https://github.com/weidai11/cryptopp
filters.cpp
// filters.cpp - originally written and placed in the public domain by Wei Dai
#include "pch.h"
#include "config.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(disable: 4189 4355)
#endif
#ifndef CRYPTOPP_IMPORTS
#include "filters.h"
#include "mqueue.h"
#include "fltrimpl.h"
#include "argnames.h"
#include "smartptr.h"
#include "stdcpp.h"
#include "misc.h"
NAMESPACE_BEGIN(CryptoPP)
Filter::Filter(BufferedTransformation *attachment)
: m_attachment(attachment), m_inputPosition(0), m_continueAt(0)
{
}
BufferedTransformation * Filter::NewDefaultAttachment() const
{
return new MessageQueue;
}
BufferedTransformation * Filter::AttachedTransformation()
{
if (m_attachment.get() == NULLPTR)
m_attachment.reset(NewDefaultAttachment());
return m_attachment.get();
}
const BufferedTransformation *Filter::AttachedTransformation() const
{
if (m_attachment.get() == NULLPTR)
const_cast<Filter *>(this)->m_attachment.reset(NewDefaultAttachment());
return m_attachment.get();
}
void Filter::Detach(BufferedTransformation *newOut)
{
m_attachment.reset(newOut);
}
void Filter::Insert(Filter *filter)
{
filter->m_attachment.reset(m_attachment.release());
m_attachment.reset(filter);
}
size_t Filter::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const
{
return AttachedTransformation()->CopyRangeTo2(target, begin, end, channel, blocking);
}
size_t Filter::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking)
{
return AttachedTransformation()->TransferTo2(target, transferBytes, channel, blocking);
}
void Filter::Initialize(const NameValuePairs ¶meters, int propagation)
{
m_inputPosition = m_continueAt = 0;
IsolatedInitialize(parameters);
PropagateInitialize(parameters, propagation);
}
bool Filter::Flush(bool hardFlush, int propagation, bool blocking)
{
switch (m_continueAt)
{
case 0:
if (IsolatedFlush(hardFlush, blocking))
return true;
// fall through
case 1:
if (OutputFlush(1, hardFlush, propagation, blocking))
return true;
// fall through
default: ;
}
return false;
}
bool Filter::MessageSeriesEnd(int propagation, bool blocking)
{
switch (m_continueAt)
{
case 0:
if (IsolatedMessageSeriesEnd(blocking))
return true;
// fall through
case 1:
if (ShouldPropagateMessageSeriesEnd() && OutputMessageSeriesEnd(1, propagation, blocking))
return true;
// fall through
default: ;
}
return false;
}
void Filter::PropagateInitialize(const NameValuePairs ¶meters, int propagation)
{
if (propagation)
AttachedTransformation()->Initialize(parameters, propagation-1);
}
size_t Filter::OutputModifiable(int outputSite, byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel)
{
if (messageEnd)
messageEnd--;
size_t result = AttachedTransformation()->ChannelPutModifiable2(channel, inString, length, messageEnd, blocking);
m_continueAt = result ? outputSite : 0;
return result;
}
size_t Filter::Output(int outputSite, const byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel)
{
if (messageEnd)
messageEnd--;
size_t result = AttachedTransformation()->ChannelPut2(channel, inString, length, messageEnd, blocking);
m_continueAt = result ? outputSite : 0;
return result;
}
bool Filter::OutputFlush(int outputSite, bool hardFlush, int propagation, bool blocking, const std::string &channel)
{
if (propagation && AttachedTransformation()->ChannelFlush(channel, hardFlush, propagation-1, blocking))
{
m_continueAt = outputSite;
return true;
}
m_continueAt = 0;
return false;
}
bool Filter::OutputMessageSeriesEnd(int outputSite, int propagation, bool blocking, const std::string &channel)
{
if (propagation && AttachedTransformation()->ChannelMessageSeriesEnd(channel, propagation-1, blocking))
{
m_continueAt = outputSite;
return true;
}
m_continueAt = 0;
return false;
}
// *************************************************************
void MeterFilter::ResetMeter()
{
m_currentMessageBytes = m_totalBytes = m_currentSeriesMessages = m_totalMessages = m_totalMessageSeries = 0;
m_rangesToSkip.clear();
}
void MeterFilter::AddRangeToSkip(unsigned int message, lword position, lword size, bool sortNow)
{
MessageRange r = {message, position, size};
m_rangesToSkip.push_back(r);
if (sortNow)
std::sort(m_rangesToSkip.begin(), m_rangesToSkip.end());
}
size_t MeterFilter::PutMaybeModifiable(byte *begin, size_t length, int messageEnd, bool blocking, bool modifiable)
{
if (!m_transparent)
return 0;
size_t t;
FILTER_BEGIN;
m_begin = begin;
m_length = length;
while (m_length > 0 || messageEnd)
{
if (m_length > 0 && !m_rangesToSkip.empty() && m_rangesToSkip.front().message == m_totalMessages && m_currentMessageBytes + m_length > m_rangesToSkip.front().position)
{
FILTER_OUTPUT_MAYBE_MODIFIABLE(1, m_begin, t = (size_t)SaturatingSubtract(m_rangesToSkip.front().position, m_currentMessageBytes), false, modifiable);
CRYPTOPP_ASSERT(t < m_length);
m_begin = PtrAdd(m_begin, t);
m_length -= t;
m_currentMessageBytes += t;
m_totalBytes += t;
if (m_currentMessageBytes + m_length < m_rangesToSkip.front().position + m_rangesToSkip.front().size)
t = m_length;
else
{
t = (size_t)SaturatingSubtract(m_rangesToSkip.front().position + m_rangesToSkip.front().size, m_currentMessageBytes);
CRYPTOPP_ASSERT(t <= m_length);
m_rangesToSkip.pop_front();
}
m_begin = PtrAdd(m_begin, t);
m_length -= t;
m_currentMessageBytes += t;
m_totalBytes += t;
}
else
{
FILTER_OUTPUT_MAYBE_MODIFIABLE(2, m_begin, m_length, messageEnd, modifiable);
m_currentMessageBytes += m_length;
m_totalBytes += m_length;
m_length = 0;
if (messageEnd)
{
m_currentMessageBytes = 0;
m_currentSeriesMessages++;
m_totalMessages++;
messageEnd = false;
}
}
}
FILTER_END_NO_MESSAGE_END;
}
size_t MeterFilter::Put2(const byte *begin, size_t length, int messageEnd, bool blocking)
{
return PutMaybeModifiable(const_cast<byte *>(begin), length, messageEnd, blocking, false);
}
size_t MeterFilter::PutModifiable2(byte *begin, size_t length, int messageEnd, bool blocking)
{
return PutMaybeModifiable(begin, length, messageEnd, blocking, true);
}
bool MeterFilter::IsolatedMessageSeriesEnd(bool blocking)
{
CRYPTOPP_UNUSED(blocking);
m_currentMessageBytes = 0;
m_currentSeriesMessages = 0;
m_totalMessageSeries++;
return false;
}
// *************************************************************
void FilterWithBufferedInput::BlockQueue::ResetQueue(size_t blockSize, size_t maxBlocks)
{
m_buffer.New(blockSize * maxBlocks);
m_blockSize = blockSize;
m_maxBlocks = maxBlocks;
m_size = 0;
m_begin = m_buffer;
}
byte *FilterWithBufferedInput::BlockQueue::GetBlock()
{
if (m_size >= m_blockSize)
{
byte *ptr = m_begin;
if ((m_begin = PtrAdd(m_begin, m_blockSize)) == m_buffer.end())
m_begin = m_buffer;
m_size -= m_blockSize;
return ptr;
}
else
return NULLPTR;
}
byte *FilterWithBufferedInput::BlockQueue::GetContigousBlocks(size_t &numberOfBytes)
{
numberOfBytes = STDMIN(numberOfBytes, STDMIN<size_t>(PtrDiff(m_buffer.end(), m_begin), m_size));
byte *ptr = m_begin;
m_begin = PtrAdd(m_begin, numberOfBytes);
m_size -= numberOfBytes;
if (m_size == 0 || m_begin == m_buffer.end())
m_begin = m_buffer;
return ptr;
}
size_t FilterWithBufferedInput::BlockQueue::GetAll(byte *outString)
{
// Avoid passing NULL pointer to memcpy
if (!outString) return 0;
size_t size = m_size;
size_t numberOfBytes = m_maxBlocks*m_blockSize;
const byte *ptr = GetContigousBlocks(numberOfBytes);
std::memcpy(outString, ptr, numberOfBytes);
std::memcpy(PtrAdd(outString, numberOfBytes), m_begin, m_size);
m_size = 0;
return size;
}
void FilterWithBufferedInput::BlockQueue::Put(const byte *inString, size_t length)
{
// Avoid passing NULL pointer to memcpy
if (!inString || !length) return;
CRYPTOPP_ASSERT(m_size + length <= m_buffer.size());
byte *end = (m_size < static_cast<size_t>(PtrDiff(m_buffer.end(), m_begin)) ?
PtrAdd(m_begin, m_size) : PtrAdd(m_begin, m_size - m_buffer.size()));
size_t len = STDMIN(length, size_t(m_buffer.end()-end));
std::memcpy(end, inString, len);
if (len < length)
std::memcpy(m_buffer, PtrAdd(inString, len), length-len);
m_size += length;
}
FilterWithBufferedInput::FilterWithBufferedInput(BufferedTransformation *attachment)
: Filter(attachment), m_firstSize(SIZE_MAX), m_blockSize(0), m_lastSize(SIZE_MAX), m_firstInputDone(false)
{
}
FilterWithBufferedInput::FilterWithBufferedInput(size_t firstSize, size_t blockSize, size_t lastSize, BufferedTransformation *attachment)
: Filter(attachment), m_firstSize(firstSize), m_blockSize(blockSize), m_lastSize(lastSize), m_firstInputDone(false)
{
if (m_firstSize == SIZE_MAX || m_blockSize < 1 || m_lastSize == SIZE_MAX)
throw InvalidArgument("FilterWithBufferedInput: invalid buffer size");
m_queue.ResetQueue(1, m_firstSize);
}
void FilterWithBufferedInput::IsolatedInitialize(const NameValuePairs ¶meters)
{
InitializeDerivedAndReturnNewSizes(parameters, m_firstSize, m_blockSize, m_lastSize);
if (m_firstSize == SIZE_MAX || m_blockSize < 1 || m_lastSize == SIZE_MAX)
throw InvalidArgument("FilterWithBufferedInput: invalid buffer size");
m_queue.ResetQueue(1, m_firstSize);
m_firstInputDone = false;
}
bool FilterWithBufferedInput::IsolatedFlush(bool hardFlush, bool blocking)
{
if (!blocking)
throw BlockingInputOnly("FilterWithBufferedInput");
if (hardFlush)
ForceNextPut();
FlushDerived();
return false;
}
size_t FilterWithBufferedInput::PutMaybeModifiable(byte *inString, size_t length, int messageEnd, bool blocking, bool modifiable)
{
if (!blocking)
throw BlockingInputOnly("FilterWithBufferedInput");
if (length != 0)
{
size_t newLength = m_queue.CurrentSize() + length;
if (!m_firstInputDone && newLength >= m_firstSize)
{
size_t len = m_firstSize - m_queue.CurrentSize();
m_queue.Put(inString, len);
FirstPut(m_queue.GetContigousBlocks(m_firstSize));
CRYPTOPP_ASSERT(m_queue.CurrentSize() == 0);
m_queue.ResetQueue(m_blockSize, (2*m_blockSize+m_lastSize-2)/m_blockSize);
inString = PtrAdd(inString, len);
newLength -= m_firstSize;
m_firstInputDone = true;
}
if (m_firstInputDone)
{
if (m_blockSize == 1)
{
while (newLength > m_lastSize && m_queue.CurrentSize() > 0)
{
size_t len = newLength - m_lastSize;
byte *ptr = m_queue.GetContigousBlocks(len);
NextPutModifiable(ptr, len);
newLength -= len;
}
if (newLength > m_lastSize)
{
size_t len = newLength - m_lastSize;
NextPutMaybeModifiable(inString, len, modifiable);
inString = PtrAdd(inString, len);
newLength -= len;
}
}
else
{
while (newLength >= m_blockSize + m_lastSize && m_queue.CurrentSize() >= m_blockSize)
{
NextPutModifiable(m_queue.GetBlock(), m_blockSize);
newLength -= m_blockSize;
}
if (newLength >= m_blockSize + m_lastSize && m_queue.CurrentSize() > 0)
{
CRYPTOPP_ASSERT(m_queue.CurrentSize() < m_blockSize);
size_t len = m_blockSize - m_queue.CurrentSize();
m_queue.Put(inString, len);
inString = PtrAdd(inString, len);
NextPutModifiable(m_queue.GetBlock(), m_blockSize);
newLength -= m_blockSize;
}
if (newLength >= m_blockSize + m_lastSize)
{
size_t len = RoundDownToMultipleOf(newLength - m_lastSize, m_blockSize);
NextPutMaybeModifiable(inString, len, modifiable);
inString = PtrAdd(inString, len);
newLength -= len;
}
}
}
m_queue.Put(inString, newLength - m_queue.CurrentSize());
}
if (messageEnd)
{
if (!m_firstInputDone && m_firstSize==0)
FirstPut(NULLPTR);
SecByteBlock temp(m_queue.CurrentSize());
m_queue.GetAll(temp);
LastPut(temp, temp.size());
m_firstInputDone = false;
m_queue.ResetQueue(1, m_firstSize);
// Cast to void to suppress Coverity finding
(void)Output(1, NULLPTR, 0, messageEnd, blocking);
}
return 0;
}
void FilterWithBufferedInput::ForceNextPut()
{
if (!m_firstInputDone)
return;
if (m_blockSize > 1)
{
while (m_queue.CurrentSize() >= m_blockSize)
NextPutModifiable(m_queue.GetBlock(), m_blockSize);
}
else
{
size_t len;
while ((len = m_queue.CurrentSize()) > 0)
NextPutModifiable(m_queue.GetContigousBlocks(len), len);
}
}
void FilterWithBufferedInput::NextPutMultiple(const byte *inString, size_t length)
{
CRYPTOPP_ASSERT(m_blockSize > 1); // m_blockSize = 1 should always override this function
while (length > 0)
{
CRYPTOPP_ASSERT(length >= m_blockSize);
NextPutSingle(inString);
inString = PtrAdd(inString, m_blockSize);
length -= m_blockSize;
}
}
// *************************************************************
void Redirector::Initialize(const NameValuePairs ¶meters, int propagation)
{
m_target = parameters.GetValueWithDefault("RedirectionTargetPointer", (BufferedTransformation*)NULLPTR);
m_behavior = parameters.GetIntValueWithDefault("RedirectionBehavior", PASS_EVERYTHING);
if (m_target && GetPassSignals())
m_target->Initialize(parameters, propagation);
}
// *************************************************************
ProxyFilter::ProxyFilter(BufferedTransformation *filter, size_t firstSize, size_t lastSize, BufferedTransformation *attachment)
: FilterWithBufferedInput(firstSize, 1, lastSize, attachment), m_filter(filter)
{
if (m_filter.get())
m_filter->Attach(new OutputProxy(*this, false));
}
bool ProxyFilter::IsolatedFlush(bool hardFlush, bool blocking)
{
return m_filter.get() ? m_filter->Flush(hardFlush, -1, blocking) : false;
}
void ProxyFilter::SetFilter(Filter *filter)
{
m_filter.reset(filter);
if (filter)
{
OutputProxy *proxy;
member_ptr<OutputProxy> temp(proxy = new OutputProxy(*this, false));
m_filter->TransferAllTo(*proxy);
m_filter->Attach(temp.release());
}
}
void ProxyFilter::NextPutMultiple(const byte *s, size_t len)
{
if (m_filter.get())
m_filter->Put(s, len);
}
void ProxyFilter::NextPutModifiable(byte *s, size_t len)
{
if (m_filter.get())
m_filter->PutModifiable(s, len);
}
// *************************************************************
void RandomNumberSink::IsolatedInitialize(const NameValuePairs ¶meters)
{
parameters.GetRequiredParameter("RandomNumberSink", "RandomNumberGeneratorPointer", m_rng);
}
size_t RandomNumberSink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking)
{
CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking);
m_rng->IncorporateEntropy(begin, length);
return 0;
}
size_t ArraySink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking)
{
CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking);
// Avoid passing NULL pointer to memcpy. Using std::memmove due to
// Valgrind finding on overlapping buffers.
size_t copied = 0;
if (m_buf && begin)
{
copied = STDMIN(length, SaturatingSubtract(m_size, m_total));
std::memmove(PtrAdd(m_buf, m_total), begin, copied);
}
m_total += copied;
return length - copied;
}
byte * ArraySink::CreatePutSpace(size_t &size)
{
size = SaturatingSubtract(m_size, m_total);
return PtrAdd(m_buf, m_total);
}
void ArraySink::IsolatedInitialize(const NameValuePairs ¶meters)
{
ByteArrayParameter array;
if (!parameters.GetValue(Name::OutputBuffer(), array))
throw InvalidArgument("ArraySink: missing OutputBuffer argument");
m_buf = array.begin();
m_size = array.size();
}
size_t ArrayXorSink::Put2(const byte *begin, size_t length, int messageEnd, bool blocking)
{
CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking);
// Avoid passing NULL pointer to xorbuf
size_t copied = 0;
if (m_buf && begin)
{
copied = STDMIN(length, SaturatingSubtract(m_size, m_total));
xorbuf(PtrAdd(m_buf, m_total), begin, copied);
}
m_total += copied;
return length - copied;
}
// *************************************************************
StreamTransformationFilter::StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment, BlockPaddingScheme padding)
: FilterWithBufferedInput(attachment), m_cipher(c), m_padding(DEFAULT_PADDING)
{
CRYPTOPP_ASSERT(c.MinLastBlockSize() == 0 || c.MinLastBlockSize() > c.MandatoryBlockSize());
const bool authenticatedFilter = dynamic_cast<AuthenticatedSymmetricCipher *>(&c) != NULLPTR;
if (authenticatedFilter)
throw InvalidArgument("StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher");
// InitializeDerivedAndReturnNewSizes may override some of these
m_mandatoryBlockSize = m_cipher.MandatoryBlockSize();
m_optimalBufferSize = m_cipher.OptimalBlockSize();
m_isSpecial = m_cipher.IsLastBlockSpecial() && m_mandatoryBlockSize > 1;
m_reservedBufferSize = STDMAX(2*m_mandatoryBlockSize, m_optimalBufferSize);
FilterWithBufferedInput::IsolatedInitialize(
MakeParameters
(Name::BlockPaddingScheme(), padding));
}
StreamTransformationFilter::StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment, BlockPaddingScheme padding, bool authenticated)
: FilterWithBufferedInput(attachment), m_cipher(c), m_padding(DEFAULT_PADDING)
{
const bool authenticatedFilter = dynamic_cast<AuthenticatedSymmetricCipher *>(&c) != NULLPTR;
if (!authenticatedFilter)
{
CRYPTOPP_ASSERT(c.MinLastBlockSize() == 0 || c.MinLastBlockSize() > c.MandatoryBlockSize());
}
if (authenticatedFilter && !authenticated)
throw InvalidArgument("StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher");
// InitializeDerivedAndReturnNewSizes may override some of these
m_mandatoryBlockSize = m_cipher.MandatoryBlockSize();
m_optimalBufferSize = m_cipher.OptimalBlockSize();
m_isSpecial = m_cipher.IsLastBlockSpecial() && m_mandatoryBlockSize > 1;
m_reservedBufferSize = STDMAX(2*m_mandatoryBlockSize, m_optimalBufferSize);
FilterWithBufferedInput::IsolatedInitialize(
MakeParameters
(Name::BlockPaddingScheme(), padding));
}
size_t StreamTransformationFilter::LastBlockSize(StreamTransformation &c, BlockPaddingScheme padding)
{
if (c.MinLastBlockSize() > 0)
return c.MinLastBlockSize();
else if (c.MandatoryBlockSize() > 1 && !c.IsForwardTransformation() && padding != NO_PADDING && padding != ZEROS_PADDING)
return c.MandatoryBlockSize();
return 0;
}
void StreamTransformationFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize)
{
BlockPaddingScheme padding = parameters.GetValueWithDefault(Name::BlockPaddingScheme(), DEFAULT_PADDING);
bool isBlockCipher = (m_mandatoryBlockSize > 1 && m_cipher.MinLastBlockSize() == 0);
if (padding == DEFAULT_PADDING)
m_padding = isBlockCipher ? PKCS_PADDING : NO_PADDING;
else
m_padding = padding;
if (!isBlockCipher)
{
if (m_padding == PKCS_PADDING)
throw InvalidArgument("StreamTransformationFilter: PKCS_PADDING cannot be used with " + m_cipher.AlgorithmName());
else if (m_padding == W3C_PADDING)
throw InvalidArgument("StreamTransformationFilter: W3C_PADDING cannot be used with " + m_cipher.AlgorithmName());
else if (m_padding == ONE_AND_ZEROS_PADDING)
throw InvalidArgument("StreamTransformationFilter: ONE_AND_ZEROS_PADDING cannot be used with " + m_cipher.AlgorithmName());
}
firstSize = 0;
blockSize = m_mandatoryBlockSize;
lastSize = LastBlockSize(m_cipher, m_padding);
}
void StreamTransformationFilter::FirstPut(const byte* inString)
{
CRYPTOPP_UNUSED(inString);
m_optimalBufferSize = STDMAX<unsigned int>(m_optimalBufferSize, RoundDownToMultipleOf(4096U, m_optimalBufferSize));
}
void StreamTransformationFilter::NextPutMultiple(const byte *inString, size_t length)
{
if (!length)
{return;}
const size_t s = m_cipher.MandatoryBlockSize();
do
{
size_t len = m_optimalBufferSize;
byte *space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, s, length, len);
if (len < length)
{
if (len == m_optimalBufferSize)
len -= m_cipher.GetOptimalBlockSizeUsed();
len = RoundDownToMultipleOf(len, s);
}
else
len = length;
m_cipher.ProcessString(space, inString, len);
AttachedTransformation()->PutModifiable(space, len);
inString = PtrAdd(inString, len);
length -= len;
}
while (length > 0);
}
void StreamTransformationFilter::NextPutModifiable(byte *inString, size_t length)
{
m_cipher.ProcessString(inString, length);
AttachedTransformation()->PutModifiable(inString, length);
}
void StreamTransformationFilter::LastPut(const byte *inString, size_t length)
{
// This block is new to StreamTransformationFilter. It is somewhat of a hack and was
// added for OCB mode; see GitHub Issue 515. The rub with OCB is, its a block cipher
// and the last block size can be 0. However, "last block = 0" is not the 0 predicated
// in the original code. In the original code 0 means "nothing special" so
// DEFAULT_PADDING is applied. OCB's 0 literally means a final block size can be 0 or
// non-0; and no padding is needed in either case because OCB has its own scheme (see
// handling of P_* and A_*).
// Stream ciphers have policy objects to convey how to operate the cipher. The Crypto++
// framework operates well when MinLastBlockSize() is 1. However, it did not appear to
// cover the OCB case either because we can't stream OCB. It needs full block sizes. In
// response we hacked a IsLastBlockSpecial(). When true StreamTransformationFilter
// defers to the mode for processing of the last block.
// The behavior supplied when IsLastBlockSpecial() will likely have to evolve to capture
// more complex cases from different authenc modes. I suspect it will have to change
// from a simple bool to something that conveys more information, like "last block
// no padding" or "custom padding applied by cipher".
// In some respect we have already hit the need for more information. For example, OCB
// calculates the checksum on the cipher text at the same time, so we don't need the
// disjoint behavior of calling "EncryptBlock" followed by a separate "AuthenticateBlock".
// Additional information may allow us to avoid the two separate calls.
if (m_isSpecial)
{
const size_t leftOver = length % m_mandatoryBlockSize;
byte* space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, m_reservedBufferSize);
length -= leftOver;
if (length)
{
// Process full blocks
m_cipher.ProcessData(space, inString, length);
AttachedTransformation()->Put(space, length);
inString = PtrAdd(inString, length);
}
if (leftOver)
{
// Process final partial block
length = m_cipher.ProcessLastBlock(space, m_reservedBufferSize, inString, leftOver);
AttachedTransformation()->Put(space, length);
}
else
{
// Process final empty block
length = m_cipher.ProcessLastBlock(space, m_reservedBufferSize, NULLPTR, 0);
AttachedTransformation()->Put(space, length);
}
return;
}
switch (m_padding)
{
case NO_PADDING:
case ZEROS_PADDING:
if (length > 0)
{
const size_t minLastBlockSize = m_cipher.MinLastBlockSize();
const bool isForwardTransformation = m_cipher.IsForwardTransformation();
if (isForwardTransformation && m_padding == ZEROS_PADDING && (minLastBlockSize == 0 || length < minLastBlockSize))
{
// do padding
size_t blockSize = STDMAX(minLastBlockSize, (size_t)m_mandatoryBlockSize);
byte* space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, blockSize);
if (inString) {std::memcpy(space, inString, length);}
std::memset(PtrAdd(space, length), 0, blockSize - length);
size_t used = m_cipher.ProcessLastBlock(space, blockSize, space, blockSize);
AttachedTransformation()->Put(space, used);
}
else
{
if (minLastBlockSize == 0)
{
if (isForwardTransformation)
throw InvalidDataFormat("StreamTransformationFilter: plaintext length is not a multiple of block size and NO_PADDING is specified");
else
throw InvalidCiphertext("StreamTransformationFilter: ciphertext length is not a multiple of block size");
}
byte* space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, length, m_optimalBufferSize);
size_t used = m_cipher.ProcessLastBlock(space, length, inString, length);
AttachedTransformation()->Put(space, used);
}
}
break;
case PKCS_PADDING:
case W3C_PADDING:
case ONE_AND_ZEROS_PADDING:
unsigned int s;
byte* space;
s = m_mandatoryBlockSize;
CRYPTOPP_ASSERT(s > 1);
space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, s, m_optimalBufferSize);
if (m_cipher.IsForwardTransformation())
{
CRYPTOPP_ASSERT(length < s);
if (inString) {std::memcpy(space, inString, length);}
if (m_padding == PKCS_PADDING)
{
CRYPTOPP_ASSERT(s < 256);
byte pad = static_cast<byte>(s-length);
std::memset(PtrAdd(space, length), pad, s-length);
}
else if (m_padding == W3C_PADDING)
{
CRYPTOPP_ASSERT(s < 256);
std::memset(PtrAdd(space, length), 0, s-length-1);
space[s-1] = static_cast<byte>(s-length);
}
else
{
space[length] = 0x80;
std::memset(PtrAdd(space, length+1), 0, s-length-1);
}
m_cipher.ProcessData(space, space, s);
AttachedTransformation()->Put(space, s);
}
else
{
if (length != s)
throw InvalidCiphertext("StreamTransformationFilter: ciphertext length is not a multiple of block size");
m_cipher.ProcessData(space, inString, s);
if (m_padding == PKCS_PADDING)
{
byte pad = space[s-1];
if (pad < 1 || pad > s || FindIfNot(PtrAdd(space, s-pad), PtrAdd(space, s), pad) != PtrAdd(space, s))
throw InvalidCiphertext("StreamTransformationFilter: invalid PKCS #7 block padding found");
length = s-pad;
}
else if (m_padding == W3C_PADDING)
{
byte pad = space[s - 1];
if (pad < 1 || pad > s)
throw InvalidCiphertext("StreamTransformationFilter: invalid W3C block padding found");
length = s - pad;
}
else
{
while (length > 1 && space[length-1] == 0)
--length;
if (space[--length] != 0x80)
throw InvalidCiphertext("StreamTransformationFilter: invalid ones-and-zeros padding found");
}
AttachedTransformation()->Put(space, length);
}
break;
default:
CRYPTOPP_ASSERT(false);
}
}
// *************************************************************
HashFilter::HashFilter(HashTransformation &hm, BufferedTransformation *attachment, bool putMessage, int truncatedDigestSize, const std::string &messagePutChannel, const std::string &hashPutChannel)
: m_hashModule(hm), m_putMessage(putMessage), m_digestSize(0), m_space(NULLPTR)
, m_messagePutChannel(messagePutChannel), m_hashPutChannel(hashPutChannel)
{
m_digestSize = truncatedDigestSize < 0 ? m_hashModule.DigestSize() : truncatedDigestSize;
Detach(attachment);
}
void HashFilter::IsolatedInitialize(const NameValuePairs ¶meters)
{
m_putMessage = parameters.GetValueWithDefault(Name::PutMessage(), false);
int s = parameters.GetIntValueWithDefault(Name::TruncatedDigestSize(), -1);
m_digestSize = s < 0 ? m_hashModule.DigestSize() : s;
}
size_t HashFilter::Put2(const byte *inString, size_t length, int messageEnd, bool blocking)
{
FILTER_BEGIN;
if (m_putMessage)
FILTER_OUTPUT3(1, 0, inString, length, 0, m_messagePutChannel);
if (inString && length)
m_hashModule.Update(inString, length);
if (messageEnd)
{
{
size_t size;
m_space = HelpCreatePutSpace(*AttachedTransformation(), m_hashPutChannel, m_digestSize, m_digestSize, size = m_digestSize);
m_hashModule.TruncatedFinal(m_space, m_digestSize);
}
FILTER_OUTPUT3(2, 0, m_space, m_digestSize, messageEnd, m_hashPutChannel);
}
FILTER_END_NO_MESSAGE_END;
}
// *************************************************************
HashVerificationFilter::HashVerificationFilter(HashTransformation &hm, BufferedTransformation *attachment, word32 flags, int truncatedDigestSize)
: FilterWithBufferedInput(attachment)
, m_hashModule(hm), m_flags(0), m_digestSize(0), m_verified(false)
{
FilterWithBufferedInput::IsolatedInitialize(
MakeParameters
(Name::HashVerificationFilterFlags(), flags)
(Name::TruncatedDigestSize(), truncatedDigestSize));
}
void HashVerificationFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize)
{
m_flags = parameters.GetValueWithDefault(Name::HashVerificationFilterFlags(), (word32)DEFAULT_FLAGS);
int s = parameters.GetIntValueWithDefault(Name::TruncatedDigestSize(), -1);
m_digestSize = s < 0 ? m_hashModule.DigestSize() : s;
m_verified = false;
firstSize = m_flags & HASH_AT_BEGIN ? m_digestSize : 0;
blockSize = 1;
lastSize = m_flags & HASH_AT_BEGIN ? 0 : m_digestSize;
}
void HashVerificationFilter::FirstPut(const byte *inString)
{
if (m_flags & HASH_AT_BEGIN)
{
m_expectedHash.New(m_digestSize);
if (inString) {std::memcpy(m_expectedHash, inString, m_expectedHash.size());}
if (m_flags & PUT_HASH)
AttachedTransformation()->Put(inString, m_expectedHash.size());
}
}
void HashVerificationFilter::NextPutMultiple(const byte *inString, size_t length)
{
m_hashModule.Update(inString, length);
if (m_flags & PUT_MESSAGE)
AttachedTransformation()->Put(inString, length);
}
void HashVerificationFilter::LastPut(const byte *inString, size_t length)
{
if (m_flags & HASH_AT_BEGIN)
{
CRYPTOPP_ASSERT(length == 0);
m_verified = m_hashModule.TruncatedVerify(m_expectedHash, m_digestSize);
}
else
{
m_verified = (length==m_digestSize && m_hashModule.TruncatedVerify(inString, length));
if (m_flags & PUT_HASH)
AttachedTransformation()->Put(inString, length);
}
if (m_flags & PUT_RESULT)
AttachedTransformation()->Put(m_verified);
if ((m_flags & THROW_EXCEPTION) && !m_verified)
throw HashVerificationFailed();
}
// *************************************************************
AuthenticatedEncryptionFilter::AuthenticatedEncryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment,
bool putAAD, int truncatedDigestSize, const std::string &macChannel, BlockPaddingScheme padding)
: StreamTransformationFilter(c, attachment, padding, true)
, m_hf(c, new OutputProxy(*this, false), putAAD, truncatedDigestSize, AAD_CHANNEL, macChannel)
{
CRYPTOPP_ASSERT(c.IsForwardTransformation());
}
void AuthenticatedEncryptionFilter::IsolatedInitialize(const NameValuePairs ¶meters)
{
m_hf.IsolatedInitialize(parameters);
StreamTransformationFilter::IsolatedInitialize(parameters);
}
byte * AuthenticatedEncryptionFilter::ChannelCreatePutSpace(const std::string &channel, size_t &size)
{
if (channel.empty())
return StreamTransformationFilter::CreatePutSpace(size);
if (channel == AAD_CHANNEL)
return m_hf.CreatePutSpace(size);
throw InvalidChannelName("AuthenticatedEncryptionFilter", channel);
}
size_t AuthenticatedEncryptionFilter::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking)
{
if (channel.empty())
return StreamTransformationFilter::Put2(begin, length, messageEnd, blocking);
if (channel == AAD_CHANNEL)
return m_hf.Put2(begin, length, 0, blocking);
throw InvalidChannelName("AuthenticatedEncryptionFilter", channel);
}
void AuthenticatedEncryptionFilter::LastPut(const byte *inString, size_t length)
{
StreamTransformationFilter::LastPut(inString, length);
m_hf.MessageEnd();
}
// *************************************************************
AuthenticatedDecryptionFilter::AuthenticatedDecryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment, word32 flags, int truncatedDigestSize, BlockPaddingScheme padding)
: FilterWithBufferedInput(attachment)
, m_hashVerifier(c, new OutputProxy(*this, false))
, m_streamFilter(c, new OutputProxy(*this, false), padding, true)
{
CRYPTOPP_ASSERT(!c.IsForwardTransformation() || c.IsSelfInverting());
FilterWithBufferedInput::IsolatedInitialize(
MakeParameters
(Name::BlockPaddingScheme(), padding)
(Name::AuthenticatedDecryptionFilterFlags(), flags)
(Name::TruncatedDigestSize(), truncatedDigestSize));
}
void AuthenticatedDecryptionFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize)
{
word32 flags = parameters.GetValueWithDefault(Name::AuthenticatedDecryptionFilterFlags(), (word32)DEFAULT_FLAGS);
m_hashVerifier.Initialize(CombinedNameValuePairs(parameters, MakeParameters(Name::HashVerificationFilterFlags(), flags)));
m_streamFilter.Initialize(parameters);
firstSize = m_hashVerifier.m_firstSize;
blockSize = 1;
lastSize = m_hashVerifier.m_lastSize;
}
byte * AuthenticatedDecryptionFilter::ChannelCreatePutSpace(const std::string &channel, size_t &size)
{
if (channel.empty())
return m_streamFilter.CreatePutSpace(size);
if (channel == AAD_CHANNEL)
return m_hashVerifier.CreatePutSpace(size);
throw InvalidChannelName("AuthenticatedDecryptionFilter", channel);
}
size_t AuthenticatedDecryptionFilter::ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking)
{
if (channel.empty())
{
if (m_lastSize > 0)
m_hashVerifier.ForceNextPut();
return FilterWithBufferedInput::Put2(begin, length, messageEnd, blocking);
}
if (channel == AAD_CHANNEL)
return m_hashVerifier.Put2(begin, length, 0, blocking);
throw InvalidChannelName("AuthenticatedDecryptionFilter", channel);
}
void AuthenticatedDecryptionFilter::FirstPut(const byte *inString)
{
m_hashVerifier.Put(inString, m_firstSize);
}
void AuthenticatedDecryptionFilter::NextPutMultiple(const byte *inString, size_t length)
{
m_streamFilter.Put(inString, length);
}
void AuthenticatedDecryptionFilter::LastPut(const byte *inString, size_t length)
{
m_streamFilter.MessageEnd();
m_hashVerifier.PutMessageEnd(inString, length);
}
// *************************************************************
void SignerFilter::IsolatedInitialize(const NameValuePairs ¶meters)
{
m_putMessage = parameters.GetValueWithDefault(Name::PutMessage(), false);
m_messageAccumulator.reset(m_signer.NewSignatureAccumulator(m_rng));
}
size_t SignerFilter::Put2(const byte *inString, size_t length, int messageEnd, bool blocking)
{
FILTER_BEGIN;
m_messageAccumulator->Update(inString, length);
if (m_putMessage)
FILTER_OUTPUT(1, inString, length, 0);
if (messageEnd)
{
m_buf.New(m_signer.SignatureLength());
m_signer.Sign(m_rng, m_messageAccumulator.release(), m_buf);
FILTER_OUTPUT(2, m_buf, m_buf.size(), messageEnd);
m_messageAccumulator.reset(m_signer.NewSignatureAccumulator(m_rng));
}
FILTER_END_NO_MESSAGE_END;
}
SignatureVerificationFilter::SignatureVerificationFilter(const PK_Verifier &verifier, BufferedTransformation *attachment, word32 flags)
: FilterWithBufferedInput(attachment)
, m_verifier(verifier), m_flags(0), m_verified(0)
{
FilterWithBufferedInput::IsolatedInitialize(
MakeParameters
(Name::SignatureVerificationFilterFlags(), flags));
}
void SignatureVerificationFilter::InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize)
{
m_flags = parameters.GetValueWithDefault(Name::SignatureVerificationFilterFlags(), (word32)DEFAULT_FLAGS);
m_messageAccumulator.reset(m_verifier.NewVerificationAccumulator());
size_t size = m_verifier.SignatureLength();
CRYPTOPP_ASSERT(size != 0); // TODO: handle recoverable signature scheme
m_verified = false;
firstSize = m_flags & SIGNATURE_AT_BEGIN ? size : 0;
blockSize = 1;
lastSize = m_flags & SIGNATURE_AT_BEGIN ? 0 : size;
}
void SignatureVerificationFilter::FirstPut(const byte *inString)
{
if (m_flags & SIGNATURE_AT_BEGIN)
{
if (m_verifier.SignatureUpfront())
m_verifier.InputSignature(*m_messageAccumulator, inString, m_verifier.SignatureLength());
else
{
m_signature.New(m_verifier.SignatureLength());
if (inString) {std::memcpy(m_signature, inString, m_signature.size());}
}
if (m_flags & PUT_SIGNATURE)
AttachedTransformation()->Put(inString, m_signature.size());
}
else
{
CRYPTOPP_ASSERT(!m_verifier.SignatureUpfront());
}
}
void SignatureVerificationFilter::NextPutMultiple(const byte *inString, size_t length)
{
m_messageAccumulator->Update(inString, length);
if (m_flags & PUT_MESSAGE)
AttachedTransformation()->Put(inString, length);
}
void SignatureVerificationFilter::LastPut(const byte *inString, size_t length)
{
if (m_flags & SIGNATURE_AT_BEGIN)
{
CRYPTOPP_ASSERT(length == 0);
m_verifier.InputSignature(*m_messageAccumulator, m_signature, m_signature.size());
m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator);
}
else
{
m_verifier.InputSignature(*m_messageAccumulator, inString, length);
m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator);
if (m_flags & PUT_SIGNATURE)
AttachedTransformation()->Put(inString, length);
}
if (m_flags & PUT_RESULT)
AttachedTransformation()->Put(m_verified);
if ((m_flags & THROW_EXCEPTION) && !m_verified)
throw SignatureVerificationFailed();
}
// *************************************************************
size_t Source::PumpAll2(bool blocking)
{
unsigned int messageCount = UINT_MAX;
do {
RETURN_IF_NONZERO(PumpMessages2(messageCount, blocking));
} while(messageCount == UINT_MAX);
return 0;
}
bool Store::GetNextMessage()
{
if (!m_messageEnd && !AnyRetrievable())
{
m_messageEnd=true;
return true;
}
else
return false;
}
unsigned int Store::CopyMessagesTo(BufferedTransformation &target, unsigned int count, const std::string &channel) const
{
if (m_messageEnd || count == 0)
return 0;
else
{
CopyTo(target, ULONG_MAX, channel);
if (GetAutoSignalPropagation())
target.ChannelMessageEnd(channel, GetAutoSignalPropagation()-1);
return 1;
}
}
void StringStore::StoreInitialize(const NameValuePairs ¶meters)
{
ConstByteArrayParameter array;
if (!parameters.GetValue(Name::InputBuffer(), array))
throw InvalidArgument("StringStore: missing InputBuffer argument");
m_store = array.begin();
m_length = array.size();
m_count = 0;
}
size_t StringStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking)
{
lword position = 0;
size_t blockedBytes = CopyRangeTo2(target, position, transferBytes, channel, blocking);
m_count += static_cast<size_t>(position);
transferBytes = position;
return blockedBytes;
}
size_t StringStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const
{
size_t i = UnsignedMin(m_length, m_count+begin);
size_t len = UnsignedMin(m_length-i, end-begin);
size_t blockedBytes = target.ChannelPut2(channel, PtrAdd(m_store, i), len, 0, blocking);
if (!blockedBytes)
begin = PtrAdd(begin, len);
return blockedBytes;
}
void RandomNumberStore::StoreInitialize(const NameValuePairs ¶meters)
{
parameters.GetRequiredParameter("RandomNumberStore", "RandomNumberGeneratorPointer", m_rng);
int length;
parameters.GetRequiredIntParameter("RandomNumberStore", "RandomNumberStoreSize", length);
m_length = length;
}
size_t RandomNumberStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking)
{
if (!blocking)
throw NotImplemented("RandomNumberStore: nonblocking transfer is not implemented by this object");
transferBytes = UnsignedMin(transferBytes, m_length - m_count);
m_rng->GenerateIntoBufferedTransformation(target, channel, transferBytes);
m_count += transferBytes;
return 0;
}
size_t NullStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end, const std::string &channel, bool blocking) const
{
static const byte nullBytes[128] = {0};
while (begin < end)
{
size_t len = (size_t)STDMIN(end-begin, lword(128));
size_t blockedBytes = target.ChannelPut2(channel, nullBytes, len, 0, blocking);
if (blockedBytes)
return blockedBytes;
begin = PtrAdd(begin, len);
}
return 0;
}
size_t NullStore::TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel, bool blocking)
{
lword begin = 0;
size_t blockedBytes = NullStore::CopyRangeTo2(target, begin, transferBytes, channel, blocking);
transferBytes = begin; m_size -= begin;
return blockedBytes;
}
NAMESPACE_END
#endif
