Botan  2.7.0
Crypto and TLS for C++11
eme_pkcs.cpp
Go to the documentation of this file.
1 /*
2 * PKCS #1 v1.5 Type 2 (encryption) padding
3 * (C) 1999-2007,2015,2016 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/eme_pkcs.h>
9 #include <botan/exceptn.h>
10 #include <botan/rng.h>
11 #include <botan/internal/ct_utils.h>
12 
13 namespace Botan {
14 
15 /*
16 * PKCS1 Pad Operation
17 */
18 secure_vector<uint8_t> EME_PKCS1v15::pad(const uint8_t in[], size_t inlen,
19  size_t key_length,
20  RandomNumberGenerator& rng) const
21  {
22  key_length /= 8;
23 
24  if(inlen > maximum_input_size(key_length * 8))
25  {
26  throw Invalid_Argument("PKCS1: Input is too large");
27  }
28 
29  secure_vector<uint8_t> out(key_length);
30 
31  out[0] = 0x02;
32  rng.randomize(out.data() + 1, (key_length - inlen - 2));
33 
34  for(size_t j = 1; j != key_length - inlen - 1; ++j)
35  {
36  if(out[j] == 0)
37  {
38  out[j] = rng.next_nonzero_byte();
39  }
40  }
41 
42  buffer_insert(out, key_length - inlen, in, inlen);
43 
44  return out;
45  }
46 
47 /*
48 * PKCS1 Unpad Operation
49 */
50 secure_vector<uint8_t> EME_PKCS1v15::unpad(uint8_t& valid_mask,
51  const uint8_t in[], size_t inlen) const
52  {
53  if(inlen < 2)
54  {
55  valid_mask = false;
56  return secure_vector<uint8_t>();
57  }
58 
59  CT::poison(in, inlen);
60 
61  uint8_t bad_input_m = 0;
62  uint8_t seen_zero_m = 0;
63  size_t delim_idx = 0;
64 
65  bad_input_m |= ~CT::is_equal<uint8_t>(in[0], 0);
66  bad_input_m |= ~CT::is_equal<uint8_t>(in[1], 2);
67 
68  for(size_t i = 2; i < inlen; ++i)
69  {
70  const uint8_t is_zero_m = CT::is_zero<uint8_t>(in[i]);
71 
72  delim_idx += CT::select<uint8_t>(~seen_zero_m, 1, 0);
73 
74  bad_input_m |= is_zero_m & CT::expand_mask<uint8_t>(i < 10);
75  seen_zero_m |= is_zero_m;
76  }
77 
78  bad_input_m |= ~seen_zero_m;
79  bad_input_m |= CT::is_less<size_t>(delim_idx, 8);
80 
81  CT::unpoison(in, inlen);
82  CT::unpoison(bad_input_m);
83  CT::unpoison(delim_idx);
84 
85  secure_vector<uint8_t> output(&in[delim_idx + 2], &in[inlen]);
86  CT::cond_zero_mem(bad_input_m, output.data(), output.size());
87  valid_mask = ~bad_input_m;
88  return output;
89  }
90 
91 /*
92 * Return the max input size for a given key size
93 */
94 size_t EME_PKCS1v15::maximum_input_size(size_t keybits) const
95  {
96  if(keybits / 8 > 10)
97  return ((keybits / 8) - 10);
98  else
99  return 0;
100  }
101 
102 }
size_t maximum_input_size(size_t) const override
Definition: eme_pkcs.cpp:94
void poison(const T *p, size_t n)
Definition: ct_utils.h:46
void cond_zero_mem(T cond, T *array, size_t elems)
Definition: ct_utils.h:171
Definition: alg_id.cpp:13
size_t buffer_insert(std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
Definition: secmem.h:103
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:57