Main Page   Class Hierarchy   Alphabetical List   Compound List   File List   Compound Members   File Members  

dh.cpp

00001 // dh.cpp - written and placed in the public domain by Wei Dai
00002 
00003 #include "pch.h"
00004 #include "dh.h"
00005 #include "asn.h"
00006 #include "nbtheory.h"
00007 
00008 NAMESPACE_BEGIN(CryptoPP)
00009 
00010 DH::DH(const Integer &p, const Integer &g)
00011         : p(p), g(g), gpc(p, g)
00012 {
00013 }
00014 
00015 DH::DH(RandomNumberGenerator &rng, unsigned int pbits)
00016 {
00017         PrimeAndGenerator pg(1, rng, pbits);
00018         p = pg.Prime();
00019         g = pg.Generator();
00020         gpc.SetModulusAndBase(p, g);
00021 }
00022 
00023 DH::DH(BufferedTransformation &bt)
00024 {
00025         BERSequenceDecoder seq(bt);
00026         p.BERDecode(seq);
00027         g.BERDecode(seq);
00028         seq.MessageEnd();
00029 
00030         gpc.SetModulusAndBase(p, g);
00031 }
00032 
00033 void DH::DEREncode(BufferedTransformation &bt) const
00034 {
00035         DERSequenceEncoder seq(bt);
00036         p.DEREncode(seq);
00037         g.DEREncode(seq);
00038         seq.MessageEnd();
00039 }
00040 
00041 void DH::Precompute(unsigned int precomputationStorage)
00042 {
00043         gpc.Precompute(ExponentBitLength(), precomputationStorage);
00044 }
00045 
00046 void DH::LoadPrecomputation(BufferedTransformation &bt)
00047 {
00048         gpc.Load(bt);
00049 }
00050 
00051 void DH::SavePrecomputation(BufferedTransformation &bt) const
00052 {
00053         gpc.Save(bt);
00054 }
00055 
00056 bool DH::ValidateDomainParameters(RandomNumberGenerator &rng) const
00057 {
00058         return VerifyPrime(rng, p) && VerifyPrime(rng, (p-1)/2) && g > 1 && g < p && Jacobi(g, p) == 1;
00059 }
00060 
00061 void DH::GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
00062 {
00063         Integer x(rng, ExponentBitLength());
00064         Integer y = gpc.Exponentiate(x);
00065         x.Encode(privateKey, PrivateKeyLength());
00066         y.Encode(publicKey, PublicKeyLength());
00067 }
00068 
00069 bool DH::Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey) const
00070 {
00071         Integer w(otherPublicKey, PublicKeyLength());
00072         // verifying that Jacobi(w, p) == 1 is omitted because it's too costly
00073         // and at most 1 bit is leaked if it's false
00074         if (validateOtherPublicKey && !(w > 1 && w < p))
00075                 return false;
00076 
00077         Integer s(privateKey, PrivateKeyLength());
00078         Integer z = a_exp_b_mod_c(w, s, p);
00079         z.Encode(agreedValue, AgreedValueLength());
00080         return true;
00081 }
00082 
00083 unsigned int DH::ExponentBitLength() const
00084 {
00085         return 2*DiscreteLogWorkFactor(p.BitCount());
00086 }
00087 
00088 NAMESPACE_END
Generated at Mon Jan 15 01:16:30 2001 for Crypto++ by doxygen1.2.4 written by Dimitri van Heesch, © 1997-2000