/src/botan/src/lib/pk_pad/emsa1/emsa1.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * EMSA1 |
3 | | * (C) 1999-2007 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/emsa1.h> |
9 | | #include <botan/exceptn.h> |
10 | | #include <botan/pk_keys.h> |
11 | | #include <botan/internal/padding.h> |
12 | | |
13 | | namespace Botan { |
14 | | |
15 | | namespace { |
16 | | |
17 | | secure_vector<uint8_t> emsa1_encoding(const secure_vector<uint8_t>& msg, |
18 | | size_t output_bits) |
19 | 680 | { |
20 | 680 | if(8*msg.size() <= output_bits) |
21 | 579 | return msg; |
22 | 101 | |
23 | 101 | size_t shift = 8*msg.size() - output_bits; |
24 | 101 | |
25 | 101 | size_t byte_shift = shift / 8, bit_shift = shift % 8; |
26 | 101 | secure_vector<uint8_t> digest(msg.size() - byte_shift); |
27 | 101 | |
28 | 2.88k | for(size_t j = 0; j != msg.size() - byte_shift; ++j) |
29 | 2.78k | digest[j] = msg[j]; |
30 | 101 | |
31 | 101 | if(bit_shift) |
32 | 32 | { |
33 | 32 | uint8_t carry = 0; |
34 | 869 | for(size_t j = 0; j != digest.size(); ++j) |
35 | 837 | { |
36 | 837 | uint8_t temp = digest[j]; |
37 | 837 | digest[j] = (temp >> bit_shift) | carry; |
38 | 837 | carry = (temp << (8 - bit_shift)); |
39 | 837 | } |
40 | 32 | } |
41 | 101 | return digest; |
42 | 101 | } |
43 | | |
44 | | } |
45 | | |
46 | | std::string EMSA1::name() const |
47 | 0 | { |
48 | 0 | return "EMSA1(" + m_hash->name() + ")"; |
49 | 0 | } |
50 | | |
51 | | EMSA* EMSA1::clone() |
52 | 0 | { |
53 | 0 | return new EMSA1(m_hash->clone()); |
54 | 0 | } |
55 | | |
56 | | void EMSA1::update(const uint8_t input[], size_t length) |
57 | 1.78k | { |
58 | 1.78k | m_hash->update(input, length); |
59 | 1.78k | } |
60 | | |
61 | | secure_vector<uint8_t> EMSA1::raw_data() |
62 | 680 | { |
63 | 680 | return m_hash->final(); |
64 | 680 | } |
65 | | |
66 | | secure_vector<uint8_t> EMSA1::encoding_of(const secure_vector<uint8_t>& msg, |
67 | | size_t output_bits, |
68 | | RandomNumberGenerator&) |
69 | 680 | { |
70 | 680 | if(msg.size() != hash_output_length()) |
71 | 0 | throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); |
72 | 680 | return emsa1_encoding(msg, output_bits); |
73 | 680 | } |
74 | | |
75 | | bool EMSA1::verify(const secure_vector<uint8_t>& input, |
76 | | const secure_vector<uint8_t>& raw, |
77 | | size_t key_bits) |
78 | 0 | { |
79 | 0 | if(raw.size() != m_hash->output_length()) |
80 | 0 | return false; |
81 | 0 | |
82 | 0 | // Call emsa1_encoding to handle any required bit shifting |
83 | 0 | const secure_vector<uint8_t> our_coding = emsa1_encoding(raw, key_bits); |
84 | 0 |
|
85 | 0 | if(our_coding.size() < input.size()) |
86 | 0 | return false; |
87 | 0 | |
88 | 0 | const size_t offset = our_coding.size() - input.size(); // must be >= 0 per check above |
89 | 0 |
|
90 | 0 | // If our encoding is longer, all the bytes in it must be zero |
91 | 0 | for(size_t i = 0; i != offset; ++i) |
92 | 0 | if(our_coding[i] != 0) |
93 | 0 | return false; |
94 | 0 |
|
95 | 0 | return constant_time_compare(input.data(), &our_coding[offset], input.size()); |
96 | 0 | } |
97 | | |
98 | | AlgorithmIdentifier EMSA1::config_for_x509(const Private_Key& key, |
99 | | const std::string& cert_hash_name) const |
100 | 0 | { |
101 | 0 | if(cert_hash_name != m_hash->name()) |
102 | 0 | throw Invalid_Argument("Hash function from opts and hash_fn argument" |
103 | 0 | " need to be identical"); |
104 | 0 | // check that the signature algorithm and the padding scheme fit |
105 | 0 | if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA1")) |
106 | 0 | { |
107 | 0 | throw Invalid_Argument("Encoding scheme with canonical name EMSA1" |
108 | 0 | " not supported for signature algorithm " + key.algo_name()); |
109 | 0 | } |
110 | 0 | |
111 | 0 | const OID oid = OID::from_string(key.algo_name() + "/" + name()); |
112 | 0 |
|
113 | 0 | const std::string algo_name = key.algo_name(); |
114 | 0 | std::vector<uint8_t> parameters; |
115 | 0 | if(algo_name == "DSA" || |
116 | 0 | algo_name == "ECDSA" || |
117 | 0 | algo_name == "ECGDSA" || |
118 | 0 | algo_name == "ECKCDSA" || |
119 | 0 | algo_name == "GOST-34.10" || |
120 | 0 | algo_name == "GOST-34.10-2012-256" || |
121 | 0 | algo_name == "GOST-34.10-2012-512") |
122 | 0 | { |
123 | 0 | // for DSA, ECDSA, GOST parameters "SHALL" be empty |
124 | 0 | } |
125 | 0 | else |
126 | 0 | { |
127 | 0 | parameters = key.algorithm_identifier().get_parameters(); |
128 | 0 | } |
129 | 0 |
|
130 | 0 | return AlgorithmIdentifier(oid, parameters); |
131 | 0 | } |
132 | | |
133 | | } |