fea9a197 |
1 | /* -*-c-*- |
fea9a197 |
2 | * |
3 | * The MGF mask generation function |
4 | * |
5 | * (c) 2000 Straylight/Edgeware |
6 | */ |
7 | |
45c0fd36 |
8 | /*----- Licensing notice --------------------------------------------------* |
fea9a197 |
9 | * |
10 | * This file is part of Catacomb. |
11 | * |
12 | * Catacomb is free software; you can redistribute it and/or modify |
13 | * it under the terms of the GNU Library General Public License as |
14 | * published by the Free Software Foundation; either version 2 of the |
15 | * License, or (at your option) any later version. |
45c0fd36 |
16 | * |
fea9a197 |
17 | * Catacomb is distributed in the hope that it will be useful, |
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
20 | * GNU Library General Public License for more details. |
45c0fd36 |
21 | * |
fea9a197 |
22 | * You should have received a copy of the GNU Library General Public |
23 | * License along with Catacomb; if not, write to the Free |
24 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, |
25 | * MA 02111-1307, USA. |
26 | */ |
27 | |
fea9a197 |
28 | /*----- Notes on the MGF-1 mask generating function -----------------------* |
29 | * |
30 | * The idea of a mask-generating function is that given an input of arbitrary |
31 | * size, it can emit a pseudorandom output `mask' of arbitrary size. This is |
32 | * used in PKCS#1 OAEP (RFC2437). My recommendation would be to use a decent |
33 | * stream cipher instead, like RC4 or SEAL. MGF-1 isn't very fast. |
34 | */ |
35 | |
36 | #ifndef CATACOMB_MGF_H |
37 | #define CATACOMB_MGF_H |
38 | |
39 | #ifdef __cplusplus |
40 | extern "C" { |
41 | #endif |
42 | |
43 | /*----- Header files ------------------------------------------------------*/ |
44 | |
45 | #include <mLib/bits.h> |
46 | |
47 | #ifndef CATACOMB_GCIPHER_H |
48 | # include "gcipher.h" |
49 | #endif |
50 | |
51 | #ifndef CATACOMB_GRAND_H |
52 | # include "grand.h" |
53 | #endif |
54 | |
55 | /*----- Macros ------------------------------------------------------------*/ |
56 | |
57 | #define MGF_DECL(PRE, pre) \ |
58 | \ |
59 | /* --- An MGF generation context --- */ \ |
60 | \ |
61 | typedef struct pre##_mgfctx { \ |
62 | pre##_ctx k; /* Underlying key context */ \ |
63 | uint32 c; /* Counter */ \ |
64 | octet buf[PRE##_HASHSZ]; /* Output buffer */ \ |
65 | size_t bsz; /* Size of buffered data */ \ |
66 | } pre##_mgfctx; \ |
67 | \ |
68 | /* --- Other useful constants --- */ \ |
69 | \ |
70 | extern const octet pre##_mgfkeysz[]; \ |
71 | \ |
72 | /* --- @pre_mgfkeybegin@, @pre_mgfkeyadd@ --- * \ |
73 | * \ |
74 | * Arguments: @pre_mgfctx *k@ = pointer to context to initialize \ |
75 | * @const void *p@ = pointer to data to contribute \ |
76 | * @size_t sz@ = size of data to contribute \ |
77 | * \ |
78 | * Returns: --- \ |
79 | * \ |
80 | * Use: A multi-step keying procedure for initializing an MGF \ |
81 | * context. The data is contributed to a hashing context \ |
82 | * which is then used for mask generation. If you only \ |
83 | * have a fixed buffer, you can save a lot of effort by \ |
84 | * simply calling @pre_mgfinit@. \ |
85 | */ \ |
86 | \ |
87 | extern void pre##_mgfkeybegin(pre##_mgfctx */*k*/); \ |
88 | extern void pre##_mgfkeyadd(pre##_mgfctx */*k*/, \ |
89 | const void */*p*/, size_t /*sz*/); \ |
90 | \ |
91 | /* ---- @pre_mgfinit@ --- * \ |
92 | * \ |
93 | * Arguments: @pre_mgfctx *k@ = pointer to context to initialize \ |
94 | * @const void *p@ = pointer to data to contribute \ |
95 | * @size_t sz@ = size of data to contribute \ |
96 | * \ |
97 | * Returns: --- \ |
98 | * \ |
99 | * Use: A simpler interface to initialization if all of your \ |
100 | * keying material is in one place. \ |
101 | */ \ |
102 | \ |
103 | extern void pre##_mgfinit(pre##_mgfctx */*k*/, \ |
104 | const void */*p*/, size_t /*sz*/); \ |
105 | \ |
106 | /* --- @pre_mgfencrypt@ --- * \ |
107 | * \ |
108 | * Arguments: @pre_mgfctx *k@ = pointer to masking context \ |
109 | * @const void *s@ = pointer to source buffer \ |
110 | * @void *d@ = pointer to destination buffer \ |
111 | * @size_t sz@ = size of buffers \ |
112 | * \ |
113 | * Returns: --- \ |
114 | * \ |
115 | * Use: Outputs pseudorandom data, or masks an input buffer. \ |
116 | * \ |
117 | * If @s@ is nonzero, the source material is exclusive- \ |
118 | * orred with the generated mask. If @d@ is zero, the \ |
119 | * generator is simply spun around for a while, which \ |
120 | * isn't very useful. \ |
121 | */ \ |
122 | \ |
123 | extern void pre##_mgfencrypt(pre##_mgfctx */*k*/, const void */*s*/, \ |
124 | void */*d*/, size_t /*sz*/); \ |
125 | \ |
126 | /* --- @pre_mgfsetindex@ --- * \ |
127 | * \ |
128 | * Arguments: @pre_mgfctx *k@ = pointer to masking context \ |
129 | * @uint32 *c@ = new index to set \ |
130 | * \ |
131 | * Returns: --- \ |
132 | * \ |
133 | * Use: Sets a new index. This may be used to step around the \ |
134 | * output stream in a rather crude way. \ |
135 | */ \ |
136 | \ |
137 | extern void pre##_mgfsetindex(pre##_mgfctx */*k*/, uint32 /*c*/); \ |
138 | \ |
139 | /* --- @pre_mgfrand@ --- * \ |
140 | * \ |
141 | * Arguments: @const void *k@ = pointer to key material \ |
142 | * @size_t sz@ = size of key material \ |
143 | * \ |
144 | * Returns: Pointer to a generic random number generator instance. \ |
145 | * \ |
146 | * Use: Creates a random number interface wrapper around an \ |
147 | * MGF-1-mode hash function. \ |
148 | */ \ |
149 | \ |
150 | extern grand *pre##_mgfrand(const void */*k*/, size_t /*sz*/); \ |
151 | \ |
152 | /* --- Generic cipher interface --- */ \ |
153 | \ |
154 | extern const gccipher pre##_mgf; |
155 | |
156 | /*----- That's all, folks -------------------------------------------------*/ |
157 | |
158 | #ifdef __cplusplus |
159 | } |
160 | #endif |
161 | |
162 | #endif |