3
* (C) 1999-2007,2013 Jack Lloyd
4
* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
6
* Botan is released under the Simplified BSD License (see license.txt)
9
#include <botan/mode_pad.h>
10
#include <botan/exceptn.h>
11
#include <botan/internal/ct_utils.h>
16
* Get a block cipher padding method by name
18
BlockCipherModePaddingMethod* get_bc_pad(const std::string& algo_spec)
20
if(algo_spec == "NoPadding")
21
return new Null_Padding;
23
if(algo_spec == "PKCS7")
24
return new PKCS7_Padding;
26
if(algo_spec == "OneAndZeros")
27
return new OneAndZeros_Padding;
29
if(algo_spec == "X9.23")
30
return new ANSI_X923_Padding;
32
if(algo_spec == "ESP")
33
return new ESP_Padding;
39
* Pad with PKCS #7 Method
41
void PKCS7_Padding::add_padding(secure_vector<uint8_t>& buffer,
43
size_t block_size) const
45
const uint8_t pad_value = static_cast<uint8_t>(block_size - last_byte_pos);
47
for(size_t i = 0; i != pad_value; ++i)
48
buffer.push_back(pad_value);
52
* Unpad with PKCS #7 Method
54
size_t PKCS7_Padding::unpad(const uint8_t block[], size_t size) const
56
CT::poison(block,size);
58
const uint8_t last_byte = block[size-1];
60
bad_input |= CT::expand_mask<size_t>(last_byte > size);
62
size_t pad_pos = size - last_byte;
66
bad_input |= (~CT::is_equal(block[i],last_byte)) & CT::expand_mask<uint8_t>(i >= pad_pos);
70
CT::conditional_copy_mem(bad_input,&pad_pos,&size,&pad_pos,1);
71
CT::unpoison(block,size);
72
CT::unpoison(pad_pos);
77
* Pad with ANSI X9.23 Method
79
void ANSI_X923_Padding::add_padding(secure_vector<uint8_t>& buffer,
81
size_t block_size) const
83
const uint8_t pad_value = static_cast<uint8_t>(block_size - last_byte_pos);
85
for(size_t i = last_byte_pos; i < block_size-1; ++i)
89
buffer.push_back(pad_value);
93
* Unpad with ANSI X9.23 Method
95
size_t ANSI_X923_Padding::unpad(const uint8_t block[], size_t size) const
97
CT::poison(block,size);
99
const size_t last_byte = block[size-1];
101
bad_input |= CT::expand_mask<size_t>(last_byte > size);
103
size_t pad_pos = size - last_byte;
107
bad_input |= (~CT::is_zero(block[i])) & CT::expand_mask<uint8_t>(i >= pad_pos);
110
CT::conditional_copy_mem(bad_input,&pad_pos,&size,&pad_pos,1);
111
CT::unpoison(block,size);
112
CT::unpoison(pad_pos);
117
* Pad with One and Zeros Method
119
void OneAndZeros_Padding::add_padding(secure_vector<uint8_t>& buffer,
120
size_t last_byte_pos,
121
size_t block_size) const
123
buffer.push_back(0x80);
125
for(size_t i = last_byte_pos + 1; i % block_size; ++i)
126
buffer.push_back(0x00);
130
* Unpad with One and Zeros Method
132
size_t OneAndZeros_Padding::unpad(const uint8_t block[], size_t size) const
134
CT::poison(block, size);
135
uint8_t bad_input = 0;
136
uint8_t seen_one = 0;
137
size_t pad_pos = size - 1;
142
seen_one |= CT::is_equal<uint8_t>(block[i-1],0x80);
143
pad_pos -= CT::select<uint8_t>(~seen_one, 1, 0);
144
bad_input |= ~CT::is_zero<uint8_t>(block[i-1]) & ~seen_one;
147
bad_input |= ~seen_one;
149
CT::conditional_copy_mem(size_t(bad_input),&pad_pos,&size,&pad_pos,1);
150
CT::unpoison(block, size);
151
CT::unpoison(pad_pos);
157
* Pad with ESP Padding Method
159
void ESP_Padding::add_padding(secure_vector<uint8_t>& buffer,
160
size_t last_byte_pos,
161
size_t block_size) const
163
uint8_t pad_value = 0x01;
165
for(size_t i = last_byte_pos; i < block_size; ++i)
167
buffer.push_back(pad_value++);
172
* Unpad with ESP Padding Method
174
size_t ESP_Padding::unpad(const uint8_t block[], size_t size) const
176
CT::poison(block,size);
178
const size_t last_byte = block[size-1];
179
size_t bad_input = 0;
180
bad_input |= CT::expand_mask<size_t>(last_byte > size);
182
size_t pad_pos = size - last_byte;
186
bad_input |= ~CT::is_equal<uint8_t>(size_t(block[i-1]),size_t(block[i])-1) & CT::expand_mask<uint8_t>(i > pad_pos);
189
CT::conditional_copy_mem(bad_input,&pad_pos,&size,&pad_pos,1);
190
CT::unpoison(block, size);
191
CT::unpoison(pad_pos);