ladybird/Userland/Libraries/LibCrypto/Hash/MGF.h
Sergey Bugaev e720eadd9e LibCrypto: Skip the check against 2^32 on 32-bit
We can't have a length that large there. This was causing a build error
about shifting a 32-bit value by 32 bits.
2024-05-02 07:46:53 -06:00

57 lines
1.8 KiB
C++

/*
* Copyright (c) 2024, stelar7 <dudedbz@gmail.com>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#pragma once
#include <AK/ByteBuffer.h>
#include <AK/ByteReader.h>
#include <AK/Endian.h>
namespace Crypto::Hash {
class MGF {
public:
// https://datatracker.ietf.org/doc/html/rfc2437#section-10.2.1
template<typename HashFunction>
static ErrorOr<ByteBuffer> mgf1(ReadonlyBytes seed, size_t length)
requires requires { HashFunction::digest_size(); }
{
HashFunction hash;
size_t h_len = hash.digest_size();
// 1. If length > 2^32(hLen), output "mask too long" and stop.
if constexpr (sizeof(size_t) > 32) {
if (length > (h_len << 32))
return Error::from_string_view("mask too long"sv);
}
// 2. Let T be the empty octet string.
auto t = TRY(ByteBuffer::create_uninitialized(0));
// 3. For counter from 0 to ceil(length / hLen) - 1, do the following:
auto counter = 0u;
auto iterations = AK::ceil_div(length, h_len) - 1;
auto c = TRY(ByteBuffer::create_uninitialized(4));
for (; counter <= iterations; ++counter) {
// a. Convert counter to an octet string C of length 4 with the primitive I2OSP: C = I2OSP(counter, 4)
ByteReader::store(static_cast<u8*>(c.data()), AK::convert_between_host_and_big_endian(static_cast<u32>(counter)));
// b. Concatenate the hash of the seed Z and C to the octet string T: T = T || Hash (Z || C)
hash.update(seed);
hash.update(c);
auto digest = hash.digest();
TRY(t.try_append(digest.bytes()));
}
// 4. Output the leading l octets of T as the octet string mask.
return t.slice(0, length);
}
};
}