Crypto++
|
00001 // pkcspad.cpp - written and placed in the public domain by Wei Dai 00002 00003 #include "pch.h" 00004 00005 #ifndef CRYPTOPP_PKCSPAD_CPP // SunCC workaround: compiler could cause this file to be included twice 00006 #define CRYPTOPP_PKCSPAD_CPP 00007 00008 #include "pkcspad.h" 00009 #include <assert.h> 00010 00011 NAMESPACE_BEGIN(CryptoPP) 00012 00013 // more in dll.cpp 00014 template<> const byte PKCS_DigestDecoration<Weak1::MD2>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,0x04,0x10}; 00015 template<> const unsigned int PKCS_DigestDecoration<Weak1::MD2>::length = sizeof(PKCS_DigestDecoration<Weak1::MD2>::decoration); 00016 00017 template<> const byte PKCS_DigestDecoration<Weak1::MD5>::decoration[] = {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10}; 00018 template<> const unsigned int PKCS_DigestDecoration<Weak1::MD5>::length = sizeof(PKCS_DigestDecoration<Weak1::MD5>::decoration); 00019 00020 template<> const byte PKCS_DigestDecoration<RIPEMD160>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x24,0x03,0x02,0x01,0x05,0x00,0x04,0x14}; 00021 template<> const unsigned int PKCS_DigestDecoration<RIPEMD160>::length = sizeof(PKCS_DigestDecoration<RIPEMD160>::decoration); 00022 00023 template<> const byte PKCS_DigestDecoration<Tiger>::decoration[] = {0x30,0x29,0x30,0x0D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0C,0x02,0x05,0x00,0x04,0x18}; 00024 template<> const unsigned int PKCS_DigestDecoration<Tiger>::length = sizeof(PKCS_DigestDecoration<Tiger>::decoration); 00025 00026 size_t PKCS_EncryptionPaddingScheme::MaxUnpaddedLength(size_t paddedLength) const 00027 { 00028 return SaturatingSubtract(paddedLength/8, 10U); 00029 } 00030 00031 void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLen, byte *pkcsBlock, size_t pkcsBlockLen, const NameValuePairs ¶meters) const 00032 { 00033 assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller 00034 00035 // convert from bit length to byte length 00036 if (pkcsBlockLen % 8 != 0) 00037 { 00038 pkcsBlock[0] = 0; 00039 pkcsBlock++; 00040 } 00041 pkcsBlockLen /= 8; 00042 00043 pkcsBlock[0] = 2; // block type 2 00044 00045 // pad with non-zero random bytes 00046 for (unsigned i = 1; i < pkcsBlockLen-inputLen-1; i++) 00047 pkcsBlock[i] = (byte)rng.GenerateWord32(1, 0xff); 00048 00049 pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator 00050 memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); 00051 } 00052 00053 DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, size_t pkcsBlockLen, byte *output, const NameValuePairs ¶meters) const 00054 { 00055 bool invalid = false; 00056 size_t maxOutputLen = MaxUnpaddedLength(pkcsBlockLen); 00057 00058 // convert from bit length to byte length 00059 if (pkcsBlockLen % 8 != 0) 00060 { 00061 invalid = (pkcsBlock[0] != 0) || invalid; 00062 pkcsBlock++; 00063 } 00064 pkcsBlockLen /= 8; 00065 00066 // Require block type 2. 00067 invalid = (pkcsBlock[0] != 2) || invalid; 00068 00069 // skip past the padding until we find the separator 00070 size_t i=1; 00071 while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body 00072 } 00073 assert(i==pkcsBlockLen || pkcsBlock[i-1]==0); 00074 00075 size_t outputLen = pkcsBlockLen - i; 00076 invalid = (outputLen > maxOutputLen) || invalid; 00077 00078 if (invalid) 00079 return DecodingResult(); 00080 00081 memcpy (output, pkcsBlock+i, outputLen); 00082 return DecodingResult(outputLen); 00083 } 00084 00085 // ******************************************************** 00086 00087 #ifndef CRYPTOPP_IMPORTS 00088 00089 void PKCS1v15_SignatureMessageEncodingMethod::ComputeMessageRepresentative(RandomNumberGenerator &rng, 00090 const byte *recoverableMessage, size_t recoverableMessageLength, 00091 HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, 00092 byte *representative, size_t representativeBitLength) const 00093 { 00094 assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); 00095 00096 size_t pkcsBlockLen = representativeBitLength; 00097 // convert from bit length to byte length 00098 if (pkcsBlockLen % 8 != 0) 00099 { 00100 representative[0] = 0; 00101 representative++; 00102 } 00103 pkcsBlockLen /= 8; 00104 00105 representative[0] = 1; // block type 1 00106 00107 unsigned int digestSize = hash.DigestSize(); 00108 byte *pPadding = representative + 1; 00109 byte *pDigest = representative + pkcsBlockLen - digestSize; 00110 byte *pHashId = pDigest - hashIdentifier.second; 00111 byte *pSeparator = pHashId - 1; 00112 00113 // pad with 0xff 00114 memset(pPadding, 0xff, pSeparator-pPadding); 00115 *pSeparator = 0; 00116 memcpy(pHashId, hashIdentifier.first, hashIdentifier.second); 00117 hash.Final(pDigest); 00118 } 00119 00120 #endif 00121 00122 NAMESPACE_END 00123 00124 #endif