emsa4.cpp

含有多种公开密钥算法、多种块加密、多种数据流加密、多种HASH函数、多种CheckSum校验、多种MAC校验等几十种加密算法的程序

/*************************************************
* EMSA4 Source File                              *
* (C) 1999-2002 The Botan Project                *
*************************************************/

#include <botan/emsa4.h>
#include <botan/lookup.h>
#include <botan/look_pk.h>
#include <botan/rng.h>

namespace Botan {

/*************************************************
* EMSA4 Update Operation                         *
*************************************************/
void EMSA4::update(const byte input[], u32bit length)
   {
   hash->update(input, length);
   }

/*************************************************
* Return the raw (unencoded) data                *
*************************************************/
SecureVector<byte> EMSA4::raw_data()
   {
   return hash->final();
   }

/*************************************************
* EMSA4 Encode Operation                         *
*************************************************/
SecureVector<byte> EMSA4::encoding_of(const SecureVector<byte>& msg,
                                      u32bit output_bits)
   {
   if(msg.size() != hash->OUTPUT_LENGTH)
      throw Invalid_Argument("EMSA4::encoding_of: Bad input length");
   if(output_bits < 8*hash->OUTPUT_LENGTH + 8*SALT_SIZE + 9)
      throw Invalid_Argument("EMSA4::pad: Output length is too small");

   u32bit t = 8 * ((output_bits + 7) / 8) - output_bits;
   u32bit output_length = (output_bits + 7) / 8;

   SecureVector<byte> salt(SALT_SIZE);
   Global_RNG::randomize(salt, salt.size());

   for(u32bit j = 0; j != 8; j++)
      hash->update(0);
   hash->update(msg, msg.size());
   hash->update(salt, salt.size());
   SecureVector<byte> H2 = hash->final();

   SecureVector<byte> T(output_length);

   T[output_length - 2 - H2.size() - salt.size()] = 0x01;
   T.copy(output_length - 1 - H2.size() - salt.size(), salt, salt.size());

   mgf->mask(H2, H2.size(), T, output_length - H2.size() - 1);
   T[0] &= 0xFF >> t;
   T.copy(output_length - 1 - H2.size(), H2, H2.size());
   T[output_length-1] = 0xBC;

   return T;
   }

/*************************************************
* EMSA4 Decode/Verify Operation                  *
*************************************************/
bool EMSA4::verify(const SecureVector<byte>& const_coded,
                   const SecureVector<byte>& raw, u32bit key_bits) throw()
   {
   u32bit key_bytes = (key_bits + 7) / 8;
   if(key_bits < 8*hash->OUTPUT_LENGTH + 9)
      return false;
   if(raw.size() != hash->OUTPUT_LENGTH)
      return false;
   if(const_coded.size() > key_bytes)
      return false;
   if(const_coded[const_coded.size()-1] != 0xBC)
      return false;

   SecureVector<byte> coded = const_coded;

   if(coded.size() < key_bytes)
      {
      SecureVector<byte> temp(key_bytes);
      temp.copy(key_bytes - coded.size(), coded, coded.size());
      coded = temp;
      }

   u32bit t = 8 * ((key_bits + 7) / 8) - key_bits;
   if(t > 8 - high_bit(coded[0]))
      return false;

   SecureVector<byte> DB(coded, coded.size() - hash->OUTPUT_LENGTH - 1);
   SecureVector<byte> H(coded + coded.size() - hash->OUTPUT_LENGTH - 1,
                        hash->OUTPUT_LENGTH);

   mgf->mask(H, H.size(), DB, coded.size() - H.size() - 1);
   DB[0] &= 0xFF >> t;

   for(u32bit j = 0; j != hash->OUTPUT_LENGTH + 2; j++)
      if(DB[j])
         return false;

   u32bit salt_offset = 0;
   for(u32bit j = hash->OUTPUT_LENGTH + 2; j != DB.size(); j++)
      {
      if(DB[j] == 0x01)
         { salt_offset = j + 1; break; }
      if(DB[j])
         return false;
      }
   if(salt_offset == 0)
      return false;

   SecureVector<byte> salt(DB + salt_offset, DB.size() - salt_offset);

   for(u32bit j = 0; j != 8; j++)
      hash->update(0);
   hash->update(raw, raw.size());
   hash->update(salt, salt.size());
   SecureVector<byte> H2 = hash->final();

   return (H == H2);
   }

/*************************************************
* EMSA4 Constructor                              *
*************************************************/
EMSA4::EMSA4(const std::string& hash_name, const std::string& mgf_name) :
   SALT_SIZE(output_length_of(hash_name))
   {
   hash = get_hash(hash_name);
   mgf = get_mgf(mgf_name + "(" + hash_name + ")");
   }

/*************************************************
* EMSA4 Constructor                              *
*************************************************/
EMSA4::EMSA4(const std::string& hash_name, const std::string& mgf_name,
             u32bit salt_size) : SALT_SIZE(salt_size)
   {
   if(SALT_SIZE > output_length_of(hash_name))
      throw Invalid_Argument("EMSA4: Invalid salt size " +
                             to_string(salt_size));
   hash = get_hash(hash_name);
   mgf = get_mgf(mgf_name + "(" + hash_name + ")");
   }

}