Botan  2.18.1
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::OneAndZeros_Padding Class Referencefinal

#include <mode_pad.h>

Inheritance diagram for Botan::OneAndZeros_Padding:
Botan::BlockCipherModePaddingMethod

Public Member Functions

void add_padding (secure_vector< uint8_t > &buffer, size_t final_block_bytes, size_t block_size) const override
 
std::string name () const override
 
size_t unpad (const uint8_t[], size_t) const override
 
bool valid_blocksize (size_t bs) const override
 

Detailed Description

One And Zeros Padding (ISO/IEC 9797-1, padding method 2)

Definition at line 103 of file mode_pad.h.

Member Function Documentation

◆ add_padding()

void Botan::OneAndZeros_Padding::add_padding ( secure_vector< uint8_t > &  buffer,
size_t  final_block_bytes,
size_t  block_size 
) const
overridevirtual

Add padding bytes to buffer.

Parameters
bufferdata to pad
final_block_bytessize of the final block in bytes
block_sizesize of each block in bytes

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 186 of file mode_pad.cpp.

References BOTAN_DEBUG_ASSERT, Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_gt(), Botan::CT::poison(), Botan::CT::Mask< T >::select(), and Botan::CT::unpoison().

189  {
190  /*
191  Padding format is
192  80
193  8000
194  800000
195  ...
196  */
197 
198  BOTAN_DEBUG_ASSERT(last_byte_pos < BS);
199 
200  const uint8_t padding_len = static_cast<uint8_t>(BS - last_byte_pos);
201 
202  buffer.resize(buffer.size() + padding_len);
203 
204  CT::poison(&last_byte_pos, 1);
205  CT::poison(buffer.data(), buffer.size());
206 
207  BOTAN_DEBUG_ASSERT(buffer.size() % BS == 0);
208  BOTAN_DEBUG_ASSERT(buffer.size() >= BS);
209 
210  const size_t start_of_last_block = buffer.size() - BS;
211  const size_t end_of_last_block = buffer.size();
212  const size_t start_of_padding = buffer.size() - padding_len;
213 
214  for(size_t i = start_of_last_block; i != end_of_last_block; ++i)
215  {
216  auto needs_80 = CT::Mask<uint8_t>(CT::Mask<size_t>::is_equal(i, start_of_padding));
217  auto needs_00 = CT::Mask<uint8_t>(CT::Mask<size_t>::is_gt(i, start_of_padding));
218  buffer[i] = needs_00.select(0x00, needs_80.select(0x80, buffer[i]));
219  }
220 
221  CT::unpoison(buffer.data(), buffer.size());
222  CT::unpoison(last_byte_pos);
223  }
void poison(const T *p, size_t n)
Definition: ct_utils.h:48
#define BOTAN_DEBUG_ASSERT(expr)
Definition: assert.h:123
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:59
static Mask< T > is_equal(T x, T y)
Definition: ct_utils.h:149
static Mask< T > is_gt(T x, T y)
Definition: ct_utils.h:165

◆ name()

std::string Botan::OneAndZeros_Padding::name ( ) const
inlineoverridevirtual
Returns
name of the mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 114 of file mode_pad.h.

114 { return "OneAndZeros"; }

◆ unpad()

size_t Botan::OneAndZeros_Padding::unpad ( const uint8_t  block[],
size_t  len 
) const
overridevirtual

Remove padding bytes from block

Parameters
blockthe last block
lenthe size of the block in bytes
Returns
number of data bytes, or if the padding is invalid returns len

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 228 of file mode_pad.cpp.

References Botan::CT::Mask< T >::cleared(), Botan::CT::Mask< T >::expand(), Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_zero(), Botan::CT::poison(), Botan::CT::unpoison(), and valid_blocksize().

229  {
230  if(!valid_blocksize(input_length))
231  return input_length;
232 
233  CT::poison(input, input_length);
234 
235  auto bad_input = CT::Mask<uint8_t>::cleared();
236  auto seen_0x80 = CT::Mask<uint8_t>::cleared();
237 
238  size_t pad_pos = input_length - 1;
239  size_t i = input_length;
240 
241  while(i)
242  {
243  const auto is_0x80 = CT::Mask<uint8_t>::is_equal(input[i-1], 0x80);
244  const auto is_zero = CT::Mask<uint8_t>::is_zero(input[i-1]);
245 
246  seen_0x80 |= is_0x80;
247  pad_pos -= seen_0x80.if_not_set_return(1);
248  bad_input |= ~seen_0x80 & ~is_zero;
249  i--;
250  }
251  bad_input |= ~seen_0x80;
252 
253  CT::unpoison(input, input_length);
254 
255  return CT::Mask<size_t>::expand(bad_input).select_and_unpoison(input_length, pad_pos);
256  }
static Mask< T > cleared()
Definition: ct_utils.h:115
void poison(const T *p, size_t n)
Definition: ct_utils.h:48
static Mask< T > expand(T v)
Definition: ct_utils.h:123
bool valid_blocksize(size_t bs) const override
Definition: mode_pad.h:112
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:59
static Mask< T > is_zero(T x)
Definition: ct_utils.h:141
static Mask< T > is_equal(T x, T y)
Definition: ct_utils.h:149

◆ valid_blocksize()

bool Botan::OneAndZeros_Padding::valid_blocksize ( size_t  block_size) const
inlineoverridevirtual
Parameters
block_sizeof the cipher
Returns
valid block size for this padding mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 112 of file mode_pad.h.

Referenced by unpad().

112 { return (bs > 2); }

The documentation for this class was generated from the following files: