Security Scol plugin
mqv.h
Go to the documentation of this file.
1// mqv.h - originally written and placed in the public domain by Wei Dai
2
6
7#ifndef CRYPTOPP_MQV_H
8#define CRYPTOPP_MQV_H
9
10#include "cryptlib.h"
11#include "gfpcrypt.h"
12#include "modarith.h"
13#include "integer.h"
14#include "algebra.h"
15#include "misc.h"
16
17NAMESPACE_BEGIN(CryptoPP)
18
19
27template <class GROUP_PARAMETERS, class COFACTOR_OPTION = typename GROUP_PARAMETERS::DefaultCofactorOption>
29{
30public:
31 typedef GROUP_PARAMETERS GroupParameters;
32 typedef typename GroupParameters::Element Element;
34
37
40 MQV_Domain(const GroupParameters &params)
41 : m_groupParameters(params) {}
42
46 {m_groupParameters.BERDecode(bt);}
47
54 template <class T1, class T2>
55 MQV_Domain(T1 v1, T2 v2)
56 {m_groupParameters.Initialize(v1, v2);}
57
66 template <class T1, class T2, class T3>
67 MQV_Domain(T1 v1, T2 v2, T3 v3)
68 {m_groupParameters.Initialize(v1, v2, v3);}
69
80 template <class T1, class T2, class T3, class T4>
81 MQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4)
82 {m_groupParameters.Initialize(v1, v2, v3, v4);}
83
86 const GroupParameters & GetGroupParameters() const {return m_groupParameters;}
87
90 GroupParameters & AccessGroupParameters() {return m_groupParameters;}
91
94 CryptoParameters & AccessCryptoParameters() {return AccessAbstractGroupParameters();}
95
102 unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);}
103
107 unsigned int StaticPrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}
108
115 unsigned int StaticPublicKeyLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(true);}
116
123 void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
124 {
125 Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent());
126 x.Encode(privateKey, StaticPrivateKeyLength());
127 }
128
137 void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
138 {
139 CRYPTOPP_UNUSED(rng);
140 const DL_GroupParameters<Element> &params = GetAbstractGroupParameters();
141 Integer x(privateKey, StaticPrivateKeyLength());
142 Element y = params.ExponentiateBase(x);
143 params.EncodeElement(true, y, publicKey);
144 }
145
151
156 unsigned int EphemeralPublicKeyLength() const {return StaticPublicKeyLength();}
157
162 void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
163 {
164 const DL_GroupParameters<Element> &params = GetAbstractGroupParameters();
165 Integer x(rng, Integer::One(), params.GetMaxExponent());
166 x.Encode(privateKey, StaticPrivateKeyLength());
167 Element y = params.ExponentiateBase(x);
168 params.EncodeElement(true, y, privateKey+StaticPrivateKeyLength());
169 }
170
176 void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
177 {
178 CRYPTOPP_UNUSED(rng);
179 memcpy(publicKey, privateKey+StaticPrivateKeyLength(), EphemeralPublicKeyLength());
180 }
181
205 bool Agree(byte *agreedValue,
206 const byte *staticPrivateKey, const byte *ephemeralPrivateKey,
207 const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey,
208 bool validateStaticOtherPublicKey=true) const
209 {
210 try
211 {
212 const DL_GroupParameters<Element> &params = GetAbstractGroupParameters();
213 Element WW = params.DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey);
214 Element VV = params.DecodeElement(ephemeralOtherPublicKey, true);
215
216 Integer s(staticPrivateKey, StaticPrivateKeyLength());
217 Integer u(ephemeralPrivateKey, StaticPrivateKeyLength());
218 Element V = params.DecodeElement(ephemeralPrivateKey+StaticPrivateKeyLength(), false);
219
220 const Integer &r = params.GetSubgroupOrder();
221 Integer h2 = Integer::Power2((r.BitCount()+1)/2);
222 Integer e = ((h2+params.ConvertElementToInteger(V)%h2)*s+u) % r;
223 Integer tt = h2 + params.ConvertElementToInteger(VV) % h2;
224
225 if (COFACTOR_OPTION::ToEnum() == NO_COFACTOR_MULTIPLICTION)
226 {
227 Element P = params.ExponentiateElement(WW, tt);
228 P = m_groupParameters.MultiplyElements(P, VV);
229 Element R[2];
230 const Integer e2[2] = {r, e};
231 params.SimultaneousExponentiate(R, P, e2, 2);
232 if (!params.IsIdentity(R[0]) || params.IsIdentity(R[1]))
233 return false;
234 params.EncodeElement(false, R[1], agreedValue);
235 }
236 else
237 {
238 const Integer &k = params.GetCofactor();
239 if (COFACTOR_OPTION::ToEnum() == COMPATIBLE_COFACTOR_MULTIPLICTION)
240 e = ModularArithmetic(r).Divide(e, k);
241 Element P = m_groupParameters.CascadeExponentiate(VV, k*e, WW, k*(e*tt%r));
242 if (params.IsIdentity(P))
243 return false;
244 params.EncodeElement(false, P, agreedValue);
245 }
246 }
247 catch (DL_BadElement &)
248 {
249 return false;
250 }
251 return true;
252 }
253
254private:
255 DL_GroupParameters<Element> & AccessAbstractGroupParameters() {return m_groupParameters;}
256 const DL_GroupParameters<Element> & GetAbstractGroupParameters() const {return m_groupParameters;}
257
258 GroupParameters m_groupParameters;
259};
260
265
266NAMESPACE_END
267
268#endif
Classes for performing mathematics over different fields.
Interface for domains of authenticated key agreement protocols.
Definition cryptlib.h:3072
Interface for buffered transformations.
Definition cryptlib.h:1652
Interface for crypto parameters.
Definition cryptlib.h:2546
Exception thrown when an invalid group element is encountered.
Definition pubkey.h:772
Interface for Discrete Log (DL) group parameters.
Definition pubkey.h:782
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
Definition pubkey.h:879
virtual Integer GetCofactor() const
Retrieves the cofactor.
Definition pubkey.h:914
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.
virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const =0
Exponentiates a base to multiple exponents.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
Definition pubkey.h:869
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.
virtual Integer ConvertElementToInteger(const Element &element) const =0
Converts an element to an Integer.
virtual bool IsIdentity(const Element &element) const =0
Determines if an element is an identity.
Multiple precision integer with arithmetic operations.
Definition integer.h:50
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
Definition integer.cpp:3364
static const Integer &CRYPTOPP_API One()
Integer representing 1.
Definition integer.cpp:4920
static Integer CRYPTOPP_API Power2(size_t e)
Exponentiates to a power of 2.
Definition integer.cpp:3087
MQV domain for performing authenticated key agreement.
Definition mqv.h:29
unsigned int EphemeralPublicKeyLength() const
Provides the size of the ephemeral public key.
Definition mqv.h:156
MQV_Domain(T1 v1, T2 v2)
Construct a MQV domain.
Definition mqv.h:55
const GroupParameters & GetGroupParameters() const
Retrieves the group parameters for this domain.
Definition mqv.h:86
MQV_Domain(BufferedTransformation &bt)
Construct a MQV domain.
Definition mqv.h:45
void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate ephemeral public key from a private key in this domain.
Definition mqv.h:176
unsigned int EphemeralPrivateKeyLength() const
Provides the size of the ephemeral private key.
Definition mqv.h:150
void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate static private key in this domain.
Definition mqv.h:123
CryptoParameters & AccessCryptoParameters()
Retrieves the crypto parameters for this domain.
Definition mqv.h:94
void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate a static public key from a private key in this domain.
Definition mqv.h:137
unsigned int AgreedValueLength() const
Provides the size of the agreed value.
Definition mqv.h:102
void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate ephemeral private key in this domain.
Definition mqv.h:162
MQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4)
Construct a MQV domain.
Definition mqv.h:81
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
Derive agreed value or shared secret.
Definition mqv.h:205
MQV_Domain(const GroupParameters &params)
Construct a MQV domain.
Definition mqv.h:40
unsigned int StaticPrivateKeyLength() const
Provides the size of the static private key.
Definition mqv.h:107
MQV_Domain(T1 v1, T2 v2, T3 v3)
Construct a MQV domain.
Definition mqv.h:67
GroupParameters & AccessGroupParameters()
Retrieves the group parameters for this domain.
Definition mqv.h:90
unsigned int StaticPublicKeyLength() const
Provides the size of the static public key.
Definition mqv.h:115
MQV_Domain()
Construct a MQV domain.
Definition mqv.h:36
Ring of congruence classes modulo n.
Definition modarith.h:44
const Integer & Divide(const Integer &a, const Integer &b) const
Divides elements in the ring.
Definition modarith.h:218
Interface for random number generators.
Definition cryptlib.h:1435
Abstract base classes that provide a uniform interface to this library.
Classes and functions for schemes based on Discrete Logs (DL) over GF(p)
Multiple precision integer with arithmetic operations.
Utility functions for the Crypto++ library.
Class file for performing modular arithmetic.
MQV_Domain< DL_GroupParameters_GFP_DefaultSafePrime > MQV
Definition mqv.h:264
@ NO_COFACTOR_MULTIPLICTION
No cofactor multiplication applied.
Definition pubkey.h:2125
@ COMPATIBLE_COFACTOR_MULTIPLICTION
Cofactor multiplication compatible with ordinary Diffie-Hellman.
Definition pubkey.h:2129