Line | Count | Source (jump to first uncovered line) |
1 | | // pssr.h - originally written and placed in the public domain by Wei Dai |
2 | | |
3 | | /// \file pssr.h |
4 | | /// \brief Classes for probabilistic signature schemes |
5 | | /// \since Crypto++ 2.1 |
6 | | |
7 | | #ifndef CRYPTOPP_PSSR_H |
8 | | #define CRYPTOPP_PSSR_H |
9 | | |
10 | | #include "cryptlib.h" |
11 | | #include "pubkey.h" |
12 | | #include "emsa2.h" |
13 | | |
14 | | #ifdef CRYPTOPP_IS_DLL |
15 | | #include "sha.h" |
16 | | #endif |
17 | | |
18 | | NAMESPACE_BEGIN(CryptoPP) |
19 | | |
20 | | /// \brief PSSR Message Encoding Method interface |
21 | | /// \since Crypto++ 2.1 |
22 | | class CRYPTOPP_DLL PSSR_MEM_Base : public PK_RecoverableSignatureMessageEncodingMethod |
23 | | { |
24 | | public: |
25 | 0 | virtual ~PSSR_MEM_Base() {} |
26 | | |
27 | | protected: |
28 | | virtual bool AllowRecovery() const =0; |
29 | | virtual size_t SaltLen(size_t hashLen) const =0; |
30 | | virtual size_t MinPadLen(size_t hashLen) const =0; |
31 | | virtual const MaskGeneratingFunction & GetMGF() const =0; |
32 | | |
33 | | private: |
34 | | size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const; |
35 | | size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const; |
36 | | bool IsProbabilistic() const; |
37 | | bool AllowNonrecoverablePart() const; |
38 | | bool RecoverablePartFirst() const; |
39 | | void ComputeMessageRepresentative(RandomNumberGenerator &rng, |
40 | | const byte *recoverableMessage, size_t recoverableMessageLength, |
41 | | HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, |
42 | | byte *representative, size_t representativeBitLength) const; |
43 | | DecodingResult RecoverMessageFromRepresentative( |
44 | | HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, |
45 | | byte *representative, size_t representativeBitLength, |
46 | | byte *recoverableMessage) const; |
47 | | }; |
48 | | |
49 | | /// \brief PSSR Message Encoding Method with Hash Identifier |
50 | | /// \tparam USE_HASH_ID flag indicating whether the HashId is used |
51 | | /// \since Crypto++ 2.1 |
52 | | template <bool USE_HASH_ID> class PSSR_MEM_BaseWithHashId; |
53 | | |
54 | | /// \brief PSSR Message Encoding Method with Hash Identifier |
55 | | /// \details If USE_HASH_ID is true, then EMSA2HashIdLookup<PSSR_MEM_Base> is used for the base class |
56 | | template<> class PSSR_MEM_BaseWithHashId<true> : public EMSA2HashIdLookup<PSSR_MEM_Base> {}; |
57 | | |
58 | | /// \brief PSSR Message Encoding Method without Hash Identifier |
59 | | /// \details If USE_HASH_ID is false, then PSSR_MEM_Base is used for the base class |
60 | | /// \since Crypto++ 2.1 |
61 | | template<> class PSSR_MEM_BaseWithHashId<false> : public PSSR_MEM_Base {}; |
62 | | |
63 | | /// \brief PSSR Message Encoding Method |
64 | | /// \tparam ALLOW_RECOVERY flag indicating whether the scheme provides message recovery |
65 | | /// \tparam MGF mask generation function |
66 | | /// \tparam SALT_LEN length of the salt |
67 | | /// \tparam MIN_PAD_LEN minimum length of the pad |
68 | | /// \tparam USE_HASH_ID flag indicating whether the HashId is used |
69 | | /// \details If ALLOW_RECOVERY is true, the signature scheme provides message recovery. If |
70 | | /// ALLOW_RECOVERY is false, the signature scheme is appendix, and the message must be |
71 | | /// provided during verification. |
72 | | /// \since Crypto++ 2.1 |
73 | | template <bool ALLOW_RECOVERY, class MGF=P1363_MGF1, int SALT_LEN=-1, int MIN_PAD_LEN=0, bool USE_HASH_ID=false> |
74 | | class PSSR_MEM : public PSSR_MEM_BaseWithHashId<USE_HASH_ID> |
75 | | { |
76 | | virtual bool AllowRecovery() const {return ALLOW_RECOVERY;} |
77 | | virtual size_t SaltLen(size_t hashLen) const {return SALT_LEN < 0 ? hashLen : SALT_LEN;} |
78 | | virtual size_t MinPadLen(size_t hashLen) const {return MIN_PAD_LEN < 0 ? hashLen : MIN_PAD_LEN;} |
79 | | virtual const MaskGeneratingFunction & GetMGF() const {static MGF mgf; return mgf;} |
80 | | |
81 | | public: |
82 | | static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(ALLOW_RECOVERY ? "PSSR-" : "PSS-") + MGF::StaticAlgorithmName();} |
83 | | }; |
84 | | |
85 | | /// \brief Probabilistic Signature Scheme with Recovery |
86 | | /// \details Signature Schemes with Recovery encode the message with the signature. |
87 | | /// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSSR-MGF1">PSSR-MGF1</a> |
88 | | /// \since Crypto++ 2.1 |
89 | | struct PSSR : public SignatureStandard |
90 | | { |
91 | | typedef PSSR_MEM<true> SignatureMessageEncodingMethod; |
92 | | }; |
93 | | |
94 | | /// \brief Probabilistic Signature Scheme with Appendix |
95 | | /// \details Signature Schemes with Appendix require the message to be provided during verification. |
96 | | /// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSS-MGF1">PSS-MGF1</a> |
97 | | /// \since Crypto++ 2.1 |
98 | | struct PSS : public SignatureStandard |
99 | | { |
100 | | typedef PSSR_MEM<false> SignatureMessageEncodingMethod; |
101 | | }; |
102 | | |
103 | | NAMESPACE_END |
104 | | |
105 | | #endif |