Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members

pubkey.cpp

00001 // pubkey.cpp - written and placed in the public domain by Wei Dai
00002 
00003 #include "pch.h"
00004 #include "pubkey.h"
00005 
00006 NAMESPACE_BEGIN(CryptoPP)
00007 
00008 void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask, unsigned int counterStart)
00009 {
00010         ArraySink *sink;
00011         HashFilter filter(hash, sink = mask ? new ArrayXorSink(output, outputLength) : new ArraySink(output, outputLength));
00012         word32 counter = counterStart;
00013         while (sink->AvailableSize() > 0)
00014         {
00015                 filter.Put(input, inputLength);
00016                 filter.PutWord32(counter++);
00017                 filter.MessageEnd();
00018         }
00019 }
00020 
00021 bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative(
00022         HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
00023         byte *representative, unsigned int representativeBitLength) const
00024 {
00025         SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength));
00026         ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength);
00027         return memcmp(representative, computedRepresentative, computedRepresentative.size()) == 0;
00028 }
00029 
00030 bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative(
00031         HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
00032         byte *representative, unsigned int representativeBitLength) const
00033 {
00034         SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.DigestSize()));
00035         DecodingResult result = RecoverMessageFromRepresentative(
00036                 hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage);
00037         return result.isValidCoding && result.messageLength == 0;
00038 }
00039 
00040 void TF_SignerBase::InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const
00041 {
00042         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
00043         const MessageEncodingInterface &mei = GetMessageEncodingInterface();
00044         unsigned int maxRecoverableLength = mei.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize());
00045 
00046         if (maxRecoverableLength == 0)
00047                 {throw NotImplemented("TF_SignerBase: this algorithm does not support messsage recovery or the key is too short");}
00048         if (recoverableMessageLength > maxRecoverableLength)
00049                 throw InvalidArgument("TF_SignerBase: the recoverable message part is too long for the given key and algorithm");
00050 
00051         ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength);
00052         mei.ProcessRecoverableMessage(
00053                 ma.AccessHash(), 
00054                 recoverableMessage, recoverableMessageLength,
00055                 NULL, 0, ma.m_semisignature);
00056 }
00057 
00058 unsigned int TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
00059 {
00060         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
00061         SecByteBlock representative(MessageRepresentativeLength());
00062         GetMessageEncodingInterface().ComputeMessageRepresentative(rng, 
00063                 ma.m_recoverableMessage, ma.m_recoverableMessage.size(), 
00064                 ma.AccessHash(), GetHashIdentifier(), ma.m_empty,
00065                 representative, MessageRepresentativeBitLength());
00066         ma.m_empty = true;
00067 
00068         Integer r(representative, representative.size());
00069         unsigned int signatureLength = SignatureLength();
00070         GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength);
00071         return signatureLength;
00072 }
00073 
00074 void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const
00075 {
00076         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
00077         ma.m_representative.New(MessageRepresentativeLength());
00078         Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength));
00079         if (x.BitCount() > MessageRepresentativeBitLength())
00080                 x = Integer::Zero();    // don't return false here to prevent timing attack
00081         x.Encode(ma.m_representative, ma.m_representative.size());
00082 }
00083 
00084 bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
00085 {
00086         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
00087         bool result = GetMessageEncodingInterface().VerifyMessageRepresentative(
00088                 ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength());
00089         ma.m_empty = true;
00090         return result;
00091 }
00092 
00093 DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const
00094 {
00095         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
00096         DecodingResult result = GetMessageEncodingInterface().RecoverMessageFromRepresentative(
00097                 ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage);
00098         ma.m_empty = true;
00099         return result;
00100 }
00101 
00102 DecodingResult TF_DecryptorBase::FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const
00103 {
00104         SecByteBlock paddedBlock(PaddedBlockByteLength());
00105         Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(cipherText, FixedCiphertextLength()));
00106         if (x.ByteCount() > paddedBlock.size())
00107                 x = Integer::Zero();    // don't return false here to prevent timing attack
00108         x.Encode(paddedBlock, paddedBlock.size());
00109         return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plainText);
00110 }
00111 
00112 void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plainText, unsigned int plainTextLength, byte *cipherText) const
00113 {
00114         if (plainTextLength > FixedMaxPlaintextLength())
00115                 throw InvalidArgument(AlgorithmName() + ": message too long for this public key");
00116 
00117         SecByteBlock paddedBlock(PaddedBlockByteLength());
00118         GetMessageEncodingInterface().Pad(rng, plainText, plainTextLength, paddedBlock, PaddedBlockBitLength());
00119         GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(cipherText, FixedCiphertextLength());
00120 }
00121 
00122 NAMESPACE_END

Generated on Mon Apr 19 18:12:32 2004 for Crypto++ by doxygen 1.3.6-20040222