Botan  2.16.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::ESP_Padding Class Referencefinal

#include <mode_pad.h>

Inheritance diagram for Botan::ESP_Padding:
Botan::BlockCipherModePaddingMethod

Public Member Functions

void add_padding (secure_vector< uint8_t > &buffer, size_t final_block_bytes, size_t block_size) const override
 
std::string name () const override
 
size_t unpad (const uint8_t[], size_t) const override
 
bool valid_blocksize (size_t bs) const override
 

Detailed Description

ESP Padding (RFC 4304)

Definition at line 120 of file mode_pad.h.

Member Function Documentation

◆ add_padding()

void Botan::ESP_Padding::add_padding ( secure_vector< uint8_t > &  buffer,
size_t  final_block_bytes,
size_t  block_size 
) const
overridevirtual

Add padding bytes to buffer.

Parameters
bufferdata to pad
final_block_bytessize of the final block in bytes
block_sizesize of each block in bytes

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 261 of file mode_pad.cpp.

References BOTAN_DEBUG_ASSERT, Botan::CT::Mask< T >::is_gte(), Botan::CT::poison(), Botan::CT::Mask< T >::select(), and Botan::CT::unpoison().

264  {
265  /*
266  Padding format is
267  01
268  0102
269  010203
270  ...
271  */
272  BOTAN_DEBUG_ASSERT(last_byte_pos < BS);
273 
274  const uint8_t padding_len = static_cast<uint8_t>(BS - last_byte_pos);
275 
276  buffer.resize(buffer.size() + padding_len);
277 
278  CT::poison(&last_byte_pos, 1);
279  CT::poison(buffer.data(), buffer.size());
280 
281  BOTAN_DEBUG_ASSERT(buffer.size() % BS == 0);
282  BOTAN_DEBUG_ASSERT(buffer.size() >= BS);
283 
284  const size_t start_of_last_block = buffer.size() - BS;
285  const size_t end_of_last_block = buffer.size();
286  const size_t start_of_padding = buffer.size() - padding_len;
287 
288  uint8_t pad_ctr = 0x01;
289 
290  for(size_t i = start_of_last_block; i != end_of_last_block; ++i)
291  {
292  auto needs_padding = CT::Mask<uint8_t>(CT::Mask<size_t>::is_gte(i, start_of_padding));
293  buffer[i] = needs_padding.select(pad_ctr, buffer[i]);
294  pad_ctr = needs_padding.select(pad_ctr + 1, pad_ctr);
295  }
296 
297  CT::unpoison(buffer.data(), buffer.size());
298  CT::unpoison(last_byte_pos);
299  }
Botan::CT::Mask::is_gte
static Mask< T > is_gte(T x, T y)
Definition: ct_utils.h:181
Botan::CT::poison
void poison(const T *p, size_t n)
Definition: ct_utils.h:48
BOTAN_DEBUG_ASSERT
#define BOTAN_DEBUG_ASSERT(expr)
Definition: assert.h:123
Botan::CT::unpoison
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:59

◆ name()

std::string Botan::ESP_Padding::name ( ) const
inlineoverridevirtual
Returns
name of the mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 131 of file mode_pad.h.

131 { return "ESP"; }

◆ unpad()

size_t Botan::ESP_Padding::unpad ( const uint8_t  block[],
size_t  len 
) const
overridevirtual

Remove padding bytes from block

Parameters
blockthe last block
lenthe size of the block in bytes
Returns
number of data bytes, or if the padding is invalid returns len

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 304 of file mode_pad.cpp.

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_gt(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), Botan::CT::unpoison(), and valid_blocksize().

305  {
306  if(!valid_blocksize(input_length))
307  return input_length;
308 
309  CT::poison(input, input_length);
310 
311  const uint8_t input_length_8 = static_cast<uint8_t>(input_length);
312  const uint8_t last_byte = input[input_length-1];
313 
314  auto bad_input = CT::Mask<uint8_t>::is_zero(last_byte) |
315  CT::Mask<uint8_t>::is_gt(last_byte, input_length_8);
316 
317  const uint8_t pad_pos = input_length_8 - last_byte;
318  size_t i = input_length_8 - 1;
319  while(i)
320  {
321  const auto in_range = CT::Mask<size_t>::is_gt(i, pad_pos);
322  const auto incrementing = CT::Mask<uint8_t>::is_equal(input[i-1], input[i]-1);
323 
324  bad_input |= CT::Mask<uint8_t>(in_range) & ~incrementing;
325  --i;
326  }
327 
328  CT::unpoison(input, input_length);
329  return bad_input.select_and_unpoison(input_length_8, pad_pos);
330  }
Botan::ESP_Padding::valid_blocksize
bool valid_blocksize(size_t bs) const override
Definition: mode_pad.h:129
Botan::CT::poison
void poison(const T *p, size_t n)
Definition: ct_utils.h:48
Botan::CT::unpoison
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:59
Botan::CT::Mask::is_zero
static Mask< T > is_zero(T x)
Definition: ct_utils.h:141
Botan::CT::Mask::is_equal
static Mask< T > is_equal(T x, T y)
Definition: ct_utils.h:149
Botan::CT::Mask::is_gt
static Mask< T > is_gt(T x, T y)
Definition: ct_utils.h:165

◆ valid_blocksize()

bool Botan::ESP_Padding::valid_blocksize ( size_t  block_size) const
inlineoverridevirtual
Parameters
block_sizeof the cipher
Returns
valid block size for this padding mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 129 of file mode_pad.h.

Referenced by unpad().

129 { return (bs > 2 && bs < 256); }
The documentation for this class was generated from the following files:
Generated by   doxygen 1.8.14