DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); DecodingResult result = GetMessageEncodingInterface().RecoverMessageFromRepresentative( ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage); ma.m_empty = true; return result; }
bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); bool result = GetMessageEncodingInterface().VerifyMessageRepresentative( ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength()); ma.m_empty = true; return result; }
DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); HashIdentifier id = GetHashIdentifier(); const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) throw PK_SignatureScheme::KeyTooShort(); DecodingResult result = encoding.RecoverMessageFromRepresentative( ma.AccessHash(), id, ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage); ma.m_empty = true; return result; }
void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); HashIdentifier id = GetHashIdentifier(); const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) throw PK_SignatureScheme::KeyTooShort(); ma.m_representative.New(MessageRepresentativeLength()); Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength)); if (x.BitCount() > MessageRepresentativeBitLength()) x = Integer::Zero(); // don't return false here to prevent timing attack x.Encode(ma.m_representative, ma.m_representative.size()); }
unsigned int TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); SecByteBlock representative(MessageRepresentativeLength()); GetMessageEncodingInterface().ComputeMessageRepresentative(rng, ma.m_recoverableMessage, ma.m_recoverableMessage.size(), ma.AccessHash(), GetHashIdentifier(), ma.m_empty, representative, MessageRepresentativeBitLength()); ma.m_empty = true; Integer r(representative, representative.size()); unsigned int signatureLength = SignatureLength(); GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength); return signatureLength; }
size_t TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); HashIdentifier id = GetHashIdentifier(); const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) throw PK_SignatureScheme::KeyTooShort(); SecByteBlock representative(MessageRepresentativeLength()); encoding.ComputeMessageRepresentative(rng, ma.m_recoverableMessage, ma.m_recoverableMessage.size(), ma.AccessHash(), id, ma.m_empty, representative, MessageRepresentativeBitLength()); ma.m_empty = true; Integer r(representative, representative.size()); size_t signatureLength = SignatureLength(); GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength); return signatureLength; }
void TF_SignerBase::InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); HashIdentifier id = GetHashIdentifier(); const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) throw PK_SignatureScheme::KeyTooShort(); size_t maxRecoverableLength = encoding.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize()); if (maxRecoverableLength == 0) {throw NotImplemented("TF_SignerBase: this algorithm does not support messsage recovery or the key is too short");} if (recoverableMessageLength > maxRecoverableLength) throw InvalidArgument("TF_SignerBase: the recoverable message part is too long for the given key and algorithm"); ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); encoding.ProcessRecoverableMessage( ma.AccessHash(), recoverableMessage, recoverableMessageLength, NULL, 0, ma.m_semisignature); }