6 #ifndef CRYPTOPP_IMPORTS 14 void P1363_MGF1KDF2_Common(
HashTransformation &hash, byte *output,
size_t outputLength, const byte *input,
size_t inputLength, const byte *derivationParams,
size_t derivationParamsLength,
bool mask,
unsigned int counterStart)
18 word32 counter = counterStart;
19 while (sink->AvailableSize() > 0)
21 filter.Put(input, inputLength);
22 filter.PutWord32(counter++);
23 filter.Put(derivationParams, derivationParamsLength);
28 bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative(
30 byte *representative,
size_t representativeBitLength)
const 33 ComputeMessageRepresentative(
NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength);
34 return VerifyBufsEqual(representative, computedRepresentative, computedRepresentative.size());
37 bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative(
39 byte *representative,
size_t representativeBitLength)
const 41 SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.
DigestSize()));
43 hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage);
47 void TF_SignerBase::InputRecoverableMessage(
PK_MessageAccumulator &messageAccumulator,
const byte *recoverableMessage,
size_t recoverableMessageLength)
const 50 HashIdentifier
id = GetHashIdentifier();
51 const MessageEncodingInterface &encoding = GetMessageEncodingInterface();
53 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
56 size_t maxRecoverableLength = encoding.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().
DigestSize());
58 if (maxRecoverableLength == 0)
59 {
throw NotImplemented(
"TF_SignerBase: this algorithm does not support messsage recovery or the key is too short");}
60 if (recoverableMessageLength > maxRecoverableLength)
61 throw InvalidArgument(
"TF_SignerBase: the recoverable message part is too long for the given key and algorithm");
63 ma.m_recoverableMessage.
Assign(recoverableMessage, recoverableMessageLength);
64 encoding.ProcessRecoverableMessage(
66 recoverableMessage, recoverableMessageLength,
67 NULL, 0, ma.m_semisignature);
72 CRYPTOPP_UNUSED(restart);
75 HashIdentifier
id = GetHashIdentifier();
78 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
81 SecByteBlock representative(MessageRepresentativeLength());
82 encoding.ComputeMessageRepresentative(rng,
83 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
84 ma.AccessHash(), id, ma.m_empty,
85 representative, MessageRepresentativeBitLength());
89 size_t signatureLength = SignatureLength();
90 GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength);
91 return signatureLength;
97 HashIdentifier
id = GetHashIdentifier();
100 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
103 ma.m_representative.
New(MessageRepresentativeLength());
104 Integer x = GetTrapdoorFunctionInterface().ApplyFunction(
Integer(signature, signatureLength));
105 if (x.
BitCount() > MessageRepresentativeBitLength())
107 x.
Encode(ma.m_representative, ma.m_representative.
size());
113 HashIdentifier
id = GetHashIdentifier();
116 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
119 bool result = encoding.VerifyMessageRepresentative(
120 ma.AccessHash(), id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength());
128 HashIdentifier
id = GetHashIdentifier();
131 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
134 DecodingResult result = encoding.RecoverMessageFromRepresentative(
135 ma.AccessHash(), id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage);
142 if (ciphertextLength != FixedCiphertextLength())
143 throw InvalidArgument(AlgorithmName() +
": ciphertext length of " +
IntToString(ciphertextLength) +
" doesn't match the required length of " +
IntToString(FixedCiphertextLength()) +
" for this key");
146 Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng,
Integer(ciphertext, ciphertextLength));
150 return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
155 if (plaintextLength > FixedMaxPlaintextLength())
157 if (FixedMaxPlaintextLength() < 1)
158 throw InvalidArgument(AlgorithmName() +
": this key is too short to encrypt any messages");
160 throw InvalidArgument(AlgorithmName() +
": message length of " +
IntToString(plaintextLength) +
" exceeds the maximum of " +
IntToString(FixedMaxPlaintextLength()) +
" for this public key");
164 GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters);
165 GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng,
Integer(paddedBlock, paddedBlock.
size())).Encode(ciphertext, FixedCiphertextLength());
An invalid argument was detected.
bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
check whether messageAccumulator contains a valid signature and message, and restart messageAccumulat...
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
This file contains helper classes/functions for implementing public key algorithms.
DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &recoveryAccumulator) const
recover a message from its signature
Interface for message encoding method for public key signature schemes.
size_type size() const
Provides the count of elements in the SecBlock.
Library configuration file.
Interface for random number generators.
size_t messageLength
Recovered message length if isValidCoding is true, undefined otherwise.
void New(size_type newSize)
Change size without preserving contents.
SecByteBlock is a SecBlock<byte> typedef.
void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters=g_nullNameValuePairs) const
Encrypt a byte string.
unsigned int BitCount() const
number of significant bits = floor(log2(abs(*this))) + 1
Copy input to a memory buffer.
Returns a decoding results.
Xor input to a memory buffer.
A method was called which was not implemented.
Filter Wrapper for HashTransformation.
key too short exception, may be thrown by any function in this class if the private or public key is ...
size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const
sign and restart messageAccumulator
Interface for message encoding method for public key signature schemes.
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
Multiple precision integer with arithmetic operations.
RandomNumberGenerator & NullRNG()
Random Number Generator that does not produce random numbers.
Implementation of BufferedTransformation's attachment interface in cryptlib.h.
Interface for accumulating messages to be signed or verified.
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
bool VerifyBufsEqual(const byte *buf1, const byte *buf2, size_t count)
Performs a near constant-time comparison of two equally sized buffers.
static const Integer & Zero()
Integer representing 0.
bool isValidCoding
Flag to indicate the decoding is valid.
Crypto++ library namespace.
void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
input signature into a message accumulator
unsigned int ByteCount() const
number of significant bytes = ceiling(BitCount()/8)
Interface for retrieving values given their names.
DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters=g_nullNameValuePairs) const
Decrypt a byte string.