/* -*-c-*-
*
- * $Id: rsa-pub.c,v 1.2 2000/10/08 16:00:32 mdw Exp $
+ * $Id: rsa-pub.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* [RSA encryption with padding *
* (c) 2000 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Catacomb.
*
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
- *
+ *
* Catacomb is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
- *
+ *
* You should have received a copy of the GNU Library General Public
* License along with Catacomb; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rsa-pub.c,v $
- * Revision 1.2 2000/10/08 16:00:32 mdw
- * Fix compiler warning.
- *
- * Revision 1.1 2000/07/01 11:23:52 mdw
- * Public-key operations, for symmetry with `rsa-priv.c'. Functions for
- * doing padded RSA encryption and signature verification.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/alloc.h>
/* --- @rsa_encrypt@ --- *
*
* Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context
+ * @mp *d@ = proposed destination integer
* @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_encodeproc e@ = encoding procedure
+ * @size_t msz@ = size of input message
+ * @rsa_pad *e@ = encoding procedure
* @void *earg@ = argument pointer for encoding procedure
*
- * Returns: The length of the output string if successful, negative on
- * failure.
+ * Returns: The encrypted message, as a multiprecision integer, or null
+ * on failure.
*
* Use: Does RSA encryption.
*/
-int rsa_encrypt(rsa_pubctx *rp, const void *m, size_t sz,
- dstr *d, rsa_encodeproc e, void *earg)
+mp *rsa_encrypt(rsa_pubctx *rp, mp *d, const void *m, size_t msz,
+ rsa_pad *e, void *earg)
{
- mp *x;
- size_t n = mp_octets(rp->rp->n);
octet *p;
- int rc;
-
- /* --- Sort out some space --- */
-
- dstr_ensure(d, n);
- p = (octet *)d->buf + d->len;
- p[0] = 0;
-
- /* --- Do the packing --- */
-
- if ((rc = e(m, sz, p, n, earg)) < 0)
- return (rc);
-
- /* --- Do the encryption --- */
-
- x = mp_loadb(MP_NEWSEC, p, n);
- x = rsa_pubop(rp, x, x);
- mp_storeb(x, p, n);
- d->len += n;
- mp_drop(x);
- return (n);
+ unsigned long nb = mp_bits(rp->rp->n);
+ size_t n = (nb + 7)/8;
+ arena *a = d && d->a ? d->a->a : arena_global;
+
+ p = x_alloc(a, n);
+ d = e(d, m, msz, p, n, nb, earg);
+ x_free(a, p);
+ return (d ? rsa_pubop(rp, d, d) : 0);
}
/* --- @rsa_verify@ --- *
*
- * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context
- * @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_decodeproc e@ = decoding procedure
+ * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt
+ * @mp *s@ = the signature, as a multiprecision integer
+ * @const void *m@ = pointer to message to verify, or null
+ * @size_t msz@ = size of input message
+ * @dstr *d@ = pointer to output string, or null
+ * @rsa_vfrunpad *e@ = decoding procedure
* @void *earg@ = argument pointer for decoding procedure
*
- * Returns: The length of the output string if successful, negative on
- * failure.
+ * Returns: The length of the output string if successful (0 if no output
+ * was wanted); negative on failure.
*
- * Use: Does RSA signature verification.
+ * Use: Does RSA signature verification. To use a signature scheme
+ * with recovery, pass in @m == 0@ and @d != 0@: the recovered
+ * message should appear in @d@. To use a signature scheme with
+ * appendix, provide @m != 0@ and @d == 0@; the result should be
+ * zero for success.
*/
-int rsa_verify(rsa_pubctx *rp, const void *m, size_t sz,
- dstr *d, rsa_decodeproc e, void *earg)
+int rsa_verify(rsa_pubctx *rp, mp *s, const void *m, size_t msz,
+ dstr *d, rsa_vrfunpad *e, void *earg)
{
- mp *x;
- size_t n = mp_octets(rp->rp->n);
- octet *p;
+ mp *p = rsa_pubop(rp, MP_NEW, s);
+ unsigned long nb = mp_bits(rp->rp->n);
+ size_t n = (nb + 7)/8;
+ dstr dd = DSTR_INIT;
int rc;
- /* --- Do the exponentiation --- */
-
- p = x_alloc(d->a, n);
- x = mp_loadb(MP_NEW, m, sz);
- x = rsa_pubop(rp, x, x);
- mp_storeb(x, p, n);
- mp_drop(x);
+ /* --- Decoder protocol --- *
+ *
+ * We deal with two kinds of decoders: ones with message recovery and ones
+ * with appendix. A decoder with recovery will leave a message in the
+ * buffer and exit nonzero: we'll check that against @m@ if provided and
+ * just leave it otherwise. A decoder with appendix will inspect @m@ and
+ * return zero or @-1@ itself.
+ */
- /* --- Do the decoding --- */
-
- rc = e(p, n, d, earg);
- x_free(d->a, p);
+ if (!d) d = ⅆ
+ dstr_ensure(d, n);
+ rc = e(p, m, msz, (octet *)d->buf + d->len, n, nb, earg);
+ if (rc > 0 && m) {
+ if (rc != msz || memcmp(d->buf + d->len, m, msz) != 0)
+ rc = -1;
+ else
+ rc = 0;
+ }
+ if (rc > 0)
+ d->len += rc;
+ mp_drop(p);
+ dstr_destroy(&dd);
return (rc);
}