diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/pubkey/elgamal/elgamal.cpp | 37 |
1 files changed, 25 insertions, 12 deletions
diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index 6c2d6bccc..508ed1e8a 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -1,16 +1,15 @@ /* * ElGamal -* (C) 1999-2007,2018 Jack Lloyd +* (C) 1999-2007,2018,2019 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/elgamal.h> #include <botan/internal/pk_ops_impl.h> +#include <botan/internal/monty_exp.h> #include <botan/keypair.h> -#include <botan/reducer.h> #include <botan/blinding.h> -#include <botan/pow_mod.h> namespace Botan { @@ -63,7 +62,7 @@ bool ElGamal_PrivateKey::check_key(RandomNumberGenerator& rng, if(!strong) return true; - return KeyPair::encryption_consistency_check(rng, *this, "EME1(SHA-256)"); + return KeyPair::encryption_consistency_check(rng, *this, "OAEP(SHA-256)"); } namespace { @@ -86,15 +85,18 @@ class ElGamal_Encryption_Operation final : public PK_Ops::Encryption_with_EME private: const DL_Group m_group; - Fixed_Base_Power_Mod m_powermod_y_p; + std::shared_ptr<const Montgomery_Exponentation_State> m_monty_y_p; }; ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicKey& key, const std::string& eme) : PK_Ops::Encryption_with_EME(eme), - m_group(key.get_group()), - m_powermod_y_p(key.get_y(), m_group.get_p()) + m_group(key.get_group()) { + const size_t powm_window = 4; + m_monty_y_p = monty_precompute(key.get_group().monty_params_p(), + key.get_y(), + powm_window); } secure_vector<uint8_t> @@ -110,7 +112,7 @@ ElGamal_Encryption_Operation::raw_encrypt(const uint8_t msg[], size_t msg_len, const BigInt k(rng, k_bits); const BigInt a = m_group.power_g_p(k, k_bits); - const BigInt b = m_group.multiply_mod_p(m, m_powermod_y_p(k)); + const BigInt b = m_group.multiply_mod_p(m, monty_execute(*m_monty_y_p, k, k_bits)); return BigInt::encode_fixed_length_int_pair(a, b, m_group.p_bytes()); } @@ -130,8 +132,17 @@ class ElGamal_Decryption_Operation final : public PK_Ops::Decryption_with_EME secure_vector<uint8_t> raw_decrypt(const uint8_t msg[], size_t msg_len) override; private: + BigInt powermod_x_p(const BigInt& v) const + { + const size_t powm_window = 4; + auto powm_v_p = monty_precompute(m_monty_p, v, powm_window); + return monty_execute(*powm_v_p, m_x, m_x_bits); + } + const DL_Group m_group; - Fixed_Exponent_Power_Mod m_powermod_x_p; + const BigInt& m_x; + const size_t m_x_bits; + std::shared_ptr<const Montgomery_Params> m_monty_p; Blinder m_blinder; }; @@ -140,11 +151,13 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private RandomNumberGenerator& rng) : PK_Ops::Decryption_with_EME(eme), m_group(key.get_group()), - m_powermod_x_p(key.get_x(), m_group.get_p()), + m_x(key.get_x()), + m_x_bits(m_x.bits()), + m_monty_p(key.get_group().monty_params_p()), m_blinder(m_group.get_p(), rng, [](const BigInt& k) { return k; }, - [this](const BigInt& k) { return m_powermod_x_p(k); }) + [this](const BigInt& k) { return powermod_x_p(k); }) { } @@ -164,7 +177,7 @@ ElGamal_Decryption_Operation::raw_decrypt(const uint8_t msg[], size_t msg_len) a = m_blinder.blind(a); - const BigInt r = m_group.multiply_mod_p(m_group.inverse_mod_p(m_powermod_x_p(a)), b); + const BigInt r = m_group.multiply_mod_p(m_group.inverse_mod_p(powermod_x_p(a)), b); return BigInt::encode_1363(m_blinder.unblind(r), p_bytes); } |