void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const
{
PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
ma.m_representative.New(MessageRepresentativeLength());
Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength));
if (x.BitCount() > MessageRepresentativeBitLength())
x = Integer::Zero(); // don't return false here to prevent timing attack
x.Encode(ma.m_representative, ma.m_representative.size());
}
void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
{
PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
HashIdentifier id = GetHashIdentifier();
const MessageEncodingInterface &encoding = GetMessageEncodingInterface();
if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize()))
throw PK_SignatureScheme::KeyTooShort();
ma.m_representative.New(MessageRepresentativeLength());
Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength));
if (x.BitCount() > MessageRepresentativeBitLength())
x = Integer::Zero(); // don't return false here to prevent timing attack
x.Encode(ma.m_representative, ma.m_representative.size());
}
unsigned int TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
{
PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
SecByteBlock representative(MessageRepresentativeLength());
GetMessageEncodingInterface().ComputeMessageRepresentative(rng,
ma.m_recoverableMessage, ma.m_recoverableMessage.size(),
ma.AccessHash(), GetHashIdentifier(), ma.m_empty,
representative, MessageRepresentativeBitLength());
ma.m_empty = true;
Integer r(representative, representative.size());
unsigned int signatureLength = SignatureLength();
GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength);
return signatureLength;
}
size_t TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
{
PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
HashIdentifier id = GetHashIdentifier();
const MessageEncodingInterface &encoding = GetMessageEncodingInterface();
if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize()))
throw PK_SignatureScheme::KeyTooShort();
SecByteBlock representative(MessageRepresentativeLength());
encoding.ComputeMessageRepresentative(rng,
ma.m_recoverableMessage, ma.m_recoverableMessage.size(),
ma.AccessHash(), id, ma.m_empty,
representative, MessageRepresentativeBitLength());
ma.m_empty = true;
Integer r(representative, representative.size());
size_t signatureLength = SignatureLength();
GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength);
return signatureLength;
}
