Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members

eccrypto.h

Go to the documentation of this file.
00001 #ifndef CRYPTOPP_ECCRYPTO_H 00002 #define CRYPTOPP_ECCRTPTO_H 00003 00004 /*! \file 00005 */ 00006 00007 #include "pubkey.h" 00008 #include "integer.h" 00009 #include "asn.h" 00010 #include "hmac.h" 00011 #include "sha.h" 00012 #include "gfpcrypt.h" 00013 #include "dh.h" 00014 #include "mqv.h" 00015 00016 NAMESPACE_BEGIN(CryptoPP) 00017 00018 template <class T> class EcPrecomputation; 00019 00020 //! Elliptic Curve Parameters 00021 /*! This class corresponds to the ASN.1 sequence of the same name 00022 in ANSI X9.62 (also SEC 1). 00023 */ 00024 template <class EC> 00025 class DL_GroupParameters_EC : public DL_GroupParametersImpl<EcPrecomputation<EC> > 00026 { 00027 typedef DL_GroupParameters_EC<EC> ThisClass; 00028 00029 public: 00030 typedef EC EllipticCurve; 00031 typedef typename EllipticCurve::Point Point; 00032 typedef Point Element; 00033 typedef IncompatibleCofactorMultiplication DefaultCofactorOption; 00034 00035 DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(false) {} 00036 DL_GroupParameters_EC(const OID &oid) 00037 : m_compress(false), m_encodeAsOID(false) {Initialize(oid);} 00038 DL_GroupParameters_EC(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero()) 00039 : m_compress(false), m_encodeAsOID(false) {Initialize(ec, G, n, k);} 00040 DL_GroupParameters_EC(BufferedTransformation &bt) 00041 : m_compress(false), m_encodeAsOID(false) {BERDecode(bt);} 00042 00043 void Initialize(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero()) 00044 { 00045 m_groupPrecomputation.SetCurve(ec); 00046 SetSubgroupGenerator(G); 00047 m_n = n; 00048 m_k = k; 00049 } 00050 void Initialize(const OID &oid); 00051 00052 // NameValuePairs 00053 bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; 00054 void AssignFrom(const NameValuePairs &source); 00055 00056 // GeneratibleCryptoMaterial interface 00057 //! this implementation doesn't actually generate a curve, it just initializes the parameters with existing values 00058 /*! parameters: (Curve, SubgroupGenerator, SubgroupOrder, Cofactor (optional)), or (GroupOID) */ 00059 void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); 00060 00061 // DL_GroupParameters 00062 const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return m_gpc;} 00063 DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return m_gpc;} 00064 const Integer & GetSubgroupOrder() const {return m_n;} 00065 Integer GetCofactor() const; 00066 bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; 00067 bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const; 00068 bool FastSubgroupCheckAvailable() const {return false;} 00069 void EncodeElement(bool reversible, const Element &element, byte *encoded) const 00070 { 00071 if (reversible) 00072 GetCurve().EncodePoint(encoded, element, m_compress); 00073 else 00074 element.x.Encode(encoded, GetEncodedElementSize(false)); 00075 } 00076 unsigned int GetEncodedElementSize(bool reversible) const 00077 { 00078 if (reversible) 00079 return GetCurve().EncodedPointSize(m_compress); 00080 else 00081 return GetCurve().GetField().MaxElementByteLength(); 00082 } 00083 Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const 00084 { 00085 Point result; 00086 if (!GetCurve().DecodePoint(result, encoded, GetEncodedElementSize(true))) 00087 throw DL_BadElement(); 00088 if (checkForGroupMembership && !ValidateElement(1, result, NULL)) 00089 throw DL_BadElement(); 00090 return result; 00091 } 00092 Integer ConvertElementToInteger(const Element &element) const; 00093 Integer GetMaxExponent() const {return GetSubgroupOrder()-1;} 00094 bool IsIdentity(const Element &element) const {return element.identity;} 00095 void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; 00096 00097 // ASN1Key 00098 OID GetAlgorithmID() const; 00099 00100 // used by MQV 00101 Element MultiplyElements(const Element &a, const Element &b) const; 00102 Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const; 00103 00104 // non-inherited 00105 00106 // enumerate OIDs for recommended parameters, use OID() to get first one 00107 static OID GetNextRecommendedParametersOID(const OID &oid); 00108 00109 void BERDecode(BufferedTransformation &bt); 00110 void DEREncode(BufferedTransformation &bt) const; 00111 00112 void SetPointCompression(bool compress) {m_compress = compress;} 00113 bool GetPointCompression() const {return m_compress;} 00114 00115 void SetEncodeAsOID(bool encodeAsOID) {m_encodeAsOID = encodeAsOID;} 00116 bool GetEncodeAsOID() const {return m_encodeAsOID;} 00117 00118 const EllipticCurve& GetCurve() const {return m_groupPrecomputation.GetCurve();} 00119 00120 #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY 00121 const Point& GetBasePoint() const {return GetSubgroupGenerator();} 00122 const Integer& GetBasePointOrder() const {return GetSubgroupOrder();} 00123 void LoadRecommendedParameters(const OID &oid) {Initialize(oid);} 00124 #endif 00125 00126 protected: 00127 unsigned int FieldElementLength() const {return GetCurve().GetField().MaxElementByteLength();} 00128 unsigned int ExponentLength() const {return m_n.ByteCount();} 00129 00130 OID m_oid; // set if parameters loaded from a recommended curve 00131 Integer m_n; // order of base point 00132 bool m_compress, m_encodeAsOID; 00133 mutable Integer m_k; // cofactor 00134 }; 00135 00136 //! . 00137 template <class EC> 00138 class DL_PublicKey_EC : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> > 00139 { 00140 public: 00141 typedef typename EC::Point Element; 00142 00143 void Initialize(const DL_GroupParameters_EC<EC> &params, const Element &Q) 00144 {AccessGroupParameters() = params; SetPublicElement(Q);} 00145 void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q) 00146 {AccessGroupParameters().Initialize(ec, G, n); SetPublicElement(Q);} 00147 00148 // X509PublicKey 00149 void BERDecodeKey2(BufferedTransformation &bt, bool parametersPresent, unsigned int size); 00150 void DEREncodeKey(BufferedTransformation &bt) const; 00151 }; 00152 00153 //! . 00154 template <class EC> 00155 class DL_PrivateKey_EC : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> > 00156 { 00157 public: 00158 typedef typename EC::Point Element; 00159 00160 void Initialize(const DL_GroupParameters_EC<EC> &params, const Integer &x) 00161 {AccessGroupParameters() = params; SetPrivateExponent(x);} 00162 void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x) 00163 {AccessGroupParameters().Initialize(ec, G, n); SetPrivateExponent(x);} 00164 void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> &params) 00165 {GenerateRandom(rng, params);} 00166 void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n) 00167 {GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));} 00168 00169 // PKCS8PrivateKey 00170 void BERDecodeKey2(BufferedTransformation &bt, bool parametersPresent, unsigned int size); 00171 void DEREncodeKey(BufferedTransformation &bt) const; 00172 }; 00173 00174 //! Elliptic Curve Diffie-Hellman, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">ECDH</a> 00175 template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption> 00176 struct ECDH 00177 { 00178 typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain; 00179 }; 00180 00181 /// Elliptic Curve Menezes-Qu-Vanstone, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">ECMQV</a> 00182 template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption> 00183 struct ECMQV 00184 { 00185 typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain; 00186 }; 00187 00188 //! . 00189 template <class EC> 00190 struct DL_Keys_EC 00191 { 00192 typedef DL_PublicKey_EC<EC> PublicKey; 00193 typedef DL_PrivateKey_EC<EC> PrivateKey; 00194 }; 00195 00196 template <class EC, class H = SHA> 00197 struct ECDSA; 00198 00199 //! . 00200 template <class EC> 00201 struct DL_Keys_ECDSA 00202 { 00203 typedef DL_PublicKey_EC<EC> PublicKey; 00204 typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC>, ECDSA<EC> > PrivateKey; 00205 }; 00206 00207 //! . 00208 template <class EC> 00209 class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point> 00210 { 00211 public: 00212 static const char * StaticAlgorithmName() {return "ECDSA";} 00213 }; 00214 00215 //! . 00216 template <class EC> 00217 class DL_Algorithm_ECNR : public DL_Algorithm_NR<typename EC::Point> 00218 { 00219 public: 00220 static const char * StaticAlgorithmName() {return "ECNR";} 00221 }; 00222 00223 //! <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a> 00224 template <class EC, class H> 00225 struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H> 00226 { 00227 }; 00228 00229 //! ECNR 00230 template <class EC, class H = SHA> 00231 struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H> 00232 { 00233 }; 00234 00235 //! Elliptic Curve Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#ECIES">ECIES</a> 00236 /*! Default to (NoCofactorMultiplication and DHAES_MODE = false) for compatibilty with SEC1 and Crypto++ 4.2. 00237 The combination of (IncompatibleCofactorMultiplication and DHAES_MODE = true) is recommended for best 00238 efficiency and security. */ 00239 template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = false> 00240 struct ECIES 00241 : public DL_ES< 00242 DL_Keys_EC<EC>, 00243 DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>, 00244 DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, P1363_KDF2<SHA1> >, 00245 DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>, 00246 ECIES<EC> > 00247 { 00248 static std::string StaticAlgorithmName() {return "ECIES";} // TODO: fix this after name is standardized 00249 }; 00250 00251 NAMESPACE_END 00252 00253 #endif

Generated on Wed Jul 28 08:07:06 2004 for Crypto++ by doxygen 1.3.7