path: root/cryptopp562/gfpcrypt.cpp
diff options
authorMalfurious <>2024-10-21 11:09:00 -0400
committerMalfurious <>2024-10-24 06:41:41 -0400
commit5494fc310acf0aabb9d828451331e44483eb21c7 (patch)
tree77280a586d52470fca89b9ed73f5f1faaf7907c6 /cryptopp562/gfpcrypt.cpp
parent428471d39fb8c205a9fad899c88c30a2cb7df685 (diff)
Remove Crypto++ library
The tracked version of Crypto++ is going on 10 years old and doesn't always compile properly on modern tooling. This removes the entire subdirectory as well as references to files in the build script. Due to the number of files touched by this commit, I opt to add its replacement in the next commit. Signed-off-by: Malfurious <>
Diffstat (limited to 'cryptopp562/gfpcrypt.cpp')
1 files changed, 0 insertions, 273 deletions
diff --git a/cryptopp562/gfpcrypt.cpp b/cryptopp562/gfpcrypt.cpp
deleted file mode 100644
index e293fc5..0000000
--- a/cryptopp562/gfpcrypt.cpp
+++ /dev/null
@@ -1,273 +0,0 @@
-// dsa.cpp - written and placed in the public domain by Wei Dai
-#include "pch.h"
-#include "gfpcrypt.h"
-#include "asn.h"
-#include "oids.h"
-#include "nbtheory.h"
-void TestInstantiations_gfpcrypt()
- GDSA<SHA>::Signer test;
- GDSA<SHA>::Verifier test1;
- DSA::Signer test5(NullRNG(), 100);
- DSA::Signer test2(test5);
- NR<SHA>::Signer test3;
- NR<SHA>::Verifier test4;
- DLIES<>::Encryptor test6;
- DLIES<>::Decryptor test7;
-void DL_GroupParameters_DSA::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
- Integer p, q, g;
- if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g))
- {
- q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2);
- Initialize(p, q, g);
- }
- else
- {
- int modulusSize = 1024, defaultSubgroupOrderSize;
- alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
- switch (modulusSize)
- {
- case 1024:
- defaultSubgroupOrderSize = 160;
- break;
- case 2048:
- defaultSubgroupOrderSize = 224;
- break;
- case 3072:
- defaultSubgroupOrderSize = 256;
- break;
- default:
- throw InvalidArgument("DSA: not a valid prime length");
- }
- DL_GroupParameters_GFP::GenerateRandom(rng, CombinedNameValuePairs(alg, MakeParameters(Name::SubgroupOrderSize(), defaultSubgroupOrderSize, false)));
- }
-bool DL_GroupParameters_DSA::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
- bool pass = DL_GroupParameters_GFP::ValidateGroup(rng, level);
- int pSize = GetModulus().BitCount(), qSize = GetSubgroupOrder().BitCount();
- pass = pass && ((pSize==1024 && qSize==160) || (pSize==2048 && qSize==224) || (pSize==2048 && qSize==256) || (pSize==3072 && qSize==256));
- return pass;
-void DL_SignatureMessageEncodingMethod_DSA::ComputeMessageRepresentative(RandomNumberGenerator &rng,
- const byte *recoverableMessage, size_t recoverableMessageLength,
- HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
- byte *representative, size_t representativeBitLength) const
- assert(recoverableMessageLength == 0);
- assert(hashIdentifier.second == 0);
- const size_t representativeByteLength = BitsToBytes(representativeBitLength);
- const size_t digestSize = hash.DigestSize();
- const size_t paddingLength = SaturatingSubtract(representativeByteLength, digestSize);
- memset(representative, 0, paddingLength);
- hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize));
- if (digestSize*8 > representativeBitLength)
- {
- Integer h(representative, representativeByteLength);
- h >>= representativeByteLength*8 - representativeBitLength;
- h.Encode(representative, representativeByteLength);
- }
-void DL_SignatureMessageEncodingMethod_NR::ComputeMessageRepresentative(RandomNumberGenerator &rng,
- const byte *recoverableMessage, size_t recoverableMessageLength,
- HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
- byte *representative, size_t representativeBitLength) const
- assert(recoverableMessageLength == 0);
- assert(hashIdentifier.second == 0);
- const size_t representativeByteLength = BitsToBytes(representativeBitLength);
- const size_t digestSize = hash.DigestSize();
- const size_t paddingLength = SaturatingSubtract(representativeByteLength, digestSize);
- memset(representative, 0, paddingLength);
- hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize));
- if (digestSize*8 >= representativeBitLength)
- {
- Integer h(representative, representativeByteLength);
- h >>= representativeByteLength*8 - representativeBitLength + 1;
- h.Encode(representative, representativeByteLength);
- }
-bool DL_GroupParameters_IntegerBased::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
- const Integer &p = GetModulus(), &q = GetSubgroupOrder();
- bool pass = true;
- pass = pass && p > Integer::One() && p.IsOdd();
- pass = pass && q > Integer::One() && q.IsOdd();
- if (level >= 1)
- pass = pass && GetCofactor() > Integer::One() && GetGroupOrder() % q == Integer::Zero();
- if (level >= 2)
- pass = pass && VerifyPrime(rng, q, level-2) && VerifyPrime(rng, p, level-2);
- return pass;
-bool DL_GroupParameters_IntegerBased::ValidateElement(unsigned int level, const Integer &g, const DL_FixedBasePrecomputation<Integer> *gpc) const
- const Integer &p = GetModulus(), &q = GetSubgroupOrder();
- bool pass = true;
- pass = pass && GetFieldType() == 1 ? g.IsPositive() : g.NotNegative();
- pass = pass && g < p && !IsIdentity(g);
- if (level >= 1)
- {
- if (gpc)
- pass = pass && gpc->Exponentiate(GetGroupPrecomputation(), Integer::One()) == g;
- }
- if (level >= 2)
- {
- if (GetFieldType() == 2)
- pass = pass && Jacobi(g*g-4, p)==-1;
- // verifying that Lucas((p+1)/2, w, p)==2 is omitted because it's too costly
- // and at most 1 bit is leaked if it's false
- bool fullValidate = (GetFieldType() == 2 && level >= 3) || !FastSubgroupCheckAvailable();
- if (fullValidate && pass)
- {
- Integer gp = gpc ? gpc->Exponentiate(GetGroupPrecomputation(), q) : ExponentiateElement(g, q);
- pass = pass && IsIdentity(gp);
- }
- else if (GetFieldType() == 1)
- pass = pass && Jacobi(g, p) == 1;
- }
- return pass;
-void DL_GroupParameters_IntegerBased::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
- Integer p, q, g;
- if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g))
- {
- q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2);
- }
- else
- {
- int modulusSize, subgroupOrderSize;
- if (!alg.GetIntValue("ModulusSize", modulusSize))
- modulusSize = alg.GetIntValueWithDefault("KeySize", 2048);
- if (!alg.GetIntValue("SubgroupOrderSize", subgroupOrderSize))
- subgroupOrderSize = GetDefaultSubgroupOrderSize(modulusSize);
- PrimeAndGenerator pg;
- pg.Generate(GetFieldType() == 1 ? 1 : -1, rng, modulusSize, subgroupOrderSize);
- p = pg.Prime();
- q = pg.SubPrime();
- g = pg.Generator();
- }
- Initialize(p, q, g);
-Integer DL_GroupParameters_IntegerBased::DecodeElement(const byte *encoded, bool checkForGroupMembership) const
- Integer g(encoded, GetModulus().ByteCount());
- if (!ValidateElement(1, g, NULL))
- throw DL_BadElement();
- return g;
-void DL_GroupParameters_IntegerBased::BERDecode(BufferedTransformation &bt)
- BERSequenceDecoder parameters(bt);
- Integer p(parameters);
- Integer q(parameters);
- Integer g;
- if (parameters.EndReached())
- {
- g = q;
- q = ComputeGroupOrder(p) / 2;
- }
- else
- g.BERDecode(parameters);
- parameters.MessageEnd();
- SetModulusAndSubgroupGenerator(p, g);
- SetSubgroupOrder(q);
-void DL_GroupParameters_IntegerBased::DEREncode(BufferedTransformation &bt) const
- DERSequenceEncoder parameters(bt);
- GetModulus().DEREncode(parameters);
- m_q.DEREncode(parameters);
- GetSubgroupGenerator().DEREncode(parameters);
- parameters.MessageEnd();
-bool DL_GroupParameters_IntegerBased::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
- return GetValueHelper<DL_GroupParameters<Element> >(this, name, valueType, pValue)
-void DL_GroupParameters_IntegerBased::AssignFrom(const NameValuePairs &source)
- AssignFromHelper(this, source)
- CRYPTOPP_SET_FUNCTION_ENTRY2(Modulus, SubgroupGenerator)
- ;
-OID DL_GroupParameters_IntegerBased::GetAlgorithmID() const
- return ASN1::id_dsa();
-void DL_GroupParameters_GFP::SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const
- ModularArithmetic ma(GetModulus());
- ma.SimultaneousExponentiate(results, base, exponents, exponentsCount);
-DL_GroupParameters_GFP::Element DL_GroupParameters_GFP::MultiplyElements(const Element &a, const Element &b) const
- return a_times_b_mod_c(a, b, GetModulus());
-DL_GroupParameters_GFP::Element DL_GroupParameters_GFP::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const
- ModularArithmetic ma(GetModulus());
- return ma.CascadeExponentiate(element1, exponent1, element2, exponent2);
-Integer DL_GroupParameters_IntegerBased::GetMaxExponent() const
- return STDMIN(GetSubgroupOrder()-1, Integer::Power2(2*DiscreteLogWorkFactor(GetFieldType()*GetModulus().BitCount())));
-unsigned int DL_GroupParameters_IntegerBased::GetDefaultSubgroupOrderSize(unsigned int modulusSize) const
- return 2*DiscreteLogWorkFactor(GetFieldType()*modulusSize);