Botan 3.0.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::ESP_Padding Class Referencefinal

#include <mode_pad.h>

Inheritance diagram for Botan::ESP_Padding:
Botan::BlockCipherModePaddingMethod

Public Member Functions

void add_padding (secure_vector< uint8_t > &buffer, size_t final_block_bytes, size_t block_size) const override
 
std::string name () const override
 
size_t unpad (const uint8_t[], size_t) const override
 
bool valid_blocksize (size_t bs) const override
 

Static Public Member Functions

static std::unique_ptr< BlockCipherModePaddingMethodcreate (std::string_view algo_spec)
 

Detailed Description

ESP Padding (RFC 4304)

Definition at line 124 of file mode_pad.h.

Member Function Documentation

◆ add_padding()

void Botan::ESP_Padding::add_padding ( secure_vector< uint8_t > &  buffer,
size_t  final_block_bytes,
size_t  block_size 
) const
overridevirtual

Add padding bytes to buffer.

Parameters
bufferdata to pad
final_block_bytessize of the final block in bytes
block_sizesize of each block in bytes

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 262 of file mode_pad.cpp.

265 {
266 /*
267 Padding format is
268 01
269 0102
270 010203
271 ...
272 */
273 BOTAN_DEBUG_ASSERT(last_byte_pos < BS);
274
275 const uint8_t padding_len = static_cast<uint8_t>(BS - last_byte_pos);
276
277 buffer.resize(buffer.size() + padding_len);
278
279 CT::poison(&last_byte_pos, 1);
280 CT::poison(buffer.data(), buffer.size());
281
282 BOTAN_DEBUG_ASSERT(buffer.size() % BS == 0);
283 BOTAN_DEBUG_ASSERT(buffer.size() >= BS);
284
285 const size_t start_of_last_block = buffer.size() - BS;
286 const size_t end_of_last_block = buffer.size();
287 const size_t start_of_padding = buffer.size() - padding_len;
288
289 uint8_t pad_ctr = 0x01;
290
291 for(size_t i = start_of_last_block; i != end_of_last_block; ++i)
292 {
293 auto needs_padding = CT::Mask<uint8_t>(CT::Mask<size_t>::is_gte(i, start_of_padding));
294 buffer[i] = needs_padding.select(pad_ctr, buffer[i]);
295 pad_ctr = needs_padding.select(pad_ctr + 1, pad_ctr);
296 }
297
298 CT::unpoison(buffer.data(), buffer.size());
299 CT::unpoison(last_byte_pos);
300 }
#define BOTAN_DEBUG_ASSERT(expr)
Definition: assert.h:122
static Mask< T > is_gte(T x, T y)
Definition: ct_utils.h:179
void poison(const T *p, size_t n)
Definition: ct_utils.h:48
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:58

References BOTAN_DEBUG_ASSERT, Botan::CT::poison(), and Botan::CT::unpoison().

◆ create()

std::unique_ptr< BlockCipherModePaddingMethod > Botan::BlockCipherModePaddingMethod::create ( std::string_view  algo_spec)
staticinherited

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters
algo_specblock cipher padding mode name

Get a block cipher padding method by name

Definition at line 19 of file mode_pad.cpp.

20 {
21 if(algo_spec == "NoPadding")
22 return std::make_unique<Null_Padding>();
23
24 if(algo_spec == "PKCS7")
25 return std::make_unique<PKCS7_Padding>();
26
27 if(algo_spec == "OneAndZeros")
28 return std::make_unique<OneAndZeros_Padding>();
29
30 if(algo_spec == "X9.23")
31 return std::make_unique<ANSI_X923_Padding>();
32
33 if(algo_spec == "ESP")
34 return std::make_unique<ESP_Padding>();
35
36 return nullptr;
37 }

Referenced by Botan::Cipher_Mode::create().

◆ name()

std::string Botan::ESP_Padding::name ( ) const
inlineoverridevirtual
Returns
name of the mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 135 of file mode_pad.h.

135{ return "ESP"; }

◆ unpad()

size_t Botan::ESP_Padding::unpad ( const uint8_t  block[],
size_t  len 
) const
overridevirtual

Remove padding bytes from block

Parameters
blockthe last block
lenthe size of the block in bytes
Returns
number of data bytes, or if the padding is invalid returns len

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 305 of file mode_pad.cpp.

306 {
307 if(!valid_blocksize(input_length))
308 return input_length;
309
310 CT::poison(input, input_length);
311
312 const uint8_t input_length_8 = static_cast<uint8_t>(input_length);
313 const uint8_t last_byte = input[input_length-1];
314
315 auto bad_input = CT::Mask<uint8_t>::is_zero(last_byte) |
316 CT::Mask<uint8_t>::is_gt(last_byte, input_length_8);
317
318 const uint8_t pad_pos = input_length_8 - last_byte;
319 size_t i = input_length_8 - 1;
320 while(i)
321 {
322 const auto in_range = CT::Mask<size_t>::is_gt(i, pad_pos);
323 const auto incrementing = CT::Mask<uint8_t>::is_equal(input[i-1], input[i]-1);
324
325 bad_input |= CT::Mask<uint8_t>(in_range) & ~incrementing;
326 --i;
327 }
328
329 CT::unpoison(input, input_length);
330 return bad_input.select_and_unpoison(input_length_8, pad_pos);
331 }
static Mask< T > is_gt(T x, T y)
Definition: ct_utils.h:163
static Mask< T > is_equal(T x, T y)
Definition: ct_utils.h:147
static Mask< T > is_zero(T x)
Definition: ct_utils.h:139
bool valid_blocksize(size_t bs) const override
Definition: mode_pad.h:133

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_gt(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), Botan::CT::unpoison(), and valid_blocksize().

◆ valid_blocksize()

bool Botan::ESP_Padding::valid_blocksize ( size_t  block_size) const
inlineoverridevirtual
Parameters
block_sizeof the cipher
Returns
valid block size for this padding mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 133 of file mode_pad.h.

133{ return (bs > 2 && bs < 256); }

Referenced by unpad().


The documentation for this class was generated from the following files: