aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pk_pad
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/pk_pad')
-rw-r--r--src/lib/pk_pad/eme1/eme1.cpp40
-rw-r--r--src/lib/pk_pad/eme1/eme1.h7
-rw-r--r--src/lib/pk_pad/eme1/info.txt1
-rw-r--r--src/lib/pk_pad/emsa4/emsa4.cpp7
-rw-r--r--src/lib/pk_pad/emsa4/emsa4.h21
-rw-r--r--src/lib/pk_pad/emsa4/info.txt1
-rw-r--r--src/lib/pk_pad/mgf1/info.txt5
-rw-r--r--src/lib/pk_pad/mgf1/mgf1.cpp36
-rw-r--r--src/lib/pk_pad/mgf1/mgf1.h25
9 files changed, 105 insertions, 38 deletions
diff --git a/src/lib/pk_pad/eme1/eme1.cpp b/src/lib/pk_pad/eme1/eme1.cpp
index dadb44d0a..9f236ec00 100644
--- a/src/lib/pk_pad/eme1/eme1.cpp
+++ b/src/lib/pk_pad/eme1/eme1.cpp
@@ -21,22 +21,24 @@ secure_vector<byte> EME1::pad(const byte in[], size_t in_length,
{
key_length /= 8;
- if(key_length < in_length + 2*Phash.size() + 1)
+ if(key_length < in_length + 2*m_Phash.size() + 1)
throw Invalid_Argument("EME1: Input is too large");
secure_vector<byte> out(key_length);
- rng.randomize(&out[0], Phash.size());
+ rng.randomize(&out[0], m_Phash.size());
- buffer_insert(out, Phash.size(), &Phash[0], Phash.size());
+ buffer_insert(out, m_Phash.size(), &m_Phash[0], m_Phash.size());
out[out.size() - in_length - 1] = 0x01;
buffer_insert(out, out.size() - in_length, in, in_length);
- mgf->mask(&out[0], Phash.size(),
- &out[Phash.size()], out.size() - Phash.size());
+ mgf1_mask(*m_hash,
+ &out[0], m_Phash.size(),
+ &out[m_Phash.size()], out.size() - m_Phash.size());
- mgf->mask(&out[Phash.size()], out.size() - Phash.size(),
- &out[0], Phash.size());
+ mgf1_mask(*m_hash,
+ &out[m_Phash.size()], out.size() - m_Phash.size(),
+ &out[0], m_Phash.size());
return out;
}
@@ -68,14 +70,17 @@ secure_vector<byte> EME1::unpad(const byte in[], size_t in_length,
secure_vector<byte> input(key_length);
buffer_insert(input, key_length - in_length, in, in_length);
- mgf->mask(&input[Phash.size()], input.size() - Phash.size(),
- &input[0], Phash.size());
- mgf->mask(&input[0], Phash.size(),
- &input[Phash.size()], input.size() - Phash.size());
+ mgf1_mask(*m_hash,
+ &input[m_Phash.size()], input.size() - m_Phash.size(),
+ &input[0], m_Phash.size());
+
+ mgf1_mask(*m_hash,
+ &input[0], m_Phash.size(),
+ &input[m_Phash.size()], input.size() - m_Phash.size());
bool waiting_for_delim = true;
bool bad_input = false;
- size_t delim_idx = 2 * Phash.size();
+ size_t delim_idx = 2 * m_Phash.size();
/*
* GCC 4.5 on x86-64 compiles this in a way that is still vunerable
@@ -99,7 +104,7 @@ secure_vector<byte> EME1::unpad(const byte in[], size_t in_length,
// If we never saw any non-zero byte, then it's not valid input
bad_input |= waiting_for_delim;
- bad_input |= !same_mem(&input[Phash.size()], &Phash[0], Phash.size());
+ bad_input |= !same_mem(&input[m_Phash.size()], &m_Phash[0], m_Phash.size());
if(bad_input)
throw Decoding_Error("Invalid EME1 encoding");
@@ -112,8 +117,8 @@ secure_vector<byte> EME1::unpad(const byte in[], size_t in_length,
*/
size_t EME1::maximum_input_size(size_t keybits) const
{
- if(keybits / 8 > 2*Phash.size() + 1)
- return ((keybits / 8) - 2*Phash.size() - 1);
+ if(keybits / 8 > 2*m_Phash.size() + 1)
+ return ((keybits / 8) - 2*m_Phash.size() - 1);
else
return 0;
}
@@ -121,10 +126,9 @@ size_t EME1::maximum_input_size(size_t keybits) const
/*
* EME1 Constructor
*/
-EME1::EME1(HashFunction* hash, const std::string& P)
+EME1::EME1(HashFunction* hash, const std::string& P) : m_hash(hash)
{
- Phash = hash->process(P);
- mgf = new MGF1(hash);
+ m_Phash = m_hash->process(P);
}
}
diff --git a/src/lib/pk_pad/eme1/eme1.h b/src/lib/pk_pad/eme1/eme1.h
index eb6fc6bf5..3c71919a8 100644
--- a/src/lib/pk_pad/eme1/eme1.h
+++ b/src/lib/pk_pad/eme1/eme1.h
@@ -11,6 +11,7 @@
#include <botan/eme.h>
#include <botan/kdf.h>
#include <botan/hash.h>
+#include <memory>
namespace Botan {
@@ -27,15 +28,13 @@ class BOTAN_DLL EME1 : public EME
* @param P an optional label. Normally empty.
*/
EME1(HashFunction* hash, const std::string& P = "");
-
- ~EME1() { delete mgf; }
private:
secure_vector<byte> pad(const byte[], size_t, size_t,
RandomNumberGenerator&) const;
secure_vector<byte> unpad(const byte[], size_t, size_t) const;
- secure_vector<byte> Phash;
- MGF* mgf;
+ secure_vector<byte> m_Phash;
+ std::unique_ptr<HashFunction> m_hash;
};
}
diff --git a/src/lib/pk_pad/eme1/info.txt b/src/lib/pk_pad/eme1/info.txt
index 7e911f495..7ae3e98da 100644
--- a/src/lib/pk_pad/eme1/info.txt
+++ b/src/lib/pk_pad/eme1/info.txt
@@ -4,6 +4,5 @@ load_on auto
<requires>
hash
-kdf
mgf1
</requires>
diff --git a/src/lib/pk_pad/emsa4/emsa4.cpp b/src/lib/pk_pad/emsa4/emsa4.cpp
index c8b8cbc6a..d05c9bef2 100644
--- a/src/lib/pk_pad/emsa4/emsa4.cpp
+++ b/src/lib/pk_pad/emsa4/emsa4.cpp
@@ -8,6 +8,7 @@
#include <botan/emsa4.h>
#include <botan/mgf1.h>
#include <botan/internal/bit_ops.h>
+#include <botan/internal/xor_buf.h>
namespace Botan {
@@ -55,7 +56,7 @@ secure_vector<byte> EMSA4::encoding_of(const secure_vector<byte>& msg,
EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01;
buffer_insert(EM, output_length - 1 - HASH_SIZE - SALT_SIZE, salt);
- mgf->mask(&H[0], HASH_SIZE, &EM[0], output_length - HASH_SIZE - 1);
+ mgf1_mask(*hash, &H[0], HASH_SIZE, &EM[0], output_length - HASH_SIZE - 1);
EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits);
buffer_insert(EM, output_length - 1 - HASH_SIZE, H);
EM[output_length-1] = 0xBC;
@@ -102,7 +103,7 @@ bool EMSA4::verify(const secure_vector<byte>& const_coded,
const byte* H = &coded[DB_size];
const size_t H_size = HASH_SIZE;
- mgf->mask(&H[0], H_size, &DB[0], DB_size);
+ mgf1_mask(*hash, &H[0], H_size, &DB[0], DB_size);
DB[0] &= 0xFF >> TOP_BITS;
size_t salt_offset = 0;
@@ -131,7 +132,6 @@ bool EMSA4::verify(const secure_vector<byte>& const_coded,
EMSA4::EMSA4(HashFunction* h) :
SALT_SIZE(h->output_length()), hash(h)
{
- mgf = new MGF1(hash->clone());
}
/*
@@ -140,7 +140,6 @@ EMSA4::EMSA4(HashFunction* h) :
EMSA4::EMSA4(HashFunction* h, size_t salt_size) :
SALT_SIZE(salt_size), hash(h)
{
- mgf = new MGF1(hash->clone());
}
}
diff --git a/src/lib/pk_pad/emsa4/emsa4.h b/src/lib/pk_pad/emsa4/emsa4.h
index 44bf5a429..5202ccbb5 100644
--- a/src/lib/pk_pad/emsa4/emsa4.h
+++ b/src/lib/pk_pad/emsa4/emsa4.h
@@ -10,7 +10,7 @@
#include <botan/emsa.h>
#include <botan/hash.h>
-#include <botan/kdf.h>
+#include <memory>
namespace Botan {
@@ -30,20 +30,21 @@ class BOTAN_DLL EMSA4 : public EMSA
* @param salt_size the size of the salt to use in bytes
*/
EMSA4(HashFunction* hash, size_t salt_size);
-
- ~EMSA4() { delete hash; delete mgf; }
private:
- void update(const byte[], size_t);
+ void update(const byte input[], size_t length);
+
secure_vector<byte> raw_data();
- secure_vector<byte> encoding_of(const secure_vector<byte>&, size_t,
- RandomNumberGenerator& rng);
- bool verify(const secure_vector<byte>&, const secure_vector<byte>&,
- size_t);
+ secure_vector<byte> encoding_of(const secure_vector<byte>& msg,
+ size_t output_bits,
+ RandomNumberGenerator& rng);
+
+ bool verify(const secure_vector<byte>& coded,
+ const secure_vector<byte>& raw,
+ size_t key_bits);
size_t SALT_SIZE;
- HashFunction* hash;
- const MGF* mgf;
+ std::unique_ptr<HashFunction> hash;
};
}
diff --git a/src/lib/pk_pad/emsa4/info.txt b/src/lib/pk_pad/emsa4/info.txt
index b7ea466ce..28214d547 100644
--- a/src/lib/pk_pad/emsa4/info.txt
+++ b/src/lib/pk_pad/emsa4/info.txt
@@ -2,6 +2,5 @@ define EMSA4 20131128
<requires>
hash
-kdf
mgf1
</requires>
diff --git a/src/lib/pk_pad/mgf1/info.txt b/src/lib/pk_pad/mgf1/info.txt
new file mode 100644
index 000000000..65d471c8a
--- /dev/null
+++ b/src/lib/pk_pad/mgf1/info.txt
@@ -0,0 +1,5 @@
+define MGF1 20140118
+
+<requires>
+hash
+</requires>
diff --git a/src/lib/pk_pad/mgf1/mgf1.cpp b/src/lib/pk_pad/mgf1/mgf1.cpp
new file mode 100644
index 000000000..eae2fed59
--- /dev/null
+++ b/src/lib/pk_pad/mgf1/mgf1.cpp
@@ -0,0 +1,36 @@
+/*
+* MGF1
+* (C) 1999-2007 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/mgf1.h>
+#include <botan/exceptn.h>
+#include <botan/internal/xor_buf.h>
+#include <algorithm>
+
+namespace Botan {
+
+void mgf1_mask(HashFunction& hash,
+ const byte in[], size_t in_len,
+ byte out[], size_t out_len)
+ {
+ u32bit counter = 0;
+
+ while(out_len)
+ {
+ hash.update(in, in_len);
+ hash.update_be(counter);
+ secure_vector<byte> buffer = hash.final();
+
+ size_t xored = std::min<size_t>(buffer.size(), out_len);
+ xor_buf(out, &buffer[0], xored);
+ out += xored;
+ out_len -= xored;
+
+ ++counter;
+ }
+ }
+
+}
diff --git a/src/lib/pk_pad/mgf1/mgf1.h b/src/lib/pk_pad/mgf1/mgf1.h
new file mode 100644
index 000000000..bceaf0857
--- /dev/null
+++ b/src/lib/pk_pad/mgf1/mgf1.h
@@ -0,0 +1,25 @@
+/*
+* MGF1
+* (C) 1999-2007,2014 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_MGF1_H__
+#define BOTAN_MGF1_H__
+
+#include <botan/kdf.h>
+#include <botan/hash.h>
+
+namespace Botan {
+
+/**
+* MGF1 from PKCS #1 v2.0
+*/
+void mgf1_mask(HashFunction& hash,
+ const byte in[], size_t in_len,
+ byte out[], size_t out_len);
+
+}
+
+#endif