1 // pssr.h - originally written and placed in the public domain by Wei Dai
2
3 /// \file pssr.h
4 /// \brief Classes for probabilistic signature schemes
5 /// \since Crypto++ 2.1
6
7 #ifndef CRYPTOPP_PSSR_H
8 #define CRYPTOPP_PSSR_H
9
10 #include "cryptlib.h"
11 #include "pubkey.h"
12 #include "emsa2.h"
13
14 #ifdef CRYPTOPP_IS_DLL
15 #include "sha.h"
16 #endif
17
NAMESPACE_BEGIN(CryptoPP)18 NAMESPACE_BEGIN(CryptoPP)
19
20 /// \brief PSSR Message Encoding Method interface
21 /// \since Crypto++ 2.1
22 class CRYPTOPP_DLL PSSR_MEM_Base : public PK_RecoverableSignatureMessageEncodingMethod
23 {
24 public:
25 virtual ~PSSR_MEM_Base() {}
26
27 protected:
28 virtual bool AllowRecovery() const =0;
29 virtual size_t SaltLen(size_t hashLen) const =0;
30 virtual size_t MinPadLen(size_t hashLen) const =0;
31 virtual const MaskGeneratingFunction & GetMGF() const =0;
32
33 private:
34 size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const;
35 size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const;
36 bool IsProbabilistic() const;
37 bool AllowNonrecoverablePart() const;
38 bool RecoverablePartFirst() const;
39 void ComputeMessageRepresentative(RandomNumberGenerator &rng,
40 const byte *recoverableMessage, size_t recoverableMessageLength,
41 HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
42 byte *representative, size_t representativeBitLength) const;
43 DecodingResult RecoverMessageFromRepresentative(
44 HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
45 byte *representative, size_t representativeBitLength,
46 byte *recoverableMessage) const;
47 };
48
49 /// \brief PSSR Message Encoding Method with Hash Identifier
50 /// \tparam USE_HASH_ID flag indicating whether the HashId is used
51 /// \since Crypto++ 2.1
52 template <bool USE_HASH_ID> class PSSR_MEM_BaseWithHashId;
53
54 /// \brief PSSR Message Encoding Method with Hash Identifier
55 /// \details If USE_HASH_ID is true, then EMSA2HashIdLookup<PSSR_MEM_Base> is used for the base class
56 template<> class PSSR_MEM_BaseWithHashId<true> : public EMSA2HashIdLookup<PSSR_MEM_Base> {};
57
58 /// \brief PSSR Message Encoding Method without Hash Identifier
59 /// \details If USE_HASH_ID is false, then PSSR_MEM_Base is used for the base class
60 /// \since Crypto++ 2.1
61 template<> class PSSR_MEM_BaseWithHashId<false> : public PSSR_MEM_Base {};
62
63 /// \brief PSSR Message Encoding Method
64 /// \tparam ALLOW_RECOVERY flag indicating whether the scheme provides message recovery
65 /// \tparam MGF mask generation function
66 /// \tparam SALT_LEN length of the salt
67 /// \tparam MIN_PAD_LEN minimum length of the pad
68 /// \tparam USE_HASH_ID flag indicating whether the HashId is used
69 /// \details If ALLOW_RECOVERY is true, the signature scheme provides message recovery. If
70 /// ALLOW_RECOVERY is false, the signature scheme is appendix, and the message must be
71 /// provided during verification.
72 /// \since Crypto++ 2.1
73 template <bool ALLOW_RECOVERY, class MGF=P1363_MGF1, int SALT_LEN=-1, int MIN_PAD_LEN=0, bool USE_HASH_ID=false>
74 class PSSR_MEM : public PSSR_MEM_BaseWithHashId<USE_HASH_ID>
75 {
AllowRecovery()76 virtual bool AllowRecovery() const {return ALLOW_RECOVERY;}
SaltLen(size_t hashLen)77 virtual size_t SaltLen(size_t hashLen) const {return SALT_LEN < 0 ? hashLen : SALT_LEN;}
MinPadLen(size_t hashLen)78 virtual size_t MinPadLen(size_t hashLen) const {return MIN_PAD_LEN < 0 ? hashLen : MIN_PAD_LEN;}
GetMGF()79 virtual const MaskGeneratingFunction & GetMGF() const {static MGF mgf; return mgf;}
80
81 public:
StaticAlgorithmName()82 static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(ALLOW_RECOVERY ? "PSSR-" : "PSS-") + MGF::StaticAlgorithmName();}
83 };
84
85 /// \brief Probabilistic Signature Scheme with Recovery
86 /// \details Signature Schemes with Recovery encode the message with the signature.
87 /// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSSR-MGF1">PSSR-MGF1</a>
88 /// \since Crypto++ 2.1
89 struct PSSR : public SignatureStandard
90 {
91 typedef PSSR_MEM<true> SignatureMessageEncodingMethod;
92 };
93
94 /// \brief Probabilistic Signature Scheme with Appendix
95 /// \details Signature Schemes with Appendix require the message to be provided during verification.
96 /// \sa <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSS-MGF1">PSS-MGF1</a>
97 /// \since Crypto++ 2.1
98 struct PSS : public SignatureStandard
99 {
100 typedef PSSR_MEM<false> SignatureMessageEncodingMethod;
101 };
102
103 NAMESPACE_END
104
105 #endif
106