9 NAMESPACE_BEGIN(CryptoPP)
12 template <class GROUP_PARAMETERS, class COFACTOR_OPTION = CPP_TYPENAME GROUP_PARAMETERS::DefaultCofactorOption>
16 typedef GROUP_PARAMETERS GroupParameters;
17 typedef typename GroupParameters::Element Element;
23 : m_groupParameters(params) {}
28 template <
class T1,
class T2>
30 {m_groupParameters.Initialize(v1, v2);}
32 template <
class T1,
class T2,
class T3>
34 {m_groupParameters.Initialize(v1, v2, v3);}
36 template <
class T1,
class T2,
class T3,
class T4>
38 {m_groupParameters.Initialize(v1, v2, v3, v4);}
40 const GroupParameters & GetGroupParameters()
const {
return m_groupParameters;}
41 GroupParameters & AccessGroupParameters() {
return m_groupParameters;}
43 CryptoParameters & AccessCryptoParameters() {
return AccessAbstractGroupParameters();}
45 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
52 x.
Encode(privateKey, StaticPrivateKeyLength());
58 Integer x(privateKey, StaticPrivateKeyLength());
59 Element y = params.ExponentiateBase(x);
60 params.EncodeElement(
true, y, publicKey);
70 x.
Encode(privateKey, StaticPrivateKeyLength());
71 Element y = params.ExponentiateBase(x);
72 params.EncodeElement(
true, y, privateKey+StaticPrivateKeyLength());
77 memcpy(publicKey, privateKey+StaticPrivateKeyLength(), EphemeralPublicKeyLength());
81 const byte *staticPrivateKey,
const byte *ephemeralPrivateKey,
82 const byte *staticOtherPublicKey,
const byte *ephemeralOtherPublicKey,
83 bool validateStaticOtherPublicKey=
true)
const
88 Element WW = params.DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey);
89 Element VV = params.DecodeElement(ephemeralOtherPublicKey,
true);
91 Integer s(staticPrivateKey, StaticPrivateKeyLength());
92 Integer u(ephemeralPrivateKey, StaticPrivateKeyLength());
93 Element V = params.DecodeElement(ephemeralPrivateKey+StaticPrivateKeyLength(),
false);
95 const Integer &r = params.GetSubgroupOrder();
97 Integer e = ((h2+params.ConvertElementToInteger(V)%h2)*s+u) % r;
98 Integer tt = h2 + params.ConvertElementToInteger(VV) % h2;
100 if (COFACTOR_OPTION::ToEnum() == NO_COFACTOR_MULTIPLICTION)
102 Element P = params.ExponentiateElement(WW, tt);
103 P = m_groupParameters.MultiplyElements(P, VV);
106 params.SimultaneousExponentiate(R, P, e2, 2);
107 if (!params.IsIdentity(R[0]) || params.IsIdentity(R[1]))
109 params.EncodeElement(
false, R[1], agreedValue);
113 const Integer &k = params.GetCofactor();
114 if (COFACTOR_OPTION::ToEnum() == COMPATIBLE_COFACTOR_MULTIPLICTION)
116 Element P = m_groupParameters.CascadeExponentiate(VV, k*e, WW, k*(e*tt%r));
117 if (params.IsIdentity(P))
119 params.EncodeElement(
false, P, agreedValue);
133 GroupParameters m_groupParameters;
static const Integer & One()
avoid calling constructors for these frequently used integers
void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
generate static public key
interface for DL group parameters
void BERDecode(BufferedTransformation &bt)
for backwards compatibility, calls AccessMaterial().Load(bt)
unsigned int EphemeralPublicKeyLength() const
return length of ephemeral public keys in this domain
ring of congruence classes modulo n
interface for random number generators
MQV_Domain< DL_GroupParameters_GFP_DefaultSafePrime > MQV
Menezes-Qu-Vanstone in GF(p) with key validation, AKA MQV
unsigned int BitCount() const
number of significant bits = floor(log2(abs(*this))) + 1
unsigned int EphemeralPrivateKeyLength() const
return length of ephemeral private keys in this domain
unsigned int StaticPrivateKeyLength() const
return length of static private keys in this domain
multiple precision integer and basic arithmetics
unsigned int AgreedValueLength() const
return length of agreed value produced
void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
generate static private key
Implementation of schemes based on DL over GF(p)
static Integer Power2(size_t e)
return the integer 2**e
to be thrown by DecodeElement and AgreeWithStaticPrivateKey
void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
generate ephemeral public key
void Encode(byte *output, size_t outputLen, Signedness=UNSIGNED) const
encode in big-endian format
interface for crypto prameters
interface for domains of authenticated key agreement protocols
void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
generate ephemeral private key
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
derive agreed value from your private keys and couterparty's public keys, return false in case of fai...
unsigned int StaticPublicKeyLength() const
return length of static public keys in this domain