4 #ifndef CRYPTOPP_FHMQV_H 5 #define CRYPTOPP_FHMQV_H 23 template <
class GROUP_PARAMETERS,
class COFACTOR_OPTION =
typename GROUP_PARAMETERS::DefaultCofactorOption,
class HASH = SHA512>
27 typedef GROUP_PARAMETERS GroupParameters;
28 typedef typename GroupParameters::Element Element;
38 : m_role(clientRole ? RoleClient : RoleServer) {}
45 FHMQV_Domain(
const GroupParameters ¶ms,
bool clientRole =
true)
46 : m_role(clientRole ? RoleClient : RoleServer), m_groupParameters(params) {}
54 : m_role(clientRole ? RoleClient : RoleServer)
55 {m_groupParameters.BERDecode(bt);}
66 : m_role(clientRole ? RoleClient : RoleServer)
67 {m_groupParameters.Initialize(v1);}
78 template <
class T1,
class T2>
80 : m_role(clientRole ? RoleClient : RoleServer)
81 {m_groupParameters.Initialize(v1, v2);}
94 template <
class T1,
class T2,
class T3>
96 : m_role(clientRole ? RoleClient : RoleServer)
97 {m_groupParameters.Initialize(v1, v2, v3);}
112 template <
class T1,
class T2,
class T3,
class T4>
114 : m_role(clientRole ? RoleClient : RoleServer)
115 {m_groupParameters.Initialize(v1, v2, v3, v4);}
138 {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
144 {
return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}
153 {
return GetAbstractGroupParameters().GetEncodedElementSize(
true);}
177 CRYPTOPP_UNUSED(rng);
216 CRYPTOPP_UNUSED(rng);
244 const byte *staticPrivateKey,
const byte *ephemeralPrivateKey,
245 const byte *staticOtherPublicKey,
const byte *ephemeralOtherPublicKey,
246 bool validateStaticOtherPublicKey=
true)
const 248 const byte *XX = NULLPTR, *YY = NULLPTR, *AA = NULLPTR, *BB = NULLPTR;
249 size_t xxs = 0, yys = 0, aas = 0, bbs = 0;
260 if(m_role == RoleServer)
266 XX = ephemeralOtherPublicKey;
270 AA = staticOtherPublicKey;
283 YY = ephemeralOtherPublicKey;
287 BB = staticOtherPublicKey;
291 Element VV1 = params.
DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey);
292 Element VV2 = params.
DecodeElement(ephemeralOtherPublicKey,
true);
295 const unsigned int len = (((q.
BitCount()+1)/2 +7)/8);
298 Hash(NULLPTR, XX, xxs, YY, yys, AA, aas, BB, bbs, dd.BytePtr(), dd.SizeInBytes());
299 Integer d(dd.BytePtr(), dd.SizeInBytes());
301 Hash(NULLPTR, YY, yys, XX, xxs, AA, aas, BB, bbs, ee.
BytePtr(), ee.
SizeInBytes());
305 if(m_role == RoleServer)
315 Element t2 = m_groupParameters.MultiplyElements(X, t1);
329 Element t2 = m_groupParameters.MultiplyElements(Y, t1);
334 Hash(&sigma, XX, xxs, YY, yys, AA, aas, BB, bbs, agreedValue,
AgreedValueLength());
346 inline void Hash(
const Element* sigma,
347 const byte* e1,
size_t e1len,
const byte* e2,
size_t e2len,
348 const byte* s1,
size_t s1len,
const byte* s2,
size_t s2len,
349 byte* digest,
size_t dlen)
const 352 size_t idx = 0, req = dlen;
353 size_t blk =
STDMIN(dlen, (
size_t)HASH::DIGESTSIZE);
360 SecByteBlock sbb(GetAbstractGroupParameters().GetEncodedElementSize(
false));
361 GetAbstractGroupParameters().EncodeElement(
false, *sigma, sbb);
362 hash.Update(sbb.BytePtr(), sbb.SizeInBytes());
365 hash.Update(e1, e1len);
366 hash.Update(e2, e2len);
367 hash.Update(s1, s1len);
368 hash.Update(s2, s2len);
370 hash.TruncatedFinal(digest, blk);
376 hash.Update(&digest[idx], (
size_t)HASH::DIGESTSIZE);
378 idx += (size_t)HASH::DIGESTSIZE;
379 blk =
STDMIN(req, (
size_t)HASH::DIGESTSIZE);
380 hash.TruncatedFinal(&digest[idx], blk);
389 enum KeyAgreementRole { RoleServer = 1, RoleClient };
394 GroupParameters m_groupParameters;
395 KeyAgreementRole m_role;
void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate a static public key from a private key in this domain.
unsigned int StaticPublicKeyLength() const
Provides the size of the static public key.
unsigned int EphemeralPrivateKeyLength() const
Provides the size of the ephemeral private key.
static const Integer & One()
Integer representing 1.
size_type SizeInBytes() const
Provides the number of bytes in the SecBlock.
const CryptoMaterial & GetMaterial() const
Retrieves a reference to Crypto Parameters.
Fully Hashed Menezes-Qu-Vanstone in GF(p)
Interface for Discrete Log (DL) group parameters.
void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate ephemeral public key from a private key in this domain.
Interface for random number generators.
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
Derive agreed value or shared secret.
FHMQV_Domain(T1 v1, bool clientRole=true)
Construct a FHMQV domain.
Classes for performing mathematics over different fields.
FHMQV_Domain(T1 v1, T2 v2, T3 v3, bool clientRole=true)
Construct a FHMQV domain.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate ephemeral private key in this domain.
unsigned int StaticPrivateKeyLength() const
Provides the size of the static private key.
void DoQuickSanityCheck() const
Perform a quick sanity check.
unsigned int AgreedValueLength() const
Provides the size of the agreed value.
const GroupParameters & GetGroupParameters() const
Retrieves the group parameters for this domain.
void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate static private key in this domain.
Multiple precision integer with arithmetic operations.
CryptoParameters & AccessCryptoParameters()
Retrieves the crypto parameters for this domain.
Classes and functions for schemes based on Discrete Logs (DL) over GF(p)
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.
Exception thrown when an invalid group element is encountered.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
GroupParameters & AccessGroupParameters()
Retrieves the group parameters for this domain.
Classes for SHA-1 and SHA-2 family of message digests.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
unsigned char byte
8-bit unsigned datatype
FHMQV_Domain(T1 v1, T2 v2, bool clientRole=true)
Construct a FHMQV domain.
FHMQV_Domain(bool clientRole=true)
Construct a FHMQV domain.
unsigned int EphemeralPublicKeyLength() const
Provides the size of the ephemeral public key.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
FHMQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4, bool clientRole=true)
Construct a FHMQV domain.
Interface for crypto prameters.
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.
Crypto++ library namespace.
Interface for domains of authenticated key agreement protocols.
FHMQV_Domain(BufferedTransformation &bt, bool clientRole=true)
Construct a FHMQV domain.
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
FHMQV_Domain< DL_GroupParameters_GFP_DefaultSafePrime > FHMQV
Fully Hashed Menezes-Qu-Vanstone in GF(p)
FHMQV_Domain(const GroupParameters ¶ms, bool clientRole=true)
Construct a FHMQV domain.
byte * BytePtr()
Provides a byte pointer to the first element in the memory block.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.