/src/botan/src/lib/pk_pad/emsa1/emsa1.cpp

Source (jump to first uncovered line)
/*
* EMSA1
* (C) 1999-2007,2021 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/internal/emsa1.h>
#include <botan/exceptn.h>
#include <botan/pk_keys.h>
#include <botan/internal/padding.h>

namespace Botan {

namespace {

secure_vector<uint8_t> emsa1_encoding(const secure_vector<uint8_t>& msg,
                                  size_t output_bits)
   {
   const size_t msg_bits = 8*msg.size();
   if(msg_bits <= output_bits)
      return msg;

   const size_t shift = msg_bits - output_bits;
   const size_t byte_shift = shift / 8;
   const size_t bit_shift = shift % 8;

   secure_vector<uint8_t> digest(msg.size() - byte_shift);

   for(size_t i = 0; i != msg.size() - byte_shift; ++i)
      digest[i] = msg[i];

   if(bit_shift)
      {
      uint8_t carry = 0;
      for(size_t i = 0; i != digest.size(); ++i)
         {
         uint8_t temp = digest[i];
         digest[i] = (temp >> bit_shift) | carry;
         carry = (temp << (8 - bit_shift));
         }
      }
   return digest;
   }

}

std::string EMSA1::name() const
   {
   return "EMSA1(" + m_hash->name() + ")";
   }

std::unique_ptr<EMSA> EMSA1::new_object()
   {
   return std::make_unique<EMSA1>(m_hash->new_object());
   }

void EMSA1::update(const uint8_t input[], size_t length)
   {
   m_hash->update(input, length);
   }

secure_vector<uint8_t> EMSA1::raw_data()
   {
   return m_hash->final();
   }

secure_vector<uint8_t> EMSA1::encoding_of(const secure_vector<uint8_t>& msg,
                                       size_t output_bits,
                                       RandomNumberGenerator&)
   {
   if(msg.size() != hash_output_length())
      throw Encoding_Error("EMSA1::encoding_of: Invalid size for input");
   return emsa1_encoding(msg, output_bits);
   }

bool EMSA1::verify(const secure_vector<uint8_t>& input,
                   const secure_vector<uint8_t>& raw,
                   size_t key_bits)
   {
   if(raw.size() != m_hash->output_length())
      return false;

   // Call emsa1_encoding to handle any required bit shifting
   const secure_vector<uint8_t> our_coding = emsa1_encoding(raw, key_bits);

   if(our_coding.size() < input.size())
      return false;

   const size_t offset = our_coding.size() - input.size(); // must be >= 0 per check above

   // If our encoding is longer, all the bytes in it must be zero
   for(size_t i = 0; i != offset; ++i)
      if(our_coding[i] != 0)
         return false;

   return constant_time_compare(input.data(), &our_coding[offset], input.size());
   }

AlgorithmIdentifier EMSA1::config_for_x509(const Private_Key& key,
                                           const std::string& cert_hash_name) const
   {
   if(cert_hash_name != m_hash->name())
      throw Invalid_Argument("Hash function from opts and hash_fn argument"
         " need to be identical");
   // check that the signature algorithm and the padding scheme fit
   if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA1"))
      {
      throw Invalid_Argument("Encoding scheme with canonical name EMSA1"
         " not supported for signature algorithm " + key.algo_name());
      }

   const OID oid = OID::from_string(key.algo_name() + "/" + name());

   const std::string algo_name = key.algo_name();
   std::vector<uint8_t> parameters;
   if(algo_name == "DSA" ||
      algo_name == "ECDSA" ||
      algo_name == "ECGDSA" ||
      algo_name == "ECKCDSA" ||
      algo_name == "GOST-34.10" ||
      algo_name == "GOST-34.10-2012-256" ||
      algo_name == "GOST-34.10-2012-512")
      {
      // for DSA, ECDSA, GOST parameters "SHALL" be empty
      }
   else
      {
      parameters = key.algorithm_identifier().get_parameters();
      }

   return AlgorithmIdentifier(oid, parameters);
   }

}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* EMSA1
3		* (C) 1999-2007,2021 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/internal/emsa1.h>
9		#include <botan/exceptn.h>
10		#include <botan/pk_keys.h>
11		#include <botan/internal/padding.h>
12
13		namespace Botan {
14
15		namespace {
16
17		secure_vector<uint8_t> emsa1_encoding(const secure_vector<uint8_t>& msg,
18		size_t output_bits)
19	511	{
20	511	const size_t msg_bits = 8*msg.size();
21	511	if(msg_bits <= output_bits)
22	365	return msg;
23
24	146	const size_t shift = msg_bits - output_bits;
25	146	const size_t byte_shift = shift / 8;
26	146	const size_t bit_shift = shift % 8;
27
28	146	secure_vector<uint8_t> digest(msg.size() - byte_shift);
29
30	4.05k	for(size_t i = 0; i != msg.size() - byte_shift; ++i)
31	3.90k	digest[i] = msg[i];
32
33	146	if(bit_shift)
34	50	{
35	50	uint8_t carry = 0;
36	1.27k	for(size_t i = 0; i != digest.size(); ++i)
37	1.22k	{
38	1.22k	uint8_t temp = digest[i];
39	1.22k	digest[i] = (temp >> bit_shift) \| carry;
40	1.22k	carry = (temp << (8 - bit_shift));
41	1.22k	}
42	50	}
43	146	return digest;
44	511	}
45
46		}
47
48		std::string EMSA1::name() const
49	0	{
50	0	return "EMSA1(" + m_hash->name() + ")";
51	0	}
52
53		std::unique_ptr<EMSA> EMSA1::new_object()
54	0	{
55	0	return std::make_unique<EMSA1>(m_hash->new_object());
56	0	}
57
58		void EMSA1::update(const uint8_t input[], size_t length)
59	725	{
60	725	m_hash->update(input, length);
61	725	}
62
63		secure_vector<uint8_t> EMSA1::raw_data()
64	511	{
65	511	return m_hash->final();
66	511	}
67
68		secure_vector<uint8_t> EMSA1::encoding_of(const secure_vector<uint8_t>& msg,
69		size_t output_bits,
70		RandomNumberGenerator&)
71	511	{
72	511	if(msg.size() != hash_output_length())
73	0	throw Encoding_Error("EMSA1::encoding_of: Invalid size for input");
74	511	return emsa1_encoding(msg, output_bits);
75	511	}
76
77		bool EMSA1::verify(const secure_vector<uint8_t>& input,
78		const secure_vector<uint8_t>& raw,
79		size_t key_bits)
80	0	{
81	0	if(raw.size() != m_hash->output_length())
82	0	return false;
83
84		// Call emsa1_encoding to handle any required bit shifting
85	0	const secure_vector<uint8_t> our_coding = emsa1_encoding(raw, key_bits);
86
87	0	if(our_coding.size() < input.size())
88	0	return false;
89
90	0	const size_t offset = our_coding.size() - input.size(); // must be >= 0 per check above
91
92		// If our encoding is longer, all the bytes in it must be zero
93	0	for(size_t i = 0; i != offset; ++i)
94	0	if(our_coding[i] != 0)
95	0	return false;
96
97	0	return constant_time_compare(input.data(), &our_coding[offset], input.size());
98	0	}
99
100		AlgorithmIdentifier EMSA1::config_for_x509(const Private_Key& key,
101		const std::string& cert_hash_name) const
102	0	{
103	0	if(cert_hash_name != m_hash->name())
104	0	throw Invalid_Argument("Hash function from opts and hash_fn argument"
105	0	" need to be identical");
106		// check that the signature algorithm and the padding scheme fit
107	0	if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA1"))
108	0	{
109	0	throw Invalid_Argument("Encoding scheme with canonical name EMSA1"
110	0	" not supported for signature algorithm " + key.algo_name());
111	0	}
112
113	0	const OID oid = OID::from_string(key.algo_name() + "/" + name());
114
115	0	const std::string algo_name = key.algo_name();
116	0	std::vector<uint8_t> parameters;
117	0	if(algo_name == "DSA" \|\|
118	0	algo_name == "ECDSA" \|\|
119	0	algo_name == "ECGDSA" \|\|
120	0	algo_name == "ECKCDSA" \|\|
121	0	algo_name == "GOST-34.10" \|\|
122	0	algo_name == "GOST-34.10-2012-256" \|\|
123	0	algo_name == "GOST-34.10-2012-512")
124	0	{
125		// for DSA, ECDSA, GOST parameters "SHALL" be empty
126	0	}
127	0	else
128	0	{
129	0	parameters = key.algorithm_identifier().get_parameters();
130	0	}
131
132	0	return AlgorithmIdentifier(oid, parameters);
133	0	}
134
135		}

Coverage Report

Created: 2021-10-13 08:49