monotone

monotone Mtn Source Tree

Root/botan/def_ops.cpp

1/*************************************************
2* Default Engine PK Operations Source File *
3* (C) 1999-2005 The Botan Project *
4*************************************************/
5
6#include <botan/def_eng.h>
7#include <botan/mod_exp.h>
8#include <botan/numthry.h>
9#include <botan/barrett.h>
10
11namespace Botan {
12
13namespace {
14
15/*************************************************
16* Default IF Operation *
17*************************************************/
18class Default_IF_Op : public IF_Operation
19 {
20 public:
21 BigInt public_op(const BigInt& i) const { return powermod_e_n(i); }
22 BigInt private_op(const BigInt&) const;
23
24 IF_Operation* clone() const { return new Default_IF_Op(*this); }
25
26 Default_IF_Op(const BigInt&, const BigInt&, const BigInt&,
27 const BigInt&, const BigInt&, const BigInt&,
28 const BigInt&, const BigInt&);
29 private:
30 const BigInt q, c;
31 FixedExponent_Exp powermod_e_n, powermod_d1_p, powermod_d2_q;
32 };
33
34/*************************************************
35* Default_IF_Op Constructor *
36*************************************************/
37Default_IF_Op::Default_IF_Op(const BigInt& e, const BigInt& n, const BigInt&,
38 const BigInt& p, const BigInt& qx,
39 const BigInt& d1, const BigInt& d2,
40 const BigInt& cx) : q(qx), c(cx)
41 {
42 powermod_e_n = FixedExponent_Exp(e, n);
43 if(d1 != 0 && d2 != 0 && p != 0 && q != 0)
44 {
45 powermod_d1_p = FixedExponent_Exp(d1, p);
46 powermod_d2_q = FixedExponent_Exp(d2, q);
47 }
48 }
49
50/*************************************************
51* Default IF Private Operation *
52*************************************************/
53BigInt Default_IF_Op::private_op(const BigInt& i) const
54 {
55 if(q == 0)
56 throw Internal_Error("Default_IF_Op::private_op: No private key");
57
58 BigInt j1 = powermod_d1_p(i);
59 BigInt j2 = powermod_d2_q(i);
60 return mul_add(powermod_d1_p.reduce(sub_mul(j1, j2, c)), q, j2);
61 }
62
63/*************************************************
64* Default DSA Operation *
65*************************************************/
66class Default_DSA_Op : public DSA_Operation
67 {
68 public:
69 bool verify(const byte[], u32bit, const byte[], u32bit) const;
70 SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const;
71
72 DSA_Operation* clone() const { return new Default_DSA_Op(*this); }
73
74 Default_DSA_Op(const DL_Group&, const BigInt&, const BigInt&);
75 private:
76 const BigInt x, y;
77 const DL_Group group;
78 FixedBase_Exp powermod_g_p, powermod_y_p;
79 };
80
81/*************************************************
82* Default_DSA_Op Constructor *
83*************************************************/
84Default_DSA_Op::Default_DSA_Op(const DL_Group& grp, const BigInt& y1,
85 const BigInt& x1) : x(x1), y(y1), group(grp)
86 {
87 powermod_g_p = FixedBase_Exp(group.get_g(), group.get_p());
88 powermod_y_p = FixedBase_Exp(y, group.get_p());
89 }
90
91/*************************************************
92* Default DSA Verify Operation *
93*************************************************/
94bool Default_DSA_Op::verify(const byte msg[], u32bit msg_len,
95 const byte sig[], u32bit sig_len) const
96 {
97 const BigInt& q = group.get_q();
98 const BigInt& p = group.get_p();
99
100 if(sig_len != 2*q.bytes() || msg_len > q.bytes())
101 return false;
102
103 BigInt r(sig, q.bytes());
104 BigInt s(sig + q.bytes(), q.bytes());
105 BigInt i(msg, msg_len);
106
107 if(r <= 0 || r >= q || s <= 0 || s >= q)
108 return false;
109
110 s = inverse_mod(s, q);
111 s = mul_mod(powermod_g_p(mul_mod(s, i, q)),
112 powermod_y_p(mul_mod(s, r, q)), p);
113
114 return (s % q == r);
115 }
116
117/*************************************************
118* Default DSA Sign Operation *
119*************************************************/
120SecureVector<byte> Default_DSA_Op::sign(const byte in[], u32bit length,
121 const BigInt& k) const
122 {
123 if(x == 0)
124 throw Internal_Error("Default_DSA_Op::sign: No private key");
125
126 const BigInt& q = group.get_q();
127 BigInt i(in, length);
128
129 BigInt r = powermod_g_p(k) % q;
130 BigInt s = mul_mod(inverse_mod(k, q), mul_add(x, r, i), q);
131 if(r.is_zero() || s.is_zero())
132 throw Internal_Error("Default_DSA_Op::sign: r or s was zero");
133
134 SecureVector<byte> output(2*q.bytes());
135 r.binary_encode(output + (output.size() / 2 - r.bytes()));
136 s.binary_encode(output + (output.size() - s.bytes()));
137 return output;
138 }
139
140/*************************************************
141* Default NR Operation *
142*************************************************/
143class Default_NR_Op : public NR_Operation
144 {
145 public:
146 SecureVector<byte> verify(const byte[], u32bit) const;
147 SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const;
148
149 NR_Operation* clone() const { return new Default_NR_Op(*this); }
150
151 Default_NR_Op(const DL_Group&, const BigInt&, const BigInt&);
152 private:
153 const BigInt x, y;
154 const DL_Group group;
155 FixedBase_Exp powermod_g_p, powermod_y_p;
156 };
157
158/*************************************************
159* Default_NR_Op Constructor *
160*************************************************/
161Default_NR_Op::Default_NR_Op(const DL_Group& grp, const BigInt& y1,
162 const BigInt& x1) : x(x1), y(y1), group(grp)
163 {
164 powermod_g_p = FixedBase_Exp(group.get_g(), group.get_p());
165 powermod_y_p = FixedBase_Exp(y, group.get_p());
166 }
167
168/*************************************************
169* Default NR Verify Operation *
170*************************************************/
171SecureVector<byte> Default_NR_Op::verify(const byte in[], u32bit length) const
172 {
173 const BigInt& p = group.get_p();
174 const BigInt& q = group.get_q();
175
176 if(length != 2*q.bytes())
177 return false;
178
179 BigInt c(in, q.bytes());
180 BigInt d(in + q.bytes(), q.bytes());
181
182 if(c.is_zero() || c >= q || d >= q)
183 throw Invalid_Argument("Default_NR_Op::verify: Invalid signature");
184
185 BigInt i = mul_mod(powermod_g_p(d), powermod_y_p(c), p);
186 return BigInt::encode((c - i) % q);
187 }
188
189/*************************************************
190* Default NR Sign Operation *
191*************************************************/
192SecureVector<byte> Default_NR_Op::sign(const byte in[], u32bit length,
193 const BigInt& k) const
194 {
195 if(x == 0)
196 throw Internal_Error("Default_NR_Op::sign: No private key");
197
198 const BigInt& q = group.get_q();
199
200 BigInt f(in, length);
201
202 if(f >= q)
203 throw Invalid_Argument("Default_NR_Op::sign: Input is out of range");
204
205 BigInt c = (powermod_g_p(k) + f) % q;
206 if(c.is_zero())
207 throw Internal_Error("Default_NR_Op::sign: c was zero");
208 BigInt d = (k - x * c) % q;
209
210 SecureVector<byte> output(2*q.bytes());
211 c.binary_encode(output + (output.size() / 2 - c.bytes()));
212 d.binary_encode(output + (output.size() - d.bytes()));
213 return output;
214 }
215
216/*************************************************
217* Default ElGamal Operation *
218*************************************************/
219class Default_ELG_Op : public ELG_Operation
220 {
221 public:
222 SecureVector<byte> encrypt(const byte[], u32bit, const BigInt&) const;
223 BigInt decrypt(const BigInt&, const BigInt&) const;
224
225 ELG_Operation* clone() const { return new Default_ELG_Op(*this); }
226
227 Default_ELG_Op(const DL_Group&, const BigInt&, const BigInt&);
228 private:
229 const BigInt p;
230 FixedBase_Exp powermod_g_p, powermod_y_p;
231 FixedExponent_Exp powermod_x_p;
232 };
233
234/*************************************************
235* Default_ELG_Op Constructor *
236*************************************************/
237Default_ELG_Op::Default_ELG_Op(const DL_Group& group, const BigInt& y,
238 const BigInt& x) : p(group.get_p())
239 {
240 powermod_g_p = FixedBase_Exp(group.get_g(), p);
241 powermod_y_p = FixedBase_Exp(y, p);
242
243 if(x != 0)
244 powermod_x_p = FixedExponent_Exp(x, p);
245 }
246
247/*************************************************
248* Default ElGamal Encrypt Operation *
249*************************************************/
250SecureVector<byte> Default_ELG_Op::encrypt(const byte in[], u32bit length,
251 const BigInt& k) const
252 {
253 BigInt m(in, length);
254 if(m >= p)
255 throw Invalid_Argument("Default_ELG_Op::encrypt: Input is too large");
256
257 BigInt a = powermod_g_p(k);
258 BigInt b = mul_mod(m, powermod_y_p(k), p);
259
260 SecureVector<byte> output(2*p.bytes());
261 a.binary_encode(output + (p.bytes() - a.bytes()));
262 b.binary_encode(output + output.size() / 2 + (p.bytes() - b.bytes()));
263 return output;
264 }
265
266/*************************************************
267* Default ElGamal Decrypt Operation *
268*************************************************/
269BigInt Default_ELG_Op::decrypt(const BigInt& a, const BigInt& b) const
270 {
271 if(!powermod_x_p.initialized())
272 throw Internal_Error("Default_ELG_Op::decrypt: No private key");
273
274 if(a >= p || b >= p)
275 throw Invalid_Argument("Default_ELG_Op: Invalid message");
276
277 return mul_mod(b, inverse_mod(powermod_x_p(a), p), p);
278 }
279
280/*************************************************
281* Default DH Operation *
282*************************************************/
283class Default_DH_Op : public DH_Operation
284 {
285 public:
286 BigInt agree(const BigInt& i) const { return powermod_x_p(i); }
287 DH_Operation* clone() const { return new Default_DH_Op(*this); }
288
289 Default_DH_Op(const DL_Group& group, const BigInt& x) :
290 powermod_x_p(x, group.get_p()) {}
291 private:
292 const FixedExponent_Exp powermod_x_p;
293 };
294
295}
296
297/*************************************************
298* Acquire an IF op *
299*************************************************/
300IF_Operation* Default_Engine::if_op(const BigInt& e, const BigInt& n,
301 const BigInt& d, const BigInt& p,
302 const BigInt& q, const BigInt& d1,
303 const BigInt& d2, const BigInt& c) const
304 {
305 return new Default_IF_Op(e, n, d, p, q, d1, d2, c);
306 }
307
308/*************************************************
309* Acquire a DSA op *
310*************************************************/
311DSA_Operation* Default_Engine::dsa_op(const DL_Group& group, const BigInt& y,
312 const BigInt& x) const
313 {
314 return new Default_DSA_Op(group, y, x);
315 }
316
317/*************************************************
318* Acquire a NR op *
319*************************************************/
320NR_Operation* Default_Engine::nr_op(const DL_Group& group, const BigInt& y,
321 const BigInt& x) const
322 {
323 return new Default_NR_Op(group, y, x);
324 }
325
326/*************************************************
327* Acquire an ElGamal op *
328*************************************************/
329ELG_Operation* Default_Engine::elg_op(const DL_Group& group, const BigInt& y,
330 const BigInt& x) const
331 {
332 return new Default_ELG_Op(group, y, x);
333 }
334
335/*************************************************
336* Acquire a DH op *
337*************************************************/
338DH_Operation* Default_Engine::dh_op(const DL_Group& group,
339 const BigInt& x) const
340 {
341 return new Default_DH_Op(group, x);
342 }
343
344/*************************************************
345* Acquire a ModularReducer *
346*************************************************/
347ModularReducer* Default_Engine::reducer(const BigInt& n, bool) const
348 {
349 return new BarrettReducer(n);
350 }
351
352}

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status