// cryptlib.cpp - originally written and placed in the public domain by Wei Dai

#include "pch.h"

#include "config.h"

#if CRYPTOPP_MSC_VERSION

# pragma warning(disable: 4127 4189 4459)

#endif

#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE

# pragma GCC diagnostic ignored "-Wunused-value"

# pragma GCC diagnostic ignored "-Wunused-variable"

# pragma GCC diagnostic ignored "-Wunused-parameter"

#endif

#ifndef CRYPTOPP_IMPORTS

#include "cryptlib.h"

#include "filters.h"

#include "algparam.h"

#include "fips140.h"

#include "argnames.h"

#include "fltrimpl.h"

#include "osrng.h"

#include "secblock.h"

#include "smartptr.h"

#include "stdcpp.h"

#include "misc.h"

NAMESPACE_BEGIN(CryptoPP)

CRYPTOPP_COMPILE_ASSERT(sizeof(byte) == 1);

CRYPTOPP_COMPILE_ASSERT(sizeof(word16) == 2);

CRYPTOPP_COMPILE_ASSERT(sizeof(word32) == 4);

CRYPTOPP_COMPILE_ASSERT(sizeof(word64) == 8);

#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE

CRYPTOPP_COMPILE_ASSERT(sizeof(dword) == 2*sizeof(word));

#endif

BufferedTransformation & TheBitBucket()

{

  static BitBucket bitBucket;

  return bitBucket;

}

Algorithm::Algorithm(bool checkSelfTestStatus)

{

  if (checkSelfTestStatus && FIPS_140_2_ComplianceEnabled())

  {

    if (GetPowerUpSelfTestStatus() == POWER_UP_SELF_TEST_NOT_DONE && !PowerUpSelfTestInProgressOnThisThread())

      throw SelfTestFailure("Cryptographic algorithms are disabled before the power-up self tests are performed.");

    if (GetPowerUpSelfTestStatus() == POWER_UP_SELF_TEST_FAILED)

      throw SelfTestFailure("Cryptographic algorithms are disabled after a power-up self test failed.");

  }

}

void SimpleKeyingInterface::SetKey(const byte *key, size_t length, const NameValuePairs &params)

{

  this->ThrowIfInvalidKeyLength(length);

  this->UncheckedSetKey(key, static_cast<unsigned int>(length), params);

}

void SimpleKeyingInterface::SetKeyWithRounds(const byte *key, size_t length, int rounds)

{

  SetKey(key, length, MakeParameters(Name::Rounds(), rounds));

}

void SimpleKeyingInterface::SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength)

{

  SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, ivLength)));

}

void SimpleKeyingInterface::ThrowIfInvalidKeyLength(size_t length)

{

  if (!IsValidKeyLength(length))

    throw InvalidKeyLength(GetAlgorithm().AlgorithmName(), length);

}

void SimpleKeyingInterface::ThrowIfResynchronizable()

{

  if (IsResynchronizable())

    throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": this object requires an IV");

}

void SimpleKeyingInterface::ThrowIfInvalidIV(const byte *iv)

{

  if (!iv && IVRequirement() == UNPREDICTABLE_RANDOM_IV)

    throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": this object cannot use a null IV");

}

size_t SimpleKeyingInterface::ThrowIfInvalidIVLength(int length)

{

  size_t size = 0;

  if (length < 0)

    size = static_cast<size_t>(IVSize());

  else if ((size_t)length < MinIVLength())

    throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": IV length " + IntToString(length) + " is less than the minimum of " + IntToString(MinIVLength()));

  else if ((size_t)length > MaxIVLength())

    throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": IV length " + IntToString(length) + " exceeds the maximum of " + IntToString(MaxIVLength()));

  else

    size = static_cast<size_t>(length);

  return size;

}

const byte * SimpleKeyingInterface::GetIVAndThrowIfInvalid(const NameValuePairs &params, size_t &size)

{

  ConstByteArrayParameter ivWithLength;

  const byte *iv = NULLPTR;

  bool found = false;

  try {found = params.GetValue(Name::IV(), ivWithLength);}

  catch (const NameValuePairs::ValueTypeMismatch &) {}

  if (found)

  {

    iv = ivWithLength.begin();

    ThrowIfInvalidIV(iv);

    size = ThrowIfInvalidIVLength(static_cast<int>(ivWithLength.size()));

  }

  else if (params.GetValue(Name::IV(), iv))

  {

    ThrowIfInvalidIV(iv);

    size = static_cast<size_t>(IVSize());

  }

  else

  {

    ThrowIfResynchronizable();

    size = 0;

  }

  return iv;

}

void SimpleKeyingInterface::GetNextIV(RandomNumberGenerator &rng, byte *iv)

{

  rng.GenerateBlock(iv, IVSize());

}

size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const

{

  CRYPTOPP_ASSERT(inBlocks);

  CRYPTOPP_ASSERT(outBlocks);

  CRYPTOPP_ASSERT(length);

  const unsigned int blockSize = BlockSize();

  size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize;

  size_t xorIncrement = xorBlocks ? blockSize : 0;

  size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize;

  if (flags & BT_ReverseDirection)

  {

    inBlocks = PtrAdd(inBlocks, length - blockSize);

    xorBlocks = PtrAdd(xorBlocks, length - blockSize);

    outBlocks = PtrAdd(outBlocks, length - blockSize);

    inIncrement = 0-inIncrement;

    xorIncrement = 0-xorIncrement;

    outIncrement = 0-outIncrement;

  }

  // Coverity finding.

  const bool xorFlag = xorBlocks && (flags & BT_XorInput);

  while (length >= blockSize)

  {

    if (xorFlag)

    {

      // xorBlocks non-NULL and with BT_XorInput.

      xorbuf(outBlocks, xorBlocks, inBlocks, blockSize);

      ProcessBlock(outBlocks);

    }

    else

    {

      // xorBlocks may be non-NULL and without BT_XorInput.

      ProcessAndXorBlock(inBlocks, xorBlocks, outBlocks);

    }

    if (flags & BT_InBlockIsCounter)

      const_cast<byte *>(inBlocks)[blockSize-1]++;

    inBlocks = PtrAdd(inBlocks, inIncrement);

    outBlocks = PtrAdd(outBlocks, outIncrement);

    xorBlocks = PtrAdd(xorBlocks, xorIncrement);

    length -= blockSize;

  }

  return length;

}

unsigned int BlockTransformation::OptimalDataAlignment() const

{

  return GetAlignmentOf<word32>();

}

unsigned int StreamTransformation::OptimalDataAlignment() const

{

  return GetAlignmentOf<word32>();

}

unsigned int HashTransformation::OptimalDataAlignment() const

{

  return GetAlignmentOf<word32>();

}

#if 0

void StreamTransformation::ProcessLastBlock(byte *outString, const byte *inString, size_t length)

{

  CRYPTOPP_ASSERT(MinLastBlockSize() == 0); // this function should be overridden otherwise

  if (length == MandatoryBlockSize())

    ProcessData(outString, inString, length);

  else if (length != 0)

    throw NotImplemented(AlgorithmName() + ": this object doesn't support a special last block");

}

#endif

size_t StreamTransformation::ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength)

{

  // this function should be overridden otherwise

  CRYPTOPP_ASSERT(MinLastBlockSize() == 0);

  if (inLength == MandatoryBlockSize())

  {

    outLength = inLength; // squash unused warning

    ProcessData(outString, inString, inLength);

  }

  else if (inLength != 0)

    throw NotImplemented(AlgorithmName() + ": this object doesn't support a special last block");

  return outLength;

}

void AuthenticatedSymmetricCipher::SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength)

{

  if (headerLength > MaxHeaderLength())

    throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": header length " + IntToString(headerLength) + " exceeds the maximum of " + IntToString(MaxHeaderLength()));

  if (messageLength > MaxMessageLength())

    throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": message length " + IntToString(messageLength) + " exceeds the maximum of " + IntToString(MaxMessageLength()));

  if (footerLength > MaxFooterLength())

    throw InvalidArgument(GetAlgorithm().AlgorithmName() + ": footer length " + IntToString(footerLength) + " exceeds the maximum of " + IntToString(MaxFooterLength()));

  UncheckedSpecifyDataLengths(headerLength, messageLength, footerLength);

}

void AuthenticatedSymmetricCipher::EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength)

{

  Resynchronize(iv, ivLength);

  SpecifyDataLengths(headerLength, messageLength);

  Update(header, headerLength);

  ProcessString(ciphertext, message, messageLength);

  TruncatedFinal(mac, macSize);

}

bool AuthenticatedSymmetricCipher::DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength)

{

  Resynchronize(iv, ivLength);

  SpecifyDataLengths(headerLength, ciphertextLength);

  Update(header, headerLength);

  ProcessString(message, ciphertext, ciphertextLength);

  return TruncatedVerify(mac, macLength);

}

std::string AuthenticatedSymmetricCipher::AlgorithmName() const

{

  // Squash C4505 on Visual Studio 2008 and friends

  return "Unknown";

}

unsigned int RandomNumberGenerator::GenerateBit()

{

  return GenerateByte() & 1;

}

byte RandomNumberGenerator::GenerateByte()

{

  byte b;

  GenerateBlock(&b, 1);

  return b;

}

word32 RandomNumberGenerator::GenerateWord32(word32 min, word32 max)

{

  const word32 range = max-min;

  const unsigned int maxBits = BitPrecision(range);

  word32 value;

  do

  {

    GenerateBlock((byte *)&value, sizeof(value));

    value = Crop(value, maxBits);

  } while (value > range);

  return value+min;

}

// Stack recursion below... GenerateIntoBufferedTransformation calls GenerateBlock,

// and GenerateBlock calls GenerateIntoBufferedTransformation. Ad infinitum. Also

// see http://github.com/weidai11/cryptopp/issues/38.

//

// According to Wei, RandomNumberGenerator is an interface, and it should not

// be instantiable. Its now spilt milk, and we are going to CRYPTOPP_ASSERT it in Debug

// builds to alert the programmer and throw in Release builds. Developers have

// a reference implementation in case its needed. If a programmer

// unintentionally lands here, then they should ensure use of a

// RandomNumberGenerator pointer or reference so polymorphism can provide the

// proper runtime dispatching.

void RandomNumberGenerator::GenerateBlock(byte *output, size_t size)

{

  CRYPTOPP_UNUSED(output), CRYPTOPP_UNUSED(size);

  ArraySink s(output, size);

  GenerateIntoBufferedTransformation(s, DEFAULT_CHANNEL, size);

}

void RandomNumberGenerator::DiscardBytes(size_t n)

{

  GenerateIntoBufferedTransformation(TheBitBucket(), DEFAULT_CHANNEL, n);

}

void RandomNumberGenerator::GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length)

{

  FixedSizeSecBlock<byte, 256> buffer;

  while (length)

  {

    size_t len = UnsignedMin(buffer.size(), length);

    GenerateBlock(buffer, len);

    (void)target.ChannelPut(channel, buffer, len);

    length -= len;

  }

}

size_t KeyDerivationFunction::MinDerivedKeyLength() const

{

  return 0;

}

size_t KeyDerivationFunction::MaxDerivedKeyLength() const

{

  return static_cast<size_t>(-1);

}

void KeyDerivationFunction::ThrowIfInvalidDerivedKeyLength(size_t length) const

{

  if (!IsValidDerivedLength(length))

    throw InvalidDerivedKeyLength(GetAlgorithm().AlgorithmName(), length);

}

void KeyDerivationFunction::SetParameters(const NameValuePairs& params) {

  CRYPTOPP_UNUSED(params);

}

/// \brief Random Number Generator that does not produce random numbers

/// \details ClassNullRNG can be used for functions that require a RandomNumberGenerator

///   but don't actually use it. The class throws NotImplemented when a generation function is called.

/// \sa NullRNG()

class ClassNullRNG : public RandomNumberGenerator

{

public:

  /// \brief The name of the generator

  /// \returns the string \a NullRNGs

  std::string AlgorithmName() const {return "NullRNG";}

#if defined(CRYPTOPP_DOXYGEN_PROCESSING)

  /// \brief An implementation that throws NotImplemented

  byte GenerateByte () {}

  /// \brief An implementation that throws NotImplemented

  unsigned int GenerateBit () {}

  /// \brief An implementation that throws NotImplemented

  word32 GenerateWord32 (word32 min, word32 max) {}

#endif

  /// \brief An implementation that throws NotImplemented

  void GenerateBlock(byte *output, size_t size)

  {

    CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size);

    throw NotImplemented("NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes");

  }

#if defined(CRYPTOPP_DOXYGEN_PROCESSING)

  /// \brief An implementation that throws NotImplemented

  void GenerateIntoBufferedTransformation (BufferedTransformation &target, const std::string &channel, lword length) {}

  /// \brief An implementation that throws NotImplemented

  void IncorporateEntropy (const byte *input, size_t length) {}

  /// \brief An implementation that returns \p false

  bool CanIncorporateEntropy () const {}

  /// \brief An implementation that does nothing

  void DiscardBytes (size_t n) {}

  /// \brief An implementation that does nothing

  void Shuffle (IT begin, IT end) {}

private:

  Clonable* Clone () const { return NULLPTR; }

#endif

};

RandomNumberGenerator & NullRNG()

{

  static ClassNullRNG s_nullRNG;

  return s_nullRNG;

}

bool HashTransformation::TruncatedVerify(const byte *digest, size_t digestLength)

{

  // Allocate at least 1 for calculated to avoid triggering diagnostics

  ThrowIfInvalidTruncatedSize(digestLength);

  SecByteBlock calculated(digestLength ? digestLength : 1);

  TruncatedFinal(calculated, digestLength);

  return VerifyBufsEqual(calculated, digest, digestLength);

}

void HashTransformation::ThrowIfInvalidTruncatedSize(size_t size) const

{

  if (size > DigestSize())

    throw InvalidArgument("HashTransformation: can't truncate a " + IntToString(DigestSize()) + " byte digest to " + IntToString(size) + " bytes");

}

unsigned int BufferedTransformation::GetMaxWaitObjectCount() const

{

  const BufferedTransformation *t = AttachedTransformation();

  return t ? t->GetMaxWaitObjectCount() : 0;

}

void BufferedTransformation::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack)

{

  BufferedTransformation *t = AttachedTransformation();

  if (t)

    t->GetWaitObjects(container, callStack);  // reduce clutter by not adding to stack here

}

void BufferedTransformation::Initialize(const NameValuePairs &parameters, int propagation)

{

  CRYPTOPP_UNUSED(propagation);

  CRYPTOPP_ASSERT(!AttachedTransformation());

  IsolatedInitialize(parameters);

}

bool BufferedTransformation::Flush(bool hardFlush, int propagation, bool blocking)

{

  CRYPTOPP_UNUSED(propagation);

  CRYPTOPP_ASSERT(!AttachedTransformation());

  return IsolatedFlush(hardFlush, blocking);

}

bool BufferedTransformation::MessageSeriesEnd(int propagation, bool blocking)

{

  CRYPTOPP_UNUSED(propagation);

  CRYPTOPP_ASSERT(!AttachedTransformation());

  return IsolatedMessageSeriesEnd(blocking);

}

byte * BufferedTransformation::ChannelCreatePutSpace(const std::string &channel, size_t &size)

{

  byte* space = NULLPTR;

  if (channel.empty())

    space = CreatePutSpace(size);

  else

    throw NoChannelSupport(AlgorithmName());

  return space;

}

size_t BufferedTransformation::ChannelPut2(const std::string &channel, const byte *inString, size_t length, int messageEnd, bool blocking)

{

  size_t size = 0;

  if (channel.empty())

    size = Put2(inString, length, messageEnd, blocking);

  else

    throw NoChannelSupport(AlgorithmName());

  return size;

}

size_t BufferedTransformation::ChannelPutModifiable2(const std::string &channel, byte *inString, size_t length, int messageEnd, bool blocking)

{

  size_t size = 0;

  if (channel.empty())

    size = PutModifiable2(inString, length, messageEnd, blocking);

  else

    size = ChannelPut2(channel, inString, length, messageEnd, blocking);

  return size;

}

bool BufferedTransformation::ChannelFlush(const std::string &channel, bool hardFlush, int propagation, bool blocking)

{

  bool result = 0;

  if (channel.empty())

    result = Flush(hardFlush, propagation, blocking);

  else

    throw NoChannelSupport(AlgorithmName());

  return result;

}

bool BufferedTransformation::ChannelMessageSeriesEnd(const std::string &channel, int propagation, bool blocking)

{

  bool result = false;

  if (channel.empty())

    result = MessageSeriesEnd(propagation, blocking);

  else

    throw NoChannelSupport(AlgorithmName());

  return result;

}

lword BufferedTransformation::MaxRetrievable() const

{

  lword size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->MaxRetrievable();

  else

    size = CopyTo(TheBitBucket());

  return size;

}

bool BufferedTransformation::AnyRetrievable() const

{

  bool result = false;

  if (AttachedTransformation())

    result = AttachedTransformation()->AnyRetrievable();

  else

  {

    byte b;

    result = Peek(b) != 0;

  }

  return result;

}

size_t BufferedTransformation::Get(byte &outByte)

{

  size_t size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->Get(outByte);

  else

    size = Get(&outByte, 1);

  return size;

}

size_t BufferedTransformation::Get(byte *outString, size_t getMax)

{

  size_t size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->Get(outString, getMax);

  else

  {

    ArraySink arraySink(outString, getMax);

    size = (size_t)TransferTo(arraySink, getMax);

  }

  return size;

}

size_t BufferedTransformation::Peek(byte &outByte) const

{

  size_t size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->Peek(outByte);

  else

    size = Peek(&outByte, 1);

  return size;

}

size_t BufferedTransformation::Peek(byte *outString, size_t peekMax) const

{

  size_t size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->Peek(outString, peekMax);

  else

  {

    ArraySink arraySink(outString, peekMax);

    size = (size_t)CopyTo(arraySink, peekMax);

  }

  return size;

}

lword BufferedTransformation::Skip(lword skipMax)

{

  lword size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->Skip(skipMax);

  else

    size = TransferTo(TheBitBucket(), skipMax);

  return size;

}

lword BufferedTransformation::TotalBytesRetrievable() const

{

  lword size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->TotalBytesRetrievable();

  else

    size = MaxRetrievable();

  return size;

}

unsigned int BufferedTransformation::NumberOfMessages() const

{

  unsigned int size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->NumberOfMessages();

  else

    size = CopyMessagesTo(TheBitBucket());

  return size;

}

bool BufferedTransformation::AnyMessages() const

{

  bool result = false;

  if (AttachedTransformation())

    result = AttachedTransformation()->AnyMessages();

  else

    result = NumberOfMessages() != 0;

  return result;

}

bool BufferedTransformation::GetNextMessage()

{

  bool result = false;

  if (AttachedTransformation())

    result = AttachedTransformation()->GetNextMessage();

  else

  {

    CRYPTOPP_ASSERT(!AnyMessages());

  }

  return result;

}

unsigned int BufferedTransformation::SkipMessages(unsigned int count)

{

  unsigned int size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->SkipMessages(count);

  else

    size = TransferMessagesTo(TheBitBucket(), count);

  return size;

}

size_t BufferedTransformation::TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel, bool blocking)

{

  if (AttachedTransformation())

    return AttachedTransformation()->TransferMessagesTo2(target, messageCount, channel, blocking);

  else

  {

    unsigned int maxMessages = messageCount;

    for (messageCount=0; messageCount < maxMessages && AnyMessages(); messageCount++)

    {

      size_t blockedBytes;

      lword transferredBytes;

      while (AnyRetrievable())

      {

        // MaxRetrievable() instead of LWORD_MAX due to GH #962. If

        // the target calls CreatePutSpace(), then the allocation

        // size will be LWORD_MAX. That happens when target is a

        // ByteQueue. Maybe ByteQueue should check the size, and if

        // it is LWORD_MAX or -1, then use a default like 4096.

        transferredBytes = MaxRetrievable();

        blockedBytes = TransferTo2(target, transferredBytes, channel, blocking);

        if (blockedBytes > 0)

          return blockedBytes;

      }

      if (target.ChannelMessageEnd(channel, GetAutoSignalPropagation(), blocking))

        return 1;

      bool result = GetNextMessage();

      CRYPTOPP_UNUSED(result); CRYPTOPP_ASSERT(result);

    }

    return 0;

  }

}

unsigned int BufferedTransformation::CopyMessagesTo(BufferedTransformation &target, unsigned int count, const std::string &channel) const

{

  unsigned int size = 0;

  if (AttachedTransformation())

    size = AttachedTransformation()->CopyMessagesTo(target, count, channel);

  return size;

}

void BufferedTransformation::SkipAll()

{

  if (AttachedTransformation())

    AttachedTransformation()->SkipAll();

  else

  {

    while (SkipMessages()) {}

    while (Skip()) {}

  }

}

size_t BufferedTransformation::TransferAllTo2(BufferedTransformation &target, const std::string &channel, bool blocking)

{

  if (AttachedTransformation())

    return AttachedTransformation()->TransferAllTo2(target, channel, blocking);

  else

  {

    CRYPTOPP_ASSERT(!NumberOfMessageSeries());

    unsigned int messageCount;

    do

    {

      messageCount = UINT_MAX;

      size_t blockedBytes = TransferMessagesTo2(target, messageCount, channel, blocking);

      if (blockedBytes)

        return blockedBytes;

    }

    while (messageCount != 0);

    lword byteCount;

    do

    {

      byteCount = ULONG_MAX;

      size_t blockedBytes = TransferTo2(target, byteCount, channel, blocking);

      if (blockedBytes)

        return blockedBytes;

    }

    while (byteCount != 0);

    return 0;

  }

}

void BufferedTransformation::CopyAllTo(BufferedTransformation &target, const std::string &channel) const

{

  if (AttachedTransformation())

    AttachedTransformation()->CopyAllTo(target, channel);

  else

  {

    CRYPTOPP_ASSERT(!NumberOfMessageSeries());

    while (CopyMessagesTo(target, UINT_MAX, channel)) {}

  }

}

void BufferedTransformation::SetRetrievalChannel(const std::string &channel)

{

  if (AttachedTransformation())

    AttachedTransformation()->SetRetrievalChannel(channel);

}

size_t BufferedTransformation::ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order, bool blocking)

{

  PutWord(false, order, m_buf, value);

  return ChannelPut(channel, m_buf, 2, blocking);

}

size_t BufferedTransformation::ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order, bool blocking)

{

  PutWord(false, order, m_buf, value);

  return ChannelPut(channel, m_buf, 4, blocking);

}

size_t BufferedTransformation::ChannelPutWord64(const std::string &channel, word64 value, ByteOrder order, bool blocking)

{

  PutWord(false, order, m_buf, value);

  return ChannelPut(channel, m_buf, 8, blocking);

}

size_t BufferedTransformation::PutWord16(word16 value, ByteOrder order, bool blocking)

{

  return ChannelPutWord16(DEFAULT_CHANNEL, value, order, blocking);

}

size_t BufferedTransformation::PutWord32(word32 value, ByteOrder order, bool blocking)

{

  return ChannelPutWord32(DEFAULT_CHANNEL, value, order, blocking);

}

size_t BufferedTransformation::PutWord64(word64 value, ByteOrder order, bool blocking)

{

  return ChannelPutWord64(DEFAULT_CHANNEL, value, order, blocking);

}

size_t BufferedTransformation::PeekWord16(word16 &value, ByteOrder order) const

{

  byte buf[2] = {0, 0};

  size_t len = Peek(buf, 2);

  if (order == BIG_ENDIAN_ORDER)

    value = word16((buf[0] << 8) | buf[1]);

  else

    value = word16((buf[1] << 8) | buf[0]);

  return len;

}

size_t BufferedTransformation::PeekWord32(word32 &value, ByteOrder order) const

{

  byte buf[4] = {0, 0, 0, 0};

  size_t len = Peek(buf, 4);

  if (order == BIG_ENDIAN_ORDER)

    value = word32((buf[0] << 24) | (buf[1] << 16) |

                   (buf[2] << 8)  | (buf[3] << 0));

  else

    value = word32((buf[3] << 24) | (buf[2] << 16) |

                   (buf[1] << 8)  | (buf[0] << 0));

  return len;

}

size_t BufferedTransformation::PeekWord64(word64 &value, ByteOrder order) const

{

  byte buf[8] = {0, 0, 0, 0, 0, 0, 0, 0};

  size_t len = Peek(buf, 8);

  if (order == BIG_ENDIAN_ORDER)

    value = ((word64)buf[0] << 56) | ((word64)buf[1] << 48) | ((word64)buf[2] << 40) |

            ((word64)buf[3] << 32) | ((word64)buf[4] << 24) | ((word64)buf[5] << 16) |

            ((word64)buf[6] << 8)  |  (word64)buf[7];

  else

    value = ((word64)buf[7] << 56) | ((word64)buf[6] << 48) | ((word64)buf[5] << 40) |

            ((word64)buf[4] << 32) | ((word64)buf[3] << 24) | ((word64)buf[2] << 16) |

            ((word64)buf[1] << 8)  |  (word64)buf[0];

  return len;

}

size_t BufferedTransformation::GetWord16(word16 &value, ByteOrder order)

{

  return (size_t)Skip(PeekWord16(value, order));

}

size_t BufferedTransformation::GetWord32(word32 &value, ByteOrder order)

{

  return (size_t)Skip(PeekWord32(value, order));

}

size_t BufferedTransformation::GetWord64(word64 &value, ByteOrder order)

{

  return (size_t)Skip(PeekWord64(value, order));

}

void BufferedTransformation::Attach(BufferedTransformation *newAttachment)

{

  if (AttachedTransformation() && AttachedTransformation()->Attachable())

    AttachedTransformation()->Attach(newAttachment);

  else

    Detach(newAttachment);

}

void GeneratableCryptoMaterial::GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)

{

  GenerateRandom(rng, MakeParameters("KeySize", (int)keySize));

}

class PK_DefaultEncryptionFilter : public Unflushable<Filter>

{

public:

  PK_DefaultEncryptionFilter(RandomNumberGenerator &rng, const PK_Encryptor &encryptor, BufferedTransformation *attachment, const NameValuePairs &parameters)

    : m_rng(rng), m_encryptor(encryptor), m_parameters(parameters)

  {

    Detach(attachment);

  }

  size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking)

  {

    FILTER_BEGIN;

    m_plaintextQueue.Put(inString, length);

    if (messageEnd)

    {

      {

      size_t plaintextLength;

      if (!SafeConvert(m_plaintextQueue.CurrentSize(), plaintextLength))

        throw InvalidArgument("PK_DefaultEncryptionFilter: plaintext too long");

      size_t ciphertextLength = m_encryptor.CiphertextLength(plaintextLength);

      SecByteBlock plaintext(plaintextLength);

      m_plaintextQueue.Get(plaintext, plaintextLength);

      m_ciphertext.resize(ciphertextLength);

      m_encryptor.Encrypt(m_rng, plaintext, plaintextLength, m_ciphertext, m_parameters);

      }

      FILTER_OUTPUT(1, m_ciphertext, m_ciphertext.size(), messageEnd);

    }

    FILTER_END_NO_MESSAGE_END;

  }

  RandomNumberGenerator &m_rng;

  const PK_Encryptor &m_encryptor;

  const NameValuePairs &m_parameters;

  ByteQueue m_plaintextQueue;

  SecByteBlock m_ciphertext;

};

BufferedTransformation * PK_Encryptor::CreateEncryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment, const NameValuePairs &parameters) const

{

  return new PK_DefaultEncryptionFilter(rng, *this, attachment, parameters);

}

class PK_DefaultDecryptionFilter : public Unflushable<Filter>

{

public:

  PK_DefaultDecryptionFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment, const NameValuePairs &parameters)

    : m_rng(rng), m_decryptor(decryptor), m_parameters(parameters)

  {

    Detach(attachment);

  }

  size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking)

  {

    FILTER_BEGIN;

    m_ciphertextQueue.Put(inString, length);

    if (messageEnd)

    {

      {

      size_t ciphertextLength;

      if (!SafeConvert(m_ciphertextQueue.CurrentSize(), ciphertextLength))

        throw InvalidArgument("PK_DefaultDecryptionFilter: ciphertext too long");

      size_t maxPlaintextLength = m_decryptor.MaxPlaintextLength(ciphertextLength);

      SecByteBlock ciphertext(ciphertextLength);

      m_ciphertextQueue.Get(ciphertext, ciphertextLength);

      m_plaintext.resize(maxPlaintextLength);

      m_result = m_decryptor.Decrypt(m_rng, ciphertext, ciphertextLength, m_plaintext, m_parameters);

      if (!m_result.isValidCoding)

        throw InvalidCiphertext(m_decryptor.AlgorithmName() + ": invalid ciphertext");

      }

      FILTER_OUTPUT(1, m_plaintext, m_result.messageLength, messageEnd);

    }

    FILTER_END_NO_MESSAGE_END;

  }

  RandomNumberGenerator &m_rng;

  const PK_Decryptor &m_decryptor;

  const NameValuePairs &m_parameters;

  ByteQueue m_ciphertextQueue;

  SecByteBlock m_plaintext;

  DecodingResult m_result;

};

BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment, const NameValuePairs &parameters) const

{

  return new PK_DefaultDecryptionFilter(rng, *this, attachment, parameters);

}

size_t PK_Signer::Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const

{

  member_ptr<PK_MessageAccumulator> m(messageAccumulator);

  return SignAndRestart(rng, *m, signature, false);

}

size_t PK_Signer::SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const

{

  member_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng));

  m->Update(message, messageLen);

  return SignAndRestart(rng, *m, signature, false);

}

size_t PK_Signer::SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength,

  const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const

{

  member_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng));

  InputRecoverableMessage(*m, recoverableMessage, recoverableMessageLength);

  m->Update(nonrecoverableMessage, nonrecoverableMessageLength);

  return SignAndRestart(rng, *m, signature, false);

}

bool PK_Verifier::Verify(PK_MessageAccumulator *messageAccumulator) const

{

  member_ptr<PK_MessageAccumulator> m(messageAccumulator);

  return VerifyAndRestart(*m);

}

bool PK_Verifier::VerifyMessage(const byte *message, size_t messageLen, const byte *signature, size_t signatureLen) const

{

  member_ptr<PK_MessageAccumulator> m(NewVerificationAccumulator());