bool DigestVerifierTemplate<P,F>::VerifyDigest(const byte *digest, unsigned int digestLen, const byte *signature) const
{
SecByteBlock paddedBlock(PaddedBlockByteLength());
f.ApplyFunction(Integer(signature, DigestSignatureLength())).Encode(paddedBlock, paddedBlock.size);
SecByteBlock recoveredDigest(MaxDigestLength());
unsigned int recoveredDigestLen = pad.Unpad(paddedBlock, PaddedBlockBitLength(), recoveredDigest);
return digestLen == recoveredDigestLen && memcmp(digest, recoveredDigest, digestLen) == 0;
}
void DigestSignerTemplate<P,F>::SignDigest(RandomNumberGenerator &rng, const byte *digest, unsigned int digestLength, byte *signature) const
{
assert(digestLength <= MaxDigestLength());
SecByteBlock paddedBlock(PaddedBlockByteLength());
pad.Pad(rng, digest, digestLength, paddedBlock, PaddedBlockBitLength());
f.CalculateInverse(Integer(paddedBlock, paddedBlock.size)).Encode(signature, DigestSignatureLength());
}
void EncryptorTemplate<P,F>::Encrypt(RandomNumberGenerator &rng, const byte *plainText, unsigned int plainTextLength, byte *cipherText)
{
assert(plainTextLength <= MaxPlainTextLength());
SecByteBlock paddedBlock(PaddedBlockByteLength());
pad.Pad(rng, plainText, plainTextLength, paddedBlock, PaddedBlockBitLength());
f.ApplyFunction(Integer(paddedBlock, paddedBlock.size)).Encode(cipherText, CipherTextLength());
}
DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const
{
SecByteBlock paddedBlock(PaddedBlockByteLength());
Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, FixedCiphertextLength()));
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero(); // don't return false here to prevent timing attack
x.Encode(paddedBlock, paddedBlock.size());
return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
}
void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plaintext, unsigned int plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const
{
if (plaintextLength > FixedMaxPlaintextLength())
throw InvalidArgument(AlgorithmName() + ": message too long for this public key");
SecByteBlock paddedBlock(PaddedBlockByteLength());
GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters);
GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(ciphertext, FixedCiphertextLength());
}
DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const
{
if (ciphertextLength != FixedCiphertextLength())
throw InvalidArgument(AlgorithmName() + ": ciphertext length of " + IntToString(ciphertextLength) + " doesn't match the required length of " + IntToString(FixedCiphertextLength()) + " for this key");
SecByteBlock paddedBlock(PaddedBlockByteLength());
Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, ciphertextLength));
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero(); // don't return false here to prevent timing attack
x.Encode(paddedBlock, paddedBlock.size());
return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
}
word32 SSL_Decrypt(const RSA_PublicKey& key, const byte* sig, byte* plain)
{
PK_Lengths lengths(key.GetModulus());
ByteBlock paddedBlock(BitsToBytes(lengths.PaddedBlockBitLength()));
Integer x = key.ApplyFunction(Integer(sig,
lengths.FixedCiphertextLength()));
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero();
x.Encode(paddedBlock.get_buffer(), paddedBlock.size());
return RSA_BlockType1().UnPad(paddedBlock.get_buffer(),
lengths.PaddedBlockBitLength(), plain);
}
void RSA_Encryptor<Pad>::Encrypt(const byte* plain, word32 sz, byte* cipher,
RandomNumberGenerator& rng)
{
PK_Lengths lengths(key_.GetModulus());
assert(sz <= lengths.FixedMaxPlaintextLength());
ByteBlock paddedBlock(lengths.PaddedBlockByteLength());
padding_.Pad(plain, sz, paddedBlock.get_buffer(),
lengths.PaddedBlockBitLength(), rng);
key_.ApplyFunction(Integer(paddedBlock.get_buffer(), paddedBlock.size())).
Encode(cipher, lengths.FixedCiphertextLength());
}
void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const
{
if (plaintextLength > FixedMaxPlaintextLength())
{
if (FixedMaxPlaintextLength() < 1)
throw InvalidArgument(AlgorithmName() + ": this key is too short to encrypt any messages");
else
throw InvalidArgument(AlgorithmName() + ": message length of " + IntToString(plaintextLength) + " exceeds the maximum of " + IntToString(FixedMaxPlaintextLength()) + " for this public key");
}
SecByteBlock paddedBlock(PaddedBlockByteLength());
GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters);
GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(ciphertext, FixedCiphertextLength());
}
word32 RSA_Decryptor<Pad>::Decrypt(const byte* cipher, word32 sz, byte* plain,
RandomNumberGenerator& rng)
{
PK_Lengths lengths(key_.GetModulus());
if (sz != lengths.FixedCiphertextLength())
return 0;
ByteBlock paddedBlock(lengths.PaddedBlockByteLength());
Integer x = key_.CalculateInverse(rng, Integer(cipher,
lengths.FixedCiphertextLength()).Ref());
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero(); // don't return false, prevents timing attack
x.Encode(paddedBlock.get_buffer(), paddedBlock.size());
return padding_.UnPad(paddedBlock.get_buffer(),
lengths.PaddedBlockBitLength(), plain);
}
unsigned int DecryptorTemplate<P,F>::Decrypt(const byte *cipherText, byte *plainText)
{
SecByteBlock paddedBlock(PaddedBlockByteLength());
f.CalculateInverse(Integer(cipherText, CipherTextLength())).Encode(paddedBlock, paddedBlock.size);
return pad.Unpad(paddedBlock, PaddedBlockBitLength(), plainText);
}
