/src/botan/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp

Source (jump to first uncovered line)
/*
* PKCS #1 v1.5 signature padding
* (C) 1999-2008 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/internal/emsa_pkcs1.h>
#include <botan/internal/hash_id.h>
#include <botan/exceptn.h>
#include <botan/pk_keys.h>
#include <botan/internal/padding.h>

namespace Botan {

namespace {

secure_vector<uint8_t> emsa3_encoding(const secure_vector<uint8_t>& msg,
                                   size_t output_bits,
                                   const uint8_t hash_id[],
                                   size_t hash_id_length)
   {
   size_t output_length = output_bits / 8;
   if(output_length < hash_id_length + msg.size() + 10)
      throw Encoding_Error("emsa3_encoding: Output length is too small");

   secure_vector<uint8_t> T(output_length);
   const size_t P_LENGTH = output_length - msg.size() - hash_id_length - 2;

   T[0] = 0x01;
   set_mem(&T[1], P_LENGTH, 0xFF);
   T[P_LENGTH+1] = 0x00;

   if(hash_id_length > 0)
      {
      BOTAN_ASSERT_NONNULL(hash_id);
      buffer_insert(T, P_LENGTH+2, hash_id, hash_id_length);
      }

   buffer_insert(T, output_length-msg.size(), msg.data(), msg.size());
   return T;
   }

}

void EMSA_PKCS1v15::update(const uint8_t input[], size_t length)
   {
   m_hash->update(input, length);
   }

secure_vector<uint8_t> EMSA_PKCS1v15::raw_data()
   {
   return m_hash->final();
   }

secure_vector<uint8_t>
EMSA_PKCS1v15::encoding_of(const secure_vector<uint8_t>& msg,
                           size_t output_bits,
                           RandomNumberGenerator& /*rng*/)
   {
   if(msg.size() != m_hash->output_length())
      throw Encoding_Error("EMSA_PKCS1v15::encoding_of: Bad input length");

   return emsa3_encoding(msg, output_bits,
                         m_hash_id.data(), m_hash_id.size());
   }

bool EMSA_PKCS1v15::verify(const secure_vector<uint8_t>& coded,
                           const secure_vector<uint8_t>& raw,
                           size_t key_bits)
   {
   if(raw.size() != m_hash->output_length())
      return false;

   try
      {
      return (coded == emsa3_encoding(raw, key_bits,
                                      m_hash_id.data(), m_hash_id.size()));
      }
   catch(...)
      {
      return false;
      }
   }

AlgorithmIdentifier EMSA_PKCS1v15::config_for_x509(const std::string& algo_name,
                                                   const std::string& cert_hash_name) const
   {
   if(cert_hash_name != m_hash->name())
      throw Invalid_Argument("PKCS1v15: Cert hash " + cert_hash_name +
                             " incompatible with specified hash " + m_hash->name());

   // check that the signature algorithm and the padding scheme fit
   if(!sig_algo_and_pad_ok(algo_name, "EMSA3"))
      {
      throw Invalid_Argument("Encoding scheme with canonical name EMSA3"
         " not supported for signature algorithm " + algo_name);
      }

   // for RSA PKCSv1.5 parameters "SHALL" be NULL

   const OID oid = OID::from_string(algo_name + "/" + name());
   return AlgorithmIdentifier(oid, AlgorithmIdentifier::USE_NULL_PARAM);
   }

EMSA_PKCS1v15::EMSA_PKCS1v15(std::unique_ptr<HashFunction> hash) :
   m_hash(std::move(hash))
   {
   m_hash_id = pkcs_hash_id(m_hash->name());
   }

EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw()
   {
   m_hash_output_len = 0;
   // m_hash_id, m_hash_name left empty
   }

EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw(const std::string& hash_algo)
   {
   std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_algo));
   m_hash_id = pkcs_hash_id(hash_algo);
   m_hash_name = hash->name();
   m_hash_output_len = hash->output_length();
   }

void EMSA_PKCS1v15_Raw::update(const uint8_t input[], size_t length)
   {
   m_message += std::make_pair(input, length);
   }

secure_vector<uint8_t> EMSA_PKCS1v15_Raw::raw_data()
   {
   secure_vector<uint8_t> ret;
   std::swap(ret, m_message);

   if(m_hash_output_len > 0 && ret.size() != m_hash_output_len)
      throw Encoding_Error("EMSA_PKCS1v15_Raw::encoding_of: Bad input length");

   return ret;
   }

secure_vector<uint8_t>
EMSA_PKCS1v15_Raw::encoding_of(const secure_vector<uint8_t>& msg,
                               size_t output_bits,
                               RandomNumberGenerator& /*rng*/)
   {
   return emsa3_encoding(msg, output_bits, m_hash_id.data(), m_hash_id.size());
   }

bool EMSA_PKCS1v15_Raw::verify(const secure_vector<uint8_t>& coded,
                               const secure_vector<uint8_t>& raw,
                               size_t key_bits)
   {
   if(m_hash_output_len > 0 && raw.size() != m_hash_output_len)
      return false;

   try
      {
      return (coded == emsa3_encoding(raw, key_bits, m_hash_id.data(), m_hash_id.size()));
      }
   catch(...)
      {
      return false;
      }
   }

}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* PKCS #1 v1.5 signature padding
3		* (C) 1999-2008 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/internal/emsa_pkcs1.h>
9		#include <botan/internal/hash_id.h>
10		#include <botan/exceptn.h>
11		#include <botan/pk_keys.h>
12		#include <botan/internal/padding.h>
13
14		namespace Botan {
15
16		namespace {
17
18		secure_vector<uint8_t> emsa3_encoding(const secure_vector<uint8_t>& msg,
19		size_t output_bits,
20		const uint8_t hash_id[],
21		size_t hash_id_length)
22	7.66k	{
23	7.66k	size_t output_length = output_bits / 8;
24	7.66k	if(output_length < hash_id_length + msg.size() + 10)
25	360	throw Encoding_Error("emsa3_encoding: Output length is too small");
26
27	7.30k	secure_vector<uint8_t> T(output_length);
28	7.30k	const size_t P_LENGTH = output_length - msg.size() - hash_id_length - 2;
29
30	7.30k	T[0] = 0x01;
31	7.30k	set_mem(&T[1], P_LENGTH, 0xFF);
32	7.30k	T[P_LENGTH+1] = 0x00;
33
34	7.30k	if(hash_id_length > 0)
35	7.30k	{
36	7.30k	BOTAN_ASSERT_NONNULL(hash_id);
37	7.30k	buffer_insert(T, P_LENGTH+2, hash_id, hash_id_length);
38	7.30k	}
39
40	7.30k	buffer_insert(T, output_length-msg.size(), msg.data(), msg.size());
41	7.30k	return T;
42	7.66k	}
43
44		}
45
46		void EMSA_PKCS1v15::update(const uint8_t input[], size_t length)
47	7.89k	{
48	7.89k	m_hash->update(input, length);
49	7.89k	}
50
51		secure_vector<uint8_t> EMSA_PKCS1v15::raw_data()
52	7.89k	{
53	7.89k	return m_hash->final();
54	7.89k	}
55
56		secure_vector<uint8_t>
57		EMSA_PKCS1v15::encoding_of(const secure_vector<uint8_t>& msg,
58		size_t output_bits,
59		RandomNumberGenerator& /rng/)
60	0	{
61	0	if(msg.size() != m_hash->output_length())
62	0	throw Encoding_Error("EMSA_PKCS1v15::encoding_of: Bad input length");
63
64	0	return emsa3_encoding(msg, output_bits,
65	0	m_hash_id.data(), m_hash_id.size());
66	0	}
67
68		bool EMSA_PKCS1v15::verify(const secure_vector<uint8_t>& coded,
69		const secure_vector<uint8_t>& raw,
70		size_t key_bits)
71	7.66k	{
72	7.66k	if(raw.size() != m_hash->output_length())
73	0	return false;
74
75	7.66k	try
76	7.66k	{
77	7.66k	return (coded == emsa3_encoding(raw, key_bits,
78	7.66k	m_hash_id.data(), m_hash_id.size()));
79	7.66k	}
80	7.66k	catch(...)
81	7.66k	{
82	360	return false;
83	360	}
84	7.66k	}
85
86		AlgorithmIdentifier EMSA_PKCS1v15::config_for_x509(const std::string& algo_name,
87		const std::string& cert_hash_name) const
88	11.1k	{
89	11.1k	if(cert_hash_name != m_hash->name())
90	0	throw Invalid_Argument("PKCS1v15: Cert hash " + cert_hash_name +
91	0	" incompatible with specified hash " + m_hash->name());
92
93		// check that the signature algorithm and the padding scheme fit
94	11.1k	if(!sig_algo_and_pad_ok(algo_name, "EMSA3"))
95	0	{
96	0	throw Invalid_Argument("Encoding scheme with canonical name EMSA3"
97	0	" not supported for signature algorithm " + algo_name);
98	0	}
99
100		// for RSA PKCSv1.5 parameters "SHALL" be NULL
101
102	11.1k	const OID oid = OID::from_string(algo_name + "/" + name());
103	11.1k	return AlgorithmIdentifier(oid, AlgorithmIdentifier::USE_NULL_PARAM);
104	11.1k	}
105
106		EMSA_PKCS1v15::EMSA_PKCS1v15(std::unique_ptr<HashFunction> hash) :
107		m_hash(std::move(hash))
108	19.0k	{
109	19.0k	m_hash_id = pkcs_hash_id(m_hash->name());
110	19.0k	}
111
112		EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw()
113	0	{
114	0	m_hash_output_len = 0;
115		// m_hash_id, m_hash_name left empty
116	0	}
117
118		EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw(const std::string& hash_algo)
119	0	{
120	0	std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_algo));
121	0	m_hash_id = pkcs_hash_id(hash_algo);
122	0	m_hash_name = hash->name();
123	0	m_hash_output_len = hash->output_length();
124	0	}
125
126		void EMSA_PKCS1v15_Raw::update(const uint8_t input[], size_t length)
127	0	{
128	0	m_message += std::make_pair(input, length);
129	0	}
130
131		secure_vector<uint8_t> EMSA_PKCS1v15_Raw::raw_data()
132	0	{
133	0	secure_vector<uint8_t> ret;
134	0	std::swap(ret, m_message);
135
136	0	if(m_hash_output_len > 0 && ret.size() != m_hash_output_len)
137	0	throw Encoding_Error("EMSA_PKCS1v15_Raw::encoding_of: Bad input length");
138
139	0	return ret;
140	0	}
141
142		secure_vector<uint8_t>
143		EMSA_PKCS1v15_Raw::encoding_of(const secure_vector<uint8_t>& msg,
144		size_t output_bits,
145		RandomNumberGenerator& /rng/)
146	0	{
147	0	return emsa3_encoding(msg, output_bits, m_hash_id.data(), m_hash_id.size());
148	0	}
149
150		bool EMSA_PKCS1v15_Raw::verify(const secure_vector<uint8_t>& coded,
151		const secure_vector<uint8_t>& raw,
152		size_t key_bits)
153	0	{
154	0	if(m_hash_output_len > 0 && raw.size() != m_hash_output_len)
155	0	return false;
156
157	0	try
158	0	{
159	0	return (coded == emsa3_encoding(raw, key_bits, m_hash_id.data(), m_hash_id.size()));
160	0	}
161	0	catch(...)
162	0	{
163	0	return false;
164	0	}
165	0	}
166
167		}

Coverage Report

Created: 2023-02-13 06:21