7 NAMESPACE_BEGIN(CryptoPP)
14 #ifndef CRYPTOPP_IMPORTS
16 size_t PSSR_MEM_Base::MinRepresentativeBitLength(
size_t hashIdentifierLength,
size_t digestLength)
const
18 size_t saltLen = SaltLen(digestLength);
19 size_t minPadLen = MinPadLen(digestLength);
20 return 9 + 8*(minPadLen + saltLen + digestLength + hashIdentifierLength);
23 size_t PSSR_MEM_Base::MaxRecoverableLength(
size_t representativeBitLength,
size_t hashIdentifierLength,
size_t digestLength)
const
26 return SaturatingSubtract(representativeBitLength, MinRepresentativeBitLength(hashIdentifierLength, digestLength)) / 8;
30 bool PSSR_MEM_Base::IsProbabilistic()
const
32 return SaltLen(1) > 0;
35 bool PSSR_MEM_Base::AllowNonrecoverablePart()
const
40 bool PSSR_MEM_Base::RecoverablePartFirst()
const
46 const byte *recoverableMessage,
size_t recoverableMessageLength,
48 byte *representative,
size_t representativeBitLength)
const
50 assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.
DigestSize()));
52 const size_t u = hashIdentifier.second + 1;
53 const size_t representativeByteLength = BitsToBytes(representativeBitLength);
55 const size_t saltSize = SaltLen(digestSize);
56 byte *
const h = representative + representativeByteLength - u - digestSize;
64 PutWord(
false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength));
65 PutWord(
false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3));
67 hash.
Update(recoverableMessage, recoverableMessageLength);
68 hash.
Update(digest, digestSize);
69 hash.
Update(salt, saltSize);
73 GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize,
false);
74 byte *xorStart = representative + representativeByteLength - u - digestSize - salt.size() - recoverableMessageLength - 1;
76 xorbuf(xorStart + 1, recoverableMessage, recoverableMessageLength);
77 xorbuf(xorStart + 1 + recoverableMessageLength, salt, salt.size());
78 memcpy(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second);
79 representative[representativeByteLength - 1] = hashIdentifier.second ? 0xcc : 0xbc;
80 if (representativeBitLength % 8 != 0)
81 representative[0] = (byte)Crop(representative[0], representativeBitLength % 8);
86 byte *representative,
size_t representativeBitLength,
87 byte *recoverableMessage)
const
89 assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.
DigestSize()));
91 const size_t u = hashIdentifier.second + 1;
92 const size_t representativeByteLength = BitsToBytes(representativeBitLength);
94 const size_t saltSize = SaltLen(digestSize);
95 const byte *
const h = representative + representativeByteLength - u - digestSize;
101 bool &valid = result.isValidCoding;
102 size_t &recoverableMessageLength = result.messageLength;
104 valid = (representative[representativeByteLength - 1] == (hashIdentifier.second ? 0xcc : 0xbc)) && valid;
105 valid = VerifyBufsEqual(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second) && valid;
107 GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize);
108 if (representativeBitLength % 8 != 0)
109 representative[0] = (byte)Crop(representative[0], representativeBitLength % 8);
112 byte *salt = representative + representativeByteLength - u - digestSize - saltSize;
113 byte *M = std::find_if(representative, salt-1, std::bind2nd(std::not_equal_to<byte>(), 0));
114 recoverableMessageLength = salt-M-1;
116 && (
size_t)(M - representative - (representativeBitLength % 8 != 0)) >= MinPadLen(digestSize)
117 && recoverableMessageLength <= MaxRecoverableLength(representativeBitLength, hashIdentifier.second, digestSize))
119 memcpy(recoverableMessage, M+1, recoverableMessageLength);
123 recoverableMessageLength = 0;
129 PutWord(
false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength));
130 PutWord(
false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3));
132 hash.
Update(recoverableMessage, recoverableMessageLength);
133 hash.
Update(digest, digestSize);
134 hash.
Update(salt, saltSize);
135 valid = hash.
Verify(h) && valid;
137 if (!AllowRecovery() && valid && recoverableMessageLength != 0)
virtual void GenerateBlock(byte *output, size_t size)
generate random array of bytes
a block of memory allocated using A
interface for random number generators
used to return decoding results
exception thrown by a class if a non-implemented method is called