4 #ifndef CRYPTOPP_HMQV_H
5 #define CRYPTOPP_HMQV_H
22 template <
class GROUP_PARAMETERS,
class COFACTOR_OPTION =
typename GROUP_PARAMETERS::DefaultCofactorOption,
class HASH = SHA512>
26 typedef GROUP_PARAMETERS GroupParameters;
27 typedef typename GroupParameters::Element Element;
32 HMQV_Domain(
bool clientRole =
true): m_role(clientRole ? RoleClient : RoleServer) {}
34 HMQV_Domain(
const GroupParameters ¶ms,
bool clientRole =
true)
35 : m_role(clientRole ? RoleClient : RoleServer), m_groupParameters(params) {}
38 : m_role(clientRole ? RoleClient : RoleServer)
39 {m_groupParameters.BERDecode(bt);}
43 : m_role(clientRole ? RoleClient : RoleServer)
44 {m_groupParameters.Initialize(v1);}
46 template <
class T1,
class T2>
48 : m_role(clientRole ? RoleClient : RoleServer)
49 {m_groupParameters.Initialize(v1, v2);}
51 template <
class T1,
class T2,
class T3>
52 HMQV_Domain(T1 v1, T2 v2, T3 v3,
bool clientRole =
true)
53 : m_role(clientRole ? RoleClient : RoleServer)
54 {m_groupParameters.Initialize(v1, v2, v3);}
56 template <
class T1,
class T2,
class T3,
class T4>
57 HMQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4,
bool clientRole =
true)
58 : m_role(clientRole ? RoleClient : RoleServer)
59 {m_groupParameters.Initialize(v1, v2, v3, v4);}
63 const GroupParameters & GetGroupParameters()
const {
return m_groupParameters;}
64 GroupParameters & AccessGroupParameters(){
return m_groupParameters;}
69 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
110 CRYPTOPP_UNUSED(rng);
124 const byte *staticPrivateKey,
const byte *ephemeralPrivateKey,
125 const byte *staticOtherPublicKey,
const byte *ephemeralOtherPublicKey,
126 bool validateStaticOtherPublicKey=
true)
const
128 byte *XX = NULLPTR, *YY = NULLPTR, *AA = NULLPTR, *BB = NULLPTR;
129 size_t xxs = 0, yys = 0, aas = 0, bbs = 0;
140 if(m_role == RoleServer)
146 XX =
const_cast<byte*
>(ephemeralOtherPublicKey);
150 AA =
const_cast<byte*
>(staticOtherPublicKey);
155 else if(m_role == RoleClient)
163 YY =
const_cast<byte*
>(ephemeralOtherPublicKey);
167 BB =
const_cast<byte*
>(staticOtherPublicKey);
179 Element VV1 = params.
DecodeElement(staticOtherPublicKey,
false);
180 if(!params.
ValidateElement(validateStaticOtherPublicKey ? 3 : 1, VV1, NULLPTR))
185 Element VV2 = params.
DecodeElement(ephemeralOtherPublicKey,
false);
191 const unsigned int len = (((q.
BitCount()+1)/2 +7)/8);
197 Hash(NULLPTR, XX, xxs, BB, bbs, dd.BytePtr(), dd.SizeInBytes());
198 d.Decode(dd.BytePtr(), dd.SizeInBytes());
205 if(m_role == RoleServer)
215 Element t2 = m_groupParameters.MultiplyElements(X, t1);
230 Element t2 = m_groupParameters.MultiplyElements(Y, t1);
248 inline void Hash(
const Element* sigma,
249 const byte* e1,
size_t e1len,
250 const byte* s1,
size_t s1len,
251 byte* digest,
size_t dlen)
const
254 size_t idx = 0, req = dlen;
255 size_t blk =
STDMIN(dlen, (
size_t)HASH::DIGESTSIZE);
259 if (e1len != 0 || s1len != 0) {
262 Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma);
264 x.Encode(sbb.BytePtr(), sbb.SizeInBytes());
265 hash.Update(sbb.BytePtr(), sbb.SizeInBytes());
267 if (e1len == 0 || s1len == 0) {
270 hash.Update(e1, e1len);
271 hash.Update(s1, s1len);
274 hash.TruncatedFinal(digest, blk);
280 hash.Update(&digest[idx], (
size_t)HASH::DIGESTSIZE);
282 idx += (size_t)HASH::DIGESTSIZE;
283 blk =
STDMIN(req, (
size_t)HASH::DIGESTSIZE);
284 hash.TruncatedFinal(&digest[idx], blk);
293 enum KeyAgreementRole{ RoleServer = 1, RoleClient };
298 GroupParameters m_groupParameters;
299 KeyAgreementRole m_role;
Classes for performing mathematics over different fields.
Interface for domains of authenticated key agreement protocols.
void DoQuickSanityCheck() const
Perform a quick sanity check.
Interface for crypto prameters.
Exception thrown when an invalid group element is encountered.
Interface for Discrete Log (DL) group parameters.
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation< Element > *precomp) const =0
Check the element for errors.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.
Hashed Menezes-Qu-Vanstone in GF(p)
void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
return length of ephemeral private keys in this domain
void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
generate static private key
void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
return length of ephemeral public keys in this domain
CryptoParameters & AccessCryptoParameters()
Retrieves a reference to Crypto Parameters.
unsigned int StaticPrivateKeyLength() const
return length of static private keys in this domain
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
derive agreed value from your private keys and couterparty's public keys, return false in case of fai...
unsigned int AgreedValueLength() const
return length of agreed value produced
unsigned int EphemeralPrivateKeyLength() const
Provides the size of ephemeral private key.
void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
generate static public key
unsigned int StaticPublicKeyLength() const
return length of static public keys in this domain
unsigned int EphemeralPublicKeyLength() const
Provides the size of ephemeral public key.
Multiple precision integer with arithmetic operations.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
static const Integer & One()
Integer representing 1.
const CryptoMaterial & GetMaterial() const
Retrieves a reference to Crypto Parameters.
Interface for random number generators.
byte * BytePtr()
Provides a byte pointer to the first element in the memory block.
size_type SizeInBytes() const
Provides the number of bytes in the SecBlock.
Classes and functions for schemes based on Discrete Logs (DL) over GF(p)
HMQV_Domain< DL_GroupParameters_GFP_DefaultSafePrime > HMQV
Hashed Menezes-Qu-Vanstone in GF(p)
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Crypto++ library namespace.
Classes for SHA-1 and SHA-2 family of message digests.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.