Add a variant of EMSA3 called EMSA3_Raw which does not hash the data or

add a digest identifier. This was a feature requested on the mailing list.

Apparently this scheme is called CKM_RSA_PKCS in PKCS #11, and is supported
by a number of libraries, including QCA.

3 files changed, 125 insertions, 46 deletions

diff --git a/doc/log.txt b/doc/log.txt
index 87427e7c1..2a1e7d907 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -1,5 +1,7 @@
 
 * 1.7.24-pre, ????-??-??
+ - Add EMSA3_Raw, sometimes called PKCS#11 CKM_RSA_PKCS
+ - Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes
  - Wrap private structs in SSE2 SHA-1 code in anonymous namespace
  - Change configure.pl's CPU autodetection output to be more consistent
  - Disable using OpenSSL's AES due to crashes
diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp
index 060dd40d8..fc772e796 100644
--- a/src/pk_pad/emsa3/emsa3.cpp
+++ b/src/pk_pad/emsa3/emsa3.cpp
@@ -1,7 +1,7 @@
-/*************************************************
-* EMSA3 Source File                              *
-* (C) 1999-2007 Jack Lloyd                       *
-*************************************************/
+/*
+* EMSA3 and EMSA3_Raw
+* (C) 1999-2008 Jack Lloyd
+*/
 
 #include <botan/emsa3.h>
 #include <botan/hash_id.h>
@@ -10,73 +10,75 @@ namespace Botan {
 
 namespace {
 
-/*************************************************
-* EMSA3 Encode Operation                         *
-*************************************************/
+/**
+* EMSA3 Encode Operation
+*/
 SecureVector<byte> emsa3_encoding(const MemoryRegion<byte>& msg,
                                   u32bit output_bits,
-                                  const MemoryRegion<byte>& hash_id,
-                                  u32bit hash_size)
+                                  const byte hash_id[],
+                                  u32bit hash_id_length)
    {
-   if(msg.size() != hash_size)
-      throw Encoding_Error("EMSA3::encoding_of: Bad input length");
-
    u32bit output_length = output_bits / 8;
-   if(output_length < hash_id.size() + hash_size + 10)
+   if(output_length < hash_id_length + msg.size() + 10)
       throw Encoding_Error("EMSA3::pad: Output length is too small");
 
    SecureVector<byte> T(output_length);
-   const u32bit P_LENGTH = output_length - hash_size - hash_id.size() - 2;
+   const u32bit P_LENGTH = output_length - msg.size() - hash_id_length - 2;
 
    T[0] = 0x01;
    set_mem(T+1, P_LENGTH, 0xFF);
    T[P_LENGTH+1] = 0x00;
-   T.copy(P_LENGTH+2, hash_id, hash_id.size());
-   T.copy(output_length-hash_size, msg, msg.size());
+   T.copy(P_LENGTH+2, hash_id, hash_id_length);
+   T.copy(output_length-msg.size(), msg, msg.size());
    return T;
    }
 
 }
 
-/*************************************************
-* EMSA3 Update Operation                         *
-*************************************************/
+/**
+* EMSA3 Update Operation
+*/
 void EMSA3::update(const byte input[], u32bit length)
    {
    hash->update(input, length);
    }
 
-/*************************************************
-* Return the raw (unencoded) data                *
-*************************************************/
+/**
+* Return the raw (unencoded) data
+*/
 SecureVector<byte> EMSA3::raw_data()
    {
    return hash->final();
    }
 
-/*************************************************
-* EMSA3 Encode Operation                         *
-*************************************************/
+/**
+* EMSA3 Encode Operation
+*/
 SecureVector<byte> EMSA3::encoding_of(const MemoryRegion<byte>& msg,
                                       u32bit output_bits,
                                       RandomNumberGenerator&)
    {
-   return emsa3_encoding(msg, output_bits, hash_id,
-                         hash->OUTPUT_LENGTH);
+   if(msg.size() != hash->OUTPUT_LENGTH)
+      throw Encoding_Error("EMSA3::encoding_of: Bad input length");
+
+   return emsa3_encoding(msg, output_bits,
+                         hash_id, hash_id.size());
    }
 
-/*************************************************
-* Default signature decoding                     *
-*************************************************/
+/**
+* Default signature decoding
+*/
 bool EMSA3::verify(const MemoryRegion<byte>& coded,
                    const MemoryRegion<byte>& raw,
                    u32bit key_bits) throw()
    {
+   if(raw.size() != hash->OUTPUT_LENGTH)
+      return false;
+
    try
       {
       return (coded == emsa3_encoding(raw, key_bits,
-                                      hash_id,
-                                      hash->OUTPUT_LENGTH));
+                                      hash_id, hash_id.size()));
       }
    catch(...)
       {
@@ -84,12 +86,63 @@ bool EMSA3::verify(const MemoryRegion<byte>& coded,
       }
    }
 
-/*************************************************
-* EMSA3 Constructor                              *
-*************************************************/
+/**
+* EMSA3 Constructor
+*/
 EMSA3::EMSA3(HashFunction* hash_in) : hash(hash_in)
    {
    hash_id = pkcs_hash_id(hash->name());
    }
 
+/**
+* EMSA3 Destructor
+*/
+EMSA3::~EMSA3()
+   {
+   delete hash;
+   }
+
+/**
+* EMSA3_Raw Update Operation
+*/
+void EMSA3_Raw::update(const byte input[], u32bit length)
+   {
+   message.append(input, length);
+   }
+
+/**
+* Return the raw (unencoded) data
+*/
+SecureVector<byte> EMSA3_Raw::raw_data()
+   {
+   return message;
+   }
+
+/**
+* EMSA3_Raw Encode Operation
+*/
+SecureVector<byte> EMSA3_Raw::encoding_of(const MemoryRegion<byte>& msg,
+                                          u32bit output_bits,
+                                          RandomNumberGenerator&)
+   {
+   return emsa3_encoding(msg, output_bits, 0, 0);
+   }
+
+/**
+* Default signature decoding
+*/
+bool EMSA3_Raw::verify(const MemoryRegion<byte>& coded,
+                       const MemoryRegion<byte>& raw,
+                       u32bit key_bits) throw()
+   {
+   try
+      {
+      return (coded == emsa3_encoding(raw, key_bits, 0, 0));
+      }
+   catch(...)
+      {
+      return false;
+      }
+   }
+
 }
diff --git a/src/pk_pad/emsa3/emsa3.h b/src/pk_pad/emsa3/emsa3.h
index 620cf9d21..443447ca3 100644
--- a/src/pk_pad/emsa3/emsa3.h
+++ b/src/pk_pad/emsa3/emsa3.h
@@ -1,7 +1,7 @@
-/*************************************************
-* EMSA3 Header File                              *
-* (C) 1999-2007 Jack Lloyd                       *
-*************************************************/
+/*
+* EMSA3 and EMSA3_Raw
+* (C) 1999-2008 Jack Lloyd
+*/
 
 #ifndef BOTAN_EMSA3_H__
 #define BOTAN_EMSA3_H__
@@ -11,15 +11,17 @@
 
 namespace Botan {
 
-/*************************************************
-* EMSA3                                          *
-*************************************************/
+/**
+* EMSA3
+* aka PKCS #1 v1.5 signature padding
+* aka PKCS #1 block type 1
+*/
 class BOTAN_DLL EMSA3 : public EMSA
    {
    public:
-      EMSA3(HashFunction* hash);
-      ~EMSA3() { delete hash; }
-   private:
+      EMSA3(HashFunction*);
+      ~EMSA3();
+
       void update(const byte[], u32bit);
 
       SecureVector<byte> raw_data();
@@ -29,11 +31,33 @@ class BOTAN_DLL EMSA3 : public EMSA
 
       bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&,
                   u32bit) throw();
-
+   private:
       HashFunction* hash;
       SecureVector<byte> hash_id;
    };
 
+/**
+* EMSA3_Raw which is EMSA3 without a hash or digest id (which
+* according to QCA docs is "identical to PKCS#11's CKM_RSA_PKCS
+* mechanism", something I have not confirmed)
+*/
+class BOTAN_DLL EMSA3_Raw : public EMSA
+   {
+   public:
+      void update(const byte[], u32bit);
+
+      SecureVector<byte> raw_data();
+
+      SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit,
+                                     RandomNumberGenerator& rng);
+
+      bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&,
+                  u32bit) throw();
+
+   private:
+      SecureVector<byte> message;
+   };
+
 }
 
 #endif