Commit | Line | Data |
---|---|---|
99a01cb9 | 1 | /* -*-c-*- |
2 | * | |
b817bfc6 | 3 | * $Id: oaep.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ |
99a01cb9 | 4 | * |
5 | * Optimal asymmetric encryption packing | |
6 | * | |
7 | * (c) 2000 Straylight/Edgeware | |
8 | */ | |
9 | ||
45c0fd36 | 10 | /*----- Licensing notice --------------------------------------------------* |
99a01cb9 | 11 | * |
12 | * This file is part of Catacomb. | |
13 | * | |
14 | * Catacomb is free software; you can redistribute it and/or modify | |
15 | * it under the terms of the GNU Library General Public License as | |
16 | * published by the Free Software Foundation; either version 2 of the | |
17 | * License, or (at your option) any later version. | |
45c0fd36 | 18 | * |
99a01cb9 | 19 | * Catacomb is distributed in the hope that it will be useful, |
20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
22 | * GNU Library General Public License for more details. | |
45c0fd36 | 23 | * |
99a01cb9 | 24 | * You should have received a copy of the GNU Library General Public |
25 | * License along with Catacomb; if not, write to the Free | |
26 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, | |
27 | * MA 02111-1307, USA. | |
28 | */ | |
29 | ||
99a01cb9 | 30 | /*----- Header files ------------------------------------------------------*/ |
31 | ||
32 | #include <string.h> | |
33 | ||
34 | #include <mLib/alloc.h> | |
35 | #include <mLib/bits.h> | |
36 | #include <mLib/dstr.h> | |
37 | ||
52f339e9 | 38 | #include "ct.h" |
99a01cb9 | 39 | #include "gcipher.h" |
40 | #include "ghash.h" | |
41 | #include "grand.h" | |
b817bfc6 | 42 | #include "rsa.h" |
99a01cb9 | 43 | |
44 | /*----- Main code ---------------------------------------------------------*/ | |
45 | ||
46 | /* --- @oaep_encode@ --- * | |
47 | * | |
b817bfc6 | 48 | * Arguments: @mp *d@ = where to put the answer |
49 | * @const void *m@ = pointer to message data | |
99a01cb9 | 50 | * @size_t msz@ = size of message data |
b817bfc6 | 51 | * @octet *b@ = spare buffer |
52 | * @size_t sz@ = size of the buffer (big enough) | |
53 | * @unsigned long nbits@ = length of bits of @n@ | |
99a01cb9 | 54 | * @void *p@ = pointer to OAEP parameter block |
55 | * | |
b817bfc6 | 56 | * Returns: The encoded plaintext, or null on failure. |
99a01cb9 | 57 | * |
58 | * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in | |
59 | * PKCS#1 v. 2.0 (RFC2437). | |
60 | */ | |
61 | ||
b817bfc6 | 62 | mp *oaep_encode(mp *d, const void *m, size_t msz, octet *b, size_t sz, |
63 | unsigned long nbits, void *p) | |
99a01cb9 | 64 | { |
65 | oaep *o = p; | |
66 | size_t hsz = o->ch->hashsz; | |
827a6719 | 67 | ghash *h; |
52f339e9 | 68 | octet *q, *mq; |
99a01cb9 | 69 | octet *pp; |
70 | gcipher *c; | |
71 | size_t n; | |
72 | ||
73 | /* --- Ensure that everything is sensibly sized --- */ | |
74 | ||
75 | if (2 * hsz + 2 + msz > sz) | |
b817bfc6 | 76 | return (0); |
99a01cb9 | 77 | |
78 | /* --- Make the `seed' value --- */ | |
79 | ||
b817bfc6 | 80 | q = b; |
99a01cb9 | 81 | *q++ = 0; sz--; |
82 | mq = q + hsz; | |
b817bfc6 | 83 | GR_FILL(o->r, q, hsz); |
99a01cb9 | 84 | |
85 | /* --- Fill in the rest of the buffer --- */ | |
86 | ||
b817bfc6 | 87 | h = GH_INIT(o->ch); |
88 | GH_HASH(h, o->ep, o->epsz); | |
89 | GH_DONE(h, mq); | |
90 | GH_DESTROY(h); | |
99a01cb9 | 91 | pp = mq + hsz; |
92 | n = sz - 2 * hsz - msz - 1; | |
93 | memset(pp, 0, n); | |
94 | pp += n; | |
95 | *pp++ = 1; | |
b817bfc6 | 96 | memcpy(pp, m, msz); |
99a01cb9 | 97 | |
98 | /* --- Do the packing --- */ | |
99 | ||
100 | n = sz - hsz; | |
b817bfc6 | 101 | c = GC_INIT(o->cc, q, hsz); |
102 | GC_ENCRYPT(c, mq, mq, n); | |
103 | GC_DESTROY(c); | |
99a01cb9 | 104 | |
b817bfc6 | 105 | c = GC_INIT(o->cc, mq, n); |
106 | GC_ENCRYPT(c, q, q, hsz); | |
107 | GC_DESTROY(c); | |
99a01cb9 | 108 | |
109 | /* --- Done --- */ | |
110 | ||
b817bfc6 | 111 | return (mp_loadb(d, b, sz + 1)); |
99a01cb9 | 112 | } |
113 | ||
114 | /* --- @oaep_decode@ --- * | |
115 | * | |
b817bfc6 | 116 | * Arguments: @mp *m@ = the decrypted message |
117 | * @octet *b@ = pointer to a buffer to work in | |
118 | * @size_t sz@ = the size of the buffer (big enough) | |
119 | * @unsigned long nbits@ = the number of bits in @n@ | |
99a01cb9 | 120 | * @void *p@ = pointer to OAEP parameter block |
121 | * | |
122 | * Returns: The length of the output string if successful, negative on | |
123 | * failure. | |
124 | * | |
125 | * Use: Implements the operation @EME-OAEP-DECODE@, as defined in | |
126 | * PKCS#1 v. 2.0 (RFC2437). | |
127 | */ | |
128 | ||
b817bfc6 | 129 | int oaep_decode(mp *m, octet *b, size_t sz, unsigned long nbits, void *p) |
99a01cb9 | 130 | { |
131 | oaep *o = p; | |
132 | gcipher *c; | |
133 | ghash *h; | |
134 | octet *q, *mq, *qq; | |
135 | octet *pp; | |
52f339e9 | 136 | uint32 goodp = 1; |
99a01cb9 | 137 | size_t n; |
138 | size_t hsz = o->ch->hashsz; | |
99a01cb9 | 139 | |
140 | /* --- Ensure that the block is large enough --- */ | |
141 | ||
b817bfc6 | 142 | if (sz < 2 * hsz) /* Doesn't depend on ciphertext */ |
99a01cb9 | 143 | return (-1); |
144 | ||
99a01cb9 | 145 | /* --- Decrypt the message --- */ |
146 | ||
b817bfc6 | 147 | mp_storeb(m, b, sz); |
148 | q = b; | |
52f339e9 | 149 | goodp &= ct_inteq(*q, 0); |
99a01cb9 | 150 | q++; sz--; |
151 | mq = q + hsz; | |
152 | qq = q + sz; | |
153 | n = sz - hsz; | |
b817bfc6 | 154 | c = GC_INIT(o->cc, mq, n); |
155 | GC_DECRYPT(c, q, q, hsz); | |
156 | GC_DESTROY(c); | |
99a01cb9 | 157 | |
b817bfc6 | 158 | c = GC_INIT(o->cc, q, hsz); |
159 | GC_DECRYPT(c, mq, mq, n); | |
160 | GC_DESTROY(c); | |
99a01cb9 | 161 | q--; |
162 | ||
163 | /* --- Check the hash on the encoding parameters --- */ | |
164 | ||
b817bfc6 | 165 | h = GH_INIT(o->ch); |
166 | GH_HASH(h, o->ep, o->epsz); | |
167 | GH_DONE(h, q); | |
168 | GH_DESTROY(h); | |
52f339e9 | 169 | goodp &= ct_memeq(q, mq, hsz); |
99a01cb9 | 170 | |
171 | /* --- Now find the start of the actual message --- */ | |
172 | ||
173 | pp = mq + hsz; | |
174 | while (*pp == 0 && pp < qq) | |
175 | pp++; | |
52f339e9 MW |
176 | goodp &= ~ct_intle(qq - b, pp - b); |
177 | goodp &= ct_inteq(*pp, 1); | |
78ec50fa | 178 | pp++; |
99a01cb9 | 179 | n = qq - pp; |
b817bfc6 | 180 | memmove(q, pp, n); |
52f339e9 | 181 | return (goodp ? n : -1); |
49db8dbe | 182 | } |
183 | ||
99a01cb9 | 184 | /*----- That's all, folks -------------------------------------------------*/ |