3
* (C) 1999-2007 Jack Lloyd
5
* Botan is released under the Simplified BSD License (see license.txt)
8
#include <botan/emsa1.h>
9
#include <botan/exceptn.h>
10
#include <botan/oids.h>
11
#include <botan/pk_keys.h>
12
#include <botan/internal/padding.h>
18
secure_vector<uint8_t> emsa1_encoding(const secure_vector<uint8_t>& msg,
21
if(8*msg.size() <= output_bits)
24
size_t shift = 8*msg.size() - output_bits;
26
size_t byte_shift = shift / 8, bit_shift = shift % 8;
27
secure_vector<uint8_t> digest(msg.size() - byte_shift);
29
for(size_t j = 0; j != msg.size() - byte_shift; ++j)
35
for(size_t j = 0; j != digest.size(); ++j)
37
uint8_t temp = digest[j];
38
digest[j] = (temp >> bit_shift) | carry;
39
carry = (temp << (8 - bit_shift));
47
std::string EMSA1::name() const
49
return "EMSA1(" + m_hash->name() + ")";
54
return new EMSA1(m_hash->clone());
57
void EMSA1::update(const uint8_t input[], size_t length)
59
m_hash->update(input, length);
62
secure_vector<uint8_t> EMSA1::raw_data()
64
return m_hash->final();
67
secure_vector<uint8_t> EMSA1::encoding_of(const secure_vector<uint8_t>& msg,
69
RandomNumberGenerator&)
71
if(msg.size() != hash_output_length())
72
throw Encoding_Error("EMSA1::encoding_of: Invalid size for input");
73
return emsa1_encoding(msg, output_bits);
76
bool EMSA1::verify(const secure_vector<uint8_t>& input,
77
const secure_vector<uint8_t>& raw,
81
if(raw.size() != m_hash->output_length())
82
throw Encoding_Error("EMSA1::encoding_of: Invalid size for input");
84
// Call emsa1_encoding to handle any required bit shifting
85
const secure_vector<uint8_t> our_coding = emsa1_encoding(raw, key_bits);
87
if(our_coding.size() < input.size())
90
const size_t offset = our_coding.size() - input.size(); // must be >= 0 per check above
92
// If our encoding is longer, all the bytes in it must be zero
93
for(size_t i = 0; i != offset; ++i)
94
if(our_coding[i] != 0)
97
return constant_time_compare(input.data(), &our_coding[offset], input.size());
99
catch(Invalid_Argument)
105
AlgorithmIdentifier EMSA1::config_for_x509(const Private_Key& key,
106
const std::string& cert_hash_name) const
108
if(cert_hash_name != m_hash->name())
109
throw Invalid_Argument("Hash function from opts and hash_fn argument"
110
" need to be identical");
111
// check that the signature algorithm and the padding scheme fit
112
if(!sig_algo_and_pad_ok(key.algo_name(), "EMSA1"))
114
throw Invalid_Argument("Encoding scheme with canonical name EMSA1"
115
" not supported for signature algorithm " + key.algo_name());
118
AlgorithmIdentifier sig_algo;
119
sig_algo.oid = OIDS::lookup( key.algo_name() + "/" + name() );
121
std::string algo_name = key.algo_name();
122
if(algo_name == "DSA" ||
123
algo_name == "ECDSA" ||
124
algo_name == "ECGDSA" ||
125
algo_name == "ECKCDSA" ||
126
algo_name == "GOST-34.10")
128
// for DSA, ECDSA, GOST parameters "SHALL" be empty
129
sig_algo.parameters = {};
133
sig_algo.parameters = key.algorithm_identifier().parameters;