8#include <botan/elgamal.h>
10#include <botan/internal/blinding.h>
11#include <botan/internal/dl_scheme.h>
12#include <botan/internal/keypair.h>
13#include <botan/internal/monty_exp.h>
14#include <botan/internal/pk_ops_impl.h>
18ElGamal_PublicKey::ElGamal_PublicKey(
const DL_Group& group,
const BigInt& y) {
19 m_public_key = std::make_shared<DL_PublicKey>(group, y);
22ElGamal_PublicKey::ElGamal_PublicKey(
const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits) {
27 return m_public_key->estimated_strength();
31 return m_public_key->p_bits();
39 return m_public_key->DER_encode();
43 return m_public_key->get_int_field(
algo_name(), field);
47 return std::make_unique<ElGamal_PrivateKey>(rng, m_public_key->group());
51 return m_public_key->check_key(rng, strong);
55 m_private_key = std::make_shared<DL_PrivateKey>(group, rng);
56 m_public_key = m_private_key->public_key();
60 m_private_key = std::make_shared<DL_PrivateKey>(group, x);
61 m_public_key = m_private_key->public_key();
66 m_public_key = m_private_key->public_key();
74 return m_private_key->get_int_field(
algo_name(), field);
78 return m_private_key->DER_encode();
82 return m_private_key->raw_private_key_bits();
86 if(!m_private_key->check_key(rng, strong)) {
100 ElGamal_Encryption_Operation(
const std::shared_ptr<const DL_PublicKey>& key, std::string_view eme) :
101 PK_Ops::Encryption_with_EME(eme), m_key(key) {
102 const size_t powm_window = 4;
103 m_monty_y_p =
monty_precompute(m_key->group().monty_params_p(), m_key->public_key(), powm_window);
106 size_t ciphertext_length(
size_t )
const override {
return 2 * m_key->group().p_bytes(); }
108 size_t max_ptext_input_bits()
const override {
return m_key->group().p_bits() - 1; }
110 secure_vector<uint8_t> raw_encrypt(
const uint8_t msg[],
size_t msg_len, RandomNumberGenerator& rng)
override;
113 std::shared_ptr<const DL_PublicKey> m_key;
114 std::shared_ptr<const Montgomery_Exponentation_State> m_monty_y_p;
117secure_vector<uint8_t> ElGamal_Encryption_Operation::raw_encrypt(
const uint8_t msg[],
119 RandomNumberGenerator& rng) {
120 BigInt m(msg, msg_len);
122 const auto& group = m_key->group();
124 if(m >= group.get_p()) {
125 throw Invalid_Argument(
"ElGamal encryption: Input is too large");
136 const size_t k_bits = group.p_bits() - 1;
137 const BigInt k(rng, k_bits,
false);
139 const BigInt a = group.power_g_p(k, k_bits);
140 const BigInt b = group.multiply_mod_p(m,
monty_execute(*m_monty_y_p, k, k_bits));
142 return BigInt::encode_fixed_length_int_pair(a, b, group.p_bytes());
148class ElGamal_Decryption_Operation
final :
public PK_Ops::Decryption_with_EME {
150 ElGamal_Decryption_Operation(
const std::shared_ptr<const DL_PrivateKey>& key,
151 std::string_view eme,
152 RandomNumberGenerator& rng) :
153 PK_Ops::Decryption_with_EME(eme),
156 m_key->group().get_p(),
158 [](const BigInt& k) {
return k; },
159 [
this](
const BigInt& k) {
return powermod_x_p(k); }) {}
161 size_t plaintext_length(
size_t )
const override {
return m_key->group().p_bytes(); }
163 secure_vector<uint8_t> raw_decrypt(
const uint8_t msg[],
size_t msg_len)
override;
166 BigInt powermod_x_p(
const BigInt& v)
const {
return m_key->group().power_b_p(v, m_key->private_key()); }
168 std::shared_ptr<const DL_PrivateKey> m_key;
172secure_vector<uint8_t> ElGamal_Decryption_Operation::raw_decrypt(
const uint8_t msg[],
size_t msg_len) {
173 const auto& group = m_key->group();
175 const size_t p_bytes = group.p_bytes();
177 if(msg_len != 2 * p_bytes) {
178 throw Invalid_Argument(
"ElGamal decryption: Invalid message");
181 BigInt a(msg, p_bytes);
182 const BigInt b(msg + p_bytes, p_bytes);
184 if(a >= group.get_p() || b >= group.get_p()) {
185 throw Invalid_Argument(
"ElGamal decryption: Invalid message");
188 a = m_blinder.
blind(a);
190 const BigInt r = group.multiply_mod_p(group.inverse_mod_p(powermod_x_p(a)), b);
192 return BigInt::encode_1363(m_blinder.
unblind(r), p_bytes);
198 std::string_view params,
199 std::string_view provider)
const {
200 if(provider ==
"base" || provider.empty()) {
201 return std::make_unique<ElGamal_Encryption_Operation>(this->m_public_key, params);
207 std::string_view params,
208 std::string_view provider)
const {
209 if(provider ==
"base" || provider.empty()) {
210 return std::make_unique<ElGamal_Decryption_Operation>(this->m_private_key, params, rng);
virtual OID object_identifier() const
BigInt blind(const BigInt &x) const
BigInt unblind(const BigInt &x) const
std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
secure_vector< uint8_t > private_key_bits() const override
const BigInt & get_int_field(std::string_view field) const override
std::unique_ptr< Public_Key > public_key() const override
secure_vector< uint8_t > raw_private_key_bits() const override
bool check_key(RandomNumberGenerator &rng, bool) const override
std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
const BigInt & get_int_field(std::string_view field) const override
std::vector< uint8_t > public_key_bits() const override
friend class ElGamal_PrivateKey
size_t estimated_strength() const override
bool check_key(RandomNumberGenerator &rng, bool strong) const override
AlgorithmIdentifier algorithm_identifier() const override
size_t key_length() const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
std::string algo_name() const override
int(* final)(unsigned char *, CTX *)
bool encryption_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, std::string_view padding)
std::vector< T, secure_allocator< T > > secure_vector
BigInt monty_execute(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute(const std::shared_ptr< const Montgomery_Params > ¶ms, const BigInt &g, size_t window_bits, bool const_time)