[catacomb] / pub / pkcs1.c

/* -*-c-*-
 *
 * PKCS#1 1.5 packing
 *
 * (c) 2000 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#include <string.h>

#include <mLib/bits.h>
#include <mLib/dstr.h>
#include <mLib/macros.h>

#include "ct.h"
#include "grand.h"
#include "rsa.h"

/*----- Main code ---------------------------------------------------------*/

/* --- @pkcs1_cryptencode@ --- *
 *
 * Arguments:	@mp *d@ = where to put the answer
 *		@const void *m@ = pointer to message data
 *		@size_t msz@ = size of message data
 *		@octet *b@ = spare buffer
 *		@size_t sz@ = size of the buffer (big enough)
 *		@unsigned long nbits@ = length of bits of @n@
 *		@void *p@ = pointer to PKCS1 parameter block
 *
 * Returns:	The encoded result, or null.
 *
 * Use:		Implements the operation @EME-PKCS1-V1_5-ENCODE@, as defined
 *		in PKCS#1 v. 2.0 (RFC2437).
 */

mp *pkcs1_cryptencode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
		      unsigned long nbits, void *p)
{
  pkcs1 *pp = p;
  grand *r = pp->r;
  octet *q;
  size_t i, n;

  /* --- Ensure that the buffer is sensibly sized --- */

  if (pp->epsz + msz + 11 > sz)
    return (0);

  /* --- Allocate the buffer and fill it in --- */

  q = b;
  *q++ = 0x00;
  *q++ = 0x02;
  n = sz - msz - pp->epsz - 3;
  GR_FILL(r, q, n);
  for (i = 0; i < n; i++) {
    if (*q == 0)
      *q = r->ops->range(r, 255) + 1;
    q++;
  }
  *q++ = 0;
  if (pp->ep) {
    memcpy(q, pp->ep, pp->epsz);
    q += pp->epsz;
  }
  memcpy(q, m, msz);
  q += msz;
  assert(q == b + sz);

  /* --- Collect the result --- */

  return (mp_loadb(d, b, sz));
}

/* --- @pkcs1_cryptdecode@ --- *
 *
 * Arguments:	@mp *m@ = the decrypted message
 *		@octet *b@ = pointer to a buffer to work in
 *		@size_t sz@ = the size of the buffer (big enough)
 *		@unsigned long nbits@ = the number of bits in @n@
 *		@void *p@ = pointer to PKCS1 parameter block
 *
 * Returns:	The length of the output string if successful, negative on
 *		failure.
 *
 * Use:		Implements the operation @EME-PKCS1-V1_5-DECODE@, as defined
 *		in PKCS#1 v. 2.0 (RFC2437).
 */

int pkcs1_cryptdecode(mp *m, octet *b, size_t sz,
		      unsigned long nbits, void *p)
{
  pkcs1 *pp = p;
  const octet *q, *qq;
  size_t n, i;
  uint32 goodp = 1;

  /* --- Check the size of the block looks sane --- */

  if (pp->epsz + 11 > sz)		/* OK: independent of ciphertext */
    return (-1);
  mp_storeb(m, b, sz);
  q = b;
  qq = q + sz;

  /* --- Ensure that the block looks OK --- */

  goodp &= ct_inteq(*q++, 0);
  goodp &= ct_inteq(*q++, 2);

  /* --- Check the nonzero padding --- */

  i = 0;
  while (*q != 0 && q < qq)
    i++, q++;
  goodp &= ct_intle(8, i);
  goodp &= ~ct_intle(qq - q, pp->epsz + 1);
  q++;

  /* --- Check the encoding parameters --- */

  if (pp->ep)
    goodp &= ct_memeq(b + ct_pick(goodp, 0, q - b), pp->ep, pp->epsz);
  q += pp->epsz;

  /* --- Done --- */

  n = qq - q;
  memmove(b, b + ct_pick(goodp, 1, q - b), n);
  return (goodp ? n : -1);
}

/* --- @pkcs1_sigencode@ --- *
 *
 * Arguments:	@mp *d@ = where to put the answer
 *		@const void *m@ = pointer to message data
 *		@size_t msz@ = size of message data
 *		@octet *b@ = spare buffer
 *		@size_t sz@ = size of the buffer (big enough)
 *		@unsigned long nbits@ = length of bits of @n@
 *		@void *p@ = pointer to PKCS1 parameter block
 *
 * Returns:	The encoded message representative, or null.
 *
 * Use:		Implements the operation @EMSA-PKCS1-V1_5-ENCODE@, as defined
 *		in PKCS#1 v. 2.0 (RFC2437).
 */

mp *pkcs1_sigencode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
		    unsigned long nbits, void *p)
{
  pkcs1 *pp = p;
  octet *q;
  size_t n;

  /* --- Ensure that the buffer is sensibly sized --- */

  if (pp->epsz + msz + 11 > sz)
    return (0);

  /* --- Fill in the buffer --- */

  q = b;
  *q++ = 0x00;
  *q++ = 0x01;
  n = sz - msz - pp->epsz - 3;
  memset(q, 0xff, n);
  q += n;
  *q++ = 0;
  if (pp->ep) {
    memcpy(q, pp->ep, pp->epsz);
    q += pp->epsz;
  }
  memcpy(q, m, msz);
  q += msz;
  assert(q == b + sz);
  return (mp_loadb(d, b, sz));
}

/* --- @pkcs1_sigdecode@ --- *
 *
 * Arguments:	@mp *s@ = the message representative
 *		@const void *m@ = the original message, or null (ignored)
 *		@size_t msz@ = the message size (ignored)
 *		@octet *b@ = a scratch buffer
 *		@size_t sz@ = size of the buffer (large enough)
 *		@unsigned long nbits@ = number of bits in @n@
 *		@void *p@ = pointer to PKCS1 parameters
 *
 * Returns:	The length of the output string if successful, negative on
 *		failure.
 *
 * Use:		Implements the operation @EMSA-PKCS1-V1_5-DECODE@, as defined
 *		in PKCS#1 v. 2.0 (RFC2437).
 */

int pkcs1_sigdecode(mp *s, const void *m, size_t msz, octet *b, size_t sz,
		    unsigned long nbits, void *p)
{
  pkcs1 *pp = p;
  const octet *q, *qq;
  size_t i, n;

  /* --- Check the size of the block looks sane --- */

  if (pp->epsz + 10 > sz)
    return (-1);
  mp_storeb(s, b, sz);
  q = b;
  qq = q + sz;

  /* --- Ensure that the block looks OK --- */

  if (*q++ != 0x00 || *q++ != 0x01)
    return (-1);

  /* --- Check the padding --- */

  i = 0;
  while (*q == 0xff && q < qq)
    i++, q++;
  if (i < 8 || qq - q < pp->epsz + 1 || *q++ != 0)
    return (-1);

  /* --- Check the encoding parameters --- */

  if (pp->ep && MEMCMP(q, !=, pp->ep, pp->epsz))
    return (-1);
  q += pp->epsz;

  /* --- Done --- */

  n = qq - q;
  memmove(b, q, n);
  return (n);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
cd6c3eeb	1	/* --c--
cd6c3eeb	2	*
cd6c3eeb	3	* PKCS#1 1.5 packing
	4	*
	5	* (c) 2000 Straylight/Edgeware
	6	*/
	7
45c0fd36	8	/----- Licensing notice --------------------------------------------------
cd6c3eeb	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
45c0fd36	16	*
cd6c3eeb	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
45c0fd36	21	*
cd6c3eeb	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
	27
cd6c3eeb	28	/----- Header files ------------------------------------------------------/
	29
	30	#include <string.h>
	31
	32	#include <mLib/bits.h>
	33	#include <mLib/dstr.h>
141c1284	34	#include <mLib/macros.h>
cd6c3eeb	35
52f339e9	36	#include "ct.h"
cd6c3eeb	37	#include "grand.h"
b817bfc6	38	#include "rsa.h"
cd6c3eeb	39
	40	/----- Main code ---------------------------------------------------------/
	41
	42	/* --- @pkcs1_cryptencode@ --- *
	43	*
b817bfc6	44	* Arguments: @mp *d@ = where to put the answer
b817bfc6	45	* @const void *m@ = pointer to message data
cd6c3eeb	46	* @size_t msz@ = size of message data
b817bfc6	47	* @octet *b@ = spare buffer
	48	* @size_t sz@ = size of the buffer (big enough)
	49	* @unsigned long nbits@ = length of bits of @n@
cd6c3eeb	50	* @void *p@ = pointer to PKCS1 parameter block
cd6c3eeb	51	*
b817bfc6	52	* Returns: The encoded result, or null.
cd6c3eeb	53	*
	54	* Use: Implements the operation @EME-PKCS1-V1_5-ENCODE@, as defined
	55	* in PKCS#1 v. 2.0 (RFC2437).
	56	*/
	57
b817bfc6	58	mp pkcs1_cryptencode(mp d, const void m, size_t msz, octet b, size_t sz,
b817bfc6	59	unsigned long nbits, void *p)
cd6c3eeb	60	{
	61	pkcs1 *pp = p;
	62	grand *r = pp->r;
b817bfc6	63	octet *q;
cd6c3eeb	64	size_t i, n;
	65
	66	/* --- Ensure that the buffer is sensibly sized --- */
	67
	68	if (pp->epsz + msz + 11 > sz)
b817bfc6	69	return (0);
cd6c3eeb	70
b817bfc6	71	/* --- Allocate the buffer and fill it in --- */
cd6c3eeb	72
b817bfc6	73	q = b;
	74	*q++ = 0x00;
	75	*q++ = 0x02;
cd6c3eeb	76	n = sz - msz - pp->epsz - 3;
b817bfc6	77	GR_FILL(r, q, n);
cd6c3eeb	78	for (i = 0; i < n; i++) {
	79	if (*q == 0)
	80	*q = r->ops->range(r, 255) + 1;
	81	q++;
	82	}
	83	*q++ = 0;
b817bfc6	84	if (pp->ep) {
	85	memcpy(q, pp->ep, pp->epsz);
	86	q += pp->epsz;
	87	}
	88	memcpy(q, m, msz);
	89	q += msz;
	90	assert(q == b + sz);
	91
	92	/* --- Collect the result --- */
45c0fd36	93
b817bfc6	94	return (mp_loadb(d, b, sz));
cd6c3eeb	95	}
	96
	97	/* --- @pkcs1_cryptdecode@ --- *
	98	*
b817bfc6	99	* Arguments: @mp *m@ = the decrypted message
	100	* @octet *b@ = pointer to a buffer to work in
	101	* @size_t sz@ = the size of the buffer (big enough)
	102	* @unsigned long nbits@ = the number of bits in @n@
cd6c3eeb	103	* @void *p@ = pointer to PKCS1 parameter block
	104	*
	105	* Returns: The length of the output string if successful, negative on
	106	* failure.
	107	*
	108	* Use: Implements the operation @EME-PKCS1-V1_5-DECODE@, as defined
	109	* in PKCS#1 v. 2.0 (RFC2437).
	110	*/
	111
b817bfc6	112	int pkcs1_cryptdecode(mp m, octet b, size_t sz,
b817bfc6	113	unsigned long nbits, void *p)
cd6c3eeb	114	{
	115	pkcs1 *pp = p;
	116	const octet q, qq;
	117	size_t n, i;
52f339e9	118	uint32 goodp = 1;
cd6c3eeb	119
	120	/* --- Check the size of the block looks sane --- */
	121
b817bfc6	122	if (pp->epsz + 11 > sz) /* OK: independent of ciphertext */
cd6c3eeb	123	return (-1);
b817bfc6	124	mp_storeb(m, b, sz);
b817bfc6	125	q = b;
7629bca8	126	qq = q + sz;
cd6c3eeb	127
	128	/* --- Ensure that the block looks OK --- */
	129
52f339e9 MW	130	goodp &= ct_inteq(*q++, 0);
52f339e9 MW	131	goodp &= ct_inteq(*q++, 2);
cd6c3eeb	132
	133	/* --- Check the nonzero padding --- */
	134
	135	i = 0;
	136	while (*q != 0 && q < qq)
	137	i++, q++;
52f339e9 MW	138	goodp &= ct_intle(8, i);
52f339e9 MW	139	goodp &= ~ct_intle(qq - q, pp->epsz + 1);
cd6c3eeb	140	q++;
	141
	142	/* --- Check the encoding parameters --- */
	143
52f339e9 MW	144	if (pp->ep)
52f339e9 MW	145	goodp &= ct_memeq(b + ct_pick(goodp, 0, q - b), pp->ep, pp->epsz);
cd6c3eeb	146	q += pp->epsz;
	147
	148	/* --- Done --- */
	149
	150	n = qq - q;
52f339e9 MW	151	memmove(b, b + ct_pick(goodp, 1, q - b), n);
52f339e9 MW	152	return (goodp ? n : -1);
cd6c3eeb	153	}
	154
	155	/* --- @pkcs1_sigencode@ --- *
	156	*
b817bfc6	157	* Arguments: @mp *d@ = where to put the answer
b817bfc6	158	* @const void *m@ = pointer to message data
cd6c3eeb	159	* @size_t msz@ = size of message data
b817bfc6	160	* @octet *b@ = spare buffer
	161	* @size_t sz@ = size of the buffer (big enough)
	162	* @unsigned long nbits@ = length of bits of @n@
cd6c3eeb	163	* @void *p@ = pointer to PKCS1 parameter block
cd6c3eeb	164	*
b817bfc6	165	* Returns: The encoded message representative, or null.
cd6c3eeb	166	*
	167	* Use: Implements the operation @EMSA-PKCS1-V1_5-ENCODE@, as defined
	168	* in PKCS#1 v. 2.0 (RFC2437).
	169	*/
	170
b817bfc6	171	mp pkcs1_sigencode(mp d, const void m, size_t msz, octet b, size_t sz,
b817bfc6	172	unsigned long nbits, void *p)
cd6c3eeb	173	{
cd6c3eeb	174	pkcs1 *pp = p;
b817bfc6	175	octet *q;
cd6c3eeb	176	size_t n;
	177
	178	/* --- Ensure that the buffer is sensibly sized --- */
	179
	180	if (pp->epsz + msz + 11 > sz)
b817bfc6	181	return (0);
cd6c3eeb	182
	183	/* --- Fill in the buffer --- */
	184
b817bfc6	185	q = b;
	186	*q++ = 0x00;
	187	*q++ = 0x01;
cd6c3eeb	188	n = sz - msz - pp->epsz - 3;
	189	memset(q, 0xff, n);
	190	q += n;
	191	*q++ = 0;
b817bfc6	192	if (pp->ep) {
	193	memcpy(q, pp->ep, pp->epsz);
	194	q += pp->epsz;
	195	}
	196	memcpy(q, m, msz);
	197	q += msz;
	198	assert(q == b + sz);
	199	return (mp_loadb(d, b, sz));
cd6c3eeb	200	}
	201
	202	/* --- @pkcs1_sigdecode@ --- *
	203	*
b817bfc6	204	* Arguments: @mp *s@ = the message representative
	205	* @const void *m@ = the original message, or null (ignored)
	206	* @size_t msz@ = the message size (ignored)
	207	* @octet *b@ = a scratch buffer
	208	* @size_t sz@ = size of the buffer (large enough)
	209	* @unsigned long nbits@ = number of bits in @n@
	210	* @void *p@ = pointer to PKCS1 parameters
cd6c3eeb	211	*
	212	* Returns: The length of the output string if successful, negative on
	213	* failure.
	214	*
	215	* Use: Implements the operation @EMSA-PKCS1-V1_5-DECODE@, as defined
	216	* in PKCS#1 v. 2.0 (RFC2437).
	217	*/
	218
b817bfc6	219	int pkcs1_sigdecode(mp s, const void m, size_t msz, octet *b, size_t sz,
b817bfc6	220	unsigned long nbits, void *p)
cd6c3eeb	221	{
	222	pkcs1 *pp = p;
	223	const octet q, qq;
	224	size_t i, n;
	225
	226	/* --- Check the size of the block looks sane --- */
	227
	228	if (pp->epsz + 10 > sz)
	229	return (-1);
b817bfc6	230	mp_storeb(s, b, sz);
b817bfc6	231	q = b;
7629bca8	232	qq = q + sz;
cd6c3eeb	233
	234	/* --- Ensure that the block looks OK --- */
	235
b817bfc6	236	if (q++ != 0x00 \|\| q++ != 0x01)
cd6c3eeb	237	return (-1);
	238
	239	/* --- Check the padding --- */
	240
	241	i = 0;
	242	while (*q == 0xff && q < qq)
	243	i++, q++;
0586d2a1	244	if (i < 8 \|\| qq - q < pp->epsz + 1 \|\| *q++ != 0)
cd6c3eeb	245	return (-1);
cd6c3eeb	246
	247	/* --- Check the encoding parameters --- */
	248
141c1284	249	if (pp->ep && MEMCMP(q, !=, pp->ep, pp->epsz))
cd6c3eeb	250	return (-1);
	251	q += pp->epsz;
	252
	253	/* --- Done --- */
	254
	255	n = qq - q;
b817bfc6	256	memmove(b, q, n);
cd6c3eeb	257	return (n);
	258	}
	259
	260	/----- That's all, folks -------------------------------------------------/