aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pk_pad
diff options
context:
space:
mode:
authorJack Lloyd <lloyd@randombit.net>2016-02-28 02:43:57 -0500
committerJack Lloyd <lloyd@randombit.net>2016-03-20 09:38:17 -0400
commitada363473a9491a3b07e3bb6fa2b5fd9f12aec98 (patch)
tree0dc7eefb24c3d9983e45dd6e2e7f0876179c8c11 /src/lib/pk_pad
parentf70a9de37d22282d8cca465632efd0044ab9008c (diff)
Add PK_Decryptor::decrypt_or_random
Performs content checks on the value (expected length, expected bytes) and in constant time returns either the decrypted value or a random value.
Diffstat (limited to 'src/lib/pk_pad')
-rw-r--r--src/lib/pk_pad/eme.cpp25
-rw-r--r--src/lib/pk_pad/eme.h55
-rw-r--r--src/lib/pk_pad/eme_oaep/oaep.cpp13
-rw-r--r--src/lib/pk_pad/eme_oaep/oaep.h12
-rw-r--r--src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp15
-rw-r--r--src/lib/pk_pad/eme_pkcs1/eme_pkcs.h6
-rw-r--r--src/lib/pk_pad/eme_raw/eme_raw.cpp4
-rw-r--r--src/lib/pk_pad/eme_raw/eme_raw.h5
8 files changed, 59 insertions, 76 deletions
diff --git a/src/lib/pk_pad/eme.cpp b/src/lib/pk_pad/eme.cpp
index 623c3777e..b36ed6e67 100644
--- a/src/lib/pk_pad/eme.cpp
+++ b/src/lib/pk_pad/eme.cpp
@@ -57,8 +57,8 @@ EME* get_eme(const std::string& algo_spec)
* Encode a message
*/
secure_vector<byte> EME::encode(const byte msg[], size_t msg_len,
- size_t key_bits,
- RandomNumberGenerator& rng) const
+ size_t key_bits,
+ RandomNumberGenerator& rng) const
{
return pad(msg, msg_len, key_bits, rng);
}
@@ -67,28 +67,11 @@ secure_vector<byte> EME::encode(const byte msg[], size_t msg_len,
* Encode a message
*/
secure_vector<byte> EME::encode(const secure_vector<byte>& msg,
- size_t key_bits,
- RandomNumberGenerator& rng) const
+ size_t key_bits,
+ RandomNumberGenerator& rng) const
{
return pad(msg.data(), msg.size(), key_bits, rng);
}
-/*
-* Decode a message
-*/
-secure_vector<byte> EME::decode(const byte msg[], size_t msg_len,
- size_t key_bits) const
- {
- return unpad(msg, msg_len, key_bits);
- }
-
-/*
-* Decode a message
-*/
-secure_vector<byte> EME::decode(const secure_vector<byte>& msg,
- size_t key_bits) const
- {
- return unpad(msg.data(), msg.size(), key_bits);
- }
}
diff --git a/src/lib/pk_pad/eme.h b/src/lib/pk_pad/eme.h
index 7318ec480..f4c85da70 100644
--- a/src/lib/pk_pad/eme.h
+++ b/src/lib/pk_pad/eme.h
@@ -22,6 +22,8 @@ class BOTAN_DLL EME
public:
typedef SCAN_Name Spec;
+ virtual ~EME() = default;
+
/**
* Return the maximum input size in bytes we can support
* @param keybits the size of the key in bits
@@ -38,9 +40,9 @@ class BOTAN_DLL EME
* @return encoded plaintext
*/
secure_vector<byte> encode(const byte in[],
- size_t in_length,
- size_t key_length,
- RandomNumberGenerator& rng) const;
+ size_t in_length,
+ size_t key_length,
+ RandomNumberGenerator& rng) const;
/**
* Encode an input
@@ -50,31 +52,21 @@ class BOTAN_DLL EME
* @return encoded plaintext
*/
secure_vector<byte> encode(const secure_vector<byte>& in,
- size_t key_length,
- RandomNumberGenerator& rng) const;
+ size_t key_length,
+ RandomNumberGenerator& rng) const;
/**
* Decode an input
+ * @param valid_mask written to specifies if output is valid
* @param in the encoded plaintext
- * @param in_length length of encoded plaintext in bytes
- * @param key_length length of the key in bits
- * @return plaintext
+ * @param in_len length of encoded plaintext in bytes
+ * @return bytes of out[] written to along with
+ * validity mask (0xFF if valid, else 0x00)
*/
- secure_vector<byte> decode(const byte in[],
- size_t in_length,
- size_t key_length) const;
-
- /**
- * Decode an input
- * @param in the encoded plaintext
- * @param key_length length of the key in bits
- * @return plaintext
- */
- secure_vector<byte> decode(const secure_vector<byte>& in,
- size_t key_length) const;
-
- virtual ~EME() {}
- private:
+ virtual secure_vector<byte> unpad(byte& valid_mask,
+ const byte in[],
+ size_t in_len,
+ size_t key_length) const = 0;
/**
* Encode an input
* @param in the plaintext
@@ -84,20 +76,9 @@ class BOTAN_DLL EME
* @return encoded plaintext
*/
virtual secure_vector<byte> pad(const byte in[],
- size_t in_length,
- size_t key_length,
- RandomNumberGenerator& rng) const = 0;
-
- /**
- * Decode an input
- * @param in the encoded plaintext
- * @param in_length length of encoded plaintext in bytes
- * @param key_length length of the key in bits
- * @return plaintext
- */
- virtual secure_vector<byte> unpad(const byte in[],
- size_t in_length,
- size_t key_length) const = 0;
+ size_t in_length,
+ size_t key_length,
+ RandomNumberGenerator& rng) const = 0;
};
/**
diff --git a/src/lib/pk_pad/eme_oaep/oaep.cpp b/src/lib/pk_pad/eme_oaep/oaep.cpp
index 370a9fe45..894368e2d 100644
--- a/src/lib/pk_pad/eme_oaep/oaep.cpp
+++ b/src/lib/pk_pad/eme_oaep/oaep.cpp
@@ -60,7 +60,8 @@ secure_vector<byte> OAEP::pad(const byte in[], size_t in_length,
/*
* OAEP Unpad Operation
*/
-secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length,
+secure_vector<byte> OAEP::unpad(byte& valid_mask,
+ const byte in[], size_t in_length,
size_t key_length) const
{
/*
@@ -116,16 +117,18 @@ secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length,
// If we never saw any non-zero byte, then it's not valid input
bad_input |= waiting_for_delim;
- bad_input |= CT::expand_mask<byte>(!same_mem(&input[hlen], m_Phash.data(), hlen));
+ bad_input |= CT::is_equal<byte>(same_mem(&input[hlen], m_Phash.data(), hlen), false);
CT::unpoison(input.data(), input.size());
CT::unpoison(&bad_input, 1);
CT::unpoison(&delim_idx, 1);
- if(bad_input)
- throw Decoding_Error("Invalid OAEP encoding");
+ valid_mask = ~bad_input;
- return secure_vector<byte>(input.begin() + delim_idx + 1, input.end());
+ secure_vector<byte> output(input.begin() + delim_idx + 1, input.end());
+ CT::cond_zero_mem(bad_input, output.data(), output.size());
+
+ return output;
}
/*
diff --git a/src/lib/pk_pad/eme_oaep/oaep.h b/src/lib/pk_pad/eme_oaep/oaep.h
index 22d009f5f..dce706613 100644
--- a/src/lib/pk_pad/eme_oaep/oaep.h
+++ b/src/lib/pk_pad/eme_oaep/oaep.h
@@ -29,9 +29,15 @@ class BOTAN_DLL OAEP final : public EME
*/
OAEP(HashFunction* hash, const std::string& P = "");
private:
- secure_vector<byte> pad(const byte[], size_t, size_t,
- RandomNumberGenerator&) const override;
- secure_vector<byte> unpad(const byte[], size_t, size_t) const override;
+ secure_vector<byte> pad(const byte in[],
+ size_t in_length,
+ size_t key_length,
+ RandomNumberGenerator& rng) const override;
+
+ secure_vector<byte> unpad(byte& valid_mask,
+ const byte in[],
+ size_t in_len,
+ size_t key_length) const override;
secure_vector<byte> m_Phash;
std::unique_ptr<HashFunction> m_hash;
diff --git a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp
index 5ff288db2..4780fe43b 100644
--- a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp
+++ b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.cpp
@@ -37,7 +37,8 @@ secure_vector<byte> EME_PKCS1v15::pad(const byte in[], size_t inlen,
/*
* PKCS1 Unpad Operation
*/
-secure_vector<byte> EME_PKCS1v15::unpad(const byte in[], size_t inlen,
+secure_vector<byte> EME_PKCS1v15::unpad(byte& valid_mask,
+ const byte in[], size_t inlen,
size_t key_len) const
{
if(inlen != key_len / 8 || inlen < 10)
@@ -64,13 +65,13 @@ secure_vector<byte> EME_PKCS1v15::unpad(const byte in[], size_t inlen,
bad_input_m |= ~seen_zero_m;
CT::unpoison(in, inlen);
- CT::unpoison(&bad_input_m, 1);
- CT::unpoison(&delim_idx, 1);
+ CT::unpoison(bad_input_m);
+ CT::unpoison(delim_idx);
- if(bad_input_m)
- throw Decoding_Error("Invalid PKCS #1 v1.5 encryption padding");
-
- return secure_vector<byte>(&in[delim_idx + 1], &in[inlen]);
+ secure_vector<byte> output(&in[delim_idx + 1], &in[inlen]);
+ CT::cond_zero_mem(bad_input_m, output.data(), output.size());
+ valid_mask = ~bad_input_m;
+ return output;
}
/*
diff --git a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h
index 148ab7e20..d5f8879d6 100644
--- a/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h
+++ b/src/lib/pk_pad/eme_pkcs1/eme_pkcs.h
@@ -22,7 +22,11 @@ class BOTAN_DLL EME_PKCS1v15 final : public EME
private:
secure_vector<byte> pad(const byte[], size_t, size_t,
RandomNumberGenerator&) const override;
- secure_vector<byte> unpad(const byte[], size_t, size_t) const override;
+
+ secure_vector<byte> unpad(byte& valid_mask,
+ const byte in[],
+ size_t in_len,
+ size_t key_length) const override;
};
}
diff --git a/src/lib/pk_pad/eme_raw/eme_raw.cpp b/src/lib/pk_pad/eme_raw/eme_raw.cpp
index 78b670b65..5c5dd6e40 100644
--- a/src/lib/pk_pad/eme_raw/eme_raw.cpp
+++ b/src/lib/pk_pad/eme_raw/eme_raw.cpp
@@ -18,9 +18,11 @@ secure_vector<byte> EME_Raw::pad(const byte in[], size_t in_length,
return secure_vector<byte>(in, in + in_length);
}
-secure_vector<byte> EME_Raw::unpad(const byte in[], size_t in_length,
+secure_vector<byte> EME_Raw::unpad(byte& valid_mask,
+ const byte in[], size_t in_length,
size_t) const
{
+ valid_mask = 0xFF;
return secure_vector<byte>(in, in + in_length);
}
diff --git a/src/lib/pk_pad/eme_raw/eme_raw.h b/src/lib/pk_pad/eme_raw/eme_raw.h
index ae57587a3..60d23323c 100644
--- a/src/lib/pk_pad/eme_raw/eme_raw.h
+++ b/src/lib/pk_pad/eme_raw/eme_raw.h
@@ -21,7 +21,10 @@ class BOTAN_DLL EME_Raw final : public EME
secure_vector<byte> pad(const byte[], size_t, size_t,
RandomNumberGenerator&) const override;
- secure_vector<byte> unpad(const byte[], size_t, size_t) const override;
+ secure_vector<byte> unpad(byte& valid_mask,
+ const byte in[],
+ size_t in_len,
+ size_t key_length) const override;
};
}