Botan 3.2.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::EME_PKCS1v15 Class Referencefinal

#include <eme_pkcs.h>

Inheritance diagram for Botan::EME_PKCS1v15:
Botan::EME

Public Member Functions

secure_vector< uint8_t > encode (const secure_vector< uint8_t > &in, size_t key_length, RandomNumberGenerator &rng) const
 
secure_vector< uint8_t > encode (const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const
 
size_t maximum_input_size (size_t) const override
 
secure_vector< uint8_t > pad (const uint8_t[], size_t, size_t, RandomNumberGenerator &) const override
 
secure_vector< uint8_t > unpad (uint8_t &valid_mask, const uint8_t in[], size_t in_len) const override
 

Static Public Member Functions

static std::unique_ptr< EMEcreate (std::string_view algo_spec)
 

Detailed Description

EME from PKCS #1 v1.5

Definition at line 18 of file eme_pkcs.h.

Member Function Documentation

◆ create()

std::unique_ptr< EME > Botan::EME::create ( std::string_view  algo_spec)
staticinherited

Factory method for EME (message-encoding methods for encryption) objects

Parameters
algo_specthe name of the EME to create
Returns
pointer to newly allocated object of that type

Definition at line 28 of file eme.cpp.

28 {
29#if defined(BOTAN_HAS_EME_RAW)
30 if(algo_spec == "Raw") {
31 return std::make_unique<EME_Raw>();
32 }
33#endif
34
35#if defined(BOTAN_HAS_EME_PKCS1)
36 if(algo_spec == "PKCS1v15" || algo_spec == "EME-PKCS1-v1_5") {
37 return std::make_unique<EME_PKCS1v15>();
38 }
39#endif
40
41#if defined(BOTAN_HAS_EME_OAEP)
42 SCAN_Name req(algo_spec);
43
44 if(req.algo_name() == "OAEP" || req.algo_name() == "EME-OAEP" || req.algo_name() == "EME1") {
45 if(req.arg_count() == 1 || ((req.arg_count() == 2 || req.arg_count() == 3) && req.arg(1) == "MGF1")) {
46 if(auto hash = HashFunction::create(req.arg(0))) {
47 return std::make_unique<OAEP>(std::move(hash), req.arg(2, ""));
48 }
49 } else if(req.arg_count() == 2 || req.arg_count() == 3) {
50 auto mgf_params = parse_algorithm_name(req.arg(1));
51
52 if(mgf_params.size() == 2 && mgf_params[0] == "MGF1") {
53 auto hash = HashFunction::create(req.arg(0));
54 auto mgf1_hash = HashFunction::create(mgf_params[1]);
55
56 if(hash && mgf1_hash) {
57 return std::make_unique<OAEP>(std::move(hash), std::move(mgf1_hash), req.arg(2, ""));
58 }
59 }
60 }
61 }
62#endif
63
64 throw Algorithm_Not_Found(algo_spec);
65}
static std::unique_ptr< HashFunction > create(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:103
std::vector< std::string > parse_algorithm_name(std::string_view namex)
Definition parsing.cpp:57

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), Botan::HashFunction::create(), and Botan::parse_algorithm_name().

◆ encode() [1/2]

secure_vector< uint8_t > Botan::EME::encode ( const secure_vector< uint8_t > &  in,
size_t  key_length,
RandomNumberGenerator rng 
) const
inherited

Encode an input

Parameters
inthe plaintext
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Definition at line 80 of file eme.cpp.

82 {
83 return pad(msg.data(), msg.size(), key_bits, rng);
84}
virtual secure_vector< uint8_t > pad(const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const =0

References Botan::EME::pad().

◆ encode() [2/2]

secure_vector< uint8_t > Botan::EME::encode ( const uint8_t  in[],
size_t  in_length,
size_t  key_length,
RandomNumberGenerator rng 
) const
inherited

Encode an input

Parameters
inthe plaintext
in_lengthlength of plaintext in bytes
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Definition at line 70 of file eme.cpp.

73 {
74 return pad(msg, msg_len, key_bits, rng);
75}

References Botan::EME::pad().

◆ maximum_input_size()

size_t Botan::EME_PKCS1v15::maximum_input_size ( size_t  keybits) const
overridevirtual

Return the maximum input size in bytes we can support

Parameters
keybitsthe size of the key in bits
Returns
upper bound of input in bytes

Implements Botan::EME.

Definition at line 95 of file eme_pkcs.cpp.

95 {
96 if(keybits / 8 > 10) {
97 return ((keybits / 8) - 10);
98 } else {
99 return 0;
100 }
101}

Referenced by pad().

◆ pad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::pad ( const uint8_t  in[],
size_t  in_length,
size_t  key_length,
RandomNumberGenerator rng 
) const
overridevirtual

Encode an input

Parameters
inthe plaintext
in_lengthlength of plaintext in bytes
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Implements Botan::EME.

Definition at line 19 of file eme_pkcs.cpp.

22 {
23 key_length /= 8;
24
25 if(inlen > maximum_input_size(key_length * 8)) {
26 throw Invalid_Argument("PKCS1: Input is too large");
27 }
28
29 secure_vector<uint8_t> out(key_length);
30
31 out[0] = 0x02;
32 rng.randomize(out.data() + 1, (key_length - inlen - 2));
33
34 for(size_t j = 1; j != key_length - inlen - 1; ++j) {
35 if(out[j] == 0) {
36 out[j] = rng.next_nonzero_byte();
37 }
38 }
39
40 buffer_insert(out, key_length - inlen, in, inlen);
41
42 return out;
43}
size_t maximum_input_size(size_t) const override
Definition eme_pkcs.cpp:95
size_t buffer_insert(std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
Definition mem_ops.h:212

References Botan::buffer_insert(), maximum_input_size(), Botan::RandomNumberGenerator::next_nonzero_byte(), and Botan::RandomNumberGenerator::randomize().

◆ unpad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::unpad ( uint8_t &  valid_mask,
const uint8_t  in[],
size_t  in_len 
) const
overridevirtual

Decode an input

Parameters
valid_maskwritten to specifies if output is valid
inthe encoded plaintext
in_lenlength of encoded plaintext in bytes
Returns
bytes of out[] written to along with validity mask (0xFF if valid, else 0x00)

Implements Botan::EME.

Definition at line 48 of file eme_pkcs.cpp.

48 {
49 /*
50 * RSA decryption pads the ciphertext up to the modulus size, so this only
51 * occurs with very (!) small keys, or when fuzzing.
52 *
53 * 11 bytes == 00,02 + 8 bytes mandatory padding + 00
54 */
55 if(inlen < 11) {
56 valid_mask = false;
57 return secure_vector<uint8_t>();
58 }
59
60 CT::poison(in, inlen);
61
62 CT::Mask<uint8_t> bad_input_m = CT::Mask<uint8_t>::cleared();
63 CT::Mask<uint8_t> seen_zero_m = CT::Mask<uint8_t>::cleared();
64 size_t delim_idx = 2; // initial 0002
65
66 bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[0], 0);
67 bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[1], 2);
68
69 for(size_t i = 2; i < inlen; ++i) {
70 const auto is_zero_m = CT::Mask<uint8_t>::is_zero(in[i]);
71 delim_idx += seen_zero_m.if_not_set_return(1);
72 seen_zero_m |= is_zero_m;
73 }
74
75 // no zero delim -> bad padding
76 bad_input_m |= ~seen_zero_m;
77 /*
78 delim indicates < 8 bytes padding -> bad padding
79
80 We require 11 here because we are counting also the 00 delim byte
81 */
82 bad_input_m |= CT::Mask<uint8_t>(CT::Mask<size_t>::is_lt(delim_idx, 11));
83
84 valid_mask = (~bad_input_m).unpoisoned_value();
85 auto output = CT::copy_output(bad_input_m, in, inlen, delim_idx);
86
87 CT::unpoison(in, inlen);
88
89 return output;
90}
static Mask< T > is_zero(T x)
Definition ct_utils.h:121
static Mask< T > is_lt(T x, T y)
Definition ct_utils.h:131
static Mask< T > cleared()
Definition ct_utils.h:102
void poison(const T *p, size_t n)
Definition ct_utils.h:46
secure_vector< uint8_t > copy_output(CT::Mask< uint8_t > bad_input_u8, const uint8_t input[], size_t input_length, size_t offset)
Definition ct_utils.cpp:11
void unpoison(const T *p, size_t n)
Definition ct_utils.h:55

References Botan::CT::Mask< T >::cleared(), Botan::CT::copy_output(), Botan::CT::Mask< T >::if_not_set_return(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), and Botan::CT::unpoison().


The documentation for this class was generated from the following files: