Botan::EME_PKCS1v15 Class Reference

#include <eme_pkcs.h>

Inheritance diagram for Botan::EME_PKCS1v15:

Public Member Functions
secure_vector< uint8_t >	encode (const secure_vector< uint8_t > &in, size_t key_length, RandomNumberGenerator &rng) const
secure_vector< uint8_t >	encode (const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const
size_t	maximum_input_size (size_t) const override
secure_vector< uint8_t >	pad (const uint8_t[], size_t, size_t, RandomNumberGenerator &) const override
secure_vector< uint8_t >	unpad (uint8_t &valid_mask, const uint8_t in[], size_t in_len) const override

Static Public Member Functions
static std::unique_ptr< EME >	create (std::string_view algo_spec)

Detailed Description

EME from PKCS #1 v1.5

Definition at line 18 of file eme_pkcs.h.

Member Function Documentation

create()

std::unique_ptr< EME > Botan::EME::create ( std::string_view  algo_spec )

staticinherited

Factory method for EME (message-encoding methods for encryption) objects

Parameters

algo_spec

the name of the EME to create

Returns

pointer to newly allocated object of that type

Definition at line 28 of file eme.cpp.

                                                       {
#if defined(BOTAN_HAS_EME_RAW)
   if(algo_spec == "Raw") {
      return std::make_unique<EME_Raw>();
   }
#endif
 
#if defined(BOTAN_HAS_EME_PKCS1)
   if(algo_spec == "PKCS1v15" || algo_spec == "EME-PKCS1-v1_5") {
      return std::make_unique<EME_PKCS1v15>();
   }
#endif
 
#if defined(BOTAN_HAS_EME_OAEP)
   SCAN_Name req(algo_spec);
 
   if(req.algo_name() == "OAEP" || req.algo_name() == "EME-OAEP" || req.algo_name() == "EME1") {
      if(req.arg_count() == 1 || ((req.arg_count() == 2 || req.arg_count() == 3) && req.arg(1) == "MGF1")) {
         if(auto hash = HashFunction::create(req.arg(0))) {
            return std::make_unique<OAEP>(std::move(hash), req.arg(2, ""));
         }
      } else if(req.arg_count() == 2 || req.arg_count() == 3) {
         auto mgf_params = parse_algorithm_name(req.arg(1));
 
         if(mgf_params.size() == 2 && mgf_params[0] == "MGF1") {
            auto hash = HashFunction::create(req.arg(0));
            auto mgf1_hash = HashFunction::create(mgf_params[1]);
 
            if(hash && mgf1_hash) {
               return std::make_unique<OAEP>(std::move(hash), std::move(mgf1_hash), req.arg(2, ""));
            }
         }
      }
   }
#endif
 
   throw Algorithm_Not_Found(algo_spec);
}

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), Botan::HashFunction::create(), and Botan::parse_algorithm_name().

encode() [1/2]

secure_vector< uint8_t > Botan::EME::encode ( const secure_vector< uint8_t > &  in, size_t  key_length, RandomNumberGenerator &  rng  ) const

inherited

Encode an input

Parameters

in	the plaintext
key_length	length of the key in bits
rng	a random number generator

Returns

encoded plaintext

Definition at line 80 of file eme.cpp.

                                                                     {
   return pad(msg.data(), msg.size(), key_bits, rng);
}

References Botan::EME::pad().

encode() [2/2]

secure_vector< uint8_t > Botan::EME::encode ( const uint8_t  in[], size_t  in_length, size_t  key_length, RandomNumberGenerator &  rng  ) const

inherited

Encode an input

Parameters

in	the plaintext
in_length	length of plaintext in bytes
key_length	length of the key in bits
rng	a random number generator

Returns

encoded plaintext

Definition at line 70 of file eme.cpp.

                                                                     {
   return pad(msg, msg_len, key_bits, rng);
}

References Botan::EME::pad().

maximum_input_size()

size_t Botan::EME_PKCS1v15::maximum_input_size ( size_t  keybits ) const

overridevirtual

Return the maximum input size in bytes we can support

Parameters

keybits

the size of the key in bits

Returns

upper bound of input in bytes

Implements Botan::EME.

Definition at line 95 of file eme_pkcs.cpp.

                                                            {
   if(keybits / 8 > 10) {
      return ((keybits / 8) - 10);
   } else {
      return 0;
   }
}

Referenced by pad().

pad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::pad ( const uint8_t  in[], size_t  in_length, size_t  key_length, RandomNumberGenerator &  rng  ) const

overridevirtual

Encode an input

Parameters

in	the plaintext
in_length	length of plaintext in bytes
key_length	length of the key in bits
rng	a random number generator

Returns

encoded plaintext

Implements Botan::EME.

Definition at line 19 of file eme_pkcs.cpp.

                                                                           {
   key_length /= 8;
 
   if(inlen > maximum_input_size(key_length * 8)) {
      throw Invalid_Argument("PKCS1: Input is too large");
   }
 
   secure_vector<uint8_t> out(key_length);
 
   out[0] = 0x02;
   rng.randomize(out.data() + 1, (key_length - inlen - 2));
 
   for(size_t j = 1; j != key_length - inlen - 1; ++j) {
      if(out[j] == 0) {
         out[j] = rng.next_nonzero_byte();
      }
   }
 
   buffer_insert(out, key_length - inlen, in, inlen);
 
   return out;
}

References Botan::buffer_insert(), maximum_input_size(), Botan::RandomNumberGenerator::next_nonzero_byte(), and Botan::RandomNumberGenerator::randomize().

unpad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::unpad ( uint8_t &  valid_mask, const uint8_t  in[], size_t  in_len  ) const

overridevirtual

Decode an input

Parameters

valid_mask	written to specifies if output is valid
in	the encoded plaintext
in_len	length of encoded plaintext in bytes

Returns

bytes of out[] written to along with validity mask (0xFF if valid, else 0x00)

Implements Botan::EME.

Definition at line 48 of file eme_pkcs.cpp.

                                                                                                      {
   /*
   * RSA decryption pads the ciphertext up to the modulus size, so this only
   * occurs with very (!) small keys, or when fuzzing.
   *
   * 11 bytes == 00,02 + 8 bytes mandatory padding + 00
   */
   if(inlen < 11) {
      valid_mask = false;
      return secure_vector<uint8_t>();
   }
 
   CT::poison(in, inlen);
 
   CT::Mask<uint8_t> bad_input_m = CT::Mask<uint8_t>::cleared();
   CT::Mask<uint8_t> seen_zero_m = CT::Mask<uint8_t>::cleared();
   size_t delim_idx = 2;  // initial 0002
 
   bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[0], 0);
   bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[1], 2);
 
   for(size_t i = 2; i < inlen; ++i) {
      const auto is_zero_m = CT::Mask<uint8_t>::is_zero(in[i]);
      delim_idx += seen_zero_m.if_not_set_return(1);
      seen_zero_m |= is_zero_m;
   }
 
   // no zero delim -> bad padding
   bad_input_m |= ~seen_zero_m;
   /*
   delim indicates < 8 bytes padding -> bad padding
 
   We require 11 here because we are counting also the 00 delim byte
   */
   bad_input_m |= CT::Mask<uint8_t>(CT::Mask<size_t>::is_lt(delim_idx, 11));
 
   valid_mask = (~bad_input_m).unpoisoned_value();
   auto output = CT::copy_output(bad_input_m, in, inlen, delim_idx);
 
   CT::unpoison(in, inlen);
 
   return output;
}

References Botan::CT::Mask< T >::cleared(), Botan::CT::copy_output(), Botan::CT::Mask< T >::if_not_set_return(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), and Botan::CT::unpoison().

---

The documentation for this class was generated from the following files:

• src/lib/pk_pad/eme_pkcs1/eme_pkcs.h
• src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp