3 * $Id: oaep.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
5 * Optimal asymmetric encryption packing
7 * (c) 2000 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Header files ------------------------------------------------------*/
34 #include <mLib/alloc.h>
35 #include <mLib/bits.h>
36 #include <mLib/dstr.h>
43 /*----- Main code ---------------------------------------------------------*/
45 /* --- @oaep_encode@ --- *
47 * Arguments: @mp *d@ = where to put the answer
48 * @const void *m@ = pointer to message data
49 * @size_t msz@ = size of message data
50 * @octet *b@ = spare buffer
51 * @size_t sz@ = size of the buffer (big enough)
52 * @unsigned long nbits@ = length of bits of @n@
53 * @void *p@ = pointer to OAEP parameter block
55 * Returns: The encoded plaintext, or null on failure.
57 * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in
58 * PKCS#1 v. 2.0 (RFC2437).
61 mp
*oaep_encode(mp
*d
, const void *m
, size_t msz
, octet
*b
, size_t sz
,
62 unsigned long nbits
, void *p
)
65 size_t hsz
= o
->ch
->hashsz
;
72 /* --- Ensure that everything is sensibly sized --- */
74 if (2 * hsz
+ 2 + msz
> sz
)
77 /* --- Make the `seed' value --- */
83 GR_FILL(o
->r
, q
, hsz
);
85 /* --- Fill in the rest of the buffer --- */
88 GH_HASH(h
, o
->ep
, o
->epsz
);
92 n
= sz
- 2 * hsz
- msz
- 1;
98 /* --- Do the packing --- */
101 c
= GC_INIT(o
->cc
, q
, hsz
);
102 GC_ENCRYPT(c
, mq
, mq
, n
);
105 c
= GC_INIT(o
->cc
, mq
, n
);
106 GC_ENCRYPT(c
, q
, q
, hsz
);
111 return (mp_loadb(d
, b
, sz
+ 1));
114 /* --- @oaep_decode@ --- *
116 * Arguments: @mp *m@ = the decrypted message
117 * @octet *b@ = pointer to a buffer to work in
118 * @size_t sz@ = the size of the buffer (big enough)
119 * @unsigned long nbits@ = the number of bits in @n@
120 * @void *p@ = pointer to OAEP parameter block
122 * Returns: The length of the output string if successful, negative on
125 * Use: Implements the operation @EME-OAEP-DECODE@, as defined in
126 * PKCS#1 v. 2.0 (RFC2437).
129 static int memeq(const void *xx
, const void *yy
, size_t sz
)
132 const octet
*x
= xx
, *y
= yy
;
133 while (sz
) { /* Always check every byte */
134 if (*x
++ != *y
++) eq
= 0;
140 int oaep_decode(mp
*m
, octet
*b
, size_t sz
, unsigned long nbits
, void *p
)
149 size_t hsz
= o
->ch
->hashsz
;
151 /* --- Ensure that the block is large enough --- */
153 if (sz
< 2 * hsz
) /* Doesn't depend on ciphertext */
156 /* --- Decrypt the message --- */
165 c
= GC_INIT(o
->cc
, mq
, n
);
166 GC_DECRYPT(c
, q
, q
, hsz
);
169 c
= GC_INIT(o
->cc
, q
, hsz
);
170 GC_DECRYPT(c
, mq
, mq
, n
);
174 /* --- Check the hash on the encoding parameters --- */
177 GH_HASH(h
, o
->ep
, o
->epsz
);
180 bad
|= !memeq(q
, mq
, hsz
);
182 /* --- Now find the start of the actual message --- */
185 while (*pp
== 0 && pp
< qq
)
187 bad
|= (pp
>= qq
) | (*pp
++ != 1);
190 return (bad ?
-1 : n
);
193 /*----- That's all, folks -------------------------------------------------*/