DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte *output, const NameValuePairs ¶meters) const
{
bool invalid = false;
unsigned int maxOutputLen = MaxUnpaddedLength(pkcsBlockLen);
// convert from bit length to byte length
if (pkcsBlockLen % 8 != 0)
{
invalid = (pkcsBlock[0] != 0) || invalid;
pkcsBlock++;
}
pkcsBlockLen /= 8;
// Require block type 2.
invalid = (pkcsBlock[0] != 2) || invalid;
// skip past the padding until we find the separator
unsigned i=1;
while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body
}
assert(i==pkcsBlockLen || pkcsBlock[i-1]==0);
unsigned int outputLen = pkcsBlockLen - i;
invalid = (outputLen > maxOutputLen) || invalid;
if (invalid)
return DecodingResult();
memcpy (output, pkcsBlock+i, outputLen);
return DecodingResult(outputLen);
}
void OAEP<H,MGF,P,PLen>::Pad(RandomNumberGenerator &rng, const byte *input, unsigned int inputLength, byte *oaepBlock, unsigned int oaepBlockLen) const
{
assert (inputLength <= MaxUnpaddedLength(oaepBlockLen));
// convert from bit length to byte length
if (oaepBlockLen % 8 != 0)
{
oaepBlock[0] = 0;
oaepBlock++;
}
oaepBlockLen /= 8;
const unsigned int hLen = H::DIGESTSIZE;
const unsigned int seedLen = hLen, dbLen = oaepBlockLen-seedLen;
byte *const maskedSeed = oaepBlock;
byte *const maskedDB = oaepBlock+seedLen;
// DB = pHash || 00 ... || 01 || M
memcpy(maskedDB, PHash<H,P,PLen>(), hLen);
memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1);
maskedDB[dbLen-inputLength-1] = 0x01;
memcpy(maskedDB+dbLen-inputLength, input, inputLength);
rng.GenerateBlock(maskedSeed, seedLen);
H h;
MGF mgf;
mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen);
mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen);
}
void OAEP_Base::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLength, byte *oaepBlock, size_t oaepBlockLen, const NameValuePairs ¶meters) const
{
assert (inputLength <= MaxUnpaddedLength(oaepBlockLen));
// convert from bit length to byte length
if (oaepBlockLen % 8 != 0)
{
oaepBlock[0] = 0;
oaepBlock++;
}
oaepBlockLen /= 8;
std::auto_ptr<HashTransformation> pHash(NewHash());
const size_t hLen = pHash->DigestSize();
const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen;
byte *const maskedSeed = oaepBlock;
byte *const maskedDB = oaepBlock+seedLen;
ConstByteArrayParameter encodingParameters;
parameters.GetValue(Name::EncodingParameters(), encodingParameters);
// DB = pHash || 00 ... || 01 || M
pHash->CalculateDigest(maskedDB, encodingParameters.begin(), encodingParameters.size());
memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1);
maskedDB[dbLen-inputLength-1] = 0x01;
memcpy(maskedDB+dbLen-inputLength, input, inputLength);
rng.GenerateBlock(maskedSeed, seedLen);
std::auto_ptr<MaskGeneratingFunction> pMGF(NewMGF());
pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen);
pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen);
}
DecodingResult PKCS_SignaturePaddingScheme::Unpad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte *output) const
{
unsigned int maxOutputLen = MaxUnpaddedLength(pkcsBlockLen);
// convert from bit length to byte length
if (pkcsBlockLen % 8 != 0)
{
if (pkcsBlock[0] != 0)
return DecodingResult();
pkcsBlock++;
}
pkcsBlockLen /= 8;
// Require block type 1.
if (pkcsBlock[0] != 1)
return DecodingResult();
// skip past the padding until we find the seperator
unsigned i=1;
while (i<pkcsBlockLen && pkcsBlock[i++])
if (pkcsBlock[i-1] != 0xff) // not valid padding
return DecodingResult();
assert(i==pkcsBlockLen || pkcsBlock[i-1]==0);
unsigned int outputLen = pkcsBlockLen - i;
if (outputLen > maxOutputLen)
return DecodingResult();
memcpy (output, pkcsBlock+i, outputLen);
return DecodingResult(outputLen);
}
void PKCS_SignaturePaddingScheme::Pad(RandomNumberGenerator &, const byte *input, unsigned int inputLen, byte *pkcsBlock, unsigned int pkcsBlockLen) const
{
assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller
// convert from bit length to byte length
if (pkcsBlockLen % 8 != 0)
{
pkcsBlock[0] = 0;
pkcsBlock++;
}
pkcsBlockLen /= 8;
pkcsBlock[0] = 1; // block type 1
// padd with 0xff
memset(pkcsBlock+1, 0xff, pkcsBlockLen-inputLen-2);
pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator
memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
}
void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator &rng, const byte *input, unsigned int inputLen, byte *pkcsBlock, unsigned int pkcsBlockLen, const NameValuePairs ¶meters) const
{
assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller
// convert from bit length to byte length
if (pkcsBlockLen % 8 != 0)
{
pkcsBlock[0] = 0;
pkcsBlock++;
}
pkcsBlockLen /= 8;
pkcsBlock[0] = 2; // block type 2
// pad with non-zero random bytes
for (unsigned i = 1; i < pkcsBlockLen-inputLen-1; i++)
pkcsBlock[i] = (byte)rng.GenerateWord32(1, 0xff);
pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator
memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
}
