X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/395de3d134246a7a57f19994e60d4091c43172d0..09e500b22fc6250ba458d26a9dd7e6571d2c79d8:/rsa-pub.c diff --git a/rsa-pub.c b/rsa-pub.c index f4b1125..e89d6ff 100644 --- a/rsa-pub.c +++ b/rsa-pub.c @@ -1,12 +1,12 @@ /* -*-c-*- * - * $Id: rsa-pub.c,v 1.1 2000/07/01 11:23:52 mdw Exp $ + * $Id: rsa-pub.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * [RSA encryption with padding * * (c) 2000 Straylight/Edgeware */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of Catacomb. * @@ -14,27 +14,18 @@ * it under the terms of the GNU Library General Public License as * published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. - * + * * Catacomb is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Library General Public License for more details. - * + * * You should have received a copy of the GNU Library General Public * License along with Catacomb; if not, write to the Free * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rsa-pub.c,v $ - * Revision 1.1 2000/07/01 11:23:52 mdw - * Public-key operations, for symmetry with `rsa-priv.c'. Functions for - * doing padded RSA encryption and signature verification. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -118,82 +109,83 @@ mp *rsa_qpubop(rsa_pub *rp, mp *d, mp *c) /* --- @rsa_encrypt@ --- * * * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context + * @mp *d@ = proposed destination integer * @const void *m@ = pointer to input message - * @size_t sz@ = size of input message - * @dstr *d@ = pointer to output string - * @rsa_encodeproc e@ = encoding procedure + * @size_t msz@ = size of input message + * @rsa_pad *e@ = encoding procedure * @void *earg@ = argument pointer for encoding procedure * - * Returns: The length of the output string if successful, negative on - * failure. + * Returns: The encrypted message, as a multiprecision integer, or null + * on failure. * * Use: Does RSA encryption. */ -int rsa_encrypt(rsa_pubctx *rp, const void *m, size_t sz, - dstr *d, rsa_encodeproc e, void *earg) +mp *rsa_encrypt(rsa_pubctx *rp, mp *d, const void *m, size_t msz, + rsa_pad *e, void *earg) { - mp *x; - size_t n = mp_octets(rp->rp->n); octet *p; - int rc; - - /* --- Sort out some space --- */ - - dstr_ensure(d, n); - p = d->buf + d->len; - p[0] = 0; - - /* --- Do the packing --- */ - - if ((rc = e(m, sz, p, n, earg)) < 0) - return (rc); - - /* --- Do the encryption --- */ - - x = mp_loadb(MP_NEWSEC, p, n); - x = rsa_pubop(rp, x, x); - mp_storeb(x, p, n); - d->len += n; - mp_drop(x); - return (n); + unsigned long nb = mp_bits(rp->rp->n); + size_t n = (nb + 7)/8; + arena *a = d && d->a ? d->a->a : arena_global; + + p = x_alloc(a, n); + d = e(d, m, msz, p, n, nb, earg); + x_free(a, p); + return (d ? rsa_pubop(rp, d, d) : 0); } /* --- @rsa_verify@ --- * * - * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context - * @const void *m@ = pointer to input message - * @size_t sz@ = size of input message - * @dstr *d@ = pointer to output string - * @rsa_decodeproc e@ = decoding procedure + * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt + * @mp *s@ = the signature, as a multiprecision integer + * @const void *m@ = pointer to message to verify, or null + * @size_t msz@ = size of input message + * @dstr *d@ = pointer to output string, or null + * @rsa_vfrunpad *e@ = decoding procedure * @void *earg@ = argument pointer for decoding procedure * - * Returns: The length of the output string if successful, negative on - * failure. + * Returns: The length of the output string if successful (0 if no output + * was wanted); negative on failure. * - * Use: Does RSA signature verification. + * Use: Does RSA signature verification. To use a signature scheme + * with recovery, pass in @m == 0@ and @d != 0@: the recovered + * message should appear in @d@. To use a signature scheme with + * appendix, provide @m != 0@ and @d == 0@; the result should be + * zero for success. */ -int rsa_verify(rsa_pubctx *rp, const void *m, size_t sz, - dstr *d, rsa_decodeproc e, void *earg) +int rsa_verify(rsa_pubctx *rp, mp *s, const void *m, size_t msz, + dstr *d, rsa_vrfunpad *e, void *earg) { - mp *x; - size_t n = mp_octets(rp->rp->n); - octet *p; + mp *p = rsa_pubop(rp, MP_NEW, s); + unsigned long nb = mp_bits(rp->rp->n); + size_t n = (nb + 7)/8; + dstr dd = DSTR_INIT; int rc; - /* --- Do the exponentiation --- */ - - p = x_alloc(d->a, n); - x = mp_loadb(MP_NEW, m, sz); - x = rsa_pubop(rp, x, x); - mp_storeb(x, p, n); - mp_drop(x); + /* --- Decoder protocol --- * + * + * We deal with two kinds of decoders: ones with message recovery and ones + * with appendix. A decoder with recovery will leave a message in the + * buffer and exit nonzero: we'll check that against @m@ if provided and + * just leave it otherwise. A decoder with appendix will inspect @m@ and + * return zero or @-1@ itself. + */ - /* --- Do the decoding --- */ - - rc = e(p, n, d, earg); - x_free(d->a, p); + if (!d) d = ⅆ + dstr_ensure(d, n); + rc = e(p, m, msz, (octet *)d->buf + d->len, n, nb, earg); + if (rc > 0 && m) { + if (rc != msz || memcmp(d->buf + d->len, m, msz) != 0) + rc = -1; + else + rc = 0; + } + if (rc > 0) + d->len += rc; + mp_drop(p); + dstr_destroy(&dd); return (rc); }