Botan 3.9.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::ANSI_X923_Padding Class Referencefinal

#include <mode_pad.h>

Inheritance diagram for Botan::ANSI_X923_Padding:
Botan::BlockCipherModePaddingMethod

Public Member Functions

virtual void add_padding (std::span< uint8_t > buffer, size_t final_block_bytes, size_t block_size) const
void apply_padding (std::span< uint8_t > last_block, size_t final_block_bytes) const override
std::string name () const override
virtual size_t output_length (size_t input_length, size_t block_size) const
size_t remove_padding (std::span< const uint8_t > last_block) const override
size_t unpad (std::span< const uint8_t > last_block) const
bool valid_blocksize (size_t bs) const override

Static Public Member Functions

static std::unique_ptr< BlockCipherModePaddingMethodcreate (std::string_view algo_spec)

Detailed Description

ANSI X9.23 Padding

Definition at line 120 of file mode_pad.h.

Member Function Documentation

◆ add_padding()

void Botan::BlockCipherModePaddingMethod::add_padding ( std::span< uint8_t > buffer,
size_t final_block_bytes,
size_t block_size ) const
virtualinherited

Add padding bytes to buffer.

Parameters
bufferdata to pad, span must be large enough to hold the padding behind the final (partial) block
final_block_bytessize of the final block in bytes
block_sizesize of each block in bytes

Reimplemented in Botan::Null_Padding.

Definition at line 44 of file mode_pad.cpp.

44 {
45 BOTAN_ASSERT_NOMSG(valid_blocksize(BS));
46 BOTAN_ASSERT_NOMSG(last_byte_pos < BS);
47 BOTAN_ASSERT_NOMSG(buffer.size() % BS == 0);
48 BOTAN_ASSERT_NOMSG(buffer.size() >= BS);
49
50 auto poison = CT::scoped_poison(last_byte_pos, buffer);
51 apply_padding(buffer.last(BS), last_byte_pos);
52}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::BlockCipherModePaddingMethod::valid_blocksize
virtual bool valid_blocksize(size_t block_size) const =0
Botan::BlockCipherModePaddingMethod::apply_padding
virtual void apply_padding(std::span< uint8_t > last_block, size_t padding_start_pos) const =0
Botan::CT::scoped_poison
constexpr auto scoped_poison(const Ts &... xs)
Definition ct_utils.h:220
Botan::CT::poison
constexpr void poison(const T *p, size_t n)
Definition ct_utils.h:54

References apply_padding(), BOTAN_ASSERT_NOMSG, Botan::CT::scoped_poison(), and valid_blocksize().

◆ apply_padding()

void Botan::ANSI_X923_Padding::apply_padding ( std::span< uint8_t > last_block,
size_t padding_start_pos ) const
overridevirtual

Applies the concrete padding to the last_block assuming the padding bytes should start at padding_start_pos within the last block.

Concrete implementations of this function must ensure not to leak padding_start_pos via side channels. Both the bytes of last_block and padding_start_pos are passed in with CT::poison applied.

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 113 of file mode_pad.cpp.

113 {
114 /*
115 Padding format is
116 01
117 0002
118 000003
119 ...
120 */
121 const uint8_t BS = static_cast<uint8_t>(last_block.size());
122 const uint8_t start_pos = static_cast<uint8_t>(padding_start_pos);
123 const uint8_t padding_len = BS - start_pos;
124 for(uint8_t i = 0; i != BS - 1; ++i) {
125 auto needs_padding = CT::Mask<uint8_t>::is_gte(i, start_pos);
126 last_block[i] = needs_padding.select(0, last_block[i]);
127 }
128
129 last_block.back() = padding_len;
130}
Botan::CT::Mask::is_gte
static constexpr Mask< T > is_gte(T x, T y)
Definition ct_utils.h:496

References Botan::CT::Mask< T >::is_gte().

◆ create()

std::unique_ptr< BlockCipherModePaddingMethod > Botan::BlockCipherModePaddingMethod::create ( std::string_view algo_spec)
staticinherited

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters
algo_specblock cipher padding mode name

Get a block cipher padding method by name

Definition at line 20 of file mode_pad.cpp.

20 {
21 if(algo_spec == "NoPadding") {
22 return std::make_unique<Null_Padding>();
23 }
24
25 if(algo_spec == "PKCS7") {
26 return std::make_unique<PKCS7_Padding>();
27 }
28
29 if(algo_spec == "OneAndZeros") {
30 return std::make_unique<OneAndZeros_Padding>();
31 }
32
33 if(algo_spec == "X9.23") {
34 return std::make_unique<ANSI_X923_Padding>();
35 }
36
37 if(algo_spec == "ESP") {
38 return std::make_unique<ESP_Padding>();
39 }
40
41 return nullptr;
42}

Referenced by Botan::Cipher_Mode::create().

◆ name()

std::string Botan::ANSI_X923_Padding::name ( ) const
inlineoverridevirtual
Returns
name of the mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 128 of file mode_pad.h.

128{ return "X9.23"; }

◆ output_length()

virtual size_t Botan::BlockCipherModePaddingMethod::output_length ( size_t input_length,
size_t block_size ) const
inlinevirtualinherited
Parameters
input_lengthnumber of bytes to be padded
block_sizesize of each block in bytes
Returns
the total number of output bytes (including the padding)

Reimplemented in Botan::Null_Padding.

Definition at line 66 of file mode_pad.h.

66 {
67 return ((input_length + block_size) / block_size) * block_size;
68 }

Referenced by Botan::CBC_Encryption::output_length().

◆ remove_padding()

size_t Botan::ANSI_X923_Padding::remove_padding ( std::span< const uint8_t > last_block) const
overridevirtual

Removes the padding from last_block and returns the number of data bytes. If the padding is invalid, this returns the byte length of last_block.

Concrete implementations of this function must ensure not to leak the size or validity of the padding via side channels. The bytes of last_block are passed in with CT::poison applied to them.

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 135 of file mode_pad.cpp.

135 {
136 const size_t BS = input.size();
137 const size_t last_byte = input.back();
138
139 auto bad_input = CT::Mask<size_t>::is_gt(last_byte, BS);
140
141 const size_t pad_pos = BS - last_byte;
142
143 for(size_t i = 0; i != BS - 1; ++i) {
144 // Ignore values that are not part of the padding
145 const auto in_range = CT::Mask<size_t>::is_gte(i, pad_pos);
146 const auto pad_is_nonzero = CT::Mask<size_t>::expand(input[i]);
147 bad_input |= pad_is_nonzero & in_range;
148 }
149
150 return bad_input.select(BS, pad_pos);
151}
Botan::CT::Mask::expand
static constexpr Mask< T > expand(T v)
Definition ct_utils.h:420
Botan::CT::Mask::is_gt
static constexpr Mask< T > is_gt(T x, T y)
Definition ct_utils.h:486

References Botan::CT::Mask< T >::expand(), Botan::CT::Mask< T >::is_gt(), and Botan::CT::Mask< T >::is_gte().

◆ unpad()

size_t Botan::BlockCipherModePaddingMethod::unpad ( std::span< const uint8_t > last_block) const
inherited

Remove padding bytes from block

Parameters
last_blockthe last block containing the padding
Returns
number of data bytes, or if the padding is invalid returns the byte length of last_block (i.e. the block size)

Definition at line 54 of file mode_pad.cpp.

54 {
55 if(!valid_blocksize(last_block.size())) {
56 return last_block.size();
57 }
58
59 auto poison = CT::scoped_poison(last_block);
60 return CT::driveby_unpoison(remove_padding(last_block));
61}
Botan::BlockCipherModePaddingMethod::remove_padding
virtual size_t remove_padding(std::span< const uint8_t > last_block) const =0
Botan::CT::driveby_unpoison
decltype(auto) driveby_unpoison(T &&v)
Definition ct_utils.h:241

References Botan::CT::driveby_unpoison(), remove_padding(), Botan::CT::scoped_poison(), and valid_blocksize().

◆ valid_blocksize()

bool Botan::ANSI_X923_Padding::valid_blocksize ( size_t block_size) const
inlineoverridevirtual
Parameters
block_sizeof the cipher
Returns
valid block size for this padding mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 126 of file mode_pad.h.

126{ return (bs > 2 && bs < 256); }
The documentation for this class was generated from the following files:
Generated by doxygen 1.14.0