1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
/*
* PKCS #1 v1.5 signature padding
* (C) 1999-2008 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#include <botan/emsa_pkcs1.h>
#include <botan/hash_id.h>
#include <botan/exceptn.h>
#include <botan/oids.h>
#include <botan/pk_keys.h>
#include <botan/internal/padding.h>
namespace Botan {
namespace {
secure_vector<uint8_t> emsa3_encoding(const secure_vector<uint8_t>& msg,
size_t output_bits,
const uint8_t hash_id[],
size_t hash_id_length)
{
size_t output_length = output_bits / 8;
if(output_length < hash_id_length + msg.size() + 10)
throw Encoding_Error("emsa3_encoding: Output length is too small");
secure_vector<uint8_t> T(output_length);
const size_t P_LENGTH = output_length - msg.size() - hash_id_length - 2;
T[0] = 0x01;
set_mem(&T[1], P_LENGTH, 0xFF);
T[P_LENGTH+1] = 0x00;
if(hash_id_length > 0)
{
BOTAN_ASSERT_NONNULL(hash_id);
buffer_insert(T, P_LENGTH+2, hash_id, hash_id_length);
}
buffer_insert(T, output_length-msg.size(), msg.data(), msg.size());
return T;
}
}
void EMSA_PKCS1v15::update(const uint8_t input[], size_t length)
{
m_hash->update(input, length);
}
secure_vector<uint8_t> EMSA_PKCS1v15::raw_data()
{
return m_hash->final();
}
secure_vector<uint8_t>
EMSA_PKCS1v15::encoding_of(const secure_vector<uint8_t>& msg,
size_t output_bits,
RandomNumberGenerator&)
{
if(msg.size() != m_hash->output_length())
throw Encoding_Error("EMSA_PKCS1v15::encoding_of: Bad input length");
return emsa3_encoding(msg, output_bits,
m_hash_id.data(), m_hash_id.size());
}
bool EMSA_PKCS1v15::verify(const secure_vector<uint8_t>& coded,
const secure_vector<uint8_t>& raw,
size_t key_bits)
{
if(raw.size() != m_hash->output_length())
return false;
try
{
return (coded == emsa3_encoding(raw, key_bits,
m_hash_id.data(), m_hash_id.size()));
}
catch(...)
{
return false;
}
}
AlgorithmIdentifier EMSA_PKCS1v15::config_for_x509(const Private_Key& key,
const std::string& cert_hash_name) const
{
if(cert_hash_name != m_hash->name())
throw Invalid_Argument("Hash function from opts and hash_fn argument"
" need to be identical");
// check that the signature algorithm and the padding scheme fit
if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA3"))
{
throw Invalid_Argument("Encoding scheme with canonical name EMSA3"
" not supported for signature algorithm " + key.algo_name());
}
// for RSA PKCSv1.5 parameters "SHALL" be NULL
const OID oid = OIDS::str2oid_or_throw(key.algo_name() + "/" + name());
return AlgorithmIdentifier(oid, AlgorithmIdentifier::USE_NULL_PARAM);
}
EMSA_PKCS1v15::EMSA_PKCS1v15(HashFunction* hash) : m_hash(hash)
{
m_hash_id = pkcs_hash_id(m_hash->name());
}
EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw(const std::string& hash_algo)
{
if(!hash_algo.empty())
{
m_hash_id = pkcs_hash_id(hash_algo);
std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_algo));
m_hash_name = hash->name();
m_hash_output_len = hash->output_length();
}
else
{
m_hash_output_len = 0;
}
}
void EMSA_PKCS1v15_Raw::update(const uint8_t input[], size_t length)
{
m_message += std::make_pair(input, length);
}
secure_vector<uint8_t> EMSA_PKCS1v15_Raw::raw_data()
{
secure_vector<uint8_t> ret;
std::swap(ret, m_message);
if(m_hash_output_len > 0 && ret.size() != m_hash_output_len)
throw Encoding_Error("EMSA_PKCS1v15_Raw::encoding_of: Bad input length");
return ret;
}
secure_vector<uint8_t>
EMSA_PKCS1v15_Raw::encoding_of(const secure_vector<uint8_t>& msg,
size_t output_bits,
RandomNumberGenerator&)
{
return emsa3_encoding(msg, output_bits, m_hash_id.data(), m_hash_id.size());
}
bool EMSA_PKCS1v15_Raw::verify(const secure_vector<uint8_t>& coded,
const secure_vector<uint8_t>& raw,
size_t key_bits)
{
if(m_hash_output_len > 0 && raw.size() != m_hash_output_len)
return false;
try
{
return (coded == emsa3_encoding(raw, key_bits, m_hash_id.data(), m_hash_id.size()));
}
catch(...)
{
return false;
}
}
}
|