aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/pubkey/elgamal/elgamal.cpp37
1 files changed, 25 insertions, 12 deletions
diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp
index 6c2d6bccc..508ed1e8a 100644
--- a/src/lib/pubkey/elgamal/elgamal.cpp
+++ b/src/lib/pubkey/elgamal/elgamal.cpp
@@ -1,16 +1,15 @@
/*
* ElGamal
-* (C) 1999-2007,2018 Jack Lloyd
+* (C) 1999-2007,2018,2019 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#include <botan/elgamal.h>
#include <botan/internal/pk_ops_impl.h>
+#include <botan/internal/monty_exp.h>
#include <botan/keypair.h>
-#include <botan/reducer.h>
#include <botan/blinding.h>
-#include <botan/pow_mod.h>
namespace Botan {
@@ -63,7 +62,7 @@ bool ElGamal_PrivateKey::check_key(RandomNumberGenerator& rng,
if(!strong)
return true;
- return KeyPair::encryption_consistency_check(rng, *this, "EME1(SHA-256)");
+ return KeyPair::encryption_consistency_check(rng, *this, "OAEP(SHA-256)");
}
namespace {
@@ -86,15 +85,18 @@ class ElGamal_Encryption_Operation final : public PK_Ops::Encryption_with_EME
private:
const DL_Group m_group;
- Fixed_Base_Power_Mod m_powermod_y_p;
+ std::shared_ptr<const Montgomery_Exponentation_State> m_monty_y_p;
};
ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicKey& key,
const std::string& eme) :
PK_Ops::Encryption_with_EME(eme),
- m_group(key.get_group()),
- m_powermod_y_p(key.get_y(), m_group.get_p())
+ m_group(key.get_group())
{
+ const size_t powm_window = 4;
+ m_monty_y_p = monty_precompute(key.get_group().monty_params_p(),
+ key.get_y(),
+ powm_window);
}
secure_vector<uint8_t>
@@ -110,7 +112,7 @@ ElGamal_Encryption_Operation::raw_encrypt(const uint8_t msg[], size_t msg_len,
const BigInt k(rng, k_bits);
const BigInt a = m_group.power_g_p(k, k_bits);
- const BigInt b = m_group.multiply_mod_p(m, m_powermod_y_p(k));
+ const BigInt b = m_group.multiply_mod_p(m, monty_execute(*m_monty_y_p, k, k_bits));
return BigInt::encode_fixed_length_int_pair(a, b, m_group.p_bytes());
}
@@ -130,8 +132,17 @@ class ElGamal_Decryption_Operation final : public PK_Ops::Decryption_with_EME
secure_vector<uint8_t> raw_decrypt(const uint8_t msg[], size_t msg_len) override;
private:
+ BigInt powermod_x_p(const BigInt& v) const
+ {
+ const size_t powm_window = 4;
+ auto powm_v_p = monty_precompute(m_monty_p, v, powm_window);
+ return monty_execute(*powm_v_p, m_x, m_x_bits);
+ }
+
const DL_Group m_group;
- Fixed_Exponent_Power_Mod m_powermod_x_p;
+ const BigInt& m_x;
+ const size_t m_x_bits;
+ std::shared_ptr<const Montgomery_Params> m_monty_p;
Blinder m_blinder;
};
@@ -140,11 +151,13 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private
RandomNumberGenerator& rng) :
PK_Ops::Decryption_with_EME(eme),
m_group(key.get_group()),
- m_powermod_x_p(key.get_x(), m_group.get_p()),
+ m_x(key.get_x()),
+ m_x_bits(m_x.bits()),
+ m_monty_p(key.get_group().monty_params_p()),
m_blinder(m_group.get_p(),
rng,
[](const BigInt& k) { return k; },
- [this](const BigInt& k) { return m_powermod_x_p(k); })
+ [this](const BigInt& k) { return powermod_x_p(k); })
{
}
@@ -164,7 +177,7 @@ ElGamal_Decryption_Operation::raw_decrypt(const uint8_t msg[], size_t msg_len)
a = m_blinder.blind(a);
- const BigInt r = m_group.multiply_mod_p(m_group.inverse_mod_p(m_powermod_x_p(a)), b);
+ const BigInt r = m_group.multiply_mod_p(m_group.inverse_mod_p(powermod_x_p(a)), b);
return BigInt::encode_1363(m_blinder.unblind(r), p_bytes);
}