monotone

monotone Mtn Source Tree

Root/cryptopp/pubkey.cpp

1// pubkey.cpp - written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4#include "pubkey.h"
5
6NAMESPACE_BEGIN(CryptoPP)
7
8void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask, unsigned int counterStart)
9{
10ArraySink *sink;
11HashFilter filter(hash, sink = mask ? new ArrayXorSink(output, outputLength) : new ArraySink(output, outputLength));
12word32 counter = counterStart;
13while (sink->AvailableSize() > 0)
14{
15filter.Put(input, inputLength);
16filter.PutWord32(counter++);
17filter.MessageEnd();
18}
19}
20
21bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative(
22HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
23byte *representative, unsigned int representativeBitLength) const
24{
25SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength));
26ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength);
27return memcmp(representative, computedRepresentative, computedRepresentative.size()) == 0;
28}
29
30bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative(
31HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
32byte *representative, unsigned int representativeBitLength) const
33{
34SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.DigestSize()));
35DecodingResult result = RecoverMessageFromRepresentative(
36hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage);
37return result.isValidCoding && result.messageLength == 0;
38}
39
40void TF_SignerBase::InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const
41{
42PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
43const MessageEncodingInterface &mei = GetMessageEncodingInterface();
44unsigned int maxRecoverableLength = mei.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize());
45
46if (maxRecoverableLength == 0)
47{throw NotImplemented("TF_SignerBase: this algorithm does not support messsage recovery or the key is too short");}
48if (recoverableMessageLength > maxRecoverableLength)
49throw InvalidArgument("TF_SignerBase: the recoverable message part is too long for the given key and algorithm");
50
51ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength);
52mei.ProcessRecoverableMessage(
53ma.AccessHash(),
54recoverableMessage, recoverableMessageLength,
55NULL, 0, ma.m_semisignature);
56}
57
58unsigned int TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
59{
60PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
61SecByteBlock representative(MessageRepresentativeLength());
62GetMessageEncodingInterface().ComputeMessageRepresentative(rng,
63ma.m_recoverableMessage, ma.m_recoverableMessage.size(),
64ma.AccessHash(), GetHashIdentifier(), ma.m_empty,
65representative, MessageRepresentativeBitLength());
66ma.m_empty = true;
67
68Integer r(representative, representative.size());
69unsigned int signatureLength = SignatureLength();
70GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength);
71return signatureLength;
72}
73
74void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const
75{
76PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
77ma.m_representative.New(MessageRepresentativeLength());
78Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength));
79if (x.BitCount() > MessageRepresentativeBitLength())
80x = Integer::Zero();// don't return false here to prevent timing attack
81x.Encode(ma.m_representative, ma.m_representative.size());
82}
83
84bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
85{
86PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
87bool result = GetMessageEncodingInterface().VerifyMessageRepresentative(
88ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength());
89ma.m_empty = true;
90return result;
91}
92
93DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const
94{
95PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
96DecodingResult result = GetMessageEncodingInterface().RecoverMessageFromRepresentative(
97ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage);
98ma.m_empty = true;
99return result;
100}
101
102DecodingResult TF_DecryptorBase::FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const
103{
104SecByteBlock paddedBlock(PaddedBlockByteLength());
105Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(cipherText, FixedCiphertextLength()));
106if (x.ByteCount() > paddedBlock.size())
107x = Integer::Zero();// don't return false here to prevent timing attack
108x.Encode(paddedBlock, paddedBlock.size());
109return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plainText);
110}
111
112void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plainText, unsigned int plainTextLength, byte *cipherText) const
113{
114if (plainTextLength > FixedMaxPlaintextLength())
115throw InvalidArgument(AlgorithmName() + ": message too long for this public key");
116
117SecByteBlock paddedBlock(PaddedBlockByteLength());
118GetMessageEncodingInterface().Pad(rng, plainText, plainTextLength, paddedBlock, PaddedBlockBitLength());
119GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(cipherText, FixedCiphertextLength());
120}
121
122NAMESPACE_END

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status