bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative(
HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
byte *representative, size_t representativeBitLength) const
{
SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength));
ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength);
return VerifyBufsEqual(representative, computedRepresentative, computedRepresentative.size());
}
DecodingResult PSSR_MEM_Base::RecoverMessageFromRepresentative(
HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
byte *representative, size_t representativeBitLength,
byte *recoverableMessage) const
{
assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize()));
const size_t u = hashIdentifier.second + 1;
const size_t representativeByteLength = BitsToBytes(representativeBitLength);
const size_t digestSize = hash.DigestSize();
const size_t saltSize = SaltLen(digestSize);
const byte *const h = representative + representativeByteLength - u - digestSize;
SecByteBlock digest(digestSize);
hash.Final(digest);
DecodingResult result(0);
bool &valid = result.isValidCoding;
size_t &recoverableMessageLength = result.messageLength;
valid = (representative[representativeByteLength - 1] == (hashIdentifier.second ? 0xcc : 0xbc)) && valid;
valid = VerifyBufsEqual(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second) && valid;
GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize);
if (representativeBitLength % 8 != 0)
representative[0] = (byte)Crop(representative[0], representativeBitLength % 8);
// extract salt and recoverableMessage from DB = 00 ... || 01 || M || salt
byte *salt = representative + representativeByteLength - u - digestSize - saltSize;
byte *M = std::find_if(representative, salt-1, std::bind2nd(std::not_equal_to<byte>(), 0));
recoverableMessageLength = salt-M-1;
if (*M == 0x01
&& (size_t)(M - representative - (representativeBitLength % 8 != 0)) >= MinPadLen(digestSize)
&& recoverableMessageLength <= MaxRecoverableLength(representativeBitLength, hashIdentifier.second, digestSize))
{
memcpy(recoverableMessage, M+1, recoverableMessageLength);
}
else
{
recoverableMessageLength = 0;
valid = false;
}
// verify H = hash of M'
byte c[8];
PutWord(false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength));
PutWord(false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3));
hash.Update(c, 8);
hash.Update(recoverableMessage, recoverableMessageLength);
hash.Update(digest, digestSize);
hash.Update(salt, saltSize);
valid = hash.Verify(h) && valid;
if (!AllowRecovery() && valid && recoverableMessageLength != 0)
{throw NotImplemented("PSSR_MEM: message recovery disabled");}
return result;
}
/*
* Draw a bitmap character
*/
void FGAPIENTRY
glutBitmapCharacterTex(void* fontID, int x, int y, int character)
{
#if (GL_OES_VERSION_1_1 >= 1)
const GLubyte* face;
SFG_Font* font = fghFontByID(fontID);
GLint v[] = {0, 0, _INT2FIXED(64), _INT2FIXED(64)}; //face[0], font->Height};
GLubyte buff[64*64];
GLuint tid;
if(!font)
return;
if(!(character >= 1)&&(character < 256))
return;
/*
* Find the character we want to draw (???)
*/
face = font->Characters[ character - 1 ];
memset(buff, 0, 64*64*sizeof(GLubyte));
BitsToBytes(face+1, face[0], font->Height, buff, 64, 64);
glGenTextures(1, &tid);
glBindTexture(GL_TEXTURE_2D, tid);
glTexImage2D(GL_TEXTURE_2D, 0, GL_ALPHA,
64, 64, 0, GL_ALPHA, GL_UNSIGNED_BYTE,
buff);
glTexParameterx(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_NEAREST);
glTexParameterx(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_NEAREST);
glTexParameterx(GL_TEXTURE_2D, GL_TEXTURE_WRAP_S, GL_CLAMP_TO_EDGE);
glTexParameterx(GL_TEXTURE_2D, GL_TEXTURE_WRAP_T, GL_CLAMP_TO_EDGE);
glEnable(GL_TEXTURE_2D);
glTexEnvx(GL_TEXTURE_ENV, GL_TEXTURE_ENV_MODE, GL_MODULATE);
glEnable(GL_ALPHA_TEST);
glAlphaFuncx(GL_EQUAL, 0);
glTexParameterxv(GL_TEXTURE_2D, GL_TEXTURE_CROP_RECT_OES, v);
glDrawTexxOES(_INT2FIXED(x), _INT2FIXED(y), _INT2FIXED(0), _INT2FIXED(16), _INT2FIXED(16)); //face[0], font->Height);
glDisable(GL_ALPHA_TEST);
glDisable(GL_TEXTURE_2D);
glDeleteTextures(1, &tid);
#endif
}
word32 SSL_Decrypt(const RSA_PublicKey& key, const byte* sig, byte* plain)
{
PK_Lengths lengths(key.GetModulus());
ByteBlock paddedBlock(BitsToBytes(lengths.PaddedBlockBitLength()));
Integer x = key.ApplyFunction(Integer(sig,
lengths.FixedCiphertextLength()));
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero();
x.Encode(paddedBlock.get_buffer(), paddedBlock.size());
return RSA_BlockType1().UnPad(paddedBlock.get_buffer(),
lengths.PaddedBlockBitLength(), plain);
}
void Inflator::ProcessInput(bool flush)
{
while (true)
{
switch (m_state)
{
case PRE_STREAM:
if (!flush && m_inQueue.CurrentSize() < MaxPrestreamHeaderSize())
return;
ProcessPrestreamHeader();
m_state = WAIT_HEADER;
m_wrappedAround = false;
m_current = 0;
m_lastFlush = 0;
m_window.New(1 << GetLog2WindowSize());
break;
case WAIT_HEADER:
{
// maximum number of bytes before actual compressed data starts
const size_t MAX_HEADER_SIZE = BitsToBytes(3+5+5+4+19*7+286*15+19*15);
if (m_inQueue.CurrentSize() < (flush ? 1 : MAX_HEADER_SIZE))
return;
DecodeHeader();
break;
}
case DECODING_BODY:
if (!DecodeBody())
return;
break;
case POST_STREAM:
if (!flush && m_inQueue.CurrentSize() < MaxPoststreamTailSize())
return;
ProcessPoststreamTail();
m_state = m_repeat ? PRE_STREAM : AFTER_END;
Output(0, NULL, 0, GetAutoSignalPropagation(), true); // TODO: non-blocking
if (m_inQueue.IsEmpty())
return;
break;
case AFTER_END:
m_inQueue.TransferTo(*AttachedTransformation());
return;
}
}
}
void DL_SignatureMessageEncodingMethod_DSA::ComputeMessageRepresentative(RandomNumberGenerator &rng,
const byte *recoverableMessage, size_t recoverableMessageLength,
HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
byte *representative, size_t representativeBitLength) const
{
assert(recoverableMessageLength == 0);
assert(hashIdentifier.second == 0);
const size_t representativeByteLength = BitsToBytes(representativeBitLength);
const size_t digestSize = hash.DigestSize();
const size_t paddingLength = SaturatingSubtract(representativeByteLength, digestSize);
memset(representative, 0, paddingLength);
hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize));
if (digestSize*8 > representativeBitLength)
{
Integer h(representative, representativeByteLength);
h >>= representativeByteLength*8 - representativeBitLength;
h.Encode(representative, representativeByteLength);
}
void EMSA2Pad::ComputeMessageRepresentative(RandomNumberGenerator &rng,
const byte *recoverableMessage, size_t recoverableMessageLength,
HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
byte *representative, size_t representativeBitLength) const
{
assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize()));
if (representativeBitLength % 8 != 7)
throw PK_SignatureScheme::InvalidKeyLength("EMSA2: EMSA2 requires a key length that is a multiple of 8");
size_t digestSize = hash.DigestSize();
size_t representativeByteLength = BitsToBytes(representativeBitLength);
representative[0] = messageEmpty ? 0x4b : 0x6b;
memset(representative+1, 0xbb, representativeByteLength-digestSize-4); // pad with 0xbb
byte *afterP2 = representative+representativeByteLength-digestSize-3;
afterP2[0] = 0xba;
hash.Final(afterP2+1);
representative[representativeByteLength-2] = *hashIdentifier.first;
representative[representativeByteLength-1] = 0xcc;
}
void PSSR_MEM_Base::ComputeMessageRepresentative(RandomNumberGenerator &rng,
const byte *recoverableMessage, size_t recoverableMessageLength,
HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
byte *representative, size_t representativeBitLength) const
{
assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize()));
const size_t u = hashIdentifier.second + 1;
const size_t representativeByteLength = BitsToBytes(representativeBitLength);
const size_t digestSize = hash.DigestSize();
const size_t saltSize = SaltLen(digestSize);
byte *const h = representative + representativeByteLength - u - digestSize;
SecByteBlock digest(digestSize), salt(saltSize);
hash.Final(digest);
rng.GenerateBlock(salt, saltSize);
// compute H = hash of M'
byte c[8];
PutWord(false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength));
PutWord(false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3));
hash.Update(c, 8);
hash.Update(recoverableMessage, recoverableMessageLength);
hash.Update(digest, digestSize);
hash.Update(salt, saltSize);
hash.Final(h);
// compute representative
GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize, false);
byte *xorStart = representative + representativeByteLength - u - digestSize - salt.size() - recoverableMessageLength - 1;
xorStart[0] ^= 1;
xorbuf(xorStart + 1, recoverableMessage, recoverableMessageLength);
xorbuf(xorStart + 1 + recoverableMessageLength, salt, salt.size());
memcpy(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second);
representative[representativeByteLength - 1] = hashIdentifier.second ? 0xcc : 0xbc;
if (representativeBitLength % 8 != 0)
representative[0] = (byte)Crop(representative[0], representativeBitLength % 8);
}
word32 PaddedBlockByteLength() const
{return BitsToBytes(PaddedBlockBitLength());}