Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members

pubkey.cpp

00001 // pubkey.cpp - written and placed in the public domain by Wei Dai 00002 00003 #include "pch.h" 00004 #include "pubkey.h" 00005 00006 NAMESPACE_BEGIN(CryptoPP) 00007 00008 void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask, unsigned int counterStart) 00009 { 00010 ArraySink *sink; 00011 HashFilter filter(hash, sink = mask ? new ArrayXorSink(output, outputLength) : new ArraySink(output, outputLength)); 00012 word32 counter = counterStart; 00013 while (sink->AvailableSize() > 0) 00014 { 00015 filter.Put(input, inputLength); 00016 filter.PutWord32(counter++); 00017 filter.MessageEnd(); 00018 } 00019 } 00020 00021 bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative( 00022 HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, 00023 byte *representative, unsigned int representativeBitLength) const 00024 { 00025 SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength)); 00026 ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength); 00027 return memcmp(representative, computedRepresentative, computedRepresentative.size()) == 0; 00028 } 00029 00030 bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative( 00031 HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, 00032 byte *representative, unsigned int representativeBitLength) const 00033 { 00034 SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.DigestSize())); 00035 DecodingResult result = RecoverMessageFromRepresentative( 00036 hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage); 00037 return result.isValidCoding && result.messageLength == 0; 00038 } 00039 00040 void TF_SignerBase::InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const 00041 { 00042 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00043 const MessageEncodingInterface &mei = GetMessageEncodingInterface(); 00044 unsigned int maxRecoverableLength = mei.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize()); 00045 00046 if (maxRecoverableLength == 0) 00047 {throw NotImplemented("TF_SignerBase: this algorithm does not support messsage recovery or the key is too short");} 00048 if (recoverableMessageLength > maxRecoverableLength) 00049 throw InvalidArgument("TF_SignerBase: the recoverable message part is too long for the given key and algorithm"); 00050 00051 ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); 00052 mei.ProcessRecoverableMessage( 00053 ma.AccessHash(), 00054 recoverableMessage, recoverableMessageLength, 00055 NULL, 0, ma.m_semisignature); 00056 } 00057 00058 unsigned int TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const 00059 { 00060 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00061 SecByteBlock representative(MessageRepresentativeLength()); 00062 GetMessageEncodingInterface().ComputeMessageRepresentative(rng, 00063 ma.m_recoverableMessage, ma.m_recoverableMessage.size(), 00064 ma.AccessHash(), GetHashIdentifier(), ma.m_empty, 00065 representative, MessageRepresentativeBitLength()); 00066 ma.m_empty = true; 00067 00068 Integer r(representative, representative.size()); 00069 unsigned int signatureLength = SignatureLength(); 00070 GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength); 00071 return signatureLength; 00072 } 00073 00074 void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const 00075 { 00076 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00077 ma.m_representative.New(MessageRepresentativeLength()); 00078 Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength)); 00079 if (x.BitCount() > MessageRepresentativeBitLength()) 00080 x = Integer::Zero(); // don't return false here to prevent timing attack 00081 x.Encode(ma.m_representative, ma.m_representative.size()); 00082 } 00083 00084 bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const 00085 { 00086 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00087 bool result = GetMessageEncodingInterface().VerifyMessageRepresentative( 00088 ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength()); 00089 ma.m_empty = true; 00090 return result; 00091 } 00092 00093 DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const 00094 { 00095 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00096 DecodingResult result = GetMessageEncodingInterface().RecoverMessageFromRepresentative( 00097 ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage); 00098 ma.m_empty = true; 00099 return result; 00100 } 00101 00102 DecodingResult TF_DecryptorBase::FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const 00103 { 00104 SecByteBlock paddedBlock(PaddedBlockByteLength()); 00105 Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(cipherText, FixedCiphertextLength())); 00106 if (x.ByteCount() > paddedBlock.size()) 00107 x = Integer::Zero(); // don't return false here to prevent timing attack 00108 x.Encode(paddedBlock, paddedBlock.size()); 00109 return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plainText); 00110 } 00111 00112 void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plainText, unsigned int plainTextLength, byte *cipherText) const 00113 { 00114 if (plainTextLength > FixedMaxPlaintextLength()) 00115 throw InvalidArgument(AlgorithmName() + ": message too long for this public key"); 00116 00117 SecByteBlock paddedBlock(PaddedBlockByteLength()); 00118 GetMessageEncodingInterface().Pad(rng, plainText, plainTextLength, paddedBlock, PaddedBlockBitLength()); 00119 GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(cipherText, FixedCiphertextLength()); 00120 } 00121 00122 NAMESPACE_END

Generated on Wed Jul 28 08:07:08 2004 for Crypto++ by doxygen 1.3.7