Botan  2.1.0
Crypto and TLS for C++11
eme_pkcs.cpp
Go to the documentation of this file.
1 /*
2 * PKCS #1 v1.5 Type 2 (encryption) padding
3 * (C) 1999-2007,2015,2016 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/eme_pkcs.h>
9 #include <botan/internal/ct_utils.h>
10 
11 namespace Botan {
12 
13 /*
14 * PKCS1 Pad Operation
15 */
16 secure_vector<uint8_t> EME_PKCS1v15::pad(const uint8_t in[], size_t inlen,
17  size_t key_length,
18  RandomNumberGenerator& rng) const
19  {
20  key_length /= 8;
21 
22  if(inlen > maximum_input_size(key_length * 8))
23  {
24  throw Invalid_Argument("PKCS1: Input is too large");
25  }
26 
27  secure_vector<uint8_t> out(key_length);
28 
29  out[0] = 0x02;
30  rng.randomize(out.data() + 1, (key_length - inlen - 2));
31 
32  for(size_t j = 1; j != key_length - inlen - 1; ++j)
33  {
34  if(out[j] == 0)
35  {
36  out[j] = rng.next_nonzero_byte();
37  }
38  }
39 
40  buffer_insert(out, key_length - inlen, in, inlen);
41 
42  return out;
43  }
44 
45 /*
46 * PKCS1 Unpad Operation
47 */
48 secure_vector<uint8_t> EME_PKCS1v15::unpad(uint8_t& valid_mask,
49  const uint8_t in[], size_t inlen) const
50  {
51  if(inlen < 2)
52  {
53  valid_mask = false;
54  return secure_vector<uint8_t>();
55  }
56 
57  CT::poison(in, inlen);
58 
59  uint8_t bad_input_m = 0;
60  uint8_t seen_zero_m = 0;
61  size_t delim_idx = 0;
62 
63  bad_input_m |= ~CT::is_equal<uint8_t>(in[0], 0);
64  bad_input_m |= ~CT::is_equal<uint8_t>(in[1], 2);
65 
66  for(size_t i = 2; i < inlen; ++i)
67  {
68  const uint8_t is_zero_m = CT::is_zero<uint8_t>(in[i]);
69 
70  delim_idx += CT::select<uint8_t>(~seen_zero_m, 1, 0);
71 
72  bad_input_m |= is_zero_m & CT::expand_mask<uint8_t>(i < 10);
73  seen_zero_m |= is_zero_m;
74  }
75 
76  bad_input_m |= ~seen_zero_m;
77  bad_input_m |= CT::is_less<size_t>(delim_idx, 8);
78 
79  CT::unpoison(in, inlen);
80  CT::unpoison(bad_input_m);
81  CT::unpoison(delim_idx);
82 
83  secure_vector<uint8_t> output(&in[delim_idx + 2], &in[inlen]);
84  CT::cond_zero_mem(bad_input_m, output.data(), output.size());
85  valid_mask = ~bad_input_m;
86  return output;
87  }
88 
89 /*
90 * Return the max input size for a given key size
91 */
92 size_t EME_PKCS1v15::maximum_input_size(size_t keybits) const
93  {
94  if(keybits / 8 > 10)
95  return ((keybits / 8) - 10);
96  else
97  return 0;
98  }
99 
100 }
size_t maximum_input_size(size_t) const override
Definition: eme_pkcs.cpp:92
void poison(const T *p, size_t n)
Definition: ct_utils.h:46
void cond_zero_mem(T cond, T *array, size_t elems)
Definition: ct_utils.h:153
Definition: alg_id.cpp:13
size_t buffer_insert(std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
Definition: secmem.h:133
void unpoison(const T *p, size_t n)
Definition: ct_utils.h:57