4 #ifndef CRYPTOPP_FHMQV_H 5 #define CRYPTOPP_FHMQV_H 23 template <
class GROUP_PARAMETERS,
class COFACTOR_OPTION =
typename GROUP_PARAMETERS::DefaultCofactorOption,
class HASH = SHA512>
27 typedef GROUP_PARAMETERS GroupParameters;
28 typedef typename GroupParameters::Element Element;
33 FHMQV_Domain(
bool clientRole =
true): m_role(clientRole ? RoleClient : RoleServer) {}
35 FHMQV_Domain(
const GroupParameters ¶ms,
bool clientRole =
true)
36 : m_role(clientRole ? RoleClient : RoleServer), m_groupParameters(params) {}
39 : m_role(clientRole ? RoleClient : RoleServer)
40 {m_groupParameters.BERDecode(bt);}
44 : m_role(clientRole ? RoleClient : RoleServer)
45 {m_groupParameters.Initialize(v1);}
47 template <
class T1,
class T2>
49 : m_role(clientRole ? RoleClient : RoleServer)
50 {m_groupParameters.Initialize(v1, v2);}
52 template <
class T1,
class T2,
class T3>
53 FHMQV_Domain(T1 v1, T2 v2, T3 v3,
bool clientRole =
true)
54 : m_role(clientRole ? RoleClient : RoleServer)
55 {m_groupParameters.Initialize(v1, v2, v3);}
57 template <
class T1,
class T2,
class T3,
class T4>
58 FHMQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4,
bool clientRole =
true)
59 : m_role(clientRole ? RoleClient : RoleServer)
60 {m_groupParameters.Initialize(v1, v2, v3, v4);}
64 const GroupParameters & GetGroupParameters()
const {
return m_groupParameters;}
65 GroupParameters & AccessGroupParameters(){
return m_groupParameters;}
70 unsigned int AgreedValueLength()
const {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
111 CRYPTOPP_UNUSED(rng);
125 const byte *staticPrivateKey,
const byte *ephemeralPrivateKey,
126 const byte *staticOtherPublicKey,
const byte *ephemeralOtherPublicKey,
127 bool validateStaticOtherPublicKey=
true)
const 129 byte *XX = NULLPTR, *YY = NULLPTR, *AA = NULLPTR, *BB = NULLPTR;
130 size_t xxs = 0, yys = 0, aas = 0, bbs = 0;
141 if(m_role == RoleServer)
147 XX =
const_cast<byte*
>(ephemeralOtherPublicKey);
151 AA =
const_cast<byte*
>(staticOtherPublicKey);
156 else if(m_role == RoleClient)
164 YY =
const_cast<byte*
>(ephemeralOtherPublicKey);
168 BB =
const_cast<byte*
>(staticOtherPublicKey);
180 Element VV1 = params.
DecodeElement(staticOtherPublicKey,
false);
181 if(!params.
ValidateElement(validateStaticOtherPublicKey ? 3 : 1, VV1, NULLPTR))
186 Element VV2 = params.
DecodeElement(ephemeralOtherPublicKey,
false);
191 const unsigned int len = (((q.
BitCount()+1)/2 +7)/8);
196 Hash(NULLPTR, XX, xxs, YY, yys, AA, aas, BB, bbs, dd.BytePtr(), dd.SizeInBytes());
197 d.
Decode(dd.BytePtr(), dd.SizeInBytes());
199 Hash(NULLPTR, YY, yys, XX, xxs, AA, aas, BB, bbs, ee.
BytePtr(), ee.
SizeInBytes());
203 if(m_role == RoleServer)
213 Element t2 = m_groupParameters.MultiplyElements(X, t1);
227 Element t2 = m_groupParameters.MultiplyElements(Y, t1);
232 Hash(&sigma, XX, xxs, YY, yys, AA, aas, BB, bbs, agreedValue,
AgreedValueLength());
243 inline void Hash(
const Element* sigma,
244 const byte* e1,
size_t e1len,
const byte* e2,
size_t e2len,
245 const byte* s1,
size_t s1len,
const byte* s2,
size_t s2len,
246 byte* digest,
size_t dlen)
const 249 size_t idx = 0, req = dlen;
250 size_t blk =
STDMIN(dlen, (
size_t)HASH::DIGESTSIZE);
254 Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma);
256 x.
Encode(sbb.BytePtr(), sbb.SizeInBytes());
257 hash.Update(sbb.BytePtr(), sbb.SizeInBytes());
260 hash.Update(e1, e1len);
261 hash.Update(e2, e2len);
262 hash.Update(s1, s1len);
263 hash.Update(s2, s2len);
265 hash.TruncatedFinal(digest, blk);
271 hash.Update(&digest[idx], (
size_t)HASH::DIGESTSIZE);
273 idx += (size_t)HASH::DIGESTSIZE;
274 blk =
STDMIN(req, (
size_t)HASH::DIGESTSIZE);
275 hash.TruncatedFinal(&digest[idx], blk);
284 enum KeyAgreementRole{ RoleServer = 1, RoleClient };
289 GroupParameters m_groupParameters;
290 KeyAgreementRole m_role;
void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
generate static public key
unsigned int StaticPublicKeyLength() const
return length of static public keys in this domain
unsigned int EphemeralPrivateKeyLength() const
Provides the size of ephemeral private key.
size_type SizeInBytes() const
Provides the number of bytes in the SecBlock.
const CryptoMaterial & GetMaterial() const
Retrieves a reference to Crypto Parameters.
Fully Hashed Menezes-Qu-Vanstone in GF(p)
Interface for Discrete Log (DL) group parameters.
void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
return length of ephemeral public keys in this domain
Interface for random number generators.
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
derive agreed value from your private keys and couterparty's public keys, return false in case of fai...
Classes for performing mathematics over different fields.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
return length of ephemeral private keys in this domain
static const Integer & One()
Integer representing 1.
unsigned int StaticPrivateKeyLength() const
return length of static private keys in this domain
void DoQuickSanityCheck() const
Perform a quick sanity check.
size_t MinEncodedSize(Signedness sign=UNSIGNED) const
Minimum number of bytes to encode this integer.
unsigned int AgreedValueLength() const
return length of agreed value produced
void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
generate static private key
Multiple precision integer with arithmetic operations.
CryptoParameters & AccessCryptoParameters()
Retrieves a reference to Crypto Parameters.
Classes and functions for schemes based on Discrete Logs (DL) over GF(p)
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.
Exception thrown when an invalid group element is encountered.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation< Element > *precomp) const =0
Check the element for errors.
Classes for SHA-1 and SHA-2 family of message digests.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
unsigned int EphemeralPublicKeyLength() const
Provides the size of ephemeral public key.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
void Decode(const byte *input, size_t inputLen, Signedness sign=UNSIGNED)
Decode from big-endian byte array.
Interface for crypto prameters.
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.
Crypto++ library namespace.
Interface for domains of authenticated key agreement protocols.
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
FHMQV_Domain< DL_GroupParameters_GFP_DefaultSafePrime > FHMQV
Fully Hashed Menezes-Qu-Vanstone in GF(p)
byte * BytePtr()
Provides a byte pointer to the first element in the memory block.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.