| 1 | // pssr.h - written and placed in the public domain by Wei Dai |
|---|
| 2 | |
|---|
| 3 | //! \file pssr.h |
|---|
| 4 | //! \brief Classes for probablistic signature schemes |
|---|
| 5 | |
|---|
| 6 | #ifndef CRYPTOPP_PSSR_H |
|---|
| 7 | #define CRYPTOPP_PSSR_H |
|---|
| 8 | |
|---|
| 9 | #include "cryptlib.h" |
|---|
| 10 | #include "pubkey.h" |
|---|
| 11 | #include "emsa2.h" |
|---|
| 12 | |
|---|
| 13 | #ifdef CRYPTOPP_IS_DLL |
|---|
| 14 | #include "sha.h" |
|---|
| 15 | #endif |
|---|
| 16 | |
|---|
| 17 | NAMESPACE_BEGIN(CryptoPP) |
|---|
| 18 | |
|---|
| 19 | //! \brief PSSR Message Encoding Method interface |
|---|
| 20 | class CRYPTOPP_DLL PSSR_MEM_Base : public PK_RecoverableSignatureMessageEncodingMethod |
|---|
| 21 | { |
|---|
| 22 | public: |
|---|
| 23 | #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 |
|---|
| 24 | virtual ~PSSR_MEM_Base() {} |
|---|
| 25 | #endif |
|---|
| 26 | |
|---|
| 27 | private: |
|---|
| 28 | virtual bool AllowRecovery() const =0; |
|---|
| 29 | virtual size_t SaltLen(size_t hashLen) const =0; |
|---|
| 30 | virtual size_t MinPadLen(size_t hashLen) const =0; |
|---|
| 31 | virtual const MaskGeneratingFunction & GetMGF() const =0; |
|---|
| 32 | |
|---|
| 33 | public: |
|---|
| 34 | size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const; |
|---|
| 35 | size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const; |
|---|
| 36 | bool IsProbabilistic() const; |
|---|
| 37 | bool AllowNonrecoverablePart() const; |
|---|
| 38 | bool RecoverablePartFirst() const; |
|---|
| 39 | void ComputeMessageRepresentative(RandomNumberGenerator &rng, |
|---|
| 40 | const byte *recoverableMessage, size_t recoverableMessageLength, |
|---|
| 41 | HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, |
|---|
| 42 | byte *representative, size_t representativeBitLength) const; |
|---|
| 43 | DecodingResult RecoverMessageFromRepresentative( |
|---|
| 44 | HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, |
|---|
| 45 | byte *representative, size_t representativeBitLength, |
|---|
| 46 | byte *recoverableMessage) const; |
|---|
| 47 | }; |
|---|
| 48 | |
|---|
| 49 | //! \brief PSSR Message Encoding Method with Hash Identifier |
|---|
| 50 | //! \tparam USE_HASH_ID flag indicating whether the HashId is used |
|---|
| 51 | template <bool USE_HASH_ID> class PSSR_MEM_BaseWithHashId; |
|---|
| 52 | |
|---|
| 53 | //! \brief PSSR Message Encoding Method with Hash Identifier |
|---|
| 54 | //! \tparam true flag indicating HashId is used |
|---|
| 55 | template<> class PSSR_MEM_BaseWithHashId<true> : public EMSA2HashIdLookup<PSSR_MEM_Base> {}; |
|---|
| 56 | |
|---|
| 57 | //! \brief PSSR Message Encoding Method without Hash Identifier |
|---|
| 58 | //! \tparam false flag indicating HashId is not used |
|---|
| 59 | template<> class PSSR_MEM_BaseWithHashId<false> : public PSSR_MEM_Base {}; |
|---|
| 60 | |
|---|
| 61 | //! \brief PSSR Message Encoding Method |
|---|
| 62 | //! \tparam ALLOW_RECOVERY flag indicating whether the scheme provides message recovery |
|---|
| 63 | //! \tparam MGF mask generation function |
|---|
| 64 | //! \tparam SALT_LEN length of the salt |
|---|
| 65 | //! \tparam MIN_PAD_LEN minimum length of the pad |
|---|
| 66 | //! \tparam USE_HASH_ID flag indicating whether the HashId is used |
|---|
| 67 | //! \details If ALLOW_RECOVERY is true, the the signature scheme provides message recovery. If |
|---|
| 68 | //! ALLOW_RECOVERY is false, the the signature scheme is appendix, and the message must be |
|---|
| 69 | //! provided during verification. |
|---|
| 70 | template <bool ALLOW_RECOVERY, class MGF=P1363_MGF1, int SALT_LEN=-1, int MIN_PAD_LEN=0, bool USE_HASH_ID=false> |
|---|
| 71 | class PSSR_MEM : public PSSR_MEM_BaseWithHashId<USE_HASH_ID> |
|---|
| 72 | { |
|---|
| 73 | virtual bool AllowRecovery() const {return ALLOW_RECOVERY;} |
|---|
| 74 | virtual size_t SaltLen(size_t hashLen) const {return SALT_LEN < 0 ? hashLen : SALT_LEN;} |
|---|
| 75 | virtual size_t MinPadLen(size_t hashLen) const {return MIN_PAD_LEN < 0 ? hashLen : MIN_PAD_LEN;} |
|---|
| 76 | virtual const MaskGeneratingFunction & GetMGF() const {static MGF mgf; return mgf;} |
|---|
| 77 | |
|---|
| 78 | public: |
|---|
| 79 | static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(ALLOW_RECOVERY ? "PSSR-" : "PSS-") + MGF::StaticAlgorithmName();} |
|---|
| 80 | }; |
|---|
| 81 | |
|---|
| 82 | //! \brief Probabilistic Signature Scheme with Recovery |
|---|
| 83 | //! \details Signature Schemes with Recovery encode the message with the signature. |
|---|
| 84 | //! \sa <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSSR-MGF1">PSSR-MGF1</a> |
|---|
| 85 | struct PSSR : public SignatureStandard |
|---|
| 86 | { |
|---|
| 87 | typedef PSSR_MEM<true> SignatureMessageEncodingMethod; |
|---|
| 88 | }; |
|---|
| 89 | |
|---|
| 90 | //! \brief Probabilistic Signature Scheme with Appendix |
|---|
| 91 | //! \details Signature Schemes with Appendix require the message to be provided during verification. |
|---|
| 92 | //! \sa <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSS-MGF1">PSS-MGF1</a> |
|---|
| 93 | struct PSS : public SignatureStandard |
|---|
| 94 | { |
|---|
| 95 | typedef PSSR_MEM<false> SignatureMessageEncodingMethod; |
|---|
| 96 | }; |
|---|
| 97 | |
|---|
| 98 | NAMESPACE_END |
|---|
| 99 | |
|---|
| 100 | #endif |
|---|
