1 // pssr.h - originally written and placed in the public domain by Wei Dai 2 3 /// \file pssr.h 4 /// \brief Classes for probabilistic signature schemes 5 /// \since Crypto++ 2.1 6 7 #ifndef CRYPTOPP_PSSR_H 8 #define CRYPTOPP_PSSR_H 9 10 #include "cryptlib.h" 11 #include "pubkey.h" 12 #include "emsa2.h" 13 14 #ifdef CRYPTOPP_IS_DLL 15 #include "sha.h" 16 #endif 17 18 NAMESPACE_BEGIN(CryptoPP) 19 20 /// \brief PSSR Message Encoding Method interface 21 /// \since Crypto++ 2.1 22 class CRYPTOPP_DLL PSSR_MEM_Base : public PK_RecoverableSignatureMessageEncodingMethod 23 { 24 public: 25 virtual ~PSSR_MEM_Base() {} 26 27 protected: 28 virtual bool AllowRecovery() const =0; 29 virtual size_t SaltLen(size_t hashLen) const =0; 30 virtual size_t MinPadLen(size_t hashLen) const =0; 31 virtual const MaskGeneratingFunction & GetMGF() const =0; 32 33 private: 34 size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const; 35 size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const; 36 bool IsProbabilistic() const; 37 bool AllowNonrecoverablePart() const; 38 bool RecoverablePartFirst() const; 39 void ComputeMessageRepresentative(RandomNumberGenerator &rng, 40 const byte *recoverableMessage, size_t recoverableMessageLength, 41 HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, 42 byte *representative, size_t representativeBitLength) const; 43 DecodingResult RecoverMessageFromRepresentative( 44 HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, 45 byte *representative, size_t representativeBitLength, 46 byte *recoverableMessage) const; 47 }; 48 49 /// \brief PSSR Message Encoding Method with Hash Identifier 50 /// \tparam USE_HASH_ID flag indicating whether the HashId is used 51 /// \since Crypto++ 2.1 52 template <bool USE_HASH_ID> class PSSR_MEM_BaseWithHashId; 53 54 /// \brief PSSR Message Encoding Method with Hash Identifier 55 /// \details If USE_HASH_ID is true, then EMSA2HashIdLookup<PSSR_MEM_Base> is used for the base class 56 template<> class PSSR_MEM_BaseWithHashId<true> : public EMSA2HashIdLookup<PSSR_MEM_Base> {}; 57 58 /// \brief PSSR Message Encoding Method without Hash Identifier 59 /// \details If USE_HASH_ID is false, then PSSR_MEM_Base is used for the base class 60 /// \since Crypto++ 2.1 61 template<> class PSSR_MEM_BaseWithHashId<false> : public PSSR_MEM_Base {}; 62 63 /// \brief PSSR Message Encoding Method 64 /// \tparam ALLOW_RECOVERY flag indicating whether the scheme provides message recovery 65 /// \tparam MGF mask generation function 66 /// \tparam SALT_LEN length of the salt 67 /// \tparam MIN_PAD_LEN minimum length of the pad 68 /// \tparam USE_HASH_ID flag indicating whether the HashId is used 69 /// \details If ALLOW_RECOVERY is true, the signature scheme provides message recovery. If 70 /// ALLOW_RECOVERY is false, the signature scheme is appendix, and the message must be 71 /// provided during verification. 72 /// \since Crypto++ 2.1 73 template <bool ALLOW_RECOVERY, class MGF=P1363_MGF1, int SALT_LEN=-1, int MIN_PAD_LEN=0, bool USE_HASH_ID=false> 74 class PSSR_MEM : public PSSR_MEM_BaseWithHashId<USE_HASH_ID> 75 { 76 virtual bool AllowRecovery() const {return ALLOW_RECOVERY;} 77 virtual size_t SaltLen(size_t hashLen) const {return SALT_LEN < 0 ? hashLen : SALT_LEN;} 78 virtual size_t MinPadLen(size_t hashLen) const {return MIN_PAD_LEN < 0 ? hashLen : MIN_PAD_LEN;} 79 virtual const MaskGeneratingFunction & GetMGF() const {static MGF mgf; return mgf;} 80 81 public: 82 static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(ALLOW_RECOVERY ? "PSSR-" : "PSS-") + MGF::StaticAlgorithmName();} 83 }; 84 85 /// \brief Probabilistic Signature Scheme with Recovery 86 /// \details Signature Schemes with Recovery encode the message with the signature. 87 /// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSSR-MGF1">PSSR-MGF1</a> 88 /// \since Crypto++ 2.1 89 struct PSSR : public SignatureStandard 90 { 91 typedef PSSR_MEM<true> SignatureMessageEncodingMethod; 92 }; 93 94 /// \brief Probabilistic Signature Scheme with Appendix 95 /// \details Signature Schemes with Appendix require the message to be provided during verification. 96 /// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSS-MGF1">PSS-MGF1</a> 97 /// \since Crypto++ 2.1 98 struct PSS : public SignatureStandard 99 { 100 typedef PSSR_MEM<false> SignatureMessageEncodingMethod; 101 }; 102 103 NAMESPACE_END 104 105 #endif 106