secure_vector<byte> EME_Raw::pad(const byte in[], size_t in_length, size_t key_bits, RandomNumberGenerator&) const { if(in_length > 0 && (8*(in_length - 1) + high_bit(in[0]) > key_bits)) throw Invalid_Argument("EME_Raw: Input is too large"); return secure_vector<byte>(in, in + in_length); }
/* * PSSR Decode/Verify Operation */ bool PSSR::verify(const secure_vector<byte>& const_coded, const secure_vector<byte>& raw, size_t key_bits) { const size_t HASH_SIZE = hash->output_length(); const size_t KEY_BYTES = (key_bits + 7) / 8; if(key_bits < 8*HASH_SIZE + 9) return false; if(raw.size() != HASH_SIZE) return false; if(const_coded.size() > KEY_BYTES || const_coded.size() <= 1) return false; if(const_coded[const_coded.size()-1] != 0xBC) return false; secure_vector<byte> coded = const_coded; if(coded.size() < KEY_BYTES) { secure_vector<byte> temp(KEY_BYTES); buffer_insert(temp, KEY_BYTES - coded.size(), coded); coded = temp; } const size_t TOP_BITS = 8 * ((key_bits + 7) / 8) - key_bits; if(TOP_BITS > 8 - high_bit(coded[0])) return false; byte* DB = &coded[0]; const size_t DB_size = coded.size() - HASH_SIZE - 1; const byte* H = &coded[DB_size]; const size_t H_size = HASH_SIZE; mgf1_mask(*hash, &H[0], H_size, &DB[0], DB_size); DB[0] &= 0xFF >> TOP_BITS; size_t salt_offset = 0; for(size_t j = 0; j != DB_size; ++j) { if(DB[j] == 0x01) { salt_offset = j + 1; break; } if(DB[j]) return false; } if(salt_offset == 0) return false; for(size_t j = 0; j != 8; ++j) hash->update(0); hash->update(raw); hash->update(&DB[salt_offset], DB_size - salt_offset); secure_vector<byte> H2 = hash->final(); return same_mem(&H[0], &H2[0], HASH_SIZE); }
secure_vector<byte> PK_Ops::Encryption_with_EME::encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { const size_t max_raw = max_raw_input_bits(); const std::vector<byte> encoded = unlock(m_eme->encode(msg, msg_len, max_raw, rng)); if(8*(encoded.size() - 1) + high_bit(encoded[0]) > max_raw) throw std::runtime_error("Input is too large to encrypt with this key"); return raw_encrypt(encoded.data(), encoded.size(), rng); }