Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members

eccrypto.h

Go to the documentation of this file.
00001 #ifndef CRYPTOPP_ECCRYPTO_H
00002 #define CRYPTOPP_ECCRTPTO_H
00003 
00004 /*! \file
00005 */
00006 
00007 #include "pubkey.h"
00008 #include "integer.h"
00009 #include "asn.h"
00010 #include "hmac.h"
00011 #include "sha.h"
00012 #include "gfpcrypt.h"
00013 #include "dh.h"
00014 #include "mqv.h"
00015 
00016 NAMESPACE_BEGIN(CryptoPP)
00017 
00018 template <class T> class EcPrecomputation;
00019 
00020 //! Elliptic Curve Parameters
00021 /*! This class corresponds to the ASN.1 sequence of the same name
00022     in ANSI X9.62 (also SEC 1).
00023 */
00024 template <class EC>
00025 class DL_GroupParameters_EC : public DL_GroupParametersImpl<EcPrecomputation<EC> >
00026 {
00027         typedef DL_GroupParameters_EC<EC> ThisClass;
00028 
00029 public:
00030         typedef EC EllipticCurve;
00031         typedef typename EllipticCurve::Point Point;
00032         typedef Point Element;
00033         typedef IncompatibleCofactorMultiplication DefaultCofactorOption;
00034 
00035         DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(false) {}
00036         DL_GroupParameters_EC(const OID &oid)
00037                 : m_compress(false), m_encodeAsOID(false) {Initialize(oid);}
00038         DL_GroupParameters_EC(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
00039                 : m_compress(false), m_encodeAsOID(false) {Initialize(ec, G, n, k);}
00040         DL_GroupParameters_EC(BufferedTransformation &bt)
00041                 : m_compress(false), m_encodeAsOID(false) {BERDecode(bt);}
00042 
00043         void Initialize(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
00044         {
00045                 m_groupPrecomputation.SetCurve(ec);
00046                 SetSubgroupGenerator(G);
00047                 m_n = n;
00048                 m_k = k;
00049         }
00050         void Initialize(const OID &oid);
00051 
00052         // NameValuePairs
00053         bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
00054         void AssignFrom(const NameValuePairs &source);
00055 
00056         // GeneratibleCryptoMaterial interface
00057         //! this implementation doesn't actually generate a curve, it just initializes the parameters with existing values
00058         /*! parameters: (Curve, SubgroupGenerator, SubgroupOrder, Cofactor (optional)), or (GroupOID) */
00059         void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
00060 
00061         // DL_GroupParameters
00062         const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return m_gpc;}
00063         DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return m_gpc;}
00064         const Integer & GetSubgroupOrder() const {return m_n;}
00065         Integer GetCofactor() const;
00066         bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
00067         bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const;
00068         bool FastSubgroupCheckAvailable() const {return false;}
00069         void EncodeElement(bool reversible, const Element &element, byte *encoded) const
00070         {
00071                 if (reversible)
00072                         GetCurve().EncodePoint(encoded, element, m_compress);
00073                 else
00074                         element.x.Encode(encoded, GetEncodedElementSize(false));
00075         }
00076         unsigned int GetEncodedElementSize(bool reversible) const
00077         {
00078                 if (reversible)
00079                         return GetCurve().EncodedPointSize(m_compress);
00080                 else
00081                         return GetCurve().GetField().MaxElementByteLength();
00082         }
00083         Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const
00084         {
00085                 Point result;
00086                 if (!GetCurve().DecodePoint(result, encoded, GetEncodedElementSize(true)))
00087                         throw DL_BadElement();
00088                 if (checkForGroupMembership && !ValidateElement(1, result, NULL))
00089                         throw DL_BadElement();
00090                 return result;
00091         }
00092         Integer ConvertElementToInteger(const Element &element) const;
00093         Integer GetMaxExponent() const {return GetSubgroupOrder()-1;}
00094         bool IsIdentity(const Element &element) const {return element.identity;}
00095         void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
00096 
00097         // ASN1Key
00098         OID GetAlgorithmID() const;
00099 
00100         // used by MQV
00101         Element MultiplyElements(const Element &a, const Element &b) const;
00102         Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const;
00103 
00104         // non-inherited
00105 
00106         // enumerate OIDs for recommended parameters, use OID() to get first one
00107         static OID GetNextRecommendedParametersOID(const OID &oid);
00108 
00109         void BERDecode(BufferedTransformation &bt);
00110         void DEREncode(BufferedTransformation &bt) const;
00111 
00112         void SetPointCompression(bool compress) {m_compress = compress;}
00113         bool GetPointCompression() const {return m_compress;}
00114 
00115         void SetEncodeAsOID(bool encodeAsOID) {m_encodeAsOID = encodeAsOID;}
00116         bool GetEncodeAsOID() const {return m_encodeAsOID;}
00117 
00118         const EllipticCurve& GetCurve() const {return m_groupPrecomputation.GetCurve();}
00119 
00120 #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
00121         const Point& GetBasePoint() const {return GetSubgroupGenerator();}
00122         const Integer& GetBasePointOrder() const {return GetSubgroupOrder();}
00123         void LoadRecommendedParameters(const OID &oid) {Initialize(oid);}
00124 #endif
00125 
00126 protected:
00127         unsigned int FieldElementLength() const {return GetCurve().GetField().MaxElementByteLength();}
00128         unsigned int ExponentLength() const {return m_n.ByteCount();}
00129 
00130         OID m_oid;                      // set if parameters loaded from a recommended curve
00131         Integer m_n;            // order of base point
00132         bool m_compress, m_encodeAsOID;
00133         mutable Integer m_k;            // cofactor
00134 };
00135 
00136 //! .
00137 template <class EC>
00138 class DL_PublicKey_EC : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> >
00139 {
00140 public:
00141         typedef typename EC::Point Element;
00142 
00143         void Initialize(const DL_GroupParameters_EC<EC> &params, const Element &Q)
00144                 {AccessGroupParameters() = params; SetPublicElement(Q);}
00145         void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q)
00146                 {AccessGroupParameters().Initialize(ec, G, n); SetPublicElement(Q);}
00147 
00148         // X509PublicKey
00149         void BERDecodeKey2(BufferedTransformation &bt, bool parametersPresent, unsigned int size);
00150         void DEREncodeKey(BufferedTransformation &bt) const;
00151 };
00152 
00153 //! .
00154 template <class EC>
00155 class DL_PrivateKey_EC : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> >
00156 {
00157 public:
00158         typedef typename EC::Point Element;
00159 
00160         void Initialize(const DL_GroupParameters_EC<EC> &params, const Integer &x)
00161                 {AccessGroupParameters() = params; SetPrivateExponent(x);}
00162         void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x)
00163                 {AccessGroupParameters().Initialize(ec, G, n); SetPrivateExponent(x);}
00164         void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> &params)
00165                 {GenerateRandom(rng, params);}
00166         void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n)
00167                 {GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));}
00168 
00169         // PKCS8PrivateKey
00170         void BERDecodeKey2(BufferedTransformation &bt,  bool parametersPresent, unsigned int size);
00171         void DEREncodeKey(BufferedTransformation &bt) const;
00172 };
00173 
00174 //! Elliptic Curve Diffie-Hellman, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">ECDH</a>
00175 template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption>
00176 struct ECDH
00177 {
00178         typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
00179 };
00180 
00181 /// Elliptic Curve Menezes-Qu-Vanstone, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">ECMQV</a>
00182 template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption>
00183 struct ECMQV
00184 {
00185         typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
00186 };
00187 
00188 //! .
00189 template <class EC>
00190 struct DL_Keys_EC
00191 {
00192         typedef DL_PublicKey_EC<EC> PublicKey;
00193         typedef DL_PrivateKey_EC<EC> PrivateKey;
00194 };
00195 
00196 template <class EC, class H = SHA>
00197 struct ECDSA;
00198 
00199 //! .
00200 template <class EC>
00201 struct DL_Keys_ECDSA
00202 {
00203         typedef DL_PublicKey_EC<EC> PublicKey;
00204         typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC>, ECDSA<EC> > PrivateKey;
00205 };
00206 
00207 //! .
00208 template <class EC>
00209 class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point>
00210 {
00211 public:
00212         static const char * StaticAlgorithmName() {return "ECDSA";}
00213 };
00214 
00215 //! .
00216 template <class EC>
00217 class DL_Algorithm_ECNR : public DL_Algorithm_NR<typename EC::Point>
00218 {
00219 public:
00220         static const char * StaticAlgorithmName() {return "ECNR";}
00221 };
00222 
00223 //! <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a>
00224 template <class EC, class H>
00225 struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H>
00226 {
00227 };
00228 
00229 //! ECNR
00230 template <class EC, class H = SHA>
00231 struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H>
00232 {
00233 };
00234 
00235 //! Elliptic Curve Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#ECIES">ECIES</a>
00236 /*! Default to (NoCofactorMultiplication and DHAES_MODE = false) for compatibilty with SEC1 and Crypto++ 4.2.
00237         The combination of (IncompatibleCofactorMultiplication and DHAES_MODE = true) is recommended for best
00238         efficiency and security. */
00239 template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = false>
00240 struct ECIES
00241         : public DL_ES<
00242                 DL_Keys_EC<EC>,
00243                 DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>,
00244                 DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, P1363_KDF2<SHA1> >,
00245                 DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
00246                 ECIES<EC> >
00247 {
00248         static std::string StaticAlgorithmName() {return "ECIES";}      // TODO: fix this after name is standardized
00249 };
00250 
00251 NAMESPACE_END
00252 
00253 #endif

Generated on Mon Apr 19 18:12:29 2004 for Crypto++ by doxygen 1.3.6-20040222