/src/botan/src/lib/pk_pad/emsa1/emsa1.cpp

Source (jump to first uncovered line)
/*
* EMSA1
* (C) 1999-2007 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/emsa1.h>
#include <botan/exceptn.h>
#include <botan/pk_keys.h>
#include <botan/internal/padding.h>

namespace Botan {

namespace {

secure_vector<uint8_t> emsa1_encoding(const secure_vector<uint8_t>& msg,
                                  size_t output_bits)
   {
   if(8*msg.size() <= output_bits)
      return msg;

   size_t shift = 8*msg.size() - output_bits;

   size_t byte_shift = shift / 8, bit_shift = shift % 8;
   secure_vector<uint8_t> digest(msg.size() - byte_shift);

   for(size_t j = 0; j != msg.size() - byte_shift; ++j)
      digest[j] = msg[j];

   if(bit_shift)
      {
      uint8_t carry = 0;
      for(size_t j = 0; j != digest.size(); ++j)
         {
         uint8_t temp = digest[j];
         digest[j] = (temp >> bit_shift) | carry;
         carry = (temp << (8 - bit_shift));
         }
      }
   return digest;
   }

}

std::string EMSA1::name() const
   {
   return "EMSA1(" + m_hash->name() + ")";
   }

EMSA* EMSA1::clone()
   {
   return new EMSA1(m_hash->clone());
   }

void EMSA1::update(const uint8_t input[], size_t length)
   {
   m_hash->update(input, length);
   }

secure_vector<uint8_t> EMSA1::raw_data()
   {
   return m_hash->final();
   }

secure_vector<uint8_t> EMSA1::encoding_of(const secure_vector<uint8_t>& msg,
                                       size_t output_bits,
                                       RandomNumberGenerator&)
   {
   if(msg.size() != hash_output_length())
      throw Encoding_Error("EMSA1::encoding_of: Invalid size for input");
   return emsa1_encoding(msg, output_bits);
   }

bool EMSA1::verify(const secure_vector<uint8_t>& input,
                   const secure_vector<uint8_t>& raw,
                   size_t key_bits)
   {
   if(raw.size() != m_hash->output_length())
      return false;

   // Call emsa1_encoding to handle any required bit shifting
   const secure_vector<uint8_t> our_coding = emsa1_encoding(raw, key_bits);

   if(our_coding.size() < input.size())
      return false;

   const size_t offset = our_coding.size() - input.size(); // must be >= 0 per check above

   // If our encoding is longer, all the bytes in it must be zero
   for(size_t i = 0; i != offset; ++i)
      if(our_coding[i] != 0)
            return false;

   return constant_time_compare(input.data(), &our_coding[offset], input.size());
   }

AlgorithmIdentifier EMSA1::config_for_x509(const Private_Key& key,
                                           const std::string& cert_hash_name) const
   {
   if(cert_hash_name != m_hash->name())
      throw Invalid_Argument("Hash function from opts and hash_fn argument"
         " need to be identical");
   // check that the signature algorithm and the padding scheme fit
   if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA1"))
      {
      throw Invalid_Argument("Encoding scheme with canonical name EMSA1"
         " not supported for signature algorithm " + key.algo_name());
      }

   const OID oid = OID::from_string(key.algo_name() + "/" + name());

   const std::string algo_name = key.algo_name();
   std::vector<uint8_t> parameters;
   if(algo_name == "DSA" ||
      algo_name == "ECDSA" ||
      algo_name == "ECGDSA" ||
      algo_name == "ECKCDSA" ||
      algo_name == "GOST-34.10" ||
      algo_name == "GOST-34.10-2012-256" ||
      algo_name == "GOST-34.10-2012-512")
      {
      // for DSA, ECDSA, GOST parameters "SHALL" be empty
      }
   else
      {
      parameters = key.algorithm_identifier().get_parameters();
      }

   return AlgorithmIdentifier(oid, parameters);
   }

}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* EMSA1
3		* (C) 1999-2007 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/emsa1.h>
9		#include <botan/exceptn.h>
10		#include <botan/pk_keys.h>
11		#include <botan/internal/padding.h>
12
13		namespace Botan {
14
15		namespace {
16
17		secure_vector<uint8_t> emsa1_encoding(const secure_vector<uint8_t>& msg,
18		size_t output_bits)
19	680	{
20	680	if(8*msg.size() <= output_bits)
21	579	return msg;
22	101
23	101	size_t shift = 8*msg.size() - output_bits;
24	101
25	101	size_t byte_shift = shift / 8, bit_shift = shift % 8;
26	101	secure_vector<uint8_t> digest(msg.size() - byte_shift);
27	101
28	2.88k	for(size_t j = 0; j != msg.size() - byte_shift; ++j)
29	2.78k	digest[j] = msg[j];
30	101
31	101	if(bit_shift)
32	32	{
33	32	uint8_t carry = 0;
34	869	for(size_t j = 0; j != digest.size(); ++j)
35	837	{
36	837	uint8_t temp = digest[j];
37	837	digest[j] = (temp >> bit_shift) \| carry;
38	837	carry = (temp << (8 - bit_shift));
39	837	}
40	32	}
41	101	return digest;
42	101	}
43
44		}
45
46		std::string EMSA1::name() const
47	0	{
48	0	return "EMSA1(" + m_hash->name() + ")";
49	0	}
50
51		EMSA* EMSA1::clone()
52	0	{
53	0	return new EMSA1(m_hash->clone());
54	0	}
55
56		void EMSA1::update(const uint8_t input[], size_t length)
57	1.78k	{
58	1.78k	m_hash->update(input, length);
59	1.78k	}
60
61		secure_vector<uint8_t> EMSA1::raw_data()
62	680	{
63	680	return m_hash->final();
64	680	}
65
66		secure_vector<uint8_t> EMSA1::encoding_of(const secure_vector<uint8_t>& msg,
67		size_t output_bits,
68		RandomNumberGenerator&)
69	680	{
70	680	if(msg.size() != hash_output_length())
71	0	throw Encoding_Error("EMSA1::encoding_of: Invalid size for input");
72	680	return emsa1_encoding(msg, output_bits);
73	680	}
74
75		bool EMSA1::verify(const secure_vector<uint8_t>& input,
76		const secure_vector<uint8_t>& raw,
77		size_t key_bits)
78	0	{
79	0	if(raw.size() != m_hash->output_length())
80	0	return false;
81	0
82	0	// Call emsa1_encoding to handle any required bit shifting
83	0	const secure_vector<uint8_t> our_coding = emsa1_encoding(raw, key_bits);
84	0
85	0	if(our_coding.size() < input.size())
86	0	return false;
87	0
88	0	const size_t offset = our_coding.size() - input.size(); // must be >= 0 per check above
89	0
90	0	// If our encoding is longer, all the bytes in it must be zero
91	0	for(size_t i = 0; i != offset; ++i)
92	0	if(our_coding[i] != 0)
93	0	return false;
94	0
95	0	return constant_time_compare(input.data(), &our_coding[offset], input.size());
96	0	}
97
98		AlgorithmIdentifier EMSA1::config_for_x509(const Private_Key& key,
99		const std::string& cert_hash_name) const
100	0	{
101	0	if(cert_hash_name != m_hash->name())
102	0	throw Invalid_Argument("Hash function from opts and hash_fn argument"
103	0	" need to be identical");
104	0	// check that the signature algorithm and the padding scheme fit
105	0	if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA1"))
106	0	{
107	0	throw Invalid_Argument("Encoding scheme with canonical name EMSA1"
108	0	" not supported for signature algorithm " + key.algo_name());
109	0	}
110	0
111	0	const OID oid = OID::from_string(key.algo_name() + "/" + name());
112	0
113	0	const std::string algo_name = key.algo_name();
114	0	std::vector<uint8_t> parameters;
115	0	if(algo_name == "DSA" \|\|
116	0	algo_name == "ECDSA" \|\|
117	0	algo_name == "ECGDSA" \|\|
118	0	algo_name == "ECKCDSA" \|\|
119	0	algo_name == "GOST-34.10" \|\|
120	0	algo_name == "GOST-34.10-2012-256" \|\|
121	0	algo_name == "GOST-34.10-2012-512")
122	0	{
123	0	// for DSA, ECDSA, GOST parameters "SHALL" be empty
124	0	}
125	0	else
126	0	{
127	0	parameters = key.algorithm_identifier().get_parameters();
128	0	}
129	0
130	0	return AlgorithmIdentifier(oid, parameters);
131	0	}
132
133		}

Coverage Report

Created: 2019-09-11 14:12