From: mdw Date: Sat, 1 Jul 2000 11:18:30 +0000 (+0000) Subject: Support for Optimal Asymmetric Encryption Padding. X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/commitdiff_plain/99a01cb9f0ce9a6aa95f3a60f53c14f4e216158b Support for Optimal Asymmetric Encryption Padding. --- diff --git a/oaep.c b/oaep.c new file mode 100644 index 0000000..0e135f2 --- /dev/null +++ b/oaep.c @@ -0,0 +1,192 @@ +/* -*-c-*- + * + * $Id: oaep.c,v 1.1 2000/07/01 11:18:30 mdw Exp $ + * + * Optimal asymmetric encryption packing + * + * (c) 2000 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: oaep.c,v $ + * Revision 1.1 2000/07/01 11:18:30 mdw + * Support for Optimal Asymmetric Encryption Padding. + * + */ + +/*----- Header files ------------------------------------------------------*/ + +#include + +#include +#include +#include + +#include "gcipher.h" +#include "ghash.h" +#include "grand.h" +#include "oaep.h" + +/*----- Main code ---------------------------------------------------------*/ + +/* --- @oaep_encode@ --- * + * + * Arguments: @const void *msg@ = pointer to message data + * @size_t msz@ = size of message data + * @void *buf@ = pointer to output buffer + * @size_t sz@ = size of the output buffer + * @void *p@ = pointer to OAEP parameter block + * + * Returns: Zero if all went well, negative on failure. + * + * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in + * PKCS#1 v. 2.0 (RFC2437). + */ + +int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p) +{ + oaep *o = p; + size_t hsz = o->ch->hashsz; + ghash *h = o->ch->init(); + octet *q, *mq, *qq; + octet *pp; + gcipher *c; + size_t n; + + /* --- Ensure that everything is sensibly sized --- */ + + if (2 * hsz + 2 + msz > sz) + return (-1); + + /* --- Make the `seed' value --- */ + + q = buf; + *q++ = 0; sz--; + mq = q + hsz; + qq = q + sz; + o->r->ops->fill(o->r, q, hsz); + + /* --- Fill in the rest of the buffer --- */ + + h->ops->hash(h, o->ep, o->epsz); + h->ops->done(h, mq); + h->ops->destroy(h); + pp = mq + hsz; + n = sz - 2 * hsz - msz - 1; + memset(pp, 0, n); + pp += n; + *pp++ = 1; + memcpy(pp, msg, msz); + + /* --- Do the packing --- */ + + n = sz - hsz; + c = o->cc->init(q, hsz); + c->ops->encrypt(c, mq, mq, n); + c->ops->destroy(c); + + c = o->cc->init(mq, n); + c->ops->encrypt(c, q, q, hsz); + c->ops->destroy(c); + + /* --- Done --- */ + + return (0); +} + +/* --- @oaep_decode@ --- * + * + * Arguments: @const void *buf@ = pointer to encoded buffer + * @size_t sz@ = size of the encoded buffer + * @dstr *d@ = pointer to destination string + * @void *p@ = pointer to OAEP parameter block + * + * Returns: The length of the output string if successful, negative on + * failure. + * + * Use: Implements the operation @EME-OAEP-DECODE@, as defined in + * PKCS#1 v. 2.0 (RFC2437). + */ + +int oaep_decode(const void *buf, size_t sz, dstr *d, void *p) +{ + oaep *o = p; + gcipher *c; + ghash *h; + octet *q, *mq, *qq; + octet *pp; + size_t n; + size_t hsz = o->ch->hashsz; + int rc = -1; + + /* --- Ensure that the block is large enough --- */ + + if (sz < 2 * hsz) + return (-1); + + q = x_alloc(d->a, sz); + memcpy(q, buf, sz); + + /* --- Decrypt the message --- */ + + if (*q != 0) + goto fail; + q++; sz--; + mq = q + hsz; + qq = q + sz; + n = sz - hsz; + c = o->cc->init(mq, n); + c->ops->decrypt(c, q, q, hsz); + c->ops->destroy(c); + + c = o->cc->init(q, hsz); + c->ops->decrypt(c, mq, mq, n); + c->ops->destroy(c); + q--; + + /* --- Check the hash on the encoding parameters --- */ + + h = o->ch->init(); + h->ops->hash(h, o->ep, o->epsz); + h->ops->done(h, q); + if (memcmp(q, mq, hsz) != 0) + goto fail; + + /* --- Now find the start of the actual message --- */ + + pp = mq + hsz; + while (*pp == 0 && pp < qq) + pp++; + if (pp >= qq || *pp++ != 1) + return (-1); + n = qq - pp; + dstr_putm(d, pp, n); + rc = n; + +fail: + x_free(d->a, q); + return (rc); +} + +/*----- That's all, folks -------------------------------------------------*/ diff --git a/oaep.h b/oaep.h new file mode 100644 index 0000000..3f956b6 --- /dev/null +++ b/oaep.h @@ -0,0 +1,123 @@ +/* -*-c-*- + * + * $Id: oaep.h,v 1.1 2000/07/01 11:18:30 mdw Exp $ + * + * Optimal asymmetric encryption packing + * + * (c) 2000 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: oaep.h,v $ + * Revision 1.1 2000/07/01 11:18:30 mdw + * Support for Optimal Asymmetric Encryption Padding. + * + */ + +/*----- Notes on OAEP -----------------------------------------------------* + * + * Applying OAEP before RSA encryption renders the construction plaintext- + * aware under the random oracle model. This is probably a good thing. OAEP + * was designed by Bellare and Rogaway. This particular variant is the one + * specified in PKCS#1 version 2.0. It's apparently not compatible with the + * OAEP used in the SET protocols. + */ + +#ifndef CATACOMB_OAEP_H +#define CATACOMB_OAEP_H + +#ifdef __cplusplus + extern "C" { +#endif + +/*----- Header files ------------------------------------------------------*/ + +#include +#include + +#ifndef CATACOMB_GCIPHER_H +# include "gcipher.h" +#endif + +#ifndef CATACOMB_GHASH_H +# include "ghash.h" +#endif + +#ifndef CATACOMB_GRAND_H +# include "grand.h" +#endif + +/*----- Data structures ---------------------------------------------------*/ + +typedef struct oaep { + const gccipher *cc; /* Cipher class for masking */ + const gchash *ch; /* Hash class for parameter block */ + grand *r; /* Random number source */ + const void *ep; /* Encoding parameters block */ + size_t epsz; /* Size of the parameter block */ +} oaep; + +/*----- Functions provided ------------------------------------------------*/ + +/* --- @oaep_encode@ --- * + * + * Arguments: @const void *msg@ = pointer to message data + * @size_t msz@ = size of message data + * @void *buf@ = pointer to output buffer + * @size_t sz@ = size of the output buffer + * @void *p@ = pointer to OAEP parameter block + * + * Returns: Zero if all went well, negative on failure. + * + * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in + * PKCS#1 v. 2.0 (RFC2437). + */ + +extern int oaep_encode(const void */*msg*/, size_t /*msz*/, + void */*buf*/, size_t /*sz*/, void */*p*/); + +/* --- @oaep_decode@ --- * + * + * Arguments: @const void *buf@ = pointer to encoded buffer + * @size_t sz@ = size of the encoded buffer + * @dstr *d@ = pointer to destination string + * @void *p@ = pointer to OAEP parameter block + * + * Returns: The length of the output string if successful, negative on + * failure. + * + * Use: Implements the operation @EME-OAEP-DECODE@, as defined in + * PKCS#1 v. 2.0 (RFC2437). + */ + +extern int oaep_decode(const void */*buf*/, size_t /*sz*/, + dstr */*d*/, void */*p*/); + +/*----- That's all, folks -------------------------------------------------*/ + +#ifdef __cplusplus + } +#endif + +#endif