ElGamalPrivateKey.cc

/*
 * Copyright 2003 Michael A. Marsh, Cornell University. All rights reserved.
 * This software is released under the modified BSD license.
 * See the file LICENSE in the top-level directory for details.
 */
//
// $Id: ElGamalPrivateKey.cc,v 1.3 2004/05/19 15:56:47 mmarsh Exp $
//
// $Log: ElGamalPrivateKey.cc,v $
// Revision 1.3  2004/05/19 15:56:47  mmarsh
// *** empty log message ***
//
// Revision 1.2  2003/11/04 22:31:47  mmarsh
// *** empty log message ***
//
//

#include <fstream>
#include "ElGamal.h"
#include "jacobi.h"
#include "CODEX_Exceptions/BignumExceptions.h"
#include "CODEX_Exceptions/FileExceptions.h"

using namespace CODEX_Ciphers;
using namespace CODEX_Exceptions;
using CODEX_ASN1::BigNumber;
using CODEX_ASN1::SecureBigNumber;

ElGamalPrivateKey::ElGamalPrivateKey() :
   SecureBigNumber()
{
}

ElGamalPrivateKey::ElGamalPrivateKey( BIGNUM * x ) :
   SecureBigNumber( x )
{
}

ElGamalPrivateKey::ElGamalPrivateKey( const CODEX_ASN1::BigNumber& x ) :
   SecureBigNumber( x )
{
}

ElGamalPrivateKey::~ElGamalPrivateKey()
{
}

BIGNUM *
ElGamalPrivateKey::decrypt( const ElGamalCipherText& cipherText,
                            const ElGamalPublicKey& publicKey ) const
{
   BN_CTX * ctx    = 0;
   BIGNUM * retVal = 0;

   try
   {
      ctx = BN_CTX_new();
      if ( 0 == ctx )
      {
         throw BignumContextException( __FILE__ , __LINE__ );
      }

      // We're abusing retVal here, since allocating new BIGNUMs is
      // an expensive operation.
      retVal = BN_new();
      if ( 0 == retVal )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }
      // retVal = c1^x mod p
      if ( ! BN_mod_exp( retVal,
                         cipherText.c1().value(),
                         m_value,
                         publicKey.p().value(),
                         ctx ) )
      {
         throw BignumModExpException( __FILE__ , __LINE__ );
      }

      // retVal = 1/retVal mod p = c1^(-x) mod p
      if ( ! BN_mod_inverse( retVal, retVal, publicKey.p().value(), ctx ) )
      {
         throw BignumModInverseException( __FILE__ , __LINE__ );
      }

      // retVal = c2*retVal mod p = c2 * c1^(-x) mod p
      if ( ! BN_mod_mul( retVal,
                         cipherText.c2().value(),
                         retVal,
                         publicKey.p().value(),
                         ctx ) )
      {
         throw BignumModMulException( __FILE__ , __LINE__ );
      }

      // map retVal back into [0,q)
      if ( BN_cmp( retVal, publicKey.q() ) >= 0 )
      {
         if ( ! BN_sub( retVal, publicKey.p().value(), retVal ) )
         {
            throw BignumSubException( __FILE__ , __LINE__ );
         }
      }

      BN_CTX_free(ctx);
      return retVal;
   }
   catch ( ... )
   {
      if ( 0 != ctx    ) BN_CTX_free(ctx);
      if ( 0 != retVal ) BN_clear_free(retVal);
      throw;
   }
}

ElGamalSignature*
ElGamalPrivateKey::sign( const BIGNUM * message,
                         const ElGamalPublicKey& publicKey ) const
{
   if ( 0 == message )
   {
      throw BignumNullException( __FILE__ , __LINE__ );
   }

   // We're going to abuse some of the BIGNUMs we create, since
   // allocating a new BIGNUM is an expensive operation.
   BN_CTX * ctx      = 0;
   BIGNUM * q        = 0;
   BIGNUM * k        = 0;
   BIGNUM * temp     = 0;
   BIGNUM * r        = 0;
   BIGNUM * s        = 0;
   BIGNUM * xr       = 0;

   try
   {
      ctx = BN_CTX_new();
      if ( 0 == ctx )
      {
         throw BignumContextException( __FILE__ , __LINE__ );
      }

      q = (BIGNUM*)publicKey.q();

      // k is random in (1,q)
      k = BN_new();
      if ( 0 == k )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }

      temp = BN_new();
      if ( 0 == temp )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }

      do
      {
         if ( ! BN_rand_range( k, q ) )
         {
            throw BignumRandRangeException( __FILE__ , __LINE__ );
         }
      } while ( 0 >= BN_cmp( k, BN_value_one() ) ); // k=0,1 are detectable

      // r = g^k mod p
      r = BN_new();
      if ( 0 == r )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }
      if ( ! BN_mod_exp( r,
                         publicKey.g().value(),
                         k,
                         publicKey.p().value(),
                         ctx ) )
      {
         throw BignumModExpException( __FILE__ , __LINE__ );
      }

      // Abuse k : k = 1/k mod q
      if ( ! BN_mod_inverse( k, k, q, ctx ) )
      {
         throw BignumModInverseException( __FILE__ , __LINE__ );
      }

      // xr = x*r mod q
      xr = BN_new();
      if ( 0 == xr )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }
      if ( ! BN_mod_mul( xr, m_value, r, q, ctx ) )
      {
         throw BignumModMulException( __FILE__ , __LINE__ );
      }

      // temp = m - xr
      if ( ! BN_sub( temp, message, xr ) )
      {
         throw BignumSubException( __FILE__ , __LINE__ );
      }

      // temp = temp + q (make non-negative)
      if ( ! BN_add( temp, temp, q ) )
      {
         throw BignumAddException( __FILE__ , __LINE__ );
      }

      // s = k*temp mod q = (m-x*r)/k mod q
      s = BN_new();
      if ( 0 == s )
      {
         throw BignumNullException( __FILE__ , __LINE__ );
      }
      if ( ! BN_mod_mul( s, k, temp, q, ctx ) )
      {
         throw BignumModMulException( __FILE__ , __LINE__ );
      }

      BN_clear_free( k );     k = 0;
      BN_clear_free( temp );  temp = 0;
      BN_clear_free( xr );    xr = 0;
      BN_CTX_free( ctx );     ctx = 0;

      return new ElGamalSignature( r, s );
   }
   catch ( ... )
   {
      if ( 0 != ctx      ) BN_CTX_free( ctx );
      if ( 0 != k        ) BN_clear_free( k );
      if ( 0 != temp     ) BN_clear_free( temp );
      if ( 0 != xr       ) BN_clear_free( xr );
      if ( 0 != r        ) BN_free( r );
      if ( 0 != s        ) BN_free( s );
      throw;
   }
}

void
ElGamalPrivateKey::toFile(const char* fname) const
{
   int length = marshal(0);
   if ( 0 == length ) return;
   unsigned char* buff = new unsigned char[length];
   unsigned char* p = buff;
   marshal(&p);
   ofstream os(fname);
   if ( ! os.is_open() )
   {
      delete [] buff;
      throw FileCannotCreateException( __FILE__ , __LINE__ , fname );
   }
   for ( int i = 0 ; i < length ; ++i )
   {
      os << buff[i];
   }
   os.close();
   delete [] buff;
}

void*
ElGamalPrivateKey::fromFile(const char* fname)
{
   ifstream is(fname);
   if ( ! is.is_open() )
   {
      throw FileCannotOpenException( __FILE__ , __LINE__ , fname );
   }
   string s;
   char ch;
   while ( is.get(ch) )
   {
      s.push_back(ch);
   }
   //basic_string<unsigned char> s;
   //is >> s;
   unsigned int length = s.length();
   unsigned char* p = new unsigned char[ length ];
   unsigned char* pOrig = p;
   for ( unsigned int i = 0 ; i < length ; ++i )
   {
      p[i] = s.data()[i];
   }
   //unsigned char* p = (unsigned char*)s.data();
   void* retVal = unmarshal(0,&p,length);
   delete [] pOrig;
   return retVal;
}

---