代码拉取完成,页面将自动刷新
同步操作将从 Gitee 极速下载/cryptopp 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
// eccrypto.h - originally written and placed in the public domain by Wei Dai
// deterministic signatures added by by Douglas Roark
/// \file eccrypto.h
/// \brief Classes and functions for Elliptic Curves over prime and binary fields
#ifndef CRYPTOPP_ECCRYPTO_H
#define CRYPTOPP_ECCRYPTO_H
#include "config.h"
#include "cryptlib.h"
#include "pubkey.h"
#include "integer.h"
#include "asn.h"
#include "hmac.h"
#include "sha.h"
#include "gfpcrypt.h"
#include "dh.h"
#include "mqv.h"
#include "hmqv.h"
#include "fhmqv.h"
#include "ecp.h"
#include "ec2n.h"
#include <iosfwd>
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4231 4275)
#endif
NAMESPACE_BEGIN(CryptoPP)
/// \brief Elliptic Curve Parameters
/// \tparam EC elliptic curve field
/// \details This class corresponds to the ASN.1 sequence of the same name
/// in ANSI X9.62 and SEC 1. EC is currently defined for ECP and EC2N.
template <class EC>
class DL_GroupParameters_EC : public DL_GroupParametersImpl<EcPrecomputation<EC> >
{
typedef DL_GroupParameters_EC<EC> ThisClass;
public:
typedef EC EllipticCurve;
typedef typename EllipticCurve::Point Point;
typedef Point Element;
typedef IncompatibleCofactorMultiplication DefaultCofactorOption;
virtual ~DL_GroupParameters_EC() {}
/// \brief Construct an EC GroupParameters
DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(true) {}
/// \brief Construct an EC GroupParameters
/// \param oid the OID of a curve
DL_GroupParameters_EC(const OID &oid)
: m_compress(false), m_encodeAsOID(true) {Initialize(oid);}
/// \brief Construct an EC GroupParameters
/// \param ec the elliptic curve
/// \param G the base point
/// \param n the order of the base point
/// \param k the cofactor
DL_GroupParameters_EC(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
: m_compress(false), m_encodeAsOID(true) {Initialize(ec, G, n, k);}
/// \brief Construct an EC GroupParameters
/// \param bt BufferedTransformation with group parameters
DL_GroupParameters_EC(BufferedTransformation &bt)
: m_compress(false), m_encodeAsOID(true) {BERDecode(bt);}
/// \brief Initialize an EC GroupParameters using {EC,G,n,k}
/// \param ec the elliptic curve
/// \param G the base point
/// \param n the order of the base point
/// \param k the cofactor
/// \details This Initialize() function overload initializes group parameters from existing parameters.
void Initialize(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero())
{
this->m_groupPrecomputation.SetCurve(ec);
this->SetSubgroupGenerator(G);
m_n = n;
m_k = k;
}
/// \brief Initialize a DL_GroupParameters_EC {EC,G,n,k}
/// \param oid the OID of a curve
/// \details This Initialize() function overload initializes group parameters from existing parameters.
void Initialize(const OID &oid);
// NameValuePairs
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
void AssignFrom(const NameValuePairs &source);
// GeneratibleCryptoMaterial interface
/// this implementation doesn't actually generate a curve, it just initializes the parameters with existing values
/*! parameters: (Curve, SubgroupGenerator, SubgroupOrder, Cofactor (optional)), or (GroupOID) */
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
// DL_GroupParameters
const DL_FixedBasePrecomputation<Element> & GetBasePrecomputation() const {return this->m_gpc;}
DL_FixedBasePrecomputation<Element> & AccessBasePrecomputation() {return this->m_gpc;}
const Integer & GetSubgroupOrder() const {return m_n;}
Integer GetCofactor() const;
bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const;
bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation<Element> *precomp) const;
bool FastSubgroupCheckAvailable() const {return false;}
void EncodeElement(bool reversible, const Element &element, byte *encoded) const
{
if (reversible)
GetCurve().EncodePoint(encoded, element, m_compress);
else
element.x.Encode(encoded, GetEncodedElementSize(false));
}
virtual unsigned int GetEncodedElementSize(bool reversible) const
{
if (reversible)
return GetCurve().EncodedPointSize(m_compress);
else
return GetCurve().GetField().MaxElementByteLength();
}
Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const
{
Point result;
if (!GetCurve().DecodePoint(result, encoded, GetEncodedElementSize(true)))
throw DL_BadElement();
if (checkForGroupMembership && !ValidateElement(1, result, NULLPTR))
throw DL_BadElement();
return result;
}
Integer ConvertElementToInteger(const Element &element) const;
Integer GetMaxExponent() const {return GetSubgroupOrder()-1;}
bool IsIdentity(const Element &element) const {return element.identity;}
void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "EC";}
// ASN1Key
OID GetAlgorithmID() const;
// used by MQV
Element MultiplyElements(const Element &a, const Element &b) const;
Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const;
// non-inherited
// enumerate OIDs for recommended parameters, use OID() to get first one
static OID CRYPTOPP_API GetNextRecommendedParametersOID(const OID &oid);
void BERDecode(BufferedTransformation &bt);
void DEREncode(BufferedTransformation &bt) const;
void SetPointCompression(bool compress) {m_compress = compress;}
bool GetPointCompression() const {return m_compress;}
void SetEncodeAsOID(bool encodeAsOID) {m_encodeAsOID = encodeAsOID;}
bool GetEncodeAsOID() const {return m_encodeAsOID;}
const EllipticCurve& GetCurve() const {return this->m_groupPrecomputation.GetCurve();}
bool operator==(const ThisClass &rhs) const
{return this->m_groupPrecomputation.GetCurve() == rhs.m_groupPrecomputation.GetCurve() && this->m_gpc.GetBase(this->m_groupPrecomputation) == rhs.m_gpc.GetBase(rhs.m_groupPrecomputation);}
protected:
unsigned int FieldElementLength() const {return GetCurve().GetField().MaxElementByteLength();}
unsigned int ExponentLength() const {return m_n.ByteCount();}
OID m_oid; // set if parameters loaded from a recommended curve
Integer m_n; // order of base point
mutable Integer m_k; // cofactor
mutable bool m_compress, m_encodeAsOID; // presentation details
};
inline std::ostream& operator<<(std::ostream& os, const DL_GroupParameters_EC<ECP>::Element& obj);
/// \brief Elliptic Curve Discrete Log (DL) public key
/// \tparam EC elliptic curve field
template <class EC>
class DL_PublicKey_EC : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> >
{
public:
typedef typename EC::Point Element;
virtual ~DL_PublicKey_EC() {}
/// \brief Initialize an EC Public Key using {GP,Q}
/// \param params group parameters
/// \param Q the public point
/// \details This Initialize() function overload initializes a public key from existing parameters.
void Initialize(const DL_GroupParameters_EC<EC> ¶ms, const Element &Q)
{this->AccessGroupParameters() = params; this->SetPublicElement(Q);}
/// \brief Initialize an EC Public Key using {EC,G,n,Q}
/// \param ec the elliptic curve
/// \param G the base point
/// \param n the order of the base point
/// \param Q the public point
/// \details This Initialize() function overload initializes a public key from existing parameters.
void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q)
{this->AccessGroupParameters().Initialize(ec, G, n); this->SetPublicElement(Q);}
// X509PublicKey
void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
void DEREncodePublicKey(BufferedTransformation &bt) const;
};
/// \brief Elliptic Curve Discrete Log (DL) private key
/// \tparam EC elliptic curve field
template <class EC>
class DL_PrivateKey_EC : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> >
{
public:
typedef typename EC::Point Element;
virtual ~DL_PrivateKey_EC();
/// \brief Initialize an EC Private Key using {GP,x}
/// \param params group parameters
/// \param x the private exponent
/// \details This Initialize() function overload initializes a private key from existing parameters.
void Initialize(const DL_GroupParameters_EC<EC> ¶ms, const Integer &x)
{this->AccessGroupParameters() = params; this->SetPrivateExponent(x);}
/// \brief Initialize an EC Private Key using {EC,G,n,x}
/// \param ec the elliptic curve
/// \param G the base point
/// \param n the order of the base point
/// \param x the private exponent
/// \details This Initialize() function overload initializes a private key from existing parameters.
void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x)
{this->AccessGroupParameters().Initialize(ec, G, n); this->SetPrivateExponent(x);}
/// \brief Create an EC private key
/// \param rng a RandomNumberGenerator derived class
/// \param params the EC group parameters
/// \details This function overload of Initialize() creates a new private key because it
/// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
/// then use one of the other Initialize() overloads.
void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> ¶ms)
{this->GenerateRandom(rng, params);}
/// \brief Create an EC private key
/// \param rng a RandomNumberGenerator derived class
/// \param ec the elliptic curve
/// \param G the base point
/// \param n the order of the base point
/// \details This function overload of Initialize() creates a new private key because it
/// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
/// then use one of the other Initialize() overloads.
void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n)
{this->GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));}
// PKCS8PrivateKey
void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
void DEREncodePrivateKey(BufferedTransformation &bt) const;
};
// Out-of-line dtor due to AIX and GCC, http://github.com/weidai11/cryptopp/issues/499
template<class EC>
DL_PrivateKey_EC<EC>::~DL_PrivateKey_EC() {}
/// \brief Elliptic Curve Diffie-Hellman
/// \tparam EC elliptic curve field
/// \tparam COFACTOR_OPTION cofactor multiplication option
/// \sa CofactorMultiplicationOption, <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">Elliptic Curve Diffie-Hellman, AKA ECDH</a>
/// \since Crypto++ 3.0
template <class EC, class COFACTOR_OPTION = typename DL_GroupParameters_EC<EC>::DefaultCofactorOption>
struct ECDH
{
typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
};
/// \brief Elliptic Curve Menezes-Qu-Vanstone
/// \tparam EC elliptic curve field
/// \tparam COFACTOR_OPTION cofactor multiplication option
/// \sa CofactorMultiplicationOption, <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">Elliptic Curve Menezes-Qu-Vanstone, AKA ECMQV</a>
template <class EC, class COFACTOR_OPTION = typename DL_GroupParameters_EC<EC>::DefaultCofactorOption>
struct ECMQV
{
typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
};
/// \brief Hashed Elliptic Curve Menezes-Qu-Vanstone
/// \tparam EC elliptic curve field
/// \tparam COFACTOR_OPTION cofactor multiplication option
/// \details This implementation follows Hugo Krawczyk's <a href="http://eprint.iacr.org/2005/176">HMQV: A High-Performance
/// Secure Diffie-Hellman Protocol</a>. Note: this implements HMQV only. HMQV-C with Key Confirmation is not provided.
/// \sa CofactorMultiplicationOption
template <class EC, class COFACTOR_OPTION = typename DL_GroupParameters_EC<EC>::DefaultCofactorOption, class HASH = SHA256>
struct ECHMQV
{
typedef HMQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION, HASH> Domain;
};
typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA1 >::Domain ECHMQV160;
typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA256 >::Domain ECHMQV256;
typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA384 >::Domain ECHMQV384;
typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA512 >::Domain ECHMQV512;
/// \brief Fully Hashed Elliptic Curve Menezes-Qu-Vanstone
/// \tparam EC elliptic curve field
/// \tparam COFACTOR_OPTION cofactor multiplication option
/// \details This implementation follows Augustin P. Sarr and Philippe Elbaz–Vincent, and Jean–Claude Bajard's
/// <a href="http://eprint.iacr.org/2009/408">A Secure and Efficient Authenticated Diffie-Hellman Protocol</a>.
/// Note: this is FHMQV, Protocol 5, from page 11; and not FHMQV-C.
/// \sa CofactorMultiplicationOption
template <class EC, class COFACTOR_OPTION = typename DL_GroupParameters_EC<EC>::DefaultCofactorOption, class HASH = SHA256>
struct ECFHMQV
{
typedef FHMQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION, HASH> Domain;
};
typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA1 >::Domain ECFHMQV160;
typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA256 >::Domain ECFHMQV256;
typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA384 >::Domain ECFHMQV384;
typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA512 >::Domain ECFHMQV512;
/// \brief Elliptic Curve Discrete Log (DL) keys
/// \tparam EC elliptic curve field
template <class EC>
struct DL_Keys_EC
{
typedef DL_PublicKey_EC<EC> PublicKey;
typedef DL_PrivateKey_EC<EC> PrivateKey;
};
// Forward declaration; documented below
template <class EC, class H>
struct ECDSA;
/// \brief Elliptic Curve DSA keys
/// \tparam EC elliptic curve field
/// \since Crypto++ 3.2
template <class EC>
struct DL_Keys_ECDSA
{
typedef DL_PublicKey_EC<EC> PublicKey;
typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC>, ECDSA<EC, SHA256> > PrivateKey;
};
/// \brief Elliptic Curve DSA (ECDSA) signature algorithm
/// \tparam EC elliptic curve field
/// \since Crypto++ 3.2
template <class EC>
class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point>
{
public:
CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECDSA";}
};
/// \brief Elliptic Curve DSA (ECDSA) signature algorithm based on RFC 6979
/// \tparam EC elliptic curve field
/// \sa <a href="http://tools.ietf.org/rfc/rfc6979.txt">RFC 6979, Deterministic Usage of the
/// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)</a>
/// \since Crypto++ 6.0
template <class EC, class H>
class DL_Algorithm_ECDSA_RFC6979 : public DL_Algorithm_DSA_RFC6979<typename EC::Point, H>
{
public:
CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECDSA-RFC6979";}
};
/// \brief Elliptic Curve NR (ECNR) signature algorithm
/// \tparam EC elliptic curve field
template <class EC>
class DL_Algorithm_ECNR : public DL_Algorithm_NR<typename EC::Point>
{
public:
CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECNR";}
};
/// \brief Elliptic Curve DSA (ECDSA) signature scheme
/// \tparam EC elliptic curve field
/// \tparam H HashTransformation derived class
/// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a>
/// \since Crypto++ 3.2
template <class EC, class H>
struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H>
{
};
/// \brief Elliptic Curve DSA (ECDSA) deterministic signature scheme
/// \tparam EC elliptic curve field
/// \tparam H HashTransformation derived class
/// \sa <a href="http://tools.ietf.org/rfc/rfc6979.txt">Deterministic Usage of the
/// Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)</a>
/// \since Crypto++ 6.0
template <class EC, class H>
struct ECDSA_RFC6979 : public DL_SS<
DL_Keys_ECDSA<EC>,
DL_Algorithm_ECDSA_RFC6979<EC, H>,
DL_SignatureMessageEncodingMethod_DSA,
H,
ECDSA_RFC6979<EC,H> >
{
static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string("ECDSA-RFC6979/") + H::StaticAlgorithmName();}
};
/// \brief Elliptic Curve NR (ECNR) signature scheme
/// \tparam EC elliptic curve field
/// \tparam H HashTransformation derived class
template <class EC, class H = SHA1>
struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H>
{
};
// ******************************************
template <class EC>
class DL_PublicKey_ECGDSA;
template <class EC>
class DL_PrivateKey_ECGDSA;
/// \brief Elliptic Curve German DSA key for ISO/IEC 15946
/// \tparam EC elliptic curve field
/// \sa ECGDSA
/// \since Crypto++ 6.0
template <class EC>
class DL_PrivateKey_ECGDSA : public DL_PrivateKeyImpl<DL_GroupParameters_EC<EC> >
{
public:
typedef typename EC::Point Element;
virtual ~DL_PrivateKey_ECGDSA() {}
/// \brief Initialize an EC Private Key using {GP,x}
/// \param params group parameters
/// \param x the private exponent
/// \details This Initialize() function overload initializes a private key from existing parameters.
void Initialize(const DL_GroupParameters_EC<EC> ¶ms, const Integer &x)
{
this->AccessGroupParameters() = params;
this->SetPrivateExponent(x);
CRYPTOPP_ASSERT(x>=1 && x<=params.GetSubgroupOrder()-1);
}
/// \brief Initialize an EC Private Key using {EC,G,n,x}
/// \param ec the elliptic curve
/// \param G the base point
/// \param n the order of the base point
/// \param x the private exponent
/// \details This Initialize() function overload initializes a private key from existing parameters.
void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x)
{
this->AccessGroupParameters().Initialize(ec, G, n);
this->SetPrivateExponent(x);
CRYPTOPP_ASSERT(x>=1 && x<=this->AccessGroupParameters().GetSubgroupOrder()-1);
}
/// \brief Create an EC private key
/// \param rng a RandomNumberGenerator derived class
/// \param params the EC group parameters
/// \details This function overload of Initialize() creates a new private key because it
/// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
/// then use one of the other Initialize() overloads.
void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC<EC> ¶ms)
{this->GenerateRandom(rng, params);}
/// \brief Create an EC private key
/// \param rng a RandomNumberGenerator derived class
/// \param ec the elliptic curve
/// \param G the base point
/// \param n the order of the base point
/// \details This function overload of Initialize() creates a new private key because it
/// takes a RandomNumberGenerator() as a parameter. If you have an existing keypair,
/// then use one of the other Initialize() overloads.
void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n)
{this->GenerateRandom(rng, DL_GroupParameters_EC<EC>(ec, G, n));}
virtual void MakePublicKey(DL_PublicKey_ECGDSA<EC> &pub) const
{
const DL_GroupParameters<Element>& params = this->GetAbstractGroupParameters();
pub.AccessAbstractGroupParameters().AssignFrom(params);
const Integer &xInv = this->GetPrivateExponent().InverseMod(params.GetSubgroupOrder());
pub.SetPublicElement(params.ExponentiateBase(xInv));
CRYPTOPP_ASSERT(xInv.NotZero());
}
virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
{
return GetValueHelper<DL_PrivateKey_ECGDSA<EC>,
DL_PrivateKey_ECGDSA<EC> >(this, name, valueType, pValue).Assignable();
}
virtual void AssignFrom(const NameValuePairs &source)
{
AssignFromHelper<DL_PrivateKey_ECGDSA<EC>,
DL_PrivateKey_ECGDSA<EC> >(this, source);
}
// PKCS8PrivateKey
void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
void DEREncodePrivateKey(BufferedTransformation &bt) const;
};
/// \brief Elliptic Curve German DSA key for ISO/IEC 15946
/// \tparam EC elliptic curve field
/// \sa ECGDSA
/// \since Crypto++ 6.0
template <class EC>
class DL_PublicKey_ECGDSA : public DL_PublicKeyImpl<DL_GroupParameters_EC<EC> >
{
typedef DL_PublicKey_ECGDSA<EC> ThisClass;
public:
typedef typename EC::Point Element;
virtual ~DL_PublicKey_ECGDSA() {}
/// \brief Initialize an EC Public Key using {GP,Q}
/// \param params group parameters
/// \param Q the public point
/// \details This Initialize() function overload initializes a public key from existing parameters.
void Initialize(const DL_GroupParameters_EC<EC> ¶ms, const Element &Q)
{this->AccessGroupParameters() = params; this->SetPublicElement(Q);}
/// \brief Initialize an EC Public Key using {EC,G,n,Q}
/// \param ec the elliptic curve
/// \param G the base point
/// \param n the order of the base point
/// \param Q the public point
/// \details This Initialize() function overload initializes a public key from existing parameters.
void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q)
{this->AccessGroupParameters().Initialize(ec, G, n); this->SetPublicElement(Q);}
virtual void AssignFrom(const NameValuePairs &source)
{
DL_PrivateKey_ECGDSA<EC> *pPrivateKey = NULLPTR;
if (source.GetThisPointer(pPrivateKey))
pPrivateKey->MakePublicKey(*this);
else
{
this->AccessAbstractGroupParameters().AssignFrom(source);
AssignFromHelper(this, source)
CRYPTOPP_SET_FUNCTION_ENTRY(PublicElement);
}
}
// DL_PublicKey<T>
virtual void SetPublicElement(const Element &y)
{this->AccessPublicPrecomputation().SetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation(), y);}
// X509PublicKey
void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
void DEREncodePublicKey(BufferedTransformation &bt) const;
};
/// \brief Elliptic Curve German DSA keys for ISO/IEC 15946
/// \tparam EC elliptic curve field
/// \sa ECGDSA
/// \since Crypto++ 6.0
template <class EC>
struct DL_Keys_ECGDSA
{
typedef DL_PublicKey_ECGDSA<EC> PublicKey;
typedef DL_PrivateKey_ECGDSA<EC> PrivateKey;
};
/// \brief Elliptic Curve German DSA signature algorithm
/// \tparam EC elliptic curve field
/// \sa ECGDSA
/// \since Crypto++ 6.0
template <class EC>
class DL_Algorithm_ECGDSA : public DL_Algorithm_GDSA_ISO15946<typename EC::Point>
{
public:
CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECGDSA";}
};
/// \brief Elliptic Curve German Digital Signature Algorithm signature scheme
/// \tparam EC elliptic curve field
/// \tparam H HashTransformation derived class
/// \sa Erwin Hess, Marcus Schafheutle, and Pascale Serf <A
/// HREF="http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf">The Digital Signature Scheme
/// ECGDSA (October 24, 2006)</A>
/// \since Crypto++ 6.0
template <class EC, class H>
struct ECGDSA : public DL_SS<
DL_Keys_ECGDSA<EC>,
DL_Algorithm_ECGDSA<EC>,
DL_SignatureMessageEncodingMethod_DSA,
H>
{
static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string("ECGDSA-ISO15946/") + H::StaticAlgorithmName();}
};
// ******************************************
/// \brief Elliptic Curve Integrated Encryption Scheme
/// \tparam COFACTOR_OPTION cofactor multiplication option
/// \tparam HASH HashTransformation derived class used for key drivation and MAC computation
/// \tparam DHAES_MODE flag indicating if the MAC includes additional context parameters such as <em>u·V</em>, <em>v·U</em> and label
/// \tparam LABEL_OCTETS flag indicating if the label size is specified in octets or bits
/// \details ECIES is an Elliptic Curve based Integrated Encryption Scheme (IES). The scheme combines a Key Encapsulation
/// Method (KEM) with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is
/// <A HREF="http://en.wikipedia.org/wiki/ciphertext_indistinguishability">IND-CCA2</A>, which is a strong notion of security.
/// You should prefer an Integrated Encryption Scheme over homegrown schemes.
/// \details The library's original implementation is based on an early P1363 draft, which itself appears to be based on an early Certicom
/// SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used the early draft in its Integrated Ecryption
/// Schemes with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
/// \details If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the ECIES template class with
/// <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=false</tt> and <tt>LABEL_OCTETS=true</tt>.
/// \details If you desire an Integrated Encryption Scheme with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the ECIES
/// template class with <tt>NoCofactorMultiplication</tt>, <tt>DHAES_MODE=true</tt> and <tt>LABEL_OCTETS=false</tt>.
/// \details The default template parameters ensure compatibility with Bouncy Castle 1.54 and Botan 1.11. The combination of
/// <tt>IncompatibleCofactorMultiplication</tt> and <tt>DHAES_MODE=true</tt> is recommended for best efficiency and security.
/// SHA1 is used for compatibility reasons, but it can be changed if desired. SHA-256 or another hash will likely improve the
/// security provided by the MAC. The hash is also used in the key derivation function as a PRF.
/// \details Below is an example of constructing a Crypto++ 4.2 compatible ECIES encryptor and decryptor.
/// <pre>
/// AutoSeededRandomPool prng;
/// DL_PrivateKey_EC<ECP> key;
/// key.Initialize(prng, ASN1::secp160r1());
///
/// ECIES<ECP,SHA1,NoCofactorMultiplication,true,true>::Decryptor decryptor(key);
/// ECIES<ECP,SHA1,NoCofactorMultiplication,true,true>::Encryptor encryptor(decryptor);
/// </pre>
/// \sa DLIES, <a href="http://www.weidai.com/scan-mirror/ca.html#ECIES">Elliptic Curve Integrated Encryption Scheme (ECIES)</a>,
/// Martínez, Encinas, and Ávila's <A HREF="http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf">A Survey of the Elliptic
/// Curve Integrated Encryption Schemes</A>
/// \since Crypto++ 4.0, Crypto++ 5.7 for Bouncy Castle and Botan compatibility
template <class EC, class HASH = SHA1, class COFACTOR_OPTION = NoCofactorMultiplication, bool DHAES_MODE = true, bool LABEL_OCTETS = false>
struct ECIES
: public DL_ES<
DL_Keys_EC<EC>,
DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>,
DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, P1363_KDF2<HASH> >,
DL_EncryptionAlgorithm_Xor<HMAC<HASH>, DHAES_MODE, LABEL_OCTETS>,
ECIES<EC> >
{
// TODO: fix this after name is standardized
CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "ECIES";}
};
NAMESPACE_END
#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES
#include "eccrypto.cpp"
#endif
NAMESPACE_BEGIN(CryptoPP)
CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<ECP>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC<EC2N>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<ECP> >;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl<DL_GroupParameters_EC<EC2N> >;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<ECP>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC<EC2N>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_ECGDSA<ECP>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_ECGDSA<EC2N>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<ECP> >;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl<DL_GroupParameters_EC<EC2N> >;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<ECP>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC<EC2N>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_ECGDSA<ECP>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_ECGDSA<EC2N>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<ECP::Point>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA<EC2N::Point>;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<ECP>, ECDSA<ECP, SHA256> >;
CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_EC<EC2N>, ECDSA<EC2N, SHA256> >;
NAMESPACE_END
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
