#include <mode_pad.h>

Inheritance diagram for Botan::OneAndZeros_Padding:

Public Member Functions
virtual void	add_padding (std::span< uint8_t > buffer, size_t final_block_bytes, size_t block_size) const
void	apply_padding (std::span< uint8_t > last_block, size_t final_block_bytes) const override
std::string	name () const override
virtual size_t	output_length (size_t input_length, size_t block_size) const
size_t	remove_padding (std::span< const uint8_t > last_block) const override
size_t	unpad (std::span< const uint8_t > last_block) const
bool	valid_blocksize (size_t bs) const override

Static Public Member Functions
static std::unique_ptr< BlockCipherModePaddingMethod >	create (std::string_view algo_spec)

Detailed Description

One And Zeros Padding (ISO/IEC 9797-1, padding method 2)

Definition at line 134 of file mode_pad.h.

Member Function Documentation

◆ add_padding()

void Botan::BlockCipherModePaddingMethod::add_padding	(	std::span< uint8_t >	buffer,
		size_t	final_block_bytes,
		size_t	block_size ) const

virtualinherited

Add padding bytes to buffer.

Parameters

buffer	data to pad, span must be large enough to hold the padding behind the final (partial) block
final_block_bytes	size of the final block in bytes
block_size	size of each block in bytes

Reimplemented in Botan::Null_Padding.

Definition at line 43 of file mode_pad.cpp.

                                                                                                             {
   BOTAN_ASSERT_NOMSG(valid_blocksize(BS));
   BOTAN_ASSERT_NOMSG(last_byte_pos < BS);
   BOTAN_ASSERT_NOMSG(buffer.size() % BS == 0);
   BOTAN_ASSERT_NOMSG(buffer.size() >= BS);
 
   auto poison = CT::scoped_poison(last_byte_pos, buffer);
   apply_padding(buffer.last(BS), last_byte_pos);
}

References apply_padding(), BOTAN_ASSERT_NOMSG, Botan::CT::scoped_poison(), and valid_blocksize().

◆ apply_padding()

void Botan::OneAndZeros_Padding::apply_padding	(	std::span< uint8_t >	last_block,
		size_t	padding_start_pos ) const

overridevirtual

Applies the concrete padding to the last_block assuming the padding bytes should start at padding_start_pos within the last block.

Concrete implementations of this function must ensure not to leak padding_start_pos via side channels. Both the bytes of last_block and padding_start_pos are passed in with CT::poison applied.

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 155 of file mode_pad.cpp.

                                                                                                   {
   /*
   Padding format is
   80
   8000
   800000
   ...
   */
   for(size_t i = 0; i != last_block.size(); ++i) {
      auto needs_80 = CT::Mask<uint8_t>(CT::Mask<size_t>::is_equal(i, padding_start_pos));
      auto needs_00 = CT::Mask<uint8_t>(CT::Mask<size_t>::is_gt(i, padding_start_pos));
      last_block[i] = needs_00.select(0x00, needs_80.select(0x80, last_block[i]));
   }
}

References Botan::CT::Mask< T >::is_equal(), and Botan::CT::Mask< T >::is_gt().

◆ create()

std::unique_ptr< BlockCipherModePaddingMethod > Botan::BlockCipherModePaddingMethod::create ( std::string_view algo_spec )

staticinherited

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters

algo_spec block cipher padding mode name

Get a block cipher padding method by name

Definition at line 19 of file mode_pad.cpp.

                                                                                                         {
   if(algo_spec == "NoPadding") {
      return std::make_unique<Null_Padding>();
   }
 
   if(algo_spec == "PKCS7") {
      return std::make_unique<PKCS7_Padding>();
   }
 
   if(algo_spec == "OneAndZeros") {
      return std::make_unique<OneAndZeros_Padding>();
   }
 
   if(algo_spec == "X9.23") {
      return std::make_unique<ANSI_X923_Padding>();
   }
 
   if(algo_spec == "ESP") {
      return std::make_unique<ESP_Padding>();
   }
 
   return nullptr;
}

Referenced by Botan::Cipher_Mode::create().

◆ name()

std::string Botan::OneAndZeros_Padding::name ( ) const

inlineoverridevirtual

Returns: name of the mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 142 of file mode_pad.h.

142{ return "OneAndZeros"; }

◆ output_length()

virtual size_t Botan::BlockCipherModePaddingMethod::output_length	(	size_t	input_length,
		size_t	block_size ) const

inlinevirtualinherited

Parameters

input_length	number of bytes to be padded
block_size	size of each block in bytes

Returns: the total number of output bytes (including the padding)

Reimplemented in Botan::Null_Padding.

Definition at line 66 of file mode_pad.h.

                                                                                 {
         return ((input_length + block_size) / block_size) * block_size;
      }

Referenced by Botan::CBC_Encryption::output_length().

◆ remove_padding()

size_t Botan::OneAndZeros_Padding::remove_padding ( std::span< const uint8_t > last_block ) const

overridevirtual

Removes the padding from last_block and returns the number of data bytes. If the padding is invalid, this returns the byte length of last_block.

Concrete implementations of this function must ensure not to leak the size or validity of the padding via side channels. The bytes of last_block are passed in with CT::poison applied to them.

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 173 of file mode_pad.cpp.

                                                                             {
   const size_t BS = input.size();
   auto bad_input = CT::Mask<uint8_t>::cleared();
   auto seen_0x80 = CT::Mask<uint8_t>::cleared();
 
   size_t pad_pos = BS - 1;
 
   for(size_t i = BS; i != 0; --i) {
      const auto is_0x80 = CT::Mask<uint8_t>::is_equal(input[i - 1], 0x80);
      const auto is_zero = CT::Mask<uint8_t>::is_zero(input[i - 1]);
 
      seen_0x80 |= is_0x80;
      pad_pos -= seen_0x80.if_not_set_return(1);
      bad_input |= ~seen_0x80 & ~is_zero;
   }
   bad_input |= ~seen_0x80;
 
   return CT::Mask<size_t>::expand(bad_input).select(BS, pad_pos);
}

References Botan::CT::Mask< T >::cleared(), Botan::CT::Mask< T >::expand(), Botan::CT::Mask< T >::is_equal(), and Botan::CT::Mask< T >::is_zero().

◆ unpad()

size_t Botan::BlockCipherModePaddingMethod::unpad ( std::span< const uint8_t > last_block ) const

inherited

Remove padding bytes from block

Parameters

last_block the last block containing the padding

Returns: number of data bytes, or if the padding is invalid returns the byte length of last_block (i.e. the block size)

Definition at line 53 of file mode_pad.cpp.

                                                                                  {
   if(!valid_blocksize(last_block.size())) {
      return last_block.size();
   }
 
   auto poison = CT::scoped_poison(last_block);
   return CT::driveby_unpoison(remove_padding(last_block));
}

References Botan::CT::driveby_unpoison(), remove_padding(), Botan::CT::scoped_poison(), and valid_blocksize().

◆ valid_blocksize()

bool Botan::OneAndZeros_Padding::valid_blocksize ( size_t block_size ) const

inlineoverridevirtual

Parameters

block_size of the cipher

Returns: valid block size for this padding mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 140 of file mode_pad.h.

140{ return (bs > 2); }

The documentation for this class was generated from the following files:

src/lib/modes/mode_pad/mode_pad.h
src/lib/modes/mode_pad/mode_pad.cpp

Public Member Functions

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ add_padding()

◆ apply_padding()

◆ create()

◆ name()

◆ output_length()

◆ remove_padding()

◆ unpad()

◆ valid_blocksize()