Crypto++ 8.9
Free C++ class library of cryptographic schemes
esign.cpp
1// esign.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4#include "config.h"
5
6// TODO: fix the C4589 warnings
7#if CRYPTOPP_MSC_VERSION
8# pragma warning(disable: 4589)
9#endif
10
11#include "esign.h"
12#include "modarith.h"
13#include "integer.h"
14#include "nbtheory.h"
15#include "algparam.h"
16#include "sha.h"
17#include "asn.h"
18
19NAMESPACE_BEGIN(CryptoPP)
20
21#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
22void ESIGN_TestInstantiations()
23{
24 ESIGN<SHA1>::Verifier x1(1, 1);
27 ESIGN<SHA1>::Verifier x4(x2.GetKey());
29 ESIGN<SHA1>::Signer x6 = x2;
30
31 x6 = x2;
32 x3 = ESIGN<SHA1>::Verifier(x2);
33 x4 = x2.GetKey();
34}
35#endif
36
38{
39 BERSequenceDecoder seq(bt);
40 m_n.BERDecode(seq);
41 m_e.BERDecode(seq);
42 seq.MessageEnd();
43}
44
46{
47 DERSequenceEncoder seq(bt);
48 m_n.DEREncode(seq);
49 m_e.DEREncode(seq);
50 seq.MessageEnd();
51}
52
54{
56 return STDMIN(a_exp_b_mod_c(x, m_e, m_n) >> (2*GetK()+2), MaxImage());
57}
58
59bool ESIGNFunction::Validate(RandomNumberGenerator& rng, unsigned int level) const
60{
61 CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(level);
62 bool pass = true;
63 pass = pass && m_n > Integer::One() && m_n.IsOdd();
64 CRYPTOPP_ASSERT(pass);
65 pass = pass && m_e >= 8 && m_e < m_n;
66 CRYPTOPP_ASSERT(pass);
67 return pass;
68}
69
70bool ESIGNFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
71{
72 return GetValueHelper(this, name, valueType, pValue).Assignable()
73 CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
74 CRYPTOPP_GET_FUNCTION_ENTRY(PublicExponent)
75 ;
76}
77
79{
80 AssignFromHelper(this, source)
81 CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
82 CRYPTOPP_SET_FUNCTION_ENTRY(PublicExponent)
83 ;
84}
85
86// *****************************************************************************
87
89{
90 int modulusSize = 1023*2;
91 param.GetIntValue("ModulusSize", modulusSize) || param.GetIntValue("KeySize", modulusSize);
92
93 if (modulusSize < 24)
94 throw InvalidArgument("InvertibleESIGNFunction: specified modulus size is too small");
95
96 if (modulusSize % 3 != 0)
97 throw InvalidArgument("InvertibleESIGNFunction: modulus size must be divisible by 3");
98
99 m_e = param.GetValueWithDefault("PublicExponent", Integer(32));
100
101 if (m_e < 8)
102 throw InvalidArgument("InvertibleESIGNFunction: public exponents less than 8 may not be secure");
103
104 // VC70 workaround: putting these after primeParam causes overlapped stack allocation
105 ConstByteArrayParameter seedParam;
106 SecByteBlock seed;
107
108 const Integer minP = Integer(204) << (modulusSize/3-8);
109 const Integer maxP = Integer::Power2(modulusSize/3)-1;
110 AlgorithmParameters primeParam = MakeParameters("Min", minP)("Max", maxP)("RandomNumberType", Integer::PRIME);
111
112 if (param.GetValue("Seed", seedParam))
113 {
114 if (seedParam.size() > seed.ELEMS_MAX - 4)
115 throw InvalidArgument("InvertibleESIGNFunction::GenerateRandom: buffer overflow");
116
117 seed.resize(seedParam.size() + 4);
118 std::memcpy(seed + 4, seedParam.begin(), seedParam.size());
119
120 PutWord(false, BIG_ENDIAN_ORDER, seed, (word32)0);
122 PutWord(false, BIG_ENDIAN_ORDER, seed, (word32)1);
124 }
125 else
126 {
127 m_p.GenerateRandom(rng, primeParam);
128 m_q.GenerateRandom(rng, primeParam);
129 }
130
131 m_n = m_p * m_p * m_q;
132
133 CRYPTOPP_ASSERT(m_n.BitCount() == (unsigned int)modulusSize);
134}
135
137{
138 BERSequenceDecoder privateKey(bt);
139 m_n.BERDecode(privateKey);
140 m_e.BERDecode(privateKey);
141 m_p.BERDecode(privateKey);
142 m_q.BERDecode(privateKey);
143 privateKey.MessageEnd();
144}
145
147{
148 DERSequenceEncoder privateKey(bt);
149 m_n.DEREncode(privateKey);
150 m_e.DEREncode(privateKey);
151 m_p.DEREncode(privateKey);
152 m_q.DEREncode(privateKey);
153 privateKey.MessageEnd();
154}
155
157{
159
160 Integer pq = m_p * m_q;
161 Integer p2 = m_p * m_p;
162 Integer r, z, re, a, w0, w1;
163
164 do
165 {
166 r.Randomize(rng, Integer::Zero(), pq);
167 z = x << (2*GetK()+2);
168 re = a_exp_b_mod_c(r, m_e, m_n);
169 a = (z - re) % m_n;
170 Integer::Divide(w1, w0, a, pq);
171 if (w1.NotZero())
172 {
173 ++w0;
174 w1 = pq - w1;
175 }
176 }
177 while ((w1 >> (2*GetK()+1)).IsPositive());
178
179 ModularArithmetic modp(m_p);
180 Integer t = modp.Divide(w0 * r % m_p, m_e * re % m_p);
181 Integer s = r + t*pq;
182 CRYPTOPP_ASSERT(s < m_n);
183
184 return s;
185}
186
188{
189 bool pass = ESIGNFunction::Validate(rng, level);
190 CRYPTOPP_ASSERT(pass);
191 pass = pass && m_p > Integer::One() && m_p.IsOdd() && m_p < m_n;
192 CRYPTOPP_ASSERT(pass);
193 pass = pass && m_q > Integer::One() && m_q.IsOdd() && m_q < m_n;
194 CRYPTOPP_ASSERT(pass);
195 pass = pass && m_p.BitCount() == m_q.BitCount();
196 CRYPTOPP_ASSERT(pass);
197 if (level >= 1)
198 {
199 pass = pass && m_p * m_p * m_q == m_n;
200 CRYPTOPP_ASSERT(pass);
201 }
202 if (level >= 2)
203 {
204 pass = pass && VerifyPrime(rng, m_p, level-2) && VerifyPrime(rng, m_q, level-2);
205 CRYPTOPP_ASSERT(pass);
206 }
207 return pass;
208}
209
210bool InvertibleESIGNFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
211{
212 return GetValueHelper<ESIGNFunction>(this, name, valueType, pValue).Assignable()
213 CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
214 CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
215 ;
216}
217
219{
220 AssignFromHelper<ESIGNFunction>(this, source)
221 CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
222 CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
223 ;
224}
225
226NAMESPACE_END
Classes for working with NameValuePairs.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition algparam.h:508
Classes and functions for working with ANS.1 objects.
An object that implements NameValuePairs.
Definition algparam.h:426
void MessageEnd()
Signals the end of messages to the object.
BER Sequence Decoder.
Definition asn.h:526
Interface for buffered transformations.
Definition cryptlib.h:1657
Combines two sets of NameValuePairs.
Definition algparam.h:129
Used to pass byte array input as part of a NameValuePairs object.
Definition algparam.h:25
const byte * begin() const
Pointer to the first byte in the memory block.
Definition algparam.h:84
size_t size() const
Length of the memory block.
Definition algparam.h:88
void DoQuickSanityCheck() const
Perform a quick sanity check.
Definition cryptlib.h:2498
void MessageEnd()
Signals the end of messages to the object.
DER Sequence Encoder.
Definition asn.h:558
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition esign.cpp:78
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
Definition esign.cpp:45
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
Definition esign.cpp:37
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition esign.cpp:59
Integer ApplyFunction(const Integer &x) const
Applies the trapdoor.
Definition esign.cpp:53
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition esign.cpp:70
Multiple precision integer with arithmetic operations.
Definition integer.h:50
static void Divide(Integer &r, Integer &q, const Integer &a, const Integer &d)
Extended Division.
void DEREncode(BufferedTransformation &bt) const
Encode in DER format.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params=g_nullNameValuePairs)
Generate a random number.
Definition integer.h:509
bool NotZero() const
Determines if the Integer is non-0.
Definition integer.h:338
static const Integer & Zero()
Integer representing 0.
void Randomize(RandomNumberGenerator &rng, size_t bitCount)
Set this Integer to random integer.
static Integer Power2(size_t e)
Exponentiates to a power of 2.
void BERDecode(const byte *input, size_t inputLen)
Decode from BER format.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
@ PRIME
a number which is probabilistically prime
Definition integer.h:95
bool IsOdd() const
Determines if the Integer is odd parity.
Definition integer.h:356
static const Integer & One()
Integer representing 1.
An invalid argument was detected.
Definition cryptlib.h:208
Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const
Applies the inverse of the trapdoor function, using random data if required.
Definition esign.cpp:156
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition esign.cpp:187
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
Definition esign.cpp:88
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
Definition esign.cpp:146
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
Definition esign.cpp:136
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition esign.cpp:210
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition esign.cpp:218
Ring of congruence classes modulo n.
Definition modarith.h:44
const Integer & Divide(const Integer &a, const Integer &b) const
Divides elements in the ring.
Definition modarith.h:218
Interface for retrieving values given their names.
Definition cryptlib.h:327
T GetValueWithDefault(const char *name, T defaultValue) const
Get a named value.
Definition cryptlib.h:397
bool GetValue(const char *name, T &value) const
Get a named value.
Definition cryptlib.h:384
CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const
Get a named value with type int.
Definition cryptlib.h:420
Template implementing constructors for public key algorithm classes.
Definition pubkey.h:2198
Interface for random number generators.
Definition cryptlib.h:1440
static const size_type ELEMS_MAX
Returns the maximum number of elements the block can hold.
Definition secblock.h:751
void resize(size_type newSize)
Change size and preserve contents.
Definition secblock.h:1198
SecBlock typedef.
Definition secblock.h:1226
PK_FinalTemplate< TF_VerifierImpl< SchemeOptions > > Verifier
implements PK_Verifier interface
Definition pubkey.h:2328
virtual Integer MaxImage() const
Returns the maximum size of a representation after the trapdoor function is applied bound to a public...
Definition pubkey.h:92
Library configuration file.
unsigned int word32
32-bit unsigned datatype
Definition config_int.h:72
CRYPTOPP_DLL RandomNumberGenerator & NullRNG()
Random Number Generator that does not produce random numbers.
@ BIG_ENDIAN_ORDER
byte order is big-endian
Definition cryptlib.h:152
Classes providing ESIGN signature schemes as defined in IEEE P1363a.
Multiple precision integer with arithmetic operations.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition misc.h:657
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
Definition misc.h:2948
Class file for performing modular arithmetic.
Crypto++ library namespace.
Classes and functions for number theoretic operations.
CRYPTOPP_DLL bool VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level=1)
Verifies a number is probably prime.
Precompiled header file.
Classes for SHA-1 and SHA-2 family of message digests.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition trap.h:68