Botan 2.19.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::ESP_Padding Class Referencefinal

#include <mode_pad.h>

Inheritance diagram for Botan::ESP_Padding:
Botan::BlockCipherModePaddingMethod

Public Member Functions

void add_padding (secure_vector< uint8_t > &buffer, size_t final_block_bytes, size_t block_size) const override
 
std::string name () const override
 
size_t unpad (const uint8_t[], size_t) const override
 
bool valid_blocksize (size_t bs) const override
 

Detailed Description

ESP Padding (RFC 4304)

Definition at line 120 of file mode_pad.h.

Member Function Documentation

◆ add_padding()

void Botan::ESP_Padding::add_padding ( secure_vector< uint8_t > &  buffer,
size_t  final_block_bytes,
size_t  block_size 
) const
overridevirtual

Add padding bytes to buffer.

Parameters
bufferdata to pad
final_block_bytessize of the final block in bytes
block_sizesize of each block in bytes

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 261 of file mode_pad.cpp.

264 {
265 /*
266 Padding format is
267 01
268 0102
269 010203
270 ...
271 */
272 BOTAN_DEBUG_ASSERT(last_byte_pos < BS);
273
274 const uint8_t padding_len = static_cast<uint8_t>(BS - last_byte_pos);
275
276 buffer.resize(buffer.size() + padding_len);
277
278 CT::poison(&last_byte_pos, 1);
279 CT::poison(buffer.data(), buffer.size());
280
281 BOTAN_DEBUG_ASSERT(buffer.size() % BS == 0);
282 BOTAN_DEBUG_ASSERT(buffer.size() >= BS);
283
284 const size_t start_of_last_block = buffer.size() - BS;
285 const size_t end_of_last_block = buffer.size();
286 const size_t start_of_padding = buffer.size() - padding_len;
287
288 uint8_t pad_ctr = 0x01;
289
290 for(size_t i = start_of_last_block; i != end_of_last_block; ++i)
291 {
292 auto needs_padding = CT::Mask<uint8_t>(CT::Mask<size_t>::is_gte(i, start_of_padding));
293 buffer[i] = needs_padding.select(pad_ctr, buffer[i]);
294 pad_ctr = needs_padding.select(pad_ctr + 1, pad_ctr);
295 }
296
297 CT::unpoison(buffer.data(), buffer.size());
298 CT::unpoison(last_byte_pos);
299 }
#define BOTAN_DEBUG_ASSERT(expr)
Definition: assert.h:123
static Mask< T > is_gte(T x, T y)
Definition: ct_utils.h:181
void poison(const T *p, size_t n)
Definition: ct_utils.h:48
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:59

References BOTAN_DEBUG_ASSERT, Botan::CT::poison(), and Botan::CT::unpoison().

◆ name()

std::string Botan::ESP_Padding::name ( ) const
inlineoverridevirtual
Returns
name of the mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 131 of file mode_pad.h.

131{ return "ESP"; }

◆ unpad()

size_t Botan::ESP_Padding::unpad ( const uint8_t  block[],
size_t  len 
) const
overridevirtual

Remove padding bytes from block

Parameters
blockthe last block
lenthe size of the block in bytes
Returns
number of data bytes, or if the padding is invalid returns len

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 304 of file mode_pad.cpp.

305 {
306 if(!valid_blocksize(input_length))
307 return input_length;
308
309 CT::poison(input, input_length);
310
311 const uint8_t input_length_8 = static_cast<uint8_t>(input_length);
312 const uint8_t last_byte = input[input_length-1];
313
314 auto bad_input = CT::Mask<uint8_t>::is_zero(last_byte) |
315 CT::Mask<uint8_t>::is_gt(last_byte, input_length_8);
316
317 const uint8_t pad_pos = input_length_8 - last_byte;
318 size_t i = input_length_8 - 1;
319 while(i)
320 {
321 const auto in_range = CT::Mask<size_t>::is_gt(i, pad_pos);
322 const auto incrementing = CT::Mask<uint8_t>::is_equal(input[i-1], input[i]-1);
323
324 bad_input |= CT::Mask<uint8_t>(in_range) & ~incrementing;
325 --i;
326 }
327
328 CT::unpoison(input, input_length);
329 return bad_input.select_and_unpoison(input_length_8, pad_pos);
330 }
static Mask< T > is_gt(T x, T y)
Definition: ct_utils.h:165
static Mask< T > is_equal(T x, T y)
Definition: ct_utils.h:149
static Mask< T > is_zero(T x)
Definition: ct_utils.h:141
bool valid_blocksize(size_t bs) const override
Definition: mode_pad.h:129

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_gt(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), Botan::CT::unpoison(), and valid_blocksize().

◆ valid_blocksize()

bool Botan::ESP_Padding::valid_blocksize ( size_t  block_size) const
inlineoverridevirtual
Parameters
block_sizeof the cipher
Returns
valid block size for this padding mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 129 of file mode_pad.h.

129{ return (bs > 2 && bs < 256); }

Referenced by unpad().


The documentation for this class was generated from the following files: