#include <mode_pad.h>

Inheritance diagram for Botan::PKCS7_Padding:

Public Member Functions
virtual void	add_padding (std::span< uint8_t > buffer, size_t final_block_bytes, size_t block_size) const
void	apply_padding (std::span< uint8_t > last_block, size_t final_block_bytes) const override
std::string	name () const override
virtual size_t	output_length (size_t input_length, size_t block_size) const
size_t	remove_padding (std::span< const uint8_t > last_block) const override
size_t	unpad (std::span< const uint8_t > last_block) const
bool	valid_blocksize (size_t bs) const override

Static Public Member Functions
static std::unique_ptr< BlockCipherModePaddingMethod >	create (std::string_view algo_spec)

Detailed Description

PKCS#7 Padding

Definition at line 106 of file mode_pad.h.

Member Function Documentation

◆ add_padding()

void Botan::BlockCipherModePaddingMethod::add_padding	(	std::span< uint8_t >	buffer,
		size_t	final_block_bytes,
		size_t	block_size ) const

virtualinherited

Add padding bytes to buffer.

Parameters

buffer	data to pad, span must be large enough to hold the padding behind the final (partial) block
final_block_bytes	size of the final block in bytes
block_size	size of each block in bytes

Reimplemented in Botan::Null_Padding.

Definition at line 44 of file mode_pad.cpp.

                                                                                                             {
   BOTAN_ASSERT_NOMSG(valid_blocksize(BS));
   BOTAN_ASSERT_NOMSG(last_byte_pos < BS);
   BOTAN_ASSERT_NOMSG(buffer.size() % BS == 0);
   BOTAN_ASSERT_NOMSG(buffer.size() >= BS);
 
   auto poison = CT::scoped_poison(last_byte_pos, buffer);
   apply_padding(buffer.last(BS), last_byte_pos);
}

References apply_padding(), BOTAN_ASSERT_NOMSG, Botan::CT::scoped_poison(), and valid_blocksize().

◆ apply_padding()

void Botan::PKCS7_Padding::apply_padding	(	std::span< uint8_t >	last_block,
		size_t	padding_start_pos ) const

overridevirtual

Applies the concrete padding to the last_block assuming the padding bytes should start at padding_start_pos within the last block.

Concrete implementations of this function must ensure not to leak padding_start_pos via side channels. Both the bytes of last_block and padding_start_pos are passed in with CT::poison applied.

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 66 of file mode_pad.cpp.

                                                                                             {
   /*
   Padding format is
   01
   0202
   030303
   ...
   */
   const uint8_t BS = static_cast<uint8_t>(last_block.size());
   const uint8_t start_pos = static_cast<uint8_t>(padding_start_pos);
   const uint8_t padding_len = BS - start_pos;
   for(uint8_t i = 0; i < BS; ++i) {
      auto needs_padding = CT::Mask<uint8_t>::is_gte(i, start_pos);
      last_block[i] = needs_padding.select(padding_len, last_block[i]);
   }
}

References Botan::CT::Mask< T >::is_gte().

◆ create()

std::unique_ptr< BlockCipherModePaddingMethod > Botan::BlockCipherModePaddingMethod::create ( std::string_view algo_spec )

staticinherited

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters

algo_spec block cipher padding mode name

Get a block cipher padding method by name

Definition at line 20 of file mode_pad.cpp.

                                                                                                         {
   if(algo_spec == "NoPadding") {
      return std::make_unique<Null_Padding>();
   }
 
   if(algo_spec == "PKCS7") {
      return std::make_unique<PKCS7_Padding>();
   }
 
   if(algo_spec == "OneAndZeros") {
      return std::make_unique<OneAndZeros_Padding>();
   }
 
   if(algo_spec == "X9.23") {
      return std::make_unique<ANSI_X923_Padding>();
   }
 
   if(algo_spec == "ESP") {
      return std::make_unique<ESP_Padding>();
   }
 
   return nullptr;
}

Referenced by Botan::Cipher_Mode::create().

◆ name()

std::string Botan::PKCS7_Padding::name ( ) const

inlineoverridevirtual

Returns: name of the mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 114 of file mode_pad.h.

114{ return "PKCS7"; }

◆ output_length()

virtual size_t Botan::BlockCipherModePaddingMethod::output_length	(	size_t	input_length,
		size_t	block_size ) const

inlinevirtualinherited

Parameters

input_length	number of bytes to be padded
block_size	size of each block in bytes

Returns: the total number of output bytes (including the padding)

Reimplemented in Botan::Null_Padding.

Definition at line 66 of file mode_pad.h.

                                                                                 {
         return ((input_length + block_size) / block_size) * block_size;
      }

Referenced by Botan::CBC_Encryption::output_length().

◆ remove_padding()

size_t Botan::PKCS7_Padding::remove_padding ( std::span< const uint8_t > last_block ) const

overridevirtual

Removes the padding from last_block and returns the number of data bytes. If the padding is invalid, this returns the byte length of last_block.

Concrete implementations of this function must ensure not to leak the size or validity of the padding via side channels. The bytes of last_block are passed in with CT::poison applied to them.

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 86 of file mode_pad.cpp.

                                                                       {
   const size_t BS = input.size();
   const uint8_t last_byte = input.back();
 
   /*
   The input should == the block size so if the last byte exceeds
   that then the padding is certainly invalid
   */
   auto bad_input = CT::Mask<size_t>::is_gt(last_byte, BS);
 
   const size_t pad_pos = BS - last_byte;
 
   for(size_t i = 0; i != BS - 1; ++i) {
      // Does this byte equal the expected pad byte?
      const auto pad_eq = CT::Mask<size_t>::is_equal(input[i], last_byte);
 
      // Ignore values that are not part of the padding
      const auto in_range = CT::Mask<size_t>::is_gte(i, pad_pos);
      bad_input |= in_range & (~pad_eq);
   }
 
   return bad_input.select(BS, pad_pos);
}

References Botan::CT::Mask< T >::is_equal(), Botan::CT::Mask< T >::is_gt(), and Botan::CT::Mask< T >::is_gte().

◆ unpad()

size_t Botan::BlockCipherModePaddingMethod::unpad ( std::span< const uint8_t > last_block ) const

inherited

Remove padding bytes from block

Parameters

last_block the last block containing the padding

Returns: number of data bytes, or if the padding is invalid returns the byte length of last_block (i.e. the block size)

Definition at line 54 of file mode_pad.cpp.

                                                                                  {
   if(!valid_blocksize(last_block.size())) {
      return last_block.size();
   }
 
   auto poison = CT::scoped_poison(last_block);
   return CT::driveby_unpoison(remove_padding(last_block));
}

References Botan::CT::driveby_unpoison(), remove_padding(), Botan::CT::scoped_poison(), and valid_blocksize().

◆ valid_blocksize()

bool Botan::PKCS7_Padding::valid_blocksize ( size_t block_size ) const

inlineoverridevirtual

Parameters

block_size of the cipher

Returns: valid block size for this padding mode

Implements Botan::BlockCipherModePaddingMethod.

Definition at line 112 of file mode_pad.h.

112{ return (bs > 2 && bs < 256); }

The documentation for this class was generated from the following files:

src/lib/modes/mode_pad/mode_pad.h
src/lib/modes/mode_pad/mode_pad.cpp

Public Member Functions

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ add_padding()

◆ apply_padding()

◆ create()

◆ name()

◆ output_length()

◆ remove_padding()

◆ unpad()

◆ valid_blocksize()