archive
/
tf2
mirror of https://github.com/sr2echa/TF2-Source-Code
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Team Fortress 2 Source Code as on 22/4/2020
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
1.4 GiB
Tree: 51d17c74db
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '51d17c74db'
${ noResults }
tf2/tf2_src/external/crypto++-5.6.3/gfpcrypt.cpp

306 lines
9.5 KiB
Raw Normal View History

compressed some files
5 years ago
  1. // dsa.cpp - written and placed in the public domain by Wei Dai
  3. #include "pch.h"
  4. #include "config.h"
  6. // TODO: fix the C4589 warnings
  7. #if CRYPTOPP_MSC_VERSION
  8. # pragma warning(disable: 4189 4589)
  9. #endif
  11. #ifndef CRYPTOPP_IMPORTS
  13. #include "gfpcrypt.h"
  14. #include "nbtheory.h"
  15. #include "modarith.h"
  16. #include "integer.h"
  17. #include "asn.h"
  18. #include "oids.h"
  19. #include "misc.h"
  21. NAMESPACE_BEGIN(CryptoPP)
  23. #if !defined(NDEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
  24. void TestInstantiations_gfpcrypt()
  25. {
  26. GDSA<SHA>::Signer test;
  27. GDSA<SHA>::Verifier test1;
  28. DSA::Signer test5(NullRNG(), 100);
  29. DSA::Signer test2(test5);
  30. NR<SHA>::Signer test3;
  31. NR<SHA>::Verifier test4;
  32. DLIES<>::Encryptor test6;
  33. DLIES<>::Decryptor test7;
  34. }
  35. #endif
  37. void DL_GroupParameters_DSA::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
  38. {
  39. Integer p, q, g;
  41. if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g))
  42. {
  43. q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2);
  44. Initialize(p, q, g);
  45. }
  46. else
  47. {
  48. int modulusSize = 1024, defaultSubgroupOrderSize;
  49. alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
  51. switch (modulusSize)
  52. {
  53. case 1024:
  54. defaultSubgroupOrderSize = 160;
  55. break;
  56. case 2048:
  57. defaultSubgroupOrderSize = 224;
  58. break;
  59. case 3072:
  60. defaultSubgroupOrderSize = 256;
  61. break;
  62. default:
  63. throw InvalidArgument("DSA: not a valid prime length");
  64. }
  66. DL_GroupParameters_GFP::GenerateRandom(rng, CombinedNameValuePairs(alg, MakeParameters(Name::SubgroupOrderSize(), defaultSubgroupOrderSize, false)));
  67. }
  68. }
  70. bool DL_GroupParameters_DSA::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
  71. {
  72. bool pass = DL_GroupParameters_GFP::ValidateGroup(rng, level);
  73. int pSize = GetModulus().BitCount(), qSize = GetSubgroupOrder().BitCount();
  74. pass = pass && ((pSize==1024 && qSize==160) || (pSize==2048 && qSize==224) || (pSize==2048 && qSize==256) || (pSize==3072 && qSize==256));
  75. return pass;
  76. }
  78. void DL_SignatureMessageEncodingMethod_DSA::ComputeMessageRepresentative(RandomNumberGenerator &rng,
  79. const byte *recoverableMessage, size_t recoverableMessageLength,
  80. HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
  81. byte *representative, size_t representativeBitLength) const
  82. {
  83. CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(recoverableMessage), CRYPTOPP_UNUSED(recoverableMessageLength);
  84. CRYPTOPP_UNUSED(messageEmpty), CRYPTOPP_UNUSED(hashIdentifier);
  85. assert(recoverableMessageLength == 0);
  86. assert(hashIdentifier.second == 0);
  88. const size_t representativeByteLength = BitsToBytes(representativeBitLength);
  89. const size_t digestSize = hash.DigestSize();
  90. const size_t paddingLength = SaturatingSubtract(representativeByteLength, digestSize);
  92. memset(representative, 0, paddingLength);
  93. hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize));
  95. if (digestSize*8 > representativeBitLength)
  96. {
  97. Integer h(representative, representativeByteLength);
  98. h >>= representativeByteLength*8 - representativeBitLength;
  99. h.Encode(representative, representativeByteLength);
  100. }
  101. }
  103. void DL_SignatureMessageEncodingMethod_NR::ComputeMessageRepresentative(RandomNumberGenerator &rng,
  104. const byte *recoverableMessage, size_t recoverableMessageLength,
  105. HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
  106. byte *representative, size_t representativeBitLength) const
  107. {
  108. CRYPTOPP_UNUSED(rng);CRYPTOPP_UNUSED(recoverableMessage); CRYPTOPP_UNUSED(recoverableMessageLength);
  109. CRYPTOPP_UNUSED(hash); CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(messageEmpty);
  110. CRYPTOPP_UNUSED(representative); CRYPTOPP_UNUSED(representativeBitLength);
  112. assert(recoverableMessageLength == 0);
  113. assert(hashIdentifier.second == 0);
  114. const size_t representativeByteLength = BitsToBytes(representativeBitLength);
  115. const size_t digestSize = hash.DigestSize();
  116. const size_t paddingLength = SaturatingSubtract(representativeByteLength, digestSize);
  118. memset(representative, 0, paddingLength);
  119. hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize));
  121. if (digestSize*8 >= representativeBitLength)
  122. {
  123. Integer h(representative, representativeByteLength);
  124. h >>= representativeByteLength*8 - representativeBitLength + 1;
  125. h.Encode(representative, representativeByteLength);
  126. }
  127. }
  129. bool DL_GroupParameters_IntegerBased::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
  130. {
  131. const Integer &p = GetModulus(), &q = GetSubgroupOrder();
  133. bool pass = true;
  134. pass = pass && p > Integer::One() && p.IsOdd();
  135. pass = pass && q > Integer::One() && q.IsOdd();
  137. if (level >= 1)
  138. pass = pass && GetCofactor() > Integer::One() && GetGroupOrder() % q == Integer::Zero();
  139. if (level >= 2)
  140. pass = pass && VerifyPrime(rng, q, level-2) && VerifyPrime(rng, p, level-2);
  142. return pass;
  143. }
  145. bool DL_GroupParameters_IntegerBased::ValidateElement(unsigned int level, const Integer &g, const DL_FixedBasePrecomputation<Integer> *gpc) const
  146. {
  147. const Integer &p = GetModulus(), &q = GetSubgroupOrder();
  149. bool pass = true;
  150. pass = pass && GetFieldType() == 1 ? g.IsPositive() : g.NotNegative();
  151. pass = pass && g < p && !IsIdentity(g);
  153. if (level >= 1)
  154. {
  155. if (gpc)
  156. pass = pass && gpc->Exponentiate(GetGroupPrecomputation(), Integer::One()) == g;
  157. }
  158. if (level >= 2)
  159. {
  160. if (GetFieldType() == 2)
  161. pass = pass && Jacobi(g*g-4, p)==-1;
  163. // verifying that Lucas((p+1)/2, w, p)==2 is omitted because it's too costly
  164. // and at most 1 bit is leaked if it's false
  165. bool fullValidate = (GetFieldType() == 2 && level >= 3) || !FastSubgroupCheckAvailable();
  167. if (fullValidate && pass)
  168. {
  169. Integer gp = gpc ? gpc->Exponentiate(GetGroupPrecomputation(), q) : ExponentiateElement(g, q);
  170. pass = pass && IsIdentity(gp);
  171. }
  172. else if (GetFieldType() == 1)
  173. pass = pass && Jacobi(g, p) == 1;
  174. }
  176. return pass;
  177. }
  179. void DL_GroupParameters_IntegerBased::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
  180. {
  181. Integer p, q, g;
  183. if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g))
  184. {
  185. q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2);
  186. }
  187. else
  188. {
  189. int modulusSize, subgroupOrderSize;
  191. if (!alg.GetIntValue("ModulusSize", modulusSize))
  192. modulusSize = alg.GetIntValueWithDefault("KeySize", 2048);
  194. if (!alg.GetIntValue("SubgroupOrderSize", subgroupOrderSize))
  195. subgroupOrderSize = GetDefaultSubgroupOrderSize(modulusSize);
  197. PrimeAndGenerator pg;
  198. pg.Generate(GetFieldType() == 1 ? 1 : -1, rng, modulusSize, subgroupOrderSize);
  199. p = pg.Prime();
  200. q = pg.SubPrime();
  201. g = pg.Generator();
  202. }
  204. Initialize(p, q, g);
  205. }
  207. #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
  208. void DL_GroupParameters_IntegerBased::EncodeElement(bool reversible, const Element &element, byte *encoded) const
  209. {
  210. CRYPTOPP_UNUSED(reversible);
  211. element.Encode(encoded, GetModulus().ByteCount());
  212. }
  214. unsigned int DL_GroupParameters_IntegerBased::GetEncodedElementSize(bool reversible) const
  215. {
  216. CRYPTOPP_UNUSED(reversible);
  217. return GetModulus().ByteCount();
  218. }
  219. #endif
  221. Integer DL_GroupParameters_IntegerBased::DecodeElement(const byte *encoded, bool checkForGroupMembership) const
  222. {
  223. CRYPTOPP_UNUSED(checkForGroupMembership);
  224. Integer g(encoded, GetModulus().ByteCount());
  225. if (!ValidateElement(1, g, NULL))
  226. throw DL_BadElement();
  227. return g;
  228. }
  230. void DL_GroupParameters_IntegerBased::BERDecode(BufferedTransformation &bt)
  231. {
  232. BERSequenceDecoder parameters(bt);
  233. Integer p(parameters);
  234. Integer q(parameters);
  235. Integer g;
  236. if (parameters.EndReached())
  237. {
  238. g = q;
  239. q = ComputeGroupOrder(p) / 2;
  240. }
  241. else
  242. g.BERDecode(parameters);
  243. parameters.MessageEnd();
  245. SetModulusAndSubgroupGenerator(p, g);
  246. SetSubgroupOrder(q);
  247. }
  249. void DL_GroupParameters_IntegerBased::DEREncode(BufferedTransformation &bt) const
  250. {
  251. DERSequenceEncoder parameters(bt);
  252. GetModulus().DEREncode(parameters);
  253. m_q.DEREncode(parameters);
  254. GetSubgroupGenerator().DEREncode(parameters);
  255. parameters.MessageEnd();
  256. }
  258. bool DL_GroupParameters_IntegerBased::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
  259. {
  260. return GetValueHelper<DL_GroupParameters<Element> >(this, name, valueType, pValue)
  261. CRYPTOPP_GET_FUNCTION_ENTRY(Modulus);
  262. }
  264. void DL_GroupParameters_IntegerBased::AssignFrom(const NameValuePairs &source)
  265. {
  266. AssignFromHelper(this, source)
  267. CRYPTOPP_SET_FUNCTION_ENTRY2(Modulus, SubgroupGenerator)
  268. CRYPTOPP_SET_FUNCTION_ENTRY(SubgroupOrder)
  269. ;
  270. }
  272. OID DL_GroupParameters_IntegerBased::GetAlgorithmID() const
  273. {
  274. return ASN1::id_dsa();
  275. }
  277. void DL_GroupParameters_GFP::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const
  278. {
  279. ModularArithmetic ma(GetModulus());
  280. ma.SimultaneousExponentiate(results, base, exponents, exponentsCount);
  281. }
  283. DL_GroupParameters_GFP::Element DL_GroupParameters_GFP::MultiplyElements(const Element &a, const Element &b) const
  284. {
  285. return a_times_b_mod_c(a, b, GetModulus());
  286. }
  288. DL_GroupParameters_GFP::Element DL_GroupParameters_GFP::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const
  289. {
  290. ModularArithmetic ma(GetModulus());
  291. return ma.CascadeExponentiate(element1, exponent1, element2, exponent2);
  292. }
  294. Integer DL_GroupParameters_IntegerBased::GetMaxExponent() const
  295. {
  296. return STDMIN(GetSubgroupOrder()-1, Integer::Power2(2*DiscreteLogWorkFactor(GetFieldType()*GetModulus().BitCount())));
  297. }
  299. unsigned int DL_GroupParameters_IntegerBased::GetDefaultSubgroupOrderSize(unsigned int modulusSize) const
  300. {
  301. return 2*DiscreteLogWorkFactor(GetFieldType()*modulusSize);
  302. }
  304. NAMESPACE_END
  306. #endif