3 * Optimal asymmetric encryption packing
5 * (c) 2000 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 /*----- Header files ------------------------------------------------------*/
32 #include <mLib/alloc.h>
33 #include <mLib/bits.h>
34 #include <mLib/dstr.h>
42 /*----- Main code ---------------------------------------------------------*/
44 /* --- @oaep_encode@ --- *
46 * Arguments: @mp *d@ = where to put the answer
47 * @const void *m@ = pointer to message data
48 * @size_t msz@ = size of message data
49 * @octet *b@ = spare buffer
50 * @size_t sz@ = size of the buffer (big enough)
51 * @unsigned long nbits@ = length of bits of @n@
52 * @void *p@ = pointer to OAEP parameter block
54 * Returns: The encoded plaintext, or null on failure.
56 * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in
57 * PKCS#1 v. 2.0 (RFC2437).
60 mp *oaep_encode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
61 unsigned long nbits, void *p)
64 size_t hsz = o->ch->hashsz;
71 /* --- Ensure that everything is sensibly sized --- */
73 if (2 * hsz + 2 + msz > sz)
76 /* --- Make the `seed' value --- */
81 GR_FILL(o->r, q, hsz);
83 /* --- Fill in the rest of the buffer --- */
86 GH_HASH(h, o->ep, o->epsz);
90 n = sz - 2 * hsz - msz - 1;
96 /* --- Do the packing --- */
99 c = GC_INIT(o->cc, q, hsz);
100 GC_ENCRYPT(c, mq, mq, n);
103 c = GC_INIT(o->cc, mq, n);
104 GC_ENCRYPT(c, q, q, hsz);
109 return (mp_loadb(d, b, sz + 1));
112 /* --- @oaep_decode@ --- *
114 * Arguments: @mp *m@ = the decrypted message
115 * @octet *b@ = pointer to a buffer to work in
116 * @size_t sz@ = the size of the buffer (big enough)
117 * @unsigned long nbits@ = the number of bits in @n@
118 * @void *p@ = pointer to OAEP parameter block
120 * Returns: The length of the output string if successful, negative on
123 * Use: Implements the operation @EME-OAEP-DECODE@, as defined in
124 * PKCS#1 v. 2.0 (RFC2437).
127 int oaep_decode(mp *m, octet *b, size_t sz, unsigned long nbits, void *p)
136 size_t hsz = o->ch->hashsz;
138 /* --- Ensure that the block is large enough --- */
140 if (sz < 2 * hsz) /* Doesn't depend on ciphertext */
143 /* --- Decrypt the message --- */
147 goodp &= ct_inteq(*q, 0);
152 c = GC_INIT(o->cc, mq, n);
153 GC_DECRYPT(c, q, q, hsz);
156 c = GC_INIT(o->cc, q, hsz);
157 GC_DECRYPT(c, mq, mq, n);
161 /* --- Check the hash on the encoding parameters --- */
164 GH_HASH(h, o->ep, o->epsz);
167 goodp &= ct_memeq(q, mq, hsz);
169 /* --- Now find the start of the actual message --- */
172 while (*pp == 0 && pp < qq)
174 goodp &= ~ct_intle(qq - b, pp - b);
175 goodp &= ct_inteq(*pp, 1);
179 return (goodp ? n : -1);
182 /*----- That's all, folks -------------------------------------------------*/