chiark - git - mdw - catacomb/blob - symm/mgf.h

   1 /* -*-c-*-
   2  *
   3  * The MGF mask generation function
   4  *
   5  * (c) 2000 Straylight/Edgeware
   6  */
   7
   8 /*----- Licensing notice --------------------------------------------------*
   9  *
  10  * This file is part of Catacomb.
  11  *
  12  * Catacomb is free software; you can redistribute it and/or modify
  13  * it under the terms of the GNU Library General Public License as
  14  * published by the Free Software Foundation; either version 2 of the
  15  * License, or (at your option) any later version.
  16  *
  17  * Catacomb is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU Library General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU Library General Public
  23  * License along with Catacomb; if not, write to the Free
  24  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
  25  * MA 02111-1307, USA.
  26  */
  27
  28 /*----- Notes on the MGF-1 mask generating function -----------------------*
  29  *
  30  * The idea of a mask-generating function is that given an input of arbitrary
  31  * size, it can emit a pseudorandom output `mask' of arbitrary size.  This is
  32  * used in PKCS#1 OAEP (RFC2437).  My recommendation would be to use a decent
  33  * stream cipher instead, like RC4 or SEAL.  MGF-1 isn't very fast.
  34  */
  35
  36 #ifndef CATACOMB_MGF_H
  37 #define CATACOMB_MGF_H
  38
  39 #ifdef __cplusplus
  40   extern "C" {
  41 #endif
  42
  43 /*----- Header files ------------------------------------------------------*/
  44
  45 #include <mLib/bits.h>
  46
  47 #ifndef CATACOMB_GCIPHER_H
  48 #  include "gcipher.h"
  49 #endif
  50
  51 #ifndef CATACOMB_GRAND_H
  52 #  include "grand.h"
  53 #endif
  54
  55 /*----- Macros ------------------------------------------------------------*/
  56
  57 #define MGF_DECL(PRE, pre)                                              \
  58                                                                         \
  59 /* --- An MGF generation context --- */                                 \
  60                                                                         \
  61 typedef struct pre##_mgfctx {                                           \
  62   pre##_ctx k;                          /* Underlying key context */    \
  63   uint32 c;                             /* Counter */                   \
  64   octet buf[PRE##_HASHSZ];              /* Output buffer */             \
  65   size_t bsz;                           /* Size of buffered data */     \
  66 } pre##_mgfctx;                                                         \
  67                                                                         \
  68 /* --- Other useful constants --- */                                    \
  69                                                                         \
  70 extern const octet pre##_mgfkeysz[];                                    \
  71                                                                         \
  72 /* --- @pre_mgfkeybegin@, @pre_mgfkeyadd@ --- *                         \
  73  *                                                                      \
  74  * Arguments:   @pre_mgfctx *k@ = pointer to context to initialize      \
  75  *              @const void *p@ = pointer to data to contribute         \
  76  *              @size_t sz@ = size of data to contribute                \
  77  *                                                                      \
  78  * Returns:     ---                                                     \
  79  *                                                                      \
  80  * Use:         A multi-step keying procedure for initializing an MGF   \
  81  *              context.  The data is contributed to a hashing context  \
  82  *              which is then used for mask generation.  If you only    \
  83  *              have a fixed buffer, you can save a lot of effort by    \
  84  *              simply calling @pre_mgfinit@.                           \
  85  */                                                                     \
  86                                                                         \
  87 extern void pre##_mgfkeybegin(pre##_mgfctx */*k*/);                     \
  88 extern void pre##_mgfkeyadd(pre##_mgfctx */*k*/,                        \
  89                             const void */*p*/, size_t /*sz*/);          \
  90                                                                         \
  91 /* ---- @pre_mgfinit@ --- *                                             \
  92  *                                                                      \
  93  * Arguments:   @pre_mgfctx *k@ = pointer to context to initialize      \
  94  *              @const void *p@ = pointer to data to contribute         \
  95  *              @size_t sz@ = size of data to contribute                \
  96  *                                                                      \
  97  * Returns:     ---                                                     \
  98  *                                                                      \
  99  * Use:         A simpler interface to initialization if all of your    \
 100  *              keying material is in one place.                        \
 101  */                                                                     \
 102                                                                         \
 103 extern void pre##_mgfinit(pre##_mgfctx */*k*/,                          \
 104                           const void */*p*/, size_t /*sz*/);            \
 105                                                                         \
 106 /* --- @pre_mgfencrypt@ --- *                                           \
 107  *                                                                      \
 108  * Arguments:   @pre_mgfctx *k@ = pointer to masking context            \
 109  *              @const void *s@ = pointer to source buffer              \
 110  *              @void *d@ = pointer to destination buffer               \
 111  *              @size_t sz@ = size of buffers                           \
 112  *                                                                      \
 113  * Returns:     ---                                                     \
 114  *                                                                      \
 115  * Use:         Outputs pseudorandom data, or masks an input buffer.    \
 116  *                                                                      \
 117  *              If @s@ is nonzero, the source material is exclusive-    \
 118  *              orred with the generated mask.  If @d@ is zero, the     \
 119  *              generator is simply spun around for a while, which      \
 120  *              isn't very useful.                                      \
 121  */                                                                     \
 122                                                                         \
 123 extern void pre##_mgfencrypt(pre##_mgfctx */*k*/, const void */*s*/,    \
 124                              void */*d*/, size_t /*sz*/);               \
 125                                                                         \
 126 /* --- @pre_mgfsetindex@ --- *                                          \
 127  *                                                                      \
 128  * Arguments:   @pre_mgfctx *k@ = pointer to masking context            \
 129  *              @uint32 *c@ = new index to set                          \
 130  *                                                                      \
 131  * Returns:     ---                                                     \
 132  *                                                                      \
 133  * Use:         Sets a new index.  This may be used to step around the  \
 134  *              output stream in a rather crude way.                    \
 135  */                                                                     \
 136                                                                         \
 137 extern void pre##_mgfsetindex(pre##_mgfctx */*k*/, uint32 /*c*/);       \
 138                                                                         \
 139 /* --- @pre_mgfrand@ --- *                                              \
 140  *                                                                      \
 141  * Arguments:   @const void *k@ = pointer to key material               \
 142  *              @size_t sz@ = size of key material                      \
 143  *                                                                      \
 144  * Returns:     Pointer to a generic random number generator instance.  \
 145  *                                                                      \
 146  * Use:         Creates a random number interface wrapper around an     \
 147  *              MGF-1-mode hash function.                               \
 148  */                                                                     \
 149                                                                         \
 150 extern grand *pre##_mgfrand(const void */*k*/, size_t /*sz*/);          \
 151                                                                         \
 152 /* --- Generic cipher interface --- */                                  \
 153                                                                         \
 154 extern const gccipher pre##_mgf;
 155
 156 /*----- That's all, folks -------------------------------------------------*/
 157
 158 #ifdef __cplusplus
 159   }
 160 #endif
 161
 162 #endif