[u/mdw/catacomb] / pub / pkcs1.c

/* -*-c-*-
 *
 * PKCS#1 1.5 packing
 *
 * (c) 2000 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#include <string.h>

#include <mLib/bits.h>
#include <mLib/dstr.h>

#include "ct.h"
#include "grand.h"
#include "rsa.h"

/*----- Main code ---------------------------------------------------------*/

/* --- @pkcs1_cryptencode@ --- *
 *
 * Arguments:	@mp *d@ = where to put the answer
 *		@const void *m@ = pointer to message data
 *		@size_t msz@ = size of message data
 *		@octet *b@ = spare buffer
 *		@size_t sz@ = size of the buffer (big enough)
 *		@unsigned long nbits@ = length of bits of @n@
 *		@void *p@ = pointer to PKCS1 parameter block
 *
 * Returns:	The encoded result, or null.
 *
 * Use:		Implements the operation @EME-PKCS1-V1_5-ENCODE@, as defined
 *		in PKCS#1 v. 2.0 (RFC2437).
 */

mp *pkcs1_cryptencode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
		      unsigned long nbits, void *p)
{
  pkcs1 *pp = p;
  grand *r = pp->r;
  octet *q;
  size_t i, n;

  /* --- Ensure that the buffer is sensibly sized --- */

  if (pp->epsz + msz + 11 > sz)
    return (0);

  /* --- Allocate the buffer and fill it in --- */

  q = b;
  *q++ = 0x00;
  *q++ = 0x02;
  n = sz - msz - pp->epsz - 3;
  GR_FILL(r, q, n);
  for (i = 0; i < n; i++) {
    if (*q == 0)
      *q = r->ops->range(r, 255) + 1;
    q++;
  }
  *q++ = 0;
  if (pp->ep) {
    memcpy(q, pp->ep, pp->epsz);
    q += pp->epsz;
  }
  memcpy(q, m, msz);
  q += msz;
  assert(q == b + sz);

  /* --- Collect the result --- */

  return (mp_loadb(d, b, sz));
}

/* --- @pkcs1_cryptdecode@ --- *
 *
 * Arguments:	@mp *m@ = the decrypted message
 *		@octet *b@ = pointer to a buffer to work in
 *		@size_t sz@ = the size of the buffer (big enough)
 *		@unsigned long nbits@ = the number of bits in @n@
 *		@void *p@ = pointer to PKCS1 parameter block
 *
 * Returns:	The length of the output string if successful, negative on
 *		failure.
 *
 * Use:		Implements the operation @EME-PKCS1-V1_5-DECODE@, as defined
 *		in PKCS#1 v. 2.0 (RFC2437).
 */

int pkcs1_cryptdecode(mp *m, octet *b, size_t sz,
		      unsigned long nbits, void *p)
{
  pkcs1 *pp = p;
  const octet *q, *qq;
  size_t n, i;
  uint32 goodp = 1;

  /* --- Check the size of the block looks sane --- */

  if (pp->epsz + 11 > sz)		/* OK: independent of ciphertext */
    return (-1);
  mp_storeb(m, b, sz);
  q = b;
  qq = q + sz;

  /* --- Ensure that the block looks OK --- */

  goodp &= ct_inteq(*q++, 0);
  goodp &= ct_inteq(*q++, 2);

  /* --- Check the nonzero padding --- */

  i = 0;
  while (*q != 0 && q < qq)
    i++, q++;
  goodp &= ct_intle(8, i);
  goodp &= ~ct_intle(qq - q, pp->epsz + 1);
  q++;

  /* --- Check the encoding parameters --- */

  if (pp->ep)
    goodp &= ct_memeq(b + ct_pick(goodp, 0, q - b), pp->ep, pp->epsz);
  q += pp->epsz;

  /* --- Done --- */

  n = qq - q;
  memmove(b, b + ct_pick(goodp, 1, q - b), n);
  return (goodp ? n : -1);
}

/* --- @pkcs1_sigencode@ --- *
 *
 * Arguments:	@mp *d@ = where to put the answer
 *		@const void *m@ = pointer to message data
 *		@size_t msz@ = size of message data
 *		@octet *b@ = spare buffer
 *		@size_t sz@ = size of the buffer (big enough)
 *		@unsigned long nbits@ = length of bits of @n@
 *		@void *p@ = pointer to PKCS1 parameter block
 *
 * Returns:	The encoded message representative, or null.
 *
 * Use:		Implements the operation @EMSA-PKCS1-V1_5-ENCODE@, as defined
 *		in PKCS#1 v. 2.0 (RFC2437).
 */

mp *pkcs1_sigencode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
		    unsigned long nbits, void *p)
{
  pkcs1 *pp = p;
  octet *q;
  size_t n;

  /* --- Ensure that the buffer is sensibly sized --- */

  if (pp->epsz + msz + 11 > sz)
    return (0);

  /* --- Fill in the buffer --- */

  q = b;
  *q++ = 0x00;
  *q++ = 0x01;
  n = sz - msz - pp->epsz - 3;
  memset(q, 0xff, n);
  q += n;
  *q++ = 0;
  if (pp->ep) {
    memcpy(q, pp->ep, pp->epsz);
    q += pp->epsz;
  }
  memcpy(q, m, msz);
  q += msz;
  assert(q == b + sz);
  return (mp_loadb(d, b, sz));
}

/* --- @pkcs1_sigdecode@ --- *
 *
 * Arguments:	@mp *s@ = the message representative
 *		@const void *m@ = the original message, or null (ignored)
 *		@size_t msz@ = the message size (ignored)
 *		@octet *b@ = a scratch buffer
 *		@size_t sz@ = size of the buffer (large enough)
 *		@unsigned long nbits@ = number of bits in @n@
 *		@void *p@ = pointer to PKCS1 parameters
 *
 * Returns:	The length of the output string if successful, negative on
 *		failure.
 *
 * Use:		Implements the operation @EMSA-PKCS1-V1_5-DECODE@, as defined
 *		in PKCS#1 v. 2.0 (RFC2437).
 */

int pkcs1_sigdecode(mp *s, const void *m, size_t msz, octet *b, size_t sz,
		    unsigned long nbits, void *p)
{
  pkcs1 *pp = p;
  const octet *q, *qq;
  size_t i, n;

  /* --- Check the size of the block looks sane --- */

  if (pp->epsz + 10 > sz)
    return (-1);
  mp_storeb(s, b, sz);
  q = b;
  qq = q + sz;

  /* --- Ensure that the block looks OK --- */

  if (*q++ != 0x00 || *q++ != 0x01)
    return (-1);

  /* --- Check the padding --- */

  i = 0;
  while (*q == 0xff && q < qq)
    i++, q++;
  if (i < 8 || qq - q < pp->epsz + 1 || *q++ != 0)
    return (-1);

  /* --- Check the encoding parameters --- */

  if (pp->ep && memcmp(q, pp->ep, pp->epsz) != 0)
    return (-1);
  q += pp->epsz;

  /* --- Done --- */

  n = qq - q;
  memmove(b, q, n);
  return (n);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
cd6c3eeb	1	/* --c--
cd6c3eeb	2	*
cd6c3eeb	3	* PKCS#1 1.5 packing
	4	*
	5	* (c) 2000 Straylight/Edgeware
	6	*/
	7
45c0fd36	8	/----- Licensing notice --------------------------------------------------
cd6c3eeb	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
45c0fd36	16	*
cd6c3eeb	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
45c0fd36	21	*
cd6c3eeb	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
	27
cd6c3eeb	28	/----- Header files ------------------------------------------------------/
	29
	30	#include <string.h>
	31
	32	#include <mLib/bits.h>
	33	#include <mLib/dstr.h>
	34
52f339e9	35	#include "ct.h"
cd6c3eeb	36	#include "grand.h"
b817bfc6	37	#include "rsa.h"
cd6c3eeb	38
	39	/----- Main code ---------------------------------------------------------/
	40
	41	/* --- @pkcs1_cryptencode@ --- *
	42	*
b817bfc6	43	* Arguments: @mp *d@ = where to put the answer
b817bfc6	44	* @const void *m@ = pointer to message data
cd6c3eeb	45	* @size_t msz@ = size of message data
b817bfc6	46	* @octet *b@ = spare buffer
	47	* @size_t sz@ = size of the buffer (big enough)
	48	* @unsigned long nbits@ = length of bits of @n@
cd6c3eeb	49	* @void *p@ = pointer to PKCS1 parameter block
cd6c3eeb	50	*
b817bfc6	51	* Returns: The encoded result, or null.
cd6c3eeb	52	*
	53	* Use: Implements the operation @EME-PKCS1-V1_5-ENCODE@, as defined
	54	* in PKCS#1 v. 2.0 (RFC2437).
	55	*/
	56
b817bfc6	57	mp pkcs1_cryptencode(mp d, const void m, size_t msz, octet b, size_t sz,
b817bfc6	58	unsigned long nbits, void *p)
cd6c3eeb	59	{
	60	pkcs1 *pp = p;
	61	grand *r = pp->r;
b817bfc6	62	octet *q;
cd6c3eeb	63	size_t i, n;
	64
	65	/* --- Ensure that the buffer is sensibly sized --- */
	66
	67	if (pp->epsz + msz + 11 > sz)
b817bfc6	68	return (0);
cd6c3eeb	69
b817bfc6	70	/* --- Allocate the buffer and fill it in --- */
cd6c3eeb	71
b817bfc6	72	q = b;
	73	*q++ = 0x00;
	74	*q++ = 0x02;
cd6c3eeb	75	n = sz - msz - pp->epsz - 3;
b817bfc6	76	GR_FILL(r, q, n);
cd6c3eeb	77	for (i = 0; i < n; i++) {
	78	if (*q == 0)
	79	*q = r->ops->range(r, 255) + 1;
	80	q++;
	81	}
	82	*q++ = 0;
b817bfc6	83	if (pp->ep) {
	84	memcpy(q, pp->ep, pp->epsz);
	85	q += pp->epsz;
	86	}
	87	memcpy(q, m, msz);
	88	q += msz;
	89	assert(q == b + sz);
	90
	91	/* --- Collect the result --- */
45c0fd36	92
b817bfc6	93	return (mp_loadb(d, b, sz));
cd6c3eeb	94	}
	95
	96	/* --- @pkcs1_cryptdecode@ --- *
	97	*
b817bfc6	98	* Arguments: @mp *m@ = the decrypted message
	99	* @octet *b@ = pointer to a buffer to work in
	100	* @size_t sz@ = the size of the buffer (big enough)
	101	* @unsigned long nbits@ = the number of bits in @n@
cd6c3eeb	102	* @void *p@ = pointer to PKCS1 parameter block
	103	*
	104	* Returns: The length of the output string if successful, negative on
	105	* failure.
	106	*
	107	* Use: Implements the operation @EME-PKCS1-V1_5-DECODE@, as defined
	108	* in PKCS#1 v. 2.0 (RFC2437).
	109	*/
	110
b817bfc6	111	int pkcs1_cryptdecode(mp m, octet b, size_t sz,
b817bfc6	112	unsigned long nbits, void *p)
cd6c3eeb	113	{
	114	pkcs1 *pp = p;
	115	const octet q, qq;
	116	size_t n, i;
52f339e9	117	uint32 goodp = 1;
cd6c3eeb	118
	119	/* --- Check the size of the block looks sane --- */
	120
b817bfc6	121	if (pp->epsz + 11 > sz) /* OK: independent of ciphertext */
cd6c3eeb	122	return (-1);
b817bfc6	123	mp_storeb(m, b, sz);
b817bfc6	124	q = b;
7629bca8	125	qq = q + sz;
cd6c3eeb	126
	127	/* --- Ensure that the block looks OK --- */
	128
52f339e9 MW	129	goodp &= ct_inteq(*q++, 0);
52f339e9 MW	130	goodp &= ct_inteq(*q++, 2);
cd6c3eeb	131
	132	/* --- Check the nonzero padding --- */
	133
	134	i = 0;
	135	while (*q != 0 && q < qq)
	136	i++, q++;
52f339e9 MW	137	goodp &= ct_intle(8, i);
52f339e9 MW	138	goodp &= ~ct_intle(qq - q, pp->epsz + 1);
cd6c3eeb	139	q++;
	140
	141	/* --- Check the encoding parameters --- */
	142
52f339e9 MW	143	if (pp->ep)
52f339e9 MW	144	goodp &= ct_memeq(b + ct_pick(goodp, 0, q - b), pp->ep, pp->epsz);
cd6c3eeb	145	q += pp->epsz;
	146
	147	/* --- Done --- */
	148
	149	n = qq - q;
52f339e9 MW	150	memmove(b, b + ct_pick(goodp, 1, q - b), n);
52f339e9 MW	151	return (goodp ? n : -1);
cd6c3eeb	152	}
	153
	154	/* --- @pkcs1_sigencode@ --- *
	155	*
b817bfc6	156	* Arguments: @mp *d@ = where to put the answer
b817bfc6	157	* @const void *m@ = pointer to message data
cd6c3eeb	158	* @size_t msz@ = size of message data
b817bfc6	159	* @octet *b@ = spare buffer
	160	* @size_t sz@ = size of the buffer (big enough)
	161	* @unsigned long nbits@ = length of bits of @n@
cd6c3eeb	162	* @void *p@ = pointer to PKCS1 parameter block
cd6c3eeb	163	*
b817bfc6	164	* Returns: The encoded message representative, or null.
cd6c3eeb	165	*
	166	* Use: Implements the operation @EMSA-PKCS1-V1_5-ENCODE@, as defined
	167	* in PKCS#1 v. 2.0 (RFC2437).
	168	*/
	169
b817bfc6	170	mp pkcs1_sigencode(mp d, const void m, size_t msz, octet b, size_t sz,
b817bfc6	171	unsigned long nbits, void *p)
cd6c3eeb	172	{
cd6c3eeb	173	pkcs1 *pp = p;
b817bfc6	174	octet *q;
cd6c3eeb	175	size_t n;
	176
	177	/* --- Ensure that the buffer is sensibly sized --- */
	178
	179	if (pp->epsz + msz + 11 > sz)
b817bfc6	180	return (0);
cd6c3eeb	181
	182	/* --- Fill in the buffer --- */
	183
b817bfc6	184	q = b;
	185	*q++ = 0x00;
	186	*q++ = 0x01;
cd6c3eeb	187	n = sz - msz - pp->epsz - 3;
	188	memset(q, 0xff, n);
	189	q += n;
	190	*q++ = 0;
b817bfc6	191	if (pp->ep) {
	192	memcpy(q, pp->ep, pp->epsz);
	193	q += pp->epsz;
	194	}
	195	memcpy(q, m, msz);
	196	q += msz;
	197	assert(q == b + sz);
	198	return (mp_loadb(d, b, sz));
cd6c3eeb	199	}
	200
	201	/* --- @pkcs1_sigdecode@ --- *
	202	*
b817bfc6	203	* Arguments: @mp *s@ = the message representative
	204	* @const void *m@ = the original message, or null (ignored)
	205	* @size_t msz@ = the message size (ignored)
	206	* @octet *b@ = a scratch buffer
	207	* @size_t sz@ = size of the buffer (large enough)
	208	* @unsigned long nbits@ = number of bits in @n@
	209	* @void *p@ = pointer to PKCS1 parameters
cd6c3eeb	210	*
	211	* Returns: The length of the output string if successful, negative on
	212	* failure.
	213	*
	214	* Use: Implements the operation @EMSA-PKCS1-V1_5-DECODE@, as defined
	215	* in PKCS#1 v. 2.0 (RFC2437).
	216	*/
	217
b817bfc6	218	int pkcs1_sigdecode(mp s, const void m, size_t msz, octet *b, size_t sz,
b817bfc6	219	unsigned long nbits, void *p)
cd6c3eeb	220	{
	221	pkcs1 *pp = p;
	222	const octet q, qq;
	223	size_t i, n;
	224
	225	/* --- Check the size of the block looks sane --- */
	226
	227	if (pp->epsz + 10 > sz)
	228	return (-1);
b817bfc6	229	mp_storeb(s, b, sz);
b817bfc6	230	q = b;
7629bca8	231	qq = q + sz;
cd6c3eeb	232
	233	/* --- Ensure that the block looks OK --- */
	234
b817bfc6	235	if (q++ != 0x00 \|\| q++ != 0x01)
cd6c3eeb	236	return (-1);
	237
	238	/* --- Check the padding --- */
	239
	240	i = 0;
	241	while (*q == 0xff && q < qq)
	242	i++, q++;
0586d2a1	243	if (i < 8 \|\| qq - q < pp->epsz + 1 \|\| *q++ != 0)
cd6c3eeb	244	return (-1);
cd6c3eeb	245
	246	/* --- Check the encoding parameters --- */
	247
b817bfc6	248	if (pp->ep && memcmp(q, pp->ep, pp->epsz) != 0)
cd6c3eeb	249	return (-1);
	250	q += pp->epsz;
	251
	252	/* --- Done --- */
	253
	254	n = qq - q;
b817bfc6	255	memmove(b, q, n);
cd6c3eeb	256	return (n);
	257	}
	258
	259	/----- That's all, folks -------------------------------------------------/