Security Scol plugin
esign.cpp
1// esign.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4#include "config.h"
5
6// TODO: fix the C4589 warnings
7#if CRYPTOPP_MSC_VERSION
8# pragma warning(disable: 4589)
9#endif
10
11#include "esign.h"
12#include "modarith.h"
13#include "integer.h"
14#include "nbtheory.h"
15#include "algparam.h"
16#include "sha.h"
17#include "asn.h"
18
19NAMESPACE_BEGIN(CryptoPP)
20
21#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
22void ESIGN_TestInstantiations()
23{
24 ESIGN<SHA1>::Verifier x1(1, 1);
25 ESIGN<SHA1>::Signer x2(NullRNG(), 1);
27 ESIGN<SHA1>::Verifier x4(x2.GetKey());
29 ESIGN<SHA1>::Signer x6 = x2;
30
31 x6 = x2;
32 x3 = ESIGN<SHA1>::Verifier(x2);
33 x4 = x2.GetKey();
34}
35#endif
36
38{
39 BERSequenceDecoder seq(bt);
40 m_n.BERDecode(seq);
41 m_e.BERDecode(seq);
42 seq.MessageEnd();
43}
44
46{
47 DERSequenceEncoder seq(bt);
48 m_n.DEREncode(seq);
49 m_e.DEREncode(seq);
50 seq.MessageEnd();
51}
52
54{
56 return STDMIN(a_exp_b_mod_c(x, m_e, m_n) >> (2*GetK()+2), MaxImage());
57}
58
59bool ESIGNFunction::Validate(RandomNumberGenerator& rng, unsigned int level) const
60{
61 CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(level);
62 bool pass = true;
63 pass = pass && m_n > Integer::One() && m_n.IsOdd();
64 CRYPTOPP_ASSERT(pass);
65 pass = pass && m_e >= 8 && m_e < m_n;
66 CRYPTOPP_ASSERT(pass);
67 return pass;
68}
69
70bool ESIGNFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
71{
72 return GetValueHelper(this, name, valueType, pValue).Assignable()
73 CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
74 CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent)
75 ;
76}
77
79{
80 AssignFromHelper(this, source)
81 CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
82 CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent)
83 ;
84}
85
86// *****************************************************************************
87
89{
90 int modulusSize = 1023*2;
91 param.GetIntValue("ModulusSize", modulusSize) || param.GetIntValue("KeySize", modulusSize);
92
93 if (modulusSize < 24)
94 throw InvalidArgument("InvertibleESIGNFunction: specified modulus size is too small");
95
96 if (modulusSize % 3 != 0)
97 throw InvalidArgument("InvertibleESIGNFunction: modulus size must be divisible by 3");
98
99 m_e = param.GetValueWithDefault("PublicExponent", Integer(32));
100
101 if (m_e < 8)
102 throw InvalidArgument("InvertibleESIGNFunction: public exponents less than 8 may not be secure");
103
104 // VC70 workaround: putting these after primeParam causes overlapped stack allocation
105 ConstByteArrayParameter seedParam;
106 SecByteBlock seed;
107
108 const Integer minP = Integer(204) << (modulusSize/3-8);
109 const Integer maxP = Integer::Power2(modulusSize/3)-1;
110 AlgorithmParameters primeParam = MakeParameters("Min", minP)("Max", maxP)("RandomNumberType", Integer::PRIME);
111
112 if (param.GetValue("Seed", seedParam))
113 {
114 seed.resize(seedParam.size() + 4);
115 memcpy(seed + 4, seedParam.begin(), seedParam.size());
116
117 PutWord(false, BIG_ENDIAN_ORDER, seed, (word32)0);
119 PutWord(false, BIG_ENDIAN_ORDER, seed, (word32)1);
121 }
122 else
123 {
124 m_p.GenerateRandom(rng, primeParam);
125 m_q.GenerateRandom(rng, primeParam);
126 }
127
128 m_n = m_p * m_p * m_q;
129
130 CRYPTOPP_ASSERT(m_n.BitCount() == (unsigned int)modulusSize);
131}
132
134{
135 BERSequenceDecoder privateKey(bt);
136 m_n.BERDecode(privateKey);
137 m_e.BERDecode(privateKey);
138 m_p.BERDecode(privateKey);
139 m_q.BERDecode(privateKey);
140 privateKey.MessageEnd();
141}
142
144{
145 DERSequenceEncoder privateKey(bt);
146 m_n.DEREncode(privateKey);
147 m_e.DEREncode(privateKey);
148 m_p.DEREncode(privateKey);
149 m_q.DEREncode(privateKey);
150 privateKey.MessageEnd();
151}
152
154{
156
157 Integer pq = m_p * m_q;
158 Integer p2 = m_p * m_p;
159 Integer r, z, re, a, w0, w1;
160
161 do
162 {
163 r.Randomize(rng, Integer::Zero(), pq);
164 z = x << (2*GetK()+2);
165 re = a_exp_b_mod_c(r, m_e, m_n);
166 a = (z - re) % m_n;
167 Integer::Divide(w1, w0, a, pq);
168 if (w1.NotZero())
169 {
170 ++w0;
171 w1 = pq - w1;
172 }
173 }
174 while ((w1 >> (2*GetK()+1)).IsPositive());
175
176 ModularArithmetic modp(m_p);
177 Integer t = modp.Divide(w0 * r % m_p, m_e * re % m_p);
178 Integer s = r + t*pq;
179 CRYPTOPP_ASSERT(s < m_n);
180#if 0
181 using namespace std;
182 cout << "f = " << x << endl;
183 cout << "r = " << r << endl;
184 cout << "z = " << z << endl;
185 cout << "a = " << a << endl;
186 cout << "w0 = " << w0 << endl;
187 cout << "w1 = " << w1 << endl;
188 cout << "t = " << t << endl;
189 cout << "s = " << s << endl;
190#endif
191 return s;
192}
193
195{
196 bool pass = ESIGNFunction::Validate(rng, level);
197 CRYPTOPP_ASSERT(pass);
198 pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n;
199 CRYPTOPP_ASSERT(pass);
200 pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n;
201 CRYPTOPP_ASSERT(pass);
202 pass = pass && m_p.BitCount() == m_q.BitCount();
203 CRYPTOPP_ASSERT(pass);
204 if (level >= 1)
205 {
206 pass = pass && m_p * m_p * m_q == m_n;
207 CRYPTOPP_ASSERT(pass);
208 }
209 if (level >= 2)
210 {
211 pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
212 CRYPTOPP_ASSERT(pass);
213 }
214 return pass;
215}
216
217bool InvertibleESIGNFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
218{
219 return GetValueHelper<ESIGNFunction>(this, name, valueType, pValue).Assignable()
220 CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
221 CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
222 ;
223}
224
226{
227 AssignFromHelper<ESIGNFunction>(this, source)
228 CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
229 CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
230 ;
231}
232
233NAMESPACE_END
Classes for working with NameValuePairs.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition algparam.h:508
Classes and functions for working with ANS.1 objects.
An object that implements NameValuePairs.
Definition algparam.h:426
void MessageEnd()
Signals the end of messages to the object.
Definition asn.cpp:553
BER Sequence Decoder.
Definition asn.h:525
Interface for buffered transformations.
Definition cryptlib.h:1652
Combines two sets of NameValuePairs.
Definition algparam.h:129
Used to pass byte array input as part of a NameValuePairs object.
Definition algparam.h:25
const byte * begin() const
Pointer to the first byte in the memory block.
Definition algparam.h:84
size_t size() const
Length of the memory block.
Definition algparam.h:88
void DoQuickSanityCheck() const
Perform a quick sanity check.
Definition cryptlib.h:2493
void MessageEnd()
Signals the end of messages to the object.
Definition asn.cpp:624
DER Sequence Encoder.
Definition asn.h:557
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition esign.cpp:78
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
Definition esign.cpp:45
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
Definition esign.cpp:37
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition esign.cpp:59
Integer ApplyFunction(const Integer &x) const
Applies the trapdoor.
Definition esign.cpp:53
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition esign.cpp:70
Multiple precision integer with arithmetic operations.
Definition integer.h:50
void DEREncode(BufferedTransformation &bt) const
Encode in DER format.
Definition integer.cpp:3449
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params=g_nullNameValuePairs)
Generate a random number.
Definition integer.h:508
static const Integer &CRYPTOPP_API Zero()
Integer representing 0.
Definition integer.cpp:4908
bool NotZero() const
Determines if the Integer is non-0.
Definition integer.h:338
static void CRYPTOPP_API Divide(Integer &r, Integer &q, const Integer &a, const Integer &d)
Extended Division.
Definition integer.cpp:4240
void Randomize(RandomNumberGenerator &rng, size_t bitCount)
Set this Integer to random integer.
Definition integer.cpp:3520
void BERDecode(const byte *input, size_t inputLen)
Decode from BER format.
Definition integer.cpp:3456
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
Definition integer.cpp:3364
static const Integer &CRYPTOPP_API One()
Integer representing 1.
Definition integer.cpp:4920
@ PRIME
a number which is probabilistically prime
Definition integer.h:95
static Integer CRYPTOPP_API Power2(size_t e)
Exponentiates to a power of 2.
Definition integer.cpp:3087
bool IsOdd() const
Determines if the Integer is odd parity.
Definition integer.h:356
An invalid argument was detected.
Definition cryptlib.h:203
Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const
Applies the inverse of the trapdoor function, using random data if required.
Definition esign.cpp:153
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition esign.cpp:194
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Definition esign.cpp:88
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
Definition esign.cpp:143
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
Definition esign.cpp:133
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition esign.cpp:217
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition esign.cpp:225
Ring of congruence classes modulo n.
Definition modarith.h:44
const Integer & Divide(const Integer &a, const Integer &b) const
Divides elements in the ring.
Definition modarith.h:218
Interface for retrieving values given their names.
Definition cryptlib.h:322
T GetValueWithDefault(const char *name, T defaultValue) const
Get a named value.
Definition cryptlib.h:392
bool GetValue(const char *name, T &value) const
Get a named value.
Definition cryptlib.h:379
CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const
Get a named value with type int.
Definition cryptlib.h:415
Template implementing constructors for public key algorithm classes.
Definition pubkey.h:2198
Interface for random number generators.
Definition cryptlib.h:1435
void resize(size_type newSize)
Change size and preserve contents.
Definition secblock.h:1198
PK_FinalTemplate< TF_VerifierImpl< SchemeOptions > > Verifier
implements PK_Verifier interface
Definition pubkey.h:2328
virtual Integer MaxImage() const
Returns the maximum size of a representation after the trapdoor function is applied bound to a public...
Definition pubkey.h:92
Library configuration file.
unsigned int word32
32-bit unsigned datatype
Definition config_int.h:62
@ BIG_ENDIAN_ORDER
byte order is big-endian
Definition cryptlib.h:147
Classes providing ESIGN signature schemes as defined in IEEE P1363a.
Multiple precision integer with arithmetic operations.
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULLPTR)
Access a block of memory.
Definition misc.h:2739
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition misc.h:655
Class file for performing modular arithmetic.
Classes and functions for number theoretic operations.
Precompiled header file.
Classes for SHA-1 and SHA-2 family of message digests.