Botan  2.9.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::EME_PKCS1v15 Class Referencefinal

#include <eme_pkcs.h>

Inheritance diagram for Botan::EME_PKCS1v15:
Botan::EME

Public Member Functions

secure_vector< uint8_t > encode (const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const
 
secure_vector< uint8_t > encode (const secure_vector< uint8_t > &in, size_t key_length, RandomNumberGenerator &rng) const
 
size_t maximum_input_size (size_t) const override
 
secure_vector< uint8_t > pad (const uint8_t[], size_t, size_t, RandomNumberGenerator &) const override
 
secure_vector< uint8_t > unpad (uint8_t &valid_mask, const uint8_t in[], size_t in_len) const override
 

Detailed Description

EME from PKCS #1 v1.5

Definition at line 18 of file eme_pkcs.h.

Member Function Documentation

◆ encode() [1/2]

secure_vector< uint8_t > Botan::EME::encode ( const uint8_t  in[],
size_t  in_length,
size_t  key_length,
RandomNumberGenerator rng 
) const
inherited

Encode an input

Parameters
inthe plaintext
in_lengthlength of plaintext in bytes
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Definition at line 76 of file eme.cpp.

References Botan::EME::pad().

79  {
80  return pad(msg, msg_len, key_bits, rng);
81  }
virtual secure_vector< uint8_t > pad(const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const =0

◆ encode() [2/2]

secure_vector< uint8_t > Botan::EME::encode ( const secure_vector< uint8_t > &  in,
size_t  key_length,
RandomNumberGenerator rng 
) const
inherited

Encode an input

Parameters
inthe plaintext
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Definition at line 86 of file eme.cpp.

References Botan::EME::pad().

89  {
90  return pad(msg.data(), msg.size(), key_bits, rng);
91  }
virtual secure_vector< uint8_t > pad(const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const =0

◆ maximum_input_size()

size_t Botan::EME_PKCS1v15::maximum_input_size ( size_t  keybits) const
overridevirtual

Return the maximum input size in bytes we can support

Parameters
keybitsthe size of the key in bits
Returns
upper bound of input in bytes

Implements Botan::EME.

Definition at line 101 of file eme_pkcs.cpp.

Referenced by pad().

102  {
103  if(keybits / 8 > 10)
104  return ((keybits / 8) - 10);
105  else
106  return 0;
107  }

◆ pad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::pad ( const uint8_t  in[],
size_t  in_length,
size_t  key_length,
RandomNumberGenerator rng 
) const
overridevirtual

Encode an input

Parameters
inthe plaintext
in_lengthlength of plaintext in bytes
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Implements Botan::EME.

Definition at line 18 of file eme_pkcs.cpp.

References Botan::buffer_insert(), maximum_input_size(), Botan::RandomNumberGenerator::next_nonzero_byte(), and Botan::RandomNumberGenerator::randomize().

21  {
22  key_length /= 8;
23 
24  if(inlen > maximum_input_size(key_length * 8))
25  {
26  throw Invalid_Argument("PKCS1: Input is too large");
27  }
28 
29  secure_vector<uint8_t> out(key_length);
30 
31  out[0] = 0x02;
32  rng.randomize(out.data() + 1, (key_length - inlen - 2));
33 
34  for(size_t j = 1; j != key_length - inlen - 1; ++j)
35  {
36  if(out[j] == 0)
37  {
38  out[j] = rng.next_nonzero_byte();
39  }
40  }
41 
42  buffer_insert(out, key_length - inlen, in, inlen);
43 
44  return out;
45  }
size_t maximum_input_size(size_t) const override
Definition: eme_pkcs.cpp:101
size_t buffer_insert(std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
Definition: secmem.h:80

◆ unpad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::unpad ( uint8_t &  valid_mask,
const uint8_t  in[],
size_t  in_len 
) const
overridevirtual

Decode an input

Parameters
valid_maskwritten to specifies if output is valid
inthe encoded plaintext
in_lenlength of encoded plaintext in bytes
Returns
bytes of out[] written to along with validity mask (0xFF if valid, else 0x00)

Implements Botan::EME.

Definition at line 50 of file eme_pkcs.cpp.

References Botan::CT::Mask< T >::cleared(), Botan::CT::copy_output(), Botan::CT::Mask< T >::if_not_set_return(), Botan::CT::Mask< T >::is_lt(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), and Botan::CT::unpoison().

52  {
53  /*
54  * RSA decryption pads the ciphertext up to the modulus size, so this only
55  * occurs with very (!) small keys, or when fuzzing.
56  *
57  * 11 bytes == 00,02 + 8 bytes mandatory padding + 00
58  */
59  if(inlen < 11)
60  {
61  valid_mask = false;
62  return secure_vector<uint8_t>();
63  }
64 
65  CT::poison(in, inlen);
66 
67  CT::Mask<uint8_t> bad_input_m = CT::Mask<uint8_t>::cleared();
68  CT::Mask<uint8_t> seen_zero_m = CT::Mask<uint8_t>::cleared();
69  size_t delim_idx = 2; // initial 0002
70 
71  bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[0], 0);
72  bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[1], 2);
73 
74  for(size_t i = 2; i < inlen; ++i)
75  {
76  const auto is_zero_m = CT::Mask<uint8_t>::is_zero(in[i]);
77  delim_idx += seen_zero_m.if_not_set_return(1);
78  seen_zero_m |= is_zero_m;
79  }
80 
81  // no zero delim -> bad padding
82  bad_input_m |= ~seen_zero_m;
83  /*
84  delim indicates < 8 bytes padding -> bad padding
85 
86  We require 11 here because we are counting also the 00 delim byte
87  */
88  bad_input_m |= CT::Mask<uint8_t>(CT::Mask<size_t>::is_lt(delim_idx, 11));
89 
90  valid_mask = (~bad_input_m).unpoisoned_value();
91  const secure_vector<uint8_t> output = CT::copy_output(bad_input_m, in, inlen, delim_idx);
92 
93  CT::unpoison(in, inlen);
94 
95  return output;
96  }
static Mask< T > cleared()
Definition: ct_utils.h:115
void poison(const T *p, size_t n)
Definition: ct_utils.h:48
secure_vector< uint8_t > copy_output(CT::Mask< uint8_t > bad_input, const uint8_t input[], size_t input_length, size_t offset)
Definition: ct_utils.cpp:13
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:59
static Mask< T > is_zero(T x)
Definition: ct_utils.h:141
static Mask< T > is_lt(T x, T y)
Definition: ct_utils.h:157

The documentation for this class was generated from the following files: