Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::EME_PKCS1v15 Class Referencefinal

#include <eme_pkcs.h>

Inheritance diagram for Botan::EME_PKCS1v15:
Botan::EME

Public Member Functions

secure_vector< uint8_t > encode (const secure_vector< uint8_t > &in, size_t key_length, RandomNumberGenerator &rng) const
 
secure_vector< uint8_t > encode (const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const
 
size_t maximum_input_size (size_t) const override
 
secure_vector< uint8_t > pad (const uint8_t[], size_t, size_t, RandomNumberGenerator &) const override
 
secure_vector< uint8_t > unpad (uint8_t &valid_mask, const uint8_t in[], size_t in_len) const override
 

Static Public Member Functions

static std::unique_ptr< EMEcreate (const std::string &algo_spec)
 

Detailed Description

EME from PKCS #1 v1.5

Definition at line 18 of file eme_pkcs.h.

Member Function Documentation

◆ create()

std::unique_ptr< EME > Botan::EME::create ( const std::string &  algo_spec)
staticinherited

Factory method for EME (message-encoding methods for encryption) objects

Parameters
algo_specthe name of the EME to create
Returns
pointer to newly allocated object of that type

Definition at line 27 of file eme.cpp.

28 {
29#if defined(BOTAN_HAS_EME_RAW)
30 if(algo_spec == "Raw")
31 return std::make_unique<EME_Raw>();
32#endif
33
34#if defined(BOTAN_HAS_EME_PKCS1)
35 if(algo_spec == "PKCS1v15" || algo_spec == "EME-PKCS1-v1_5")
36 return std::make_unique<EME_PKCS1v15>();
37#endif
38
39#if defined(BOTAN_HAS_EME_OAEP)
40 SCAN_Name req(algo_spec);
41
42 if(req.algo_name() == "OAEP" ||
43 req.algo_name() == "EME-OAEP" ||
44 req.algo_name() == "EME1")
45 {
46 if(req.arg_count() == 1 ||
47 ((req.arg_count() == 2 || req.arg_count() == 3) && req.arg(1) == "MGF1"))
48 {
49 if(auto hash = HashFunction::create(req.arg(0)))
50 return std::make_unique<OAEP>(std::move(hash), req.arg(2, ""));
51 }
52 else if(req.arg_count() == 2 || req.arg_count() == 3)
53 {
54 auto mgf_params = parse_algorithm_name(req.arg(1));
55
56 if(mgf_params.size() == 2 && mgf_params[0] == "MGF1")
57 {
58 auto hash = HashFunction::create(req.arg(0));
59 auto mgf1_hash = HashFunction::create(mgf_params[1]);
60
61 if(hash && mgf1_hash)
62 {
63 return std::make_unique<OAEP>(std::move(hash),
64 std::move(mgf1_hash),
65 req.arg(2, ""));
66 }
67 }
68 }
69 }
70#endif
71
72 throw Algorithm_Not_Found(algo_spec);
73 }
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:98
std::vector< std::string > parse_algorithm_name(const std::string &namex)
Definition: parsing.cpp:58
MechanismType hash

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), Botan::HashFunction::create(), hash, and Botan::parse_algorithm_name().

◆ encode() [1/2]

secure_vector< uint8_t > Botan::EME::encode ( const secure_vector< uint8_t > &  in,
size_t  key_length,
RandomNumberGenerator rng 
) const
inherited

Encode an input

Parameters
inthe plaintext
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Definition at line 88 of file eme.cpp.

91 {
92 return pad(msg.data(), msg.size(), key_bits, rng);
93 }
virtual secure_vector< uint8_t > pad(const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const =0

References Botan::EME::pad().

◆ encode() [2/2]

secure_vector< uint8_t > Botan::EME::encode ( const uint8_t  in[],
size_t  in_length,
size_t  key_length,
RandomNumberGenerator rng 
) const
inherited

Encode an input

Parameters
inthe plaintext
in_lengthlength of plaintext in bytes
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Definition at line 78 of file eme.cpp.

81 {
82 return pad(msg, msg_len, key_bits, rng);
83 }

References Botan::EME::pad().

◆ maximum_input_size()

size_t Botan::EME_PKCS1v15::maximum_input_size ( size_t  keybits) const
overridevirtual

Return the maximum input size in bytes we can support

Parameters
keybitsthe size of the key in bits
Returns
upper bound of input in bytes

Implements Botan::EME.

Definition at line 101 of file eme_pkcs.cpp.

102 {
103 if(keybits / 8 > 10)
104 return ((keybits / 8) - 10);
105 else
106 return 0;
107 }

Referenced by pad().

◆ pad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::pad ( const uint8_t  in[],
size_t  in_length,
size_t  key_length,
RandomNumberGenerator rng 
) const
overridevirtual

Encode an input

Parameters
inthe plaintext
in_lengthlength of plaintext in bytes
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Implements Botan::EME.

Definition at line 18 of file eme_pkcs.cpp.

21 {
22 key_length /= 8;
23
24 if(inlen > maximum_input_size(key_length * 8))
25 {
26 throw Invalid_Argument("PKCS1: Input is too large");
27 }
28
29 secure_vector<uint8_t> out(key_length);
30
31 out[0] = 0x02;
32 rng.randomize(out.data() + 1, (key_length - inlen - 2));
33
34 for(size_t j = 1; j != key_length - inlen - 1; ++j)
35 {
36 if(out[j] == 0)
37 {
38 out[j] = rng.next_nonzero_byte();
39 }
40 }
41
42 buffer_insert(out, key_length - inlen, in, inlen);
43
44 return out;
45 }
size_t maximum_input_size(size_t) const override
Definition: eme_pkcs.cpp:101
size_t buffer_insert(std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
Definition: mem_ops.h:221

References Botan::buffer_insert(), maximum_input_size(), Botan::RandomNumberGenerator::next_nonzero_byte(), and Botan::RandomNumberGenerator::randomize().

◆ unpad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::unpad ( uint8_t &  valid_mask,
const uint8_t  in[],
size_t  in_len 
) const
overridevirtual

Decode an input

Parameters
valid_maskwritten to specifies if output is valid
inthe encoded plaintext
in_lenlength of encoded plaintext in bytes
Returns
bytes of out[] written to along with validity mask (0xFF if valid, else 0x00)

Implements Botan::EME.

Definition at line 50 of file eme_pkcs.cpp.

52 {
53 /*
54 * RSA decryption pads the ciphertext up to the modulus size, so this only
55 * occurs with very (!) small keys, or when fuzzing.
56 *
57 * 11 bytes == 00,02 + 8 bytes mandatory padding + 00
58 */
59 if(inlen < 11)
60 {
61 valid_mask = false;
62 return secure_vector<uint8_t>();
63 }
64
65 CT::poison(in, inlen);
66
67 CT::Mask<uint8_t> bad_input_m = CT::Mask<uint8_t>::cleared();
68 CT::Mask<uint8_t> seen_zero_m = CT::Mask<uint8_t>::cleared();
69 size_t delim_idx = 2; // initial 0002
70
71 bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[0], 0);
72 bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[1], 2);
73
74 for(size_t i = 2; i < inlen; ++i)
75 {
76 const auto is_zero_m = CT::Mask<uint8_t>::is_zero(in[i]);
77 delim_idx += seen_zero_m.if_not_set_return(1);
78 seen_zero_m |= is_zero_m;
79 }
80
81 // no zero delim -> bad padding
82 bad_input_m |= ~seen_zero_m;
83 /*
84 delim indicates < 8 bytes padding -> bad padding
85
86 We require 11 here because we are counting also the 00 delim byte
87 */
88 bad_input_m |= CT::Mask<uint8_t>(CT::Mask<size_t>::is_lt(delim_idx, 11));
89
90 valid_mask = (~bad_input_m).unpoisoned_value();
91 auto output = CT::copy_output(bad_input_m, in, inlen, delim_idx);
92
93 CT::unpoison(in, inlen);
94
95 return output;
96 }
static Mask< T > is_zero(T x)
Definition: ct_utils.h:139
static Mask< T > is_lt(T x, T y)
Definition: ct_utils.h:155
static Mask< T > cleared()
Definition: ct_utils.h:113
void poison(const T *p, size_t n)
Definition: ct_utils.h:48
secure_vector< uint8_t > copy_output(CT::Mask< uint8_t > bad_input_u8, const uint8_t input[], size_t input_length, size_t offset)
Definition: ct_utils.cpp:11
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:58

References Botan::CT::Mask< T >::cleared(), Botan::CT::copy_output(), Botan::CT::Mask< T >::if_not_set_return(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), and Botan::CT::unpoison().


The documentation for this class was generated from the following files: