Line | Count | Source (jump to first uncovered line) |
1 | | // rw.h - originally written and placed in the public domain by Wei Dai |
2 | | |
3 | | /// \file rw.h |
4 | | /// \brief Classes for Rabin-Williams signature scheme |
5 | | /// \details The implementation provides Rabin-Williams signature schemes as defined in |
6 | | /// IEEE P1363. It uses Bernstein's tweaked square roots in place of square roots to |
7 | | /// speedup calculations. |
8 | | /// \sa <A HREF="http://cr.yp.to/sigs/rwsota-20080131.pdf">RSA signatures and Rabin–Williams |
9 | | /// signatures: the state of the art (20080131)</A>, Section 6, <em>The tweaks e and f</em>. |
10 | | /// \since Crypto++ 3.0 |
11 | | |
12 | | #ifndef CRYPTOPP_RW_H |
13 | | #define CRYPTOPP_RW_H |
14 | | |
15 | | #include "cryptlib.h" |
16 | | #include "pubkey.h" |
17 | | #include "integer.h" |
18 | | |
19 | | NAMESPACE_BEGIN(CryptoPP) |
20 | | |
21 | | /// \brief Rabin-Williams trapdoor function using the public key |
22 | | /// \since Crypto++ 3.0, Tweaked roots using <em>e</em> and <em>f</em> since Crypto++ 5.6.4 |
23 | | class CRYPTOPP_DLL RWFunction : public TrapdoorFunction, public PublicKey |
24 | | { |
25 | | typedef RWFunction ThisClass; |
26 | | |
27 | | public: |
28 | | |
29 | | /// \brief Initialize a Rabin-Williams public key |
30 | | /// \param n the modulus |
31 | | void Initialize(const Integer &n) |
32 | 0 | {m_n = n;} |
33 | | |
34 | | void BERDecode(BufferedTransformation &bt); |
35 | | void DEREncode(BufferedTransformation &bt) const; |
36 | | |
37 | | void Save(BufferedTransformation &bt) const |
38 | 0 | {DEREncode(bt);} |
39 | | void Load(BufferedTransformation &bt) |
40 | 0 | {BERDecode(bt);} |
41 | | |
42 | | Integer ApplyFunction(const Integer &x) const; |
43 | 0 | Integer PreimageBound() const {return ++(m_n>>1);} |
44 | 0 | Integer ImageBound() const {return m_n;} |
45 | | |
46 | | bool Validate(RandomNumberGenerator &rng, unsigned int level) const; |
47 | | bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; |
48 | | void AssignFrom(const NameValuePairs &source); |
49 | | |
50 | 0 | const Integer& GetModulus() const {return m_n;} |
51 | 0 | void SetModulus(const Integer &n) {m_n = n;} |
52 | | |
53 | | protected: |
54 | | Integer m_n; |
55 | | }; |
56 | | |
57 | | /// \brief Rabin-Williams trapdoor function using the private key |
58 | | /// \since Crypto++ 3.0, Tweaked roots using <em>e</em> and <em>f</em> since Crypto++ 5.6.4 |
59 | | class CRYPTOPP_DLL InvertibleRWFunction : public RWFunction, public TrapdoorFunctionInverse, public PrivateKey |
60 | | { |
61 | | typedef InvertibleRWFunction ThisClass; |
62 | | |
63 | | public: |
64 | | /// \brief Construct an InvertibleRWFunction |
65 | 0 | InvertibleRWFunction() : m_precompute(false) {} |
66 | | |
67 | | /// \brief Initialize a Rabin-Williams private key |
68 | | /// \param n modulus |
69 | | /// \param p first prime factor |
70 | | /// \param q second prime factor |
71 | | /// \param u q<sup>-1</sup> mod p |
72 | | /// \details This Initialize() function overload initializes a private key from existing parameters. |
73 | | void Initialize(const Integer &n, const Integer &p, const Integer &q, const Integer &u); |
74 | | |
75 | | /// \brief Create a Rabin-Williams private key |
76 | | /// \param rng a RandomNumberGenerator derived class |
77 | | /// \param modulusBits the size of the modulus, in bits |
78 | | /// \details This function overload of Initialize() creates a new private key because it |
79 | | /// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair, |
80 | | /// then use one of the other Initialize() overloads. |
81 | | void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) |
82 | 0 | {GenerateRandomWithKeySize(rng, modulusBits);} |
83 | | |
84 | | void BERDecode(BufferedTransformation &bt); |
85 | | void DEREncode(BufferedTransformation &bt) const; |
86 | | |
87 | | void Save(BufferedTransformation &bt) const |
88 | 0 | {DEREncode(bt);} |
89 | | void Load(BufferedTransformation &bt) |
90 | 0 | {BERDecode(bt);} |
91 | | |
92 | | Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; |
93 | | |
94 | | // GeneratibleCryptoMaterial |
95 | | bool Validate(RandomNumberGenerator &rng, unsigned int level) const; |
96 | | bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; |
97 | | void AssignFrom(const NameValuePairs &source); |
98 | | /*! parameters: (ModulusSize) */ |
99 | | void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); |
100 | | |
101 | 0 | const Integer& GetPrime1() const {return m_p;} |
102 | 0 | const Integer& GetPrime2() const {return m_q;} |
103 | 0 | const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} |
104 | | |
105 | 0 | void SetPrime1(const Integer &p) {m_p = p;} |
106 | 0 | void SetPrime2(const Integer &q) {m_q = q;} |
107 | 0 | void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} |
108 | | |
109 | 0 | virtual bool SupportsPrecomputation() const {return true;} |
110 | 0 | virtual void Precompute(unsigned int unused = 0) {CRYPTOPP_UNUSED(unused); PrecomputeTweakedRoots();} |
111 | 0 | virtual void Precompute(unsigned int unused = 0) const {CRYPTOPP_UNUSED(unused); PrecomputeTweakedRoots();} |
112 | | |
113 | | virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation); |
114 | | virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const; |
115 | | |
116 | | protected: |
117 | | void PrecomputeTweakedRoots() const; |
118 | | |
119 | | protected: |
120 | | Integer m_p, m_q, m_u; |
121 | | |
122 | | mutable Integer m_pre_2_9p, m_pre_2_3q, m_pre_q_p; |
123 | | mutable bool m_precompute; |
124 | | }; |
125 | | |
126 | | /// \brief Rabin-Williams keys |
127 | | /// \since Crypto++ 3.0 |
128 | | struct RW |
129 | | { |
130 | 0 | CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "RW";} |
131 | | typedef RWFunction PublicKey; |
132 | | typedef InvertibleRWFunction PrivateKey; |
133 | | }; |
134 | | |
135 | | /// \brief Rabin-Williams signature scheme |
136 | | /// \tparam STANDARD signature standard |
137 | | /// \tparam H hash transformation |
138 | | /// \since Crypto++ 3.0 |
139 | | template <class STANDARD, class H> |
140 | | struct RWSS : public TF_SS<RW, STANDARD, H> |
141 | | { |
142 | | }; |
143 | | |
144 | | NAMESPACE_END |
145 | | |
146 | | #endif |