8#include <botan/elgamal.h>
10#include <botan/internal/blinding.h>
11#include <botan/internal/dl_scheme.h>
12#include <botan/internal/keypair.h>
13#include <botan/internal/monty_exp.h>
14#include <botan/internal/pk_ops_impl.h>
18ElGamal_PublicKey::ElGamal_PublicKey(
const DL_Group& group,
const BigInt& y) {
19 m_public_key = std::make_shared<DL_PublicKey>(group, y);
22ElGamal_PublicKey::ElGamal_PublicKey(
const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits) {
27 return m_public_key->estimated_strength();
31 return m_public_key->p_bits();
39 return m_public_key->public_key_as_bytes();
43 return m_public_key->DER_encode();
47 return m_public_key->get_int_field(
algo_name(), field);
51 return std::make_unique<ElGamal_PrivateKey>(rng, m_public_key->group());
55 return m_public_key->check_key(rng, strong);
59 m_private_key = std::make_shared<DL_PrivateKey>(group, rng);
60 m_public_key = m_private_key->public_key();
64 m_private_key = std::make_shared<DL_PrivateKey>(group, x);
65 m_public_key = m_private_key->public_key();
70 m_public_key = m_private_key->public_key();
78 return m_private_key->get_int_field(
algo_name(), field);
82 return m_private_key->DER_encode();
86 return m_private_key->raw_private_key_bits();
90 if(!m_private_key->check_key(rng, strong)) {
104 ElGamal_Encryption_Operation(
const std::shared_ptr<const DL_PublicKey>& key, std::string_view eme) :
105 PK_Ops::Encryption_with_EME(eme), m_key(key) {
106 const size_t powm_window = 4;
107 m_monty_y_p =
monty_precompute(m_key->group().monty_params_p(), m_key->public_key(), powm_window);
110 size_t ciphertext_length(
size_t )
const override {
return 2 * m_key->group().p_bytes(); }
112 size_t max_ptext_input_bits()
const override {
return m_key->group().p_bits() - 1; }
114 secure_vector<uint8_t> raw_encrypt(
const uint8_t msg[],
size_t msg_len, RandomNumberGenerator& rng)
override;
117 std::shared_ptr<const DL_PublicKey> m_key;
118 std::shared_ptr<const Montgomery_Exponentation_State> m_monty_y_p;
123 RandomNumberGenerator& rng) {
124 BigInt m(msg, msg_len);
126 const auto& group = m_key->group();
128 if(m >= group.get_p()) {
129 throw Invalid_Argument(
"ElGamal encryption: Input is too large");
140 const size_t k_bits = group.p_bits() - 1;
141 const BigInt k(rng, k_bits,
false);
143 const BigInt a = group.power_g_p(k, k_bits);
144 const BigInt b = group.multiply_mod_p(m,
monty_execute(*m_monty_y_p, k, k_bits));
146 return BigInt::encode_fixed_length_int_pair(a, b, group.p_bytes());
152class ElGamal_Decryption_Operation
final :
public PK_Ops::Decryption_with_EME {
154 ElGamal_Decryption_Operation(
const std::shared_ptr<const DL_PrivateKey>& key,
155 std::string_view eme,
156 RandomNumberGenerator& rng) :
157 PK_Ops::Decryption_with_EME(eme),
160 m_key->group().get_p(),
162 [](const BigInt& k) {
return k; },
163 [
this](
const BigInt& k) {
return powermod_x_p(k); }) {}
165 size_t plaintext_length(
size_t )
const override {
return m_key->group().p_bytes(); }
167 secure_vector<uint8_t> raw_decrypt(
const uint8_t msg[],
size_t msg_len)
override;
170 BigInt powermod_x_p(
const BigInt& v)
const {
return m_key->group().power_b_p(v, m_key->private_key()); }
172 std::shared_ptr<const DL_PrivateKey> m_key;
177 const auto& group = m_key->group();
179 const size_t p_bytes = group.p_bytes();
181 if(msg_len != 2 * p_bytes) {
182 throw Invalid_Argument(
"ElGamal decryption: Invalid message");
185 BigInt a(msg, p_bytes);
186 const BigInt b(msg + p_bytes, p_bytes);
188 if(a >= group.get_p() || b >= group.get_p()) {
189 throw Invalid_Argument(
"ElGamal decryption: Invalid message");
192 a = m_blinder.
blind(a);
194 const BigInt r = group.multiply_mod_p(group.inverse_mod_p(powermod_x_p(a)), b);
202 std::string_view params,
203 std::string_view provider)
const {
204 if(provider ==
"base" || provider.empty()) {
205 return std::make_unique<ElGamal_Encryption_Operation>(this->m_public_key, params);
211 std::string_view params,
212 std::string_view provider)
const {
213 if(provider ==
"base" || provider.empty()) {
214 return std::make_unique<ElGamal_Decryption_Operation>(this->m_private_key, params, rng);
virtual OID object_identifier() const
T serialize(size_t len) const
BigInt blind(const BigInt &x) const
BigInt unblind(const BigInt &x) const
std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
secure_vector< uint8_t > private_key_bits() const override
const BigInt & get_int_field(std::string_view field) const override
std::unique_ptr< Public_Key > public_key() const override
secure_vector< uint8_t > raw_private_key_bits() const override
bool check_key(RandomNumberGenerator &rng, bool) const override
std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
const BigInt & get_int_field(std::string_view field) const override
std::vector< uint8_t > public_key_bits() const override
friend class ElGamal_PrivateKey
size_t estimated_strength() const override
bool check_key(RandomNumberGenerator &rng, bool strong) const override
AlgorithmIdentifier algorithm_identifier() const override
std::vector< uint8_t > raw_public_key_bits() const override
size_t key_length() const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
std::string algo_name() const override
int(* final)(unsigned char *, CTX *)
bool encryption_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, std::string_view padding)
std::vector< T, secure_allocator< T > > secure_vector
BigInt monty_execute(const Montgomery_Exponentation_State &precomputed_state, const BigInt &k, size_t max_k_bits)
std::shared_ptr< const Montgomery_Exponentation_State > monty_precompute(const std::shared_ptr< const Montgomery_Params > ¶ms, const BigInt &g, size_t window_bits, bool const_time)