DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const { SecByteBlock paddedBlock(PaddedBlockByteLength()); Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, FixedCiphertextLength())); if (x.ByteCount() > paddedBlock.size()) x = Integer::Zero(); // don't return false here to prevent timing attack x.Encode(paddedBlock, paddedBlock.size()); return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters); }
void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plaintext, unsigned int plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const { if (plaintextLength > FixedMaxPlaintextLength()) throw InvalidArgument(AlgorithmName() + ": message too long for this public key"); SecByteBlock paddedBlock(PaddedBlockByteLength()); GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters); GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(ciphertext, FixedCiphertextLength()); }
void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); ma.m_representative.New(MessageRepresentativeLength()); Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength)); if (x.BitCount() > MessageRepresentativeBitLength()) x = Integer::Zero(); // don't return false here to prevent timing attack x.Encode(ma.m_representative, ma.m_representative.size()); }
DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const { if (ciphertextLength != FixedCiphertextLength()) throw InvalidArgument(AlgorithmName() + ": ciphertext length of " + IntToString(ciphertextLength) + " doesn't match the required length of " + IntToString(FixedCiphertextLength()) + " for this key"); SecByteBlock paddedBlock(PaddedBlockByteLength()); Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, ciphertextLength)); if (x.ByteCount() > paddedBlock.size()) x = Integer::Zero(); // don't return false here to prevent timing attack x.Encode(paddedBlock, paddedBlock.size()); return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters); }
void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const { if (plaintextLength > FixedMaxPlaintextLength()) { if (FixedMaxPlaintextLength() < 1) throw InvalidArgument(AlgorithmName() + ": this key is too short to encrypt any messages"); else throw InvalidArgument(AlgorithmName() + ": message length of " + IntToString(plaintextLength) + " exceeds the maximum of " + IntToString(FixedMaxPlaintextLength()) + " for this public key"); } SecByteBlock paddedBlock(PaddedBlockByteLength()); GetMessageEncodingInterface().Pad(rng, plaintext, plaintextLength, paddedBlock, PaddedBlockBitLength(), parameters); GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(ciphertext, FixedCiphertextLength()); }
void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); HashIdentifier id = GetHashIdentifier(); const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) throw PK_SignatureScheme::KeyTooShort(); ma.m_representative.New(MessageRepresentativeLength()); Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength)); if (x.BitCount() > MessageRepresentativeBitLength()) x = Integer::Zero(); // don't return false here to prevent timing attack x.Encode(ma.m_representative, ma.m_representative.size()); }
unsigned int TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); SecByteBlock representative(MessageRepresentativeLength()); GetMessageEncodingInterface().ComputeMessageRepresentative(rng, ma.m_recoverableMessage, ma.m_recoverableMessage.size(), ma.AccessHash(), GetHashIdentifier(), ma.m_empty, representative, MessageRepresentativeBitLength()); ma.m_empty = true; Integer r(representative, representative.size()); unsigned int signatureLength = SignatureLength(); GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength); return signatureLength; }
size_t TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const { PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); HashIdentifier id = GetHashIdentifier(); const MessageEncodingInterface &encoding = GetMessageEncodingInterface(); if (MessageRepresentativeBitLength() < encoding.MinRepresentativeBitLength(id.second, ma.AccessHash().DigestSize())) throw PK_SignatureScheme::KeyTooShort(); SecByteBlock representative(MessageRepresentativeLength()); encoding.ComputeMessageRepresentative(rng, ma.m_recoverableMessage, ma.m_recoverableMessage.size(), ma.AccessHash(), id, ma.m_empty, representative, MessageRepresentativeBitLength()); ma.m_empty = true; Integer r(representative, representative.size()); size_t signatureLength = SignatureLength(); GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength); return signatureLength; }