source: trunk/src-cryptopp/pkcspad.cpp

Last change on this file was e230cb0, checked in by David Stainton <dstainton415@…>, at 2016-10-12T13:27:29Z

Add cryptopp from tag CRYPTOPP_5_6_5
  • Property mode set to 100644
File size: 6.6 KB
Line 
1// pkcspad.cpp - written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4
5#ifndef CRYPTOPP_PKCSPAD_CPP    // SunCC workaround: compiler could cause this file to be included twice
6#define CRYPTOPP_PKCSPAD_CPP
7
8#include "pkcspad.h"
9#include "emsa2.h"
10#include "misc.h"
11#include "trap.h"
12
13NAMESPACE_BEGIN(CryptoPP)
14
15// More in dll.cpp. Typedef/cast change due to Clang, http://github.com/weidai11/cryptopp/issues/300
16template<> const byte PKCS_DigestDecoration<Weak1::MD2>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,0x04,0x10};
17template<> const unsigned int PKCS_DigestDecoration<Weak1::MD2>::length = (unsigned int)sizeof(PKCS_DigestDecoration<Weak1::MD2>::decoration);
18
19template<> const byte PKCS_DigestDecoration<Weak1::MD5>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10};
20template<> const unsigned int PKCS_DigestDecoration<Weak1::MD5>::length = (unsigned int)sizeof(PKCS_DigestDecoration<Weak1::MD5>::decoration);
21
22template<> const byte PKCS_DigestDecoration<RIPEMD160>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x24,0x03,0x02,0x01,0x05,0x00,0x04,0x14};
23template<> const unsigned int PKCS_DigestDecoration<RIPEMD160>::length = (unsigned int)sizeof(PKCS_DigestDecoration<RIPEMD160>::decoration);
24
25template<> const byte PKCS_DigestDecoration<Tiger>::decoration[] = {0x30,0x29,0x30,0x0D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0C,0x02,0x05,0x00,0x04,0x18};
26template<> const unsigned int PKCS_DigestDecoration<Tiger>::length = (unsigned int)sizeof(PKCS_DigestDecoration<Tiger>::decoration);
27
28// Inclusion based on DLL due to Clang, http://github.com/weidai11/cryptopp/issues/300
29#ifndef CRYPTOPP_IS_DLL
30template<> const byte PKCS_DigestDecoration<SHA1>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x05,0x00,0x04,0x14};
31template<> const unsigned int PKCS_DigestDecoration<SHA1>::length = (unsigned int)sizeof(PKCS_DigestDecoration<SHA1>::decoration);
32
33template<> const byte PKCS_DigestDecoration<SHA224>::decoration[] = {0x30,0x2d,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,0x05,0x00,0x04,0x1c};
34template<> const unsigned int PKCS_DigestDecoration<SHA224>::length = (unsigned int)sizeof(PKCS_DigestDecoration<SHA224>::decoration);
35
36template<> const byte PKCS_DigestDecoration<SHA256>::decoration[] = {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20};
37template<> const unsigned int PKCS_DigestDecoration<SHA256>::length = (unsigned int)sizeof(PKCS_DigestDecoration<SHA256>::decoration);
38
39template<> const byte PKCS_DigestDecoration<SHA384>::decoration[] = {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30};
40template<> const unsigned int PKCS_DigestDecoration<SHA384>::length = (unsigned int)sizeof(PKCS_DigestDecoration<SHA384>::decoration);
41
42template<> const byte PKCS_DigestDecoration<SHA512>::decoration[] = {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
43template<> const unsigned int PKCS_DigestDecoration<SHA512>::length = (unsigned int)sizeof(PKCS_DigestDecoration<SHA512>::decoration);
44
45template<> const byte EMSA2HashId<SHA1>::id = 0x33;
46template<> const byte EMSA2HashId<SHA224>::id = 0x38;
47template<> const byte EMSA2HashId<SHA256>::id = 0x34;
48template<> const byte EMSA2HashId<SHA384>::id = 0x36;
49template<> const byte EMSA2HashId<SHA512>::id = 0x35;
50#endif
51
52size_t PKCS_EncryptionPaddingScheme::MaxUnpaddedLength(size_t paddedLength) const
53{
54        return SaturatingSubtract(paddedLength/8, 10U);
55}
56
57void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator& rng, const byte *input, size_t inputLen, byte *pkcsBlock, size_t pkcsBlockLen, const NameValuePairs& parameters) const
58{
59        CRYPTOPP_UNUSED(parameters);
60        CRYPTOPP_ASSERT (inputLen <= MaxUnpaddedLength(pkcsBlockLen));  // this should be checked by caller
61
62        // convert from bit length to byte length
63        if (pkcsBlockLen % 8 != 0)
64        {
65                pkcsBlock[0] = 0;
66                pkcsBlock++;
67        }
68        pkcsBlockLen /= 8;
69
70        pkcsBlock[0] = 2;  // block type 2
71
72        // pad with non-zero random bytes
73        for (unsigned i = 1; i < pkcsBlockLen-inputLen-1; i++)
74                pkcsBlock[i] = (byte)rng.GenerateWord32(1, 0xff);
75
76        pkcsBlock[pkcsBlockLen-inputLen-1] = 0;     // separator
77        memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
78}
79
80DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, size_t pkcsBlockLen, byte *output, const NameValuePairs& parameters) const
81{
82        CRYPTOPP_UNUSED(parameters);
83        bool invalid = false;
84        size_t maxOutputLen = MaxUnpaddedLength(pkcsBlockLen);
85
86        // convert from bit length to byte length
87        if (pkcsBlockLen % 8 != 0)
88        {
89                invalid = (pkcsBlock[0] != 0) || invalid;
90                pkcsBlock++;
91        }
92        pkcsBlockLen /= 8;
93
94        // Require block type 2.
95        invalid = (pkcsBlock[0] != 2) || invalid;
96
97        // skip past the padding until we find the separator
98        size_t i=1;
99        while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body
100                }
101        CRYPTOPP_ASSERT(i==pkcsBlockLen || pkcsBlock[i-1]==0);
102
103        size_t outputLen = pkcsBlockLen - i;
104        invalid = (outputLen > maxOutputLen) || invalid;
105
106        if (invalid)
107                return DecodingResult();
108
109        memcpy (output, pkcsBlock+i, outputLen);
110        return DecodingResult(outputLen);
111}
112
113// ********************************************************
114
115#ifndef CRYPTOPP_IMPORTS
116
117void PKCS1v15_SignatureMessageEncodingMethod::ComputeMessageRepresentative(RandomNumberGenerator &rng,
118        const byte *recoverableMessage, size_t recoverableMessageLength,
119        HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
120        byte *representative, size_t representativeBitLength) const
121{
122        CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(recoverableMessage), CRYPTOPP_UNUSED(recoverableMessageLength);
123        CRYPTOPP_UNUSED(messageEmpty), CRYPTOPP_UNUSED(hashIdentifier);
124        CRYPTOPP_ASSERT(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize()));
125
126        size_t pkcsBlockLen = representativeBitLength;
127        // convert from bit length to byte length
128        if (pkcsBlockLen % 8 != 0)
129        {
130                representative[0] = 0;
131                representative++;
132        }
133        pkcsBlockLen /= 8;
134
135        representative[0] = 1;   // block type 1
136
137        unsigned int digestSize = hash.DigestSize();
138        byte *pPadding = representative + 1;
139        byte *pDigest = representative + pkcsBlockLen - digestSize;
140        byte *pHashId = pDigest - hashIdentifier.second;
141        byte *pSeparator = pHashId - 1;
142
143        // pad with 0xff
144        memset(pPadding, 0xff, pSeparator-pPadding);
145        *pSeparator = 0;
146        memcpy(pHashId, hashIdentifier.first, hashIdentifier.second);
147        hash.Final(pDigest);
148}
149
150#endif
151
152NAMESPACE_END
153
154#endif
Note: See TracBrowser for help on using the repository browser.