diff options
author | René Korthaus <[email protected]> | 2015-12-23 11:52:19 +0100 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-01-08 19:09:51 -0500 |
commit | d22bc10cd4f67924acd82bcd46a31e3de3b20ce3 (patch) | |
tree | 58459585e6675cd799b6ef5900be026825cd6f9d /src/lib/pubkey | |
parent | 2fbfdd7e5afb5e888fd8c0b56c6df09e2bdeaca7 (diff) |
Mass-prefix member vars with m_
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r-- | src/lib/pubkey/dh/dh.cpp | 24 | ||||
-rw-r--r-- | src/lib/pubkey/dl_algo/dl_algo.cpp | 26 | ||||
-rw-r--r-- | src/lib/pubkey/dl_algo/dl_algo.h | 18 | ||||
-rw-r--r-- | src/lib/pubkey/dl_group/dl_group.cpp | 72 | ||||
-rw-r--r-- | src/lib/pubkey/dl_group/dl_group.h | 4 | ||||
-rw-r--r-- | src/lib/pubkey/dlies/dlies.cpp | 80 | ||||
-rw-r--r-- | src/lib/pubkey/dlies/dlies.h | 20 | ||||
-rw-r--r-- | src/lib/pubkey/dsa/dsa.cpp | 92 | ||||
-rw-r--r-- | src/lib/pubkey/ec_group/ec_group.cpp | 24 | ||||
-rw-r--r-- | src/lib/pubkey/ec_group/ec_group.h | 30 | ||||
-rw-r--r-- | src/lib/pubkey/ecc_key/ecc_key.cpp | 44 | ||||
-rw-r--r-- | src/lib/pubkey/ecc_key/ecc_key.h | 16 | ||||
-rw-r--r-- | src/lib/pubkey/ecdh/ecdh.cpp | 18 | ||||
-rw-r--r-- | src/lib/pubkey/elgamal/elgamal.cpp | 58 | ||||
-rw-r--r-- | src/lib/pubkey/gost_3410/gost_3410.cpp | 38 | ||||
-rw-r--r-- | src/lib/pubkey/if_algo/if_algo.cpp | 74 | ||||
-rw-r--r-- | src/lib/pubkey/if_algo/if_algo.h | 24 | ||||
-rw-r--r-- | src/lib/pubkey/mce/polyn_gf2m.h | 5 | ||||
-rw-r--r-- | src/lib/pubkey/nr/nr.cpp | 82 | ||||
-rw-r--r-- | src/lib/pubkey/rsa/rsa.cpp | 48 | ||||
-rw-r--r-- | src/lib/pubkey/rw/rw.cpp | 88 |
21 files changed, 445 insertions, 440 deletions
diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index 3888166bb..9eb4e5cd0 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -18,8 +18,8 @@ namespace Botan { */ DH_PublicKey::DH_PublicKey(const DL_Group& grp, const BigInt& y1) { - group = grp; - y = y1; + m_group = grp; + m_y = y1; } /* @@ -27,7 +27,7 @@ DH_PublicKey::DH_PublicKey(const DL_Group& grp, const BigInt& y1) */ std::vector<byte> DH_PublicKey::public_value() const { - return unlock(BigInt::encode_1363(y, group_p().bytes())); + return unlock(BigInt::encode_1363(m_y, group_p().bytes())); } /* @@ -37,19 +37,19 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng, const DL_Group& grp, const BigInt& x_arg) { - group = grp; - x = x_arg; + m_group = grp; + m_x = x_arg; - if(x == 0) + if(m_x == 0) { const BigInt& p = group_p(); - x.randomize(rng, dl_exponent_size(p.bits())); + m_x.randomize(rng, dl_exponent_size(p.bits())); } - if(y == 0) - y = power_mod(group_g(), x, group_p()); + if(m_y == 0) + m_y = power_mod(group_g(), m_x, group_p()); - if(x == 0) + if(m_x == 0) gen_check(rng); else load_check(rng); @@ -63,8 +63,8 @@ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { - if(y == 0) - y = power_mod(group_g(), x, group_p()); + if(m_y == 0) + m_y = power_mod(group_g(), m_x, group_p()); load_check(rng); } diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp index 4d179fe50..d85249750 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.cpp +++ b/src/lib/pubkey/dl_algo/dl_algo.cpp @@ -15,41 +15,41 @@ namespace Botan { size_t DL_Scheme_PublicKey::estimated_strength() const { - return dl_work_factor(group.get_p().bits()); + return dl_work_factor(m_group.get_p().bits()); } AlgorithmIdentifier DL_Scheme_PublicKey::algorithm_identifier() const { return AlgorithmIdentifier(get_oid(), - group.DER_encode(group_format())); + m_group.DER_encode(group_format())); } std::vector<byte> DL_Scheme_PublicKey::x509_subject_public_key() const { - return DER_Encoder().encode(y).get_contents_unlocked(); + return DER_Encoder().encode(m_y).get_contents_unlocked(); } DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, const secure_vector<byte>& key_bits, DL_Group::Format format) { - group.BER_decode(alg_id.parameters, format); + m_group.BER_decode(alg_id.parameters, format); - BER_Decoder(key_bits).decode(y); + BER_Decoder(key_bits).decode(m_y); } secure_vector<byte> DL_Scheme_PrivateKey::pkcs8_private_key() const { - return DER_Encoder().encode(x).get_contents(); + return DER_Encoder().encode(m_x).get_contents(); } DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, const secure_vector<byte>& key_bits, DL_Group::Format format) { - group.BER_decode(alg_id.parameters, format); + m_group.BER_decode(alg_id.parameters, format); - BER_Decoder(key_bits).decode(x); + BER_Decoder(key_bits).decode(m_x); } /* @@ -58,9 +58,9 @@ DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, bool DL_Scheme_PublicKey::check_key(RandomNumberGenerator& rng, bool strong) const { - if(y < 2 || y >= group_p()) + if(m_y < 2 || m_y >= group_p()) return false; - if(!group.verify_group(rng, strong)) + if(!m_group.verify_group(rng, strong)) return false; return true; } @@ -74,15 +74,15 @@ bool DL_Scheme_PrivateKey::check_key(RandomNumberGenerator& rng, const BigInt& p = group_p(); const BigInt& g = group_g(); - if(y < 2 || y >= p || x < 2 || x >= p) + if(m_y < 2 || m_y >= p || m_x < 2 || m_x >= p) return false; - if(!group.verify_group(rng, strong)) + if(!m_group.verify_group(rng, strong)) return false; if(!strong) return true; - if(y != power_mod(g, x, p)) + if(m_y != power_mod(g, m_x, p)) return false; return true; diff --git a/src/lib/pubkey/dl_algo/dl_algo.h b/src/lib/pubkey/dl_algo/dl_algo.h index 18886e5dc..705cce8b3 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.h +++ b/src/lib/pubkey/dl_algo/dl_algo.h @@ -29,30 +29,30 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key * Get the DL domain parameters of this key. * @return DL domain parameters of this key */ - const DL_Group& get_domain() const { return group; } + const DL_Group& get_domain() const { return m_group; } /** * Get the public value y with y = g^x mod p where x is the secret key. */ - const BigInt& get_y() const { return y; } + const BigInt& get_y() const { return m_y; } /** * Get the prime p of the underlying DL group. * @return prime p */ - const BigInt& group_p() const { return group.get_p(); } + const BigInt& group_p() const { return m_group.get_p(); } /** * Get the prime q of the underlying DL group. * @return prime q */ - const BigInt& group_q() const { return group.get_q(); } + const BigInt& group_q() const { return m_group.get_q(); } /** * Get the generator g of the underlying DL group. * @return generator g */ - const BigInt& group_g() const { return group.get_g(); } + const BigInt& group_g() const { return m_group.get_g(); } /** * Get the underlying groups encoding format. @@ -72,12 +72,12 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key /** * The DL public key */ - BigInt y; + BigInt m_y; /** * The DL group */ - DL_Group group; + DL_Group m_group; }; /** @@ -93,7 +93,7 @@ class BOTAN_DLL DL_Scheme_PrivateKey : public virtual DL_Scheme_PublicKey, * Get the secret key x. * @return secret key */ - const BigInt& get_x() const { return x; } + const BigInt& get_x() const { return m_x; } secure_vector<byte> pkcs8_private_key() const override; @@ -107,7 +107,7 @@ class BOTAN_DLL DL_Scheme_PrivateKey : public virtual DL_Scheme_PublicKey, /** * The DL private key */ - BigInt x; + BigInt m_x; }; } diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index ed9b60c7c..40660e62a 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -20,7 +20,7 @@ namespace Botan { */ DL_Group::DL_Group() { - initialized = false; + m_initialized = false; } /* @@ -48,35 +48,35 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, if(type == Strong) { - p = random_safe_prime(rng, pbits); - q = (p - 1) / 2; - g = 2; + m_p = random_safe_prime(rng, pbits); + m_q = (m_p - 1) / 2; + m_g = 2; } else if(type == Prime_Subgroup) { if(!qbits) qbits = dl_exponent_size(pbits); - q = random_prime(rng, qbits); + m_q = random_prime(rng, qbits); BigInt X; - while(p.bits() != pbits || !is_prime(p, rng)) + while(m_p.bits() != pbits || !is_prime(m_p, rng)) { X.randomize(rng, pbits); - p = X - (X % (2*q) - 1); + m_p = X - (X % (2*m_q) - 1); } - g = make_dsa_generator(p, q); + m_g = make_dsa_generator(m_p, m_q); } else if(type == DSA_Kosherizer) { qbits = qbits ? qbits : ((pbits <= 1024) ? 160 : 256); - generate_dsa_primes(rng, p, q, pbits, qbits); + generate_dsa_primes(rng, m_p, m_q, pbits, qbits); - g = make_dsa_generator(p, q); + m_g = make_dsa_generator(m_p, m_q); } - initialized = true; + m_initialized = true; } /* @@ -86,13 +86,13 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, const std::vector<byte>& seed, size_t pbits, size_t qbits) { - if(!generate_dsa_primes(rng, p, q, pbits, qbits, seed)) + if(!generate_dsa_primes(rng, m_p, m_q, pbits, qbits, seed)) throw Invalid_Argument("DL_Group: The seed given does not " "generate a DSA group"); - g = make_dsa_generator(p, q); + m_g = make_dsa_generator(m_p, m_q); - initialized = true; + m_initialized = true; } /* @@ -123,11 +123,11 @@ void DL_Group::initialize(const BigInt& p1, const BigInt& q1, const BigInt& g1) if(q1 < 0 || q1 >= p1) throw Invalid_Argument("DL_Group: Subgroup invalid"); - p = p1; - g = g1; - q = q1; + m_p = p1; + m_g = g1; + m_q = q1; - initialized = true; + m_initialized = true; } /* @@ -135,7 +135,7 @@ void DL_Group::initialize(const BigInt& p1, const BigInt& q1, const BigInt& g1) */ void DL_Group::init_check() const { - if(!initialized) + if(!m_initialized) throw Invalid_State("DLP group cannot be used uninitialized"); } @@ -147,16 +147,16 @@ bool DL_Group::verify_group(RandomNumberGenerator& rng, { init_check(); - if(g < 2 || p < 3 || q < 0) + if(m_g < 2 || m_p < 3 || m_q < 0) return false; - if((q != 0) && ((p - 1) % q != 0)) + if((m_q != 0) && ((m_p - 1) % m_q != 0)) return false; const size_t prob = (strong) ? 56 : 10; - if(!is_prime(p, rng, prob)) + if(!is_prime(m_p, rng, prob)) return false; - if((q > 0) && !is_prime(q, rng, prob)) + if((m_q > 0) && !is_prime(m_q, rng, prob)) return false; return true; } @@ -167,7 +167,7 @@ bool DL_Group::verify_group(RandomNumberGenerator& rng, const BigInt& DL_Group::get_p() const { init_check(); - return p; + return m_p; } /* @@ -176,7 +176,7 @@ const BigInt& DL_Group::get_p() const const BigInt& DL_Group::get_g() const { init_check(); - return g; + return m_g; } /* @@ -185,9 +185,9 @@ const BigInt& DL_Group::get_g() const const BigInt& DL_Group::get_q() const { init_check(); - if(q == 0) + if(m_q == 0) throw Invalid_State("DLP group has no q prime specified"); - return q; + return m_q; } /* @@ -197,16 +197,16 @@ std::vector<byte> DL_Group::DER_encode(Format format) const { init_check(); - if((q == 0) && (format != PKCS_3)) + if((m_q == 0) && (format != PKCS_3)) throw Encoding_Error("The ANSI DL parameter formats require a subgroup"); if(format == ANSI_X9_57) { return DER_Encoder() .start_cons(SEQUENCE) - .encode(p) - .encode(q) - .encode(g) + .encode(m_p) + .encode(m_q) + .encode(m_g) .end_cons() .get_contents_unlocked(); } @@ -214,9 +214,9 @@ std::vector<byte> DL_Group::DER_encode(Format format) const { return DER_Encoder() .start_cons(SEQUENCE) - .encode(p) - .encode(g) - .encode(q) + .encode(m_p) + .encode(m_g) + .encode(m_q) .end_cons() .get_contents_unlocked(); } @@ -224,8 +224,8 @@ std::vector<byte> DL_Group::DER_encode(Format format) const { return DER_Encoder() .start_cons(SEQUENCE) - .encode(p) - .encode(g) + .encode(m_p) + .encode(m_g) .end_cons() .get_contents_unlocked(); } diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index 7201054f2..8bdd205da 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -161,8 +161,8 @@ class BOTAN_DLL DL_Group void init_check() const; void initialize(const BigInt&, const BigInt&, const BigInt&); - bool initialized; - BigInt p, q, g; + bool m_initialized; + BigInt m_p, m_q, m_g; }; } diff --git a/src/lib/pubkey/dlies/dlies.cpp b/src/lib/pubkey/dlies/dlies.cpp index 708064d27..86cd51e19 100644 --- a/src/lib/pubkey/dlies/dlies.cpp +++ b/src/lib/pubkey/dlies/dlies.cpp @@ -16,12 +16,12 @@ DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, size_t mac_kl) : - ka(key, "Raw"), - kdf(kdf_obj), - mac(mac_obj), - mac_keylen(mac_kl) + m_ka(key, "Raw"), + m_kdf(kdf_obj), + m_mac(mac_obj), + m_mac_keylen(mac_kl) { - my_key = key.public_value(); + m_my_key = key.public_value(); } /* @@ -32,31 +32,31 @@ std::vector<byte> DLIES_Encryptor::enc(const byte in[], size_t length, { if(length > maximum_input_size()) throw Invalid_Argument("DLIES: Plaintext too large"); - if(other_key.empty()) + if(m_other_key.empty()) throw Invalid_State("DLIES: The other key was never set"); - secure_vector<byte> out(my_key.size() + length + mac->output_length()); - buffer_insert(out, 0, my_key); - buffer_insert(out, my_key.size(), in, length); + secure_vector<byte> out(m_my_key.size() + length + m_mac->output_length()); + buffer_insert(out, 0, m_my_key); + buffer_insert(out, m_my_key.size(), in, length); - secure_vector<byte> vz(my_key.begin(), my_key.end()); - vz += ka.derive_key(0, other_key).bits_of(); + secure_vector<byte> vz(m_my_key.begin(), m_my_key.end()); + vz += m_ka.derive_key(0, m_other_key).bits_of(); - const size_t K_LENGTH = length + mac_keylen; - secure_vector<byte> K = kdf->derive_key(K_LENGTH, vz); + const size_t K_LENGTH = length + m_mac_keylen; + secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz); if(K.size() != K_LENGTH) throw Encoding_Error("DLIES: KDF did not provide sufficient output"); - byte* C = &out[my_key.size()]; + byte* C = &out[m_my_key.size()]; - mac->set_key(K.data(), mac_keylen); - xor_buf(C, &K[mac_keylen], length); + m_mac->set_key(K.data(), m_mac_keylen); + xor_buf(C, &K[m_mac_keylen], length); - mac->update(C, length); + m_mac->update(C, length); for(size_t j = 0; j != 8; ++j) - mac->update(0); + m_mac->update(0); - mac->final(C + length); + m_mac->final(C + length); return unlock(out); } @@ -66,7 +66,7 @@ std::vector<byte> DLIES_Encryptor::enc(const byte in[], size_t length, */ void DLIES_Encryptor::set_other_key(const std::vector<byte>& ok) { - other_key = ok; + m_other_key = ok; } /* @@ -84,12 +84,12 @@ DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, size_t mac_kl) : - ka(key, "Raw"), - kdf(kdf_obj), - mac(mac_obj), - mac_keylen(mac_kl) + m_ka(key, "Raw"), + m_kdf(kdf_obj), + m_mac(mac_obj), + m_mac_keylen(mac_kl) { - my_key = key.public_value(); + m_my_key = key.public_value(); } /* @@ -97,35 +97,35 @@ DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key, */ secure_vector<byte> DLIES_Decryptor::dec(const byte msg[], size_t length) const { - if(length < my_key.size() + mac->output_length()) + if(length < m_my_key.size() + m_mac->output_length()) throw Decoding_Error("DLIES decryption: ciphertext is too short"); - const size_t CIPHER_LEN = length - my_key.size() - mac->output_length(); + const size_t CIPHER_LEN = length - m_my_key.size() - m_mac->output_length(); - std::vector<byte> v(msg, msg + my_key.size()); + std::vector<byte> v(msg, msg + m_my_key.size()); - secure_vector<byte> C(msg + my_key.size(), msg + my_key.size() + CIPHER_LEN); + secure_vector<byte> C(msg + m_my_key.size(), msg + m_my_key.size() + CIPHER_LEN); - secure_vector<byte> T(msg + my_key.size() + CIPHER_LEN, - msg + my_key.size() + CIPHER_LEN + mac->output_length()); + secure_vector<byte> T(msg + m_my_key.size() + CIPHER_LEN, + msg + m_my_key.size() + CIPHER_LEN + m_mac->output_length()); - secure_vector<byte> vz(msg, msg + my_key.size()); - vz += ka.derive_key(0, v).bits_of(); + secure_vector<byte> vz(msg, msg + m_my_key.size()); + vz += m_ka.derive_key(0, v).bits_of(); - const size_t K_LENGTH = C.size() + mac_keylen; - secure_vector<byte> K = kdf->derive_key(K_LENGTH, vz); + const size_t K_LENGTH = C.size() + m_mac_keylen; + secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz); if(K.size() != K_LENGTH) throw Encoding_Error("DLIES: KDF did not provide sufficient output"); - mac->set_key(K.data(), mac_keylen); - mac->update(C); + m_mac->set_key(K.data(), m_mac_keylen); + m_mac->update(C); for(size_t j = 0; j != 8; ++j) - mac->update(0); - secure_vector<byte> T2 = mac->final(); + m_mac->update(0); + secure_vector<byte> T2 = m_mac->final(); if(T != T2) throw Decoding_Error("DLIES: message authentication failed"); - xor_buf(C, K.data() + mac_keylen, C.size()); + xor_buf(C, K.data() + m_mac_keylen, C.size()); return C; } diff --git a/src/lib/pubkey/dlies/dlies.h b/src/lib/pubkey/dlies/dlies.h index ed5928080..dd8838a28 100644 --- a/src/lib/pubkey/dlies/dlies.h +++ b/src/lib/pubkey/dlies/dlies.h @@ -32,12 +32,12 @@ class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor size_t maximum_input_size() const override; - std::vector<byte> other_key, my_key; + std::vector<byte> m_other_key, m_my_key; - PK_Key_Agreement ka; - std::unique_ptr<KDF> kdf; - std::unique_ptr<MessageAuthenticationCode> mac; - size_t mac_keylen; + PK_Key_Agreement m_ka; + std::unique_ptr<KDF> m_kdf; + std::unique_ptr<MessageAuthenticationCode> m_mac; + size_t m_mac_keylen; }; /** @@ -54,12 +54,12 @@ class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor private: secure_vector<byte> dec(const byte[], size_t) const override; - std::vector<byte> my_key; + std::vector<byte> m_my_key; - PK_Key_Agreement ka; - std::unique_ptr<KDF> kdf; - std::unique_ptr<MessageAuthenticationCode> mac; - size_t mac_keylen; + PK_Key_Agreement m_ka; + std::unique_ptr<KDF> m_kdf; + std::unique_ptr<MessageAuthenticationCode> m_mac; + size_t m_mac_keylen; }; } diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index ec0830533..63b7bd07e 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -20,8 +20,8 @@ namespace Botan { */ DSA_PublicKey::DSA_PublicKey(const DL_Group& grp, const BigInt& y1) { - group = grp; - y = y1; + m_group = grp; + m_y = y1; } /* @@ -31,13 +31,13 @@ DSA_PrivateKey::DSA_PrivateKey(RandomNumberGenerator& rng, const DL_Group& grp, const BigInt& x_arg) { - group = grp; - x = x_arg; + m_group = grp; + m_x = x_arg; - if(x == 0) - x = BigInt::random_integer(rng, 2, group_q() - 1); + if(m_x == 0) + m_x = BigInt::random_integer(rng, 2, group_q() - 1); - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); if(x_arg == 0) gen_check(rng); @@ -50,7 +50,7 @@ DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); load_check(rng); } @@ -60,7 +60,7 @@ DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id, */ bool DSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { - if(!DL_Scheme_PrivateKey::check_key(rng, strong) || x >= group_q()) + if(!DL_Scheme_PrivateKey::check_key(rng, strong) || m_x >= group_q()) return false; if(!strong) @@ -80,25 +80,25 @@ class DSA_Signature_Operation : public PK_Ops::Signature_with_EMSA typedef DSA_PrivateKey Key_Type; DSA_Signature_Operation(const DSA_PrivateKey& dsa, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - q(dsa.group_q()), - x(dsa.get_x()), - powermod_g_p(dsa.group_g(), dsa.group_p()), - mod_q(dsa.group_q()), + m_q(dsa.group_q()), + m_x(dsa.get_x()), + m_powermod_g_p(dsa.group_g(), dsa.group_p()), + m_mod_q(dsa.group_q()), m_hash(hash_for_deterministic_signature(emsa)) { } size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return q.bytes(); } - size_t max_input_bits() const override { return q.bits(); } + size_t message_part_size() const override { return m_q.bytes(); } + size_t max_input_bits() const override { return m_q.bits(); } secure_vector<byte> raw_sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) override; private: - const BigInt& q; - const BigInt& x; - Fixed_Base_Power_Mod powermod_g_p; - Modular_Reducer mod_q; + const BigInt& m_q; + const BigInt& m_x; + Fixed_Base_Power_Mod m_powermod_g_p; + Modular_Reducer m_mod_q; std::string m_hash; }; @@ -108,23 +108,23 @@ DSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, { BigInt i(msg, msg_len); - while(i >= q) - i -= q; + while(i >= m_q) + i -= m_q; - const BigInt k = generate_rfc6979_nonce(x, q, i, m_hash); + const BigInt k = generate_rfc6979_nonce(m_x, m_q, i, m_hash); auto future_r = std::async(std::launch::async, - [&]() { return mod_q.reduce(powermod_g_p(k)); }); + [&]() { return m_mod_q.reduce(m_powermod_g_p(k)); }); - BigInt s = inverse_mod(k, q); + BigInt s = inverse_mod(k, m_q); const BigInt r = future_r.get(); - s = mod_q.multiply(s, mul_add(x, r, i)); + s = m_mod_q.multiply(s, mul_add(m_x, r, i)); // With overwhelming probability, a bug rather than actual zero r/s BOTAN_ASSERT(s != 0, "invalid s"); BOTAN_ASSERT(r != 0, "invalid r"); - secure_vector<byte> output(2*q.bytes()); + secure_vector<byte> output(2*m_q.bytes()); r.binary_encode(&output[output.size() / 2 - r.bytes()]); s.binary_encode(&output[output.size() - s.bytes()]); return output; @@ -140,54 +140,54 @@ class DSA_Verification_Operation : public PK_Ops::Verification_with_EMSA DSA_Verification_Operation(const DSA_PublicKey& dsa, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - q(dsa.group_q()), y(dsa.get_y()) + m_q(dsa.group_q()), m_y(dsa.get_y()) { - powermod_g_p = Fixed_Base_Power_Mod(dsa.group_g(), dsa.group_p()); - powermod_y_p = Fixed_Base_Power_Mod(y, dsa.group_p()); - mod_p = Modular_Reducer(dsa.group_p()); - mod_q = Modular_Reducer(dsa.group_q()); + m_powermod_g_p = Fixed_Base_Power_Mod(dsa.group_g(), dsa.group_p()); + m_powermod_y_p = Fixed_Base_Power_Mod(m_y, dsa.group_p()); + m_mod_p = Modular_Reducer(dsa.group_p()); + m_mod_q = Modular_Reducer(dsa.group_q()); } size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return q.bytes(); } - size_t max_input_bits() const override { return q.bits(); } + size_t message_part_size() const override { return m_q.bytes(); } + size_t max_input_bits() const override { return m_q.bits(); } bool with_recovery() const override { return false; } bool verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len) override; private: - const BigInt& q; - const BigInt& y; + const BigInt& m_q; + const BigInt& m_y; - Fixed_Base_Power_Mod powermod_g_p, powermod_y_p; - Modular_Reducer mod_p, mod_q; + Fixed_Base_Power_Mod m_powermod_g_p, m_powermod_y_p; + Modular_Reducer m_mod_p, m_mod_q; }; bool DSA_Verification_Operation::verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len) { - if(sig_len != 2*q.bytes() || msg_len > q.bytes()) + if(sig_len != 2*m_q.bytes() || msg_len > m_q.bytes()) return false; - BigInt r(sig, q.bytes()); - BigInt s(sig + q.bytes(), q.bytes()); + BigInt r(sig, m_q.bytes()); + BigInt s(sig + m_q.bytes(), m_q.bytes()); BigInt i(msg, msg_len); - if(r <= 0 || r >= q || s <= 0 || s >= q) + if(r <= 0 || r >= m_q || s <= 0 || s >= m_q) return false; - s = inverse_mod(s, q); + s = inverse_mod(s, m_q); auto future_s_i = std::async(std::launch::async, - [&]() { return powermod_g_p(mod_q.multiply(s, i)); }); + [&]() { return m_powermod_g_p(m_mod_q.multiply(s, i)); }); - BigInt s_r = powermod_y_p(mod_q.multiply(s, r)); + BigInt s_r = m_powermod_y_p(m_mod_q.multiply(s, r)); BigInt s_i = future_s_i.get(); - s = mod_p.multiply(s_i, s_r); + s = m_mod_p.multiply(s_i, s_r); - return (mod_q.reduce(s) == r); + return (m_mod_q.reduce(s) == r); } BOTAN_REGISTER_PK_SIGNATURE_OP("DSA", DSA_Signature_Operation); diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index fc46675bd..c264d7314 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -23,7 +23,7 @@ EC_Group::EC_Group(const OID& domain_oid) throw Lookup_Error("No ECC domain data for " + domain_oid.as_string()); *this = EC_Group(pem); - oid = domain_oid.as_string(); + m_oid = domain_oid.as_string(); } EC_Group::EC_Group(const std::string& str) @@ -75,13 +75,13 @@ EC_Group::EC_Group(const std::vector<byte>& ber_data) .decode_octet_string_bigint(b) .end_cons() .decode(sv_base_point, OCTET_STRING) - .decode(order) - .decode(cofactor) + .decode(m_order) + .decode(m_cofactor) .end_cons() .verify_end(); - curve = CurveGFp(p, a, b); - base_point = OS2ECP(sv_base_point, curve); + m_curve = CurveGFp(p, a, b); + m_base_point = OS2ECP(sv_base_point, m_curve); } else throw Decoding_Error("Unexpected tag while decoding ECC domain params"); @@ -95,24 +95,24 @@ EC_Group::DER_encode(EC_Group_Encoding form) const const size_t ecpVers1 = 1; OID curve_type("1.2.840.10045.1.1"); - const size_t p_bytes = curve.get_p().bytes(); + const size_t p_bytes = m_curve.get_p().bytes(); return DER_Encoder() .start_cons(SEQUENCE) .encode(ecpVers1) .start_cons(SEQUENCE) .encode(curve_type) - .encode(curve.get_p()) + .encode(m_curve.get_p()) .end_cons() .start_cons(SEQUENCE) - .encode(BigInt::encode_1363(curve.get_a(), p_bytes), + .encode(BigInt::encode_1363(m_curve.get_a(), p_bytes), OCTET_STRING) - .encode(BigInt::encode_1363(curve.get_b(), p_bytes), + .encode(BigInt::encode_1363(m_curve.get_b(), p_bytes), OCTET_STRING) .end_cons() - .encode(EC2OSP(base_point, PointGFp::UNCOMPRESSED), OCTET_STRING) - .encode(order) - .encode(cofactor) + .encode(EC2OSP(m_base_point, PointGFp::UNCOMPRESSED), OCTET_STRING) + .encode(m_order) + .encode(m_cofactor) .end_cons() .get_contents_unlocked(); } diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 67ade0c65..c7e52b238 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -43,11 +43,11 @@ class BOTAN_DLL EC_Group const PointGFp& base_point, const BigInt& order, const BigInt& cofactor) : - curve(curve), - base_point(base_point), - order(order), - cofactor(cofactor), - oid("") + m_curve(curve), + m_base_point(base_point), + m_order(order), + m_cofactor(cofactor), + m_oid("") {} /** @@ -86,33 +86,33 @@ class BOTAN_DLL EC_Group * Return domain parameter curve * @result domain parameter curve */ - const CurveGFp& get_curve() const { return curve; } + const CurveGFp& get_curve() const { return m_curve; } /** * Return group base point * @result base point */ - const PointGFp& get_base_point() const { return base_point; } + const PointGFp& get_base_point() const { return m_base_point; } /** * Return the order of the base point * @result order of the base point */ - const BigInt& get_order() const { return order; } + const BigInt& get_order() const { return m_order; } /** * Return the cofactor * @result the cofactor */ - const BigInt& get_cofactor() const { return cofactor; } + const BigInt& get_cofactor() const { return m_cofactor; } - bool initialized() const { return !base_point.is_zero(); } + bool initialized() const { return !m_base_point.is_zero(); } /** * Return the OID of these domain parameters * @result the OID */ - std::string get_oid() const { return oid; } + std::string get_oid() const { return m_oid; } bool operator==(const EC_Group& other) const { @@ -128,10 +128,10 @@ class BOTAN_DLL EC_Group static const char* PEM_for_named_group(const std::string& name); private: - CurveGFp curve; - PointGFp base_point; - BigInt order, cofactor; - std::string oid; + CurveGFp m_curve; + PointGFp m_base_point; + BigInt m_order, m_cofactor; + std::string m_oid; }; inline bool operator!=(const EC_Group& lhs, diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index b0c053688..a3f0ea93d 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -25,8 +25,8 @@ size_t EC_PublicKey::estimated_strength() const EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, const PointGFp& pub_point) : - domain_params(dom_par), public_key(pub_point), - domain_encoding(EC_DOMPAR_ENC_EXPLICIT) + m_domain_params(dom_par), m_public_key(pub_point), + m_domain_encoding(EC_DOMPAR_ENC_EXPLICIT) { if(domain().get_curve() != public_point().get_curve()) throw Invalid_Argument("EC_PublicKey: curve mismatch in constructor"); @@ -35,10 +35,10 @@ EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, const secure_vector<byte>& key_bits) { - domain_params = EC_Group(alg_id.parameters); - domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + m_domain_params = EC_Group(alg_id.parameters); + m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; - public_key = OS2ECP(key_bits, domain().get_curve()); + m_public_key = OS2ECP(key_bits, domain().get_curve()); } bool EC_PublicKey::check_key(RandomNumberGenerator&, @@ -64,20 +64,20 @@ void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form) form != EC_DOMPAR_ENC_OID) throw Invalid_Argument("Invalid encoding form for EC-key object specified"); - if((form == EC_DOMPAR_ENC_OID) && (domain_params.get_oid() == "")) + if((form == EC_DOMPAR_ENC_OID) && (m_domain_params.get_oid() == "")) throw Invalid_Argument("Invalid encoding form OID specified for " "EC-key object whose corresponding domain " "parameters are without oid"); - domain_encoding = form; + m_domain_encoding = form; } const BigInt& EC_PrivateKey::private_value() const { - if(private_key == 0) + if(m_private_key == 0) throw Invalid_State("EC_PrivateKey::private_value - uninitialized"); - return private_key; + return m_private_key; } /** @@ -87,17 +87,17 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, const EC_Group& ec_group, const BigInt& x) { - domain_params = ec_group; - domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + m_domain_params = ec_group; + m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; if(x == 0) - private_key = BigInt::random_integer(rng, 1, domain().get_order()); + m_private_key = BigInt::random_integer(rng, 1, domain().get_order()); else - private_key = x; + m_private_key = x; - public_key = domain().get_base_point() * private_key; + m_public_key = domain().get_base_point() * m_private_key; - BOTAN_ASSERT(public_key.on_the_curve(), + BOTAN_ASSERT(m_public_key.on_the_curve(), "Generated public key point was on the curve"); } @@ -106,7 +106,7 @@ secure_vector<byte> EC_PrivateKey::pkcs8_private_key() const return DER_Encoder() .start_cons(SEQUENCE) .encode(static_cast<size_t>(1)) - .encode(BigInt::encode_1363(private_key, private_key.bytes()), + .encode(BigInt::encode_1363(m_private_key, m_private_key.bytes()), OCTET_STRING) .end_cons() .get_contents(); @@ -115,8 +115,8 @@ secure_vector<byte> EC_PrivateKey::pkcs8_private_key() const EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, const secure_vector<byte>& key_bits) { - domain_params = EC_Group(alg_id.parameters); - domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + m_domain_params = EC_Group(alg_id.parameters); + m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; OID key_parameters; secure_vector<byte> public_key_bits; @@ -124,7 +124,7 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, BER_Decoder(key_bits) .start_cons(SEQUENCE) .decode_and_check<size_t>(1, "Unknown version code for ECC key") - .decode_octet_string_bigint(private_key) + .decode_octet_string_bigint(m_private_key) .decode_optional(key_parameters, ASN1_Tag(0), PRIVATE) .decode_optional_string(public_key_bits, BIT_STRING, 1, PRIVATE) .end_cons(); @@ -134,14 +134,14 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, if(public_key_bits.empty()) { - public_key = domain().get_base_point() * private_key; + m_public_key = domain().get_base_point() * m_private_key; - BOTAN_ASSERT(public_key.on_the_curve(), + BOTAN_ASSERT(m_public_key.on_the_curve(), "Public point derived from loaded key was on the curve"); } else { - public_key = OS2ECP(public_key_bits, domain().get_curve()); + m_public_key = OS2ECP(public_key_bits, domain().get_curve()); // OS2ECP verifies that the point is on the curve } } diff --git a/src/lib/pubkey/ecc_key/ecc_key.h b/src/lib/pubkey/ecc_key/ecc_key.h index 6764df0f0..3557d0266 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.h +++ b/src/lib/pubkey/ecc_key/ecc_key.h @@ -41,7 +41,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key * domain parameters of this point are not set * @result the public point of this key */ - const PointGFp& public_point() const { return public_key; } + const PointGFp& public_point() const { return m_public_key; } AlgorithmIdentifier algorithm_identifier() const override; @@ -56,7 +56,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key * domain parameters of this point are not set * @result the domain parameters of this key */ - const EC_Group& domain() const { return domain_params; } + const EC_Group& domain() const { return m_domain_params; } /** * Set the domain parameter encoding to be used when encoding this key. @@ -76,16 +76,16 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key * @result the encoding to use */ EC_Group_Encoding domain_format() const - { return domain_encoding; } + { return m_domain_encoding; } size_t estimated_strength() const override; protected: - EC_PublicKey() : domain_encoding(EC_DOMPAR_ENC_EXPLICIT) {} + EC_PublicKey() : m_domain_encoding(EC_DOMPAR_ENC_EXPLICIT) {} - EC_Group domain_params; - PointGFp public_key; - EC_Group_Encoding domain_encoding; + EC_Group m_domain_params; + PointGFp m_public_key; + EC_Group_Encoding m_domain_encoding; }; /** @@ -112,7 +112,7 @@ class BOTAN_DLL EC_PrivateKey : public virtual EC_PublicKey, protected: EC_PrivateKey() {} - BigInt private_key; + BigInt m_private_key; }; } diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index 6b589df9b..55e215bc1 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -26,23 +26,23 @@ class ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF ECDH_KA_Operation(const ECDH_PrivateKey& key, const std::string& kdf) : PK_Ops::Key_Agreement_with_KDF(kdf), - curve(key.domain().get_curve()), - cofactor(key.domain().get_cofactor()) + m_curve(key.domain().get_curve()), + m_cofactor(key.domain().get_cofactor()) { - l_times_priv = inverse_mod(cofactor, key.domain().get_order()) * key.private_value(); + m_l_times_priv = inverse_mod(m_cofactor, key.domain().get_order()) * key.private_value(); } secure_vector<byte> raw_agree(const byte w[], size_t w_len) override { - PointGFp point = OS2ECP(w, w_len, curve); - PointGFp S = (cofactor * point) * l_times_priv; + PointGFp point = OS2ECP(w, w_len, m_curve); + PointGFp S = (m_cofactor * point) * m_l_times_priv; BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve"); - return BigInt::encode_1363(S.get_affine_x(), curve.get_p().bytes()); + return BigInt::encode_1363(S.get_affine_x(), m_curve.get_p().bytes()); } private: - const CurveGFp& curve; - const BigInt& cofactor; - BigInt l_times_priv; + const CurveGFp& m_curve; + const BigInt& m_cofactor; + BigInt m_l_times_priv; }; } diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index 4ff3cc47a..10dc195a8 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -19,8 +19,8 @@ namespace Botan { */ ElGamal_PublicKey::ElGamal_PublicKey(const DL_Group& grp, const BigInt& y1) { - group = grp; - y = y1; + m_group = grp; + m_y = y1; } /* @@ -30,13 +30,13 @@ ElGamal_PrivateKey::ElGamal_PrivateKey(RandomNumberGenerator& rng, const DL_Group& grp, const BigInt& x_arg) { - group = grp; - x = x_arg; + m_group = grp; + m_x = x_arg; - if(x == 0) - x.randomize(rng, dl_exponent_size(group_p().bits())); + if(m_x == 0) + m_x.randomize(rng, dl_exponent_size(group_p().bits())); - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); if(x_arg == 0) gen_check(rng); @@ -49,7 +49,7 @@ ElGamal_PrivateKey::ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); load_check(rng); } @@ -78,7 +78,7 @@ class ElGamal_Encryption_Operation : public PK_Ops::Encryption_with_EME public: typedef ElGamal_PublicKey Key_Type; - size_t max_raw_input_bits() const override { return mod_p.get_modulus().bits() - 1; } + size_t max_raw_input_bits() const override { return m_mod_p.get_modulus().bits() - 1; } ElGamal_Encryption_Operation(const ElGamal_PublicKey& key, const std::string& eme); @@ -86,8 +86,8 @@ class ElGamal_Encryption_Operation : public PK_Ops::Encryption_with_EME RandomNumberGenerator& rng) override; private: - Fixed_Base_Power_Mod powermod_g_p, powermod_y_p; - Modular_Reducer mod_p; + Fixed_Base_Power_Mod m_powermod_g_p, m_powermod_y_p; + Modular_Reducer m_mod_p; }; ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicKey& key, @@ -96,16 +96,16 @@ ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicK { const BigInt& p = key.group_p(); - powermod_g_p = Fixed_Base_Power_Mod(key.group_g(), p); - powermod_y_p = Fixed_Base_Power_Mod(key.get_y(), p); - mod_p = Modular_Reducer(p); + m_powermod_g_p = Fixed_Base_Power_Mod(key.group_g(), p); + m_powermod_y_p = Fixed_Base_Power_Mod(key.get_y(), p); + m_mod_p = Modular_Reducer(p); } secure_vector<byte> ElGamal_Encryption_Operation::raw_encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { - const BigInt& p = mod_p.get_modulus(); + const BigInt& p = m_mod_p.get_modulus(); BigInt m(msg, msg_len); @@ -114,8 +114,8 @@ ElGamal_Encryption_Operation::raw_encrypt(const byte msg[], size_t msg_len, BigInt k(rng, dl_exponent_size(p.bits())); - BigInt a = powermod_g_p(k); - BigInt b = mod_p.multiply(m, powermod_y_p(k)); + BigInt a = m_powermod_g_p(k); + BigInt b = m_mod_p.multiply(m, m_powermod_y_p(k)); secure_vector<byte> output(2*p.bytes()); a.binary_encode(&output[p.bytes() - a.bytes()]); @@ -132,32 +132,32 @@ class ElGamal_Decryption_Operation : public PK_Ops::Decryption_with_EME typedef ElGamal_PrivateKey Key_Type; size_t max_raw_input_bits() const override - { return mod_p.get_modulus().bits() - 1; } + { return m_mod_p.get_modulus().bits() - 1; } ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key, const std::string& eme); secure_vector<byte> raw_decrypt(const byte msg[], size_t msg_len) override; private: - Fixed_Exponent_Power_Mod powermod_x_p; - Modular_Reducer mod_p; - Blinder blinder; + Fixed_Exponent_Power_Mod m_powermod_x_p; + Modular_Reducer m_mod_p; + Blinder m_blinder; }; ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key, const std::string& eme) : PK_Ops::Decryption_with_EME(eme), - powermod_x_p(Fixed_Exponent_Power_Mod(key.get_x(), key.group_p())), - mod_p(Modular_Reducer(key.group_p())), - blinder(key.group_p(), + m_powermod_x_p(Fixed_Exponent_Power_Mod(key.get_x(), key.group_p())), + m_mod_p(Modular_Reducer(key.group_p())), + m_blinder(key.group_p(), [](const BigInt& k) { return k; }, - [this](const BigInt& k) { return powermod_x_p(k); }) + [this](const BigInt& k) { return m_powermod_x_p(k); }) { } secure_vector<byte> ElGamal_Decryption_Operation::raw_decrypt(const byte msg[], size_t msg_len) { - const BigInt& p = mod_p.get_modulus(); + const BigInt& p = m_mod_p.get_modulus(); const size_t p_bytes = p.bytes(); @@ -170,11 +170,11 @@ ElGamal_Decryption_Operation::raw_decrypt(const byte msg[], size_t msg_len) if(a >= p || b >= p) throw Invalid_Argument("ElGamal decryption: Invalid message"); - a = blinder.blind(a); + a = m_blinder.blind(a); - BigInt r = mod_p.multiply(b, inverse_mod(powermod_x_p(a), p)); + BigInt r = m_mod_p.multiply(b, inverse_mod(m_powermod_x_p(a), p)); - return BigInt::encode_locked(blinder.unblind(r)); + return BigInt::encode_locked(m_blinder.unblind(r)); } BOTAN_REGISTER_PK_ENCRYPTION_OP("ElGamal", ElGamal_Encryption_Operation); diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index f04692d12..51db47619 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -55,7 +55,7 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, // The parameters also includes hash and cipher OIDs BER_Decoder(alg_id.parameters).start_cons(SEQUENCE).decode(ecc_param_id); - domain_params = EC_Group(ecc_param_id); + m_domain_params = EC_Group(ecc_param_id); secure_vector<byte> bits; BER_Decoder(key_bits).decode(bits, OCTET_STRING); @@ -72,9 +72,9 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, BigInt x(bits.data(), part_size); BigInt y(&bits[part_size], part_size); - public_key = PointGFp(domain().get_curve(), x, y); + m_public_key = PointGFp(domain().get_curve(), x, y); - BOTAN_ASSERT(public_key.on_the_curve(), + BOTAN_ASSERT(m_public_key.on_the_curve(), "Loaded GOST 34.10 public key is on the curve"); } @@ -160,28 +160,28 @@ class GOST_3410_Verification_Operation : public PK_Ops::Verification_with_EMSA GOST_3410_Verification_Operation(const GOST_3410_PublicKey& gost, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - base_point(gost.domain().get_base_point()), - public_point(gost.public_point()), - order(gost.domain().get_order()) {} + m_base_point(gost.domain().get_base_point()), + m_public_point(gost.public_point()), + m_order(gost.domain().get_order()) {} size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return order.bytes(); } - size_t max_input_bits() const override { return order.bits(); } + size_t message_part_size() const override { return m_order.bytes(); } + size_t max_input_bits() const override { return m_order.bits(); } bool with_recovery() const override { return false; } bool verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len) override; private: - const PointGFp& base_point; - const PointGFp& public_point; - const BigInt& order; + const PointGFp& m_base_point; + const PointGFp& m_public_point; + const BigInt& m_order; }; bool GOST_3410_Verification_Operation::verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len) { - if(sig_len != order.bytes()*2) + if(sig_len != m_order.bytes()*2) return false; BigInt e = decode_le(msg, msg_len); @@ -189,20 +189,20 @@ bool GOST_3410_Verification_Operation::verify(const byte msg[], size_t msg_len, BigInt s(sig, sig_len / 2); BigInt r(sig + sig_len / 2, sig_len / 2); - if(r <= 0 || r >= order || s <= 0 || s >= order) + if(r <= 0 || r >= m_order || s <= 0 || s >= m_order) return false; - e %= order; + e %= m_order; if(e == 0) e = 1; - BigInt v = inverse_mod(e, order); + BigInt v = inverse_mod(e, m_order); - BigInt z1 = (s*v) % order; - BigInt z2 = (-r*v) % order; + BigInt z1 = (s*v) % m_order; + BigInt z2 = (-r*v) % m_order; - PointGFp R = multi_exponentiate(base_point, z1, - public_point, z2); + PointGFp R = multi_exponentiate(m_base_point, z1, + m_public_point, z2); if(R.is_zero()) return false; diff --git a/src/lib/pubkey/if_algo/if_algo.cpp b/src/lib/pubkey/if_algo/if_algo.cpp index 9c49b8dd4..a79cad116 100644 --- a/src/lib/pubkey/if_algo/if_algo.cpp +++ b/src/lib/pubkey/if_algo/if_algo.cpp @@ -15,7 +15,7 @@ namespace Botan { size_t IF_Scheme_PublicKey::estimated_strength() const { - return if_work_factor(n.bits()); + return if_work_factor(m_n.bits()); } AlgorithmIdentifier IF_Scheme_PublicKey::algorithm_identifier() const @@ -28,8 +28,8 @@ std::vector<byte> IF_Scheme_PublicKey::x509_subject_public_key() const { return DER_Encoder() .start_cons(SEQUENCE) - .encode(n) - .encode(e) + .encode(m_n) + .encode(m_e) .end_cons() .get_contents_unlocked(); } @@ -39,8 +39,8 @@ IF_Scheme_PublicKey::IF_Scheme_PublicKey(const AlgorithmIdentifier&, { BER_Decoder(key_bits) .start_cons(SEQUENCE) - .decode(n) - .decode(e) + .decode(m_n) + .decode(m_e) .verify_end() .end_cons(); } @@ -50,7 +50,7 @@ IF_Scheme_PublicKey::IF_Scheme_PublicKey(const AlgorithmIdentifier&, */ bool IF_Scheme_PublicKey::check_key(RandomNumberGenerator&, bool) const { - if(n < 35 || n.is_even() || e < 2) + if(m_n < 35 || m_n.is_even() || m_e < 2) return false; return true; } @@ -60,14 +60,14 @@ secure_vector<byte> IF_Scheme_PrivateKey::pkcs8_private_key() const return DER_Encoder() .start_cons(SEQUENCE) .encode(static_cast<size_t>(0)) - .encode(n) - .encode(e) - .encode(d) - .encode(p) - .encode(q) - .encode(d1) - .encode(d2) - .encode(c) + .encode(m_n) + .encode(m_e) + .encode(m_d) + .encode(m_p) + .encode(m_q) + .encode(m_d1) + .encode(m_d2) + .encode(m_c) .end_cons() .get_contents(); } @@ -79,14 +79,14 @@ IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, BER_Decoder(key_bits) .start_cons(SEQUENCE) .decode_and_check<size_t>(0, "Unknown PKCS #1 key format version") - .decode(n) - .decode(e) - .decode(d) - .decode(p) - .decode(q) - .decode(d1) - .decode(d2) - .decode(c) + .decode(m_n) + .decode(m_e) + .decode(m_d) + .decode(m_p) + .decode(m_q) + .decode(m_d1) + .decode(m_d2) + .decode(m_c) .end_cons(); load_check(rng); @@ -99,24 +99,24 @@ IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, const BigInt& d_exp, const BigInt& mod) { - p = prime1; - q = prime2; - e = exp; - d = d_exp; - n = mod.is_nonzero() ? mod : p * q; + m_p = prime1; + m_q = prime2; + m_e = exp; + m_d = d_exp; + m_n = mod.is_nonzero() ? mod : m_p * m_q; - if(d == 0) + if(m_d == 0) { - BigInt inv_for_d = lcm(p - 1, q - 1); - if(e.is_even()) + BigInt inv_for_d = lcm(m_p - 1, m_q - 1); + if(m_e.is_even()) inv_for_d >>= 1; - d = inverse_mod(e, inv_for_d); + m_d = inverse_mod(m_e, inv_for_d); } - d1 = d % (p - 1); - d2 = d % (q - 1); - c = inverse_mod(q, p); + m_d1 = m_d % (m_p - 1); + m_d2 = m_d % (m_q - 1); + m_c = inverse_mod(m_q, m_p); load_check(rng); } @@ -127,15 +127,15 @@ IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, bool IF_Scheme_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { - if(n < 35 || n.is_even() || e < 2 || d < 2 || p < 3 || q < 3 || p*q != n) + if(m_n < 35 || m_n.is_even() || m_e < 2 || m_d < 2 || m_p < 3 || m_q < 3 || m_p*m_q != m_n) return false; - if(d1 != d % (p - 1) || d2 != d % (q - 1) || c != inverse_mod(q, p)) + if(m_d1 != m_d % (m_p - 1) || m_d2 != m_d % (m_q - 1) || m_c != inverse_mod(m_q, m_p)) return false; const size_t prob = (strong) ? 56 : 12; - if(!is_prime(p, rng, prob) || !is_prime(q, rng, prob)) + if(!is_prime(m_p, rng, prob) || !is_prime(m_q, rng, prob)) return false; return true; } diff --git a/src/lib/pubkey/if_algo/if_algo.h b/src/lib/pubkey/if_algo/if_algo.h index dec731af3..46dbd51a9 100644 --- a/src/lib/pubkey/if_algo/if_algo.h +++ b/src/lib/pubkey/if_algo/if_algo.h @@ -24,7 +24,7 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key const secure_vector<byte>& key_bits); IF_Scheme_PublicKey(const BigInt& n, const BigInt& e) : - n(n), e(e) {} + m_n(n), m_e(e) {} bool check_key(RandomNumberGenerator& rng, bool) const override; @@ -35,21 +35,21 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key /** * @return public modulus */ - const BigInt& get_n() const { return n; } + const BigInt& get_n() const { return m_n; } /** * @return public exponent */ - const BigInt& get_e() const { return e; } + const BigInt& get_e() const { return m_e; } - size_t max_input_bits() const override { return (n.bits() - 1); } + size_t max_input_bits() const override { return (m_n.bits() - 1); } size_t estimated_strength() const override; protected: IF_Scheme_PublicKey() {} - BigInt n, e; + BigInt m_n, m_e; }; /** @@ -76,30 +76,30 @@ class BOTAN_DLL IF_Scheme_PrivateKey : public virtual IF_Scheme_PublicKey, * Get the first prime p. * @return prime p */ - const BigInt& get_p() const { return p; } + const BigInt& get_p() const { return m_p; } /** * Get the second prime q. * @return prime q */ - const BigInt& get_q() const { return q; } + const BigInt& get_q() const { return m_q; } /** * Get d with exp * d = 1 mod (p - 1, q - 1). * @return d */ - const BigInt& get_d() const { return d; } + const BigInt& get_d() const { return m_d; } - const BigInt& get_c() const { return c; } - const BigInt& get_d1() const { return d1; } - const BigInt& get_d2() const { return d2; } + const BigInt& get_c() const { return m_c; } + const BigInt& get_d1() const { return m_d1; } + const BigInt& get_d2() const { return m_d2; } secure_vector<byte> pkcs8_private_key() const override; protected: IF_Scheme_PrivateKey() {} - BigInt d, p, q, d1, d2, c; + BigInt m_d, m_p, m_q, m_d1, m_d2, m_c; }; } diff --git a/src/lib/pubkey/mce/polyn_gf2m.h b/src/lib/pubkey/mce/polyn_gf2m.h index 5d012f27b..938c1f553 100644 --- a/src/lib/pubkey/mce/polyn_gf2m.h +++ b/src/lib/pubkey/mce/polyn_gf2m.h @@ -147,8 +147,13 @@ struct polyn_gf2m static polyn_gf2m gcd_aux(polyn_gf2m& p1, polyn_gf2m& p2); public: + // public member variable: int m_deg; + + // public member variable: secure_vector<gf2m> coeff; + + // public member variable: std::shared_ptr<GF2m_Field> msp_field; }; diff --git a/src/lib/pubkey/nr/nr.cpp b/src/lib/pubkey/nr/nr.cpp index ed90c2345..64e08a111 100644 --- a/src/lib/pubkey/nr/nr.cpp +++ b/src/lib/pubkey/nr/nr.cpp @@ -24,8 +24,8 @@ NR_PublicKey::NR_PublicKey(const AlgorithmIdentifier& alg_id, */ NR_PublicKey::NR_PublicKey(const DL_Group& grp, const BigInt& y1) { - group = grp; - y = y1; + m_group = grp; + m_y = y1; } /* @@ -35,13 +35,13 @@ NR_PrivateKey::NR_PrivateKey(RandomNumberGenerator& rng, const DL_Group& grp, const BigInt& x_arg) { - group = grp; - x = x_arg; + m_group = grp; + m_x = x_arg; - if(x == 0) - x = BigInt::random_integer(rng, 2, group_q() - 1); + if(m_x == 0) + m_x = BigInt::random_integer(rng, 2, group_q() - 1); - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); if(x_arg == 0) gen_check(rng); @@ -54,7 +54,7 @@ NR_PrivateKey::NR_PrivateKey(const AlgorithmIdentifier& alg_id, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { - y = power_mod(group_g(), x, group_p()); + m_y = power_mod(group_g(), m_x, group_p()); load_check(rng); } @@ -64,7 +64,7 @@ NR_PrivateKey::NR_PrivateKey(const AlgorithmIdentifier& alg_id, */ bool NR_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { - if(!DL_Scheme_PrivateKey::check_key(rng, strong) || x >= group_q()) + if(!DL_Scheme_PrivateKey::check_key(rng, strong) || m_x >= group_q()) return false; if(!strong) @@ -84,24 +84,24 @@ class NR_Signature_Operation : public PK_Ops::Signature_with_EMSA typedef NR_PrivateKey Key_Type; NR_Signature_Operation(const NR_PrivateKey& nr, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - q(nr.group_q()), - x(nr.get_x()), - powermod_g_p(nr.group_g(), nr.group_p()), - mod_q(nr.group_q()) + m_q(nr.group_q()), + m_x(nr.get_x()), + m_powermod_g_p(nr.group_g(), nr.group_p()), + m_mod_q(nr.group_q()) { } size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return q.bytes(); } - size_t max_input_bits() const override { return (q.bits() - 1); } + size_t message_part_size() const override { return m_q.bytes(); } + size_t max_input_bits() const override { return (m_q.bits() - 1); } secure_vector<byte> raw_sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) override; private: - const BigInt& q; - const BigInt& x; - Fixed_Base_Power_Mod powermod_g_p; - Modular_Reducer mod_q; + const BigInt& m_q; + const BigInt& m_x; + Fixed_Base_Power_Mod m_powermod_g_p; + Modular_Reducer m_mod_q; }; secure_vector<byte> @@ -112,7 +112,7 @@ NR_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, BigInt f(msg, msg_len); - if(f >= q) + if(f >= m_q) throw Invalid_Argument("NR_Signature_Operation: Input is out of range"); BigInt c, d; @@ -121,14 +121,14 @@ NR_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, { BigInt k; do - k.randomize(rng, q.bits()); - while(k >= q); + k.randomize(rng, m_q.bits()); + while(k >= m_q); - c = mod_q.reduce(powermod_g_p(k) + f); - d = mod_q.reduce(k - x * c); + c = m_mod_q.reduce(m_powermod_g_p(k) + f); + d = m_mod_q.reduce(k - m_x * c); } - secure_vector<byte> output(2*q.bytes()); + secure_vector<byte> output(2*m_q.bytes()); c.binary_encode(&output[output.size() / 2 - c.bytes()]); d.binary_encode(&output[output.size() - d.bytes()]); return output; @@ -144,33 +144,33 @@ class NR_Verification_Operation : public PK_Ops::Verification_with_EMSA typedef NR_PublicKey Key_Type; NR_Verification_Operation(const NR_PublicKey& nr, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - q(nr.group_q()), y(nr.get_y()) + m_q(nr.group_q()), m_y(nr.get_y()) { - powermod_g_p = Fixed_Base_Power_Mod(nr.group_g(), nr.group_p()); - powermod_y_p = Fixed_Base_Power_Mod(y, nr.group_p()); - mod_p = Modular_Reducer(nr.group_p()); - mod_q = Modular_Reducer(nr.group_q()); + m_powermod_g_p = Fixed_Base_Power_Mod(nr.group_g(), nr.group_p()); + m_powermod_y_p = Fixed_Base_Power_Mod(m_y, nr.group_p()); + m_mod_p = Modular_Reducer(nr.group_p()); + m_mod_q = Modular_Reducer(nr.group_q()); } size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return q.bytes(); } - size_t max_input_bits() const override { return (q.bits() - 1); } + size_t message_part_size() const override { return m_q.bytes(); } + size_t max_input_bits() const override { return (m_q.bits() - 1); } bool with_recovery() const override { return true; } secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) override; private: - const BigInt& q; - const BigInt& y; + const BigInt& m_q; + const BigInt& m_y; - Fixed_Base_Power_Mod powermod_g_p, powermod_y_p; - Modular_Reducer mod_p, mod_q; + Fixed_Base_Power_Mod m_powermod_g_p, m_powermod_y_p; + Modular_Reducer m_mod_p, m_mod_q; }; secure_vector<byte> NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { - const BigInt& q = mod_q.get_modulus(); + const BigInt& q = m_mod_q.get_modulus(); if(msg_len != 2*q.bytes()) throw Invalid_Argument("NR verification: Invalid signature"); @@ -181,11 +181,11 @@ NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) if(c.is_zero() || c >= q || d >= q) throw Invalid_Argument("NR verification: Invalid signature"); - auto future_y_c = std::async(std::launch::async, powermod_y_p, c); - BigInt g_d = powermod_g_p(d); + auto future_y_c = std::async(std::launch::async, m_powermod_y_p, c); + BigInt g_d = m_powermod_g_p(d); - BigInt i = mod_p.multiply(g_d, future_y_c.get()); - return BigInt::encode_locked(mod_q.reduce(c - i)); + BigInt i = m_mod_p.multiply(g_d, future_y_c.get()); + return BigInt::encode_locked(m_mod_q.reduce(c - i)); } } diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 57fab94c5..8d75d4a29 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -27,19 +27,19 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng, if(exp < 3 || exp % 2 == 0) throw Invalid_Argument(algo_name() + ": Invalid encryption exponent"); - e = exp; + m_e = exp; do { - p = random_prime(rng, (bits + 1) / 2, e); - q = random_prime(rng, bits - p.bits(), e); - n = p * q; - } while(n.bits() != bits); + m_p = random_prime(rng, (bits + 1) / 2, m_e); + m_q = random_prime(rng, bits - m_p.bits(), m_e); + m_n = m_p * m_q; + } while(m_n.bits() != bits); - d = inverse_mod(e, lcm(p - 1, q - 1)); - d1 = d % (p - 1); - d2 = d % (q - 1); - c = inverse_mod(q, p); + m_d = inverse_mod(m_e, lcm(m_p - 1, m_q - 1)); + m_d1 = m_d % (m_p - 1); + m_d2 = m_d % (m_q - 1); + m_c = inverse_mod(m_q, m_p); gen_check(rng); } @@ -55,7 +55,7 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const if(!strong) return true; - if((e * d) % lcm(p - 1, q - 1) != 1) + if((m_e * m_d) % lcm(m_p - 1, m_q - 1) != 1) return false; return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-1)"); @@ -69,25 +69,25 @@ namespace { class RSA_Private_Operation { protected: - size_t get_max_input_bits() const { return (n.bits() - 1); } + size_t get_max_input_bits() const { return (m_n.bits() - 1); } RSA_Private_Operation(const RSA_PrivateKey& rsa) : - n(rsa.get_n()), - q(rsa.get_q()), - c(rsa.get_c()), + m_n(rsa.get_n()), + m_q(rsa.get_q()), + m_c(rsa.get_c()), m_powermod_e_n(rsa.get_e(), rsa.get_n()), m_powermod_d1_p(rsa.get_d1(), rsa.get_p()), m_powermod_d2_q(rsa.get_d2(), rsa.get_q()), m_mod_p(rsa.get_p()), - m_blinder(n, + m_blinder(m_n, [this](const BigInt& k) { return m_powermod_e_n(k); }, - [this](const BigInt& k) { return inverse_mod(k, n); }) + [this](const BigInt& k) { return inverse_mod(k, m_n); }) { } BigInt blinded_private_op(const BigInt& m) const { - if(m >= n) + if(m >= m_n) throw Invalid_Argument("RSA private op - input is too large"); return m_blinder.unblind(private_op(m_blinder.blind(m))); @@ -99,14 +99,14 @@ class RSA_Private_Operation BigInt j2 = m_powermod_d2_q(m); BigInt j1 = future_j1.get(); - j1 = m_mod_p.reduce(sub_mul(j1, j2, c)); + j1 = m_mod_p.reduce(sub_mul(j1, j2, m_c)); - return mul_add(j1, q, j2); + return mul_add(j1, m_q, j2); } - const BigInt& n; - const BigInt& q; - const BigInt& c; + const BigInt& m_n; + const BigInt& m_q; + const BigInt& m_c; Fixed_Exponent_Power_Mod m_powermod_e_n, m_powermod_d1_p, m_powermod_d2_q; Modular_Reducer m_mod_p; Blinder m_blinder; @@ -133,7 +133,7 @@ class RSA_Signature_Operation : public PK_Ops::Signature_with_EMSA, const BigInt x = blinded_private_op(m); const BigInt c = m_powermod_e_n(x); BOTAN_ASSERT(m == c, "RSA sign consistency check"); - return BigInt::encode_1363(x, n.bytes()); + return BigInt::encode_1363(x, m_n.bytes()); } }; @@ -180,7 +180,7 @@ class RSA_KEM_Decryption_Operation : public PK_Ops::KEM_Decryption_with_KDF, const BigInt x = blinded_private_op(m); const BigInt c = m_powermod_e_n(x); BOTAN_ASSERT(m == c, "RSA KEM consistency check"); - return BigInt::encode_1363(x, n.bytes()); + return BigInt::encode_1363(x, m_n.bytes()); } }; diff --git a/src/lib/pubkey/rw/rw.cpp b/src/lib/pubkey/rw/rw.cpp index aa92578af..bf6b647a1 100644 --- a/src/lib/pubkey/rw/rw.cpp +++ b/src/lib/pubkey/rw/rw.cpp @@ -28,19 +28,19 @@ RW_PrivateKey::RW_PrivateKey(RandomNumberGenerator& rng, if(exp < 2 || exp % 2 == 1) throw Invalid_Argument(algo_name() + ": Invalid encryption exponent"); - e = exp; + m_e = exp; do { - p = random_prime(rng, (bits + 1) / 2, e / 2, 3, 4); - q = random_prime(rng, bits - p.bits(), e / 2, ((p % 8 == 3) ? 7 : 3), 8); - n = p * q; - } while(n.bits() != bits); + m_p = random_prime(rng, (bits + 1) / 2, m_e / 2, 3, 4); + m_q = random_prime(rng, bits - m_p.bits(), m_e / 2, ((m_p % 8 == 3) ? 7 : 3), 8); + m_n = m_p * m_q; + } while(m_n.bits() != bits); - d = inverse_mod(e, lcm(p - 1, q - 1) >> 1); - d1 = d % (p - 1); - d2 = d % (q - 1); - c = inverse_mod(q, p); + m_d = inverse_mod(m_e, lcm(m_p - 1, m_q - 1) >> 1); + m_d1 = m_d % (m_p - 1); + m_d2 = m_d % (m_q - 1); + m_c = inverse_mod(m_q, m_p); gen_check(rng); } @@ -56,7 +56,7 @@ bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const if(!strong) return true; - if((e * d) % (lcm(p - 1, q - 1) / 2) != 1) + if((m_e * m_d) % (lcm(m_p - 1, m_q - 1) / 2) != 1) return false; return KeyPair::signature_consistency_check(rng, *this, "EMSA2(SHA-1)"); @@ -75,32 +75,32 @@ class RW_Signature_Operation : public PK_Ops::Signature_with_EMSA RW_Signature_Operation(const RW_PrivateKey& rw, const std::string& emsa) : PK_Ops::Signature_with_EMSA(emsa), - n(rw.get_n()), - e(rw.get_e()), - q(rw.get_q()), - c(rw.get_c()), - powermod_d1_p(rw.get_d1(), rw.get_p()), - powermod_d2_q(rw.get_d2(), rw.get_q()), - mod_p(rw.get_p()), - blinder(n, - [this](const BigInt& k) { return power_mod(k, e, n); }, - [this](const BigInt& k) { return inverse_mod(k, n); }) + m_n(rw.get_n()), + m_e(rw.get_e()), + m_q(rw.get_q()), + m_c(rw.get_c()), + m_powermod_d1_p(rw.get_d1(), rw.get_p()), + m_powermod_d2_q(rw.get_d2(), rw.get_q()), + m_mod_p(rw.get_p()), + m_blinder(m_n, + [this](const BigInt& k) { return power_mod(k, m_e, m_n); }, + [this](const BigInt& k) { return inverse_mod(k, m_n); }) { } - size_t max_input_bits() const override { return (n.bits() - 1); } + size_t max_input_bits() const override { return (m_n.bits() - 1); } secure_vector<byte> raw_sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) override; private: - const BigInt& n; - const BigInt& e; - const BigInt& q; - const BigInt& c; - - Fixed_Exponent_Power_Mod powermod_d1_p, powermod_d2_q; - Modular_Reducer mod_p; - Blinder blinder; + const BigInt& m_n; + const BigInt& m_e; + const BigInt& m_q; + const BigInt& m_c; + + Fixed_Exponent_Power_Mod m_powermod_d1_p, m_powermod_d2_q; + Modular_Reducer m_mod_p; + Blinder m_blinder; }; secure_vector<byte> @@ -109,23 +109,23 @@ RW_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, { BigInt i(msg, msg_len); - if(i >= n || i % 16 != 12) + if(i >= m_n || i % 16 != 12) throw Invalid_Argument("Rabin-Williams: invalid input"); - if(jacobi(i, n) != 1) + if(jacobi(i, m_n) != 1) i >>= 1; - i = blinder.blind(i); + i = m_blinder.blind(i); - auto future_j1 = std::async(std::launch::async, powermod_d1_p, i); - const BigInt j2 = powermod_d2_q(i); + auto future_j1 = std::async(std::launch::async, m_powermod_d1_p, i); + const BigInt j2 = m_powermod_d2_q(i); BigInt j1 = future_j1.get(); - j1 = mod_p.reduce(sub_mul(j1, j2, c)); + j1 = m_mod_p.reduce(sub_mul(j1, j2, m_c)); - const BigInt r = blinder.unblind(mul_add(j1, q, j2)); + const BigInt r = m_blinder.unblind(mul_add(j1, m_q, j2)); - return BigInt::encode_1363(std::min(r, n - r), n.bytes()); + return BigInt::encode_1363(std::min(r, m_n - r), m_n.bytes()); } /** @@ -138,17 +138,17 @@ class RW_Verification_Operation : public PK_Ops::Verification_with_EMSA RW_Verification_Operation(const RW_PublicKey& rw, const std::string& emsa) : PK_Ops::Verification_with_EMSA(emsa), - n(rw.get_n()), powermod_e_n(rw.get_e(), rw.get_n()) + m_n(rw.get_n()), m_powermod_e_n(rw.get_e(), rw.get_n()) {} - size_t max_input_bits() const override { return (n.bits() - 1); } + size_t max_input_bits() const override { return (m_n.bits() - 1); } bool with_recovery() const override { return true; } secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) override; private: - const BigInt& n; - Fixed_Exponent_Power_Mod powermod_e_n; + const BigInt& m_n; + Fixed_Exponent_Power_Mod m_powermod_e_n; }; secure_vector<byte> @@ -156,16 +156,16 @@ RW_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - if((m > (n >> 1)) || m.is_negative()) + if((m > (m_n >> 1)) || m.is_negative()) throw Invalid_Argument("RW signature verification: m > n / 2 || m < 0"); - BigInt r = powermod_e_n(m); + BigInt r = m_powermod_e_n(m); if(r % 16 == 12) return BigInt::encode_locked(r); if(r % 8 == 6) return BigInt::encode_locked(2*r); - r = n - r; + r = m_n - r; if(r % 16 == 12) return BigInt::encode_locked(r); if(r % 8 == 6) |