Botan 3.10.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::ESP_Padding Class Referencefinal

#include <mode_pad.h>

Inheritance diagram for Botan::ESP_Padding:
Botan::BlockCipherModePaddingMethod

Public Member Functions

virtual void add_padding (std::span< uint8_t > buffer, size_t final_block_bytes, size_t block_size) const
void apply_padding (std::span< uint8_t > last_block, size_t final_block_bytes) const override
std::string name () const override
virtual size_t output_length (size_t input_length, size_t block_size) const
size_t remove_padding (std::span< const uint8_t > last_block) const override
size_t unpad (std::span< const uint8_t > last_block) const
bool valid_blocksize (size_t bs) const override

Static Public Member Functions

static std::unique_ptr< BlockCipherModePaddingMethodcreate (std::string_view algo_spec)

Detailed Description

ESP Padding (RFC 4303)

Definition at line 148 of file mode_pad.h.

Member Function Documentation

◆ add_padding()

void Botan::BlockCipherModePaddingMethod::add_padding ( std::span< uint8_t > buffer,
size_t final_block_bytes,
size_t block_size ) const
virtualinherited

Add padding bytes to buffer.

Parameters
bufferdata to pad, span must be large enough to hold the padding behind the final (partial) block
final_block_bytessize of the final block in bytes
block_sizesize of each block in bytes

Reimplemented in Botan::Null_Padding.

Definition at line 43 of file mode_pad.cpp.

43 {
44 BOTAN_ASSERT_NOMSG(valid_blocksize(BS));
45 BOTAN_ASSERT_NOMSG(last_byte_pos < BS);
46 BOTAN_ASSERT_NOMSG(buffer.size() % BS == 0);
47 BOTAN_ASSERT_NOMSG(buffer.size() >= BS);
48
49 auto poison = CT::scoped_poison(last_byte_pos, buffer);
50 apply_padding(buffer.last(BS), last_byte_pos);
51}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::BlockCipherModePaddingMethod::valid_blocksize
virtual bool valid_blocksize(size_t block_size) const =0
Botan::BlockCipherModePaddingMethod::apply_padding
virtual void apply_padding(std::span< uint8_t > last_block, size_t padding_start_pos) const =0
Botan::CT::scoped_poison
constexpr auto scoped_poison(const Ts &... xs)
Definition ct_utils.h:220
Botan::CT::poison
constexpr void poison(const T *p, size_t n)
Definition ct_utils.h:54

References apply_padding(), BOTAN_ASSERT_NOMSG, Botan::CT::scoped_poison(), and valid_blocksize().

◆ apply_padding()

void Botan::ESP_Padding::apply_padding ( std::span< uint8_t > last_block,
size_t padding_start_pos ) const
overridevirtual

Applies the concrete padding to the last_block assuming the padding bytes should start at padding_start_pos within the last block.

Concrete implementations of this function must ensure not to leak padding_start_pos via side channels. Both the bytes of last_block and padding_start_pos are passed in with CT::poison applied.

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 196 of file mode_pad.cpp.

196 {
197 /*
198 Padding format is
199 01
200 0102
201 010203
202 ...
203 */
204 const uint8_t BS = static_cast<uint8_t>(last_block.size());
205 const uint8_t start_pos = static_cast<uint8_t>(padding_start_pos);
206
207 uint8_t pad_ctr = 0x01;
208 for(uint8_t i = 0; i != BS; ++i) {
209 auto needs_padding = CT::Mask<uint8_t>::is_gte(i, start_pos);
210 last_block[i] = needs_padding.select(pad_ctr, last_block[i]);
211 pad_ctr = needs_padding.select(pad_ctr + 1, pad_ctr);
212 }
213}
Botan::CT::Mask::is_gte
static constexpr Mask< T > is_gte(T x, T y)
Definition ct_utils.h:496

References Botan::CT::Mask< T >::is_gte().

◆ create()

std::unique_ptr< BlockCipherModePaddingMethod > Botan::BlockCipherModePaddingMethod::create ( std::string_view algo_spec)
staticinherited

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters
algo_specblock cipher padding mode name

Get a block cipher padding method by name

Definition at line 19 of file mode_pad.cpp.

19 {
20 if(algo_spec == "NoPadding") {
21 return std::make_unique<Null_Padding>();
22 }
23
24 if(algo_spec == "PKCS7") {
25 return std::make_unique<PKCS7_Padding>();
26 }
27
28 if(algo_spec == "OneAndZeros") {
29 return std::make_unique<OneAndZeros_Padding>();
30 }
31
32 if(algo_spec == "X9.23") {
33 return std::make_unique<ANSI_X923_Padding>();
34 }
35
36 if(algo_spec == "ESP") {
37 return std::make_unique<ESP_Padding>();
38 }
39
40 return nullptr;
41}

Referenced by Botan::Cipher_Mode::create().

◆ name()

std::string Botan::ESP_Padding::name ( ) const
inlineoverridevirtual
Returns
name of the mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 156 of file mode_pad.h.

156{ return "ESP"; }

◆ output_length()

virtual size_t Botan::BlockCipherModePaddingMethod::output_length ( size_t input_length,
size_t block_size ) const
inlinevirtualinherited
Parameters
input_lengthnumber of bytes to be padded
block_sizesize of each block in bytes
Returns
the total number of output bytes (including the padding)

Reimplemented in Botan::Null_Padding.

Definition at line 66 of file mode_pad.h.

66 {
67 return ((input_length + block_size) / block_size) * block_size;
68 }

Referenced by Botan::CBC_Encryption::output_length().

◆ remove_padding()

size_t Botan::ESP_Padding::remove_padding ( std::span< const uint8_t > last_block) const
overridevirtual

Removes the padding from last_block and returns the number of data bytes. If the padding is invalid, this returns the byte length of last_block.

Concrete implementations of this function must ensure not to leak the size or validity of the padding via side channels. The bytes of last_block are passed in with CT::poison applied to them.

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 218 of file mode_pad.cpp.

218 {
219 const size_t BS = input.size();
220 const uint8_t last_byte = input.back();
221
222 auto bad_input = CT::Mask<size_t>::is_zero(last_byte) | CT::Mask<size_t>::is_gt(last_byte, BS);
223
224 const size_t pad_pos = BS - last_byte;
225 for(size_t i = BS - 1; i != 0; --i) {
226 const auto in_range = CT::Mask<size_t>::is_gt(i, pad_pos);
227 const auto incrementing = CT::Mask<size_t>::is_equal(input[i - 1], input[i] - 1);
228
229 bad_input |= CT::Mask<size_t>(in_range) & ~incrementing;
230 }
231
232 return bad_input.select(BS, pad_pos);
233}
Botan::CT::Mask::is_equal
static constexpr Mask< T > is_equal(T x, T y)
Definition ct_utils.h:470
Botan::CT::Mask::is_gt
static constexpr Mask< T > is_gt(T x, T y)
Definition ct_utils.h:486
Botan::CT::Mask::is_zero
static constexpr Mask< T > is_zero(T x)
Definition ct_utils.h:465

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_gt(), and Botan::CT::Mask< T >::is_zero().

◆ unpad()

size_t Botan::BlockCipherModePaddingMethod::unpad ( std::span< const uint8_t > last_block) const
inherited

Remove padding bytes from block

Parameters
last_blockthe last block containing the padding
Returns
number of data bytes, or if the padding is invalid returns the byte length of last_block (i.e. the block size)

Definition at line 53 of file mode_pad.cpp.

53 {
54 if(!valid_blocksize(last_block.size())) {
55 return last_block.size();
56 }
57
58 auto poison = CT::scoped_poison(last_block);
59 return CT::driveby_unpoison(remove_padding(last_block));
60}
Botan::BlockCipherModePaddingMethod::remove_padding
virtual size_t remove_padding(std::span< const uint8_t > last_block) const =0
Botan::CT::driveby_unpoison
decltype(auto) driveby_unpoison(T &&v)
Definition ct_utils.h:241

References Botan::CT::driveby_unpoison(), remove_padding(), Botan::CT::scoped_poison(), and valid_blocksize().

◆ valid_blocksize()

bool Botan::ESP_Padding::valid_blocksize ( size_t block_size) const
inlineoverridevirtual
Parameters
block_sizeof the cipher
Returns
valid block size for this padding mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 154 of file mode_pad.h.

154{ return (bs > 2 && bs < 256); }
The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0