536
537 /// \brief Initialize a private key over GF(p)
538 /// \param p the modulus
539 /// \param g the generator
540 /// \param x the private exponent
541 void Initialize(const Integer &p, const Integer &g, const Integer &x)
542 {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);}
543
544 /// \brief Initialize a private key over GF(p)
545 /// \param p the modulus
546 /// \param q the subgroup order
547 /// \param g the generator
548 /// \param x the private exponent
549 void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
550 {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);}
551};
552
553// Out-of-line dtor due to AIX and GCC, http://github.com/weidai11/cryptopp/issues/499
554template <class GP>
556
557/// \brief Discrete Log (DL) signing/verification keys in GF(p) groups
559{
563};
564
565/// \brief Discrete Log (DL) encryption/decryption keys in GF(p) groups
567{
571};
572
573/// \brief DSA signature scheme
574/// \tparam H HashTransformation derived class
575/// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a>
576/// \since Crypto++ 1.0 for DSA, Crypto++ 5.6.2 for DSA2
577template <class H>
578struct GDSA : public DL_SS<
579 DL_SignatureKeys_GFP,
580 DL_Algorithm_GDSA<Integer>,
581 DL_SignatureMessageEncodingMethod_DSA,
582 H>
583{
584};
585
586/// \brief NR signature scheme
587/// \tparam H HashTransformation derived class
588/// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#NR">NR</a>
589template <class H>
590struct NR : public DL_SS<
591 DL_SignatureKeys_GFP,
592 DL_Algorithm_NR<Integer>,
593 DL_SignatureMessageEncodingMethod_NR,
594 H>
595{
596};
597
598/// \brief DSA group parameters
599/// \details These are GF(p) group parameters that are allowed by the DSA standard
600/// \sa DL_Keys_DSA
602{
603public:
604 virtual ~DL_GroupParameters_DSA() {}
605
606 /*! also checks that the lengths of p and q are allowed by the DSA standard */
607 bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
608 /*! parameters: (ModulusSize), or (Modulus, SubgroupOrder, SubgroupGenerator) */
609 /*! ModulusSize must be between DSA::MIN_PRIME_LENGTH and DSA::MAX_PRIME_LENGTH, and divisible by DSA::PRIME_LENGTH_MULTIPLE */
610 void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
611
612 static bool CRYPTOPP_API IsValidPrimeLength(unsigned int pbits)
613 {return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
614
615 enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024};
616};
617
618template <class H>
619class DSA2;
620
621/// \brief DSA keys
622/// \sa DL_GroupParameters_DSA
624{
627};
628
629/// \brief DSA signature scheme
630/// \tparam H HashTransformation derived class
631/// \details The class is named DSA2 instead of DSA for backwards compatibility because
632/// DSA was a non-template class.
633/// \details DSA default method GenerateRandom uses a 2048-bit modulus and a 224-bit subgoup by default.
634/// The modulus can be changed using the following code:
635/// <pre>
636/// DSA::PrivateKey privateKey;
637/// privateKey.GenerateRandomWithKeySize(prng, 2048);
638/// </pre>
639/// \details The subgroup order can be changed using the following code:
640/// <pre>
641/// AlgorithmParameters params = MakeParameters
642/// (Name::ModulusSize(), 2048)
643/// (Name::SubgroupOrderSize(), 256);
644///
645/// DSA::PrivateKey privateKey;
646/// privateKey.GenerateRandom(prng, params);
647/// </pre>
648/// \sa <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">DSA</a>, as specified in FIPS 186-3,
649/// <a href="https://www.cryptopp.com/wiki/Digital_Signature_Algorithm">Digital Signature Algorithm</a> on the wiki, and
650/// <a href="https://www.cryptopp.com/wiki/NameValuePairs">NameValuePairs</a> on the wiki.
651/// \since Crypto++ 1.0 for DSA, Crypto++ 5.6.2 for DSA2, Crypto++ 6.1 for 2048-bit modulus.
652template <class H>
653class DSA2 : public DL_SS<
654 DL_Keys_DSA,
655 DL_Algorithm_GDSA<Integer>,
656 DL_SignatureMessageEncodingMethod_DSA,
657 H,
658 DSA2<H> >
659{
660public:
661 static std::string CRYPTOPP_API StaticAlgorithmName() {return "DSA/" + (std::string)H::StaticAlgorithmName();}
662};
663
664/// \brief DSA deterministic signature scheme
665/// \tparam H HashTransformation derived class
666/// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a>
667/// \since Crypto++ 1.0 for DSA, Crypto++ 5.6.2 for DSA2
668template <class H>
669struct DSA_RFC6979 : public DL_SS<
670 DL_SignatureKeys_GFP,
671 DL_Algorithm_DSA_RFC6979<Integer, H>,
672 DL_SignatureMessageEncodingMethod_DSA,
673 H,
674 DSA_RFC6979<H> >
675{
676 static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string("DSA-RFC6979/") + H::StaticAlgorithmName();}
677};
678
679/// DSA with SHA-1, typedef'd for backwards compatibility
681
682CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_GFP<DL_GroupParameters_DSA>;
683CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_GFP<DL_GroupParameters_DSA>;
685
686/// \brief P1363 based XOR Encryption Method
687/// \tparam MAC MessageAuthenticationCode derived class used for MAC computation
688/// \tparam DHAES_MODE flag indicating DHAES mode
689/// \tparam LABEL_OCTETS flag indicating the label is octet count
690/// \details DL_EncryptionAlgorithm_Xor is based on an early P1363 draft, which itself appears to be based on an
691/// early Certicom SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used it in its Integrated
692/// Ecryption Schemes with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
693/// \details If you need this method for Crypto++ 4.2 compatibility, then use the ECIES template class with
694/// <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
695/// \details If you need this method for Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the ECIES template class with
696/// <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=ture</tt> and <tt>LABEL_OCTETS=false</tt>.
697/// \details Bouncy Castle 1.54 and Botan 1.11 compatibility are the default template parameters.
698/// \since Crypto++ 4.0
699template <class MAC, bool DHAES_MODE, bool LABEL_OCTETS=false>
701{
702public:
703 virtual ~DL_EncryptionAlgorithm_Xor() {}
704
705 bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;}
706 size_t GetSymmetricKeyLength(size_t plaintextLength) const
707 {return plaintextLength + static_cast<size_t>(MAC::DIGESTSIZE);}
708 size_t GetSymmetricCiphertextLength(size_t plaintextLength) const
709 {return plaintextLength + static_cast<size_t>(MAC::DIGESTSIZE);}
710 size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const
711 {return SaturatingSubtract(ciphertextLength, static_cast<size_t>(MAC::DIGESTSIZE));}
712 void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters) const
713 {
714 CRYPTOPP_UNUSED(rng);
715 const byte *cipherKey = NULLPTR, *macKey = NULLPTR;
716 if (DHAES_MODE)
717 {
718 macKey = key;
719 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
720 }
721 else
722 {
723 cipherKey = key;
724 macKey = key + plaintextLength;
725 }
726
727 ConstByteArrayParameter encodingParameters;
728 parameters.GetValue(Name::EncodingParameters(), encodingParameters);
729
730 if (plaintextLength) // Coverity finding
731 xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
732
733 MAC mac(macKey);
734 mac.Update(ciphertext, plaintextLength);
735 mac.Update(encodingParameters.begin(), encodingParameters.size());
736 if (DHAES_MODE)
737 {
738 byte L[8];
739 PutWord(false, BIG_ENDIAN_ORDER, L, (LABEL_OCTETS ? word64(encodingParameters.size()) : 8 * word64(encodingParameters.size())));
740 mac.Update(L, 8);
741 }
742 mac.Final(ciphertext + plaintextLength);
743 }
744 DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters) const
745 {
746 size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
747 const byte *cipherKey, *macKey;
748 if (DHAES_MODE)
749 {
750 macKey = key;
751 cipherKey = key + MAC::DEFAULT_KEYLENGTH;
752 }
753 else
754 {
755 cipherKey = key;
756 macKey = key + plaintextLength;
757 }
758
759 ConstByteArrayParameter encodingParameters;
760 parameters.GetValue(Name::EncodingParameters(), encodingParameters);
761
762 MAC mac(macKey);
763 mac.Update(ciphertext, plaintextLength);
764 mac.Update(encodingParameters.begin(), encodingParameters.size());
765 if (DHAES_MODE)
766 {
767 byte L[8];
768 PutWord(false, BIG_ENDIAN_ORDER, L, (LABEL_OCTETS ? word64(encodingParameters.size()) : 8 * word64(encodingParameters.size())));
769 mac.Update(L, 8);
770 }
771 if (!mac.Verify(ciphertext + plaintextLength))
772 return DecodingResult();
773
774 if (plaintextLength) // Coverity finding
775 xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
776
777 return DecodingResult(plaintextLength);
778 }
779};
780
781/// _
782template <class T, bool DHAES_MODE, class KDF>
784{
785public:
787
788 bool ParameterSupported(const char *name) const {return strcmp(name, Name::KeyDerivationParameters()) == 0;}
789 void Derive(const DL_GroupParameters<T> &params, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs &parameters) const
790 {
791 SecByteBlock agreedSecret;
792 if (DHAES_MODE)
793 {
794 agreedSecret.New(params.GetEncodedElementSize(true) + params.GetEncodedElementSize(false));
795 params.EncodeElement(true, ephemeralPublicKey, agreedSecret);
796 params.EncodeElement(false, agreedElement, agreedSecret + params.GetEncodedElementSize(true));
797 }
798 else
799 {
800 agreedSecret.New(params.GetEncodedElementSize(false));
801 params.EncodeElement(false, agreedElement, agreedSecret);
802 }
803
804 ConstByteArrayParameter derivationParameters;
805 parameters.GetValue(Name::KeyDerivationParameters(), derivationParameters);
806 KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.size(), derivationParameters.begin(), derivationParameters.size());
807 }
808};
809
810/// \brief Discrete Log Integrated Encryption Scheme
811/// \tparam COFACTOR_OPTION cofactor multiplication option
812/// \tparam HASH HashTransformation derived class used for key drivation and MAC computation
813/// \tparam DHAES_MODE flag indicating if the MAC includes addition context parameters such as the label
814/// \tparam LABEL_OCTETS flag indicating if the label size is specified in octets or bits
815/// \details DLIES is an Integer based Integrated Encryption Scheme (IES). The scheme combines a Key Encapsulation Method (KEM)
816/// with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is
817/// <A HREF="http://en.wikipedia.org/wiki/ciphertext_indistinguishability">IND-CCA2</A>, which is a strong notion of security.
818/// You should prefer an Integrated Encryption Scheme over homegrown schemes.
819/// \details The library's original implementation is based on an early P1363 draft, which itself appears to be based on an early Certicom
820/// SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used the early draft in its Integrated Ecryption
821/// Schemes with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
822/// \details If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the DLIES template class with
823/// <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
824/// \details If you desire an Integrated Encryption Scheme with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the DLIES
825/// template class with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=true</tt> and <tt>LABEL_OCTETS=false</tt>.
826/// \details The default template parameters ensure compatibility with Bouncy Castle 1.54 and Botan 1.11. The combination of
827/// <tt>IncompatibleCofactorMultiplication</tt> and <tt>DHAES_MODE=true</tt> is recommended for best efficiency and security.
828/// SHA1 is used for compatibility reasons, but it can be changed if desired. SHA-256 or another hash will likely improve the
829/// security provided by the MAC. The hash is also used in the key derivation function as a PRF.
830/// \details Below is an example of constructing a Crypto++ 4.2 compatible DLIES encryptor and decryptor.
831/// <pre>
832/// AutoSeededRandomPool prng;
833/// DL_PrivateKey_GFP<DL_GroupParameters_GFP> key;
834/// key.Initialize(prng, 2048);
835///
836/// DLIES<SHA1,NoCofactorMultiplication,true,true>::Decryptor decryptor(key);
837/// DLIES<SHA1,NoCofactorMultiplication,true,true>::Encryptor encryptor(decryptor);
838/// </pre>
839/// \sa ECIES, <a href="http://www.weidai.com/scan-mirror/ca.html#DLIES">Discrete Log Integrated Encryption Scheme (DLIES)</a>,
840/// Martínez, Encinas, and Ávila's <A HREF="http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf">A Survey of the Elliptic
841/// Curve Integrated Encryption Schemes</A>
842/// \since Crypto++ 4.0, Crypto++ 5.7 for Bouncy Castle and Botan compatibility
843template <class HASH = SHA1, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true, bool LABEL_OCTETS=false>
844struct DLIES
845 : public DL_ES<
846 DL_CryptoKeys_GFP,
847 DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
848 DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<HASH> >,
849 DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
850 DLIES<> >
851{
852 static std::string CRYPTOPP_API StaticAlgorithmName() {return "DLIES";} // TODO: fix this after name is standardized
853};
854
855NAMESPACE_END
856
857#if CRYPTOPP_MSC_VERSION
858# pragma warning(pop)
859#endif
860
861#endif
Classes for working with NameValuePairs.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:502
Classes and functions for working with ANS.1 objects.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
bool operator!=(const OID &lhs, const OID &rhs)
Compare two OIDs for inequality.
Encode and decode ASN.1 objects with additional information.
Definition: asn.h:381
virtual void DEREncode(BufferedTransformation &bt) const =0
Encode this object into a BufferedTransformation.
virtual void BERDecode(BufferedTransformation &bt)=0
Decode this object from a BufferedTransformation.
Interface for buffered transformations.
Definition: cryptlib.h:1599
Used to pass byte array input as part of a NameValuePairs object.
Definition: algparam.h:21
const byte * begin() const
Pointer to the first byte in the memory block.
Definition: algparam.h:80
size_t size() const
Length of the memory block.
Definition: algparam.h:84
DSA signature algorithm based on RFC 6979.
Definition: gfpcrypt.h:232
Integer GenerateRandom(const Integer &x, const Integer &q, const Integer &e) const
Generate k.
Definition: gfpcrypt.h:244
bool IsDeterministic() const
Signature scheme flag.
Definition: gfpcrypt.h:240
German Digital Signature Algorithm.
Definition: gfpcrypt.h:390
void Sign(const DL_GroupParameters< T > &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
Definition: gfpcrypt.h:396
bool Verify(const DL_GroupParameters< T > &params, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Definition: gfpcrypt.h:406
GDSA algorithm.
Definition: gfpcrypt.h:195
bool Verify(const DL_GroupParameters< T > &params, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Definition: gfpcrypt.h:210
void Sign(const DL_GroupParameters< T > &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
Definition: gfpcrypt.h:201
NR algorithm.
Definition: gfpcrypt.h:431
bool Verify(const DL_GroupParameters< T > &params, const DL_PublicKey< T > &publicKey, const Integer &e, const Integer &r, const Integer &s) const
Verify a message using a public key.
Definition: gfpcrypt.h:445
void Sign(const DL_GroupParameters< T > &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
Sign a message using a private key.
Definition: gfpcrypt.h:437
Discrete Log (DL) encryption scheme.
Definition: pubkey.h:2299
Interface for Elgamal-like signature algorithms.
Definition: pubkey.h:1367
P1363 based XOR Encryption Method.
Definition: gfpcrypt.h:701
DL_FixedBasePrecomputation interface.
Definition: eprecomp.h:61
DSA group parameters.
Definition: gfpcrypt.h:602
GF(p) group parameters that default to safe primes.
Definition: gfpcrypt.h:181
GF(p) group parameters.
Definition: gfpcrypt.h:157
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: gfpcrypt.h:166
Integer-based GroupParameters specialization.
Definition: gfpcrypt.h:35
void Initialize(const Integer &p, const Integer &g)
Initialize a group parameters over integers.
Definition: gfpcrypt.h:58
Integer GetGroupOrder() const
Retrieves the order of the group.
Definition: gfpcrypt.h:80
void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
Create a group parameters over integers.
Definition: gfpcrypt.h:52
Integer ConvertElementToInteger(const Element &element) const
Converts an element to an Integer.
Definition: gfpcrypt.h:90
void Initialize(const DL_GroupParameters_IntegerBased &params)
Initialize a group parameters over integers.
Definition: gfpcrypt.h:43
void Initialize(const Integer &p, const Integer &q, const Integer &g)
Initialize a group parameters over integers.
Definition: gfpcrypt.h:65
const Integer & GetSubgroupOrder() const
Retrieves the subgroup order.
Definition: gfpcrypt.h:79
Integer-based GroupParameters default implementation.
Definition: gfpcrypt.h:120
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition: gfpcrypt.h:132
const DL_FixedBasePrecomputation< Element > & GetBasePrecomputation() const
Retrieves the group precomputation.
Definition: gfpcrypt.h:136
DL_FixedBasePrecomputation< Element > & AccessBasePrecomputation()
Retrieves the group precomputation.
Definition: gfpcrypt.h:137
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition: gfpcrypt.h:129
Interface for Discrete Log (DL) group parameters.
Definition: pubkey.h:754
virtual const Element & GetSubgroupGenerator() const
Retrieves the subgroup generator.
Definition: pubkey.h:829
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual unsigned int GetEncodedElementSize(bool reversible) const =0
Retrieves the encoded element's size.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
Definition: pubkey.h:839
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
Base implementation of Discrete Log (DL) group parameters.
Definition: pubkey.h:984
const DL_GroupPrecomputation< Element > & GetGroupPrecomputation() const
Retrieves the group precomputation.
Definition: pubkey.h:994
Interface for key derivation algorithms used in DL cryptosystems.
Definition: pubkey.h:1449
Discrete Log (DL) private key in GF(p) groups.
Definition: gfpcrypt.h:497
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
Create a private key.
Definition: gfpcrypt.h:528
void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
Create a private key.
Definition: gfpcrypt.h:517
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
Create a private key.
Definition: gfpcrypt.h:507
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
Definition: gfpcrypt.h:549
void Initialize(const Integer &p, const Integer &g, const Integer &x)
Initialize a private key over GF(p)
Definition: gfpcrypt.h:541
void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &x)
Initialize a private key over GF(p)
Definition: gfpcrypt.h:534
Discrete Log (DL) private key base implementation.
Definition: pubkey.h:1209
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params)
Generate a random key or crypto parameters.
Definition: pubkey.h:1239
void SetPrivateExponent(const Integer &x)
Sets the private exponent.
Definition: pubkey.h:1264
Discrete Log (DL) public key in GF(p) groups.
Definition: gfpcrypt.h:461
void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &y)
Initialize a public key over GF(p)
Definition: gfpcrypt.h:468
void Initialize(const Integer &p, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
Definition: gfpcrypt.h:475
void DEREncodePublicKey(BufferedTransformation &bt) const
encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
Definition: gfpcrypt.h:489
void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
Definition: gfpcrypt.h:487
void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
Initialize a public key over GF(p)
Definition: gfpcrypt.h:483
Interface for Discrete Log (DL) public keys.
Definition: pubkey.h:1029
virtual const Element & GetPublicElement() const
Retrieves the public element.
Definition: pubkey.h:1059
virtual void SetPublicElement(const Element &y)
Sets the public element.
Definition: pubkey.h:1063
virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const
Exponentiates an element.
Definition: pubkey.h:1080
Discrete Log (DL) public key base implementation.
Definition: pubkey.h:1299
Discrete Log (DL) signature scheme.
Definition: pubkey.h:2279
Interface for symmetric encryption algorithms used in DL cryptosystems.
Definition: pubkey.h:1460
DSA signature scheme.
Definition: gfpcrypt.h:659
Interface for deterministic signers.
Definition: pubkey.h:1420
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
Definition: cryptlib.cpp:811
HMAC.
Definition: hmac.h:53
Multiple precision integer with arithmetic operations.
Definition: integer.h:50
size_t MinEncodedSize(Signedness sign=UNSIGNED) const
Minimum number of bytes to encode this integer.
Definition: integer.cpp:3393
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
Definition: integer.cpp:3345
static const Integer & One()
Integer representing 1.
Definition: integer.cpp:4877
bool IsNegative() const
Determines if the Integer is negative.
Definition: integer.h:336
unsigned int ByteCount() const
Determines the number of bytes required to represent the Integer.
Definition: integer.cpp:3336
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Definition: integer.cpp:3410
Integer InverseMod(const Integer &n) const
Calculate multiplicative inverse.
Definition: integer.cpp:4430
Interface for retrieving values given their names.
Definition: cryptlib.h:294
bool GetValue(const char *name, T &value) const
Get a named value.
Definition: cryptlib.h:350
Object Identifier.
Definition: asn.h:167
Interface for random number generators.
Definition: cryptlib.h:1384
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Definition: secblock.h:772
void New(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:965
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:797
SecBlock<byte> typedef.
Definition: secblock.h:1058
Library configuration file.
Abstract base classes that provide a uniform interface to this library.
@ BIG_ENDIAN_ORDER
byte order is big-endian
Definition: cryptlib.h:147
DSA2< SHA1 > DSA
DSA with SHA-1, typedef'd for backwards compatibility.
Definition: gfpcrypt.h:680
Classes for HMAC message authentication codes.
Multiple precision integer with arithmetic operations.
Utility functions for the Crypto++ library.
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
Definition: misc.h:1004
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
Definition: misc.h:578
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
Definition: misc.h:443
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition: misc.h:567
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
Definition: misc.h:850
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
Definition: misc.h:2428
Crypto++ library namespace.
const char * KeyDerivationParameters()
ConstByteArrayParameter.
Definition: argnames.h:67
const char * EncodingParameters()
ConstByteArrayParameter.
Definition: argnames.h:66
This file contains helper classes/functions for implementing public key algorithms.
Classes for SHA-1 and SHA-2 family of message digests.
Classes for automatic resource management.
Discrete Log (DL) encryption/decryption keys in GF(p) groups.
Definition: gfpcrypt.h:567
DSA keys.
Definition: gfpcrypt.h:624
Discrete Log (DL) signing/verification keys in GF(p) groups.
Definition: gfpcrypt.h:559
Discrete Log Integrated Encryption Scheme.
Definition: gfpcrypt.h:851
DSA deterministic signature scheme.
Definition: gfpcrypt.h:675
Returns a decoding results.
Definition: cryptlib.h:256
Converts an enumeration to a type suitable for use as a template parameter.
Definition: cryptlib.h:136
DSA signature scheme.
Definition: gfpcrypt.h:583
NR signature scheme.
Definition: gfpcrypt.h:595
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:69