diff options
Diffstat (limited to 'src/lib/pk_pad')
-rw-r--r-- | src/lib/pk_pad/eme1/eme1.cpp | 40 | ||||
-rw-r--r-- | src/lib/pk_pad/eme1/eme1.h | 7 | ||||
-rw-r--r-- | src/lib/pk_pad/eme1/info.txt | 1 | ||||
-rw-r--r-- | src/lib/pk_pad/emsa4/emsa4.cpp | 7 | ||||
-rw-r--r-- | src/lib/pk_pad/emsa4/emsa4.h | 21 | ||||
-rw-r--r-- | src/lib/pk_pad/emsa4/info.txt | 1 | ||||
-rw-r--r-- | src/lib/pk_pad/mgf1/info.txt | 5 | ||||
-rw-r--r-- | src/lib/pk_pad/mgf1/mgf1.cpp | 36 | ||||
-rw-r--r-- | src/lib/pk_pad/mgf1/mgf1.h | 25 |
9 files changed, 105 insertions, 38 deletions
diff --git a/src/lib/pk_pad/eme1/eme1.cpp b/src/lib/pk_pad/eme1/eme1.cpp index dadb44d0a..9f236ec00 100644 --- a/src/lib/pk_pad/eme1/eme1.cpp +++ b/src/lib/pk_pad/eme1/eme1.cpp @@ -21,22 +21,24 @@ secure_vector<byte> EME1::pad(const byte in[], size_t in_length, { key_length /= 8; - if(key_length < in_length + 2*Phash.size() + 1) + if(key_length < in_length + 2*m_Phash.size() + 1) throw Invalid_Argument("EME1: Input is too large"); secure_vector<byte> out(key_length); - rng.randomize(&out[0], Phash.size()); + rng.randomize(&out[0], m_Phash.size()); - buffer_insert(out, Phash.size(), &Phash[0], Phash.size()); + buffer_insert(out, m_Phash.size(), &m_Phash[0], m_Phash.size()); out[out.size() - in_length - 1] = 0x01; buffer_insert(out, out.size() - in_length, in, in_length); - mgf->mask(&out[0], Phash.size(), - &out[Phash.size()], out.size() - Phash.size()); + mgf1_mask(*m_hash, + &out[0], m_Phash.size(), + &out[m_Phash.size()], out.size() - m_Phash.size()); - mgf->mask(&out[Phash.size()], out.size() - Phash.size(), - &out[0], Phash.size()); + mgf1_mask(*m_hash, + &out[m_Phash.size()], out.size() - m_Phash.size(), + &out[0], m_Phash.size()); return out; } @@ -68,14 +70,17 @@ secure_vector<byte> EME1::unpad(const byte in[], size_t in_length, secure_vector<byte> input(key_length); buffer_insert(input, key_length - in_length, in, in_length); - mgf->mask(&input[Phash.size()], input.size() - Phash.size(), - &input[0], Phash.size()); - mgf->mask(&input[0], Phash.size(), - &input[Phash.size()], input.size() - Phash.size()); + mgf1_mask(*m_hash, + &input[m_Phash.size()], input.size() - m_Phash.size(), + &input[0], m_Phash.size()); + + mgf1_mask(*m_hash, + &input[0], m_Phash.size(), + &input[m_Phash.size()], input.size() - m_Phash.size()); bool waiting_for_delim = true; bool bad_input = false; - size_t delim_idx = 2 * Phash.size(); + size_t delim_idx = 2 * m_Phash.size(); /* * GCC 4.5 on x86-64 compiles this in a way that is still vunerable @@ -99,7 +104,7 @@ secure_vector<byte> EME1::unpad(const byte in[], size_t in_length, // If we never saw any non-zero byte, then it's not valid input bad_input |= waiting_for_delim; - bad_input |= !same_mem(&input[Phash.size()], &Phash[0], Phash.size()); + bad_input |= !same_mem(&input[m_Phash.size()], &m_Phash[0], m_Phash.size()); if(bad_input) throw Decoding_Error("Invalid EME1 encoding"); @@ -112,8 +117,8 @@ secure_vector<byte> EME1::unpad(const byte in[], size_t in_length, */ size_t EME1::maximum_input_size(size_t keybits) const { - if(keybits / 8 > 2*Phash.size() + 1) - return ((keybits / 8) - 2*Phash.size() - 1); + if(keybits / 8 > 2*m_Phash.size() + 1) + return ((keybits / 8) - 2*m_Phash.size() - 1); else return 0; } @@ -121,10 +126,9 @@ size_t EME1::maximum_input_size(size_t keybits) const /* * EME1 Constructor */ -EME1::EME1(HashFunction* hash, const std::string& P) +EME1::EME1(HashFunction* hash, const std::string& P) : m_hash(hash) { - Phash = hash->process(P); - mgf = new MGF1(hash); + m_Phash = m_hash->process(P); } } diff --git a/src/lib/pk_pad/eme1/eme1.h b/src/lib/pk_pad/eme1/eme1.h index eb6fc6bf5..3c71919a8 100644 --- a/src/lib/pk_pad/eme1/eme1.h +++ b/src/lib/pk_pad/eme1/eme1.h @@ -11,6 +11,7 @@ #include <botan/eme.h> #include <botan/kdf.h> #include <botan/hash.h> +#include <memory> namespace Botan { @@ -27,15 +28,13 @@ class BOTAN_DLL EME1 : public EME * @param P an optional label. Normally empty. */ EME1(HashFunction* hash, const std::string& P = ""); - - ~EME1() { delete mgf; } private: secure_vector<byte> pad(const byte[], size_t, size_t, RandomNumberGenerator&) const; secure_vector<byte> unpad(const byte[], size_t, size_t) const; - secure_vector<byte> Phash; - MGF* mgf; + secure_vector<byte> m_Phash; + std::unique_ptr<HashFunction> m_hash; }; } diff --git a/src/lib/pk_pad/eme1/info.txt b/src/lib/pk_pad/eme1/info.txt index 7e911f495..7ae3e98da 100644 --- a/src/lib/pk_pad/eme1/info.txt +++ b/src/lib/pk_pad/eme1/info.txt @@ -4,6 +4,5 @@ load_on auto <requires> hash -kdf mgf1 </requires> diff --git a/src/lib/pk_pad/emsa4/emsa4.cpp b/src/lib/pk_pad/emsa4/emsa4.cpp index c8b8cbc6a..d05c9bef2 100644 --- a/src/lib/pk_pad/emsa4/emsa4.cpp +++ b/src/lib/pk_pad/emsa4/emsa4.cpp @@ -8,6 +8,7 @@ #include <botan/emsa4.h> #include <botan/mgf1.h> #include <botan/internal/bit_ops.h> +#include <botan/internal/xor_buf.h> namespace Botan { @@ -55,7 +56,7 @@ secure_vector<byte> EMSA4::encoding_of(const secure_vector<byte>& msg, EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01; buffer_insert(EM, output_length - 1 - HASH_SIZE - SALT_SIZE, salt); - mgf->mask(&H[0], HASH_SIZE, &EM[0], output_length - HASH_SIZE - 1); + mgf1_mask(*hash, &H[0], HASH_SIZE, &EM[0], output_length - HASH_SIZE - 1); EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits); buffer_insert(EM, output_length - 1 - HASH_SIZE, H); EM[output_length-1] = 0xBC; @@ -102,7 +103,7 @@ bool EMSA4::verify(const secure_vector<byte>& const_coded, const byte* H = &coded[DB_size]; const size_t H_size = HASH_SIZE; - mgf->mask(&H[0], H_size, &DB[0], DB_size); + mgf1_mask(*hash, &H[0], H_size, &DB[0], DB_size); DB[0] &= 0xFF >> TOP_BITS; size_t salt_offset = 0; @@ -131,7 +132,6 @@ bool EMSA4::verify(const secure_vector<byte>& const_coded, EMSA4::EMSA4(HashFunction* h) : SALT_SIZE(h->output_length()), hash(h) { - mgf = new MGF1(hash->clone()); } /* @@ -140,7 +140,6 @@ EMSA4::EMSA4(HashFunction* h) : EMSA4::EMSA4(HashFunction* h, size_t salt_size) : SALT_SIZE(salt_size), hash(h) { - mgf = new MGF1(hash->clone()); } } diff --git a/src/lib/pk_pad/emsa4/emsa4.h b/src/lib/pk_pad/emsa4/emsa4.h index 44bf5a429..5202ccbb5 100644 --- a/src/lib/pk_pad/emsa4/emsa4.h +++ b/src/lib/pk_pad/emsa4/emsa4.h @@ -10,7 +10,7 @@ #include <botan/emsa.h> #include <botan/hash.h> -#include <botan/kdf.h> +#include <memory> namespace Botan { @@ -30,20 +30,21 @@ class BOTAN_DLL EMSA4 : public EMSA * @param salt_size the size of the salt to use in bytes */ EMSA4(HashFunction* hash, size_t salt_size); - - ~EMSA4() { delete hash; delete mgf; } private: - void update(const byte[], size_t); + void update(const byte input[], size_t length); + secure_vector<byte> raw_data(); - secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t, - RandomNumberGenerator& rng); - bool verify(const secure_vector<byte>&, const secure_vector<byte>&, - size_t); + secure_vector<byte> encoding_of(const secure_vector<byte>& msg, + size_t output_bits, + RandomNumberGenerator& rng); + + bool verify(const secure_vector<byte>& coded, + const secure_vector<byte>& raw, + size_t key_bits); size_t SALT_SIZE; - HashFunction* hash; - const MGF* mgf; + std::unique_ptr<HashFunction> hash; }; } diff --git a/src/lib/pk_pad/emsa4/info.txt b/src/lib/pk_pad/emsa4/info.txt index b7ea466ce..28214d547 100644 --- a/src/lib/pk_pad/emsa4/info.txt +++ b/src/lib/pk_pad/emsa4/info.txt @@ -2,6 +2,5 @@ define EMSA4 20131128 <requires> hash -kdf mgf1 </requires> diff --git a/src/lib/pk_pad/mgf1/info.txt b/src/lib/pk_pad/mgf1/info.txt new file mode 100644 index 000000000..65d471c8a --- /dev/null +++ b/src/lib/pk_pad/mgf1/info.txt @@ -0,0 +1,5 @@ +define MGF1 20140118 + +<requires> +hash +</requires> diff --git a/src/lib/pk_pad/mgf1/mgf1.cpp b/src/lib/pk_pad/mgf1/mgf1.cpp new file mode 100644 index 000000000..eae2fed59 --- /dev/null +++ b/src/lib/pk_pad/mgf1/mgf1.cpp @@ -0,0 +1,36 @@ +/* +* MGF1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/mgf1.h> +#include <botan/exceptn.h> +#include <botan/internal/xor_buf.h> +#include <algorithm> + +namespace Botan { + +void mgf1_mask(HashFunction& hash, + const byte in[], size_t in_len, + byte out[], size_t out_len) + { + u32bit counter = 0; + + while(out_len) + { + hash.update(in, in_len); + hash.update_be(counter); + secure_vector<byte> buffer = hash.final(); + + size_t xored = std::min<size_t>(buffer.size(), out_len); + xor_buf(out, &buffer[0], xored); + out += xored; + out_len -= xored; + + ++counter; + } + } + +} diff --git a/src/lib/pk_pad/mgf1/mgf1.h b/src/lib/pk_pad/mgf1/mgf1.h new file mode 100644 index 000000000..bceaf0857 --- /dev/null +++ b/src/lib/pk_pad/mgf1/mgf1.h @@ -0,0 +1,25 @@ +/* +* MGF1 +* (C) 1999-2007,2014 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_MGF1_H__ +#define BOTAN_MGF1_H__ + +#include <botan/kdf.h> +#include <botan/hash.h> + +namespace Botan { + +/** +* MGF1 from PKCS #1 v2.0 +*/ +void mgf1_mask(HashFunction& hash, + const byte in[], size_t in_len, + byte out[], size_t out_len); + +} + +#endif |