Crypto++
oaep.cpp
1 // oaep.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_IMPORTS
6 
7 #include "oaep.h"
8 #include <functional>
9 
10 NAMESPACE_BEGIN(CryptoPP)
11 
12 // ********************************************************
13 
14 size_t OAEP_Base::MaxUnpaddedLength(size_t paddedLength) const
15 {
16  return SaturatingSubtract(paddedLength/8, 1+2*DigestSize());
17 }
18 
19 void OAEP_Base::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLength, byte *oaepBlock, size_t oaepBlockLen, const NameValuePairs &parameters) const
20 {
21  assert (inputLength <= MaxUnpaddedLength(oaepBlockLen));
22 
23  // convert from bit length to byte length
24  if (oaepBlockLen % 8 != 0)
25  {
26  oaepBlock[0] = 0;
27  oaepBlock++;
28  }
29  oaepBlockLen /= 8;
30 
31  std::auto_ptr<HashTransformation> pHash(NewHash());
32  const size_t hLen = pHash->DigestSize();
33  const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen;
34  byte *const maskedSeed = oaepBlock;
35  byte *const maskedDB = oaepBlock+seedLen;
36 
37  ConstByteArrayParameter encodingParameters;
38  parameters.GetValue(Name::EncodingParameters(), encodingParameters);
39 
40  // DB = pHash || 00 ... || 01 || M
41  pHash->CalculateDigest(maskedDB, encodingParameters.begin(), encodingParameters.size());
42  memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1);
43  maskedDB[dbLen-inputLength-1] = 0x01;
44  memcpy(maskedDB+dbLen-inputLength, input, inputLength);
45 
46  rng.GenerateBlock(maskedSeed, seedLen);
47  std::auto_ptr<MaskGeneratingFunction> pMGF(NewMGF());
48  pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen);
49  pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen);
50 }
51 
52 DecodingResult OAEP_Base::Unpad(const byte *oaepBlock, size_t oaepBlockLen, byte *output, const NameValuePairs &parameters) const
53 {
54  bool invalid = false;
55 
56  // convert from bit length to byte length
57  if (oaepBlockLen % 8 != 0)
58  {
59  invalid = (oaepBlock[0] != 0) || invalid;
60  oaepBlock++;
61  }
62  oaepBlockLen /= 8;
63 
64  std::auto_ptr<HashTransformation> pHash(NewHash());
65  const size_t hLen = pHash->DigestSize();
66  const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen;
67 
68  invalid = (oaepBlockLen < 2*hLen+1) || invalid;
69 
70  SecByteBlock t(oaepBlock, oaepBlockLen);
71  byte *const maskedSeed = t;
72  byte *const maskedDB = t+seedLen;
73 
74  std::auto_ptr<MaskGeneratingFunction> pMGF(NewMGF());
75  pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen);
76  pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen);
77 
78  ConstByteArrayParameter encodingParameters;
79  parameters.GetValue(Name::EncodingParameters(), encodingParameters);
80 
81  // DB = pHash' || 00 ... || 01 || M
82  byte *M = std::find(maskedDB+hLen, maskedDB+dbLen, 0x01);
83  invalid = (M == maskedDB+dbLen) || invalid;
84  invalid = (std::find_if(maskedDB+hLen, M, std::bind2nd(std::not_equal_to<byte>(), 0)) != M) || invalid;
85  invalid = !pHash->VerifyDigest(maskedDB, encodingParameters.begin(), encodingParameters.size()) || invalid;
86 
87  if (invalid)
88  return DecodingResult();
89 
90  M++;
91  memcpy(output, M, maskedDB+dbLen-M);
92  return DecodingResult(maskedDB+dbLen-M);
93 }
94 
95 NAMESPACE_END
96 
97 #endif
used to pass byte array input as part of a NameValuePairs object
Definition: algparam.h:13
_
Definition: oaep.h:10
virtual void GenerateBlock(byte *output, size_t size)
generate random array of bytes
Definition: cryptlib.cpp:264
a block of memory allocated using A
Definition: secblock.h:238
interface for random number generators
Definition: cryptlib.h:669
used to return decoding results
Definition: cryptlib.h:198
bool GetValue(const char *name, T &value) const
get a named value, returns true if the name exists
Definition: cryptlib.h:262
size_t MaxUnpaddedLength(size_t paddedLength) const
max size of unpadded message in bytes, given max size of padded message in bits (1 less than size of ...
Definition: oaep.cpp:14
const char * EncodingParameters()
ConstByteArrayParameter.
Definition: argnames.h:60
interface for retrieving values given their names
Definition: cryptlib.h:225