archive
/
tf2
mirror of https://github.com/sr2echa/TF2-Source-Code
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Team Fortress 2 Source Code as on 22/4/2020
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
1.4 GiB
Tree: 51d17c74db
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '51d17c74db'
${ noResults }
tf2/tf2_src/external/crypto++-5.6.3/eccrypto.h

671 lines
24 KiB
Raw Normal View History

compressed some files
5 years ago
  1. // eccrypto.h - written and placed in the public domain by Wei Dai
  3. //! \file eccrypto.h
  4. //! \brief Classes and functions for Elliptic Curves over prime and binary fields
  6. #ifndef CRYPTOPP_ECCRYPTO_H
  7. #define CRYPTOPP_ECCRYPTO_H
  9. #include "config.h"
  10. #include "cryptlib.h"
  11. #include "pubkey.h"
  12. #include "integer.h"
  13. #include "asn.h"
  14. #include "hmac.h"
  15. #include "sha.h"
  16. #include "gfpcrypt.h"
  17. #include "dh.h"
  18. #include "mqv.h"
  19. #include "ecp.h"
  20. #include "ec2n.h"
  22. NAMESPACE_BEGIN(CryptoPP)
  24. //! Elliptic Curve Parameters
  25. /*! This class corresponds to the ASN.1 sequence of the same name
  26. in ANSI X9.62 (also SEC 1).
  27. */
  28. template <class EC>
  29. class DL_GroupParameters_EC : public DL_GroupParametersImpl<EcPrecomputation<EC> >
  30. {
  31. typedef DL_GroupParameters_EC<EC> ThisClass;
  33. public:
  34. typedef EC EllipticCurve;
  35. typedef typename EllipticCurve::Point Point;
  36. typedef Point Element;
  37. typedef IncompatibleCofactorMultiplication DefaultCofactorOption;
  39. DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(false) {}
  40. DL_GroupParameters_EC(const OID &oid)
  41. : m_compress(false), m_encodeAsOID(false) {Initialize(oid);}
  42. DL_GroupParameters_EC(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
  43. : m_compress(false), m_encodeAsOID(false) {Initialize(ec, G, n, k);}
  44. DL_GroupParameters_EC(BufferedTransformation &bt)
  45. : m_compress(false), m_encodeAsOID(false) {BERDecode(bt);}
  47. void Initialize(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
  48. {
  49. this->m_groupPrecomputation.SetCurve(ec);
  50. this->SetSubgroupGenerator(G);
  51. m_n = n;
  52. m_k = k;
  53. }
  54. void Initialize(const OID &oid);
  56. // NameValuePairs
  57. bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
  58. void AssignFrom(const NameValuePairs &source);
  60. // GeneratibleCryptoMaterial interface
  61. //! this implementation doesn't actually generate a curve, it just initializes the parameters with existing values
  62. /*! parameters: (Curve, SubgroupGenerator, SubgroupOrder, Cofactor (optional)), or (GroupOID) */
  63. void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
  65. // DL_GroupParameters
  66. const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;}
  67. DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;}
  68. const Integer & GetSubgroupOrder() const {return m_n;}
  69. Integer GetCofactor() const;
  70. bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
  71. bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const;
  72. bool FastSubgroupCheckAvailable() const {return false;}
  73. void EncodeElement(bool reversible, const Element &element, byte *encoded) const
  74. {
  75. if (reversible)
  76. GetCurve().EncodePoint(encoded, element, m_compress);
  77. else
  78. element.x.Encode(encoded, GetEncodedElementSize(false));
  79. }
  80. virtual unsigned int GetEncodedElementSize(bool reversible) const
  81. {
  82. if (reversible)
  83. return GetCurve().EncodedPointSize(m_compress);
  84. else
  85. return GetCurve().GetField().MaxElementByteLength();
  86. }
  87. Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const
  88. {
  89. Point result;
  90. if (!GetCurve().DecodePoint(result, encoded, GetEncodedElementSize(true)))
  91. throw DL_BadElement();
  92. if (checkForGroupMembership && !ValidateElement(1, result, NULL))
  93. throw DL_BadElement();
  94. return result;
  95. }
  96. Integer ConvertElementToInteger(const Element &element) const;
  97. Integer GetMaxExponent() const {return GetSubgroupOrder()-1;}
  98. bool IsIdentity(const Element &element) const {return element.identity;}
  99. void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
  100. static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "EC";}
  102. // ASN1Key
  103. OID GetAlgorithmID() const;
  105. // used by MQV
  106. Element MultiplyElements(const Element &a, const Element &b) const;
  107. Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const;
  109. // non-inherited
  111. // enumerate OIDs for recommended parameters, use OID() to get first one
  112. static OID CRYPTOPP_API GetNextRecommendedParametersOID(const OID &oid);
  114. void BERDecode(BufferedTransformation &bt);
  115. void DEREncode(BufferedTransformation &bt) const;
  117. void SetPointCompression(bool compress) {m_compress = compress;}
  118. bool GetPointCompression() const {return m_compress;}
  120. void SetEncodeAsOID(bool encodeAsOID) {m_encodeAsOID = encodeAsOID;}
  121. bool GetEncodeAsOID() const {return m_encodeAsOID;}
  123. const EllipticCurve& GetCurve() const {return this->m_groupPrecomputation.GetCurve();}
  125. bool operator==(const ThisClass &rhs) const
  126. {return this->m_groupPrecomputation.GetCurve() == rhs.m_groupPrecomputation.GetCurve() && this->m_gpc.GetBase(this->m_groupPrecomputation) == rhs.m_gpc.GetBase(rhs.m_groupPrecomputation);}
  128. #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
  129. const Point& GetBasePoint() const {return this->GetSubgroupGenerator();}
  130. const Integer& GetBasePointOrder() const {return this->GetSubgroupOrder();}
  131. void LoadRecommendedParameters(const OID &oid) {Initialize(oid);}
  132. #endif
  134. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  135. virtual ~DL_GroupParameters_EC() {}
  136. #endif
  138. protected:
  139. unsigned int FieldElementLength() const {return GetCurve().GetField().MaxElementByteLength();}
  140. unsigned int ExponentLength() const {return m_n.ByteCount();}
  142. OID m_oid; // set if parameters loaded from a recommended curve
  143. Integer m_n; // order of base point
  144. mutable Integer m_k; // cofactor
  145. mutable bool m_compress, m_encodeAsOID; // presentation details
  146. };
  148. //! EC public key
  149. template <class EC>
  150. class DL_PublicKey_EC : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> >
  151. {
  152. public:
  153. typedef typename EC::Point Element;
  155. void Initialize(const DL_GroupParameters_EC<EC> &params, const Element &Q)
  156. {this->AccessGroupParameters() = params; this->SetPublicElement(Q);}
  157. void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q)
  158. {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPublicElement(Q);}
  160. // X509PublicKey
  161. void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
  162. void DEREncodePublicKey(BufferedTransformation &bt) const;
  164. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  165. virtual ~DL_PublicKey_EC() {}
  166. #endif
  167. };
  169. //! EC private key
  170. template <class EC>
  171. class DL_PrivateKey_EC : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> >
  172. {
  173. public:
  174. typedef typename EC::Point Element;
  176. void Initialize(const DL_GroupParameters_EC<EC> &params, const Integer &x)
  177. {this->AccessGroupParameters() = params; this->SetPrivateExponent(x);}
  178. void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x)
  179. {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPrivateExponent(x);}
  180. void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> &params)
  181. {this->GenerateRandom(rng, params);}
  182. void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n)
  183. {this->GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));}
  185. // PKCS8PrivateKey
  186. void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
  187. void DEREncodePrivateKey(BufferedTransformation &bt) const;
  189. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  190. virtual ~DL_PrivateKey_EC() {}
  191. #endif
  192. };
  194. //! Elliptic Curve Diffie-Hellman, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">ECDH</a>
  195. template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption>
  196. struct ECDH
  197. {
  198. typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
  200. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  201. virtual ~ECDH() {}
  202. #endif
  203. };
  205. /// Elliptic Curve Menezes-Qu-Vanstone, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">ECMQV</a>
  206. template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption>
  207. struct ECMQV
  208. {
  209. typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
  211. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  212. virtual ~ECMQV() {}
  213. #endif
  214. };
  216. //! EC keys
  217. template <class EC>
  218. struct DL_Keys_EC
  219. {
  220. typedef DL_PublicKey_EC<EC> PublicKey;
  221. typedef DL_PrivateKey_EC<EC> PrivateKey;
  223. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  224. virtual ~DL_Keys_EC() {}
  225. #endif
  226. };
  228. template <class EC, class H>
  229. struct ECDSA;
  231. //! ECDSA keys
  232. template <class EC>
  233. struct DL_Keys_ECDSA
  234. {
  235. typedef DL_PublicKey_EC<EC> PublicKey;
  236. typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC>, ECDSA<EC, SHA256> > PrivateKey;
  238. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  239. virtual ~DL_Keys_ECDSA() {}
  240. #endif
  241. };
  243. //! ECDSA algorithm
  244. template <class EC>
  245. class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point>
  246. {
  247. public:
  248. static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECDSA";}
  250. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  251. virtual ~DL_Algorithm_ECDSA() {}
  252. #endif
  253. };
  255. //! ECNR algorithm
  256. template <class EC>
  257. class DL_Algorithm_ECNR : public DL_Algorithm_NR<typename EC::Point>
  258. {
  259. public:
  260. static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECNR";}
  262. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  263. virtual ~DL_Algorithm_ECNR() {}
  264. #endif
  265. };
  267. //! <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a>
  268. template <class EC, class H>
  269. struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H>
  270. {
  271. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  272. virtual ~ECDSA() {}
  273. #endif
  274. };
  276. //! ECNR
  277. template <class EC, class H = SHA>
  278. struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H>
  279. {
  280. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  281. virtual ~ECNR() {}
  282. #endif
  283. };
  285. //! Elliptic Curve Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#ECIES">ECIES</a>
  286. /*! Default to (NoCofactorMultiplication and DHAES_MODE = false) for compatibilty with SEC1 and Crypto++ 4.2.
  287. The combination of (IncompatibleCofactorMultiplication and DHAES_MODE = true) is recommended for best
  288. efficiency and security. */
  289. template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = false>
  290. struct ECIES
  291. : public DL_ES<
  292. DL_Keys_EC<EC>,
  293. DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>,
  294. DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, P1363_KDF2<SHA1> >,
  295. DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
  296. ECIES<EC> >
  297. {
  298. static std::string CRYPTOPP_API StaticAlgorithmName() {return "ECIES";} // TODO: fix this after name is standardized
  300. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  301. virtual ~ECIES() {}
  302. #endif
  304. #if (CRYPTOPP_GCC_VERSION >= 40500) || (CRYPTOPP_CLANG_VERSION >= 30000)
  305. } __attribute__((deprecated ("ECIES will be changing in the near future due to (1) an implementation bug and (2) an interop issue.")));
  306. #elif (CRYPTOPP_GCC_VERSION )
  307. } __attribute__((deprecated));
  308. #else
  309. };
  310. #endif
  312. NAMESPACE_END
  314. #ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES
  315. #include "eccrypto.cpp"
  316. #endif
  318. NAMESPACE_BEGIN(CryptoPP)
  320. CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<ECP>;
  321. CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<EC2N>;
  322. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<ECP> >;
  323. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<EC2N> >;
  324. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<ECP>;
  325. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<EC2N>;
  326. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<ECP> >;
  327. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<EC2N> >;
  328. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<ECP>;
  329. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<EC2N>;
  330. CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<ECP::Point>;
  331. CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<EC2N::Point>;
  332. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<ECP>, ECDSA<ECP, SHA256> >;
  333. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC2N>, ECDSA<EC2N, SHA256> >;
  335. NAMESPACE_END
  337. #endif
  338. #ifndef CRYPTOPP_ECCRYPTO_H
  339. #define CRYPTOPP_ECCRYPTO_H
  341. /*! \file
  342. */
  344. #include "cryptlib.h"
  345. #include "pubkey.h"
  346. #include "integer.h"
  347. #include "asn.h"
  348. #include "hmac.h"
  349. #include "sha.h"
  350. #include "gfpcrypt.h"
  351. #include "dh.h"
  352. #include "mqv.h"
  353. #include "ecp.h"
  354. #include "ec2n.h"
  356. NAMESPACE_BEGIN(CryptoPP)
  358. //! Elliptic Curve Parameters
  359. /*! This class corresponds to the ASN.1 sequence of the same name
  360. in ANSI X9.62 (also SEC 1).
  361. */
  362. template <class EC>
  363. class DL_GroupParameters_EC : public DL_GroupParametersImpl<EcPrecomputation<EC> >
  364. {
  365. typedef DL_GroupParameters_EC<EC> ThisClass;
  367. public:
  368. typedef EC EllipticCurve;
  369. typedef typename EllipticCurve::Point Point;
  370. typedef Point Element;
  371. typedef IncompatibleCofactorMultiplication DefaultCofactorOption;
  373. DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(false) {}
  374. DL_GroupParameters_EC(const OID &oid)
  375. : m_compress(false), m_encodeAsOID(false) {Initialize(oid);}
  376. DL_GroupParameters_EC(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
  377. : m_compress(false), m_encodeAsOID(false) {Initialize(ec, G, n, k);}
  378. DL_GroupParameters_EC(BufferedTransformation &bt)
  379. : m_compress(false), m_encodeAsOID(false) {BERDecode(bt);}
  381. void Initialize(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
  382. {
  383. this->m_groupPrecomputation.SetCurve(ec);
  384. this->SetSubgroupGenerator(G);
  385. m_n = n;
  386. m_k = k;
  387. }
  388. void Initialize(const OID &oid);
  390. // NameValuePairs
  391. bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
  392. void AssignFrom(const NameValuePairs &source);
  394. // GeneratibleCryptoMaterial interface
  395. //! this implementation doesn't actually generate a curve, it just initializes the parameters with existing values
  396. /*! parameters: (Curve, SubgroupGenerator, SubgroupOrder, Cofactor (optional)), or (GroupOID) */
  397. void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
  399. // DL_GroupParameters
  400. const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;}
  401. DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;}
  402. const Integer & GetSubgroupOrder() const {return m_n;}
  403. Integer GetCofactor() const;
  404. bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
  405. bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const;
  406. bool FastSubgroupCheckAvailable() const {return false;}
  407. void EncodeElement(bool reversible, const Element &element, byte *encoded) const
  408. {
  409. if (reversible)
  410. GetCurve().EncodePoint(encoded, element, m_compress);
  411. else
  412. element.x.Encode(encoded, GetEncodedElementSize(false));
  413. }
  414. virtual unsigned int GetEncodedElementSize(bool reversible) const
  415. {
  416. if (reversible)
  417. return GetCurve().EncodedPointSize(m_compress);
  418. else
  419. return GetCurve().GetField().MaxElementByteLength();
  420. }
  421. Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const
  422. {
  423. Point result;
  424. if (!GetCurve().DecodePoint(result, encoded, GetEncodedElementSize(true)))
  425. throw DL_BadElement();
  426. if (checkForGroupMembership && !ValidateElement(1, result, NULL))
  427. throw DL_BadElement();
  428. return result;
  429. }
  430. Integer ConvertElementToInteger(const Element &element) const;
  431. Integer GetMaxExponent() const {return GetSubgroupOrder()-1;}
  432. bool IsIdentity(const Element &element) const {return element.identity;}
  433. void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
  434. static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "EC";}
  436. // ASN1Key
  437. OID GetAlgorithmID() const;
  439. // used by MQV
  440. Element MultiplyElements(const Element &a, const Element &b) const;
  441. Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const;
  443. // non-inherited
  445. // enumerate OIDs for recommended parameters, use OID() to get first one
  446. static OID CRYPTOPP_API GetNextRecommendedParametersOID(const OID &oid);
  448. void BERDecode(BufferedTransformation &bt);
  449. void DEREncode(BufferedTransformation &bt) const;
  451. void SetPointCompression(bool compress) {m_compress = compress;}
  452. bool GetPointCompression() const {return m_compress;}
  454. void SetEncodeAsOID(bool encodeAsOID) {m_encodeAsOID = encodeAsOID;}
  455. bool GetEncodeAsOID() const {return m_encodeAsOID;}
  457. const EllipticCurve& GetCurve() const {return this->m_groupPrecomputation.GetCurve();}
  459. bool operator==(const ThisClass &rhs) const
  460. {return this->m_groupPrecomputation.GetCurve() == rhs.m_groupPrecomputation.GetCurve() && this->m_gpc.GetBase(this->m_groupPrecomputation) == rhs.m_gpc.GetBase(rhs.m_groupPrecomputation);}
  462. #ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
  463. const Point& GetBasePoint() const {return this->GetSubgroupGenerator();}
  464. const Integer& GetBasePointOrder() const {return this->GetSubgroupOrder();}
  465. void LoadRecommendedParameters(const OID &oid) {Initialize(oid);}
  466. #endif
  468. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  469. virtual ~DL_GroupParameters_EC() {}
  470. #endif
  472. protected:
  473. unsigned int FieldElementLength() const {return GetCurve().GetField().MaxElementByteLength();}
  474. unsigned int ExponentLength() const {return m_n.ByteCount();}
  476. OID m_oid; // set if parameters loaded from a recommended curve
  477. Integer m_n; // order of base point
  478. mutable Integer m_k; // cofactor
  479. mutable bool m_compress, m_encodeAsOID; // presentation details
  480. };
  482. //! EC public key
  483. template <class EC>
  484. class DL_PublicKey_EC : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> >
  485. {
  486. public:
  487. typedef typename EC::Point Element;
  489. void Initialize(const DL_GroupParameters_EC<EC> &params, const Element &Q)
  490. {this->AccessGroupParameters() = params; this->SetPublicElement(Q);}
  491. void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q)
  492. {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPublicElement(Q);}
  494. // X509PublicKey
  495. void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
  496. void DEREncodePublicKey(BufferedTransformation &bt) const;
  498. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  499. virtual ~DL_PublicKey_EC() {}
  500. #endif
  501. };
  503. //! EC private key
  504. template <class EC>
  505. class DL_PrivateKey_EC : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> >
  506. {
  507. public:
  508. typedef typename EC::Point Element;
  510. void Initialize(const DL_GroupParameters_EC<EC> &params, const Integer &x)
  511. {this->AccessGroupParameters() = params; this->SetPrivateExponent(x);}
  512. void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x)
  513. {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPrivateExponent(x);}
  514. void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> &params)
  515. {this->GenerateRandom(rng, params);}
  516. void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n)
  517. {this->GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));}
  519. // PKCS8PrivateKey
  520. void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
  521. void DEREncodePrivateKey(BufferedTransformation &bt) const;
  523. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  524. virtual ~DL_PrivateKey_EC() {}
  525. #endif
  526. };
  528. //! Elliptic Curve Diffie-Hellman, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">ECDH</a>
  529. template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption>
  530. struct ECDH
  531. {
  532. typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
  534. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  535. virtual ~ECDH() {}
  536. #endif
  537. };
  539. /// Elliptic Curve Menezes-Qu-Vanstone, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">ECMQV</a>
  540. template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption>
  541. struct ECMQV
  542. {
  543. typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
  545. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  546. virtual ~ECMQV() {}
  547. #endif
  548. };
  550. //! EC keys
  551. template <class EC>
  552. struct DL_Keys_EC
  553. {
  554. typedef DL_PublicKey_EC<EC> PublicKey;
  555. typedef DL_PrivateKey_EC<EC> PrivateKey;
  557. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  558. virtual ~DL_Keys_EC() {}
  559. #endif
  560. };
  562. template <class EC, class H>
  563. struct ECDSA;
  565. //! ECDSA keys
  566. template <class EC>
  567. struct DL_Keys_ECDSA
  568. {
  569. typedef DL_PublicKey_EC<EC> PublicKey;
  570. typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC>, ECDSA<EC, SHA256> > PrivateKey;
  572. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  573. virtual ~DL_Keys_ECDSA() {}
  574. #endif
  575. };
  577. //! ECDSA algorithm
  578. template <class EC>
  579. class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point>
  580. {
  581. public:
  582. static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECDSA";}
  584. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  585. virtual ~DL_Algorithm_ECDSA() {}
  586. #endif
  587. };
  589. //! ECNR algorithm
  590. template <class EC>
  591. class DL_Algorithm_ECNR : public DL_Algorithm_NR<typename EC::Point>
  592. {
  593. public:
  594. static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECNR";}
  596. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  597. virtual ~DL_Algorithm_ECNR() {}
  598. #endif
  599. };
  601. //! <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a>
  602. template <class EC, class H>
  603. struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H>
  604. {
  605. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  606. virtual ~ECDSA() {}
  607. #endif
  608. };
  610. //! ECNR
  611. template <class EC, class H = SHA>
  612. struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H>
  613. {
  614. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  615. virtual ~ECNR() {}
  616. #endif
  617. };
  619. //! Elliptic Curve Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#ECIES">ECIES</a>
  620. /*! Default to (NoCofactorMultiplication and DHAES_MODE = false) for compatibilty with SEC1 and Crypto++ 4.2.
  621. The combination of (IncompatibleCofactorMultiplication and DHAES_MODE = true) is recommended for best
  622. efficiency and security. */
  623. template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = false>
  624. struct ECIES
  625. : public DL_ES<
  626. DL_Keys_EC<EC>,
  627. DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>,
  628. DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, P1363_KDF2<SHA1> >,
  629. DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
  630. ECIES<EC> >
  631. {
  632. static std::string CRYPTOPP_API StaticAlgorithmName() {return "ECIES";} // TODO: fix this after name is standardized
  634. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  635. virtual ~ECIES() {}
  636. #endif
  638. #if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
  639. } __attribute__((deprecated ("ECIES will be changing in the near future due to (1) an implementation bug and (2) an interop issue")));
  640. #elif (CRYPTOPP_GCC_VERSION)
  641. } __attribute__((deprecated));
  642. #else
  643. };
  644. #endif
  646. NAMESPACE_END
  648. #ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES
  649. #include "eccrypto.cpp"
  650. #endif
  652. NAMESPACE_BEGIN(CryptoPP)
  654. CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<ECP>;
  655. CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<EC2N>;
  656. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<ECP> >;
  657. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<EC2N> >;
  658. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<ECP>;
  659. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<EC2N>;
  660. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<ECP> >;
  661. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<EC2N> >;
  662. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<ECP>;
  663. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<EC2N>;
  664. CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<ECP::Point>;
  665. CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<EC2N::Point>;
  666. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<ECP>, ECDSA<ECP, SHA256> >;
  667. CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC2N>, ECDSA<EC2N, SHA256> >;
  669. NAMESPACE_END
  671. #endif