doxygen/elgamal_8cpp_source.html

 /*
 * ElGamal
 * (C) 1999-2007,2018 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

 #include <botan/elgamal.h>
 #include <botan/internal/pk_ops_impl.h>
 #include <botan/keypair.h>
 #include <botan/reducer.h>
 #include <botan/blinding.h>
 #include <botan/pow_mod.h>

 namespace Botan {

 /*
 * ElGamal_PublicKey Constructor
 */
 ElGamal_PublicKey::ElGamal_PublicKey(const DL_Group& group, const BigInt& y) :
    DL_Scheme_PublicKey(group, y)
    {
    }

 /*
 * ElGamal_PrivateKey Constructor
 */
 ElGamal_PrivateKey::ElGamal_PrivateKey(RandomNumberGenerator& rng,
                                        const DL_Group& group,
                                        const BigInt& x)
    {
    m_x = x;
    m_group = group;

    if(m_x.is_zero())
       {
       const size_t exp_bits = m_group.exponent_bits();
       m_x.randomize(rng, exp_bits);
       m_y = m_group.power_g_p(m_x, exp_bits);
       }
    else
       {
       m_y = m_group.power_g_p(m_x, m_group.p_bits());
       }
    }

 ElGamal_PrivateKey::ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id,
                                        const secure_vector<uint8_t>& key_bits) :
    DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42)
    {
    m_y = m_group.power_g_p(m_x, m_group.p_bits());
    }

 /*
 * Check Private ElGamal Parameters
 */
 bool ElGamal_PrivateKey::check_key(RandomNumberGenerator& rng,
                                    bool strong) const
    {
    if(!DL_Scheme_PrivateKey::check_key(rng, strong))
       return false;

    if(!strong)
       return true;

    return KeyPair::encryption_consistency_check(rng, *this, "EME1(SHA-256)");
    }

 namespace {

 /**
 * ElGamal encryption operation
 */
 class ElGamal_Encryption_Operation final : public PK_Ops::Encryption_with_EME
    {
    public:

       size_t ciphertext_length(size_t) const override { return 2*m_group.p_bytes(); }

       size_t max_raw_input_bits() const override { return m_group.p_bits() - 1; }

       ElGamal_Encryption_Operation(const ElGamal_PublicKey& key, const std::string& eme);

       secure_vector<uint8_t> raw_encrypt(const uint8_t msg[], size_t msg_len,
                                       RandomNumberGenerator& rng) override;

    private:
       const DL_Group m_group;
       Fixed_Base_Power_Mod m_powermod_y_p;
    };

 ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicKey& key,
                                                            const std::string& eme) :
    PK_Ops::Encryption_with_EME(eme),
    m_group(key.get_group()),
    m_powermod_y_p(key.get_y(), m_group.get_p())
    {
    }

 secure_vector<uint8_t>
 ElGamal_Encryption_Operation::raw_encrypt(const uint8_t msg[], size_t msg_len,
                                           RandomNumberGenerator& rng)
    {
    BigInt m(msg, msg_len);

    if(m >= m_group.get_p())
       throw Invalid_Argument("ElGamal encryption: Input is too large");

    const size_t k_bits = m_group.exponent_bits();
    const BigInt k(rng, k_bits);

    const BigInt a = m_group.power_g_p(k, k_bits);
    const BigInt b = m_group.multiply_mod_p(m, m_powermod_y_p(k));

    return BigInt::encode_fixed_length_int_pair(a, b, m_group.p_bytes());
    }

 /**
 * ElGamal decryption operation
 */
 class ElGamal_Decryption_Operation final : public PK_Ops::Decryption_with_EME
    {
    public:

       ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key,
                                    const std::string& eme,
                                    RandomNumberGenerator& rng);

       size_t plaintext_length(size_t) const override { return m_group.p_bytes(); }

       secure_vector<uint8_t> raw_decrypt(const uint8_t msg[], size_t msg_len) override;
    private:
       const DL_Group m_group;
       Fixed_Exponent_Power_Mod m_powermod_x_p;
       Blinder m_blinder;
    };

 ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key,
                                                            const std::string& eme,
                                                            RandomNumberGenerator& rng) :
    PK_Ops::Decryption_with_EME(eme),
    m_group(key.get_group()),
    m_powermod_x_p(key.get_x(), m_group.get_p()),
    m_blinder(m_group.get_p(),
              rng,
              [](const BigInt& k) { return k; },
              [this](const BigInt& k) { return m_powermod_x_p(k); })
    {
    }

 secure_vector<uint8_t>
 ElGamal_Decryption_Operation::raw_decrypt(const uint8_t msg[], size_t msg_len)
    {
    const size_t p_bytes = m_group.p_bytes();

    if(msg_len != 2 * p_bytes)
       throw Invalid_Argument("ElGamal decryption: Invalid message");

    BigInt a(msg, p_bytes);
    const BigInt b(msg + p_bytes, p_bytes);

    if(a >= m_group.get_p() || b >= m_group.get_p())
       throw Invalid_Argument("ElGamal decryption: Invalid message");

    a = m_blinder.blind(a);

    const BigInt r = m_group.multiply_mod_p(m_group.inverse_mod_p(m_powermod_x_p(a)), b);

    return BigInt::encode_1363(m_blinder.unblind(r), p_bytes);
    }

 }

 std::unique_ptr<PK_Ops::Encryption>
 ElGamal_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/,
                                         const std::string& params,
                                         const std::string& provider) const
    {
    if(provider == "base" || provider.empty())
       return std::unique_ptr<PK_Ops::Encryption>(new ElGamal_Encryption_Operation(*this, params));
    throw Provider_Not_Found(algo_name(), provider);
    }

 std::unique_ptr<PK_Ops::Decryption>
 ElGamal_PrivateKey::create_decryption_op(RandomNumberGenerator& rng,
                                          const std::string& params,
                                          const std::string& provider) const
    {
    if(provider == "base" || provider.empty())
       return std::unique_ptr<PK_Ops::Decryption>(new ElGamal_Decryption_Operation(*this, params, rng));
    throw Provider_Not_Found(algo_name(), provider);
    }

 }
Botan::DL_Scheme_PrivateKey
Definition: dl_algo.h:103

Botan::DL_Group::p_bytes
size_t p_bytes() const
Definition: dl_group.cpp:441

Botan::DL_Scheme_PrivateKey::m_x
BigInt m_x
Definition: dl_algo.h:135

Botan::BigInt
Definition: bigint.h:25

Botan::DL_Group::multiply_mod_p
BigInt multiply_mod_p(const BigInt &x, const BigInt &y) const
Definition: dl_group.cpp:479

Botan::RandomNumberGenerator
Definition: rng.h:24

Botan::ElGamal_PrivateKey::ElGamal_PrivateKey
ElGamal_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
Definition: elgamal.cpp:47

Botan::BigInt::randomize
void randomize(RandomNumberGenerator &rng, size_t bitsize, bool set_high_bit=true)
Definition: big_rand.cpp:17

Botan::ElGamal_PrivateKey::check_key
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition: elgamal.cpp:57

Botan::DL_Group::power_g_p
BigInt power_g_p(const BigInt &x) const
Definition: dl_group.cpp:520

final
int(* final)(unsigned char *, CTX *)
Definition: commoncrypto_hash.cpp:28

Botan::BigInt::is_zero
bool is_zero() const
Definition: bigint.h:420

Botan::DL_Scheme_PublicKey
Definition: dl_algo.h:19

Botan::KeyPair::encryption_consistency_check
bool encryption_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, const std::string &padding)
Definition: keypair.cpp:19

Botan::Blinder::unblind
BigInt unblind(const BigInt &x) const
Definition: blinding.cpp:58

Botan::DL_Group
Definition: dl_group.h:23

Botan::DL_Group::get_p
const BigInt & get_p() const
Definition: dl_group.cpp:410

Botan::DL_Group::exponent_bits
size_t exponent_bits() const
Definition: dl_group.cpp:463

Botan::DL_Scheme_PublicKey::m_group
DL_Group m_group
Definition: dl_algo.h:97

Botan::DL_Scheme_PublicKey::m_y
BigInt m_y
Definition: dl_algo.h:92

Botan::ElGamal_PublicKey::create_encryption_op
std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: elgamal.cpp:175

Botan::ElGamal_PrivateKey::create_decryption_op
std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: elgamal.cpp:185

Botan
Definition: alg_id.cpp:13

Botan::ElGamal_PublicKey::ElGamal_PublicKey
ElGamal_PublicKey()=default

Botan::PK_Ops::Encryption_with_EME
Definition: pk_ops_impl.h:20

Botan::DL_Group::p_bits
size_t p_bits() const
Definition: dl_group.cpp:436

Botan::Blinder::blind
BigInt blind(const BigInt &x) const
Definition: blinding.cpp:35

m_blinder
Blinder m_blinder
Definition: rsa.cpp:298

Botan::DL_Group::inverse_mod_p
BigInt inverse_mod_p(const BigInt &x) const
Definition: dl_group.cpp:468

Botan::DL_Scheme_PrivateKey::check_key
bool check_key(RandomNumberGenerator &rng, bool) const override
Definition: dl_algo.cpp:78

Botan::AlgorithmIdentifier
Definition: alg_id.h:21

Botan::BigInt::encode_1363
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:123

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65

Botan::Provider_Not_Found
Definition: exceptn.h:259

Botan::BigInt::encode_fixed_length_int_pair
static secure_vector< uint8_t > encode_fixed_length_int_pair(const BigInt &n1, const BigInt &n2, size_t bytes)
Definition: big_code.cpp:144

Botan::ElGamal_PublicKey::algo_name
std::string algo_name() const override
Definition: elgamal.h:21