Botan 3.5.0
Crypto and TLS for C&
Botan::ESP_Padding Class Referencefinal

#include <mode_pad.h>

Inheritance diagram for Botan::ESP_Padding:
Botan::BlockCipherModePaddingMethod

Public Member Functions

void add_padding (secure_vector< uint8_t > &buffer, size_t final_block_bytes, size_t block_size) const override
 
std::string name () const override
 
size_t unpad (const uint8_t[], size_t) const override
 
bool valid_blocksize (size_t bs) const override
 

Static Public Member Functions

static std::unique_ptr< BlockCipherModePaddingMethodcreate (std::string_view algo_spec)
 

Detailed Description

ESP Padding (RFC 4303)

Definition at line 112 of file mode_pad.h.

Member Function Documentation

◆ add_padding()

void Botan::ESP_Padding::add_padding ( secure_vector< uint8_t > & buffer,
size_t final_block_bytes,
size_t block_size ) const
overridevirtual

Add padding bytes to buffer.

Parameters
bufferdata to pad
final_block_bytessize of the final block in bytes
block_sizesize of each block in bytes

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 251 of file mode_pad.cpp.

251 {
252 /*
253 Padding format is
254 01
255 0102
256 010203
257 ...
258 */
259 BOTAN_DEBUG_ASSERT(last_byte_pos < BS);
260
261 const uint8_t padding_len = static_cast<uint8_t>(BS - last_byte_pos);
262
263 buffer.resize(buffer.size() + padding_len);
264
265 CT::poison(&last_byte_pos, 1);
266 CT::poison(buffer.data(), buffer.size());
267
268 BOTAN_DEBUG_ASSERT(buffer.size() % BS == 0);
269 BOTAN_DEBUG_ASSERT(buffer.size() >= BS);
270
271 const size_t start_of_last_block = buffer.size() - BS;
272 const size_t end_of_last_block = buffer.size();
273 const size_t start_of_padding = buffer.size() - padding_len;
274
275 uint8_t pad_ctr = 0x01;
276
277 for(size_t i = start_of_last_block; i != end_of_last_block; ++i) {
278 auto needs_padding = CT::Mask<uint8_t>(CT::Mask<size_t>::is_gte(i, start_of_padding));
279 buffer[i] = needs_padding.select(pad_ctr, buffer[i]);
280 pad_ctr = needs_padding.select(pad_ctr + 1, pad_ctr);
281 }
282
283 CT::unpoison(buffer.data(), buffer.size());
284 CT::unpoison(last_byte_pos);
285}
#define BOTAN_DEBUG_ASSERT(expr)
Definition assert.h:98
static constexpr Mask< T > is_gte(T x, T y)
Definition ct_utils.h:276
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:57
constexpr void poison(const T *p, size_t n)
Definition ct_utils.h:46

References BOTAN_DEBUG_ASSERT, Botan::CT::poison(), and Botan::CT::unpoison().

◆ create()

std::unique_ptr< BlockCipherModePaddingMethod > Botan::BlockCipherModePaddingMethod::create ( std::string_view algo_spec)
staticinherited

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters
algo_specblock cipher padding mode name

Get a block cipher padding method by name

Definition at line 19 of file mode_pad.cpp.

19 {
20 if(algo_spec == "NoPadding") {
21 return std::make_unique<Null_Padding>();
22 }
23
24 if(algo_spec == "PKCS7") {
25 return std::make_unique<PKCS7_Padding>();
26 }
27
28 if(algo_spec == "OneAndZeros") {
29 return std::make_unique<OneAndZeros_Padding>();
30 }
31
32 if(algo_spec == "X9.23") {
33 return std::make_unique<ANSI_X923_Padding>();
34 }
35
36 if(algo_spec == "ESP") {
37 return std::make_unique<ESP_Padding>();
38 }
39
40 return nullptr;
41}

Referenced by Botan::Cipher_Mode::create().

◆ name()

std::string Botan::ESP_Padding::name ( ) const
inlineoverridevirtual
Returns
name of the mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 120 of file mode_pad.h.

120{ return "ESP"; }

◆ unpad()

size_t Botan::ESP_Padding::unpad ( const uint8_t block[],
size_t len ) const
overridevirtual

Remove padding bytes from block

Parameters
blockthe last block
lenthe size of the block in bytes
Returns
number of data bytes, or if the padding is invalid returns len

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 290 of file mode_pad.cpp.

290 {
291 if(!valid_blocksize(input_length)) {
292 return input_length;
293 }
294
295 CT::poison(input, input_length);
296
297 const uint8_t input_length_8 = static_cast<uint8_t>(input_length);
298 const uint8_t last_byte = input[input_length - 1];
299
300 auto bad_input = CT::Mask<uint8_t>::is_zero(last_byte) | CT::Mask<uint8_t>::is_gt(last_byte, input_length_8);
301
302 const uint8_t pad_pos = input_length_8 - last_byte;
303 size_t i = input_length_8 - 1;
304 while(i) {
305 const auto in_range = CT::Mask<size_t>::is_gt(i, pad_pos);
306 const auto incrementing = CT::Mask<uint8_t>::is_equal(input[i - 1], input[i] - 1);
307
308 bad_input |= CT::Mask<uint8_t>(in_range) & ~incrementing;
309 --i;
310 }
311
312 CT::unpoison(input, input_length);
313 return bad_input.select_and_unpoison(input_length_8, pad_pos);
314}
static constexpr Mask< T > is_equal(T x, T y)
Definition ct_utils.h:250
static constexpr Mask< T > is_gt(T x, T y)
Definition ct_utils.h:266
static constexpr Mask< T > is_zero(T x)
Definition ct_utils.h:245
bool valid_blocksize(size_t bs) const override
Definition mode_pad.h:118

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_gt(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), Botan::CT::unpoison(), and valid_blocksize().

◆ valid_blocksize()

bool Botan::ESP_Padding::valid_blocksize ( size_t block_size) const
inlineoverridevirtual
Parameters
block_sizeof the cipher
Returns
valid block size for this padding mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 118 of file mode_pad.h.

118{ return (bs > 2 && bs < 256); }

Referenced by unpad().


The documentation for this class was generated from the following files: