Botan  1.10.9
emsa4.cpp
Go to the documentation of this file.
1 /*
2 * EMSA4
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/emsa4.h>
9 #include <botan/mgf1.h>
10 #include <botan/internal/bit_ops.h>
11 
12 namespace Botan {
13 
14 /*
15 * EMSA4 Update Operation
16 */
17 void EMSA4::update(const byte input[], size_t length)
18  {
19  hash->update(input, length);
20  }
21 
22 /*
23 * Return the raw (unencoded) data
24 */
25 SecureVector<byte> EMSA4::raw_data()
26  {
27  return hash->final();
28  }
29 
30 /*
31 * EMSA4 Encode Operation
32 */
33 SecureVector<byte> EMSA4::encoding_of(const MemoryRegion<byte>& msg,
34  size_t output_bits,
35  RandomNumberGenerator& rng)
36  {
37  const size_t HASH_SIZE = hash->output_length();
38 
39  if(msg.size() != HASH_SIZE)
40  throw Encoding_Error("EMSA4::encoding_of: Bad input length");
41  if(output_bits < 8*HASH_SIZE + 8*SALT_SIZE + 9)
42  throw Encoding_Error("EMSA4::encoding_of: Output length is too small");
43 
44  const size_t output_length = (output_bits + 7) / 8;
45 
46  SecureVector<byte> salt = rng.random_vec(SALT_SIZE);
47 
48  for(size_t j = 0; j != 8; ++j)
49  hash->update(0);
50  hash->update(msg);
51  hash->update(salt, SALT_SIZE);
52  SecureVector<byte> H = hash->final();
53 
54  SecureVector<byte> EM(output_length);
55 
56  EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01;
57  EM.copy(output_length - 1 - HASH_SIZE - SALT_SIZE, salt, SALT_SIZE);
58  mgf->mask(H, HASH_SIZE, EM, output_length - HASH_SIZE - 1);
59  EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits);
60  EM.copy(output_length - 1 - HASH_SIZE, H, HASH_SIZE);
61  EM[output_length-1] = 0xBC;
62 
63  return EM;
64  }
65 
66 /*
67 * EMSA4 Decode/Verify Operation
68 */
69 bool EMSA4::verify(const MemoryRegion<byte>& const_coded,
70  const MemoryRegion<byte>& raw, size_t key_bits)
71  {
72  const size_t HASH_SIZE = hash->output_length();
73  const size_t KEY_BYTES = (key_bits + 7) / 8;
74 
75  if(key_bits < 8*HASH_SIZE + 9)
76  return false;
77 
78  if(raw.size() != HASH_SIZE)
79  return false;
80 
81  if(const_coded.size() > KEY_BYTES || const_coded.size() <= 1)
82  return false;
83 
84  if(const_coded[const_coded.size()-1] != 0xBC)
85  return false;
86 
87  SecureVector<byte> coded = const_coded;
88  if(coded.size() < KEY_BYTES)
89  {
90  SecureVector<byte> temp(KEY_BYTES);
91  temp.copy(KEY_BYTES - coded.size(), coded, coded.size());
92  coded = temp;
93  }
94 
95  const size_t TOP_BITS = 8 * ((key_bits + 7) / 8) - key_bits;
96  if(TOP_BITS > 8 - high_bit(coded[0]))
97  return false;
98 
99  SecureVector<byte> DB(&coded[0], coded.size() - HASH_SIZE - 1);
100  SecureVector<byte> H(&coded[coded.size() - HASH_SIZE - 1], HASH_SIZE);
101 
102  mgf->mask(H, H.size(), DB, coded.size() - H.size() - 1);
103  DB[0] &= 0xFF >> TOP_BITS;
104 
105  size_t salt_offset = 0;
106  for(size_t j = 0; j != DB.size(); ++j)
107  {
108  if(DB[j] == 0x01)
109  { salt_offset = j + 1; break; }
110  if(DB[j])
111  return false;
112  }
113  if(salt_offset == 0)
114  return false;
115 
116  SecureVector<byte> salt(&DB[salt_offset], DB.size() - salt_offset);
117 
118  for(size_t j = 0; j != 8; ++j)
119  hash->update(0);
120  hash->update(raw);
121  hash->update(salt);
122  SecureVector<byte> H2 = hash->final();
123 
124  return (H == H2);
125  }
126 
127 /*
128 * EMSA4 Constructor
129 */
131  SALT_SIZE(h->output_length()), hash(h)
132  {
133  mgf = new MGF1(hash->clone());
134  }
135 
136 /*
137 * EMSA4 Constructor
138 */
139 EMSA4::EMSA4(HashFunction* h, size_t salt_size) :
140  SALT_SIZE(salt_size), hash(h)
141  {
142  mgf = new MGF1(hash->clone());
143  }
144 
145 }
EMSA4(HashFunction *hash)
Definition: emsa4.cpp:130
virtual HashFunction * clone() const =0
unsigned char byte
Definition: types.h:22
virtual void mask(const byte in[], size_t in_len, byte out[], size_t out_len) const =0
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
void update(const byte in[], size_t length)
Definition: buf_comp.h:33
size_t high_bit(T n)
Definition: bit_ops.h:33
void final(byte out[])
Definition: buf_comp.h:80
virtual size_t output_length() const =0