Coverage Report

Created: 2024-11-21 07:03

/src/cryptopp/eccrypto.h
Line
Count
Source (jump to first uncovered line)
1
// eccrypto.h - originally written and placed in the public domain by Wei Dai
2
//              deterministic signatures added by by Douglas Roark
3
4
/// \file eccrypto.h
5
/// \brief Classes and functions for Elliptic Curves over prime and binary fields
6
7
#ifndef CRYPTOPP_ECCRYPTO_H
8
#define CRYPTOPP_ECCRYPTO_H
9
10
#include "config.h"
11
#include "cryptlib.h"
12
#include "pubkey.h"
13
#include "integer.h"
14
#include "asn.h"
15
#include "hmac.h"
16
#include "sha.h"
17
#include "gfpcrypt.h"
18
#include "dh.h"
19
#include "mqv.h"
20
#include "hmqv.h"
21
#include "fhmqv.h"
22
#include "ecp.h"
23
#include "ec2n.h"
24
25
#include <iosfwd>
26
27
#if CRYPTOPP_MSC_VERSION
28
# pragma warning(push)
29
# pragma warning(disable: 4231 4275)
30
#endif
31
32
NAMESPACE_BEGIN(CryptoPP)
33
34
/// \brief Elliptic Curve Parameters
35
/// \tparam EC elliptic curve field
36
/// \details This class corresponds to the ASN.1 sequence of the same name
37
///  in ANSI X9.62 and SEC 1. EC is currently defined for ECP and EC2N.
38
template <class EC>
39
class DL_GroupParameters_EC : public DL_GroupParametersImpl<EcPrecomputation<EC> >
40
{
41
  typedef DL_GroupParameters_EC<EC> ThisClass;
42
43
public:
44
  typedef EC EllipticCurve;
45
  typedef typename EllipticCurve::Point Point;
46
  typedef Point Element;
47
  typedef IncompatibleCofactorMultiplication DefaultCofactorOption;
48
49
29.4k
  virtual ~DL_GroupParameters_EC() {}
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::~DL_GroupParameters_EC()
Line
Count
Source
49
29.4k
  virtual ~DL_GroupParameters_EC() {}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::~DL_GroupParameters_EC()
50
51
  /// \brief Construct an EC GroupParameters
52
2.24k
  DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(true) {}
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::DL_GroupParameters_EC()
Line
Count
Source
52
2.24k
  DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(true) {}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::DL_GroupParameters_EC()
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::DL_GroupParameters_EC()
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::DL_GroupParameters_EC()
53
54
  /// \brief Construct an EC GroupParameters
55
  /// \param oid the OID of a curve
56
  DL_GroupParameters_EC(const OID &oid)
57
28.4k
    : m_compress(false), m_encodeAsOID(true) {Initialize(oid);}
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::DL_GroupParameters_EC(CryptoPP::OID const&)
Line
Count
Source
57
28.4k
    : m_compress(false), m_encodeAsOID(true) {Initialize(oid);}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::DL_GroupParameters_EC(CryptoPP::OID const&)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::DL_GroupParameters_EC(CryptoPP::OID const&)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::DL_GroupParameters_EC(CryptoPP::OID const&)
58
59
  /// \brief Construct an EC GroupParameters
60
  /// \param ec the elliptic curve
61
  /// \param G the base point
62
  /// \param n the order of the base point
63
  /// \param k the cofactor
64
  DL_GroupParameters_EC(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
65
0
    : m_compress(false), m_encodeAsOID(true) {Initialize(ec, G, n, k);}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::DL_GroupParameters_EC(CryptoPP::ECP const&, CryptoPP::ECPPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::DL_GroupParameters_EC(CryptoPP::ECP const&, CryptoPP::ECPPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::DL_GroupParameters_EC(CryptoPP::EC2N const&, CryptoPP::EC2NPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::DL_GroupParameters_EC(CryptoPP::EC2N const&, CryptoPP::EC2NPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
66
67
  /// \brief Construct an EC GroupParameters
68
  /// \param bt BufferedTransformation with group parameters
69
  DL_GroupParameters_EC(BufferedTransformation &bt)
70
0
    : m_compress(false), m_encodeAsOID(true) {BERDecode(bt);}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::DL_GroupParameters_EC(CryptoPP::BufferedTransformation&)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::DL_GroupParameters_EC(CryptoPP::BufferedTransformation&)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::DL_GroupParameters_EC(CryptoPP::BufferedTransformation&)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::DL_GroupParameters_EC(CryptoPP::BufferedTransformation&)
71
72
  /// \brief Initialize an EC GroupParameters using {EC,G,n,k}
73
  /// \param ec the elliptic curve
74
  /// \param G the base point
75
  /// \param n the order of the base point
76
  /// \param k the cofactor
77
  /// \details This Initialize() function overload initializes group parameters from existing parameters.
78
  void Initialize(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
79
0
  {
80
0
    this->m_groupPrecomputation.SetCurve(ec);
81
0
    this->SetSubgroupGenerator(G);
82
0
    m_n = n;
83
0
    m_k = k;
84
0
  }
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::Initialize(CryptoPP::ECP const&, CryptoPP::ECPPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::Initialize(CryptoPP::EC2N const&, CryptoPP::EC2NPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
85
86
  /// \brief Initialize a DL_GroupParameters_EC {EC,G,n,k}
87
  /// \param oid the OID of a curve
88
  /// \details This Initialize() function overload initializes group parameters from existing parameters.
89
  void Initialize(const OID &oid);
90
91
  // NameValuePairs
92
  bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
93
  void AssignFrom(const NameValuePairs &source);
94
95
  // GeneratibleCryptoMaterial interface
96
  /// this implementation doesn't actually generate a curve, it just initializes the parameters with existing values
97
  /*! parameters: (Curve, SubgroupGenerator, SubgroupOrder, Cofactor (optional)), or (GroupOID) */
98
  void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
99
100
  // DL_GroupParameters
101
0
  const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::GetBasePrecomputation() const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::GetBasePrecomputation() const
102
27.1k
  DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;}
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::AccessBasePrecomputation()
Line
Count
Source
102
27.1k
  DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::AccessBasePrecomputation()
103
0
  const Integer & GetSubgroupOrder() const {return m_n;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::GetSubgroupOrder() const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::GetSubgroupOrder() const
104
  Integer GetCofactor() const;
105
  bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
106
  bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const;
107
0
  bool FastSubgroupCheckAvailable() const {return false;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::FastSubgroupCheckAvailable() const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::FastSubgroupCheckAvailable() const
108
  void EncodeElement(bool reversible, const Element &element, byte *encoded) const
109
0
  {
110
0
    if (reversible)
111
0
      GetCurve().EncodePoint(encoded, element, m_compress);
112
0
    else
113
0
      element.x.Encode(encoded, GetEncodedElementSize(false));
114
0
  }
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::EncodeElement(bool, CryptoPP::ECPPoint const&, unsigned char*) const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::EncodeElement(bool, CryptoPP::EC2NPoint const&, unsigned char*) const
115
  virtual unsigned int GetEncodedElementSize(bool reversible) const
116
0
  {
117
0
    if (reversible)
118
0
      return GetCurve().EncodedPointSize(m_compress);
119
0
    else
120
0
      return GetCurve().GetField().MaxElementByteLength();
121
0
  }
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::GetEncodedElementSize(bool) const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::GetEncodedElementSize(bool) const
122
  Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const
123
0
  {
124
0
    Point result;
125
0
    if (!GetCurve().DecodePoint(result, encoded, GetEncodedElementSize(true)))
126
0
      throw DL_BadElement();
127
0
    if (checkForGroupMembership && !ValidateElement(1, result, NULLPTR))
128
0
      throw DL_BadElement();
129
0
    return result;
130
0
  }
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::DecodeElement(unsigned char const*, bool) const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::DecodeElement(unsigned char const*, bool) const
131
  Integer ConvertElementToInteger(const Element &element) const;
132
0
  Integer GetMaxExponent() const {return GetSubgroupOrder()-1;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::GetMaxExponent() const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::GetMaxExponent() const
133
0
  bool IsIdentity(const Element &element) const {return element.identity;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::IsIdentity(CryptoPP::ECPPoint const&) const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::IsIdentity(CryptoPP::EC2NPoint const&) const
134
  void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
135
0
  static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "EC";}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::StaticAlgorithmNamePrefix()
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::StaticAlgorithmNamePrefix()
136
137
  // ASN1Key
138
  OID GetAlgorithmID() const;
139
140
  // used by MQV
141
  Element MultiplyElements(const Element &a, const Element &b) const;
142
  Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const;
143
144
  // non-inherited
145
146
  // enumerate OIDs for recommended parameters, use OID() to get first one
147
  static OID CRYPTOPP_API GetNextRecommendedParametersOID(const OID &oid);
148
149
  void BERDecode(BufferedTransformation &bt);
150
  void DEREncode(BufferedTransformation &bt) const;
151
152
0
  void SetPointCompression(bool compress) {m_compress = compress;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::SetPointCompression(bool)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::SetPointCompression(bool)
153
0
  bool GetPointCompression() const {return m_compress;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::GetPointCompression() const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::GetPointCompression() const
154
155
0
  void SetEncodeAsOID(bool encodeAsOID) {m_encodeAsOID = encodeAsOID;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::SetEncodeAsOID(bool)
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::SetEncodeAsOID(bool)
156
0
  bool GetEncodeAsOID() const {return m_encodeAsOID;}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::GetEncodeAsOID() const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::GetEncodeAsOID() const
157
158
27.1k
  const EllipticCurve& GetCurve() const {return this->m_groupPrecomputation.GetCurve();}
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::GetCurve() const
Line
Count
Source
158
27.1k
  const EllipticCurve& GetCurve() const {return this->m_groupPrecomputation.GetCurve();}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::GetCurve() const
159
160
  bool operator==(const ThisClass &rhs) const
161
0
    {return this->m_groupPrecomputation.GetCurve() == rhs.m_groupPrecomputation.GetCurve() && this->m_gpc.GetBase(this->m_groupPrecomputation) == rhs.m_gpc.GetBase(rhs.m_groupPrecomputation);}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::operator==(CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> const&) const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::operator==(CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N> const&) const
162
163
protected:
164
0
  unsigned int FieldElementLength() const {return GetCurve().GetField().MaxElementByteLength();}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::FieldElementLength() const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::FieldElementLength() const
165
0
  unsigned int ExponentLength() const {return m_n.ByteCount();}
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::ExponentLength() const
Unexecuted instantiation: CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::ExponentLength() const
166
167
  OID m_oid;      // set if parameters loaded from a recommended curve
168
  Integer m_n;    // order of base point
169
  mutable Integer m_k;    // cofactor
170
  mutable bool m_compress, m_encodeAsOID;   // presentation details
171
};
172
173
inline std::ostream& operator<<(std::ostream& os, const DL_GroupParameters_EC<ECP>::Element& obj);
174
175
/// \brief Elliptic Curve Discrete Log (DL) public key
176
/// \tparam EC elliptic curve field
177
template <class EC>
178
class DL_PublicKey_EC : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> >
179
{
180
public:
181
  typedef typename EC::Point Element;
182
183
1.26k
  virtual ~DL_PublicKey_EC() {}
CryptoPP::DL_PublicKey_EC<CryptoPP::ECP>::~DL_PublicKey_EC()
Line
Count
Source
183
1.26k
  virtual ~DL_PublicKey_EC() {}
Unexecuted instantiation: CryptoPP::DL_PublicKey_EC<CryptoPP::EC2N>::~DL_PublicKey_EC()
184
185
  /// \brief Initialize an EC Public Key using {GP,Q}
186
  /// \param params group parameters
187
  /// \param Q the public point
188
  /// \details This Initialize() function overload initializes a public key from existing parameters.
189
  void Initialize(const DL_GroupParameters_EC<EC> &params, const Element &Q)
190
0
    {this->AccessGroupParameters() = params; this->SetPublicElement(Q);}
Unexecuted instantiation: CryptoPP::DL_PublicKey_EC<CryptoPP::ECP>::Initialize(CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> const&, CryptoPP::ECPPoint const&)
Unexecuted instantiation: CryptoPP::DL_PublicKey_EC<CryptoPP::EC2N>::Initialize(CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N> const&, CryptoPP::EC2NPoint const&)
191
192
  /// \brief Initialize an EC Public Key using {EC,G,n,Q}
193
  /// \param ec the elliptic curve
194
  /// \param G the base point
195
  /// \param n the order of the base point
196
  /// \param Q the public point
197
  /// \details This Initialize() function overload initializes a public key from existing parameters.
198
  void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q)
199
0
    {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPublicElement(Q);}
Unexecuted instantiation: CryptoPP::DL_PublicKey_EC<CryptoPP::ECP>::Initialize(CryptoPP::ECP const&, CryptoPP::ECPPoint const&, CryptoPP::Integer const&, CryptoPP::ECPPoint const&)
Unexecuted instantiation: CryptoPP::DL_PublicKey_EC<CryptoPP::EC2N>::Initialize(CryptoPP::EC2N const&, CryptoPP::EC2NPoint const&, CryptoPP::Integer const&, CryptoPP::EC2NPoint const&)
200
201
  // X509PublicKey
202
  void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
203
  void DEREncodePublicKey(BufferedTransformation &bt) const;
204
};
205
206
/// \brief Elliptic Curve Discrete Log (DL) private key
207
/// \tparam EC elliptic curve field
208
template <class EC>
209
class DL_PrivateKey_EC : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> >
210
{
211
public:
212
  typedef typename EC::Point Element;
213
214
  virtual ~DL_PrivateKey_EC();
215
216
  /// \brief Initialize an EC Private Key using {GP,x}
217
  /// \param params group parameters
218
  /// \param x the private exponent
219
  /// \details This Initialize() function overload initializes a private key from existing parameters.
220
  void Initialize(const DL_GroupParameters_EC<EC> &params, const Integer &x)
221
0
    {this->AccessGroupParameters() = params; this->SetPrivateExponent(x);}
Unexecuted instantiation: CryptoPP::DL_PrivateKey_EC<CryptoPP::ECP>::Initialize(CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_PrivateKey_EC<CryptoPP::EC2N>::Initialize(CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N> const&, CryptoPP::Integer const&)
222
223
  /// \brief Initialize an EC Private Key using {EC,G,n,x}
224
  /// \param ec the elliptic curve
225
  /// \param G the base point
226
  /// \param n the order of the base point
227
  /// \param x the private exponent
228
  /// \details This Initialize() function overload initializes a private key from existing parameters.
229
  void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x)
230
0
    {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPrivateExponent(x);}
Unexecuted instantiation: CryptoPP::DL_PrivateKey_EC<CryptoPP::ECP>::Initialize(CryptoPP::ECP const&, CryptoPP::ECPPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_PrivateKey_EC<CryptoPP::EC2N>::Initialize(CryptoPP::EC2N const&, CryptoPP::EC2NPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
231
232
  /// \brief Create an EC private key
233
  /// \param rng a RandomNumberGenerator derived class
234
  /// \param params the EC group parameters
235
  /// \details This function overload of Initialize() creates a new private key because it
236
  ///  takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
237
  ///  then use one of the other Initialize() overloads.
238
  void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> &params)
239
0
    {this->GenerateRandom(rng, params);}
Unexecuted instantiation: CryptoPP::DL_PrivateKey_EC<CryptoPP::ECP>::Initialize(CryptoPP::RandomNumberGenerator&, CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> const&)
Unexecuted instantiation: CryptoPP::DL_PrivateKey_EC<CryptoPP::EC2N>::Initialize(CryptoPP::RandomNumberGenerator&, CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N> const&)
240
241
  /// \brief Create an EC private key
242
  /// \param rng a RandomNumberGenerator derived class
243
  /// \param ec the elliptic curve
244
  /// \param G the base point
245
  /// \param n the order of the base point
246
  /// \details This function overload of Initialize() creates a new private key because it
247
  ///  takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
248
  ///  then use one of the other Initialize() overloads.
249
  void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n)
250
0
    {this->GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));}
Unexecuted instantiation: CryptoPP::DL_PrivateKey_EC<CryptoPP::ECP>::Initialize(CryptoPP::RandomNumberGenerator&, CryptoPP::ECP const&, CryptoPP::ECPPoint const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_PrivateKey_EC<CryptoPP::EC2N>::Initialize(CryptoPP::RandomNumberGenerator&, CryptoPP::EC2N const&, CryptoPP::EC2NPoint const&, CryptoPP::Integer const&)
251
252
  // PKCS8PrivateKey
253
  void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
254
  void DEREncodePrivateKey(BufferedTransformation &bt) const;
255
};
256
257
// Out-of-line dtor due to AIX and GCC, http://github.com/weidai11/cryptopp/issues/499
258
template<class EC>
259
982
DL_PrivateKey_EC<EC>::~DL_PrivateKey_EC() {}
CryptoPP::DL_PrivateKey_EC<CryptoPP::ECP>::~DL_PrivateKey_EC()
Line
Count
Source
259
982
DL_PrivateKey_EC<EC>::~DL_PrivateKey_EC() {}
Unexecuted instantiation: CryptoPP::DL_PrivateKey_EC<CryptoPP::EC2N>::~DL_PrivateKey_EC()
260
261
/// \brief Elliptic Curve Diffie-Hellman
262
/// \tparam EC elliptic curve field
263
/// \tparam COFACTOR_OPTION cofactor multiplication option
264
/// \sa CofactorMultiplicationOption, <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">Elliptic Curve Diffie-Hellman, AKA ECDH</a>
265
/// \since Crypto++ 3.0
266
template <class EC, class COFACTOR_OPTION = typename DL_GroupParameters_EC<EC>::DefaultCofactorOption>
267
struct ECDH
268
{
269
  typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
270
};
271
272
/// \brief Elliptic Curve Menezes-Qu-Vanstone
273
/// \tparam EC elliptic curve field
274
/// \tparam COFACTOR_OPTION cofactor multiplication option
275
/// \sa CofactorMultiplicationOption, <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">Elliptic Curve Menezes-Qu-Vanstone, AKA ECMQV</a>
276
template <class EC, class COFACTOR_OPTION = typename DL_GroupParameters_EC<EC>::DefaultCofactorOption>
277
struct ECMQV
278
{
279
  typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
280
};
281
282
/// \brief Hashed Elliptic Curve Menezes-Qu-Vanstone
283
/// \tparam EC elliptic curve field
284
/// \tparam COFACTOR_OPTION cofactor multiplication option
285
/// \details This implementation follows Hugo Krawczyk's <a href="http://eprint.iacr.org/2005/176">HMQV: A High-Performance
286
///  Secure Diffie-Hellman Protocol</a>. Note: this implements HMQV only. HMQV-C with Key Confirmation is not provided.
287
/// \sa CofactorMultiplicationOption
288
template <class EC, class COFACTOR_OPTION = typename DL_GroupParameters_EC<EC>::DefaultCofactorOption, class HASH = SHA256>
289
struct ECHMQV
290
{
291
  typedef HMQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION, HASH> Domain;
292
};
293
294
typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption,   SHA1 >::Domain ECHMQV160;
295
typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA256 >::Domain ECHMQV256;
296
typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA384 >::Domain ECHMQV384;
297
typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA512 >::Domain ECHMQV512;
298
299
/// \brief Fully Hashed Elliptic Curve Menezes-Qu-Vanstone
300
/// \tparam EC elliptic curve field
301
/// \tparam COFACTOR_OPTION cofactor multiplication option
302
/// \details This implementation follows Augustin P. Sarr and Philippe Elbaz–Vincent, and Jean–Claude Bajard's
303
///  <a href="http://eprint.iacr.org/2009/408">A Secure and Efficient Authenticated Diffie-Hellman Protocol</a>.
304
///  Note: this is FHMQV, Protocol 5, from page 11; and not FHMQV-C.
305
/// \sa CofactorMultiplicationOption
306
template <class EC, class COFACTOR_OPTION = typename DL_GroupParameters_EC<EC>::DefaultCofactorOption, class HASH = SHA256>
307
struct ECFHMQV
308
{
309
  typedef FHMQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION, HASH> Domain;
310
};
311
312
typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption,   SHA1 >::Domain ECFHMQV160;
313
typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA256 >::Domain ECFHMQV256;
314
typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA384 >::Domain ECFHMQV384;
315
typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA512 >::Domain ECFHMQV512;
316
317
/// \brief Elliptic Curve Discrete Log (DL) keys
318
/// \tparam EC elliptic curve field
319
template <class EC>
320
struct DL_Keys_EC
321
{
322
  typedef DL_PublicKey_EC<EC> PublicKey;
323
  typedef DL_PrivateKey_EC<EC> PrivateKey;
324
};
325
326
// Forward declaration; documented below
327
template <class EC, class H>
328
struct ECDSA;
329
330
/// \brief Elliptic Curve DSA keys
331
/// \tparam EC elliptic curve field
332
/// \since Crypto++ 3.2
333
template <class EC>
334
struct DL_Keys_ECDSA
335
{
336
  typedef DL_PublicKey_EC<EC> PublicKey;
337
  typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC>, ECDSA<EC, SHA256> > PrivateKey;
338
};
339
340
/// \brief Elliptic Curve DSA (ECDSA) signature algorithm
341
/// \tparam EC elliptic curve field
342
/// \since Crypto++ 3.2
343
template <class EC>
344
class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point>
345
{
346
public:
347
0
  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECDSA";}
Unexecuted instantiation: CryptoPP::DL_Algorithm_ECDSA<CryptoPP::ECP>::StaticAlgorithmName()
Unexecuted instantiation: CryptoPP::DL_Algorithm_ECDSA<CryptoPP::EC2N>::StaticAlgorithmName()
348
};
349
350
/// \brief Elliptic Curve DSA (ECDSA) signature algorithm based on RFC 6979
351
/// \tparam EC elliptic curve field
352
/// \sa <a href="http://tools.ietf.org/rfc/rfc6979.txt">RFC 6979, Deterministic Usage of the
353
///  Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)</a>
354
/// \since Crypto++ 6.0
355
template <class EC, class H>
356
class DL_Algorithm_ECDSA_RFC6979 : public DL_Algorithm_DSA_RFC6979<typename EC::Point, H>
357
{
358
public:
359
  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECDSA-RFC6979";}
360
};
361
362
/// \brief Elliptic Curve NR (ECNR) signature algorithm
363
/// \tparam EC elliptic curve field
364
template <class EC>
365
class DL_Algorithm_ECNR : public DL_Algorithm_NR<typename EC::Point>
366
{
367
public:
368
  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECNR";}
369
};
370
371
/// \brief Elliptic Curve DSA (ECDSA) signature scheme
372
/// \tparam EC elliptic curve field
373
/// \tparam H HashTransformation derived class
374
/// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a>
375
/// \since Crypto++ 3.2
376
template <class EC, class H>
377
struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H>
378
{
379
};
380
381
/// \brief Elliptic Curve DSA (ECDSA) deterministic signature scheme
382
/// \tparam EC elliptic curve field
383
/// \tparam H HashTransformation derived class
384
/// \sa <a href="http://tools.ietf.org/rfc/rfc6979.txt">Deterministic Usage of the
385
///  Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)</a>
386
/// \since Crypto++ 6.0
387
template <class EC, class H>
388
struct ECDSA_RFC6979 : public DL_SS<
389
  DL_Keys_ECDSA<EC>,
390
  DL_Algorithm_ECDSA_RFC6979<EC, H>,
391
  DL_SignatureMessageEncodingMethod_DSA,
392
  H,
393
  ECDSA_RFC6979<EC,H> >
394
{
395
  static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string("ECDSA-RFC6979/") + H::StaticAlgorithmName();}
396
};
397
398
/// \brief Elliptic Curve NR (ECNR) signature scheme
399
/// \tparam EC elliptic curve field
400
/// \tparam H HashTransformation derived class
401
template <class EC, class H = SHA1>
402
struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H>
403
{
404
};
405
406
// ******************************************
407
408
template <class EC>
409
class DL_PublicKey_ECGDSA;
410
template <class EC>
411
class DL_PrivateKey_ECGDSA;
412
413
/// \brief Elliptic Curve German DSA key for ISO/IEC 15946
414
/// \tparam EC elliptic curve field
415
/// \sa ECGDSA
416
/// \since Crypto++ 6.0
417
template <class EC>
418
class DL_PrivateKey_ECGDSA : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> >
419
{
420
public:
421
  typedef typename EC::Point Element;
422
423
0
  virtual ~DL_PrivateKey_ECGDSA() {}
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::ECP>::~DL_PrivateKey_ECGDSA()
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::EC2N>::~DL_PrivateKey_ECGDSA()
424
425
  /// \brief Initialize an EC Private Key using {GP,x}
426
  /// \param params group parameters
427
  /// \param x the private exponent
428
  /// \details This Initialize() function overload initializes a private key from existing parameters.
429
  void Initialize(const DL_GroupParameters_EC<EC> &params, const Integer &x)
430
0
  {
431
0
    this->AccessGroupParameters() = params;
432
0
    this->SetPrivateExponent(x);
433
0
    CRYPTOPP_ASSERT(x>=1 && x<=params.GetSubgroupOrder()-1);
434
0
  }
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::ECP>::Initialize(CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::EC2N>::Initialize(CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N> const&, CryptoPP::Integer const&)
435
436
  /// \brief Initialize an EC Private Key using {EC,G,n,x}
437
  /// \param ec the elliptic curve
438
  /// \param G the base point
439
  /// \param n the order of the base point
440
  /// \param x the private exponent
441
  /// \details This Initialize() function overload initializes a private key from existing parameters.
442
  void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x)
443
0
  {
444
0
    this->AccessGroupParameters().Initialize(ec, G, n);
445
0
    this->SetPrivateExponent(x);
446
0
    CRYPTOPP_ASSERT(x>=1 && x<=this->AccessGroupParameters().GetSubgroupOrder()-1);
447
0
  }
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::ECP>::Initialize(CryptoPP::ECP const&, CryptoPP::ECPPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::EC2N>::Initialize(CryptoPP::EC2N const&, CryptoPP::EC2NPoint const&, CryptoPP::Integer const&, CryptoPP::Integer const&)
448
449
  /// \brief Create an EC private key
450
  /// \param rng a RandomNumberGenerator derived class
451
  /// \param params the EC group parameters
452
  /// \details This function overload of Initialize() creates a new private key because it
453
  ///  takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
454
  ///  then use one of the other Initialize() overloads.
455
  void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> &params)
456
0
    {this->GenerateRandom(rng, params);}
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::ECP>::Initialize(CryptoPP::RandomNumberGenerator&, CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> const&)
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::EC2N>::Initialize(CryptoPP::RandomNumberGenerator&, CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N> const&)
457
458
  /// \brief Create an EC private key
459
  /// \param rng a RandomNumberGenerator derived class
460
  /// \param ec the elliptic curve
461
  /// \param G the base point
462
  /// \param n the order of the base point
463
  /// \details This function overload of Initialize() creates a new private key because it
464
  ///  takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
465
  ///  then use one of the other Initialize() overloads.
466
  void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n)
467
0
    {this->GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));}
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::ECP>::Initialize(CryptoPP::RandomNumberGenerator&, CryptoPP::ECP const&, CryptoPP::ECPPoint const&, CryptoPP::Integer const&)
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::EC2N>::Initialize(CryptoPP::RandomNumberGenerator&, CryptoPP::EC2N const&, CryptoPP::EC2NPoint const&, CryptoPP::Integer const&)
468
469
  virtual void MakePublicKey(DL_PublicKey_ECGDSA<EC> &pub) const
470
0
  {
471
0
    const DL_GroupParameters<Element>& params = this->GetAbstractGroupParameters();
472
0
    pub.AccessAbstractGroupParameters().AssignFrom(params);
473
0
    const Integer &xInv = this->GetPrivateExponent().InverseMod(params.GetSubgroupOrder());
474
0
    pub.SetPublicElement(params.ExponentiateBase(xInv));
475
0
    CRYPTOPP_ASSERT(xInv.NotZero());
476
0
  }
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::ECP>::MakePublicKey(CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::ECP>&) const
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::EC2N>::MakePublicKey(CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::EC2N>&) const
477
478
  virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
479
0
  {
480
0
    return GetValueHelper<DL_PrivateKey_ECGDSA<EC>,
481
0
      DL_PrivateKey_ECGDSA<EC> >(this, name, valueType, pValue).Assignable();
482
0
  }
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::ECP>::GetVoidValue(char const*, std::type_info const&, void*) const
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::EC2N>::GetVoidValue(char const*, std::type_info const&, void*) const
483
484
  virtual void AssignFrom(const NameValuePairs &source)
485
0
  {
486
0
    AssignFromHelper<DL_PrivateKey_ECGDSA<EC>,
487
0
      DL_PrivateKey_ECGDSA<EC> >(this, source);
488
0
  }
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::ECP>::AssignFrom(CryptoPP::NameValuePairs const&)
Unexecuted instantiation: CryptoPP::DL_PrivateKey_ECGDSA<CryptoPP::EC2N>::AssignFrom(CryptoPP::NameValuePairs const&)
489
490
  // PKCS8PrivateKey
491
  void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
492
  void DEREncodePrivateKey(BufferedTransformation &bt) const;
493
};
494
495
/// \brief Elliptic Curve German DSA key for ISO/IEC 15946
496
/// \tparam EC elliptic curve field
497
/// \sa ECGDSA
498
/// \since Crypto++ 6.0
499
template <class EC>
500
class DL_PublicKey_ECGDSA : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> >
501
{
502
  typedef DL_PublicKey_ECGDSA<EC> ThisClass;
503
504
public:
505
  typedef typename EC::Point Element;
506
507
0
  virtual ~DL_PublicKey_ECGDSA() {}
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::ECP>::~DL_PublicKey_ECGDSA()
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::EC2N>::~DL_PublicKey_ECGDSA()
508
509
  /// \brief Initialize an EC Public Key using {GP,Q}
510
  /// \param params group parameters
511
  /// \param Q the public point
512
  /// \details This Initialize() function overload initializes a public key from existing parameters.
513
  void Initialize(const DL_GroupParameters_EC<EC> &params, const Element &Q)
514
0
    {this->AccessGroupParameters() = params; this->SetPublicElement(Q);}
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::ECP>::Initialize(CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP> const&, CryptoPP::ECPPoint const&)
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::EC2N>::Initialize(CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N> const&, CryptoPP::EC2NPoint const&)
515
516
  /// \brief Initialize an EC Public Key using {EC,G,n,Q}
517
  /// \param ec the elliptic curve
518
  /// \param G the base point
519
  /// \param n the order of the base point
520
  /// \param Q the public point
521
  /// \details This Initialize() function overload initializes a public key from existing parameters.
522
  void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q)
523
0
    {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPublicElement(Q);}
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::ECP>::Initialize(CryptoPP::ECP const&, CryptoPP::ECPPoint const&, CryptoPP::Integer const&, CryptoPP::ECPPoint const&)
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::EC2N>::Initialize(CryptoPP::EC2N const&, CryptoPP::EC2NPoint const&, CryptoPP::Integer const&, CryptoPP::EC2NPoint const&)
524
525
  virtual void AssignFrom(const NameValuePairs &source)
526
0
  {
527
0
    DL_PrivateKey_ECGDSA<EC> *pPrivateKey = NULLPTR;
528
0
    if (source.GetThisPointer(pPrivateKey))
529
0
      pPrivateKey->MakePublicKey(*this);
530
0
    else
531
0
    {
532
0
      this->AccessAbstractGroupParameters().AssignFrom(source);
533
0
      AssignFromHelper(this, source)
534
0
        CRYPTOPP_SET_FUNCTION_ENTRY(PublicElement);
535
0
    }
536
0
  }
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::ECP>::AssignFrom(CryptoPP::NameValuePairs const&)
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::EC2N>::AssignFrom(CryptoPP::NameValuePairs const&)
537
538
  // DL_PublicKey<T>
539
  virtual void SetPublicElement(const Element &y)
540
0
    {this->AccessPublicPrecomputation().SetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation(), y);}
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::ECP>::SetPublicElement(CryptoPP::ECPPoint const&)
Unexecuted instantiation: CryptoPP::DL_PublicKey_ECGDSA<CryptoPP::EC2N>::SetPublicElement(CryptoPP::EC2NPoint const&)
541
542
  // X509PublicKey
543
  void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
544
  void DEREncodePublicKey(BufferedTransformation &bt) const;
545
};
546
547
/// \brief Elliptic Curve German DSA keys for ISO/IEC 15946
548
/// \tparam EC elliptic curve field
549
/// \sa ECGDSA
550
/// \since Crypto++ 6.0
551
template <class EC>
552
struct DL_Keys_ECGDSA
553
{
554
  typedef DL_PublicKey_ECGDSA<EC> PublicKey;
555
  typedef DL_PrivateKey_ECGDSA<EC> PrivateKey;
556
};
557
558
/// \brief Elliptic Curve German DSA signature algorithm
559
/// \tparam EC elliptic curve field
560
/// \sa ECGDSA
561
/// \since Crypto++ 6.0
562
template <class EC>
563
class DL_Algorithm_ECGDSA : public DL_Algorithm_GDSA_ISO15946<typename EC::Point>
564
{
565
public:
566
  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECGDSA";}
567
};
568
569
/// \brief Elliptic Curve German Digital Signature Algorithm signature scheme
570
/// \tparam EC elliptic curve field
571
/// \tparam H HashTransformation derived class
572
/// \sa Erwin Hess, Marcus Schafheutle, and Pascale Serf <A
573
///  HREF="http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf">The Digital Signature Scheme
574
///  ECGDSA (October 24, 2006)</A>
575
/// \since Crypto++ 6.0
576
template <class EC, class H>
577
struct ECGDSA : public DL_SS<
578
  DL_Keys_ECGDSA<EC>,
579
  DL_Algorithm_ECGDSA<EC>,
580
  DL_SignatureMessageEncodingMethod_DSA,
581
  H>
582
{
583
  static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string("ECGDSA-ISO15946/") + H::StaticAlgorithmName();}
584
};
585
586
// ******************************************
587
588
/// \brief Elliptic Curve Integrated Encryption Scheme
589
/// \tparam COFACTOR_OPTION cofactor multiplication option
590
/// \tparam HASH HashTransformation derived class used for key derivation and MAC computation
591
/// \tparam DHAES_MODE flag indicating if the MAC includes additional context parameters such as <em>u·V</em>, <em>v·U</em> and label
592
/// \tparam LABEL_OCTETS flag indicating if the label size is specified in octets or bits
593
/// \details ECIES is an Elliptic Curve based Integrated Encryption Scheme (IES). The scheme combines a Key Encapsulation
594
///  Method (KEM) with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is
595
///  <A HREF="http://en.wikipedia.org/wiki/ciphertext_indistinguishability">IND-CCA2</A>, which is a strong notion of security.
596
///  You should prefer an Integrated Encryption Scheme over homegrown schemes.
597
/// \details If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the ECIES_P1363.
598
///  If you desire an Integrated Encryption Scheme compatible with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the ECIES
599
///  template class with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=true</tt> and <tt>LABEL_OCTETS=false</tt>.
600
/// \details The default template parameters ensure compatibility with Bouncy Castle 1.54 and Botan 1.11. The combination of
601
///  <tt>IncompatibleCofactorMultiplication</tt> and <tt>DHAES_MODE=true</tt> is recommended for best efficiency and security.
602
///  SHA1 is used for compatibility reasons, but it can be changed if desired.
603
/// \sa DLIES, ECIES_P1363, <a href="http://www.weidai.com/scan-mirror/ca.html#ECIES">Elliptic Curve Integrated Encryption Scheme (ECIES)</a>,
604
///  Martínez, Encinas, and Ávila's <A HREF="http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf">A Survey of the Elliptic
605
///  Curve Integrated Encryption Schemes</A>
606
/// \since Crypto++ 4.0, Crypto++ 5.7 for Bouncy Castle and Botan compatibility
607
template <class EC, class HASH = SHA1, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true, bool LABEL_OCTETS = false>
608
struct ECIES
609
  : public DL_ES<
610
    DL_Keys_EC<EC>,
611
    DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>,
612
    DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, P1363_KDF2<HASH> >,
613
    DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
614
    ECIES<EC> >
615
{
616
  // TODO: fix this after name is standardized
617
  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECIES";}
618
};
619
620
/// \brief Elliptic Curve Integrated Encryption Scheme for P1363
621
/// \tparam COFACTOR_OPTION cofactor multiplication option
622
/// \tparam HASH HashTransformation derived class used for key derivation and MAC computation
623
/// \details ECIES_P1363 is an Elliptic Curve based Integrated Encryption Scheme (IES) for P1363. The scheme combines a Key Encapsulation
624
///  Method (KEM) with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is
625
///  <A HREF="http://en.wikipedia.org/wiki/ciphertext_indistinguishability">IND-CCA2</A>, which is a strong notion of security.
626
///  You should prefer an Integrated Encryption Scheme over homegrown schemes.
627
/// \details The library's original implementation is based on an early P1363 draft, which itself appears to be based on an early Certicom
628
///  SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used the early draft in its Integrated Enryption
629
///  Schemes with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
630
/// \details If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the ECIES_P1363.
631
///  If you desire an Integrated Encryption Scheme compatible with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the ECIES
632
///  template class with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=true</tt> and <tt>LABEL_OCTETS=false</tt>.
633
/// \details The default template parameters ensure compatibility with P1363. The combination of
634
///  <tt>IncompatibleCofactorMultiplication</tt> and <tt>DHAES_MODE=true</tt> is recommended for best efficiency and security.
635
///  SHA1 is used for compatibility reasons, but it can be changed if desired.
636
/// \sa DLIES, ECIES, <a href="http://www.weidai.com/scan-mirror/ca.html#ECIES">Elliptic Curve Integrated Encryption Scheme (ECIES)</a>,
637
///  Martínez, Encinas, and Ávila's <A HREF="http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf">A Survey of the Elliptic
638
///  Curve Integrated Encryption Schemes</A>
639
/// \since Crypto++ 4.0
640
template <class EC, class HASH = SHA1, class COFACTOR_OPTION = NoCofactorMultiplication>
641
struct ECIES_P1363
642
  : public DL_ES<
643
    DL_Keys_EC<EC>,
644
    DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>,
645
    DL_KeyDerivationAlgorithm_P1363<typename EC::Point, false, P1363_KDF2<HASH> >,
646
    DL_EncryptionAlgorithm_Xor<HMAC<HASH>, false, true>,
647
    ECIES<EC> >
648
{
649
  // TODO: fix this after name is standardized
650
  CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECIES-P1363";}
651
};
652
653
NAMESPACE_END
654
655
#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES
656
#include "eccrypto.cpp"
657
#endif
658
659
NAMESPACE_BEGIN(CryptoPP)
660
661
CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<ECP>;
662
CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<EC2N>;
663
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<ECP> >;
664
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<EC2N> >;
665
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<ECP>;
666
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<EC2N>;
667
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_ECGDSA<ECP>;
668
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_ECGDSA<EC2N>;
669
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<ECP> >;
670
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<EC2N> >;
671
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<ECP>;
672
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<EC2N>;
673
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_ECGDSA<ECP>;
674
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_ECGDSA<EC2N>;
675
CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<ECP::Point>;
676
CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<EC2N::Point>;
677
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<ECP>, ECDSA<ECP, SHA256> >;
678
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC2N>, ECDSA<EC2N, SHA256> >;
679
680
NAMESPACE_END
681
682
#if CRYPTOPP_MSC_VERSION
683
# pragma warning(pop)
684
#endif
685
686
#endif