--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: oaep.c,v 1.1 2000/07/01 11:18:30 mdw Exp $
+ *
+ * Optimal asymmetric encryption packing
+ *
+ * (c) 2000 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Library General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: oaep.c,v $
+ * Revision 1.1 2000/07/01 11:18:30 mdw
+ * Support for Optimal Asymmetric Encryption Padding.
+ *
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include <string.h>
+
+#include <mLib/alloc.h>
+#include <mLib/bits.h>
+#include <mLib/dstr.h>
+
+#include "gcipher.h"
+#include "ghash.h"
+#include "grand.h"
+#include "oaep.h"
+
+/*----- Main code ---------------------------------------------------------*/
+
+/* --- @oaep_encode@ --- *
+ *
+ * Arguments: @const void *msg@ = pointer to message data
+ * @size_t msz@ = size of message data
+ * @void *buf@ = pointer to output buffer
+ * @size_t sz@ = size of the output buffer
+ * @void *p@ = pointer to OAEP parameter block
+ *
+ * Returns: Zero if all went well, negative on failure.
+ *
+ * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in
+ * PKCS#1 v. 2.0 (RFC2437).
+ */
+
+int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p)
+{
+ oaep *o = p;
+ size_t hsz = o->ch->hashsz;
+ ghash *h = o->ch->init();
+ octet *q, *mq, *qq;
+ octet *pp;
+ gcipher *c;
+ size_t n;
+
+ /* --- Ensure that everything is sensibly sized --- */
+
+ if (2 * hsz + 2 + msz > sz)
+ return (-1);
+
+ /* --- Make the `seed' value --- */
+
+ q = buf;
+ *q++ = 0; sz--;
+ mq = q + hsz;
+ qq = q + sz;
+ o->r->ops->fill(o->r, q, hsz);
+
+ /* --- Fill in the rest of the buffer --- */
+
+ h->ops->hash(h, o->ep, o->epsz);
+ h->ops->done(h, mq);
+ h->ops->destroy(h);
+ pp = mq + hsz;
+ n = sz - 2 * hsz - msz - 1;
+ memset(pp, 0, n);
+ pp += n;
+ *pp++ = 1;
+ memcpy(pp, msg, msz);
+
+ /* --- Do the packing --- */
+
+ n = sz - hsz;
+ c = o->cc->init(q, hsz);
+ c->ops->encrypt(c, mq, mq, n);
+ c->ops->destroy(c);
+
+ c = o->cc->init(mq, n);
+ c->ops->encrypt(c, q, q, hsz);
+ c->ops->destroy(c);
+
+ /* --- Done --- */
+
+ return (0);
+}
+
+/* --- @oaep_decode@ --- *
+ *
+ * Arguments: @const void *buf@ = pointer to encoded buffer
+ * @size_t sz@ = size of the encoded buffer
+ * @dstr *d@ = pointer to destination string
+ * @void *p@ = pointer to OAEP parameter block
+ *
+ * Returns: The length of the output string if successful, negative on
+ * failure.
+ *
+ * Use: Implements the operation @EME-OAEP-DECODE@, as defined in
+ * PKCS#1 v. 2.0 (RFC2437).
+ */
+
+int oaep_decode(const void *buf, size_t sz, dstr *d, void *p)
+{
+ oaep *o = p;
+ gcipher *c;
+ ghash *h;
+ octet *q, *mq, *qq;
+ octet *pp;
+ size_t n;
+ size_t hsz = o->ch->hashsz;
+ int rc = -1;
+
+ /* --- Ensure that the block is large enough --- */
+
+ if (sz < 2 * hsz)
+ return (-1);
+
+ q = x_alloc(d->a, sz);
+ memcpy(q, buf, sz);
+
+ /* --- Decrypt the message --- */
+
+ if (*q != 0)
+ goto fail;
+ q++; sz--;
+ mq = q + hsz;
+ qq = q + sz;
+ n = sz - hsz;
+ c = o->cc->init(mq, n);
+ c->ops->decrypt(c, q, q, hsz);
+ c->ops->destroy(c);
+
+ c = o->cc->init(q, hsz);
+ c->ops->decrypt(c, mq, mq, n);
+ c->ops->destroy(c);
+ q--;
+
+ /* --- Check the hash on the encoding parameters --- */
+
+ h = o->ch->init();
+ h->ops->hash(h, o->ep, o->epsz);
+ h->ops->done(h, q);
+ if (memcmp(q, mq, hsz) != 0)
+ goto fail;
+
+ /* --- Now find the start of the actual message --- */
+
+ pp = mq + hsz;
+ while (*pp == 0 && pp < qq)
+ pp++;
+ if (pp >= qq || *pp++ != 1)
+ return (-1);
+ n = qq - pp;
+ dstr_putm(d, pp, n);
+ rc = n;
+
+fail:
+ x_free(d->a, q);
+ return (rc);
+}
+
+/*----- That's all, folks -------------------------------------------------*/
--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: oaep.h,v 1.1 2000/07/01 11:18:30 mdw Exp $
+ *
+ * Optimal asymmetric encryption packing
+ *
+ * (c) 2000 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Library General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: oaep.h,v $
+ * Revision 1.1 2000/07/01 11:18:30 mdw
+ * Support for Optimal Asymmetric Encryption Padding.
+ *
+ */
+
+/*----- Notes on OAEP -----------------------------------------------------*
+ *
+ * Applying OAEP before RSA encryption renders the construction plaintext-
+ * aware under the random oracle model. This is probably a good thing. OAEP
+ * was designed by Bellare and Rogaway. This particular variant is the one
+ * specified in PKCS#1 version 2.0. It's apparently not compatible with the
+ * OAEP used in the SET protocols.
+ */
+
+#ifndef CATACOMB_OAEP_H
+#define CATACOMB_OAEP_H
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/*----- Header files ------------------------------------------------------*/
+
+#include <mLib/bits.h>
+#include <mLib/dstr.h>
+
+#ifndef CATACOMB_GCIPHER_H
+# include "gcipher.h"
+#endif
+
+#ifndef CATACOMB_GHASH_H
+# include "ghash.h"
+#endif
+
+#ifndef CATACOMB_GRAND_H
+# include "grand.h"
+#endif
+
+/*----- Data structures ---------------------------------------------------*/
+
+typedef struct oaep {
+ const gccipher *cc; /* Cipher class for masking */
+ const gchash *ch; /* Hash class for parameter block */
+ grand *r; /* Random number source */
+ const void *ep; /* Encoding parameters block */
+ size_t epsz; /* Size of the parameter block */
+} oaep;
+
+/*----- Functions provided ------------------------------------------------*/
+
+/* --- @oaep_encode@ --- *
+ *
+ * Arguments: @const void *msg@ = pointer to message data
+ * @size_t msz@ = size of message data
+ * @void *buf@ = pointer to output buffer
+ * @size_t sz@ = size of the output buffer
+ * @void *p@ = pointer to OAEP parameter block
+ *
+ * Returns: Zero if all went well, negative on failure.
+ *
+ * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in
+ * PKCS#1 v. 2.0 (RFC2437).
+ */
+
+extern int oaep_encode(const void */*msg*/, size_t /*msz*/,
+ void */*buf*/, size_t /*sz*/, void */*p*/);
+
+/* --- @oaep_decode@ --- *
+ *
+ * Arguments: @const void *buf@ = pointer to encoded buffer
+ * @size_t sz@ = size of the encoded buffer
+ * @dstr *d@ = pointer to destination string
+ * @void *p@ = pointer to OAEP parameter block
+ *
+ * Returns: The length of the output string if successful, negative on
+ * failure.
+ *
+ * Use: Implements the operation @EME-OAEP-DECODE@, as defined in
+ * PKCS#1 v. 2.0 (RFC2437).
+ */
+
+extern int oaep_decode(const void */*buf*/, size_t /*sz*/,
+ dstr */*d*/, void */*p*/);
+
+/*----- That's all, folks -------------------------------------------------*/
+
+#ifdef __cplusplus
+ }
+#endif
+
+#endif