6#ifndef CRYPTOPP_IMPORTS
12NAMESPACE_BEGIN(CryptoPP)
14void P1363_MGF1KDF2_Common(
HashTransformation &hash,
byte *output,
size_t outputLength,
const byte *input,
size_t inputLength,
const byte *derivationParams,
size_t derivationParamsLength,
bool mask,
unsigned int counterStart)
18 word32 counter = counterStart;
21 filter.
Put(input, inputLength);
23 filter.
Put(derivationParams, derivationParamsLength);
28bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative(
30 byte *representative,
size_t representativeBitLength)
const
33 ComputeMessageRepresentative(NullRNG(), NULLPTR, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength);
34 return VerifyBufsEqual(representative, computedRepresentative, computedRepresentative.size());
37bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative(
39 byte *representative,
size_t representativeBitLength)
const
41 SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.
DigestSize()));
43 hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage);
50 HashIdentifier
id = GetHashIdentifier();
53 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
56 size_t maxRecoverableLength = encoding.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().
DigestSize());
58 if (maxRecoverableLength == 0)
59 {
throw NotImplemented(
"TF_SignerBase: this algorithm does not support message recovery or the key is too short");}
60 if (recoverableMessageLength > maxRecoverableLength)
61 throw InvalidArgument(
"TF_SignerBase: the recoverable message part is too long for the given key and algorithm");
63 ma.m_recoverableMessage.
Assign(recoverableMessage, recoverableMessageLength);
64 encoding.ProcessRecoverableMessage(
66 recoverableMessage, recoverableMessageLength,
67 NULLPTR, 0, ma.m_semisignature);
72 CRYPTOPP_UNUSED(restart);
75 HashIdentifier
id = GetHashIdentifier();
78 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
81 SecByteBlock representative(MessageRepresentativeLength());
82 encoding.ComputeMessageRepresentative(rng,
83 ma.m_recoverableMessage, ma.m_recoverableMessage.
size(),
84 ma.AccessHash(),
id, ma.m_empty,
85 representative, MessageRepresentativeBitLength());
89 size_t signatureLength = SignatureLength();
91 return signatureLength;
97 HashIdentifier
id = GetHashIdentifier();
100 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
103 ma.m_representative.
New(MessageRepresentativeLength());
105 if (x.BitCount() > MessageRepresentativeBitLength())
107 x.Encode(ma.m_representative, ma.m_representative.
size());
113 HashIdentifier
id = GetHashIdentifier();
116 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
119 bool result = encoding.VerifyMessageRepresentative(
120 ma.AccessHash(),
id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength());
128 HashIdentifier
id = GetHashIdentifier();
131 if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(
id.second, ma.AccessHash().
DigestSize()))
134 DecodingResult result = encoding.RecoverMessageFromRepresentative(
135 ma.AccessHash(),
id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage);
142 if (ciphertextLength != FixedCiphertextLength())
143 throw InvalidArgument(AlgorithmName() +
": ciphertext length of " +
IntToString(ciphertextLength) +
" doesn't match the required length of " +
IntToString(FixedCiphertextLength()) +
" for this key");
147 if (x.ByteCount() > paddedBlock.size())
149 x.Encode(paddedBlock, paddedBlock.size());
150 return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
155 if (plaintextLength > FixedMaxPlaintextLength())
157 if (FixedMaxPlaintextLength() < 1)
158 throw InvalidArgument(AlgorithmName() +
": this key is too short to encrypt any messages");
160 throw InvalidArgument(AlgorithmName() +
": message length of " +
IntToString(plaintextLength) +
" exceeds the maximum of " +
IntToString(FixedMaxPlaintextLength()) +
" for this public key");
164 GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters);
Copy input to a memory buffer.
size_t AvailableSize()
Provides the size remaining in the Sink.
Xor input to a memory buffer.
Filter wrapper for HashTransformation.
Multiple precision integer with arithmetic operations.
static const Integer &CRYPTOPP_API Zero()
Integer representing 0.
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
An invalid argument was detected.
Interface for retrieving values given their names.
A method was called which was not implemented.
Interface for message encoding method for public key signature schemes.
Interface for accumulating messages to be signed or verified.
Interface for message encoding method for public key signature schemes.
Exception throw when the private or public key is too short to sign or verify.
Interface for random number generators.
virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0
Applies the trapdoor function, using random data if required.
virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0
Applies the inverse of the trapdoor function, using random data if required.
void New(size_type newSize)
Change size without preserving contents.
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
size_type size() const
Provides the count of elements in the SecBlock.
size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const
Sign and restart messageAccumulator.
void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const
Input a recoverable message to an accumulator.
void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
Input signature into a message accumulator.
bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
Check whether messageAccumulator contains a valid signature and message, and restart messageAccumulat...
DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &recoveryAccumulator) const
Recover a message from its signature.
virtual Integer ApplyFunction(const Integer &x) const =0
Applies the trapdoor.
virtual Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const =0
Calculates the inverse of an element.
Library configuration file.
unsigned int word32
32-bit unsigned datatype
Implementation of BufferedTransformation's attachment interface.
Multiple precision integer with arithmetic operations.
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
This file contains helper classes/functions for implementing public key algorithms.
Returns a decoding results.
bool isValidCoding
Flag to indicate the decoding is valid.
size_t messageLength
Recovered message length if isValidCoding is true, undefined otherwise.