3 * $Id: oaep.c,v 1.1 2000/07/01 11:18:30 mdw Exp $
5 * Optimal asymmetric encryption packing
7 * (c) 2000 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.1 2000/07/01 11:18:30 mdw
34 * Support for Optimal Asymmetric Encryption Padding.
38 /*----- Header files ------------------------------------------------------*/
42 #include <mLib/alloc.h>
43 #include <mLib/bits.h>
44 #include <mLib/dstr.h>
51 /*----- Main code ---------------------------------------------------------*/
53 /* --- @oaep_encode@ --- *
55 * Arguments: @const void *msg@ = pointer to message data
56 * @size_t msz@ = size of message data
57 * @void *buf@ = pointer to output buffer
58 * @size_t sz@ = size of the output buffer
59 * @void *p@ = pointer to OAEP parameter block
61 * Returns: Zero if all went well, negative on failure.
63 * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in
64 * PKCS#1 v. 2.0 (RFC2437).
67 int oaep_encode(const void *msg
, size_t msz
, void *buf
, size_t sz
, void *p
)
70 size_t hsz
= o
->ch
->hashsz
;
71 ghash
*h
= o
->ch
->init();
77 /* --- Ensure that everything is sensibly sized --- */
79 if (2 * hsz
+ 2 + msz
> sz
)
82 /* --- Make the `seed' value --- */
88 o
->r
->ops
->fill(o
->r
, q
, hsz
);
90 /* --- Fill in the rest of the buffer --- */
92 h
->ops
->hash(h
, o
->ep
, o
->epsz
);
96 n
= sz
- 2 * hsz
- msz
- 1;
100 memcpy(pp
, msg
, msz
);
102 /* --- Do the packing --- */
105 c
= o
->cc
->init(q
, hsz
);
106 c
->ops
->encrypt(c
, mq
, mq
, n
);
109 c
= o
->cc
->init(mq
, n
);
110 c
->ops
->encrypt(c
, q
, q
, hsz
);
118 /* --- @oaep_decode@ --- *
120 * Arguments: @const void *buf@ = pointer to encoded buffer
121 * @size_t sz@ = size of the encoded buffer
122 * @dstr *d@ = pointer to destination string
123 * @void *p@ = pointer to OAEP parameter block
125 * Returns: The length of the output string if successful, negative on
128 * Use: Implements the operation @EME-OAEP-DECODE@, as defined in
129 * PKCS#1 v. 2.0 (RFC2437).
132 int oaep_decode(const void *buf
, size_t sz
, dstr
*d
, void *p
)
140 size_t hsz
= o
->ch
->hashsz
;
143 /* --- Ensure that the block is large enough --- */
148 q
= x_alloc(d
->a
, sz
);
151 /* --- Decrypt the message --- */
159 c
= o
->cc
->init(mq
, n
);
160 c
->ops
->decrypt(c
, q
, q
, hsz
);
163 c
= o
->cc
->init(q
, hsz
);
164 c
->ops
->decrypt(c
, mq
, mq
, n
);
168 /* --- Check the hash on the encoding parameters --- */
171 h
->ops
->hash(h
, o
->ep
, o
->epsz
);
173 if (memcmp(q
, mq
, hsz
) != 0)
176 /* --- Now find the start of the actual message --- */
179 while (*pp
== 0 && pp
< qq
)
181 if (pp
>= qq
|| *pp
++ != 1)
192 /*----- That's all, folks -------------------------------------------------*/