/* * PKCS #1 v1.5 signature padding * (C) 1999-2008 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include #include #include #include #include #include namespace Botan { namespace { secure_vector emsa3_encoding(const secure_vector& msg, size_t output_bits, const uint8_t hash_id[], size_t hash_id_length) { size_t output_length = output_bits / 8; if(output_length < hash_id_length + msg.size() + 10) throw Encoding_Error("emsa3_encoding: Output length is too small"); secure_vector T(output_length); const size_t P_LENGTH = output_length - msg.size() - hash_id_length - 2; T[0] = 0x01; set_mem(&T[1], P_LENGTH, 0xFF); T[P_LENGTH+1] = 0x00; if(hash_id_length > 0) { BOTAN_ASSERT_NONNULL(hash_id); buffer_insert(T, P_LENGTH+2, hash_id, hash_id_length); } buffer_insert(T, output_length-msg.size(), msg.data(), msg.size()); return T; } } void EMSA_PKCS1v15::update(const uint8_t input[], size_t length) { m_hash->update(input, length); } secure_vector EMSA_PKCS1v15::raw_data() { return m_hash->final(); } secure_vector EMSA_PKCS1v15::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { if(msg.size() != m_hash->output_length()) throw Encoding_Error("EMSA_PKCS1v15::encoding_of: Bad input length"); return emsa3_encoding(msg, output_bits, m_hash_id.data(), m_hash_id.size()); } bool EMSA_PKCS1v15::verify(const secure_vector& coded, const secure_vector& raw, size_t key_bits) { if(raw.size() != m_hash->output_length()) return false; try { return (coded == emsa3_encoding(raw, key_bits, m_hash_id.data(), m_hash_id.size())); } catch(...) { return false; } } AlgorithmIdentifier EMSA_PKCS1v15::config_for_x509(const Private_Key& key, const std::string& cert_hash_name) const { if(cert_hash_name != m_hash->name()) throw Invalid_Argument("Hash function from opts and hash_fn argument" " need to be identical"); // check that the signature algorithm and the padding scheme fit if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA3")) { throw Invalid_Argument("Encoding scheme with canonical name EMSA3" " not supported for signature algorithm " + key.algo_name()); } AlgorithmIdentifier sig_algo; sig_algo.oid = OIDS::lookup( key.algo_name() + "/" + name() ); // for RSA PKCSv1.5 parameters "SHALL" be NULL as configured by // RSA_PublicKey::algorithm_identifier() sig_algo.parameters = key.algorithm_identifier().parameters; return sig_algo; } EMSA_PKCS1v15::EMSA_PKCS1v15(HashFunction* hash) : m_hash(hash) { m_hash_id = pkcs_hash_id(m_hash->name()); } EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw(const std::string& hash_algo) { if(!hash_algo.empty()) { m_hash_id = pkcs_hash_id(hash_algo); std::unique_ptr hash(HashFunction::create_or_throw(hash_algo)); m_hash_name = hash->name(); m_hash_output_len = hash->output_length(); } else { m_hash_output_len = 0; } } void EMSA_PKCS1v15_Raw::update(const uint8_t input[], size_t length) { m_message += std::make_pair(input, length); } secure_vector EMSA_PKCS1v15_Raw::raw_data() { secure_vector ret; std::swap(ret, m_message); if(m_hash_output_len > 0 && ret.size() != m_hash_output_len) throw Encoding_Error("EMSA_PKCS1v15_Raw::encoding_of: Bad input length"); return ret; } secure_vector EMSA_PKCS1v15_Raw::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { return emsa3_encoding(msg, output_bits, m_hash_id.data(), m_hash_id.size()); } bool EMSA_PKCS1v15_Raw::verify(const secure_vector& coded, const secure_vector& raw, size_t key_bits) { if(m_hash_output_len > 0 && raw.size() != m_hash_output_len) return false; try { return (coded == emsa3_encoding(raw, key_bits, m_hash_id.data(), m_hash_id.size())); } catch(...) { return false; } } }