Crypto++
pkcspad.cpp
1 // pkcspad.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_PKCSPAD_CPP // SunCC workaround: compiler could cause this file to be included twice
6 #define CRYPTOPP_PKCSPAD_CPP
7 
8 #include "pkcspad.h"
9 #include <assert.h>
10 
11 NAMESPACE_BEGIN(CryptoPP)
12 
13 // more in dll.cpp
14 template<> const byte PKCS_DigestDecoration<Weak1::MD2>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,0x04,0x10};
16 
17 template<> const byte PKCS_DigestDecoration<Weak1::MD5>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10};
19 
20 template<> const byte PKCS_DigestDecoration<RIPEMD160>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x24,0x03,0x02,0x01,0x05,0x00,0x04,0x14};
22 
23 template<> const byte PKCS_DigestDecoration<Tiger>::decoration[] = {0x30,0x29,0x30,0x0D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0C,0x02,0x05,0x00,0x04,0x18};
25 
26 size_t PKCS_EncryptionPaddingScheme::MaxUnpaddedLength(size_t paddedLength) const
27 {
28  return SaturatingSubtract(paddedLength/8, 10U);
29 }
30 
31 void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLen, byte *pkcsBlock, size_t pkcsBlockLen, const NameValuePairs &parameters) const
32 {
33  assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller
34 
35  // convert from bit length to byte length
36  if (pkcsBlockLen % 8 != 0)
37  {
38  pkcsBlock[0] = 0;
39  pkcsBlock++;
40  }
41  pkcsBlockLen /= 8;
42 
43  pkcsBlock[0] = 2; // block type 2
44 
45  // pad with non-zero random bytes
46  for (unsigned i = 1; i < pkcsBlockLen-inputLen-1; i++)
47  pkcsBlock[i] = (byte)rng.GenerateWord32(1, 0xff);
48 
49  pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator
50  memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
51 }
52 
53 DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, size_t pkcsBlockLen, byte *output, const NameValuePairs &parameters) const
54 {
55  bool invalid = false;
56  size_t maxOutputLen = MaxUnpaddedLength(pkcsBlockLen);
57 
58  // convert from bit length to byte length
59  if (pkcsBlockLen % 8 != 0)
60  {
61  invalid = (pkcsBlock[0] != 0) || invalid;
62  pkcsBlock++;
63  }
64  pkcsBlockLen /= 8;
65 
66  // Require block type 2.
67  invalid = (pkcsBlock[0] != 2) || invalid;
68 
69  // skip past the padding until we find the separator
70  size_t i=1;
71  while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body
72  }
73  assert(i==pkcsBlockLen || pkcsBlock[i-1]==0);
74 
75  size_t outputLen = pkcsBlockLen - i;
76  invalid = (outputLen > maxOutputLen) || invalid;
77 
78  if (invalid)
79  return DecodingResult();
80 
81  memcpy (output, pkcsBlock+i, outputLen);
82  return DecodingResult(outputLen);
83 }
84 
85 // ********************************************************
86 
87 #ifndef CRYPTOPP_IMPORTS
88 
89 void PKCS1v15_SignatureMessageEncodingMethod::ComputeMessageRepresentative(RandomNumberGenerator &rng,
90  const byte *recoverableMessage, size_t recoverableMessageLength,
91  HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
92  byte *representative, size_t representativeBitLength) const
93 {
94  assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize()));
95 
96  size_t pkcsBlockLen = representativeBitLength;
97  // convert from bit length to byte length
98  if (pkcsBlockLen % 8 != 0)
99  {
100  representative[0] = 0;
101  representative++;
102  }
103  pkcsBlockLen /= 8;
104 
105  representative[0] = 1; // block type 1
106 
107  unsigned int digestSize = hash.DigestSize();
108  byte *pPadding = representative + 1;
109  byte *pDigest = representative + pkcsBlockLen - digestSize;
110  byte *pHashId = pDigest - hashIdentifier.second;
111  byte *pSeparator = pHashId - 1;
112 
113  // pad with 0xff
114  memset(pPadding, 0xff, pSeparator-pPadding);
115  *pSeparator = 0;
116  memcpy(pHashId, hashIdentifier.first, hashIdentifier.second);
117  hash.Final(pDigest);
118 }
119 
120 #endif
121 
122 NAMESPACE_END
123 
124 #endif