<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"> <title>Crypto++: pubkey.cpp Source File</title> <link href="doxygen.css" rel="stylesheet" type="text/css"> </head><body> <!-- Generated by Doxygen 1.3.7 --> <div class="qindex"><a class="qindex" href="index.html">Main Page</a> | <a class="qindex" href="namespaces.html">Namespace List</a> | <a class="qindex" href="hierarchy.html">Class Hierarchy</a> | <a class="qindex" href="classes.html">Alphabetical List</a> | <a class="qindex" href="annotated.html">Class List</a> | <a class="qindex" href="files.html">File List</a> | <a class="qindex" href="namespacemembers.html">Namespace Members</a> | <a class="qindex" href="functions.html">Class Members</a> | <a class="qindex" href="globals.html">File Members</a></div> <h1>pubkey.cpp</h1><pre class="fragment"><div>00001 <span class="comment">// pubkey.cpp - written and placed in the public domain by Wei Dai</span> 00002 00003 <span class="preprocessor">#include "pch.h"</span> 00004 00005 <span class="preprocessor">#ifndef CRYPTOPP_IMPORTS</span> 00006 <span class="preprocessor"></span> 00007 <span class="preprocessor">#include "<a class="code" href="pubkey_8h.html">pubkey.h</a>"</span> 00008 00009 NAMESPACE_BEGIN(CryptoPP) 00010 00011 void P1363_MGF1KDF2_Common(<a class="code" href="class_hash_transformation.html">HashTransformation</a> &hash, byte *output, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> outputLength, const byte *input, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> inputLength, const byte *derivationParams, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> derivationParamsLength, <span class="keywordtype">bool</span> mask, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> counterStart) 00012 { 00013 <a class="code" href="class_array_sink.html">ArraySink</a> *sink; 00014 <a class="code" href="class_hash_filter.html">HashFilter</a> filter(hash, sink = mask ? <span class="keyword">new</span> <a class="code" href="class_array_xor_sink.html">ArrayXorSink</a>(output, outputLength) : <span class="keyword">new</span> <a class="code" href="class_array_sink.html">ArraySink</a>(output, outputLength)); 00015 word32 counter = counterStart; 00016 <span class="keywordflow">while</span> (sink-><a class="code" href="class_array_sink.html#_array_xor_sinka3">AvailableSize</a>() > 0) 00017 { 00018 filter.<a class="code" href="class_buffered_transformation.html#_zlib_decompressorz1_0">Put</a>(input, inputLength); 00019 filter.<a class="code" href="class_buffered_transformation.html#_zlib_decompressorz1_3">PutWord32</a>(counter++); 00020 filter.<a class="code" href="class_buffered_transformation.html#_zlib_decompressorz1_0">Put</a>(derivationParams, derivationParamsLength); 00021 filter.<a class="code" href="class_buffered_transformation.html#_zlib_decompressorz1_7">MessageEnd</a>(); 00022 } 00023 } 00024 00025 <span class="keywordtype">bool</span> PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative( 00026 <a class="code" href="class_hash_transformation.html">HashTransformation</a> &hash, HashIdentifier hashIdentifier, <span class="keywordtype">bool</span> messageEmpty, 00027 byte *representative, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> representativeBitLength)<span class="keyword"> const</span> 00028 <span class="keyword"></span>{ 00029 <a class="code" href="class_sec_block.html">SecByteBlock</a> computedRepresentative(BitsToBytes(representativeBitLength)); 00030 ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength); 00031 <span class="keywordflow">return</span> memcmp(representative, computedRepresentative, computedRepresentative.<a class="code" href="class_sec_block.html#_sec_block_with_hinta15">size</a>()) == 0; 00032 } 00033 00034 <span class="keywordtype">bool</span> PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative( 00035 <a class="code" href="class_hash_transformation.html">HashTransformation</a> &hash, HashIdentifier hashIdentifier, <span class="keywordtype">bool</span> messageEmpty, 00036 byte *representative, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> representativeBitLength)<span class="keyword"> const</span> 00037 <span class="keyword"></span>{ 00038 <a class="code" href="class_sec_block.html">SecByteBlock</a> recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.<a class="code" href="class_hash_transformation.html#_x_m_a_c_c___basea8">DigestSize</a>())); 00039 <a class="code" href="struct_decoding_result.html">DecodingResult</a> result = RecoverMessageFromRepresentative( 00040 hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage); 00041 <span class="keywordflow">return</span> result.<a class="code" href="struct_decoding_result.html#_decoding_resulto0">isValidCoding</a> && result.<a class="code" href="struct_decoding_result.html#_decoding_resulto1">messageLength</a> == 0; 00042 } 00043 00044 <span class="keywordtype">void</span> TF_SignerBase::InputRecoverableMessage(<a class="code" href="class_p_k___message_accumulator.html">PK_MessageAccumulator</a> &messageAccumulator, <span class="keyword">const</span> byte *recoverableMessage, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> recoverableMessageLength)<span class="keyword"> const</span> 00045 <span class="keyword"></span>{ 00046 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00047 <span class="keyword">const</span> MessageEncodingInterface &mei = GetMessageEncodingInterface(); 00048 <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> maxRecoverableLength = mei.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize()); 00049 00050 <span class="keywordflow">if</span> (maxRecoverableLength == 0) 00051 {<span class="keywordflow">throw</span> <a class="code" href="class_not_implemented.html">NotImplemented</a>(<span class="stringliteral">"TF_SignerBase: this algorithm does not support messsage recovery or the key is too short"</span>);} 00052 <span class="keywordflow">if</span> (recoverableMessageLength > maxRecoverableLength) 00053 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html">InvalidArgument</a>(<span class="stringliteral">"TF_SignerBase: the recoverable message part is too long for the given key and algorithm"</span>); 00054 00055 ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); 00056 mei.ProcessRecoverableMessage( 00057 ma.AccessHash(), 00058 recoverableMessage, recoverableMessageLength, 00059 NULL, 0, ma.m_semisignature); 00060 } 00061 <a name="l00062"></a><a class="code" href="class_t_f___signer_base.html#_two_bases_3_01_t_f___signer_base_00_01_private_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a1">00062</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="class_t_f___signer_base.html#_two_bases_3_01_t_f___signer_base_00_01_private_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a1">TF_SignerBase::SignAndRestart</a>(<a class="code" href="class_random_number_generator.html">RandomNumberGenerator</a> &rng, <a class="code" href="class_p_k___message_accumulator.html">PK_MessageAccumulator</a> &messageAccumulator, byte *signature, <span class="keywordtype">bool</span> restart)<span class="keyword"> const</span> 00063 <span class="keyword"></span>{ 00064 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00065 <a class="code" href="class_sec_block.html">SecByteBlock</a> representative(MessageRepresentativeLength()); 00066 GetMessageEncodingInterface().ComputeMessageRepresentative(rng, 00067 ma.m_recoverableMessage, ma.m_recoverableMessage.size(), 00068 ma.AccessHash(), GetHashIdentifier(), ma.m_empty, 00069 representative, MessageRepresentativeBitLength()); 00070 ma.m_empty = <span class="keyword">true</span>; 00071 00072 <a class="code" href="class_integer.html">Integer</a> r(representative, representative.<a class="code" href="class_sec_block.html#_sec_block_with_hinta15">size</a>()); 00073 <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> signatureLength = <a class="code" href="class_p_k___signature_scheme.html#_p_k___verifiera8">SignatureLength</a>(); 00074 GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength); 00075 <span class="keywordflow">return</span> signatureLength; 00076 } 00077 <a name="l00078"></a><a class="code" href="class_t_f___verifier_base.html#_two_bases_3_01_t_f___verifier_base_00_01_public_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a0">00078</a> <span class="keywordtype">void</span> <a class="code" href="class_t_f___verifier_base.html#_two_bases_3_01_t_f___verifier_base_00_01_public_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a0">TF_VerifierBase::InputSignature</a>(<a class="code" href="class_p_k___message_accumulator.html">PK_MessageAccumulator</a> &messageAccumulator, <span class="keyword">const</span> byte *signature, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> signatureLength)<span class="keyword"> const</span> 00079 <span class="keyword"></span>{ 00080 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00081 ma.m_representative.New(MessageRepresentativeLength()); 00082 <a class="code" href="class_integer.html">Integer</a> x = GetTrapdoorFunctionInterface().ApplyFunction(<a class="code" href="class_integer.html">Integer</a>(signature, signatureLength)); 00083 <span class="keywordflow">if</span> (x.BitCount() > MessageRepresentativeBitLength()) 00084 x = <a class="code" href="class_integer.html#_integerz37_12">Integer::Zero</a>(); <span class="comment">// don't return false here to prevent timing attack</span> 00085 x.Encode(ma.m_representative, ma.m_representative.size()); 00086 } 00087 <a name="l00088"></a><a class="code" href="class_t_f___verifier_base.html#_two_bases_3_01_t_f___verifier_base_00_01_public_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a1">00088</a> <span class="keywordtype">bool</span> <a class="code" href="class_t_f___verifier_base.html#_two_bases_3_01_t_f___verifier_base_00_01_public_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a1">TF_VerifierBase::VerifyAndRestart</a>(<a class="code" href="class_p_k___message_accumulator.html">PK_MessageAccumulator</a> &messageAccumulator)<span class="keyword"> const</span> 00089 <span class="keyword"></span>{ 00090 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00091 <span class="keywordtype">bool</span> result = GetMessageEncodingInterface().VerifyMessageRepresentative( 00092 ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength()); 00093 ma.m_empty = <span class="keyword">true</span>; 00094 <span class="keywordflow">return</span> result; 00095 } 00096 <a name="l00097"></a><a class="code" href="class_t_f___verifier_base.html#_two_bases_3_01_t_f___verifier_base_00_01_public_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a2">00097</a> <a class="code" href="struct_decoding_result.html">DecodingResult</a> <a class="code" href="class_t_f___verifier_base.html#_two_bases_3_01_t_f___verifier_base_00_01_public_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a2">TF_VerifierBase::RecoverAndRestart</a>(byte *recoveredMessage, <a class="code" href="class_p_k___message_accumulator.html">PK_MessageAccumulator</a> &messageAccumulator)<span class="keyword"> const</span> 00098 <span class="keyword"></span>{ 00099 PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); 00100 <a class="code" href="struct_decoding_result.html">DecodingResult</a> result = GetMessageEncodingInterface().RecoverMessageFromRepresentative( 00101 ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage); 00102 ma.m_empty = <span class="keyword">true</span>; 00103 <span class="keywordflow">return</span> result; 00104 } 00105 <a name="l00106"></a><a class="code" href="class_t_f___decryptor_base.html#_two_bases_3_01_t_f___decryptor_base_00_01_private_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a0">00106</a> <a class="code" href="struct_decoding_result.html">DecodingResult</a> <a class="code" href="class_t_f___decryptor_base.html#_two_bases_3_01_t_f___decryptor_base_00_01_private_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a0">TF_DecryptorBase::Decrypt</a>(<a class="code" href="class_random_number_generator.html">RandomNumberGenerator</a> &rng, <span class="keyword">const</span> byte *ciphertext, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> ciphertextLength, byte *plaintext, <span class="keyword">const</span> <a class="code" href="class_name_value_pairs.html">NameValuePairs</a> &parameters)<span class="keyword"> const</span> 00107 <span class="keyword"></span>{ 00108 <a class="code" href="class_sec_block.html">SecByteBlock</a> paddedBlock(PaddedBlockByteLength()); 00109 <a class="code" href="class_integer.html">Integer</a> x = GetTrapdoorFunctionInterface().CalculateInverse(rng, <a class="code" href="class_integer.html">Integer</a>(ciphertext, <a class="code" href="class_p_k___crypto_system.html#_p_k___encryptora5">FixedCiphertextLength</a>())); 00110 <span class="keywordflow">if</span> (x.ByteCount() > paddedBlock.<a class="code" href="class_sec_block.html#_sec_block_with_hinta15">size</a>()) 00111 x = <a class="code" href="class_integer.html#_integerz37_12">Integer::Zero</a>(); <span class="comment">// don't return false here to prevent timing attack</span> 00112 x.Encode(paddedBlock, paddedBlock.<a class="code" href="class_sec_block.html#_sec_block_with_hinta15">size</a>()); 00113 <span class="keywordflow">return</span> GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters); 00114 } 00115 <a name="l00116"></a><a class="code" href="class_t_f___encryptor_base.html#_two_bases_3_01_t_f___encryptor_base_00_01_public_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a0">00116</a> <span class="keywordtype">void</span> <a class="code" href="class_t_f___encryptor_base.html#_two_bases_3_01_t_f___encryptor_base_00_01_public_key_copier_3_01_s_c_h_e_m_e___o_p_t_i_o_n_s_1_1_keys_01_4_01_4a0">TF_EncryptorBase::Encrypt</a>(<a class="code" href="class_random_number_generator.html">RandomNumberGenerator</a> &rng, <span class="keyword">const</span> byte *plaintext, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> plaintextLength, byte *ciphertext, <span class="keyword">const</span> <a class="code" href="class_name_value_pairs.html">NameValuePairs</a> &parameters)<span class="keyword"> const</span> 00117 <span class="keyword"></span>{ 00118 <span class="keywordflow">if</span> (plaintextLength > <a class="code" href="class_p_k___crypto_system.html#_p_k___encryptora6">FixedMaxPlaintextLength</a>()) 00119 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html">InvalidArgument</a>(<a class="code" href="class_algorithm.html#_zlib_decompressora17">AlgorithmName</a>() + <span class="stringliteral">": message too long for this public key"</span>); 00120 00121 <a class="code" href="class_sec_block.html">SecByteBlock</a> paddedBlock(PaddedBlockByteLength()); 00122 GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters); 00123 GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, <a class="code" href="class_integer.html">Integer</a>(paddedBlock, paddedBlock.<a class="code" href="class_sec_block.html#_sec_block_with_hinta15">size</a>())).Encode(ciphertext, <a class="code" href="class_p_k___crypto_system.html#_p_k___encryptora5">FixedCiphertextLength</a>()); 00124 } 00125 00126 NAMESPACE_END 00127 00128 <span class="preprocessor">#endif</span> </div></pre><hr size="1"><address style="align: right;"><small>Generated on Sun Nov 7 08:23:58 2004 for Crypto++ by <a href="http://www.doxygen.org/index.html"> <img src="doxygen.png" alt="doxygen" align="middle" border=0 ></a> 1.3.7 </small></address> </body> </html>