diff options
author | lloyd <[email protected]> | 2014-01-01 21:20:55 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2014-01-01 21:20:55 +0000 |
commit | 197dc467dec28a04c3b2f30da7cef122dfbb13e9 (patch) | |
tree | cdbd3ddaec051c72f0a757db461973d90c37b97a /lib/pk_pad | |
parent | 62faac373c07cfe10bc8c309e89ebdd30d8e5eaa (diff) |
Shuffle things around. Add NIST X.509 test to build.
Diffstat (limited to 'lib/pk_pad')
32 files changed, 1749 insertions, 0 deletions
diff --git a/lib/pk_pad/eme.cpp b/lib/pk_pad/eme.cpp new file mode 100644 index 000000000..f90239d8c --- /dev/null +++ b/lib/pk_pad/eme.cpp @@ -0,0 +1,50 @@ +/* +* EME Base Class +* (C) 1999-2008 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/eme.h> + +namespace Botan { + +/* +* Encode a message +*/ +secure_vector<byte> EME::encode(const byte msg[], size_t msg_len, + size_t key_bits, + RandomNumberGenerator& rng) const + { + return pad(msg, msg_len, key_bits, rng); + } + +/* +* Encode a message +*/ +secure_vector<byte> EME::encode(const secure_vector<byte>& msg, + size_t key_bits, + RandomNumberGenerator& rng) const + { + return pad(&msg[0], msg.size(), key_bits, rng); + } + +/* +* Decode a message +*/ +secure_vector<byte> EME::decode(const byte msg[], size_t msg_len, + size_t key_bits) const + { + return unpad(msg, msg_len, key_bits); + } + +/* +* Decode a message +*/ +secure_vector<byte> EME::decode(const secure_vector<byte>& msg, + size_t key_bits) const + { + return unpad(&msg[0], msg.size(), key_bits); + } + +} diff --git a/lib/pk_pad/eme.h b/lib/pk_pad/eme.h new file mode 100644 index 000000000..358b4f144 --- /dev/null +++ b/lib/pk_pad/eme.h @@ -0,0 +1,109 @@ +/* +* EME Classes +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PUBKEY_EME_ENCRYPTION_PAD_H__ +#define BOTAN_PUBKEY_EME_ENCRYPTION_PAD_H__ + +#include <botan/secmem.h> +#include <botan/rng.h> + +namespace Botan { + +/** +* Encoding Method for Encryption +*/ +class BOTAN_DLL EME + { + public: + /** + * Return the maximum input size in bytes we can support + * @param keybits the size of the key in bits + * @return upper bound of input in bytes + */ + virtual size_t maximum_input_size(size_t keybits) const = 0; + + /** + * Encode an input + * @param in the plaintext + * @param in_length length of plaintext in bytes + * @param key_length length of the key in bits + * @param rng a random number generator + * @return encoded plaintext + */ + secure_vector<byte> encode(const byte in[], + size_t in_length, + size_t key_length, + RandomNumberGenerator& rng) const; + + /** + * Encode an input + * @param in the plaintext + * @param key_length length of the key in bits + * @param rng a random number generator + * @return encoded plaintext + */ + secure_vector<byte> encode(const secure_vector<byte>& in, + size_t key_length, + RandomNumberGenerator& rng) const; + + /** + * Decode an input + * @param in the encoded plaintext + * @param in_length length of encoded plaintext in bytes + * @param key_length length of the key in bits + * @return plaintext + */ + secure_vector<byte> decode(const byte in[], + size_t in_length, + size_t key_length) const; + + /** + * Decode an input + * @param in the encoded plaintext + * @param key_length length of the key in bits + * @return plaintext + */ + secure_vector<byte> decode(const secure_vector<byte>& in, + size_t key_length) const; + + virtual ~EME() {} + private: + /** + * Encode an input + * @param in the plaintext + * @param in_length length of plaintext in bytes + * @param key_length length of the key in bits + * @param rng a random number generator + * @return encoded plaintext + */ + virtual secure_vector<byte> pad(const byte in[], + size_t in_length, + size_t key_length, + RandomNumberGenerator& rng) const = 0; + + /** + * Decode an input + * @param in the encoded plaintext + * @param in_length length of encoded plaintext in bytes + * @param key_length length of the key in bits + * @return plaintext + */ + virtual secure_vector<byte> unpad(const byte in[], + size_t in_length, + size_t key_length) const = 0; + }; + +/** +* Factory method for EME (message-encoding methods for encryption) objects +* @param algo_spec the name of the EME to create +* @return pointer to newly allocated object of that type +*/ +BOTAN_DLL EME* get_eme(const std::string& algo_spec); + +} + +#endif diff --git a/lib/pk_pad/eme1/eme1.cpp b/lib/pk_pad/eme1/eme1.cpp new file mode 100644 index 000000000..dadb44d0a --- /dev/null +++ b/lib/pk_pad/eme1/eme1.cpp @@ -0,0 +1,130 @@ +/* +* EME1 (aka OAEP) +* (C) 1999-2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/eme1.h> +#include <botan/mgf1.h> +#include <botan/mem_ops.h> +#include <memory> + +namespace Botan { + +/* +* EME1 Pad Operation +*/ +secure_vector<byte> EME1::pad(const byte in[], size_t in_length, + size_t key_length, + RandomNumberGenerator& rng) const + { + key_length /= 8; + + if(key_length < in_length + 2*Phash.size() + 1) + throw Invalid_Argument("EME1: Input is too large"); + + secure_vector<byte> out(key_length); + + rng.randomize(&out[0], Phash.size()); + + buffer_insert(out, Phash.size(), &Phash[0], Phash.size()); + out[out.size() - in_length - 1] = 0x01; + buffer_insert(out, out.size() - in_length, in, in_length); + + mgf->mask(&out[0], Phash.size(), + &out[Phash.size()], out.size() - Phash.size()); + + mgf->mask(&out[Phash.size()], out.size() - Phash.size(), + &out[0], Phash.size()); + + return out; + } + +/* +* EME1 Unpad Operation +*/ +secure_vector<byte> EME1::unpad(const byte in[], size_t in_length, + size_t key_length) const + { + /* + Must be careful about error messages here; if an attacker can + distinguish them, it is easy to use the differences as an oracle to + find the secret key, as described in "A Chosen Ciphertext Attack on + RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in + PKCS #1 v2.0", James Manger, Crypto 2001 + + Also have to be careful about timing attacks! Pointed out by Falko + Strenzke. + */ + + key_length /= 8; + + // Invalid input: truncate to zero length input, causing later + // checks to fail + if(in_length > key_length) + in_length = 0; + + secure_vector<byte> input(key_length); + buffer_insert(input, key_length - in_length, in, in_length); + + mgf->mask(&input[Phash.size()], input.size() - Phash.size(), + &input[0], Phash.size()); + mgf->mask(&input[0], Phash.size(), + &input[Phash.size()], input.size() - Phash.size()); + + bool waiting_for_delim = true; + bool bad_input = false; + size_t delim_idx = 2 * Phash.size(); + + /* + * GCC 4.5 on x86-64 compiles this in a way that is still vunerable + * to timing analysis. Other compilers, or GCC on other platforms, + * may or may not. + */ + for(size_t i = delim_idx; i < input.size(); ++i) + { + const bool zero_p = !input[i]; + const bool one_p = input[i] == 0x01; + + const bool add_1 = waiting_for_delim && zero_p; + + bad_input |= waiting_for_delim && !(zero_p || one_p); + + delim_idx += add_1; + + waiting_for_delim &= zero_p; + } + + // If we never saw any non-zero byte, then it's not valid input + bad_input |= waiting_for_delim; + + bad_input |= !same_mem(&input[Phash.size()], &Phash[0], Phash.size()); + + if(bad_input) + throw Decoding_Error("Invalid EME1 encoding"); + + return secure_vector<byte>(&input[delim_idx + 1], &input[input.size()]); + } + +/* +* Return the max input size for a given key size +*/ +size_t EME1::maximum_input_size(size_t keybits) const + { + if(keybits / 8 > 2*Phash.size() + 1) + return ((keybits / 8) - 2*Phash.size() - 1); + else + return 0; + } + +/* +* EME1 Constructor +*/ +EME1::EME1(HashFunction* hash, const std::string& P) + { + Phash = hash->process(P); + mgf = new MGF1(hash); + } + +} diff --git a/lib/pk_pad/eme1/eme1.h b/lib/pk_pad/eme1/eme1.h new file mode 100644 index 000000000..eb6fc6bf5 --- /dev/null +++ b/lib/pk_pad/eme1/eme1.h @@ -0,0 +1,43 @@ +/* +* EME1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EME1_H__ +#define BOTAN_EME1_H__ + +#include <botan/eme.h> +#include <botan/kdf.h> +#include <botan/hash.h> + +namespace Botan { + +/** +* EME1, aka OAEP +*/ +class BOTAN_DLL EME1 : public EME + { + public: + size_t maximum_input_size(size_t) const; + + /** + * @param hash object to use for hashing (takes ownership) + * @param P an optional label. Normally empty. + */ + EME1(HashFunction* hash, const std::string& P = ""); + + ~EME1() { delete mgf; } + private: + secure_vector<byte> pad(const byte[], size_t, size_t, + RandomNumberGenerator&) const; + secure_vector<byte> unpad(const byte[], size_t, size_t) const; + + secure_vector<byte> Phash; + MGF* mgf; + }; + +} + +#endif diff --git a/lib/pk_pad/eme1/info.txt b/lib/pk_pad/eme1/info.txt new file mode 100644 index 000000000..7e911f495 --- /dev/null +++ b/lib/pk_pad/eme1/info.txt @@ -0,0 +1,9 @@ +define EME1 20131128 + +load_on auto + +<requires> +hash +kdf +mgf1 +</requires> diff --git a/lib/pk_pad/eme_pkcs/eme_pkcs.cpp b/lib/pk_pad/eme_pkcs/eme_pkcs.cpp new file mode 100644 index 000000000..0e7d1fc30 --- /dev/null +++ b/lib/pk_pad/eme_pkcs/eme_pkcs.cpp @@ -0,0 +1,70 @@ +/* +* PKCS1 EME +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/eme_pkcs.h> + +namespace Botan { + +/* +* PKCS1 Pad Operation +*/ +secure_vector<byte> EME_PKCS1v15::pad(const byte in[], size_t inlen, + size_t olen, + RandomNumberGenerator& rng) const + { + olen /= 8; + + if(olen < 10) + throw Encoding_Error("PKCS1: Output space too small"); + if(inlen > olen - 10) + throw Encoding_Error("PKCS1: Input is too large"); + + secure_vector<byte> out(olen); + + out[0] = 0x02; + for(size_t j = 1; j != olen - inlen - 1; ++j) + while(out[j] == 0) + out[j] = rng.next_byte(); + buffer_insert(out, olen - inlen, in, inlen); + + return out; + } + +/* +* PKCS1 Unpad Operation +*/ +secure_vector<byte> EME_PKCS1v15::unpad(const byte in[], size_t inlen, + size_t key_len) const + { + if(inlen != key_len / 8 || inlen < 10 || in[0] != 0x02) + throw Decoding_Error("PKCS1::unpad"); + + size_t seperator = 0; + for(size_t j = 0; j != inlen; ++j) + if(in[j] == 0) + { + seperator = j; + break; + } + if(seperator < 9) + throw Decoding_Error("PKCS1::unpad"); + + return secure_vector<byte>(&in[seperator + 1], &in[inlen]); + } + +/* +* Return the max input size for a given key size +*/ +size_t EME_PKCS1v15::maximum_input_size(size_t keybits) const + { + if(keybits / 8 > 10) + return ((keybits / 8) - 10); + else + return 0; + } + +} diff --git a/lib/pk_pad/eme_pkcs/eme_pkcs.h b/lib/pk_pad/eme_pkcs/eme_pkcs.h new file mode 100644 index 000000000..2808e18d6 --- /dev/null +++ b/lib/pk_pad/eme_pkcs/eme_pkcs.h @@ -0,0 +1,30 @@ +/* +* EME PKCS#1 v1.5 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EME_PKCS1_H__ +#define BOTAN_EME_PKCS1_H__ + +#include <botan/eme.h> + +namespace Botan { + +/** +* EME from PKCS #1 v1.5 +*/ +class BOTAN_DLL EME_PKCS1v15 : public EME + { + public: + size_t maximum_input_size(size_t) const; + private: + secure_vector<byte> pad(const byte[], size_t, size_t, + RandomNumberGenerator&) const; + secure_vector<byte> unpad(const byte[], size_t, size_t) const; + }; + +} + +#endif diff --git a/lib/pk_pad/eme_pkcs/info.txt b/lib/pk_pad/eme_pkcs/info.txt new file mode 100644 index 000000000..432aaf8eb --- /dev/null +++ b/lib/pk_pad/eme_pkcs/info.txt @@ -0,0 +1 @@ +define EME_PKCS1v15 20131128 diff --git a/lib/pk_pad/emsa.h b/lib/pk_pad/emsa.h new file mode 100644 index 000000000..5db01ec12 --- /dev/null +++ b/lib/pk_pad/emsa.h @@ -0,0 +1,68 @@ +/* +* EMSA Classes +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PUBKEY_EMSA_H__ +#define BOTAN_PUBKEY_EMSA_H__ + +#include <botan/secmem.h> +#include <botan/rng.h> + +namespace Botan { + +/** +* Encoding Method for Signatures, Appendix +*/ +class BOTAN_DLL EMSA + { + public: + /** + * Add more data to the signature computation + * @param input some data + * @param length length of input in bytes + */ + virtual void update(const byte input[], size_t length) = 0; + + /** + * @return raw hash + */ + virtual secure_vector<byte> raw_data() = 0; + + /** + * Return the encoding of a message + * @param msg the result of raw_data() + * @param output_bits the desired output bit size + * @param rng a random number generator + * @return encoded signature + */ + virtual secure_vector<byte> encoding_of(const secure_vector<byte>& msg, + size_t output_bits, + RandomNumberGenerator& rng) = 0; + + /** + * Verify the encoding + * @param coded the received (coded) message representative + * @param raw the computed (local, uncoded) message representative + * @param key_bits the size of the key in bits + * @return true if coded is a valid encoding of raw, otherwise false + */ + virtual bool verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, + size_t key_bits) = 0; + virtual ~EMSA() {} + }; + +/** +* Factory method for EMSA (message-encoding methods for signatures +* with appendix) objects +* @param algo_spec the name of the EME to create +* @return pointer to newly allocated object of that type +*/ +BOTAN_DLL EMSA* get_emsa(const std::string& algo_spec); + +} + +#endif diff --git a/lib/pk_pad/emsa1/emsa1.cpp b/lib/pk_pad/emsa1/emsa1.cpp new file mode 100644 index 000000000..2358023f8 --- /dev/null +++ b/lib/pk_pad/emsa1/emsa1.cpp @@ -0,0 +1,105 @@ +/* +* EMSA1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa1.h> + +namespace Botan { + +namespace { + +secure_vector<byte> emsa1_encoding(const secure_vector<byte>& msg, + size_t output_bits) + { + if(8*msg.size() <= output_bits) + return msg; + + size_t shift = 8*msg.size() - output_bits; + + size_t byte_shift = shift / 8, bit_shift = shift % 8; + secure_vector<byte> digest(msg.size() - byte_shift); + + for(size_t j = 0; j != msg.size() - byte_shift; ++j) + digest[j] = msg[j]; + + if(bit_shift) + { + byte carry = 0; + for(size_t j = 0; j != digest.size(); ++j) + { + byte temp = digest[j]; + digest[j] = (temp >> bit_shift) | carry; + carry = (temp << (8 - bit_shift)); + } + } + return digest; + } + +} + +/* +* EMSA1 Update Operation +*/ +void EMSA1::update(const byte input[], size_t length) + { + hash->update(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +secure_vector<byte> EMSA1::raw_data() + { + return hash->final(); + } + +/* +* EMSA1 Encode Operation +*/ +secure_vector<byte> EMSA1::encoding_of(const secure_vector<byte>& msg, + size_t output_bits, + RandomNumberGenerator&) + { + if(msg.size() != hash->output_length()) + throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); + return emsa1_encoding(msg, output_bits); + } + +/* +* EMSA1 Decode/Verify Operation +*/ +bool EMSA1::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, size_t key_bits) + { + try { + if(raw.size() != hash->output_length()) + throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); + + secure_vector<byte> our_coding = emsa1_encoding(raw, key_bits); + + if(our_coding == coded) return true; + if(our_coding.empty() || our_coding[0] != 0) return false; + if(our_coding.size() <= coded.size()) return false; + + size_t offset = 0; + while(offset < our_coding.size() && our_coding[offset] == 0) + ++offset; + if(our_coding.size() - offset != coded.size()) + return false; + + for(size_t j = 0; j != coded.size(); ++j) + if(coded[j] != our_coding[j+offset]) + return false; + + return true; + } + catch(Invalid_Argument) + { + return false; + } + } + +} diff --git a/lib/pk_pad/emsa1/emsa1.h b/lib/pk_pad/emsa1/emsa1.h new file mode 100644 index 000000000..f84ca5ae7 --- /dev/null +++ b/lib/pk_pad/emsa1/emsa1.h @@ -0,0 +1,48 @@ +/* +* EMSA1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA1_H__ +#define BOTAN_EMSA1_H__ + +#include <botan/emsa.h> +#include <botan/hash.h> + +namespace Botan { + +/** +* EMSA1 from IEEE 1363 +* Essentially, sign the hash directly +*/ +class BOTAN_DLL EMSA1 : public EMSA + { + public: + /** + * @param h the hash object to use + */ + EMSA1(HashFunction* h) : hash(h) {} + ~EMSA1() { delete hash; } + protected: + /** + * @return const pointer to the underlying hash + */ + const HashFunction* hash_ptr() const { return hash; } + private: + void update(const byte[], size_t); + secure_vector<byte> raw_data(); + + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, + RandomNumberGenerator& rng); + + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, + size_t); + + HashFunction* hash; + }; + +} + +#endif diff --git a/lib/pk_pad/emsa1/info.txt b/lib/pk_pad/emsa1/info.txt new file mode 100644 index 000000000..83d9744e6 --- /dev/null +++ b/lib/pk_pad/emsa1/info.txt @@ -0,0 +1,5 @@ +define EMSA1 20131128 + +<requires> +hash +</requires> diff --git a/lib/pk_pad/emsa1_bsi/emsa1_bsi.cpp b/lib/pk_pad/emsa1_bsi/emsa1_bsi.cpp new file mode 100644 index 000000000..9096edfbf --- /dev/null +++ b/lib/pk_pad/emsa1_bsi/emsa1_bsi.cpp @@ -0,0 +1,29 @@ +/* +* EMSA1 BSI +* (C) 1999-2008 Jack Lloyd +* 2008 Falko Strenzke, FlexSecure GmbH +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa1_bsi.h> + +namespace Botan { + +/* +* EMSA1 BSI Encode Operation +*/ +secure_vector<byte> EMSA1_BSI::encoding_of(const secure_vector<byte>& msg, + size_t output_bits, + RandomNumberGenerator&) + { + if(msg.size() != hash_ptr()->output_length()) + throw Encoding_Error("EMSA1_BSI::encoding_of: Invalid size for input"); + + if(8*msg.size() <= output_bits) + return msg; + + throw Encoding_Error("EMSA1_BSI::encoding_of: max key input size exceeded"); + } + +} diff --git a/lib/pk_pad/emsa1_bsi/emsa1_bsi.h b/lib/pk_pad/emsa1_bsi/emsa1_bsi.h new file mode 100644 index 000000000..1b90f48df --- /dev/null +++ b/lib/pk_pad/emsa1_bsi/emsa1_bsi.h @@ -0,0 +1,35 @@ +/* +* EMSA1 BSI Variant +* (C) 1999-2008 Jack Lloyd +* 2007 FlexSecure GmbH +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA1_BSI_H__ +#define BOTAN_EMSA1_BSI_H__ + +#include <botan/emsa1.h> + +namespace Botan { + +/** +EMSA1_BSI is a variant of EMSA1 specified by the BSI. It accepts only +hash values which are less or equal than the maximum key length. The +implementation comes from InSiTo +*/ +class BOTAN_DLL EMSA1_BSI : public EMSA1 + { + public: + /** + * @param hash the hash object to use + */ + EMSA1_BSI(HashFunction* hash) : EMSA1(hash) {} + private: + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, + RandomNumberGenerator& rng); + }; + +} + +#endif diff --git a/lib/pk_pad/emsa1_bsi/info.txt b/lib/pk_pad/emsa1_bsi/info.txt new file mode 100644 index 000000000..021c99720 --- /dev/null +++ b/lib/pk_pad/emsa1_bsi/info.txt @@ -0,0 +1,5 @@ +define EMSA1_BSI 20131128 + +<requires> +emsa1 +</requires> diff --git a/lib/pk_pad/emsa2/emsa2.cpp b/lib/pk_pad/emsa2/emsa2.cpp new file mode 100644 index 000000000..02a3dbe72 --- /dev/null +++ b/lib/pk_pad/emsa2/emsa2.cpp @@ -0,0 +1,112 @@ +/* +* EMSA2 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa2.h> +#include <botan/hash_id.h> + +namespace Botan { + +namespace { + +/* +* EMSA2 Encode Operation +*/ +secure_vector<byte> emsa2_encoding(const secure_vector<byte>& msg, + size_t output_bits, + const secure_vector<byte>& empty_hash, + byte hash_id) + { + const size_t HASH_SIZE = empty_hash.size(); + + size_t output_length = (output_bits + 1) / 8; + + if(msg.size() != HASH_SIZE) + throw Encoding_Error("EMSA2::encoding_of: Bad input length"); + if(output_length < HASH_SIZE + 4) + throw Encoding_Error("EMSA2::encoding_of: Output length is too small"); + + bool empty = true; + for(size_t j = 0; j != HASH_SIZE; ++j) + if(empty_hash[j] != msg[j]) + empty = false; + + secure_vector<byte> output(output_length); + + output[0] = (empty ? 0x4B : 0x6B); + output[output_length - 3 - HASH_SIZE] = 0xBA; + set_mem(&output[1], output_length - 4 - HASH_SIZE, 0xBB); + buffer_insert(output, output_length - (HASH_SIZE + 2), &msg[0], msg.size()); + output[output_length-2] = hash_id; + output[output_length-1] = 0xCC; + + return output; + } + +} + +/* +* EMSA2 Update Operation +*/ +void EMSA2::update(const byte input[], size_t length) + { + hash->update(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +secure_vector<byte> EMSA2::raw_data() + { + return hash->final(); + } + +/* +* EMSA2 Encode Operation +*/ +secure_vector<byte> EMSA2::encoding_of(const secure_vector<byte>& msg, + size_t output_bits, + RandomNumberGenerator&) + { + return emsa2_encoding(msg, output_bits, empty_hash, hash_id); + } + +/* +* EMSA2 Verify Operation +*/ +bool EMSA2::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, + size_t key_bits) + { + try + { + return (coded == emsa2_encoding(raw, key_bits, + empty_hash, hash_id)); + } + catch(...) + { + return false; + } + } + +/* +* EMSA2 Constructor +*/ +EMSA2::EMSA2(HashFunction* hash_in) : hash(hash_in) + { + empty_hash = hash->final(); + + const std::string hash_name = hash->name(); + hash_id = ieee1363_hash_id(hash_name); + + if(hash_id == 0) + { + delete hash; + throw Encoding_Error("EMSA2 no hash identifier for " + hash_name); + } + } + +} diff --git a/lib/pk_pad/emsa2/emsa2.h b/lib/pk_pad/emsa2/emsa2.h new file mode 100644 index 000000000..fb0cecb21 --- /dev/null +++ b/lib/pk_pad/emsa2/emsa2.h @@ -0,0 +1,45 @@ +/* +* EMSA2 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA2_H__ +#define BOTAN_EMSA2_H__ + +#include <botan/emsa.h> +#include <botan/hash.h> + +namespace Botan { + +/** +* EMSA2 from IEEE 1363 +* Useful for Rabin-Williams +*/ +class BOTAN_DLL EMSA2 : public EMSA + { + public: + /** + * @param hash the hash object to use + */ + EMSA2(HashFunction* hash); + ~EMSA2() { delete hash; } + private: + void update(const byte[], size_t); + secure_vector<byte> raw_data(); + + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, + RandomNumberGenerator& rng); + + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, + size_t); + + secure_vector<byte> empty_hash; + HashFunction* hash; + byte hash_id; + }; + +} + +#endif diff --git a/lib/pk_pad/emsa2/info.txt b/lib/pk_pad/emsa2/info.txt new file mode 100644 index 000000000..0c9bd2289 --- /dev/null +++ b/lib/pk_pad/emsa2/info.txt @@ -0,0 +1,6 @@ +define EMSA2 20131128 + +<requires> +hash +hash_id +</requires> diff --git a/lib/pk_pad/emsa3/emsa3.cpp b/lib/pk_pad/emsa3/emsa3.cpp new file mode 100644 index 000000000..0d603c508 --- /dev/null +++ b/lib/pk_pad/emsa3/emsa3.cpp @@ -0,0 +1,152 @@ +/* +* EMSA3 and EMSA3_Raw +* (C) 1999-2008 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa3.h> +#include <botan/hash_id.h> + +namespace Botan { + +namespace { + +/* +* EMSA3 Encode Operation +*/ +secure_vector<byte> emsa3_encoding(const secure_vector<byte>& msg, + size_t output_bits, + const byte hash_id[], + size_t hash_id_length) + { + size_t output_length = output_bits / 8; + if(output_length < hash_id_length + msg.size() + 10) + throw Encoding_Error("emsa3_encoding: Output length is too small"); + + secure_vector<byte> T(output_length); + const size_t P_LENGTH = output_length - msg.size() - hash_id_length - 2; + + T[0] = 0x01; + set_mem(&T[1], P_LENGTH, 0xFF); + T[P_LENGTH+1] = 0x00; + buffer_insert(T, P_LENGTH+2, hash_id, hash_id_length); + buffer_insert(T, output_length-msg.size(), &msg[0], msg.size()); + return T; + } + +} + +/* +* EMSA3 Update Operation +*/ +void EMSA3::update(const byte input[], size_t length) + { + hash->update(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +secure_vector<byte> EMSA3::raw_data() + { + return hash->final(); + } + +/* +* EMSA3 Encode Operation +*/ +secure_vector<byte> EMSA3::encoding_of(const secure_vector<byte>& msg, + size_t output_bits, + RandomNumberGenerator&) + { + if(msg.size() != hash->output_length()) + throw Encoding_Error("EMSA3::encoding_of: Bad input length"); + + return emsa3_encoding(msg, output_bits, + &hash_id[0], hash_id.size()); + } + +/* +* Default signature decoding +*/ +bool EMSA3::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, + size_t key_bits) + { + if(raw.size() != hash->output_length()) + return false; + + try + { + return (coded == emsa3_encoding(raw, key_bits, + &hash_id[0], hash_id.size())); + } + catch(...) + { + return false; + } + } + +/* +* EMSA3 Constructor +*/ +EMSA3::EMSA3(HashFunction* hash_in) : hash(hash_in) + { + hash_id = pkcs_hash_id(hash->name()); + } + +/* +* EMSA3 Destructor +*/ +EMSA3::~EMSA3() + { + delete hash; + } + +/* +* EMSA3_Raw Update Operation +*/ +void EMSA3_Raw::update(const byte input[], size_t length) + { + message += std::make_pair(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +secure_vector<byte> EMSA3_Raw::raw_data() + { + secure_vector<byte> ret; + std::swap(ret, message); + return ret; + } + +/* +* EMSA3_Raw Encode Operation +*/ +secure_vector<byte> EMSA3_Raw::encoding_of(const secure_vector<byte>& msg, + size_t output_bits, + RandomNumberGenerator&) + { + return emsa3_encoding(msg, output_bits, nullptr, 0); + } + +/* +* Default signature decoding +*/ +bool EMSA3_Raw::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, + size_t key_bits) + { + try + { + return (coded == emsa3_encoding(raw, key_bits, nullptr, 0)); + } + catch(...) + { + return false; + } + } + +} diff --git a/lib/pk_pad/emsa3/emsa3.h b/lib/pk_pad/emsa3/emsa3.h new file mode 100644 index 000000000..9fbda67ee --- /dev/null +++ b/lib/pk_pad/emsa3/emsa3.h @@ -0,0 +1,68 @@ +/* +* EMSA3 and EMSA3_Raw +* (C) 1999-2008 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA3_H__ +#define BOTAN_EMSA3_H__ + +#include <botan/emsa.h> +#include <botan/hash.h> + +namespace Botan { + +/** +* EMSA3 from IEEE 1363 +* aka PKCS #1 v1.5 signature padding +* aka PKCS #1 block type 1 +*/ +class BOTAN_DLL EMSA3 : public EMSA + { + public: + /** + * @param hash the hash object to use + */ + EMSA3(HashFunction* hash); + ~EMSA3(); + + void update(const byte[], size_t); + + secure_vector<byte> raw_data(); + + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, + RandomNumberGenerator& rng); + + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, + size_t); + private: + HashFunction* hash; + std::vector<byte> hash_id; + }; + +/** +* EMSA3_Raw which is EMSA3 without a hash or digest id (which +* according to QCA docs is "identical to PKCS#11's CKM_RSA_PKCS +* mechanism", something I have not confirmed) +*/ +class BOTAN_DLL EMSA3_Raw : public EMSA + { + public: + void update(const byte[], size_t); + + secure_vector<byte> raw_data(); + + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, + RandomNumberGenerator& rng); + + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, + size_t); + + private: + secure_vector<byte> message; + }; + +} + +#endif diff --git a/lib/pk_pad/emsa3/info.txt b/lib/pk_pad/emsa3/info.txt new file mode 100644 index 000000000..aea998f13 --- /dev/null +++ b/lib/pk_pad/emsa3/info.txt @@ -0,0 +1,6 @@ +define EMSA3 20131128 + +<requires> +hash +hash_id +</requires> diff --git a/lib/pk_pad/emsa4/emsa4.cpp b/lib/pk_pad/emsa4/emsa4.cpp new file mode 100644 index 000000000..c8b8cbc6a --- /dev/null +++ b/lib/pk_pad/emsa4/emsa4.cpp @@ -0,0 +1,146 @@ +/* +* EMSA4 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa4.h> +#include <botan/mgf1.h> +#include <botan/internal/bit_ops.h> + +namespace Botan { + +/* +* EMSA4 Update Operation +*/ +void EMSA4::update(const byte input[], size_t length) + { + hash->update(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +secure_vector<byte> EMSA4::raw_data() + { + return hash->final(); + } + +/* +* EMSA4 Encode Operation +*/ +secure_vector<byte> EMSA4::encoding_of(const secure_vector<byte>& msg, + size_t output_bits, + RandomNumberGenerator& rng) + { + const size_t HASH_SIZE = hash->output_length(); + + if(msg.size() != HASH_SIZE) + throw Encoding_Error("EMSA4::encoding_of: Bad input length"); + if(output_bits < 8*HASH_SIZE + 8*SALT_SIZE + 9) + throw Encoding_Error("EMSA4::encoding_of: Output length is too small"); + + const size_t output_length = (output_bits + 7) / 8; + + secure_vector<byte> salt = rng.random_vec(SALT_SIZE); + + for(size_t j = 0; j != 8; ++j) + hash->update(0); + hash->update(msg); + hash->update(salt); + secure_vector<byte> H = hash->final(); + + secure_vector<byte> EM(output_length); + + EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01; + buffer_insert(EM, output_length - 1 - HASH_SIZE - SALT_SIZE, salt); + mgf->mask(&H[0], HASH_SIZE, &EM[0], output_length - HASH_SIZE - 1); + EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits); + buffer_insert(EM, output_length - 1 - HASH_SIZE, H); + EM[output_length-1] = 0xBC; + + return EM; + } + +/* +* EMSA4 Decode/Verify Operation +*/ +bool EMSA4::verify(const secure_vector<byte>& const_coded, + const secure_vector<byte>& raw, size_t key_bits) + { + const size_t HASH_SIZE = hash->output_length(); + const size_t KEY_BYTES = (key_bits + 7) / 8; + + if(key_bits < 8*HASH_SIZE + 9) + return false; + + if(raw.size() != HASH_SIZE) + return false; + + if(const_coded.size() > KEY_BYTES || const_coded.size() <= 1) + return false; + + if(const_coded[const_coded.size()-1] != 0xBC) + return false; + + secure_vector<byte> coded = const_coded; + if(coded.size() < KEY_BYTES) + { + secure_vector<byte> temp(KEY_BYTES); + buffer_insert(temp, KEY_BYTES - coded.size(), coded); + coded = temp; + } + + const size_t TOP_BITS = 8 * ((key_bits + 7) / 8) - key_bits; + if(TOP_BITS > 8 - high_bit(coded[0])) + return false; + + byte* DB = &coded[0]; + const size_t DB_size = coded.size() - HASH_SIZE - 1; + + const byte* H = &coded[DB_size]; + const size_t H_size = HASH_SIZE; + + mgf->mask(&H[0], H_size, &DB[0], DB_size); + DB[0] &= 0xFF >> TOP_BITS; + + size_t salt_offset = 0; + for(size_t j = 0; j != DB_size; ++j) + { + if(DB[j] == 0x01) + { salt_offset = j + 1; break; } + if(DB[j]) + return false; + } + if(salt_offset == 0) + return false; + + for(size_t j = 0; j != 8; ++j) + hash->update(0); + hash->update(raw); + hash->update(&DB[salt_offset], DB_size - salt_offset); + secure_vector<byte> H2 = hash->final(); + + return same_mem(&H[0], &H2[0], HASH_SIZE); + } + +/* +* EMSA4 Constructor +*/ +EMSA4::EMSA4(HashFunction* h) : + SALT_SIZE(h->output_length()), hash(h) + { + mgf = new MGF1(hash->clone()); + } + +/* +* EMSA4 Constructor +*/ +EMSA4::EMSA4(HashFunction* h, size_t salt_size) : + SALT_SIZE(salt_size), hash(h) + { + mgf = new MGF1(hash->clone()); + } + +} diff --git a/lib/pk_pad/emsa4/emsa4.h b/lib/pk_pad/emsa4/emsa4.h new file mode 100644 index 000000000..44bf5a429 --- /dev/null +++ b/lib/pk_pad/emsa4/emsa4.h @@ -0,0 +1,51 @@ +/* +* EMSA4 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA4_H__ +#define BOTAN_EMSA4_H__ + +#include <botan/emsa.h> +#include <botan/hash.h> +#include <botan/kdf.h> + +namespace Botan { + +/** +* EMSA4 aka PSS-R +*/ +class BOTAN_DLL EMSA4 : public EMSA + { + public: + /** + * @param hash the hash object to use + */ + EMSA4(HashFunction* hash); + + /** + * @param hash the hash object to use + * @param salt_size the size of the salt to use in bytes + */ + EMSA4(HashFunction* hash, size_t salt_size); + + ~EMSA4() { delete hash; delete mgf; } + private: + void update(const byte[], size_t); + secure_vector<byte> raw_data(); + + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, + RandomNumberGenerator& rng); + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, + size_t); + + size_t SALT_SIZE; + HashFunction* hash; + const MGF* mgf; + }; + +} + +#endif diff --git a/lib/pk_pad/emsa4/info.txt b/lib/pk_pad/emsa4/info.txt new file mode 100644 index 000000000..b7ea466ce --- /dev/null +++ b/lib/pk_pad/emsa4/info.txt @@ -0,0 +1,7 @@ +define EMSA4 20131128 + +<requires> +hash +kdf +mgf1 +</requires> diff --git a/lib/pk_pad/emsa_raw/emsa_raw.cpp b/lib/pk_pad/emsa_raw/emsa_raw.cpp new file mode 100644 index 000000000..cb0f99e9c --- /dev/null +++ b/lib/pk_pad/emsa_raw/emsa_raw.cpp @@ -0,0 +1,68 @@ +/* +* EMSA-Raw +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa_raw.h> + +namespace Botan { + +/* +* EMSA-Raw Encode Operation +*/ +void EMSA_Raw::update(const byte input[], size_t length) + { + message += std::make_pair(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +secure_vector<byte> EMSA_Raw::raw_data() + { + secure_vector<byte> output; + std::swap(message, output); + return output; + } + +/* +* EMSA-Raw Encode Operation +*/ +secure_vector<byte> EMSA_Raw::encoding_of(const secure_vector<byte>& msg, + size_t, + RandomNumberGenerator&) + { + return msg; + } + +/* +* EMSA-Raw Verify Operation +*/ +bool EMSA_Raw::verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, + size_t) + { + if(coded.size() == raw.size()) + return (coded == raw); + + if(coded.size() > raw.size()) + return false; + + // handle zero padding differences + const size_t leading_zeros_expected = raw.size() - coded.size(); + + bool same_modulo_leading_zeros = true; + + for(size_t i = 0; i != leading_zeros_expected; ++i) + if(raw[i]) + same_modulo_leading_zeros = false; + + if(!same_mem(&coded[0], &raw[leading_zeros_expected], coded.size())) + same_modulo_leading_zeros = false; + + return same_modulo_leading_zeros; + } + +} diff --git a/lib/pk_pad/emsa_raw/emsa_raw.h b/lib/pk_pad/emsa_raw/emsa_raw.h new file mode 100644 index 000000000..8ab763575 --- /dev/null +++ b/lib/pk_pad/emsa_raw/emsa_raw.h @@ -0,0 +1,35 @@ +/* +* EMSA-Raw +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA_RAW_H__ +#define BOTAN_EMSA_RAW_H__ + +#include <botan/emsa.h> + +namespace Botan { + +/** +* EMSA-Raw - sign inputs directly +* Don't use this unless you know what you are doing. +*/ +class BOTAN_DLL EMSA_Raw : public EMSA + { + private: + void update(const byte[], size_t); + secure_vector<byte> raw_data(); + + secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, + RandomNumberGenerator&); + bool verify(const secure_vector<byte>&, const secure_vector<byte>&, + size_t); + + secure_vector<byte> message; + }; + +} + +#endif diff --git a/lib/pk_pad/emsa_raw/info.txt b/lib/pk_pad/emsa_raw/info.txt new file mode 100644 index 000000000..f01d1bfa2 --- /dev/null +++ b/lib/pk_pad/emsa_raw/info.txt @@ -0,0 +1 @@ +define EMSA_RAW 20131128 diff --git a/lib/pk_pad/get_pk_pad.cpp b/lib/pk_pad/get_pk_pad.cpp new file mode 100644 index 000000000..8c27b1fa1 --- /dev/null +++ b/lib/pk_pad/get_pk_pad.cpp @@ -0,0 +1,139 @@ +/* +* EMSA/EME Retrieval +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa.h> +#include <botan/eme.h> +#include <botan/libstate.h> +#include <botan/scan_name.h> + +#if defined(BOTAN_HAS_EMSA1) + #include <botan/emsa1.h> +#endif + +#if defined(BOTAN_HAS_EMSA1_BSI) + #include <botan/emsa1_bsi.h> +#endif + +#if defined(BOTAN_HAS_EMSA2) + #include <botan/emsa2.h> +#endif + +#if defined(BOTAN_HAS_EMSA3) + #include <botan/emsa3.h> +#endif + +#if defined(BOTAN_HAS_EMSA4) + #include <botan/emsa4.h> +#endif + +#if defined(BOTAN_HAS_EMSA_RAW) + #include <botan/emsa_raw.h> +#endif + +#if defined(BOTAN_HAS_EME1) + #include <botan/eme1.h> +#endif + +#if defined(BOTAN_HAS_EME_PKCS1v15) + #include <botan/eme_pkcs.h> +#endif + +namespace Botan { + +/* +* Get an EMSA by name +*/ +EMSA* get_emsa(const std::string& algo_spec) + { + SCAN_Name request(algo_spec); + + Algorithm_Factory& af = global_state().algorithm_factory(); + +#if defined(BOTAN_HAS_EMSA_RAW) + if(request.algo_name() == "Raw" && request.arg_count() == 0) + return new EMSA_Raw; +#endif + +#if defined(BOTAN_HAS_EMSA1) + if(request.algo_name() == "EMSA1" && request.arg_count() == 1) + { + if(request.arg(0) == "Raw") + return new EMSA_Raw; + return new EMSA1(af.make_hash_function(request.arg(0))); + } +#endif + +#if defined(BOTAN_HAS_EMSA1_BSI) + if(request.algo_name() == "EMSA1_BSI" && request.arg_count() == 1) + return new EMSA1_BSI(af.make_hash_function(request.arg(0))); +#endif + +#if defined(BOTAN_HAS_EMSA2) + if(request.algo_name() == "EMSA2" && request.arg_count() == 1) + return new EMSA2(af.make_hash_function(request.arg(0))); +#endif + +#if defined(BOTAN_HAS_EMSA3) + if(request.algo_name() == "EMSA3" && request.arg_count() == 1) + { + if(request.arg(0) == "Raw") + return new EMSA3_Raw; + return new EMSA3(af.make_hash_function(request.arg(0))); + } +#endif + +#if defined(BOTAN_HAS_EMSA4) + if(request.algo_name() == "EMSA4" && request.arg_count_between(1, 3)) + { + // 3 args: Hash, MGF, salt size (MGF is hardcoded MGF1 in Botan) + if(request.arg_count() == 1) + return new EMSA4(af.make_hash_function(request.arg(0))); + + if(request.arg_count() == 2 && request.arg(1) != "MGF1") + return new EMSA4(af.make_hash_function(request.arg(0))); + + if(request.arg_count() == 3) + return new EMSA4(af.make_hash_function(request.arg(0)), + request.arg_as_integer(2, 0)); + } +#endif + + throw Algorithm_Not_Found(algo_spec); + } + +/* +* Get an EME by name +*/ +EME* get_eme(const std::string& algo_spec) + { + SCAN_Name request(algo_spec); + + Algorithm_Factory& af = global_state().algorithm_factory(); + + if(request.algo_name() == "Raw") + return nullptr; // No padding + +#if defined(BOTAN_HAS_EME_PKCS1v15) + if(request.algo_name() == "PKCS1v15" && request.arg_count() == 0) + return new EME_PKCS1v15; +#endif + +#if defined(BOTAN_HAS_EME1) + if(request.algo_name() == "EME1" && request.arg_count_between(1, 2)) + { + if(request.arg_count() == 1 || + (request.arg_count() == 2 && request.arg(1) == "MGF1")) + { + return new EME1(af.make_hash_function(request.arg(0))); + } + } +#endif + + throw Algorithm_Not_Found(algo_spec); + } + +} diff --git a/lib/pk_pad/hash_id/hash_id.cpp b/lib/pk_pad/hash_id/hash_id.cpp new file mode 100644 index 000000000..a60e53352 --- /dev/null +++ b/lib/pk_pad/hash_id/hash_id.cpp @@ -0,0 +1,129 @@ +/* +* Hash Function Identification +* (C) 1999-2008 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/hash_id.h> +#include <botan/exceptn.h> + +namespace Botan { + +namespace { + +const byte MD2_PKCS_ID[] = { +0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, +0xF7, 0x0D, 0x02, 0x02, 0x05, 0x00, 0x04, 0x10 }; + +const byte MD5_PKCS_ID[] = { +0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, +0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 }; + +const byte RIPEMD_128_PKCS_ID[] = { +0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, +0x02, 0x05, 0x00, 0x04, 0x14 }; + +const byte RIPEMD_160_PKCS_ID[] = { +0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, +0x01, 0x05, 0x00, 0x04, 0x14 }; + +const byte SHA_160_PKCS_ID[] = { +0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, +0x1A, 0x05, 0x00, 0x04, 0x14 }; + +const byte SHA_224_PKCS_ID[] = { +0x30, 0x2D, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, +0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C }; + +const byte SHA_256_PKCS_ID[] = { +0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, +0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; + +const byte SHA_384_PKCS_ID[] = { +0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, +0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 }; + +const byte SHA_512_PKCS_ID[] = { +0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, +0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 }; + +const byte TIGER_PKCS_ID[] = { +0x30, 0x29, 0x30, 0x0D, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, +0x01, 0xDA, 0x47, 0x0C, 0x02, 0x05, 0x00, 0x04, 0x18 }; + +} + +/* +* HashID as specified by PKCS +*/ +std::vector<byte> pkcs_hash_id(const std::string& name) + { + // Special case for SSL/TLS RSA signatures + if(name == "Parallel(MD5,SHA-160)") + return std::vector<byte>(); + + if(name == "MD2") + return std::vector<byte>(MD2_PKCS_ID, + MD2_PKCS_ID + sizeof(MD2_PKCS_ID)); + + if(name == "MD5") + return std::vector<byte>(MD5_PKCS_ID, + MD5_PKCS_ID + sizeof(MD5_PKCS_ID)); + + if(name == "RIPEMD-128") + return std::vector<byte>(RIPEMD_128_PKCS_ID, + RIPEMD_128_PKCS_ID + sizeof(RIPEMD_128_PKCS_ID)); + + if(name == "RIPEMD-160") + return std::vector<byte>(RIPEMD_160_PKCS_ID, + RIPEMD_160_PKCS_ID + sizeof(RIPEMD_160_PKCS_ID)); + + if(name == "SHA-160") + return std::vector<byte>(SHA_160_PKCS_ID, + SHA_160_PKCS_ID + sizeof(SHA_160_PKCS_ID)); + + if(name == "SHA-224") + return std::vector<byte>(SHA_224_PKCS_ID, + SHA_224_PKCS_ID + sizeof(SHA_224_PKCS_ID)); + + if(name == "SHA-256") + return std::vector<byte>(SHA_256_PKCS_ID, + SHA_256_PKCS_ID + sizeof(SHA_256_PKCS_ID)); + + if(name == "SHA-384") + return std::vector<byte>(SHA_384_PKCS_ID, + SHA_384_PKCS_ID + sizeof(SHA_384_PKCS_ID)); + + if(name == "SHA-512") + return std::vector<byte>(SHA_512_PKCS_ID, + SHA_512_PKCS_ID + sizeof(SHA_512_PKCS_ID)); + + if(name == "Tiger(24,3)") + return std::vector<byte>(TIGER_PKCS_ID, + TIGER_PKCS_ID + sizeof(TIGER_PKCS_ID)); + + throw Invalid_Argument("No PKCS #1 identifier for " + name); + } + +/* +* HashID as specified by IEEE 1363/X9.31 +*/ +byte ieee1363_hash_id(const std::string& name) + { + if(name == "SHA-160") return 0x33; + + if(name == "SHA-224") return 0x38; + if(name == "SHA-256") return 0x34; + if(name == "SHA-384") return 0x36; + if(name == "SHA-512") return 0x35; + + if(name == "RIPEMD-160") return 0x31; + if(name == "RIPEMD-128") return 0x32; + + if(name == "Whirlpool") return 0x37; + + return 0; + } + +} diff --git a/lib/pk_pad/hash_id/hash_id.h b/lib/pk_pad/hash_id/hash_id.h new file mode 100644 index 000000000..070e7ddb9 --- /dev/null +++ b/lib/pk_pad/hash_id/hash_id.h @@ -0,0 +1,34 @@ +/* +* Hash Function Identification +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_HASHID_H__ +#define BOTAN_HASHID_H__ + +#include <botan/secmem.h> +#include <string> + +namespace Botan { + +/** +* Return the PKCS #1 hash identifier +* @see RFC 3447 section 9.2 +* @param hash_name the name of the hash function +* @return byte sequence identifying the hash +* @throw Invalid_Argument if the hash has no known PKCS #1 hash id +*/ +BOTAN_DLL std::vector<byte> pkcs_hash_id(const std::string& hash_name); + +/** +* Return the IEEE 1363 hash identifier +* @param hash_name the name of the hash function +* @return byte code identifying the hash, or 0 if not known +*/ +BOTAN_DLL byte ieee1363_hash_id(const std::string& hash_name); + +} + +#endif diff --git a/lib/pk_pad/hash_id/info.txt b/lib/pk_pad/hash_id/info.txt new file mode 100644 index 000000000..e6df99b6f --- /dev/null +++ b/lib/pk_pad/hash_id/info.txt @@ -0,0 +1,5 @@ +define HASH_ID 20131128 + +<requires> +alloc +</requires> diff --git a/lib/pk_pad/info.txt b/lib/pk_pad/info.txt new file mode 100644 index 000000000..5c6a9e4a7 --- /dev/null +++ b/lib/pk_pad/info.txt @@ -0,0 +1,8 @@ +define PK_PADDING 20131128 + +load_on auto + +<requires> +alloc +rng +</requires> |