Crypto++  5.6.3
Free C++ class library of cryptographic schemes
pkcspad.cpp
1 // pkcspad.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_PKCSPAD_CPP // SunCC workaround: compiler could cause this file to be included twice
6 #define CRYPTOPP_PKCSPAD_CPP
7 
8 #include "pkcspad.h"
9 #include "misc.h"
10 #include <assert.h>
11 
12 NAMESPACE_BEGIN(CryptoPP)
13 
14 // more in dll.cpp
15 template<> const byte PKCS_DigestDecoration<Weak1::MD2>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,0x04,0x10};
17 
18 template<> const byte PKCS_DigestDecoration<Weak1::MD5>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10};
20 
21 template<> const byte PKCS_DigestDecoration<RIPEMD160>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x24,0x03,0x02,0x01,0x05,0x00,0x04,0x14};
23 
24 template<> const byte PKCS_DigestDecoration<Tiger>::decoration[] = {0x30,0x29,0x30,0x0D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0C,0x02,0x05,0x00,0x04,0x18};
26 
27 size_t PKCS_EncryptionPaddingScheme::MaxUnpaddedLength(size_t paddedLength) const
28 {
29  return SaturatingSubtract(paddedLength/8, 10U);
30 }
31 
32 void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator& rng, const byte *input, size_t inputLen, byte *pkcsBlock, size_t pkcsBlockLen, const NameValuePairs& parameters) const
33 {
34  CRYPTOPP_UNUSED(parameters);
35  assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller
36 
37  // convert from bit length to byte length
38  if (pkcsBlockLen % 8 != 0)
39  {
40  pkcsBlock[0] = 0;
41  pkcsBlock++;
42  }
43  pkcsBlockLen /= 8;
44 
45  pkcsBlock[0] = 2; // block type 2
46 
47  // pad with non-zero random bytes
48  for (unsigned i = 1; i < pkcsBlockLen-inputLen-1; i++)
49  pkcsBlock[i] = (byte)rng.GenerateWord32(1, 0xff);
50 
51  pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator
52  memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
53 }
54 
55 DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, size_t pkcsBlockLen, byte *output, const NameValuePairs& parameters) const
56 {
57  CRYPTOPP_UNUSED(parameters);
58  bool invalid = false;
59  size_t maxOutputLen = MaxUnpaddedLength(pkcsBlockLen);
60 
61  // convert from bit length to byte length
62  if (pkcsBlockLen % 8 != 0)
63  {
64  invalid = (pkcsBlock[0] != 0) || invalid;
65  pkcsBlock++;
66  }
67  pkcsBlockLen /= 8;
68 
69  // Require block type 2.
70  invalid = (pkcsBlock[0] != 2) || invalid;
71 
72  // skip past the padding until we find the separator
73  size_t i=1;
74  while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body
75  }
76  assert(i==pkcsBlockLen || pkcsBlock[i-1]==0);
77 
78  size_t outputLen = pkcsBlockLen - i;
79  invalid = (outputLen > maxOutputLen) || invalid;
80 
81  if (invalid)
82  return DecodingResult();
83 
84  memcpy (output, pkcsBlock+i, outputLen);
85  return DecodingResult(outputLen);
86 }
87 
88 // ********************************************************
89 
90 #ifndef CRYPTOPP_IMPORTS
91 
92 void PKCS1v15_SignatureMessageEncodingMethod::ComputeMessageRepresentative(RandomNumberGenerator &rng,
93  const byte *recoverableMessage, size_t recoverableMessageLength,
94  HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
95  byte *representative, size_t representativeBitLength) const
96 {
97  CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(recoverableMessage), CRYPTOPP_UNUSED(recoverableMessageLength);
98  CRYPTOPP_UNUSED(messageEmpty), CRYPTOPP_UNUSED(hashIdentifier);
99  assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize()));
100 
101  size_t pkcsBlockLen = representativeBitLength;
102  // convert from bit length to byte length
103  if (pkcsBlockLen % 8 != 0)
104  {
105  representative[0] = 0;
106  representative++;
107  }
108  pkcsBlockLen /= 8;
109 
110  representative[0] = 1; // block type 1
111 
112  unsigned int digestSize = hash.DigestSize();
113  byte *pPadding = representative + 1;
114  byte *pDigest = representative + pkcsBlockLen - digestSize;
115  byte *pHashId = pDigest - hashIdentifier.second;
116  byte *pSeparator = pHashId - 1;
117 
118  // pad with 0xff
119  memset(pPadding, 0xff, pSeparator-pPadding);
120  *pSeparator = 0;
121  memcpy(pHashId, hashIdentifier.first, hashIdentifier.second);
122  hash.Final(pDigest);
123 }
124 
125 #endif
126 
127 NAMESPACE_END
128 
129 #endif
Utility functions for the Crypto++ library.
virtual word32 GenerateWord32(word32 min=0, word32 max=0xffffffffUL)
Generate a random 32 bit word in the range min to max, inclusive.
Definition: cryptlib.cpp:301
Interface for random number generators.
Definition: cryptlib.h:1176
Returns a decoding results.
Definition: cryptlib.h:236
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
Definition: misc.h:865
virtual unsigned int DigestSize() const =0
Provides the digest size of the hash.
Interface for hash functions and data processing part of MACs.
Definition: cryptlib.h:912
size_t MaxUnpaddedLength(size_t paddedLength) const
max size of unpadded message in bytes, given max size of padded message in bits (1 less than size of ...
Definition: pkcspad.cpp:27
Crypto++ library namespace.
virtual void Final(byte *digest)
Computes the hash of the current message.
Definition: cryptlib.h:940
Interface for retrieving values given their names.
Definition: cryptlib.h:277