monotone

monotone Mtn Source Tree

Root/cryptopp/oaep.cpp

1// oaep.cpp - written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4#include "oaep.h"
5
6#include <functional>
7
8NAMESPACE_BEGIN(CryptoPP)
9
10// ********************************************************
11
12ANONYMOUS_NAMESPACE_BEGIN
13template <class H, byte *P, unsigned int PLen>
14struct PHashComputation
15{
16PHashComputation(){H().CalculateDigest(pHash, P, PLen);}
17byte pHash[H::DIGESTSIZE];
18};
19
20template <class H, byte *P, unsigned int PLen>
21const byte *PHash()
22{
23static PHashComputation<H,P,PLen> pHash;
24return pHash.pHash;
25}
26NAMESPACE_END
27
28template <class H, class MGF, byte *P, unsigned int PLen>
29unsigned int OAEP<H,MGF,P,PLen>::MaxUnpaddedLength(unsigned int paddedLength) const
30{
31return paddedLength/8 > 1+2*H::DIGESTSIZE ? paddedLength/8-1-2*H::DIGESTSIZE : 0;
32}
33
34template <class H, class MGF, byte *P, unsigned int PLen>
35void OAEP<H,MGF,P,PLen>::Pad(RandomNumberGenerator &rng, const byte *input, unsigned int inputLength, byte *oaepBlock, unsigned int oaepBlockLen) const
36{
37assert (inputLength <= MaxUnpaddedLength(oaepBlockLen));
38
39// convert from bit length to byte length
40if (oaepBlockLen % 8 != 0)
41{
42oaepBlock[0] = 0;
43oaepBlock++;
44}
45oaepBlockLen /= 8;
46
47const unsigned int hLen = H::DIGESTSIZE;
48const unsigned int seedLen = hLen, dbLen = oaepBlockLen-seedLen;
49byte *const maskedSeed = oaepBlock;
50byte *const maskedDB = oaepBlock+seedLen;
51
52// DB = pHash || 00 ... || 01 || M
53memcpy(maskedDB, PHash<H,P,PLen>(), hLen);
54memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1);
55maskedDB[dbLen-inputLength-1] = 0x01;
56memcpy(maskedDB+dbLen-inputLength, input, inputLength);
57
58rng.GenerateBlock(maskedSeed, seedLen);
59H h;
60MGF mgf;
61mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen);
62mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen);
63}
64
65template <class H, class MGF, byte *P, unsigned int PLen>
66DecodingResult OAEP<H,MGF,P,PLen>::Unpad(const byte *oaepBlock, unsigned int oaepBlockLen, byte *output) const
67{
68bool invalid = false;
69
70// convert from bit length to byte length
71if (oaepBlockLen % 8 != 0)
72{
73invalid = (oaepBlock[0] != 0) || invalid;
74oaepBlock++;
75}
76oaepBlockLen /= 8;
77
78const unsigned int hLen = H::DIGESTSIZE;
79const unsigned int seedLen = hLen, dbLen = oaepBlockLen-seedLen;
80
81invalid = (oaepBlockLen < 2*hLen+1) || invalid;
82
83SecByteBlock t(oaepBlock, oaepBlockLen);
84byte *const maskedSeed = t;
85byte *const maskedDB = t+seedLen;
86
87H h;
88MGF mgf;
89mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen);
90mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen);
91
92// DB = pHash' || 00 ... || 01 || M
93
94byte *M = std::find(maskedDB+hLen, maskedDB+dbLen, 0x01);
95invalid = (M == maskedDB+dbLen) || invalid;
96invalid = (std::find_if(maskedDB+hLen, M, std::bind2nd(std::not_equal_to<byte>(), 0)) != M) || invalid;
97invalid = (memcmp(maskedDB, PHash<H,P,PLen>(), hLen) != 0) || invalid;
98
99if (invalid)
100return DecodingResult();
101
102M++;
103memcpy(output, M, maskedDB+dbLen-M);
104return DecodingResult(maskedDB+dbLen-M);
105}
106
107NAMESPACE_END

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status