Botan 2.19.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::EME_PKCS1v15 Class Referencefinal

#include <eme_pkcs.h>

Inheritance diagram for Botan::EME_PKCS1v15:
Botan::EME

Public Member Functions

secure_vector< uint8_t > encode (const secure_vector< uint8_t > &in, size_t key_length, RandomNumberGenerator &rng) const
 
secure_vector< uint8_t > encode (const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const
 
size_t maximum_input_size (size_t) const override
 
secure_vector< uint8_t > pad (const uint8_t[], size_t, size_t, RandomNumberGenerator &) const override
 
secure_vector< uint8_t > unpad (uint8_t &valid_mask, const uint8_t in[], size_t in_len) const override
 

Detailed Description

EME from PKCS #1 v1.5

Definition at line 20 of file eme_pkcs.h.

Member Function Documentation

◆ encode() [1/2]

secure_vector< uint8_t > Botan::EME::encode ( const secure_vector< uint8_t > &  in,
size_t  key_length,
RandomNumberGenerator rng 
) const
inherited

Encode an input

Parameters
inthe plaintext
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Definition at line 86 of file eme.cpp.

89 {
90 return pad(msg.data(), msg.size(), key_bits, rng);
91 }
virtual secure_vector< uint8_t > pad(const uint8_t in[], size_t in_length, size_t key_length, RandomNumberGenerator &rng) const =0

References Botan::EME::pad().

◆ encode() [2/2]

secure_vector< uint8_t > Botan::EME::encode ( const uint8_t  in[],
size_t  in_length,
size_t  key_length,
RandomNumberGenerator rng 
) const
inherited

Encode an input

Parameters
inthe plaintext
in_lengthlength of plaintext in bytes
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Definition at line 76 of file eme.cpp.

79 {
80 return pad(msg, msg_len, key_bits, rng);
81 }

References Botan::EME::pad().

◆ maximum_input_size()

size_t Botan::EME_PKCS1v15::maximum_input_size ( size_t  keybits) const
overridevirtual

Return the maximum input size in bytes we can support

Parameters
keybitsthe size of the key in bits
Returns
upper bound of input in bytes

Implements Botan::EME.

Definition at line 101 of file eme_pkcs.cpp.

102 {
103 if(keybits / 8 > 10)
104 return ((keybits / 8) - 10);
105 else
106 return 0;
107 }

Referenced by pad().

◆ pad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::pad ( const uint8_t  in[],
size_t  in_length,
size_t  key_length,
RandomNumberGenerator rng 
) const
overridevirtual

Encode an input

Parameters
inthe plaintext
in_lengthlength of plaintext in bytes
key_lengthlength of the key in bits
rnga random number generator
Returns
encoded plaintext

Implements Botan::EME.

Definition at line 18 of file eme_pkcs.cpp.

21 {
22 key_length /= 8;
23
24 if(inlen > maximum_input_size(key_length * 8))
25 {
26 throw Invalid_Argument("PKCS1: Input is too large");
27 }
28
29 secure_vector<uint8_t> out(key_length);
30
31 out[0] = 0x02;
32 rng.randomize(out.data() + 1, (key_length - inlen - 2));
33
34 for(size_t j = 1; j != key_length - inlen - 1; ++j)
35 {
36 if(out[j] == 0)
37 {
38 out[j] = rng.next_nonzero_byte();
39 }
40 }
41
42 buffer_insert(out, key_length - inlen, in, inlen);
43
44 return out;
45 }
size_t maximum_input_size(size_t) const override
Definition: eme_pkcs.cpp:101
size_t buffer_insert(std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
Definition: mem_ops.h:228

References Botan::buffer_insert(), maximum_input_size(), Botan::RandomNumberGenerator::next_nonzero_byte(), and Botan::RandomNumberGenerator::randomize().

◆ unpad()

secure_vector< uint8_t > Botan::EME_PKCS1v15::unpad ( uint8_t &  valid_mask,
const uint8_t  in[],
size_t  in_len 
) const
overridevirtual

Decode an input

Parameters
valid_maskwritten to specifies if output is valid
inthe encoded plaintext
in_lenlength of encoded plaintext in bytes
Returns
bytes of out[] written to along with validity mask (0xFF if valid, else 0x00)

Implements Botan::EME.

Definition at line 50 of file eme_pkcs.cpp.

52 {
53 /*
54 * RSA decryption pads the ciphertext up to the modulus size, so this only
55 * occurs with very (!) small keys, or when fuzzing.
56 *
57 * 11 bytes == 00,02 + 8 bytes mandatory padding + 00
58 */
59 if(inlen < 11)
60 {
61 valid_mask = false;
62 return secure_vector<uint8_t>();
63 }
64
65 CT::poison(in, inlen);
66
67 CT::Mask<uint8_t> bad_input_m = CT::Mask<uint8_t>::cleared();
68 CT::Mask<uint8_t> seen_zero_m = CT::Mask<uint8_t>::cleared();
69 size_t delim_idx = 2; // initial 0002
70
71 bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[0], 0);
72 bad_input_m |= ~CT::Mask<uint8_t>::is_equal(in[1], 2);
73
74 for(size_t i = 2; i < inlen; ++i)
75 {
76 const auto is_zero_m = CT::Mask<uint8_t>::is_zero(in[i]);
77 delim_idx += seen_zero_m.if_not_set_return(1);
78 seen_zero_m |= is_zero_m;
79 }
80
81 // no zero delim -> bad padding
82 bad_input_m |= ~seen_zero_m;
83 /*
84 delim indicates < 8 bytes padding -> bad padding
85
86 We require 11 here because we are counting also the 00 delim byte
87 */
88 bad_input_m |= CT::Mask<uint8_t>(CT::Mask<size_t>::is_lt(delim_idx, 11));
89
90 valid_mask = (~bad_input_m).unpoisoned_value();
91 const secure_vector<uint8_t> output = CT::copy_output(bad_input_m, in, inlen, delim_idx);
92
93 CT::unpoison(in, inlen);
94
95 return output;
96 }
static Mask< T > is_zero(T x)
Definition: ct_utils.h:141
static Mask< T > is_lt(T x, T y)
Definition: ct_utils.h:157
static Mask< T > cleared()
Definition: ct_utils.h:115
void poison(const T *p, size_t n)
Definition: ct_utils.h:48
secure_vector< uint8_t > copy_output(CT::Mask< uint8_t > bad_input, const uint8_t input[], size_t input_length, size_t offset)
Definition: ct_utils.cpp:13
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:59

References Botan::CT::Mask< T >::cleared(), Botan::CT::copy_output(), Botan::CT::Mask< T >::if_not_set_return(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), and Botan::CT::unpoison().


The documentation for this class was generated from the following files: