summaryrefslogtreecommitdiffstats
path: root/CryptoPP/gfpcrypt.h
diff options
context:
space:
mode:
authormadmaxoft@gmail.com <madmaxoft@gmail.com@0a769ca7-a7f5-676a-18bf-c427514a06d6>2012-08-30 23:06:13 +0200
committermadmaxoft@gmail.com <madmaxoft@gmail.com@0a769ca7-a7f5-676a-18bf-c427514a06d6>2012-08-30 23:06:13 +0200
commit539364846a89987ac2679988653f50332cb91d26 (patch)
treef1695473c1f493a19c5fbdb70f7f1faccf99d7f3 /CryptoPP/gfpcrypt.h
parentUpdated to V6 - "Stop" and "Progress report" functionality (diff)
downloadcuberite-539364846a89987ac2679988653f50332cb91d26.tar
cuberite-539364846a89987ac2679988653f50332cb91d26.tar.gz
cuberite-539364846a89987ac2679988653f50332cb91d26.tar.bz2
cuberite-539364846a89987ac2679988653f50332cb91d26.tar.lz
cuberite-539364846a89987ac2679988653f50332cb91d26.tar.xz
cuberite-539364846a89987ac2679988653f50332cb91d26.tar.zst
cuberite-539364846a89987ac2679988653f50332cb91d26.zip
Diffstat (limited to 'CryptoPP/gfpcrypt.h')
-rw-r--r--CryptoPP/gfpcrypt.h536
1 files changed, 536 insertions, 0 deletions
diff --git a/CryptoPP/gfpcrypt.h b/CryptoPP/gfpcrypt.h
new file mode 100644
index 000000000..5e9c635d6
--- /dev/null
+++ b/CryptoPP/gfpcrypt.h
@@ -0,0 +1,536 @@
+#ifndef CRYPTOPP_GFPCRYPT_H
+#define CRYPTOPP_GFPCRYPT_H
+
+/** \file
+ Implementation of schemes based on DL over GF(p)
+*/
+
+#include "pubkey.h"
+#include "modexppc.h"
+#include "sha.h"
+#include "algparam.h"
+#include "asn.h"
+#include "smartptr.h"
+#include "hmac.h"
+
+#include <limits.h>
+
+NAMESPACE_BEGIN(CryptoPP)
+
+CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters<Integer>;
+
+//! _
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBased : public ASN1CryptoMaterial<DL_GroupParameters<Integer> >
+{
+ typedef DL_GroupParameters_IntegerBased ThisClass;
+
+public:
+ void Initialize(const DL_GroupParameters_IntegerBased &params)
+ {Initialize(params.GetModulus(), params.GetSubgroupOrder(), params.GetSubgroupGenerator());}
+ void Initialize(RandomNumberGenerator &rng, unsigned int pbits)
+ {GenerateRandom(rng, MakeParameters("ModulusSize", (int)pbits));}
+ void Initialize(const Integer &p, const Integer &g)
+ {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);}
+ void Initialize(const Integer &p, const Integer &q, const Integer &g)
+ {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);}
+
+ // ASN1Object interface
+ void BERDecode(BufferedTransformation &bt);
+ void DEREncode(BufferedTransformation &bt) const;
+
+ // GeneratibleCryptoMaterial interface
+ /*! parameters: (ModulusSize, SubgroupOrderSize (optional)) */
+ void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
+ bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
+ void AssignFrom(const NameValuePairs &source);
+
+ // DL_GroupParameters
+ const Integer & GetSubgroupOrder() const {return m_q;}
+ Integer GetGroupOrder() const {return GetFieldType() == 1 ? GetModulus()-Integer::One() : GetModulus()+Integer::One();}
+ bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
+ bool ValidateElement(unsigned int level, const Integer &element, const DL_FixedBasePrecomputation<Integer> *precomp) const;
+ bool FastSubgroupCheckAvailable() const {return GetCofactor() == 2;}
+ void EncodeElement(bool reversible, const Element &element, byte *encoded) const
+ {element.Encode(encoded, GetModulus().ByteCount());}
+ unsigned int GetEncodedElementSize(bool reversible) const {return GetModulus().ByteCount();}
+ Integer DecodeElement(const byte *encoded, bool checkForGroupMembership) const;
+ Integer ConvertElementToInteger(const Element &element) const
+ {return element;}
+ Integer GetMaxExponent() const;
+ static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "";}
+
+ OID GetAlgorithmID() const;
+
+ virtual const Integer & GetModulus() const =0;
+ virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) =0;
+
+ void SetSubgroupOrder(const Integer &q)
+ {m_q = q; ParametersChanged();}
+
+protected:
+ Integer ComputeGroupOrder(const Integer &modulus) const
+ {return modulus-(GetFieldType() == 1 ? 1 : -1);}
+
+ // GF(p) = 1, GF(p^2) = 2
+ virtual int GetFieldType() const =0;
+ virtual unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const;
+
+private:
+ Integer m_q;
+};
+
+//! _
+template <class GROUP_PRECOMP, class BASE_PRECOMP = DL_FixedBasePrecomputationImpl<CPP_TYPENAME GROUP_PRECOMP::Element> >
+class CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBasedImpl : public DL_GroupParametersImpl<GROUP_PRECOMP, BASE_PRECOMP, DL_GroupParameters_IntegerBased>
+{
+ typedef DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> ThisClass;
+
+public:
+ typedef typename GROUP_PRECOMP::Element Element;
+
+ // GeneratibleCryptoMaterial interface
+ bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
+ {return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();}
+
+ void AssignFrom(const NameValuePairs &source)
+ {AssignFromHelper<DL_GroupParameters_IntegerBased>(this, source);}
+
+ // DL_GroupParameters
+ const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;}
+ DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;}
+
+ // IntegerGroupParameters
+ const Integer & GetModulus() const {return this->m_groupPrecomputation.GetModulus();}
+ const Integer & GetGenerator() const {return this->m_gpc.GetBase(this->GetGroupPrecomputation());}
+
+ void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) // these have to be set together
+ {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->GetGroupPrecomputation(), g); this->ParametersChanged();}
+
+ // non-inherited
+ bool operator==(const DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> &rhs) const
+ {return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->GetSubgroupOrder() == rhs.GetSubgroupOrder();}
+ bool operator!=(const DL_GroupParameters_IntegerBasedImpl<GROUP_PRECOMP, BASE_PRECOMP> &rhs) const
+ {return !operator==(rhs);}
+};
+
+CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation>;
+
+//! GF(p) group parameters
+class CRYPTOPP_DLL DL_GroupParameters_GFP : public DL_GroupParameters_IntegerBasedImpl<ModExpPrecomputation>
+{
+public:
+ // DL_GroupParameters
+ bool IsIdentity(const Integer &element) const {return element == Integer::One();}
+ void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
+
+ // NameValuePairs interface
+ bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
+ {
+ return GetValueHelper<DL_GroupParameters_IntegerBased>(this, name, valueType, pValue).Assignable();
+ }
+
+ // used by MQV
+ Element MultiplyElements(const Element &a, const Element &b) const;
+ Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const;
+
+protected:
+ int GetFieldType() const {return 1;}
+};
+
+//! GF(p) group parameters that default to same primes
+class CRYPTOPP_DLL DL_GroupParameters_GFP_DefaultSafePrime : public DL_GroupParameters_GFP
+{
+public:
+ typedef NoCofactorMultiplication DefaultCofactorOption;
+
+protected:
+ unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;}
+};
+
+//! GDSA algorithm
+template <class T>
+class DL_Algorithm_GDSA : public DL_ElgamalLikeSignatureAlgorithm<T>
+{
+public:
+ static const char * CRYPTOPP_API StaticAlgorithmName() {return "DSA-1363";}
+
+ void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
+ {
+ const Integer &q = params.GetSubgroupOrder();
+ r %= q;
+ Integer kInv = k.InverseMod(q);
+ s = (kInv * (x*r + e)) % q;
+ assert(!!r && !!s);
+ }
+
+ bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
+ {
+ const Integer &q = params.GetSubgroupOrder();
+ if (r>=q || r<1 || s>=q || s<1)
+ return false;
+
+ Integer w = s.InverseMod(q);
+ Integer u1 = (e * w) % q;
+ Integer u2 = (r * w) % q;
+ // verify r == (g^u1 * y^u2 mod p) mod q
+ return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q;
+ }
+};
+
+CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<Integer>;
+
+//! NR algorithm
+template <class T>
+class DL_Algorithm_NR : public DL_ElgamalLikeSignatureAlgorithm<T>
+{
+public:
+ static const char * CRYPTOPP_API StaticAlgorithmName() {return "NR";}
+
+ void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
+ {
+ const Integer &q = params.GetSubgroupOrder();
+ r = (r + e) % q;
+ s = (k - x*r) % q;
+ assert(!!r);
+ }
+
+ bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
+ {
+ const Integer &q = params.GetSubgroupOrder();
+ if (r>=q || r<1 || s>=q)
+ return false;
+
+ // check r == (m_g^s * m_y^r + m) mod m_q
+ return r == (params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(s, r)) + e) % q;
+ }
+};
+
+/*! DSA public key format is defined in 7.3.3 of RFC 2459. The
+ private key format is defined in 12.9 of PKCS #11 v2.10. */
+template <class GP>
+class DL_PublicKey_GFP : public DL_PublicKeyImpl<GP>
+{
+public:
+ void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &y)
+ {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);}
+ void Initialize(const Integer &p, const Integer &g, const Integer &y)
+ {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);}
+ void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
+ {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);}
+
+ // X509PublicKey
+ void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t)
+ {this->SetPublicElement(Integer(bt));}
+ void DEREncodePublicKey(BufferedTransformation &bt) const
+ {this->GetPublicElement().DEREncode(bt);}
+};
+
+//! DL private key (in GF(p) groups)
+template <class GP>
+class DL_PrivateKey_GFP : public DL_PrivateKeyImpl<GP>
+{
+public:
+ void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
+ {this->GenerateRandomWithKeySize(rng, modulusBits);}
+ void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g)
+ {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupGenerator", g));}
+ void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
+ {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupOrder", q)("SubgroupGenerator", g));}
+ void Initialize(const DL_GroupParameters_IntegerBased &params, const Integer &x)
+ {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);}
+ void Initialize(const Integer &p, const Integer &g, const Integer &x)
+ {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);}
+ void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x)
+ {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);}
+};
+
+//! DL signing/verification keys (in GF(p) groups)
+struct DL_SignatureKeys_GFP
+{
+ typedef DL_GroupParameters_GFP GroupParameters;
+ typedef DL_PublicKey_GFP<GroupParameters> PublicKey;
+ typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey;
+};
+
+//! DL encryption/decryption keys (in GF(p) groups)
+struct DL_CryptoKeys_GFP
+{
+ typedef DL_GroupParameters_GFP_DefaultSafePrime GroupParameters;
+ typedef DL_PublicKey_GFP<GroupParameters> PublicKey;
+ typedef DL_PrivateKey_GFP<GroupParameters> PrivateKey;
+};
+
+//! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format
+template <class BASE>
+class DL_PublicKey_GFP_OldFormat : public BASE
+{
+public:
+ void BERDecode(BufferedTransformation &bt)
+ {
+ BERSequenceDecoder seq(bt);
+ Integer v1(seq);
+ Integer v2(seq);
+ Integer v3(seq);
+
+ if (seq.EndReached())
+ {
+ this->AccessGroupParameters().Initialize(v1, v1/2, v2);
+ this->SetPublicElement(v3);
+ }
+ else
+ {
+ Integer v4(seq);
+ this->AccessGroupParameters().Initialize(v1, v2, v3);
+ this->SetPublicElement(v4);
+ }
+
+ seq.MessageEnd();
+ }
+
+ void DEREncode(BufferedTransformation &bt) const
+ {
+ DERSequenceEncoder seq(bt);
+ this->GetGroupParameters().GetModulus().DEREncode(seq);
+ if (this->GetGroupParameters().GetCofactor() != 2)
+ this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
+ this->GetGroupParameters().GetGenerator().DEREncode(seq);
+ this->GetPublicElement().DEREncode(seq);
+ seq.MessageEnd();
+ }
+};
+
+//! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format
+template <class BASE>
+class DL_PrivateKey_GFP_OldFormat : public BASE
+{
+public:
+ void BERDecode(BufferedTransformation &bt)
+ {
+ BERSequenceDecoder seq(bt);
+ Integer v1(seq);
+ Integer v2(seq);
+ Integer v3(seq);
+ Integer v4(seq);
+
+ if (seq.EndReached())
+ {
+ this->AccessGroupParameters().Initialize(v1, v1/2, v2);
+ this->SetPrivateExponent(v4 % (v1/2)); // some old keys may have x >= q
+ }
+ else
+ {
+ Integer v5(seq);
+ this->AccessGroupParameters().Initialize(v1, v2, v3);
+ this->SetPrivateExponent(v5);
+ }
+
+ seq.MessageEnd();
+ }
+
+ void DEREncode(BufferedTransformation &bt) const
+ {
+ DERSequenceEncoder seq(bt);
+ this->GetGroupParameters().GetModulus().DEREncode(seq);
+ if (this->GetGroupParameters().GetCofactor() != 2)
+ this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq);
+ this->GetGroupParameters().GetGenerator().DEREncode(seq);
+ this->GetGroupParameters().ExponentiateBase(this->GetPrivateExponent()).DEREncode(seq);
+ this->GetPrivateExponent().DEREncode(seq);
+ seq.MessageEnd();
+ }
+};
+
+//! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a>
+template <class H>
+struct GDSA : public DL_SS<
+ DL_SignatureKeys_GFP,
+ DL_Algorithm_GDSA<Integer>,
+ DL_SignatureMessageEncodingMethod_DSA,
+ H>
+{
+};
+
+//! <a href="http://www.weidai.com/scan-mirror/sig.html#NR">NR</a>
+template <class H>
+struct NR : public DL_SS<
+ DL_SignatureKeys_GFP,
+ DL_Algorithm_NR<Integer>,
+ DL_SignatureMessageEncodingMethod_NR,
+ H>
+{
+};
+
+//! DSA group parameters, these are GF(p) group parameters that are allowed by the DSA standard
+class CRYPTOPP_DLL DL_GroupParameters_DSA : public DL_GroupParameters_GFP
+{
+public:
+ /*! also checks that the lengths of p and q are allowed by the DSA standard */
+ bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
+ /*! parameters: (ModulusSize), or (Modulus, SubgroupOrder, SubgroupGenerator) */
+ /*! ModulusSize must be between DSA::MIN_PRIME_LENGTH and DSA::MAX_PRIME_LENGTH, and divisible by DSA::PRIME_LENGTH_MULTIPLE */
+ void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
+};
+
+struct DSA;
+
+//! DSA keys
+struct DL_Keys_DSA
+{
+ typedef DL_PublicKey_GFP<DL_GroupParameters_DSA> PublicKey;
+ typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA> PrivateKey;
+};
+
+//! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA">DSA</a>
+struct CRYPTOPP_DLL DSA : public DL_SS<
+ DL_Keys_DSA,
+ DL_Algorithm_GDSA<Integer>,
+ DL_SignatureMessageEncodingMethod_DSA,
+ SHA,
+ DSA>
+{
+ static const char * CRYPTOPP_API StaticAlgorithmName() {return "DSA";}
+
+ //! Generate DSA primes according to NIST standard
+ /*! Both seedLength and primeLength are in bits, but seedLength should
+ be a multiple of 8.
+ If useInputCounterValue == true, the counter parameter is taken as input, otherwise it's used for output
+ */
+ static bool CRYPTOPP_API GeneratePrimes(const byte *seed, unsigned int seedLength, int &counter,
+ Integer &p, unsigned int primeLength, Integer &q, bool useInputCounterValue = false);
+
+ static bool CRYPTOPP_API IsValidPrimeLength(unsigned int pbits)
+ {return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;}
+
+ //! FIPS 186-2 Change Notice 1 changed the minimum modulus length to 1024
+ enum {
+#if (DSA_1024_BIT_MODULUS_ONLY)
+ MIN_PRIME_LENGTH = 1024,
+#else
+ MIN_PRIME_LENGTH = 512,
+#endif
+ MAX_PRIME_LENGTH = 1024, PRIME_LENGTH_MULTIPLE = 64};
+};
+
+CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_GFP<DL_GroupParameters_DSA>;
+CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_GFP<DL_GroupParameters_DSA>;
+CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, DSA>;
+
+//! the XOR encryption method, for use with DL-based cryptosystems
+template <class MAC, bool DHAES_MODE>
+class DL_EncryptionAlgorithm_Xor : public DL_SymmetricEncryptionAlgorithm
+{
+public:
+ bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;}
+ size_t GetSymmetricKeyLength(size_t plaintextLength) const
+ {return plaintextLength + MAC::DEFAULT_KEYLENGTH;}
+ size_t GetSymmetricCiphertextLength(size_t plaintextLength) const
+ {return plaintextLength + MAC::DIGESTSIZE;}
+ size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const
+ {return (unsigned int)SaturatingSubtract(ciphertextLength, (unsigned int)MAC::DIGESTSIZE);}
+ void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters) const
+ {
+ const byte *cipherKey, *macKey;
+ if (DHAES_MODE)
+ {
+ macKey = key;
+ cipherKey = key + MAC::DEFAULT_KEYLENGTH;
+ }
+ else
+ {
+ cipherKey = key;
+ macKey = key + plaintextLength;
+ }
+
+ ConstByteArrayParameter encodingParameters;
+ parameters.GetValue(Name::EncodingParameters(), encodingParameters);
+
+ xorbuf(ciphertext, plaintext, cipherKey, plaintextLength);
+ MAC mac(macKey);
+ mac.Update(ciphertext, plaintextLength);
+ mac.Update(encodingParameters.begin(), encodingParameters.size());
+ if (DHAES_MODE)
+ {
+ byte L[8] = {0,0,0,0};
+ PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size()));
+ mac.Update(L, 8);
+ }
+ mac.Final(ciphertext + plaintextLength);
+ }
+ DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters) const
+ {
+ size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength);
+ const byte *cipherKey, *macKey;
+ if (DHAES_MODE)
+ {
+ macKey = key;
+ cipherKey = key + MAC::DEFAULT_KEYLENGTH;
+ }
+ else
+ {
+ cipherKey = key;
+ macKey = key + plaintextLength;
+ }
+
+ ConstByteArrayParameter encodingParameters;
+ parameters.GetValue(Name::EncodingParameters(), encodingParameters);
+
+ MAC mac(macKey);
+ mac.Update(ciphertext, plaintextLength);
+ mac.Update(encodingParameters.begin(), encodingParameters.size());
+ if (DHAES_MODE)
+ {
+ byte L[8] = {0,0,0,0};
+ PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size()));
+ mac.Update(L, 8);
+ }
+ if (!mac.Verify(ciphertext + plaintextLength))
+ return DecodingResult();
+
+ xorbuf(plaintext, ciphertext, cipherKey, plaintextLength);
+ return DecodingResult(plaintextLength);
+ }
+};
+
+//! _
+template <class T, bool DHAES_MODE, class KDF>
+class DL_KeyDerivationAlgorithm_P1363 : public DL_KeyDerivationAlgorithm<T>
+{
+public:
+ bool ParameterSupported(const char *name) const {return strcmp(name, Name::KeyDerivationParameters()) == 0;}
+ void Derive(const DL_GroupParameters<T> &params, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs &parameters) const
+ {
+ SecByteBlock agreedSecret;
+ if (DHAES_MODE)
+ {
+ agreedSecret.New(params.GetEncodedElementSize(true) + params.GetEncodedElementSize(false));
+ params.EncodeElement(true, ephemeralPublicKey, agreedSecret);
+ params.EncodeElement(false, agreedElement, agreedSecret + params.GetEncodedElementSize(true));
+ }
+ else
+ {
+ agreedSecret.New(params.GetEncodedElementSize(false));
+ params.EncodeElement(false, agreedElement, agreedSecret);
+ }
+
+ ConstByteArrayParameter derivationParameters;
+ parameters.GetValue(Name::KeyDerivationParameters(), derivationParameters);
+ KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.size(), derivationParameters.begin(), derivationParameters.size());
+ }
+};
+
+//! Discrete Log Integrated Encryption Scheme, AKA <a href="http://www.weidai.com/scan-mirror/ca.html#DLIES">DLIES</a>
+template <class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true>
+struct DLIES
+ : public DL_ES<
+ DL_CryptoKeys_GFP,
+ DL_KeyAgreementAlgorithm_DH<Integer, COFACTOR_OPTION>,
+ DL_KeyDerivationAlgorithm_P1363<Integer, DHAES_MODE, P1363_KDF2<SHA1> >,
+ DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
+ DLIES<> >
+{
+ static std::string CRYPTOPP_API StaticAlgorithmName() {return "DLIES";} // TODO: fix this after name is standardized
+};
+
+NAMESPACE_END
+
+#endif