22template <
class GROUP_PARAMETERS,
class COFACTOR_OPTION =
typename GROUP_PARAMETERS::DefaultCofactorOption,
class HASH = SHA512>
26 typedef GROUP_PARAMETERS GroupParameters;
27 typedef typename GroupParameters::Element Element;
37 : m_role(clientRole ? RoleClient : RoleServer) {}
44 HMQV_Domain(
const GroupParameters ¶ms,
bool clientRole =
true)
45 : m_role(clientRole ? RoleClient : RoleServer), m_groupParameters(params) {}
53 : m_role(clientRole ? RoleClient : RoleServer)
54 {m_groupParameters.BERDecode(bt);}
65 : m_role(clientRole ? RoleClient : RoleServer)
66 {m_groupParameters.Initialize(v1);}
77 template <
class T1,
class T2>
79 : m_role(clientRole ? RoleClient : RoleServer)
80 {m_groupParameters.Initialize(v1, v2);}
93 template <
class T1,
class T2,
class T3>
95 : m_role(clientRole ? RoleClient : RoleServer)
96 {m_groupParameters.Initialize(v1, v2, v3);}
111 template <
class T1,
class T2,
class T3,
class T4>
113 : m_role(clientRole ? RoleClient : RoleServer)
114 {m_groupParameters.Initialize(v1, v2, v3, v4);}
137 {
return GetAbstractGroupParameters().GetEncodedElementSize(
false);}
143 {
return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}
152 {
return GetAbstractGroupParameters().GetEncodedElementSize(
true);}
176 CRYPTOPP_UNUSED(rng);
215 CRYPTOPP_UNUSED(rng);
243 const byte *staticPrivateKey,
const byte *ephemeralPrivateKey,
244 const byte *staticOtherPublicKey,
const byte *ephemeralOtherPublicKey,
245 bool validateStaticOtherPublicKey=
true)
const
247 const byte *XX = NULLPTR, *YY = NULLPTR, *AA = NULLPTR, *BB = NULLPTR;
248 size_t xxs = 0, yys = 0, aas = 0, bbs = 0;
259 if(m_role == RoleServer)
265 XX = ephemeralOtherPublicKey;
269 AA = staticOtherPublicKey;
282 YY = ephemeralOtherPublicKey;
286 BB = staticOtherPublicKey;
290 Element VV1 = params.
DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey);
291 Element VV2 = params.
DecodeElement(ephemeralOtherPublicKey,
true);
294 const unsigned int len = (((q.
BitCount()+1)/2 +7)/8);
298 Hash(NULLPTR, XX, xxs, BB, bbs, dd.BytePtr(), dd.SizeInBytes());
299 Integer d(dd.BytePtr(), dd.SizeInBytes());
306 if(m_role == RoleServer)
316 Element t2 = m_groupParameters.MultiplyElements(X, t1);
331 Element t4 = m_groupParameters.MultiplyElements(Y, t3);
350 inline void Hash(
const Element* sigma,
351 const byte* e1,
size_t e1len,
352 const byte* s1,
size_t s1len,
353 byte* digest,
size_t dlen)
const
356 size_t idx = 0, req = dlen;
357 size_t blk =
STDMIN(dlen, (
size_t)HASH::DIGESTSIZE);
361 if (e1len != 0 || s1len != 0) {
367 SecByteBlock sbb(GetAbstractGroupParameters().GetEncodedElementSize(
false));
368 GetAbstractGroupParameters().EncodeElement(
false, *sigma, sbb);
369 hash.Update(sbb.BytePtr(), sbb.SizeInBytes());
371 if (e1len == 0 || s1len == 0) {
374 hash.Update(e1, e1len);
375 hash.Update(s1, s1len);
378 hash.TruncatedFinal(digest, blk);
384 hash.Update(&digest[idx], (
size_t)HASH::DIGESTSIZE);
386 idx += (size_t)HASH::DIGESTSIZE;
387 blk =
STDMIN(req, (
size_t)HASH::DIGESTSIZE);
388 hash.TruncatedFinal(&digest[idx], blk);
397 enum KeyAgreementRole { RoleServer = 1, RoleClient };
400 {
return m_groupParameters;}
402 {
return m_groupParameters;}
404 GroupParameters m_groupParameters;
405 KeyAgreementRole m_role;
Classes for performing mathematics over different fields.
Interface for domains of authenticated key agreement protocols.
Interface for crypto parameters.
Exception thrown when an invalid group element is encountered.
Interface for Discrete Log (DL) group parameters.
virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const
Exponentiates an element.
virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0
Encodes the element.
virtual Integer GetMaxExponent() const =0
Retrieves the maximum exponent for the group.
virtual const Integer & GetSubgroupOrder() const =0
Retrieves the subgroup order.
virtual Element ExponentiateBase(const Integer &exponent) const
Exponentiates the base.
virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0
Decodes the element.
Hashed Menezes-Qu-Vanstone in GF(p)
CryptoParameters & AccessCryptoParameters()
Retrieves the crypto parameters for this domain.
const GroupParameters & GetGroupParameters() const
Retrieves the group parameters for this domain.
void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate ephemeral private key in this domain.
void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate static private key in this domain.
HMQV_Domain(T1 v1, bool clientRole=true)
Construct a HMQV domain.
void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate ephemeral public key from a private key in this domain.
GroupParameters & AccessGroupParameters()
Retrieves the group parameters for this domain.
HMQV_Domain(BufferedTransformation &bt, bool clientRole=true)
Construct a HMQV domain.
HMQV_Domain(bool clientRole=true)
Construct a HMQV domain.
HMQV_Domain(T1 v1, T2 v2, T3 v3, bool clientRole=true)
Construct a HMQV domain.
unsigned int StaticPrivateKeyLength() const
Provides the size of the static private key.
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
Derive agreed value or shared secret.
unsigned int AgreedValueLength() const
Provides the size of the agreed value.
HMQV_Domain(T1 v1, T2 v2, bool clientRole=true)
Construct a HMQV domain.
unsigned int EphemeralPrivateKeyLength() const
Provides the size of the ephemeral private key.
void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate a static public key from a private key in this domain.
unsigned int StaticPublicKeyLength() const
Provides the size of the static public key.
unsigned int EphemeralPublicKeyLength() const
Provides the size of the ephemeral public key.
HMQV_Domain(const GroupParameters ¶ms, bool clientRole=true)
Construct a HMQV domain.
HMQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4, bool clientRole=true)
Construct a HMQV domain.
Multiple precision integer with arithmetic operations.
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
static const Integer & One()
Integer representing 1.
const CryptoMaterial & GetMaterial() const
Retrieves a reference to Crypto Parameters.
Interface for random number generators.
size_type SizeInBytes() const
Provides the number of bytes in the SecBlock.
byte * BytePtr()
Provides a byte pointer to the first element in the memory block.
Classes and functions for schemes based on Discrete Logs (DL) over GF(p)
HMQV_Domain< DL_GroupParameters_GFP_DefaultSafePrime > HMQV
Hashed Menezes-Qu-Vanstone in GF(p)
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Crypto++ library namespace.
Classes for SHA-1 and SHA-2 family of message digests.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.