SignatureMessageEncodingMethod;
96 | };
97 |
98 | NAMESPACE_END
99 |
100 | #endif
101 |
--------------------------------------------------------------------------------
/src-cryptopp/rng.h:
--------------------------------------------------------------------------------
1 | // rng.h - written and placed in the public domain by Wei Dai
2 |
3 | //! \file rng.h
4 | //! \brief Miscellaneous classes for RNGs
5 | //! \details This file contains miscellaneous classes for RNGs, including LC_RNG(),
6 | //! X917RNG() and MaurerRandomnessTest()
7 | //! \sa osrng.h, randpool.h
8 |
9 | #ifndef CRYPTOPP_RNG_H
10 | #define CRYPTOPP_RNG_H
11 |
12 | #include "cryptlib.h"
13 | #include "filters.h"
14 | #include "smartptr.h"
15 |
16 | NAMESPACE_BEGIN(CryptoPP)
17 |
18 | //! \brief Linear Congruential Generator (LCG)
19 | //! \details Originally propsed by William S. England.
20 | //! \warning LC_RNG is suitable for simulations, where uniformaly distrubuted numbers are
21 | //! required quickly. It should not be used for cryptographic purposes.
22 | class LC_RNG : public RandomNumberGenerator
23 | {
24 | public:
25 | //! \brief Construct a Linear Congruential Generator (LCG)
26 | //! \param init_seed the initial value for the generator
27 | LC_RNG(word32 init_seed)
28 | : seed(init_seed) {}
29 |
30 | void GenerateBlock(byte *output, size_t size);
31 |
32 | word32 GetSeed() {return seed;}
33 |
34 | private:
35 | word32 seed;
36 |
37 | static const word32 m;
38 | static const word32 q;
39 | static const word16 a;
40 | static const word16 r;
41 | };
42 |
43 | //! \class X917RNG
44 | //! \brief ANSI X9.17 RNG
45 | //! \details X917RNG is from ANSI X9.17 Appendix C, and it uses a 64-bit block cipher, like TripleDES.
46 | //! If you use a 128-bit block cipher, like AES, then you are effectively using an ANSI X9.31 generator.
47 | //! \sa AutoSeededX917RNG, DefaultAutoSeededRNG
48 | class CRYPTOPP_DLL X917RNG : public RandomNumberGenerator, public NotCopyable
49 | {
50 | public:
51 | //! \brief Construct a X917RNG
52 | //! \param cipher the block cipher to use for the generator
53 | //! \param seed a byte buffer to use as a seed
54 | //! \param deterministicTimeVector additional entropy
55 | //! \details cipher will be deleted by the destructor. seed must be at least
56 | //! BlockSize() in length. deterministicTimeVector = 0 means obtain time vector
57 | //! from the system.
58 | //! \details When constructing a X917RNG, the generator must be keyed or an access
59 | //! violation will occur because the time vector is encrypted using the block cipher.
60 | //! To key the generator during constructions, perform the following:
61 | //!
62 | //! SecByteBlock key(AES::DEFAULT_KEYLENGTH), seed(AES::BLOCKSIZE);
63 | //! OS_GenerateRandomBlock(false, key, key.size());
64 | //! OS_GenerateRandomBlock(false, seed, seed.size());
65 | //! X917RNG prng(new AES::Encryption(key, AES::DEFAULT_KEYLENGTH), seed, NULL);
66 | //! \sa AutoSeededX917RNG
67 | X917RNG(BlockTransformation *cipher, const byte *seed, const byte *deterministicTimeVector = 0);
68 |
69 | void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size);
70 |
71 | private:
72 | member_ptr m_cipher;
73 | const unsigned int m_size; // S, blocksize of cipher
74 | SecByteBlock m_datetime; // DT, buffer for enciphered timestamp
75 | SecByteBlock m_randseed, m_lastBlock, m_deterministicTimeVector;
76 | };
77 |
78 | //! \class MaurerRandomnessTest
79 | //! \brief Maurer's Universal Statistical Test for Random Bit Generators
80 | //! \details This class implements Maurer's Universal Statistical Test for
81 | //! Random Bit Generators. It is intended for measuring the randomness of
82 | //! *PHYSICAL* RNGs.
83 | //! \details For more details see Maurer's paper in Journal of Cryptology, 1992.
84 | class MaurerRandomnessTest : public Bufferless
85 | {
86 | public:
87 | //! \brief Contruct a MaurerRandomnessTest
88 | MaurerRandomnessTest();
89 |
90 | size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking);
91 |
92 | //! \brief Provides the number of bytes of input is needed by the test
93 | //! \returns how many more bytes of input is needed by the test
94 | // BytesNeeded() returns how many more bytes of input is needed by the test
95 | // GetTestValue() should not be called before BytesNeeded()==0
96 | unsigned int BytesNeeded() const {return n >= (Q+K) ? 0 : Q+K-n;}
97 |
98 | // returns a number between 0.0 and 1.0, describing the quality of the
99 | // random numbers entered
100 | double GetTestValue() const;
101 |
102 | private:
103 | enum {L=8, V=256, Q=2000, K=2000};
104 | double sum;
105 | unsigned int n;
106 | unsigned int tab[V];
107 | };
108 |
109 | NAMESPACE_END
110 |
111 | #endif
112 |
--------------------------------------------------------------------------------
/src-cryptopp/TestVectors/rsa_pkcs1_1_5.txt:
--------------------------------------------------------------------------------
1 | AlgorithmType: Signature
2 | Name: RSA/PKCS1-1.5(MD2)
3 | KeyFormat: DER
4 | Source: http://www.rsasecurity.com/rsalabs/pkcs/index.html, \
5 | Some Examples of the PKCS Standards
6 | PrivateKey: \
7 | 30 82 01 50\
8 | 02 01 00 #version = 0\
9 | 30 0d #privateKeyAlgorithmIdentifier\
10 | 06 09 #algorithm = rsaEncryption\
11 | 2a 86 48 86 f7 0d 01 01 01\
12 | 05 00 #parameters = NULL\
13 | 04 82 01 3a #privateKey = RSAPrivateKey encoding\
14 | 30 82 01 36\
15 | 02 01 00 #version = 0\
16 | 02 40 #modulus = n\
17 | 0a 66 79 1d c6 98 81 68 de 7a b7 74 19 bb 7f b0\
18 | c0 01 c6 27 10 27 00 75 14 29 42 e1 9a 8d 8c 51\
19 | d0 53 b3 e3 78 2a 1d e5 dc 5a f4 eb e9 94 68 17\
20 | 01 14 a1 df e6 7c dc 9a 9a f5 5d 65 56 20 bb ab\
21 | 02 03 01 00 01 #publicExponent = e\
22 | 02 40 #privateExponent = d\
23 | 01 23 c5 b6 1b a3 6e db 1d 36 79 90 41 99 a8 9e\
24 | a8 0c 09 b9 12 2e 14 00 c0 9a dc f7 78 46 76 d0\
25 | 1d 23 35 6a 7d 44 d6 bd 8b d5 0e 94 bf c7 23 fa\
26 | 87 d8 86 2b 75 17 76 91 c1 1d 75 76 92 df 88 81\
27 | 02 20 #prime1 = p\
28 | 33 d4 84 45 c8 59 e5 23 40 de 70 4b cd da 06 5f\
29 | bb 40 58 d7 40 bd 1d 67 d2 9e 9c 14 6c 11 cf 61\
30 | 02 20 #prime2 = q\
31 | 33 5e 84 08 86 6b 0f d3 8d c7 00 2d 3f 97 2c 67\
32 | 38 9a 65 d5 d8 30 65 66 d5 c4 f2 a5 aa 52 62 8b\
33 | 02 20 #exponent1 = d mod p-1\
34 | 04 5e c9 00 71 52 53 25 d3 d4 6d b7 96 95 e9 af\
35 | ac c4 52 39 64 36 0e 02 b1 19 ba a3 66 31 62 41\
36 | 02 20 #exponent2 = d mod q-1\
37 | 15 eb 32 73 60 c7 b6 0d 12 e5 e2 d1 6b dc d9 79\
38 | 81 d1 7f ba 6b 70 db 13 b2 0b 43 6e 24 ea da 59\
39 | 02 20 #coefficient = q-1 mod p\
40 | 2c a6 36 6d 72 78 1d fa 24 d3 4a 9a 24 cb c2 ae\
41 | 92 7a 99 58 af 42 65 63 ff 63 fb 11 65 8a 46 1d
42 | PublicKey: \
43 | 30 5b #subjectPublicKeyInfo\
44 | 30 0d #algorithm\
45 | 06 09 #algorithm = rsaEncryption\
46 | 2a 86 48 86 f7 0d 01 01 01\
47 | 05 00 #parameters = NULL\
48 | 03 4a #subjectPublicKey = RSAPublicKey encoding\
49 | 00\
50 | 30 47\
51 | 02 40 #modulus = n\
52 | 0a 66 79 1d c6 98 81 68 de 7a b7 74 19 bb 7f b0\
53 | c0 01 c6 27 10 27 00 75 14 29 42 e1 9a 8d 8c 51\
54 | d0 53 b3 e3 78 2a 1d e5 dc 5a f4 eb e9 94 68 17\
55 | 01 14 a1 df e6 7c dc 9a 9a f5 5d 65 56 20 bb ab\
56 | 02 03 01 00 01 #publicExponent = e
57 | Test: KeyPairValidAndConsistent
58 | Message: # "Everyone gets Friday off."\
59 | 45 76 65 72 79 6f 6e 65 20 67 65 74 73 20 46 72 69 64 61 79 20 6f 66 66 2e
60 | Signature: \
61 | 05fa6a812fc7df8bf4f2542509e03e84\
62 | 6e11b9c620be2009efb440efbcc66921\
63 | 6994ac04f341b57d05202d428fb2a27b\
64 | 5c77dfd9b15bfc3d559353503410c1e1
65 | Test: Verify
66 | Name: RSA/PKCS1-1.5(SHA-1)
67 | Source: generated by Wei Dai using Crypto++ 5.0
68 | Signature: 0610761F95FFD1B8F29DA34212947EC2AA0E358866A722F03CC3C41487ADC604A48FF54F5C6BEDB9FB7BD59F82D6E55D8F3174BA361B2214B2D74E8825E04E81
69 | Test: Verify
70 | Message: 00
71 | Test: NotVerify
72 |
73 | AlgorithmType: Signature
74 | Name: RSA/PKCS1-1.5(SHA-1)
75 | Source: http://islab.oregonstate.edu/emails/pkcs-tng-02/0152
76 | KeyFormat: Component
77 | Modulus: A885B6F851A8079AB8A281DB0297148511EE0D8C07C0D4AE6D6FED461488E0D41E3FF8F281B06A3240B5007A5C2AB4FB6BE8AF88F119DB998368DDDC9710ABED
78 | PublicExponent: 010001
79 | PrivateExponent: 2B259D2CA3DF851EE891F6F4678BDDFD9A131C95D3305C63D2723B4A5B9C960F5EC8BB7DCDDBEBD8B6A38767D64AD451E9383E0891E4EE7506100481F2B49323
80 | Prime1: D7103CD676E39824E2BE50B8E6533FE7CB7484348E283802AD2B8D00C80D19DF
81 | Prime2: C89996DC169CEB3F227958275968804D4BE9FC4012C3219662F1A438C9950BB3
82 | ModPrime1PrivateExponent: 5D8EA4C8AF83A70634D5920C3DB66D908AC3AF57A597FD75BC9BBB856181C185
83 | ModPrime2PrivateExponent: C598E54DAEC8ABC1E907769A6C2BD01653ED0C9960E1EDB7E186FDA922883A99
84 | MultiplicativeInverseOfPrime2ModPrime1: 7C6F27B5B51B78AD80FB36E700990CF307866F2943124CBD93D97C137794C104
85 | Test: KeyPairValidAndConsistent
86 | Source: generated by Wei Dai using Crypto++ 5.0
87 | Message: 74657374 # "test"
88 | Signature: A7E00CE4391F914D82158D9B732759808E25A1C6383FE87A5199157650D4296CF612E9FF809E686A0AF328238306E79965F6D0138138829D9A1A22764306F6CE
89 | Test: Verify
90 |
--------------------------------------------------------------------------------
/src-cryptopp/rw.h:
--------------------------------------------------------------------------------
1 | // rw.h - written and placed in the public domain by Wei Dai
2 |
3 | //! \file rw.h
4 | //! \brief Classes for Rabin-Williams signature scheme
5 | //! \details The implementation provides Rabin-Williams signature schemes as defined in
6 | //! IEEE P1363. It uses Bernstein's tweaked square roots in place of square roots to
7 | //! speedup calculations.
8 | //! \sa RSA signatures and Rabin–Williams
9 | //! signatures: the state of the art (20080131), Section 6, The tweaks e and f.
10 |
11 | #ifndef CRYPTOPP_RW_H
12 | #define CRYPTOPP_RW_H
13 |
14 | #include "cryptlib.h"
15 | #include "pubkey.h"
16 | #include "integer.h"
17 |
18 | NAMESPACE_BEGIN(CryptoPP)
19 |
20 | //! \class RWFunction
21 | //! \brief Rabin-Williams trapdoor function using the public key
22 | class CRYPTOPP_DLL RWFunction : public TrapdoorFunction, public PublicKey
23 | {
24 | typedef RWFunction ThisClass;
25 |
26 | public:
27 | void Initialize(const Integer &n)
28 | {m_n = n;}
29 |
30 | void BERDecode(BufferedTransformation &bt);
31 | void DEREncode(BufferedTransformation &bt) const;
32 |
33 | void Save(BufferedTransformation &bt) const
34 | {DEREncode(bt);}
35 | void Load(BufferedTransformation &bt)
36 | {BERDecode(bt);}
37 |
38 | Integer ApplyFunction(const Integer &x) const;
39 | Integer PreimageBound() const {return ++(m_n>>1);}
40 | Integer ImageBound() const {return m_n;}
41 |
42 | bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
43 | bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
44 | void AssignFrom(const NameValuePairs &source);
45 |
46 | const Integer& GetModulus() const {return m_n;}
47 | void SetModulus(const Integer &n) {m_n = n;}
48 |
49 | protected:
50 | Integer m_n;
51 | };
52 |
53 | //! \class InvertibleRWFunction
54 | //! \brief Rabin-Williams trapdoor function using the private key
55 | //! \since Tweaked roots using e and f since Crypto++ 5.6.4
56 | class CRYPTOPP_DLL InvertibleRWFunction : public RWFunction, public TrapdoorFunctionInverse, public PrivateKey
57 | {
58 | typedef InvertibleRWFunction ThisClass;
59 |
60 | public:
61 | InvertibleRWFunction() : m_precompute(false) {}
62 |
63 | void Initialize(const Integer &n, const Integer &p, const Integer &q, const Integer &u);
64 | // generate a random private key
65 | void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits)
66 | {GenerateRandomWithKeySize(rng, modulusBits);}
67 |
68 | void BERDecode(BufferedTransformation &bt);
69 | void DEREncode(BufferedTransformation &bt) const;
70 |
71 | void Save(BufferedTransformation &bt) const
72 | {DEREncode(bt);}
73 | void Load(BufferedTransformation &bt)
74 | {BERDecode(bt);}
75 |
76 | Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const;
77 |
78 | // GeneratibleCryptoMaterial
79 | bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
80 | bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
81 | void AssignFrom(const NameValuePairs &source);
82 | /*! parameters: (ModulusSize) */
83 | void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg);
84 |
85 | const Integer& GetPrime1() const {return m_p;}
86 | const Integer& GetPrime2() const {return m_q;}
87 | const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;}
88 |
89 | void SetPrime1(const Integer &p) {m_p = p;}
90 | void SetPrime2(const Integer &q) {m_q = q;}
91 | void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;}
92 |
93 | virtual bool SupportsPrecomputation() const {return true;}
94 | virtual void Precompute(unsigned int unused = 0) {CRYPTOPP_UNUSED(unused); PrecomputeTweakedRoots();}
95 | virtual void Precompute(unsigned int unused = 0) const {CRYPTOPP_UNUSED(unused); PrecomputeTweakedRoots();}
96 |
97 | virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation);
98 | virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const;
99 |
100 | protected:
101 | void PrecomputeTweakedRoots() const;
102 |
103 | protected:
104 | Integer m_p, m_q, m_u;
105 |
106 | mutable Integer m_pre_2_9p, m_pre_2_3q, m_pre_q_p;
107 | mutable bool m_precompute;
108 | };
109 |
110 | //! \class RW
111 | //! \brief Rabin-Williams algorithm
112 | struct RW
113 | {
114 | static std::string StaticAlgorithmName() {return "RW";}
115 | typedef RWFunction PublicKey;
116 | typedef InvertibleRWFunction PrivateKey;
117 | };
118 |
119 | //! \class RWSS
120 | //! \brief Rabin-Williams signature scheme
121 | template
122 | struct RWSS : public TF_SS
123 | {
124 | };
125 |
126 | NAMESPACE_END
127 |
128 | #endif
129 |
--------------------------------------------------------------------------------
/src-cryptopp/ccm.h:
--------------------------------------------------------------------------------
1 | // ccm.h - written and placed in the public domain by Wei Dai
2 |
3 | //! \file ccm.h
4 | //! \brief CCM block cipher mode of operation
5 | //! \since Crypto++ 5.6.0
6 |
7 | #ifndef CRYPTOPP_CCM_H
8 | #define CRYPTOPP_CCM_H
9 |
10 | #include "authenc.h"
11 | #include "modes.h"
12 |
13 | NAMESPACE_BEGIN(CryptoPP)
14 |
15 | //! \class CCM_Base
16 | //! \brief CCM block cipher base implementation
17 | //! \details Base implementation of the AuthenticatedSymmetricCipher interface
18 | //! \since Crypto++ 5.6.0
19 | class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CCM_Base : public AuthenticatedSymmetricCipherBase
20 | {
21 | public:
22 | CCM_Base()
23 | : m_digestSize(0), m_L(0), m_messageLength(0), m_aadLength(0) {}
24 |
25 | // AuthenticatedSymmetricCipher
26 | std::string AlgorithmName() const
27 | {return GetBlockCipher().AlgorithmName() + std::string("/CCM");}
28 | size_t MinKeyLength() const
29 | {return GetBlockCipher().MinKeyLength();}
30 | size_t MaxKeyLength() const
31 | {return GetBlockCipher().MaxKeyLength();}
32 | size_t DefaultKeyLength() const
33 | {return GetBlockCipher().DefaultKeyLength();}
34 | size_t GetValidKeyLength(size_t n) const
35 | {return GetBlockCipher().GetValidKeyLength(n);}
36 | bool IsValidKeyLength(size_t n) const
37 | {return GetBlockCipher().IsValidKeyLength(n);}
38 | unsigned int OptimalDataAlignment() const
39 | {return GetBlockCipher().OptimalDataAlignment();}
40 | IV_Requirement IVRequirement() const
41 | {return UNIQUE_IV;}
42 | unsigned int IVSize() const
43 | {return 8;}
44 | unsigned int MinIVLength() const
45 | {return 7;}
46 | unsigned int MaxIVLength() const
47 | {return 13;}
48 | unsigned int DigestSize() const
49 | {return m_digestSize;}
50 | lword MaxHeaderLength() const
51 | {return W64LIT(0)-1;}
52 | lword MaxMessageLength() const
53 | {return m_L<8 ? (W64LIT(1)<<(8*m_L))-1 : W64LIT(0)-1;}
54 | bool NeedsPrespecifiedDataLengths() const
55 | {return true;}
56 | void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength);
57 |
58 | protected:
59 | // AuthenticatedSymmetricCipherBase
60 | bool AuthenticationIsOnPlaintext() const
61 | {return true;}
62 | unsigned int AuthenticationBlockSize() const
63 | {return GetBlockCipher().BlockSize();}
64 | void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms);
65 | void Resync(const byte *iv, size_t len);
66 | size_t AuthenticateBlocks(const byte *data, size_t len);
67 | void AuthenticateLastHeaderBlock();
68 | void AuthenticateLastConfidentialBlock();
69 | void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
70 | SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}
71 |
72 | virtual BlockCipher & AccessBlockCipher() =0;
73 | virtual int DefaultDigestSize() const =0;
74 |
75 | const BlockCipher & GetBlockCipher() const {return const_cast(this)->AccessBlockCipher();};
76 | byte *CBC_Buffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
77 |
78 | enum {REQUIRED_BLOCKSIZE = 16};
79 | int m_digestSize, m_L;
80 | word64 m_messageLength, m_aadLength;
81 | CTR_Mode_ExternalCipher::Encryption m_ctr;
82 | };
83 |
84 | //! \class CCM_Final
85 | //! \brief CCM block cipher final implementation
86 | //! \tparam T_BlockCipher block cipher
87 | //! \tparam T_DefaultDigestSize default digest size, in bytes
88 | //! \tparam T_IsEncryption direction in which to operate the cipher
89 | //! \since Crypto++ 5.6.0
90 | template
91 | class CCM_Final : public CCM_Base
92 | {
93 | public:
94 | static std::string StaticAlgorithmName()
95 | {return T_BlockCipher::StaticAlgorithmName() + std::string("/CCM");}
96 | bool IsForwardTransformation() const
97 | {return T_IsEncryption;}
98 |
99 | private:
100 | BlockCipher & AccessBlockCipher() {return m_cipher;}
101 | int DefaultDigestSize() const {return T_DefaultDigestSize;}
102 | typename T_BlockCipher::Encryption m_cipher;
103 | };
104 |
105 | //! \class CCM
106 | //! \brief CCM block cipher mode of operation
107 | //! \tparam T_BlockCipher block cipher
108 | //! \tparam T_DefaultDigestSize default digest size, in bytes
109 | //! \details \p CCM provides the \p Encryption and \p Decryption typedef. See GCM_Base
110 | //! and GCM_Final for the AuthenticatedSymmetricCipher implementation.
111 | //! \sa CCM at the Crypto Lounge
112 | //! \since Crypto++ 5.6.0
113 | template
114 | struct CCM : public AuthenticatedSymmetricCipherDocumentation
115 | {
116 | typedef CCM_Final Encryption;
117 | typedef CCM_Final Decryption;
118 | };
119 |
120 | NAMESPACE_END
121 |
122 | #endif
123 |
--------------------------------------------------------------------------------