6#ifndef CRYPTOPP_IMPORTS
14void P1363_MGF1KDF2_Common(
HashTransformation &hash,
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength,
bool mask,
unsigned int counterStart)
18 word32 counter = counterStart;
21 filter.
Put(input, inputLength);
23 filter.
Put(derivationParams, derivationParamsLength);
28bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative(
30 byte *representative,
size_t representativeBitLength)
const
33 ComputeMessageRepresentative(
NullRNG(), NULLPTR, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength);
34 return VerifyBufsEqual(representative, computedRepresentative, computedRepresentative.size());
37bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative(
39 byte *representative,
size_t representativeBitLength)
const
41 SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.
DigestSize()));
43 hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage);
50 HashIdentifier
id = GetHashIdentifier();
51 const MessageEncodingInterface &encoding = GetMessageEncodingInterface();
53 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
56 size_t maxRecoverableLength = encoding.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().
DigestSize());
58 if (maxRecoverableLength == 0)
59 {
throw NotImplemented(
"TF_SignerBase: this algorithm does not support message recovery or the key is too short");}
60 if (recoverableMessageLength > maxRecoverableLength)
61 throw InvalidArgument(
"TF_SignerBase: the recoverable message part is too long for the given key and algorithm");
63 ma.m_recoverableMessage.
Assign(recoverableMessage, recoverableMessageLength);
64 encoding.ProcessRecoverableMessage(
66 recoverableMessage, recoverableMessageLength,
67 NULLPTR, 0, ma.m_semisignature);
72 CRYPTOPP_UNUSED(restart);
75 HashIdentifier
id = GetHashIdentifier();
76 const MessageEncodingInterface &encoding = GetMessageEncodingInterface();
78 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
81 SecByteBlock representative(MessageRepresentativeLength());
82 encoding.ComputeMessageRepresentative(rng,
83 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
84 ma.AccessHash(),
id, ma.m_empty,
85 representative, MessageRepresentativeBitLength());
88 Integer r(representative, representative.size());
89 size_t signatureLength = SignatureLength();
90 GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength);
91 return signatureLength;
97 HashIdentifier
id = GetHashIdentifier();
98 const MessageEncodingInterface &encoding = GetMessageEncodingInterface();
100 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
103 ma.m_representative.
New(MessageRepresentativeLength());
104 Integer x = GetTrapdoorFunctionInterface().ApplyFunction(
Integer(signature, signatureLength));
105 if (x.BitCount() > MessageRepresentativeBitLength())
107 x.Encode(ma.m_representative, ma.m_representative.
size());
113 HashIdentifier
id = GetHashIdentifier();
114 const MessageEncodingInterface &encoding = GetMessageEncodingInterface();
116 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
119 bool result = encoding.VerifyMessageRepresentative(
120 ma.AccessHash(),
id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength());
128 HashIdentifier
id = GetHashIdentifier();
129 const MessageEncodingInterface &encoding = GetMessageEncodingInterface();
131 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
134 DecodingResult result = encoding.RecoverMessageFromRepresentative(
135 ma.AccessHash(),
id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage);
142 if (ciphertextLength != FixedCiphertextLength())
143 throw InvalidArgument(AlgorithmName() +
": ciphertext length of " +
IntToString(ciphertextLength) +
" doesn't match the required length of " +
IntToString(FixedCiphertextLength()) +
" for this key");
146 Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng,
Integer(ciphertext, ciphertextLength));
147 if (x.ByteCount() > paddedBlock.size())
149 x.Encode(paddedBlock, paddedBlock.size());
150 return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
155 if (plaintextLength > FixedMaxPlaintextLength())
157 if (FixedMaxPlaintextLength() < 1)
158 throw InvalidArgument(AlgorithmName() +
": this key is too short to encrypt any messages");
160 throw InvalidArgument(AlgorithmName() +
": message length of " +
IntToString(plaintextLength) +
" exceeds the maximum of " +
IntToString(FixedMaxPlaintextLength()) +
" for this public key");
164 GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters);
165 GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng,
Integer(paddedBlock, paddedBlock.size())).Encode(ciphertext, FixedCiphertextLength());
Copy input to a memory buffer.
size_t AvailableSize()
Provides the size remaining in the Sink.
Xor input to a memory buffer.
Filter wrapper for HashTransformation.
Multiple precision integer with arithmetic operations.
static const Integer & Zero()
Integer representing 0.
An invalid argument was detected.
Interface for retrieving values given their names.
A method was called which was not implemented.
Interface for message encoding method for public key signature schemes.
Interface for accumulating messages to be signed or verified.
Exception throw when the private or public key is too short to sign or verify.
Interface for random number generators.
void New(size_type newSize)
Change size without preserving contents.
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
size_type size() const
Provides the count of elements in the SecBlock.
size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const
Sign and restart messageAccumulator.
void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const
Input a recoverable message to an accumulator.
void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
Input signature into a message accumulator.
bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
Check whether messageAccumulator contains a valid signature and message, and restart messageAccumulat...
DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &recoveryAccumulator) const
Recover a message from its signature.
Library configuration file.
unsigned int word32
32-bit unsigned datatype
CRYPTOPP_DLL RandomNumberGenerator & NullRNG()
Random Number Generator that does not produce random numbers.
Implementation of BufferedTransformation's attachment interface.
Multiple precision integer with arithmetic operations.
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
CRYPTOPP_DLL bool VerifyBufsEqual(const byte *buf1, const byte *buf2, size_t count)
Performs a near constant-time comparison of two equally sized buffers.
Crypto++ library namespace.
This file contains helper classes/functions for implementing public key algorithms.
Returns a decoding results.
bool isValidCoding
Flag to indicate the decoding is valid.
size_t messageLength
Recovered message length if isValidCoding is true, undefined otherwise.