diff --git a/eccrypto.cpp b/eccrypto.cpp index f76c495a..9a0914c0 100644 --- a/eccrypto.cpp +++ b/eccrypto.cpp @@ -28,6 +28,9 @@ #include "ec2n.h" #include "misc.h" +#include +#include + // Squash MS LNK4221 and libtool warnings #ifndef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES extern const char ECCRYPTO_FNAME[] = __FILE__; @@ -683,6 +686,13 @@ OID DL_GroupParameters_EC::GetAlgorithmID() const return ASN1::id_ecPublicKey(); } +std::ostream& operator<<(std::ostream& os, const DL_GroupParameters_EC::Element& obj) +{ + std::ostringstream oss; + oss << "(" << std::hex << obj.x << ", " << std::hex << obj.y << ")"; + return os << oss.str(); +} + // ****************************************************************** template diff --git a/eccrypto.h b/eccrypto.h index 716369a2..1f4d339f 100644 --- a/eccrypto.h +++ b/eccrypto.h @@ -22,6 +22,8 @@ #include "ecp.h" #include "ec2n.h" +#include + #if CRYPTOPP_MSC_VERSION # pragma warning(push) # pragma warning(disable: 4231 4275) @@ -168,6 +170,8 @@ protected: mutable bool m_compress, m_encodeAsOID; // presentation details }; +std::ostream& operator<<(std::ostream& os, const DL_GroupParameters_EC::Element& obj); + /// \brief Elliptic Curve Discrete Log (DL) public key /// \tparam EC elliptic curve field template diff --git a/fhmqv.h b/fhmqv.h index 8f8292b5..e03cc933 100644 --- a/fhmqv.h +++ b/fhmqv.h @@ -288,36 +288,18 @@ public: bbs = StaticPublicKeyLength(); } - // DecodeElement calls ValidateElement at level 1. Level 1 only calls - // VerifyPoint to ensure the element is in G*. If the other's PublicKey is - // requested to be validated, we manually call ValidateElement at level 3. - Element VV1 = params.DecodeElement(staticOtherPublicKey, false); - if(!params.ValidateElement(validateStaticOtherPublicKey ? 3 : 1, VV1, NULLPTR)) - { - CRYPTOPP_ASSERT(0); - return false; - } - - // DecodeElement calls ValidateElement at level 1. Level 1 only calls - // VerifyPoint to ensure the element is in G*. Crank it up. - Element VV2 = params.DecodeElement(ephemeralOtherPublicKey, false); - if(!params.ValidateElement(3, VV2, NULLPTR)) - { - CRYPTOPP_ASSERT(0); - return false; - } + Element VV1 = params.DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey); + Element VV2 = params.DecodeElement(ephemeralOtherPublicKey, true); const Integer& q = params.GetSubgroupOrder(); const unsigned int len /*bytes*/ = (((q.BitCount()+1)/2 +7)/8); - - Integer d, e; SecByteBlock dd(len), ee(len); Hash(NULLPTR, XX, xxs, YY, yys, AA, aas, BB, bbs, dd.BytePtr(), dd.SizeInBytes()); - d.Decode(dd.BytePtr(), dd.SizeInBytes()); + Integer d(dd.BytePtr(), dd.SizeInBytes()); Hash(NULLPTR, YY, yys, XX, xxs, AA, aas, BB, bbs, ee.BytePtr(), ee.SizeInBytes()); - e.Decode(ee.BytePtr(), ee.SizeInBytes()); + Integer e(ee.BytePtr(), ee.SizeInBytes()); Element sigma; if(m_role == RoleServer) @@ -372,11 +354,11 @@ protected: if(sigma) { - //SecByteBlock sbb(GetAbstractGroupParameters().GetEncodedElementSize(false)); - //GetAbstractGroupParameters().EncodeElement(false, *sigma, sbb); - Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma); - SecByteBlock sbb(x.MinEncodedSize()); - x.Encode(sbb.BytePtr(), sbb.SizeInBytes()); + //Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma); + //SecByteBlock sbb(x.MinEncodedSize()); + //x.Encode(sbb.BytePtr(), sbb.SizeInBytes()); + SecByteBlock sbb(GetAbstractGroupParameters().GetEncodedElementSize(false)); + GetAbstractGroupParameters().EncodeElement(false, *sigma, sbb); hash.Update(sbb.BytePtr(), sbb.SizeInBytes()); } @@ -404,7 +386,7 @@ protected: private: // The paper uses Initiator and Recipient - make it classical. - enum KeyAgreementRole{ RoleServer = 1, RoleClient }; + enum KeyAgreementRole { RoleServer = 1, RoleClient }; DL_GroupParameters & AccessAbstractGroupParameters() {return m_groupParameters;} const DL_GroupParameters & GetAbstractGroupParameters() const{return m_groupParameters;} diff --git a/hmqv.h b/hmqv.h index 6de2ba3b..dabd018c 100644 --- a/hmqv.h +++ b/hmqv.h @@ -287,38 +287,20 @@ public: bbs = StaticPublicKeyLength(); } - // DecodeElement calls ValidateElement at level 1. Level 1 only calls - // VerifyPoint to ensure the element is in G*. If the other's PublicKey is - // requested to be validated, we manually call ValidateElement at level 3. - Element VV1 = params.DecodeElement(staticOtherPublicKey, false); - if(!params.ValidateElement(validateStaticOtherPublicKey ? 3 : 1, VV1, NULLPTR)) - { - CRYPTOPP_ASSERT(0); - return false; - } - - // DecodeElement calls ValidateElement at level 1. Level 1 only calls - // VerifyPoint to ensure the element is in G*. Crank it up. - Element VV2 = params.DecodeElement(ephemeralOtherPublicKey, false); - if(!params.ValidateElement(3, VV2, NULLPTR)) - { - CRYPTOPP_ASSERT(0); - return false; - } + Element VV1 = params.DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey); + Element VV2 = params.DecodeElement(ephemeralOtherPublicKey, true); const Integer& q = params.GetSubgroupOrder(); const unsigned int len /*bytes*/ = (((q.BitCount()+1)/2 +7)/8); - - Integer d, e; SecByteBlock dd(len), ee(len); // Compute $d = \hat{H}(X, \hat{B})$ Hash(NULLPTR, XX, xxs, BB, bbs, dd.BytePtr(), dd.SizeInBytes()); - d.Decode(dd.BytePtr(), dd.SizeInBytes()); + Integer d(dd.BytePtr(), dd.SizeInBytes()); // Compute $e = \hat{H}(Y, \hat{A})$ Hash(NULLPTR, YY, yys, AA, aas, ee.BytePtr(), ee.SizeInBytes()); - e.Decode(ee.BytePtr(), ee.SizeInBytes()); + Integer e(ee.BytePtr(), ee.SizeInBytes()); Element sigma; if(m_role == RoleServer) @@ -345,11 +327,11 @@ public: Element B = params.DecodeElement(BB, false); Element Y = params.DecodeElement(YY, false); - Element t1 = params.ExponentiateElement(B, e); - Element t2 = m_groupParameters.MultiplyElements(Y, t1); + Element t3 = params.ExponentiateElement(B, e); + Element t4 = m_groupParameters.MultiplyElements(Y, t3); // $\sigma_A}=(Y \cdot B^{e})^{s_A} - sigma = params.ExponentiateElement(t2, s_A); + sigma = params.ExponentiateElement(t4, s_A); } Hash(&sigma, NULLPTR, 0, NULLPTR, 0, agreedValue, AgreedValueLength()); } @@ -379,11 +361,11 @@ protected: if (e1len != 0 || s1len != 0) { CRYPTOPP_ASSERT(0); } - //SecByteBlock sbb(GetAbstractGroupParameters().GetEncodedElementSize(false)); - //GetAbstractGroupParameters().EncodeElement(false, *sigma, sbb); - Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma); - SecByteBlock sbb(x.MinEncodedSize()); - x.Encode(sbb.BytePtr(), sbb.SizeInBytes()); + //Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma); + //SecByteBlock sbb(x.MinEncodedSize()); + //x.Encode(sbb.BytePtr(), sbb.SizeInBytes()); + SecByteBlock sbb(GetAbstractGroupParameters().GetEncodedElementSize(false)); + GetAbstractGroupParameters().EncodeElement(false, *sigma, sbb); hash.Update(sbb.BytePtr(), sbb.SizeInBytes()); } else { if (e1len == 0 || s1len == 0) { @@ -412,7 +394,7 @@ protected: private: // The paper uses Initiator and Recipient - make it classical. - enum KeyAgreementRole{ RoleServer = 1, RoleClient }; + enum KeyAgreementRole { RoleServer = 1, RoleClient }; DL_GroupParameters & AccessAbstractGroupParameters() {return m_groupParameters;}