diff options
author | Jack Lloyd <lloyd@randombit.net> | 2016-02-28 02:43:57 -0500 |
---|---|---|
committer | Jack Lloyd <lloyd@randombit.net> | 2016-03-20 09:38:17 -0400 |
commit | ada363473a9491a3b07e3bb6fa2b5fd9f12aec98 (patch) | |
tree | 0dc7eefb24c3d9983e45dd6e2e7f0876179c8c11 /src/lib/pk_pad | |
parent | f70a9de37d22282d8cca465632efd0044ab9008c (diff) |
Add PK_Decryptor::decrypt_or_random
Performs content checks on the value (expected length, expected bytes)
and in constant time returns either the decrypted value or a random value.
Diffstat (limited to 'src/lib/pk_pad')
-rw-r--r-- | src/lib/pk_pad/eme.cpp | 25 | ||||
-rw-r--r-- | src/lib/pk_pad/eme.h | 55 | ||||
-rw-r--r-- | src/lib/pk_pad/eme_oaep/oaep.cpp | 13 | ||||
-rw-r--r-- | src/lib/pk_pad/eme_oaep/oaep.h | 12 | ||||
-rw-r--r-- | src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp | 15 | ||||
-rw-r--r-- | src/lib/pk_pad/eme_pkcs1/eme_pkcs.h | 6 | ||||
-rw-r--r-- | src/lib/pk_pad/eme_raw/eme_raw.cpp | 4 | ||||
-rw-r--r-- | src/lib/pk_pad/eme_raw/eme_raw.h | 5 |
8 files changed, 59 insertions, 76 deletions
diff --git a/src/lib/pk_pad/eme.cpp b/src/lib/pk_pad/eme.cpp index 623c3777e..b36ed6e67 100644 --- a/src/lib/pk_pad/eme.cpp +++ b/src/lib/pk_pad/eme.cpp @@ -57,8 +57,8 @@ EME* get_eme(const std::string& algo_spec) * Encode a message */ secure_vector<byte> EME::encode(const byte msg[], size_t msg_len, - size_t key_bits, - RandomNumberGenerator& rng) const + size_t key_bits, + RandomNumberGenerator& rng) const { return pad(msg, msg_len, key_bits, rng); } @@ -67,28 +67,11 @@ secure_vector<byte> EME::encode(const byte msg[], size_t msg_len, * Encode a message */ secure_vector<byte> EME::encode(const secure_vector<byte>& msg, - size_t key_bits, - RandomNumberGenerator& rng) const + size_t key_bits, + RandomNumberGenerator& rng) const { return pad(msg.data(), msg.size(), key_bits, rng); } -/* -* Decode a message -*/ -secure_vector<byte> EME::decode(const byte msg[], size_t msg_len, - size_t key_bits) const - { - return unpad(msg, msg_len, key_bits); - } - -/* -* Decode a message -*/ -secure_vector<byte> EME::decode(const secure_vector<byte>& msg, - size_t key_bits) const - { - return unpad(msg.data(), msg.size(), key_bits); - } } diff --git a/src/lib/pk_pad/eme.h b/src/lib/pk_pad/eme.h index 7318ec480..f4c85da70 100644 --- a/src/lib/pk_pad/eme.h +++ b/src/lib/pk_pad/eme.h @@ -22,6 +22,8 @@ class BOTAN_DLL EME public: typedef SCAN_Name Spec; + virtual ~EME() = default; + /** * Return the maximum input size in bytes we can support * @param keybits the size of the key in bits @@ -38,9 +40,9 @@ class BOTAN_DLL EME * @return encoded plaintext */ secure_vector<byte> encode(const byte in[], - size_t in_length, - size_t key_length, - RandomNumberGenerator& rng) const; + size_t in_length, + size_t key_length, + RandomNumberGenerator& rng) const; /** * Encode an input @@ -50,31 +52,21 @@ class BOTAN_DLL EME * @return encoded plaintext */ secure_vector<byte> encode(const secure_vector<byte>& in, - size_t key_length, - RandomNumberGenerator& rng) const; + size_t key_length, + RandomNumberGenerator& rng) const; /** * Decode an input + * @param valid_mask written to specifies if output is valid * @param in the encoded plaintext - * @param in_length length of encoded plaintext in bytes - * @param key_length length of the key in bits - * @return plaintext + * @param in_len length of encoded plaintext in bytes + * @return bytes of out[] written to along with + * validity mask (0xFF if valid, else 0x00) */ - secure_vector<byte> decode(const byte in[], - size_t in_length, - size_t key_length) const; - - /** - * Decode an input - * @param in the encoded plaintext - * @param key_length length of the key in bits - * @return plaintext - */ - secure_vector<byte> decode(const secure_vector<byte>& in, - size_t key_length) const; - - virtual ~EME() {} - private: + virtual secure_vector<byte> unpad(byte& valid_mask, + const byte in[], + size_t in_len, + size_t key_length) const = 0; /** * Encode an input * @param in the plaintext @@ -84,20 +76,9 @@ class BOTAN_DLL EME * @return encoded plaintext */ virtual secure_vector<byte> pad(const byte in[], - size_t in_length, - size_t key_length, - RandomNumberGenerator& rng) const = 0; - - /** - * Decode an input - * @param in the encoded plaintext - * @param in_length length of encoded plaintext in bytes - * @param key_length length of the key in bits - * @return plaintext - */ - virtual secure_vector<byte> unpad(const byte in[], - size_t in_length, - size_t key_length) const = 0; + size_t in_length, + size_t key_length, + RandomNumberGenerator& rng) const = 0; }; /** diff --git a/src/lib/pk_pad/eme_oaep/oaep.cpp b/src/lib/pk_pad/eme_oaep/oaep.cpp index 370a9fe45..894368e2d 100644 --- a/src/lib/pk_pad/eme_oaep/oaep.cpp +++ b/src/lib/pk_pad/eme_oaep/oaep.cpp @@ -60,7 +60,8 @@ secure_vector<byte> OAEP::pad(const byte in[], size_t in_length, /* * OAEP Unpad Operation */ -secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length, +secure_vector<byte> OAEP::unpad(byte& valid_mask, + const byte in[], size_t in_length, size_t key_length) const { /* @@ -116,16 +117,18 @@ secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length, // If we never saw any non-zero byte, then it's not valid input bad_input |= waiting_for_delim; - bad_input |= CT::expand_mask<byte>(!same_mem(&input[hlen], m_Phash.data(), hlen)); + bad_input |= CT::is_equal<byte>(same_mem(&input[hlen], m_Phash.data(), hlen), false); CT::unpoison(input.data(), input.size()); CT::unpoison(&bad_input, 1); CT::unpoison(&delim_idx, 1); - if(bad_input) - throw Decoding_Error("Invalid OAEP encoding"); + valid_mask = ~bad_input; - return secure_vector<byte>(input.begin() + delim_idx + 1, input.end()); + secure_vector<byte> output(input.begin() + delim_idx + 1, input.end()); + CT::cond_zero_mem(bad_input, output.data(), output.size()); + + return output; } /* diff --git a/src/lib/pk_pad/eme_oaep/oaep.h b/src/lib/pk_pad/eme_oaep/oaep.h index 22d009f5f..dce706613 100644 --- a/src/lib/pk_pad/eme_oaep/oaep.h +++ b/src/lib/pk_pad/eme_oaep/oaep.h @@ -29,9 +29,15 @@ class BOTAN_DLL OAEP final : public EME */ OAEP(HashFunction* hash, const std::string& P = ""); private: - secure_vector<byte> pad(const byte[], size_t, size_t, - RandomNumberGenerator&) const override; - secure_vector<byte> unpad(const byte[], size_t, size_t) const override; + secure_vector<byte> pad(const byte in[], + size_t in_length, + size_t key_length, + RandomNumberGenerator& rng) const override; + + secure_vector<byte> unpad(byte& valid_mask, + const byte in[], + size_t in_len, + size_t key_length) const override; secure_vector<byte> m_Phash; std::unique_ptr<HashFunction> m_hash; diff --git a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp index 5ff288db2..4780fe43b 100644 --- a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp +++ b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp @@ -37,7 +37,8 @@ secure_vector<byte> EME_PKCS1v15::pad(const byte in[], size_t inlen, /* * PKCS1 Unpad Operation */ -secure_vector<byte> EME_PKCS1v15::unpad(const byte in[], size_t inlen, +secure_vector<byte> EME_PKCS1v15::unpad(byte& valid_mask, + const byte in[], size_t inlen, size_t key_len) const { if(inlen != key_len / 8 || inlen < 10) @@ -64,13 +65,13 @@ secure_vector<byte> EME_PKCS1v15::unpad(const byte in[], size_t inlen, bad_input_m |= ~seen_zero_m; CT::unpoison(in, inlen); - CT::unpoison(&bad_input_m, 1); - CT::unpoison(&delim_idx, 1); + CT::unpoison(bad_input_m); + CT::unpoison(delim_idx); - if(bad_input_m) - throw Decoding_Error("Invalid PKCS #1 v1.5 encryption padding"); - - return secure_vector<byte>(&in[delim_idx + 1], &in[inlen]); + secure_vector<byte> output(&in[delim_idx + 1], &in[inlen]); + CT::cond_zero_mem(bad_input_m, output.data(), output.size()); + valid_mask = ~bad_input_m; + return output; } /* diff --git a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h index 148ab7e20..d5f8879d6 100644 --- a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h +++ b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h @@ -22,7 +22,11 @@ class BOTAN_DLL EME_PKCS1v15 final : public EME private: secure_vector<byte> pad(const byte[], size_t, size_t, RandomNumberGenerator&) const override; - secure_vector<byte> unpad(const byte[], size_t, size_t) const override; + + secure_vector<byte> unpad(byte& valid_mask, + const byte in[], + size_t in_len, + size_t key_length) const override; }; } diff --git a/src/lib/pk_pad/eme_raw/eme_raw.cpp b/src/lib/pk_pad/eme_raw/eme_raw.cpp index 78b670b65..5c5dd6e40 100644 --- a/src/lib/pk_pad/eme_raw/eme_raw.cpp +++ b/src/lib/pk_pad/eme_raw/eme_raw.cpp @@ -18,9 +18,11 @@ secure_vector<byte> EME_Raw::pad(const byte in[], size_t in_length, return secure_vector<byte>(in, in + in_length); } -secure_vector<byte> EME_Raw::unpad(const byte in[], size_t in_length, +secure_vector<byte> EME_Raw::unpad(byte& valid_mask, + const byte in[], size_t in_length, size_t) const { + valid_mask = 0xFF; return secure_vector<byte>(in, in + in_length); } diff --git a/src/lib/pk_pad/eme_raw/eme_raw.h b/src/lib/pk_pad/eme_raw/eme_raw.h index ae57587a3..60d23323c 100644 --- a/src/lib/pk_pad/eme_raw/eme_raw.h +++ b/src/lib/pk_pad/eme_raw/eme_raw.h @@ -21,7 +21,10 @@ class BOTAN_DLL EME_Raw final : public EME secure_vector<byte> pad(const byte[], size_t, size_t, RandomNumberGenerator&) const override; - secure_vector<byte> unpad(const byte[], size_t, size_t) const override; + secure_vector<byte> unpad(byte& valid_mask, + const byte in[], + size_t in_len, + size_t key_length) const override; }; } |