diff options
Diffstat (limited to 'botan/src/pk_pad')
31 files changed, 1503 insertions, 0 deletions
diff --git a/botan/src/pk_pad/eme.cpp b/botan/src/pk_pad/eme.cpp new file mode 100644 index 0000000..74bba5a --- /dev/null +++ b/botan/src/pk_pad/eme.cpp @@ -0,0 +1,50 @@ +/* +* EME Base Class +* (C) 1999-2008 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/eme.h> + +namespace Botan { + +/* +* Encode a message +*/ +SecureVector<byte> EME::encode(const byte msg[], u32bit msg_len, + u32bit key_bits, + RandomNumberGenerator& rng) const + { + return pad(msg, msg_len, key_bits, rng); + } + +/* +* Encode a message +*/ +SecureVector<byte> EME::encode(const MemoryRegion<byte>& msg, + u32bit key_bits, + RandomNumberGenerator& rng) const + { + return pad(msg, msg.size(), key_bits, rng); + } + +/* +* Decode a message +*/ +SecureVector<byte> EME::decode(const byte msg[], u32bit msg_len, + u32bit key_bits) const + { + return unpad(msg, msg_len, key_bits); + } + +/* +* Decode a message +*/ +SecureVector<byte> EME::decode(const MemoryRegion<byte>& msg, + u32bit key_bits) const + { + return unpad(msg, msg.size(), key_bits); + } + +} diff --git a/botan/src/pk_pad/eme.h b/botan/src/pk_pad/eme.h new file mode 100644 index 0000000..321c1d0 --- /dev/null +++ b/botan/src/pk_pad/eme.h @@ -0,0 +1,42 @@ +/* +* EME Classes +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PUBKEY_EME_ENCRYPTION_PAD_H__ +#define BOTAN_PUBKEY_EME_ENCRYPTION_PAD_H__ + +#include <botan/secmem.h> +#include <botan/rng.h> + +namespace Botan { + +/* +* Encoding Method for Encryption +*/ +class BOTAN_DLL EME + { + public: + virtual u32bit maximum_input_size(u32bit) const = 0; + + SecureVector<byte> encode(const byte[], u32bit, u32bit, + RandomNumberGenerator&) const; + SecureVector<byte> encode(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator&) const; + + SecureVector<byte> decode(const byte[], u32bit, u32bit) const; + SecureVector<byte> decode(const MemoryRegion<byte>&, u32bit) const; + + virtual ~EME() {} + private: + virtual SecureVector<byte> pad(const byte[], u32bit, u32bit, + RandomNumberGenerator&) const = 0; + + virtual SecureVector<byte> unpad(const byte[], u32bit, u32bit) const = 0; + }; + +} + +#endif diff --git a/botan/src/pk_pad/eme1/eme1.cpp b/botan/src/pk_pad/eme1/eme1.cpp new file mode 100644 index 0000000..13f68f8 --- /dev/null +++ b/botan/src/pk_pad/eme1/eme1.cpp @@ -0,0 +1,103 @@ +/* +* EME1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/eme1.h> +#include <botan/mgf1.h> +#include <memory> + +namespace Botan { + +/* +* EME1 Pad Operation +*/ +SecureVector<byte> EME1::pad(const byte in[], u32bit in_length, + u32bit key_length, + RandomNumberGenerator& rng) const + { + key_length /= 8; + + if(in_length > key_length - 2*HASH_LENGTH - 1) + throw Exception("EME1: Input is too large"); + + SecureVector<byte> out(key_length); + + out.clear(); + + rng.randomize(out, HASH_LENGTH); + + out.copy(HASH_LENGTH, Phash, Phash.size()); + out[out.size() - in_length - 1] = 0x01; + out.copy(out.size() - in_length, in, in_length); + mgf->mask(out, HASH_LENGTH, out + HASH_LENGTH, out.size() - HASH_LENGTH); + mgf->mask(out + HASH_LENGTH, out.size() - HASH_LENGTH, out, HASH_LENGTH); + + return out; + } + +/* +* EME1 Unpad Operation +*/ +SecureVector<byte> EME1::unpad(const byte in[], u32bit in_length, + u32bit key_length) const + { + /* + Must be careful about error messages here; if an attacker can + distinguish them, it is easy to use the differences as an oracle to + find the secret key, as described in "A Chosen Ciphertext Attack on + RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in + PKCS #1 v2.0", James Manger, Crypto 2001 + */ + + key_length /= 8; + if(in_length > key_length) + throw Decoding_Error("Invalid EME1 encoding"); + + SecureVector<byte> tmp(key_length); + tmp.copy(key_length - in_length, in, in_length); + + mgf->mask(tmp + HASH_LENGTH, tmp.size() - HASH_LENGTH, tmp, HASH_LENGTH); + mgf->mask(tmp, HASH_LENGTH, tmp + HASH_LENGTH, tmp.size() - HASH_LENGTH); + + for(u32bit j = 0; j != Phash.size(); ++j) + if(tmp[j+HASH_LENGTH] != Phash[j]) + throw Decoding_Error("Invalid EME1 encoding"); + + for(u32bit j = HASH_LENGTH + Phash.size(); j != tmp.size(); ++j) + { + if(tmp[j] && tmp[j] != 0x01) + throw Decoding_Error("Invalid EME1 encoding"); + if(tmp[j] && tmp[j] == 0x01) + { + SecureVector<byte> retval(tmp + j + 1, tmp.size() - j - 1); + return retval; + } + } + throw Decoding_Error("Invalid EME1 encoding"); + } + +/* +* Return the max input size for a given key size +*/ +u32bit EME1::maximum_input_size(u32bit keybits) const + { + if(keybits / 8 > 2*HASH_LENGTH + 1) + return ((keybits / 8) - 2*HASH_LENGTH - 1); + else + return 0; + } + +/* +* EME1 Constructor +*/ +EME1::EME1(HashFunction* hash, const std::string& P) : + HASH_LENGTH(hash->OUTPUT_LENGTH) + { + Phash = hash->process(P); + mgf = new MGF1(hash); + } + +} diff --git a/botan/src/pk_pad/eme1/eme1.h b/botan/src/pk_pad/eme1/eme1.h new file mode 100644 index 0000000..4df5c5f --- /dev/null +++ b/botan/src/pk_pad/eme1/eme1.h @@ -0,0 +1,45 @@ +/* +* EME1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EME1_H__ +#define BOTAN_EME1_H__ + +#include <botan/eme.h> +#include <botan/kdf.h> +#include <botan/hash.h> + +namespace Botan { + +/* +* EME1 +*/ +class BOTAN_DLL EME1 : public EME + { + public: + u32bit maximum_input_size(u32bit) const; + + /** + EME1 constructor. Hash will be deleted by ~EME1 (when mgf is deleted) + + P is an optional label. Normally empty. + */ + EME1(HashFunction* hash, const std::string& P = ""); + + ~EME1() { delete mgf; } + private: + SecureVector<byte> pad(const byte[], u32bit, u32bit, + RandomNumberGenerator&) const; + SecureVector<byte> unpad(const byte[], u32bit, u32bit) const; + + const u32bit HASH_LENGTH; + SecureVector<byte> Phash; + MGF* mgf; + }; + +} + +#endif diff --git a/botan/src/pk_pad/eme1/info.txt b/botan/src/pk_pad/eme1/info.txt new file mode 100644 index 0000000..2f61265 --- /dev/null +++ b/botan/src/pk_pad/eme1/info.txt @@ -0,0 +1,16 @@ +realname "EME1" + +define EME1 + +load_on auto + +<add> +eme1.h +eme1.cpp +</add> + +<requires> +hash +kdf +mgf1 +</requires> diff --git a/botan/src/pk_pad/eme_pkcs/eme_pkcs.cpp b/botan/src/pk_pad/eme_pkcs/eme_pkcs.cpp new file mode 100644 index 0000000..c2f9c91 --- /dev/null +++ b/botan/src/pk_pad/eme_pkcs/eme_pkcs.cpp @@ -0,0 +1,70 @@ +/* +* PKCS1 EME +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/eme_pkcs.h> + +namespace Botan { + +/* +* PKCS1 Pad Operation +*/ +SecureVector<byte> EME_PKCS1v15::pad(const byte in[], u32bit inlen, + u32bit olen, + RandomNumberGenerator& rng) const + { + olen /= 8; + + if(olen < 10) + throw Encoding_Error("PKCS1: Output space too small"); + if(inlen > olen - 10) + throw Encoding_Error("PKCS1: Input is too large"); + + SecureVector<byte> out(olen); + + out[0] = 0x02; + for(u32bit j = 1; j != olen - inlen - 1; ++j) + while(out[j] == 0) + out[j] = rng.next_byte(); + out.copy(olen - inlen, in, inlen); + + return out; + } + +/* +* PKCS1 Unpad Operation +*/ +SecureVector<byte> EME_PKCS1v15::unpad(const byte in[], u32bit inlen, + u32bit key_len) const + { + if(inlen != key_len / 8 || inlen < 10 || in[0] != 0x02) + throw Decoding_Error("PKCS1::unpad"); + + u32bit seperator = 0; + for(u32bit j = 0; j != inlen; ++j) + if(in[j] == 0) + { + seperator = j; + break; + } + if(seperator < 9) + throw Decoding_Error("PKCS1::unpad"); + + return SecureVector<byte>(in + seperator + 1, inlen - seperator - 1); + } + +/* +* Return the max input size for a given key size +*/ +u32bit EME_PKCS1v15::maximum_input_size(u32bit keybits) const + { + if(keybits / 8 > 10) + return ((keybits / 8) - 10); + else + return 0; + } + +} diff --git a/botan/src/pk_pad/eme_pkcs/eme_pkcs.h b/botan/src/pk_pad/eme_pkcs/eme_pkcs.h new file mode 100644 index 0000000..1aeedf5 --- /dev/null +++ b/botan/src/pk_pad/eme_pkcs/eme_pkcs.h @@ -0,0 +1,30 @@ +/* +* EME PKCS#1 v1.5 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EME_PKCS1_H__ +#define BOTAN_EME_PKCS1_H__ + +#include <botan/eme.h> + +namespace Botan { + +/* +* EME_PKCS1v15 +*/ +class BOTAN_DLL EME_PKCS1v15 : public EME + { + public: + u32bit maximum_input_size(u32bit) const; + private: + SecureVector<byte> pad(const byte[], u32bit, u32bit, + RandomNumberGenerator&) const; + SecureVector<byte> unpad(const byte[], u32bit, u32bit) const; + }; + +} + +#endif diff --git a/botan/src/pk_pad/eme_pkcs/info.txt b/botan/src/pk_pad/eme_pkcs/info.txt new file mode 100644 index 0000000..88d9caf --- /dev/null +++ b/botan/src/pk_pad/eme_pkcs/info.txt @@ -0,0 +1,10 @@ +realname "PKCSv1 v1.5 EME" + +define EME_PKCS1v15 + +load_on auto + +<add> +eme_pkcs.h +eme_pkcs.cpp +</add> diff --git a/botan/src/pk_pad/emsa.h b/botan/src/pk_pad/emsa.h new file mode 100644 index 0000000..e2491e4 --- /dev/null +++ b/botan/src/pk_pad/emsa.h @@ -0,0 +1,36 @@ +/* +* EMSA Classes +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PUBKEY_EMSA_H__ +#define BOTAN_PUBKEY_EMSA_H__ + +#include <botan/secmem.h> +#include <botan/rng.h> + +namespace Botan { + +/* +* Encoding Method for Signatures, Appendix +*/ +class BOTAN_DLL EMSA + { + public: + virtual void update(const byte[], u32bit) = 0; + virtual SecureVector<byte> raw_data() = 0; + + virtual SecureVector<byte> encoding_of(const MemoryRegion<byte>&, + u32bit, + RandomNumberGenerator& rng) = 0; + + virtual bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw() = 0; + virtual ~EMSA() {} + }; + +} + +#endif diff --git a/botan/src/pk_pad/emsa1/emsa1.cpp b/botan/src/pk_pad/emsa1/emsa1.cpp new file mode 100644 index 0000000..26d709c --- /dev/null +++ b/botan/src/pk_pad/emsa1/emsa1.cpp @@ -0,0 +1,105 @@ +/* +* EMSA1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa1.h> + +namespace Botan { + +namespace { + +SecureVector<byte> emsa1_encoding(const MemoryRegion<byte>& msg, + u32bit output_bits) + { + if(8*msg.size() <= output_bits) + return msg; + + u32bit shift = 8*msg.size() - output_bits; + + u32bit byte_shift = shift / 8, bit_shift = shift % 8; + SecureVector<byte> digest(msg.size() - byte_shift); + + for(u32bit j = 0; j != msg.size() - byte_shift; ++j) + digest[j] = msg[j]; + + if(bit_shift) + { + byte carry = 0; + for(u32bit j = 0; j != digest.size(); ++j) + { + byte temp = digest[j]; + digest[j] = (temp >> bit_shift) | carry; + carry = (temp << (8 - bit_shift)); + } + } + return digest; + } + +} + +/* +* EMSA1 Update Operation +*/ +void EMSA1::update(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +SecureVector<byte> EMSA1::raw_data() + { + return hash->final(); + } + +/* +* EMSA1 Encode Operation +*/ +SecureVector<byte> EMSA1::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator&) + { + if(msg.size() != hash->OUTPUT_LENGTH) + throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); + return emsa1_encoding(msg, output_bits); + } + +/* +* EMSA1 Decode/Verify Operation +*/ +bool EMSA1::verify(const MemoryRegion<byte>& coded, + const MemoryRegion<byte>& raw, u32bit key_bits) throw() + { + try { + if(raw.size() != hash->OUTPUT_LENGTH) + throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); + + SecureVector<byte> our_coding = emsa1_encoding(raw, key_bits); + + if(our_coding == coded) return true; + if(our_coding[0] != 0) return false; + if(our_coding.size() <= coded.size()) return false; + + u32bit offset = 0; + while(our_coding[offset] == 0 && offset < our_coding.size()) + ++offset; + if(our_coding.size() - offset != coded.size()) + return false; + + for(u32bit j = 0; j != coded.size(); ++j) + if(coded[j] != our_coding[j+offset]) + return false; + + return true; + } + catch(Invalid_Argument) + { + return false; + } + } + +} diff --git a/botan/src/pk_pad/emsa1/emsa1.h b/botan/src/pk_pad/emsa1/emsa1.h new file mode 100644 index 0000000..a5dac07 --- /dev/null +++ b/botan/src/pk_pad/emsa1/emsa1.h @@ -0,0 +1,41 @@ +/* +* EMSA1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA1_H__ +#define BOTAN_EMSA1_H__ + +#include <botan/emsa.h> +#include <botan/hash.h> + +namespace Botan { + +/* +* EMSA1 +*/ +class BOTAN_DLL EMSA1 : public EMSA + { + public: + EMSA1(HashFunction* h) : hash(h) {} + ~EMSA1() { delete hash; } + protected: + const HashFunction* hash_ptr() const { return hash; } + private: + void update(const byte[], u32bit); + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + HashFunction* hash; + }; + +} + +#endif diff --git a/botan/src/pk_pad/emsa1/info.txt b/botan/src/pk_pad/emsa1/info.txt new file mode 100644 index 0000000..086270b --- /dev/null +++ b/botan/src/pk_pad/emsa1/info.txt @@ -0,0 +1,14 @@ +realname "EMSA1" + +define EMSA1 + +load_on auto + +<add> +emsa1.h +emsa1.cpp +</add> + +<requires> +hash +</requires> diff --git a/botan/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp b/botan/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp new file mode 100644 index 0000000..212091e --- /dev/null +++ b/botan/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp @@ -0,0 +1,29 @@ +/* +* EMSA1 BSI +* (C) 1999-2008 Jack Lloyd +* 2008 Falko Strenzke, FlexSecure GmbH +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa1_bsi.h> + +namespace Botan { + +/* +* EMSA1 BSI Encode Operation +*/ +SecureVector<byte> EMSA1_BSI::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator&) + { + if(msg.size() != hash_ptr()->OUTPUT_LENGTH) + throw Encoding_Error("EMSA1_BSI::encoding_of: Invalid size for input"); + + if(8*msg.size() <= output_bits) + return msg; + + throw Encoding_Error("EMSA1_BSI::encoding_of: max key input size exceeded"); + } + +} diff --git a/botan/src/pk_pad/emsa1_bsi/emsa1_bsi.h b/botan/src/pk_pad/emsa1_bsi/emsa1_bsi.h new file mode 100644 index 0000000..ec86d40 --- /dev/null +++ b/botan/src/pk_pad/emsa1_bsi/emsa1_bsi.h @@ -0,0 +1,32 @@ +/* +* EMSA1 BSI Variant +* (C) 1999-2008 Jack Lloyd +* 2007 FlexSecure GmbH +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA1_BSI_H__ +#define BOTAN_EMSA1_BSI_H__ + +#include <botan/emsa1.h> + +namespace Botan { + +/** +EMSA1_BSI is a variant of EMSA1 specified by the BSI. It accepts only +hash values which are less or equal than the maximum key length. The +implementation comes from InSiTo +*/ +class BOTAN_DLL EMSA1_BSI : public EMSA1 + { + public: + EMSA1_BSI(HashFunction* hash) : EMSA1(hash) {} + private: + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + }; + +} + +#endif diff --git a/botan/src/pk_pad/emsa1_bsi/info.txt b/botan/src/pk_pad/emsa1_bsi/info.txt new file mode 100644 index 0000000..14a9fd3 --- /dev/null +++ b/botan/src/pk_pad/emsa1_bsi/info.txt @@ -0,0 +1,14 @@ +realname "EMSA1 (BSI variant)" + +define EMSA1_BSI + +load_on auto + +<add> +emsa1_bsi.h +emsa1_bsi.cpp +</add> + +<requires> +emsa1 +</requires> diff --git a/botan/src/pk_pad/emsa2/emsa2.cpp b/botan/src/pk_pad/emsa2/emsa2.cpp new file mode 100644 index 0000000..aee3231 --- /dev/null +++ b/botan/src/pk_pad/emsa2/emsa2.cpp @@ -0,0 +1,112 @@ +/* +* EMSA2 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa2.h> +#include <botan/hash_id.h> + +namespace Botan { + +namespace { + +/* +* EMSA2 Encode Operation +*/ +SecureVector<byte> emsa2_encoding(const MemoryRegion<byte>& msg, + u32bit output_bits, + const MemoryRegion<byte>& empty_hash, + byte hash_id) + { + const u32bit HASH_SIZE = empty_hash.size(); + + u32bit output_length = (output_bits + 1) / 8; + + if(msg.size() != HASH_SIZE) + throw Encoding_Error("EMSA2::encoding_of: Bad input length"); + if(output_length < HASH_SIZE + 4) + throw Encoding_Error("EMSA2::encoding_of: Output length is too small"); + + bool empty = true; + for(u32bit j = 0; j != HASH_SIZE; ++j) + if(empty_hash[j] != msg[j]) + empty = false; + + SecureVector<byte> output(output_length); + + output[0] = (empty ? 0x4B : 0x6B); + output[output_length - 3 - HASH_SIZE] = 0xBA; + set_mem(output + 1, output_length - 4 - HASH_SIZE, 0xBB); + output.copy(output_length - (HASH_SIZE + 2), msg, msg.size()); + output[output_length-2] = hash_id; + output[output_length-1] = 0xCC; + + return output; + } + +} + +/* +* EMSA2 Update Operation +*/ +void EMSA2::update(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +SecureVector<byte> EMSA2::raw_data() + { + return hash->final(); + } + +/* +* EMSA2 Encode Operation +*/ +SecureVector<byte> EMSA2::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator&) + { + return emsa2_encoding(msg, output_bits, empty_hash, hash_id); + } + +/* +* EMSA2 Verify Operation +*/ +bool EMSA2::verify(const MemoryRegion<byte>& coded, + const MemoryRegion<byte>& raw, + u32bit key_bits) throw() + { + try + { + return (coded == emsa2_encoding(raw, key_bits, + empty_hash, hash_id)); + } + catch(...) + { + return false; + } + } + +/* +* EMSA2 Constructor +*/ +EMSA2::EMSA2(HashFunction* hash_in) : hash(hash_in) + { + empty_hash = hash->final(); + + hash_id = ieee1363_hash_id(hash->name()); + + if(hash_id == 0) + { + std::string hashname = hash->name(); + delete hash; + throw Encoding_Error("EMSA2 cannot be used with " + hashname); + } + } + +} diff --git a/botan/src/pk_pad/emsa2/emsa2.h b/botan/src/pk_pad/emsa2/emsa2.h new file mode 100644 index 0000000..76888d1 --- /dev/null +++ b/botan/src/pk_pad/emsa2/emsa2.h @@ -0,0 +1,41 @@ +/* +* EMSA2 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA2_H__ +#define BOTAN_EMSA2_H__ + +#include <botan/emsa.h> +#include <botan/hash.h> + +namespace Botan { + +/* +* EMSA2 +*/ +class BOTAN_DLL EMSA2 : public EMSA + { + public: + EMSA2(HashFunction* hash); + ~EMSA2() { delete hash; } + private: + void update(const byte[], u32bit); + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + SecureVector<byte> empty_hash; + HashFunction* hash; + byte hash_id; + }; + +} + +#endif diff --git a/botan/src/pk_pad/emsa2/info.txt b/botan/src/pk_pad/emsa2/info.txt new file mode 100644 index 0000000..1c8161c --- /dev/null +++ b/botan/src/pk_pad/emsa2/info.txt @@ -0,0 +1,15 @@ +realname "EMSA2" + +define EMSA2 + +load_on auto + +<add> +emsa2.h +emsa2.cpp +</add> + +<requires> +hash +hash_id +</requires> diff --git a/botan/src/pk_pad/emsa3/emsa3.cpp b/botan/src/pk_pad/emsa3/emsa3.cpp new file mode 100644 index 0000000..4d50abd --- /dev/null +++ b/botan/src/pk_pad/emsa3/emsa3.cpp @@ -0,0 +1,152 @@ +/* +* EMSA3 and EMSA3_Raw +* (C) 1999-2008 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa3.h> +#include <botan/hash_id.h> + +namespace Botan { + +namespace { + +/** +* EMSA3 Encode Operation +*/ +SecureVector<byte> emsa3_encoding(const MemoryRegion<byte>& msg, + u32bit output_bits, + const byte hash_id[], + u32bit hash_id_length) + { + u32bit output_length = output_bits / 8; + if(output_length < hash_id_length + msg.size() + 10) + throw Encoding_Error("emsa3_encoding: Output length is too small"); + + SecureVector<byte> T(output_length); + const u32bit P_LENGTH = output_length - msg.size() - hash_id_length - 2; + + T[0] = 0x01; + set_mem(T+1, P_LENGTH, 0xFF); + T[P_LENGTH+1] = 0x00; + T.copy(P_LENGTH+2, hash_id, hash_id_length); + T.copy(output_length-msg.size(), msg, msg.size()); + return T; + } + +} + +/** +* EMSA3 Update Operation +*/ +void EMSA3::update(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/** +* Return the raw (unencoded) data +*/ +SecureVector<byte> EMSA3::raw_data() + { + return hash->final(); + } + +/** +* EMSA3 Encode Operation +*/ +SecureVector<byte> EMSA3::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator&) + { + if(msg.size() != hash->OUTPUT_LENGTH) + throw Encoding_Error("EMSA3::encoding_of: Bad input length"); + + return emsa3_encoding(msg, output_bits, + hash_id, hash_id.size()); + } + +/** +* Default signature decoding +*/ +bool EMSA3::verify(const MemoryRegion<byte>& coded, + const MemoryRegion<byte>& raw, + u32bit key_bits) throw() + { + if(raw.size() != hash->OUTPUT_LENGTH) + return false; + + try + { + return (coded == emsa3_encoding(raw, key_bits, + hash_id, hash_id.size())); + } + catch(...) + { + return false; + } + } + +/** +* EMSA3 Constructor +*/ +EMSA3::EMSA3(HashFunction* hash_in) : hash(hash_in) + { + hash_id = pkcs_hash_id(hash->name()); + } + +/** +* EMSA3 Destructor +*/ +EMSA3::~EMSA3() + { + delete hash; + } + +/** +* EMSA3_Raw Update Operation +*/ +void EMSA3_Raw::update(const byte input[], u32bit length) + { + message.append(input, length); + } + +/** +* Return the raw (unencoded) data +*/ +SecureVector<byte> EMSA3_Raw::raw_data() + { + SecureVector<byte> ret = message; + message.clear(); + return ret; + } + +/** +* EMSA3_Raw Encode Operation +*/ +SecureVector<byte> EMSA3_Raw::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator&) + { + return emsa3_encoding(msg, output_bits, 0, 0); + } + +/** +* Default signature decoding +*/ +bool EMSA3_Raw::verify(const MemoryRegion<byte>& coded, + const MemoryRegion<byte>& raw, + u32bit key_bits) throw() + { + try + { + return (coded == emsa3_encoding(raw, key_bits, 0, 0)); + } + catch(...) + { + return false; + } + } + +} diff --git a/botan/src/pk_pad/emsa3/emsa3.h b/botan/src/pk_pad/emsa3/emsa3.h new file mode 100644 index 0000000..301f214 --- /dev/null +++ b/botan/src/pk_pad/emsa3/emsa3.h @@ -0,0 +1,65 @@ +/* +* EMSA3 and EMSA3_Raw +* (C) 1999-2008 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA3_H__ +#define BOTAN_EMSA3_H__ + +#include <botan/emsa.h> +#include <botan/hash.h> + +namespace Botan { + +/** +* EMSA3 +* aka PKCS #1 v1.5 signature padding +* aka PKCS #1 block type 1 +*/ +class BOTAN_DLL EMSA3 : public EMSA + { + public: + EMSA3(HashFunction*); + ~EMSA3(); + + void update(const byte[], u32bit); + + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + private: + HashFunction* hash; + SecureVector<byte> hash_id; + }; + +/** +* EMSA3_Raw which is EMSA3 without a hash or digest id (which +* according to QCA docs is "identical to PKCS#11's CKM_RSA_PKCS +* mechanism", something I have not confirmed) +*/ +class BOTAN_DLL EMSA3_Raw : public EMSA + { + public: + void update(const byte[], u32bit); + + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + private: + SecureVector<byte> message; + }; + +} + +#endif diff --git a/botan/src/pk_pad/emsa3/info.txt b/botan/src/pk_pad/emsa3/info.txt new file mode 100644 index 0000000..90e4b9b --- /dev/null +++ b/botan/src/pk_pad/emsa3/info.txt @@ -0,0 +1,15 @@ +realname "EMSA3" + +define EMSA3 + +load_on auto + +<add> +emsa3.h +emsa3.cpp +</add> + +<requires> +hash +hash_id +</requires> diff --git a/botan/src/pk_pad/emsa4/emsa4.cpp b/botan/src/pk_pad/emsa4/emsa4.cpp new file mode 100644 index 0000000..cff9a15 --- /dev/null +++ b/botan/src/pk_pad/emsa4/emsa4.cpp @@ -0,0 +1,143 @@ +/* +* EMSA4 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa4.h> +#include <botan/mgf1.h> +#include <botan/bit_ops.h> + +namespace Botan { + +/* +* EMSA4 Update Operation +*/ +void EMSA4::update(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +SecureVector<byte> EMSA4::raw_data() + { + return hash->final(); + } + +/* +* EMSA4 Encode Operation +*/ +SecureVector<byte> EMSA4::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator& rng) + { + const u32bit HASH_SIZE = hash->OUTPUT_LENGTH; + + if(msg.size() != HASH_SIZE) + throw Encoding_Error("EMSA4::encoding_of: Bad input length"); + if(output_bits < 8*HASH_SIZE + 8*SALT_SIZE + 9) + throw Encoding_Error("EMSA4::encoding_of: Output length is too small"); + + const u32bit output_length = (output_bits + 7) / 8; + + SecureVector<byte> salt(SALT_SIZE); + rng.randomize(salt, SALT_SIZE); + + for(u32bit j = 0; j != 8; ++j) + hash->update(0); + hash->update(msg); + hash->update(salt, SALT_SIZE); + SecureVector<byte> H = hash->final(); + + SecureVector<byte> EM(output_length); + + EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01; + EM.copy(output_length - 1 - HASH_SIZE - SALT_SIZE, salt, SALT_SIZE); + mgf->mask(H, HASH_SIZE, EM, output_length - HASH_SIZE - 1); + EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits); + EM.copy(output_length - 1 - HASH_SIZE, H, HASH_SIZE); + EM[output_length-1] = 0xBC; + + return EM; + } + +/* +* EMSA4 Decode/Verify Operation +*/ +bool EMSA4::verify(const MemoryRegion<byte>& const_coded, + const MemoryRegion<byte>& raw, u32bit key_bits) throw() + { + const u32bit HASH_SIZE = hash->OUTPUT_LENGTH; + const u32bit KEY_BYTES = (key_bits + 7) / 8; + + if(key_bits < 8*HASH_SIZE + 9) + return false; + if(raw.size() != HASH_SIZE) + return false; + if(const_coded.size() > KEY_BYTES) + return false; + if(const_coded[const_coded.size()-1] != 0xBC) + return false; + + SecureVector<byte> coded = const_coded; + if(coded.size() < KEY_BYTES) + { + SecureVector<byte> temp(KEY_BYTES); + temp.copy(KEY_BYTES - coded.size(), coded, coded.size()); + coded = temp; + } + + const u32bit TOP_BITS = 8 * ((key_bits + 7) / 8) - key_bits; + if(TOP_BITS > 8 - high_bit(coded[0])) + return false; + + SecureVector<byte> DB(coded.begin(), coded.size() - HASH_SIZE - 1); + SecureVector<byte> H(coded + coded.size() - HASH_SIZE - 1, HASH_SIZE); + + mgf->mask(H, H.size(), DB, coded.size() - H.size() - 1); + DB[0] &= 0xFF >> TOP_BITS; + + u32bit salt_offset = 0; + for(u32bit j = 0; j != DB.size(); ++j) + { + if(DB[j] == 0x01) + { salt_offset = j + 1; break; } + if(DB[j]) + return false; + } + if(salt_offset == 0) + return false; + + SecureVector<byte> salt(DB + salt_offset, DB.size() - salt_offset); + + for(u32bit j = 0; j != 8; ++j) + hash->update(0); + hash->update(raw); + hash->update(salt); + SecureVector<byte> H2 = hash->final(); + + return (H == H2); + } + +/* +* EMSA4 Constructor +*/ +EMSA4::EMSA4(HashFunction* h) : + SALT_SIZE(h->OUTPUT_LENGTH), hash(h) + { + mgf = new MGF1(hash->clone()); + } + +/* +* EMSA4 Constructor +*/ +EMSA4::EMSA4(HashFunction* h, u32bit salt_size) : + SALT_SIZE(salt_size), hash(h) + { + mgf = new MGF1(hash->clone()); + } + +} diff --git a/botan/src/pk_pad/emsa4/emsa4.h b/botan/src/pk_pad/emsa4/emsa4.h new file mode 100644 index 0000000..b716178 --- /dev/null +++ b/botan/src/pk_pad/emsa4/emsa4.h @@ -0,0 +1,43 @@ +/* +* EMSA4 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA4_H__ +#define BOTAN_EMSA4_H__ + +#include <botan/emsa.h> +#include <botan/hash.h> +#include <botan/kdf.h> + +namespace Botan { + +/* +* EMSA4 +*/ +class BOTAN_DLL EMSA4 : public EMSA + { + public: + EMSA4(HashFunction*); + EMSA4(HashFunction*, u32bit); + + ~EMSA4() { delete hash; delete mgf; } + private: + void update(const byte[], u32bit); + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + u32bit SALT_SIZE; + HashFunction* hash; + const MGF* mgf; + }; + +} + +#endif diff --git a/botan/src/pk_pad/emsa4/info.txt b/botan/src/pk_pad/emsa4/info.txt new file mode 100644 index 0000000..29ef4e0 --- /dev/null +++ b/botan/src/pk_pad/emsa4/info.txt @@ -0,0 +1,16 @@ +realname "EMSA4" + +define EMSA4 + +load_on auto + +<add> +emsa4.h +emsa4.cpp +</add> + +<requires> +hash +kdf +mgf1 +</requires> diff --git a/botan/src/pk_pad/emsa_raw/emsa_raw.cpp b/botan/src/pk_pad/emsa_raw/emsa_raw.cpp new file mode 100644 index 0000000..d5973ee --- /dev/null +++ b/botan/src/pk_pad/emsa_raw/emsa_raw.cpp @@ -0,0 +1,50 @@ +/* +* EMSA-Raw +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/emsa_raw.h> + +namespace Botan { + +/* +* EMSA-Raw Encode Operation +*/ +void EMSA_Raw::update(const byte input[], u32bit length) + { + message.append(input, length); + } + +/* +* Return the raw (unencoded) data +*/ +SecureVector<byte> EMSA_Raw::raw_data() + { + SecureVector<byte> buf = message; + message.destroy(); + return buf; + } + +/* +* EMSA-Raw Encode Operation +*/ +SecureVector<byte> EMSA_Raw::encoding_of(const MemoryRegion<byte>& msg, + u32bit, + RandomNumberGenerator&) + { + return msg; + } + +/* +* EMSA-Raw Verify Operation +*/ +bool EMSA_Raw::verify(const MemoryRegion<byte>& coded, + const MemoryRegion<byte>& raw, + u32bit) throw() + { + return (coded == raw); + } + +} diff --git a/botan/src/pk_pad/emsa_raw/emsa_raw.h b/botan/src/pk_pad/emsa_raw/emsa_raw.h new file mode 100644 index 0000000..1b0ad51 --- /dev/null +++ b/botan/src/pk_pad/emsa_raw/emsa_raw.h @@ -0,0 +1,34 @@ +/* +* EMSA-Raw +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_EMSA_RAW_H__ +#define BOTAN_EMSA_RAW_H__ + +#include <botan/emsa.h> + +namespace Botan { + +/* +* EMSA-Raw +*/ +class BOTAN_DLL EMSA_Raw : public EMSA + { + private: + void update(const byte[], u32bit); + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator&); + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + SecureVector<byte> message; + }; + +} + +#endif diff --git a/botan/src/pk_pad/emsa_raw/info.txt b/botan/src/pk_pad/emsa_raw/info.txt new file mode 100644 index 0000000..2a88d10 --- /dev/null +++ b/botan/src/pk_pad/emsa_raw/info.txt @@ -0,0 +1,10 @@ +realname "EMSA-Raw" + +define EMSA_RAW + +load_on auto + +<add> +emsa_raw.h +emsa_raw.cpp +</add> diff --git a/botan/src/pk_pad/hash_id/hash_id.cpp b/botan/src/pk_pad/hash_id/hash_id.cpp new file mode 100644 index 0000000..c83ad87 --- /dev/null +++ b/botan/src/pk_pad/hash_id/hash_id.cpp @@ -0,0 +1,116 @@ +/* +* Hash Function Identification +* (C) 1999-2008 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/hash_id.h> +#include <botan/exceptn.h> + +namespace Botan { + +namespace PKCS_IDS { + +const byte MD2_ID[] = { +0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, +0xF7, 0x0D, 0x02, 0x02, 0x05, 0x00, 0x04, 0x10 }; + +const byte MD5_ID[] = { +0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, +0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 }; + +const byte RIPEMD_128_ID[] = { +0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, +0x02, 0x05, 0x00, 0x04, 0x14 }; + +const byte RIPEMD_160_ID[] = { +0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, +0x01, 0x05, 0x00, 0x04, 0x14 }; + +const byte SHA_160_ID[] = { +0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, +0x1A, 0x05, 0x00, 0x04, 0x14 }; + +const byte SHA_224_ID[] = { +0x30, 0x2D, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, +0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C }; + +const byte SHA_256_ID[] = { +0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, +0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; + +const byte SHA_384_ID[] = { +0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, +0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 }; + +const byte SHA_512_ID[] = { +0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, +0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 }; + +const byte TIGER_ID[] = { +0x30, 0x29, 0x30, 0x0D, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, +0x01, 0xDA, 0x47, 0x0C, 0x02, 0x05, 0x00, 0x04, 0x18 }; + +} + +/** +* @return HashID as specified by PKCS +* For details see RFC 3447 section 9.2 +* http://tools.ietf.org/html/rfc3447#section-9.2 +*/ +MemoryVector<byte> pkcs_hash_id(const std::string& name) + { + MemoryVector<byte> out; + + if(name == "Parallel(MD5,SHA-160)") + return out; + + if(name == "MD2") + out.set(PKCS_IDS::MD2_ID, sizeof(PKCS_IDS::MD2_ID)); + else if(name == "MD5") + out.set(PKCS_IDS::MD5_ID, sizeof(PKCS_IDS::MD5_ID)); + else if(name == "RIPEMD-128") + out.set(PKCS_IDS::RIPEMD_128_ID, sizeof(PKCS_IDS::RIPEMD_128_ID)); + else if(name == "RIPEMD-160") + out.set(PKCS_IDS::RIPEMD_160_ID, sizeof(PKCS_IDS::RIPEMD_160_ID)); + else if(name == "SHA-160") + out.set(PKCS_IDS::SHA_160_ID, sizeof(PKCS_IDS::SHA_160_ID)); + else if(name == "SHA-224") + out.set(PKCS_IDS::SHA_224_ID, sizeof(PKCS_IDS::SHA_224_ID)); + else if(name == "SHA-256") + out.set(PKCS_IDS::SHA_256_ID, sizeof(PKCS_IDS::SHA_256_ID)); + else if(name == "SHA-384") + out.set(PKCS_IDS::SHA_384_ID, sizeof(PKCS_IDS::SHA_384_ID)); + else if(name == "SHA-512") + out.set(PKCS_IDS::SHA_512_ID, sizeof(PKCS_IDS::SHA_512_ID)); + else if(name == "Tiger(24,3)") + out.set(PKCS_IDS::TIGER_ID, sizeof(PKCS_IDS::TIGER_ID)); + + if(out.size()) + return out; + + throw Invalid_Argument("No PKCS #1 identifier for " + name); + } + +/** +* @return HashID as specified by IEEE 1363/X9.31 +*/ +byte ieee1363_hash_id(const std::string& name) + { + if(name == "SHA-160") return 0x33; + + if(name == "SHA-224") return 0x38; + if(name == "SHA-256") return 0x34; + if(name == "SHA-384") return 0x36; + if(name == "SHA-512") return 0x35; + + if(name == "RIPEMD-160") return 0x31; + if(name == "RIPEMD-128") return 0x32; + + if(name == "Whirlpool") return 0x37; + + return 0; + } + +} diff --git a/botan/src/pk_pad/hash_id/hash_id.h b/botan/src/pk_pad/hash_id/hash_id.h new file mode 100644 index 0000000..847d910 --- /dev/null +++ b/botan/src/pk_pad/hash_id/hash_id.h @@ -0,0 +1,24 @@ +/* +* Hash Function Identification +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_HASHID_H__ +#define BOTAN_HASHID_H__ + +#include <botan/secmem.h> +#include <string> + +namespace Botan { + +/* +* Return the values of various defined HashIDs +*/ +BOTAN_DLL MemoryVector<byte> pkcs_hash_id(const std::string&); +BOTAN_DLL byte ieee1363_hash_id(const std::string&); + +} + +#endif diff --git a/botan/src/pk_pad/hash_id/info.txt b/botan/src/pk_pad/hash_id/info.txt new file mode 100644 index 0000000..9354325 --- /dev/null +++ b/botan/src/pk_pad/hash_id/info.txt @@ -0,0 +1,14 @@ +realname "Hash Function Identifiers" + +define HASH_ID + +load_on auto + +<add> +hash_id.cpp +hash_id.h +</add> + +<requires> +alloc +</requires> diff --git a/botan/src/pk_pad/info.txt b/botan/src/pk_pad/info.txt new file mode 100644 index 0000000..c281b15 --- /dev/null +++ b/botan/src/pk_pad/info.txt @@ -0,0 +1,16 @@ +realname "Public Key EME/EMSA Padding Modes" + +define PK_PADDING + +load_on auto + +<add> +emsa.h +eme.cpp +eme.h +</add> + +<requires> +alloc +rng +</requires> |