Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members

eccrypto.cpp

00001 // eccrypto.cpp - written and placed in the public domain by Wei Dai 00002 00003 #include "pch.h" 00004 00005 #ifndef CRYPTOPP_IMPORTS 00006 00007 #include "eccrypto.h" 00008 #include "nbtheory.h" 00009 #include "oids.h" 00010 #include "hex.h" 00011 #include "argnames.h" 00012 #include "ec2n.h" 00013 00014 NAMESPACE_BEGIN(CryptoPP) 00015 00016 #ifndef NDEBUG 00017 static void ECDSA_TestInstantiations() 00018 { 00019 ECDSA<EC2N>::Signer t1; 00020 ECDSA<EC2N>::Verifier t2(t1); 00021 ECNR<ECP>::Signer t3; 00022 ECNR<ECP>::Verifier t4(t3); 00023 ECIES<ECP>::Encryptor t5; 00024 ECIES<EC2N>::Decryptor t6; 00025 ECDH<ECP>::Domain t7; 00026 ECMQV<ECP>::Domain t8; 00027 } 00028 #endif 00029 00030 // VC60 workaround: complains when these functions are put into an anonymous namespace 00031 static Integer ConvertToInteger(const PolynomialMod2 &x) 00032 { 00033 unsigned int l = x.ByteCount(); 00034 SecByteBlock temp(l); 00035 x.Encode(temp, l); 00036 return Integer(temp, l); 00037 } 00038 00039 static inline Integer ConvertToInteger(const Integer &x) 00040 { 00041 return x; 00042 } 00043 00044 static bool CheckMOVCondition(const Integer &q, const Integer &r) 00045 { 00046 Integer t=1; 00047 unsigned int n=q.BitCount(), m=r.BitCount(); 00048 00049 for (unsigned int i=n; DiscreteLogWorkFactor(i)<m/2; i+=n) 00050 { 00051 t = (t*q)%r; 00052 if (t == 1) 00053 return false; 00054 } 00055 return true; 00056 } 00057 00058 // ****************************************************************** 00059 00060 template <class T> struct EcRecommendedParameters; 00061 00062 template<> struct EcRecommendedParameters<EC2N> 00063 { 00064 EcRecommendedParameters(const OID &oid, unsigned int t2, unsigned int t3, unsigned int t4, const char *a, const char *b, const char *g, const char *n, unsigned int h) 00065 : oid(oid), t0(0), t1(0), t2(t2), t3(t3), t4(t4), a(a), b(b), g(g), n(n), h(h) {} 00066 EcRecommendedParameters(const OID &oid, unsigned int t0, unsigned int t1, unsigned int t2, unsigned int t3, unsigned int t4, const char *a, const char *b, const char *g, const char *n, unsigned int h) 00067 : oid(oid), t0(t0), t1(t1), t2(t2), t3(t3), t4(t4), a(a), b(b), g(g), n(n), h(h) {} 00068 EC2N *NewEC() const 00069 { 00070 StringSource ssA(a, true, new HexDecoder); 00071 StringSource ssB(b, true, new HexDecoder); 00072 if (t0 == 0) 00073 return new EC2N(GF2NT(t2, t3, t4), EC2N::FieldElement(ssA, ssA.MaxRetrievable()), EC2N::FieldElement(ssB, ssB.MaxRetrievable())); 00074 else 00075 return new EC2N(GF2NPP(t0, t1, t2, t3, t4), EC2N::FieldElement(ssA, ssA.MaxRetrievable()), EC2N::FieldElement(ssB, ssB.MaxRetrievable())); 00076 }; 00077 00078 OID oid; 00079 unsigned int t0, t1, t2, t3, t4; 00080 const char *a, *b, *g, *n; 00081 unsigned int h; 00082 }; 00083 00084 template<> struct EcRecommendedParameters<ECP> 00085 { 00086 EcRecommendedParameters(const OID &oid, const char *p, const char *a, const char *b, const char *g, const char *n, unsigned int h) 00087 : oid(oid), p(p), a(a), b(b), g(g), n(n), h(h) {} 00088 ECP *NewEC() const 00089 { 00090 StringSource ssP(p, true, new HexDecoder); 00091 StringSource ssA(a, true, new HexDecoder); 00092 StringSource ssB(b, true, new HexDecoder); 00093 return new ECP(Integer(ssP, ssP.MaxRetrievable()), ECP::FieldElement(ssA, ssA.MaxRetrievable()), ECP::FieldElement(ssB, ssB.MaxRetrievable())); 00094 }; 00095 00096 OID oid; 00097 const char *p; 00098 const char *a, *b, *g, *n; 00099 unsigned int h; 00100 }; 00101 00102 struct OIDLessThan 00103 { 00104 template <typename T> 00105 inline bool operator()(const EcRecommendedParameters<T>& a, const OID& b) {return a.oid < b;} 00106 template <typename T> 00107 inline bool operator()(const OID& a, const EcRecommendedParameters<T>& b) {return a < b.oid;} 00108 }; 00109 00110 static void GetRecommendedParameters(const EcRecommendedParameters<EC2N> *&begin, const EcRecommendedParameters<EC2N> *&end) 00111 { 00112 // this array must be sorted by OID 00113 static const EcRecommendedParameters<EC2N> rec[] = { 00114 EcRecommendedParameters<EC2N>(ASN1::sect163k1(), 00115 163, 7, 6, 3, 0, 00116 "000000000000000000000000000000000000000001", 00117 "000000000000000000000000000000000000000001", 00118 "0402FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE80289070FB05D38FF58321F2E800536D538CCDAA3D9", 00119 "04000000000000000000020108A2E0CC0D99F8A5EF", 00120 2), 00121 EcRecommendedParameters<EC2N>(ASN1::sect163r1(), 00122 163, 7, 6, 3, 0, 00123 "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", 00124 "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", 00125 "040369979697AB43897789566789567F787A7876A65400435EDB42EFAFB2989D51FEFCE3C80988F41FF883", 00126 "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 00127 2), 00128 EcRecommendedParameters<EC2N>(ASN1::sect239k1(), 00129 239, 158, 0, 00130 "000000000000000000000000000000000000000000000000000000000000", 00131 "000000000000000000000000000000000000000000000000000000000001", 00132 "0429A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", 00133 "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 00134 4), 00135 EcRecommendedParameters<EC2N>(ASN1::sect113r1(), 00136 113, 9, 0, 00137 "003088250CA6E7C7FE649CE85820F7", 00138 "00E8BEE4D3E2260744188BE0E9C723", 00139 "04009D73616F35F4AB1407D73562C10F00A52830277958EE84D1315ED31886", 00140 "0100000000000000D9CCEC8A39E56F", 00141 2), 00142 EcRecommendedParameters<EC2N>(ASN1::sect113r2(), 00143 113, 9, 0, 00144 "00689918DBEC7E5A0DD6DFC0AA55C7", 00145 "0095E9A9EC9B297BD4BF36E059184F", 00146 "0401A57A6A7B26CA5EF52FCDB816479700B3ADC94ED1FE674C06E695BABA1D", 00147 "010000000000000108789B2496AF93", 00148 2), 00149 EcRecommendedParameters<EC2N>(ASN1::sect163r2(), 00150 163, 7, 6, 3, 0, 00151 "000000000000000000000000000000000000000001", 00152 "020A601907B8C953CA1481EB10512F78744A3205FD", 00153 "0403F0EBA16286A2D57EA0991168D4994637E8343E3600D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", 00154 "040000000000000000000292FE77E70C12A4234C33", 00155 2), 00156 EcRecommendedParameters<EC2N>(ASN1::sect283k1(), 00157 283, 12, 7, 5, 0, 00158 "000000000000000000000000000000000000000000000000000000000000000000000000", 00159 "000000000000000000000000000000000000000000000000000000000000000000000001", 00160 "040503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC245849283601CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", 00161 "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", 00162 4), 00163 EcRecommendedParameters<EC2N>(ASN1::sect283r1(), 00164 283, 12, 7, 5, 0, 00165 "000000000000000000000000000000000000000000000000000000000000000000000001", 00166 "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", 00167 "0405F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B1205303676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", 00168 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", 00169 2), 00170 EcRecommendedParameters<EC2N>(ASN1::sect131r1(), 00171 131, 8, 3, 2, 0, 00172 "07A11B09A76B562144418FF3FF8C2570B8", 00173 "0217C05610884B63B9C6C7291678F9D341", 00174 "040081BAF91FDF9833C40F9C181343638399078C6E7EA38C001F73C8134B1B4EF9E150", 00175 "0400000000000000023123953A9464B54D", 00176 2), 00177 EcRecommendedParameters<EC2N>(ASN1::sect131r2(), 00178 131, 8, 3, 2, 0, 00179 "03E5A88919D7CAFCBF415F07C2176573B2", 00180 "04B8266A46C55657AC734CE38F018F2192", 00181 "040356DCD8F2F95031AD652D23951BB366A80648F06D867940A5366D9E265DE9EB240F", 00182 "0400000000000000016954A233049BA98F", 00183 2), 00184 EcRecommendedParameters<EC2N>(ASN1::sect193r1(), 00185 193, 15, 0, 00186 "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", 00187 "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", 00188 "0401F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E10025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", 00189 "01000000000000000000000000C7F34A778F443ACC920EBA49", 00190 2), 00191 EcRecommendedParameters<EC2N>(ASN1::sect193r2(), 00192 193, 15, 0, 00193 "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", 00194 "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", 00195 "0400D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", 00196 "010000000000000000000000015AAB561B005413CCD4EE99D5", 00197 2), 00198 EcRecommendedParameters<EC2N>(ASN1::sect233k1(), 00199 233, 74, 0, 00200 "000000000000000000000000000000000000000000000000000000000000", 00201 "000000000000000000000000000000000000000000000000000000000001", 00202 "04017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD612601DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", 00203 "8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 00204 4), 00205 EcRecommendedParameters<EC2N>(ASN1::sect233r1(), 00206 233, 74, 0, 00207 "000000000000000000000000000000000000000000000000000000000001", 00208 "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", 00209 "0400FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", 00210 "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 00211 2), 00212 EcRecommendedParameters<EC2N>(ASN1::sect409k1(), 00213 409, 87, 0, 00214 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", 00215 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", 00216 "040060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE902374601E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", 00217 "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 00218 4), 00219 EcRecommendedParameters<EC2N>(ASN1::sect409r1(), 00220 409, 87, 0, 00221 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", 00222 "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", 00223 "04015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A70061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", 00224 "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", 00225 2), 00226 EcRecommendedParameters<EC2N>(ASN1::sect571k1(), 00227 571, 10, 5, 2, 0, 00228 "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", 00229 "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", 00230 "04026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C89720349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", 00231 "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", 00232 4), 00233 EcRecommendedParameters<EC2N>(ASN1::sect571r1(), 00234 571, 10, 5, 2, 0, 00235 "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", 00236 "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", 00237 "040303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", 00238 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", 00239 2), 00240 }; 00241 begin = rec; 00242 end = rec + sizeof(rec)/sizeof(rec[0]); 00243 } 00244 00245 static void GetRecommendedParameters(const EcRecommendedParameters<ECP> *&begin, const EcRecommendedParameters<ECP> *&end) 00246 { 00247 // this array must be sorted by OID 00248 static const EcRecommendedParameters<ECP> rec[] = { 00249 EcRecommendedParameters<ECP>(ASN1::secp192r1(), 00250 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 00251 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 00252 "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 00253 "04188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF101207192B95FFC8DA78631011ED6B24CDD573F977A11E794811", 00254 "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 00255 1), 00256 EcRecommendedParameters<ECP>(ASN1::secp256r1(), 00257 "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", 00258 "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", 00259 "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", 00260 "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", 00261 "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 00262 1), 00263 EcRecommendedParameters<ECP>(ASN1::secp112r1(), 00264 "DB7C2ABF62E35E668076BEAD208B", 00265 "DB7C2ABF62E35E668076BEAD2088", 00266 "659EF8BA043916EEDE8911702B22", 00267 "0409487239995A5EE76B55F9C2F098A89CE5AF8724C0A23E0E0FF77500", 00268 "DB7C2ABF62E35E7628DFAC6561C5", 00269 1), 00270 EcRecommendedParameters<ECP>(ASN1::secp112r2(), 00271 "DB7C2ABF62E35E668076BEAD208B", 00272 "6127C24C05F38A0AAAF65C0EF02C", 00273 "51DEF1815DB5ED74FCC34C85D709", 00274 "044BA30AB5E892B4E1649DD0928643ADCD46F5882E3747DEF36E956E97", 00275 "36DF0AAFD8B8D7597CA10520D04B", 00276 4), 00277 EcRecommendedParameters<ECP>(ASN1::secp160r1(), 00278 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", 00279 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", 00280 "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", 00281 "044A96B5688EF573284664698968C38BB913CBFC8223A628553168947D59DCC912042351377AC5FB32", 00282 "0100000000000000000001F4C8F927AED3CA752257", 00283 1), 00284 EcRecommendedParameters<ECP>(ASN1::secp160k1(), 00285 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 00286 "0000000000000000000000000000000000000000", 00287 "0000000000000000000000000000000000000007", 00288 "043B4C382CE37AA192A4019E763036F4F5DD4D7EBB938CF935318FDCED6BC28286531733C3F03C4FEE", 00289 "0100000000000000000001B8FA16DFAB9ACA16B6B3", 00290 1), 00291 EcRecommendedParameters<ECP>(ASN1::secp256k1(), 00292 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 00293 "0000000000000000000000000000000000000000000000000000000000000000", 00294 "0000000000000000000000000000000000000000000000000000000000000007", 00295 "0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 00296 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 00297 1), 00298 EcRecommendedParameters<ECP>(ASN1::secp128r1(), 00299 "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", 00300 "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", 00301 "E87579C11079F43DD824993C2CEE5ED3", 00302 "04161FF7528B899B2D0C28607CA52C5B86CF5AC8395BAFEB13C02DA292DDED7A83", 00303 "FFFFFFFE0000000075A30D1B9038A115", 00304 1), 00305 EcRecommendedParameters<ECP>(ASN1::secp128r2(), 00306 "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", 00307 "D6031998D1B3BBFEBF59CC9BBFF9AEE1", 00308 "5EEEFCA380D02919DC2C6558BB6D8A5D", 00309 "047B6AA5D85E572983E6FB32A7CDEBC14027B6916A894D3AEE7106FE805FC34B44", 00310 "3FFFFFFF7FFFFFFFBE0024720613B5A3", 00311 4), 00312 EcRecommendedParameters<ECP>(ASN1::secp160r2(), 00313 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 00314 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", 00315 "B4E134D3FB59EB8BAB57274904664D5AF50388BA", 00316 "0452DCB034293A117E1F4FF11B30F7199D3144CE6DFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", 00317 "0100000000000000000000351EE786A818F3A1A16B", 00318 1), 00319 EcRecommendedParameters<ECP>(ASN1::secp192k1(), 00320 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 00321 "000000000000000000000000000000000000000000000000", 00322 "000000000000000000000000000000000000000000000003", 00323 "04DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 00324 "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 00325 1), 00326 EcRecommendedParameters<ECP>(ASN1::secp224k1(), 00327 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 00328 "00000000000000000000000000000000000000000000000000000000", 00329 "00000000000000000000000000000000000000000000000000000005", 00330 "04A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 00331 "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 00332 1), 00333 EcRecommendedParameters<ECP>(ASN1::secp224r1(), 00334 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", 00335 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", 00336 "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", 00337 "04B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", 00338 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 00339 1), 00340 EcRecommendedParameters<ECP>(ASN1::secp384r1(), 00341 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", 00342 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", 00343 "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", 00344 "04AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB73617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", 00345 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", 00346 1), 00347 EcRecommendedParameters<ECP>(ASN1::secp521r1(), 00348 "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 00349 "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 00350 "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 00351 "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", 00352 "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 00353 1), 00354 }; 00355 begin = rec; 00356 end = rec + sizeof(rec)/sizeof(rec[0]); 00357 } 00358 00359 template <class EC> OID DL_GroupParameters_EC<EC>::GetNextRecommendedParametersOID(const OID &oid) 00360 { 00361 const EcRecommendedParameters<EllipticCurve> *begin, *end; 00362 GetRecommendedParameters(begin, end); 00363 const EcRecommendedParameters<EllipticCurve> *it = std::upper_bound(begin, end, oid, OIDLessThan()); 00364 return (it == end ? OID() : it->oid); 00365 } 00366 00367 template <class EC> void DL_GroupParameters_EC<EC>::Initialize(const OID &oid) 00368 { 00369 const EcRecommendedParameters<EllipticCurve> *begin, *end; 00370 GetRecommendedParameters(begin, end); 00371 const EcRecommendedParameters<EllipticCurve> *it = std::lower_bound(begin, end, oid, OIDLessThan()); 00372 if (it == end || it->oid != oid) 00373 throw UnknownOID(); 00374 00375 const EcRecommendedParameters<EllipticCurve> &param = *it; 00376 m_oid = oid; 00377 std::auto_ptr<EllipticCurve> ec(param.NewEC()); 00378 this->m_groupPrecomputation.SetCurve(*ec); 00379 00380 StringSource ssG(param.g, true, new HexDecoder); 00381 Element G; 00382 bool result = GetCurve().DecodePoint(G, ssG, ssG.MaxRetrievable()); 00383 SetSubgroupGenerator(G); 00384 assert(result); 00385 00386 StringSource ssN(param.n, true, new HexDecoder); 00387 m_n.Decode(ssN, ssN.MaxRetrievable()); 00388 m_k = param.h; 00389 } 00390 00391 template <class EC> 00392 bool DL_GroupParameters_EC<EC>::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const 00393 { 00394 if (strcmp(name, Name::GroupOID()) == 0) 00395 { 00396 if (m_oid.m_values.empty()) 00397 return false; 00398 00399 this->ThrowIfTypeMismatch(name, typeid(OID), valueType); 00400 *reinterpret_cast<OID *>(pValue) = m_oid; 00401 return true; 00402 } 00403 else 00404 return GetValueHelper<DL_GroupParameters<Element> >(this, name, valueType, pValue).Assignable() 00405 CRYPTOPP_GET_FUNCTION_ENTRY(Curve); 00406 } 00407 00408 template <class EC> 00409 void DL_GroupParameters_EC<EC>::AssignFrom(const NameValuePairs &source) 00410 { 00411 OID oid; 00412 if (source.GetValue(Name::GroupOID(), oid)) 00413 Initialize(oid); 00414 else 00415 { 00416 EllipticCurve ec; 00417 Point G; 00418 Integer n; 00419 00420 source.GetRequiredParameter("DL_GroupParameters_EC<EC>", Name::Curve(), ec); 00421 source.GetRequiredParameter("DL_GroupParameters_EC<EC>", Name::SubgroupGenerator(), G); 00422 source.GetRequiredParameter("DL_GroupParameters_EC<EC>", Name::SubgroupOrder(), n); 00423 Integer k = source.GetValueWithDefault(Name::Cofactor(), Integer::Zero()); 00424 00425 Initialize(ec, G, n, k); 00426 } 00427 } 00428 00429 template <class EC> 00430 void DL_GroupParameters_EC<EC>::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) 00431 { 00432 try 00433 { 00434 AssignFrom(alg); 00435 } 00436 catch (InvalidArgument &) 00437 { 00438 throw NotImplemented("DL_GroupParameters_EC<EC>: curve generation is not implemented yet"); 00439 } 00440 } 00441 00442 template <class EC> 00443 void DL_GroupParameters_EC<EC>::BERDecode(BufferedTransformation &bt) 00444 { 00445 byte b; 00446 if (!bt.Peek(b)) 00447 BERDecodeError(); 00448 if (b == OBJECT_IDENTIFIER) 00449 Initialize(OID(bt)); 00450 else 00451 { 00452 BERSequenceDecoder seq(bt); 00453 word32 version; 00454 BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); // check version 00455 EllipticCurve ec(seq); 00456 Point G = ec.BERDecodePoint(seq); 00457 Integer n(seq); 00458 Integer k; 00459 bool cofactorPresent = !seq.EndReached(); 00460 if (cofactorPresent) 00461 k.BERDecode(seq); 00462 else 00463 k = Integer::Zero(); 00464 seq.MessageEnd(); 00465 00466 Initialize(ec, G, n, k); 00467 } 00468 } 00469 00470 template <class EC> 00471 void DL_GroupParameters_EC<EC>::DEREncode(BufferedTransformation &bt) const 00472 { 00473 if (m_encodeAsOID && !m_oid.m_values.empty()) 00474 m_oid.DEREncode(bt); 00475 else 00476 { 00477 DERSequenceEncoder seq(bt); 00478 DEREncodeUnsigned<word32>(seq, 1); // version 00479 GetCurve().DEREncode(seq); 00480 GetCurve().DEREncodePoint(seq, this->GetSubgroupGenerator(), m_compress); 00481 m_n.DEREncode(seq); 00482 if (m_k.NotZero()) 00483 m_k.DEREncode(seq); 00484 seq.MessageEnd(); 00485 } 00486 } 00487 00488 template <class EC> 00489 Integer DL_GroupParameters_EC<EC>::GetCofactor() const 00490 { 00491 if (!m_k) 00492 { 00493 Integer q = GetCurve().FieldSize(); 00494 Integer qSqrt = q.SquareRoot(); 00495 m_k = (q+2*qSqrt+1)/m_n; 00496 } 00497 00498 return m_k; 00499 } 00500 00501 template <class EC> 00502 Integer DL_GroupParameters_EC<EC>::ConvertElementToInteger(const Element &element) const 00503 { 00504 return ConvertToInteger(element.x); 00505 }; 00506 00507 template <class EC> 00508 bool DL_GroupParameters_EC<EC>::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const 00509 { 00510 bool pass = GetCurve().ValidateParameters(rng, level); 00511 00512 Integer q = GetCurve().FieldSize(); 00513 pass = pass && m_n!=q; 00514 00515 if (level >= 2) 00516 { 00517 Integer qSqrt = q.SquareRoot(); 00518 pass = pass && m_n>4*qSqrt; 00519 pass = pass && VerifyPrime(rng, m_n, level-2); 00520 pass = pass && (m_k.IsZero() || m_k == (q+2*qSqrt+1)/m_n); 00521 pass = pass && CheckMOVCondition(q, m_n); 00522 } 00523 00524 return pass; 00525 } 00526 00527 template <class EC> 00528 bool DL_GroupParameters_EC<EC>::ValidateElement(unsigned int level, const Element &g, const DL_FixedBasePrecomputation<Element> *gpc) const 00529 { 00530 bool pass = !IsIdentity(g) && GetCurve().VerifyPoint(g); 00531 if (level >= 1) 00532 { 00533 if (gpc) 00534 pass = pass && gpc->Exponentiate(this->GetGroupPrecomputation(), Integer::One()) == g; 00535 } 00536 if (level >= 2) 00537 { 00538 const Integer &q = GetSubgroupOrder(); 00539 pass = pass && IsIdentity(gpc ? gpc->Exponentiate(this->GetGroupPrecomputation(), q) : ExponentiateElement(g, q)); 00540 } 00541 return pass; 00542 } 00543 00544 template <class EC> 00545 void DL_GroupParameters_EC<EC>::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const 00546 { 00547 GetCurve().SimultaneousMultiply(results, base, exponents, exponentsCount); 00548 } 00549 00550 template <class EC> 00551 CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::MultiplyElements(const Element &a, const Element &b) const 00552 { 00553 return GetCurve().Add(a, b); 00554 } 00555 00556 template <class EC> 00557 CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const 00558 { 00559 return GetCurve().CascadeMultiply(exponent1, element1, exponent2, element2); 00560 } 00561 00562 template <class EC> 00563 OID DL_GroupParameters_EC<EC>::GetAlgorithmID() const 00564 { 00565 return ASN1::id_ecPublicKey(); 00566 } 00567 00568 // ****************************************************************** 00569 00570 template <class EC> 00571 void DL_PublicKey_EC<EC>::BERDecodeKey2(BufferedTransformation &bt, bool parametersPresent, unsigned int size) 00572 { 00573 typename EC::Point P; 00574 if (!this->GetGroupParameters().GetCurve().DecodePoint(P, bt, size)) 00575 BERDecodeError(); 00576 SetPublicElement(P); 00577 } 00578 00579 template <class EC> 00580 void DL_PublicKey_EC<EC>::DEREncodeKey(BufferedTransformation &bt) const 00581 { 00582 this->GetGroupParameters().GetCurve().EncodePoint(bt, this->GetPublicElement(), this->GetGroupParameters().GetPointCompression()); 00583 } 00584 00585 // ****************************************************************** 00586 00587 template <class EC> 00588 void DL_PrivateKey_EC<EC>::BERDecodeKey2(BufferedTransformation &bt, bool parametersPresent, unsigned int size) 00589 { 00590 BERSequenceDecoder seq(bt); 00591 word32 version; 00592 BERDecodeUnsigned<word32>(seq, version, INTEGER, 1, 1); // check version 00593 00594 BERGeneralDecoder dec(seq, OCTET_STRING); 00595 if (!dec.IsDefiniteLength()) 00596 BERDecodeError(); 00597 Integer x; 00598 x.Decode(dec, dec.RemainingLength()); 00599 dec.MessageEnd(); 00600 if (!parametersPresent && seq.PeekByte() != (CONTEXT_SPECIFIC | CONSTRUCTED | 0)) 00601 BERDecodeError(); 00602 if (!seq.EndReached() && seq.PeekByte() == (CONTEXT_SPECIFIC | CONSTRUCTED | 0)) 00603 { 00604 BERGeneralDecoder parameters(seq, CONTEXT_SPECIFIC | CONSTRUCTED | 0); 00605 this->AccessGroupParameters().BERDecode(parameters); 00606 parameters.MessageEnd(); 00607 } 00608 if (!seq.EndReached()) 00609 { 00610 // skip over the public element 00611 SecByteBlock subjectPublicKey; 00612 unsigned int unusedBits; 00613 BERGeneralDecoder publicKey(seq, CONTEXT_SPECIFIC | CONSTRUCTED | 1); 00614 BERDecodeBitString(publicKey, subjectPublicKey, unusedBits); 00615 publicKey.MessageEnd(); 00616 Element Q; 00617 if (!(unusedBits == 0 && this->GetGroupParameters().GetCurve().DecodePoint(Q, subjectPublicKey, subjectPublicKey.size()))) 00618 BERDecodeError(); 00619 } 00620 seq.MessageEnd(); 00621 00622 this->SetPrivateExponent(x); 00623 } 00624 00625 template <class EC> 00626 void DL_PrivateKey_EC<EC>::DEREncodeKey(BufferedTransformation &bt) const 00627 { 00628 DERSequenceEncoder privateKey(bt); 00629 DEREncodeUnsigned<word32>(privateKey, 1); // version 00630 // SEC 1 ver 1.0 says privateKey (m_d) has the same length as order of the curve 00631 // this will be changed to order of base point in a future version 00632 this->GetPrivateExponent().DEREncodeAsOctetString(privateKey, this->GetGroupParameters().GetSubgroupOrder().ByteCount()); 00633 privateKey.MessageEnd(); 00634 } 00635 00636 NAMESPACE_END 00637 00638 #endif

Generated on Fri Aug 27 16:09:16 2004 for Crypto++ by doxygen 1.3.8