cryptopp_2pubkey_8cpp_source.html

 // pubkey.cpp - written and placed in the public domain by Wei Dai

 #include "pch.h"
 #include "config.h"

 #ifndef CRYPTOPP_IMPORTS

 #include "pubkey.h"
 #include "integer.h"
 #include "filters.h"

 NAMESPACE_BEGIN(CryptoPP)

 void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength, bool mask, unsigned int counterStart)
 {
         ArraySink *sink;
         HashFilter filter(hash, sink = mask ? new ArrayXorSink(output, outputLength) : new ArraySink(output, outputLength));
         word32 counter = counterStart;
         while (sink->AvailableSize() > 0)
         {
                 filter.Put(input, inputLength);
                 filter.PutWord32(counter++);
                 filter.Put(derivationParams, derivationParamsLength);
                 filter.MessageEnd();
         }
 }

 bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative(
         HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
         byte *representative, size_t representativeBitLength) const
 {
         SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength));
         ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength);
         return VerifyBufsEqual(representative, computedRepresentative, computedRepresentative.size());
 }

 bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative(
         HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
         byte *representative, size_t representativeBitLength) const
 {
         SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.DigestSize()));
         DecodingResult result = RecoverMessageFromRepresentative(
                 hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage);
         return result.isValidCoding && result.messageLength == 0;
 }

 void TF_SignerBase::InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const
 {
         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
         HashIdentifier id = GetHashIdentifier();
         const MessageEncodingInterface &encoding = GetMessageEncodingInterface();

         if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize()))
                 throw PK_SignatureScheme::KeyTooShort();

         size_t maxRecoverableLength = encoding.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize());

         if (maxRecoverableLength == 0)
                 {throw NotImplemented("TF_SignerBase: this algorithm does not support message recovery or the key is too short");}
         if (recoverableMessageLength > maxRecoverableLength)
                 throw InvalidArgument("TF_SignerBase: the recoverable message part is too long for the given key and algorithm");

         ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength);
         encoding.ProcessRecoverableMessage(
                 ma.AccessHash(),
                 recoverableMessage, recoverableMessageLength,
                 NULL, 0, ma.m_semisignature);
 }

 size_t TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
 {
         CRYPTOPP_UNUSED(restart);

         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
         HashIdentifier id = GetHashIdentifier();
         const MessageEncodingInterface &encoding = GetMessageEncodingInterface();

         if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize()))
                 throw PK_SignatureScheme::KeyTooShort();

         SecByteBlock representative(MessageRepresentativeLength());
         encoding.ComputeMessageRepresentative(rng,
                 ma.m_recoverableMessage, ma.m_recoverableMessage.size(),
                 ma.AccessHash(), id, ma.m_empty,
                 representative, MessageRepresentativeBitLength());
         ma.m_empty = true;

         Integer r(representative, representative.size());
         size_t signatureLength = SignatureLength();
         GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength);
         return signatureLength;
 }

 void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
 {
         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
         HashIdentifier id = GetHashIdentifier();
         const MessageEncodingInterface &encoding = GetMessageEncodingInterface();

         if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize()))
                 throw PK_SignatureScheme::KeyTooShort();

         ma.m_representative.New(MessageRepresentativeLength());
         Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength));
         if (x.BitCount() > MessageRepresentativeBitLength())
                 x = Integer::Zero();    // don't return false here to prevent timing attack
         x.Encode(ma.m_representative, ma.m_representative.size());
 }

 bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
 {
         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
         HashIdentifier id = GetHashIdentifier();
         const MessageEncodingInterface &encoding = GetMessageEncodingInterface();

         if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize()))
                 throw PK_SignatureScheme::KeyTooShort();

         bool result = encoding.VerifyMessageRepresentative(
                 ma.AccessHash(), id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength());
         ma.m_empty = true;
         return result;
 }

 DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const
 {
         PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
         HashIdentifier id = GetHashIdentifier();
         const MessageEncodingInterface &encoding = GetMessageEncodingInterface();

         if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize()))
                 throw PK_SignatureScheme::KeyTooShort();

         DecodingResult result = encoding.RecoverMessageFromRepresentative(
                 ma.AccessHash(), id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage);
         ma.m_empty = true;
         return result;
 }

 DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters) const
 {
         if (ciphertextLength != FixedCiphertextLength())
                         throw InvalidArgument(AlgorithmName() + ": ciphertext length of " + IntToString(ciphertextLength) + " doesn't match the required length of " + IntToString(FixedCiphertextLength()) + " for this key");

         SecByteBlock paddedBlock(PaddedBlockByteLength());
         Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, ciphertextLength));
         if (x.ByteCount() > paddedBlock.size())
                 x = Integer::Zero();    // don't return false here to prevent timing attack
         x.Encode(paddedBlock, paddedBlock.size());
         return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
 }

 void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters) const
 {
         if (plaintextLength > FixedMaxPlaintextLength())
         {
                 if (FixedMaxPlaintextLength() < 1)
                         throw InvalidArgument(AlgorithmName() + ": this key is too short to encrypt any messages");
                 else
                         throw InvalidArgument(AlgorithmName() + ": message length of " + IntToString(plaintextLength) + " exceeds the maximum of " + IntToString(FixedMaxPlaintextLength()) + " for this public key");
         }

         SecByteBlock paddedBlock(PaddedBlockByteLength());
         GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters);
         GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(ciphertext, FixedCiphertextLength());
 }

 NAMESPACE_END

 #endif
InvalidArgument
An invalid argument was detected.
Definition: cryptlib.h:184

TF_VerifierBase::VerifyAndRestart
bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
Check whether messageAccumulator contains a valid signature and message, and restart messageAccumulat...
Definition: pubkey.cpp:110

byte
uint8_t byte
Definition: Common.h:57

TF_SignerBase::InputRecoverableMessage
void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const
Input a recoverable message to an accumulator.
Definition: pubkey.cpp:47

Integer::Encode
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Definition: integer.cpp:3369

PK_SignatureMessageEncodingMethod::VerifyMessageRepresentative
virtual bool VerifyMessageRepresentative(HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, byte *representative, size_t representativeBitLength) const =0

BitsToBytes
size_t BitsToBytes(size_t bitCount)
Returns the number of 8-bit bytes or octets required for the specified number of bits.
Definition: misc.h:749

PK_SignatureMessageEncodingMethod::RecoverMessageFromRepresentative
virtual DecodingResult RecoverMessageFromRepresentative(HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, byte *representative, size_t representativeBitLength, byte *recoveredMessage) const
Definition: pubkey.h:370

TF_VerifierBase::RecoverAndRestart
DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &recoveryAccumulator) const
Recover a message from its signature.
Definition: pubkey.cpp:125

PK_SignatureMessageEncodingMethod::MinRepresentativeBitLength
virtual size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const
Definition: pubkey.h:327

PK_MessageAccumulatorBase::m_recoverableMessage
SecByteBlock m_recoverableMessage
Definition: pubkey.h:467

NAMESPACE_BEGIN
#define NAMESPACE_BEGIN(x)
Definition: config.h:200

PK_SignatureMessageEncodingMethod::ProcessRecoverableMessage
virtual void ProcessRecoverableMessage(HashTransformation &hash, const byte *recoverableMessage, size_t recoverableMessageLength, const byte *presignature, size_t presignatureLength, SecByteBlock &semisignature) const
Definition: pubkey.h:350

PK_SignatureMessageEncodingMethod
Interface for message encoding method for public key signature schemes.
Definition: pubkey.h:322

SecBlock< byte >

SecBlock::size
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:524

PK_SignatureMessageEncodingMethod::ComputeMessageRepresentative
virtual void ComputeMessageRepresentative(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, byte *representative, size_t representativeBitLength) const =0

config.h
Library configuration file.

RandomNumberGenerator
Interface for random number generators.
Definition: cryptlib.h:1188

DecodingResult::messageLength
size_t messageLength
Recovered message length if isValidCoding is true, undefined otherwise.
Definition: cryptlib.h:261

SecBlock::New
void New(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:647

PK_SignatureMessageEncodingMethod::MaxRecoverableLength
virtual size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const
Definition: pubkey.h:329

pubkey.h

TF_EncryptorBase::Encrypt
void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters=g_nullNameValuePairs) const
Encrypt a byte string.
Definition: pubkey.cpp:153

Integer::BitCount
unsigned int BitCount() const
Determines the number of bits required to represent the Integer.
Definition: integer.cpp:3305

BufferedTransformation::MessageEnd
bool MessageEnd(int propagation=-1, bool blocking=true)
Signals the end of messages to the object.
Definition: cryptlib.h:1434

ArraySink
Copy input to a memory buffer.
Definition: filters.h:1101

DecodingResult
Returns a decoding results.
Definition: cryptlib.h:238

x
#define x(i)

PK_MessageAccumulatorBase::m_empty
bool m_empty
Definition: pubkey.h:469

ArrayXorSink
Xor input to a memory buffer.
Definition: filters.h:1138

NotImplemented
A method was called which was not implemented.
Definition: cryptlib.h:205

HashFilter
Filter wrapper for HashTransformation.
Definition: filters.h:521

PK_SignatureScheme::KeyTooShort
Exception throw when the private or public key is too short to sign or verify.
Definition: cryptlib.h:2448

BufferedTransformation::Put
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition: cryptlib.h:1376

P1363_MGF1KDF2_Common
void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength, bool mask, unsigned int counterStart)
Definition: pubkey.cpp:14

TF_SignerBase::SignAndRestart
size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const
Sign and restart messageAccumulator.
Definition: pubkey.cpp:70

PK_MessageAccumulatorBase
Interface for message encoding method for public key signature schemes.
Definition: pubkey.h:454

SecBlock::Assign
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
Definition: secblock.h:544

Integer
Multiple precision integer with arithmetic operations.
Definition: integer.h:43

pch.h

ArraySink::AvailableSize
size_t AvailableSize()
Provides the size remaining in the Sink.
Definition: filters.h:1120

PK_MessageAccumulatorBase::AccessHash
virtual HashTransformation & AccessHash()=0

filters.h
Implementation of BufferedTransformation&#39;s attachment interface.

PK_MessageAccumulator
Interface for accumulating messages to be signed or verified.
Definition: cryptlib.h:2510

BufferedTransformation::PutWord32
size_t PutWord32(word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true)
Input a 32-bit word for processing.
Definition: cryptlib.cpp:719

PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative
bool VerifyMessageRepresentative(HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, byte *representative, size_t representativeBitLength) const
Definition: pubkey.cpp:37

HashTransformation::DigestSize
virtual unsigned int DigestSize() const =0
Provides the digest size of the hash.

CRYPTOPP_UNUSED
#define CRYPTOPP_UNUSED(x)
Definition: config.h:741

NullRNG
RandomNumberGenerator & NullRNG()
Random Number Generator that does not produce random numbers.
Definition: cryptlib.cpp:402

HashTransformation
Interface for hash functions and data processing part of MACs.
Definition: cryptlib.h:930

PK_MessageAccumulatorBase::m_representative
SecByteBlock m_representative
Definition: pubkey.h:467

IntToString
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:539

integer.h
Multiple precision integer with arithmetic operations.

Integer::Zero
static const Integer &CRYPTOPP_API Zero()
Integer representing 0.
Definition: integer.cpp:3027

NAMESPACE_END
#define NAMESPACE_END
Definition: config.h:201

parameters
std::vector< char * > parameters
Definition: boostTest.cpp:46

DecodingResult::isValidCoding
bool isValidCoding
Flag to indicate the decoding is valid.
Definition: cryptlib.h:259

CryptoPP

HashIdentifier
std::pair< const byte *, unsigned int > HashIdentifier
Definition: pubkey.h:314

PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative
bool VerifyMessageRepresentative(HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, byte *representative, size_t representativeBitLength) const
Definition: pubkey.cpp:28

word32
unsigned int word32
Definition: config.h:231

TF_VerifierBase::InputSignature
void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
Input signature into a message accumulator.
Definition: pubkey.cpp:94

PK_MessageAccumulatorBase::m_semisignature
SecByteBlock m_semisignature
Definition: pubkey.h:467

Integer::ByteCount
unsigned int ByteCount() const
Determines the number of bytes required to represent the Integer.
Definition: integer.cpp:3296

VerifyBufsEqual
bool VerifyBufsEqual(const byte *buf, const byte *mask, size_t count)
Performs a near constant-time comparison of two equally sized buffers.
Definition: misc.cpp:96

NameValuePairs
Interface for retrieving values given their names.
Definition: cryptlib.h:279

TF_DecryptorBase::Decrypt
DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters=g_nullNameValuePairs) const
Decrypt a byte string.
Definition: pubkey.cpp:140