DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte *output, const NameValuePairs ¶meters) const { bool invalid = false; unsigned int maxOutputLen = MaxUnpaddedLength(pkcsBlockLen); // convert from bit length to byte length if (pkcsBlockLen % 8 != 0) { invalid = (pkcsBlock[0] != 0) || invalid; pkcsBlock++; } pkcsBlockLen /= 8; // Require block type 2. invalid = (pkcsBlock[0] != 2) || invalid; // skip past the padding until we find the separator unsigned i=1; while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body } assert(i==pkcsBlockLen || pkcsBlock[i-1]==0); unsigned int outputLen = pkcsBlockLen - i; invalid = (outputLen > maxOutputLen) || invalid; if (invalid) return DecodingResult(); memcpy (output, pkcsBlock+i, outputLen); return DecodingResult(outputLen); }
void OAEP<H,MGF,P,PLen>::Pad(RandomNumberGenerator &rng, const byte *input, unsigned int inputLength, byte *oaepBlock, unsigned int oaepBlockLen) const { assert (inputLength <= MaxUnpaddedLength(oaepBlockLen)); // convert from bit length to byte length if (oaepBlockLen % 8 != 0) { oaepBlock[0] = 0; oaepBlock++; } oaepBlockLen /= 8; const unsigned int hLen = H::DIGESTSIZE; const unsigned int seedLen = hLen, dbLen = oaepBlockLen-seedLen; byte *const maskedSeed = oaepBlock; byte *const maskedDB = oaepBlock+seedLen; // DB = pHash || 00 ... || 01 || M memcpy(maskedDB, PHash<H,P,PLen>(), hLen); memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1); maskedDB[dbLen-inputLength-1] = 0x01; memcpy(maskedDB+dbLen-inputLength, input, inputLength); rng.GenerateBlock(maskedSeed, seedLen); H h; MGF mgf; mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen); mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen); }
void OAEP_Base::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLength, byte *oaepBlock, size_t oaepBlockLen, const NameValuePairs ¶meters) const { assert (inputLength <= MaxUnpaddedLength(oaepBlockLen)); // convert from bit length to byte length if (oaepBlockLen % 8 != 0) { oaepBlock[0] = 0; oaepBlock++; } oaepBlockLen /= 8; std::auto_ptr<HashTransformation> pHash(NewHash()); const size_t hLen = pHash->DigestSize(); const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen; byte *const maskedSeed = oaepBlock; byte *const maskedDB = oaepBlock+seedLen; ConstByteArrayParameter encodingParameters; parameters.GetValue(Name::EncodingParameters(), encodingParameters); // DB = pHash || 00 ... || 01 || M pHash->CalculateDigest(maskedDB, encodingParameters.begin(), encodingParameters.size()); memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1); maskedDB[dbLen-inputLength-1] = 0x01; memcpy(maskedDB+dbLen-inputLength, input, inputLength); rng.GenerateBlock(maskedSeed, seedLen); std::auto_ptr<MaskGeneratingFunction> pMGF(NewMGF()); pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen); pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen); }
DecodingResult PKCS_SignaturePaddingScheme::Unpad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte *output) const { unsigned int maxOutputLen = MaxUnpaddedLength(pkcsBlockLen); // convert from bit length to byte length if (pkcsBlockLen % 8 != 0) { if (pkcsBlock[0] != 0) return DecodingResult(); pkcsBlock++; } pkcsBlockLen /= 8; // Require block type 1. if (pkcsBlock[0] != 1) return DecodingResult(); // skip past the padding until we find the seperator unsigned i=1; while (i<pkcsBlockLen && pkcsBlock[i++]) if (pkcsBlock[i-1] != 0xff) // not valid padding return DecodingResult(); assert(i==pkcsBlockLen || pkcsBlock[i-1]==0); unsigned int outputLen = pkcsBlockLen - i; if (outputLen > maxOutputLen) return DecodingResult(); memcpy (output, pkcsBlock+i, outputLen); return DecodingResult(outputLen); }
void PKCS_SignaturePaddingScheme::Pad(RandomNumberGenerator &, const byte *input, unsigned int inputLen, byte *pkcsBlock, unsigned int pkcsBlockLen) const { assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller // convert from bit length to byte length if (pkcsBlockLen % 8 != 0) { pkcsBlock[0] = 0; pkcsBlock++; } pkcsBlockLen /= 8; pkcsBlock[0] = 1; // block type 1 // padd with 0xff memset(pkcsBlock+1, 0xff, pkcsBlockLen-inputLen-2); pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); }
void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator &rng, const byte *input, unsigned int inputLen, byte *pkcsBlock, unsigned int pkcsBlockLen, const NameValuePairs ¶meters) const { assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller // convert from bit length to byte length if (pkcsBlockLen % 8 != 0) { pkcsBlock[0] = 0; pkcsBlock++; } pkcsBlockLen /= 8; pkcsBlock[0] = 2; // block type 2 // pad with non-zero random bytes for (unsigned i = 1; i < pkcsBlockLen-inputLen-1; i++) pkcsBlock[i] = (byte)rng.GenerateWord32(1, 0xff); pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); }