3 * [RSA encryption with padding *
4 * (c) 2000 Straylight/Edgeware
7 /*----- Licensing notice --------------------------------------------------*
9 * This file is part of Catacomb.
11 * Catacomb is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU Library General Public License as
13 * published by the Free Software Foundation; either version 2 of the
14 * License, or (at your option) any later version.
16 * Catacomb is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU Library General Public License for more details.
21 * You should have received a copy of the GNU Library General Public
22 * License along with Catacomb; if not, write to the Free
23 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 /*----- Header files ------------------------------------------------------*/
29 #include <mLib/alloc.h>
30 #include <mLib/bits.h>
31 #include <mLib/dstr.h>
37 /*----- Public key operations ---------------------------------------------*/
39 /* --- @rsa_pubcreate@ --- *
41 * Arguments: @rsa_pubctx *rd@ = pointer to an RSA public key context
42 * @rsa_pub *rp@ = pointer to RSA public key
46 * Use: Initializes an RSA public-key context.
49 void rsa_pubcreate(rsa_pubctx *rd, rsa_pub *rp)
51 rd->rp = rp; mp_shrink(rp->e);
52 mpmont_create(&rd->mm, rp->n);
55 /* --- @rsa_pubdestroy@ --- *
57 * Arguments: @rsa_pubctx *rd@ = pointer to an RSA public key context
61 * Use: Destroys an RSA public-key context.
64 void rsa_pubdestroy(rsa_pubctx *rd)
66 mpmont_destroy(&rd->mm);
69 /* --- @rsa_pubop@ --- *
71 * Arguments: @rsa_pubctx *rd@ = pointer to an RSA public key context
72 * @mp *d@ = destination
73 * @mp *p@ = input message
75 * Returns: The transformed output message.
77 * Use: Performs an RSA public key operation.
80 mp *rsa_pubop(rsa_pubctx *rd, mp *d, mp *p)
85 if (MP_EQ(e, MP_THREE)) {
87 d = mpmont_mul(&rd->mm, d, p, rd->mm.r2);
88 d = mp_sqr(d, d); d = mpmont_reduce(&rd->mm, d, d);
89 d = mpmont_mul(&rd->mm, d, d, p);
94 if (MP_LEN(e) == 1 && e->v[0] == 65537)
96 if (0 && MP_LEN(e) == 2 && e->v[0] == 1 && e->v[1] == (1 << (16 - MPW_BITS)))
100 d = mpmont_mul(&rd->mm, d, p, rd->mm.r2);
101 for (i = 0; i < 16; i++)
102 { d = mp_sqr(d, d); d = mpmont_reduce(&rd->mm, d, d); }
103 d = mpmont_mul(&rd->mm, d, d, p);
107 return (mpmont_exp(&rd->mm, d, p, rd->rp->e));
110 /* --- @rsa_qpubop@ --- *
112 * Arguments: @rsa_pub *rp@ = pointer to RSA parameters
113 * @mp *d@ = destination
114 * @mp *p@ = input message
116 * Returns: Correctly transformed output message.
118 * Use: Performs an RSA public key operation.
121 mp *rsa_qpubop(rsa_pub *rp, mp *d, mp *c)
124 rsa_pubcreate(&rd, rp);
125 d = rsa_pubop(&rd, d, c);
130 /*----- Operations with padding -------------------------------------------*/
132 /* --- @rsa_encrypt@ --- *
134 * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context
135 * @mp *d@ = proposed destination integer
136 * @const void *m@ = pointer to input message
137 * @size_t msz@ = size of input message
138 * @rsa_pad *e@ = encoding procedure
139 * @void *earg@ = argument pointer for encoding procedure
141 * Returns: The encrypted message, as a multiprecision integer, or null
144 * Use: Does RSA encryption.
147 mp *rsa_encrypt(rsa_pubctx *rp, mp *d, const void *m, size_t msz,
148 rsa_pad *e, void *earg)
151 unsigned long nb = mp_bits(rp->rp->n);
152 size_t n = (nb + 7)/8;
153 arena *a = d && d->a ? d->a->a : arena_global;
156 d = e(d, m, msz, p, n, nb, earg);
158 return (d ? rsa_pubop(rp, d, d) : 0);
161 /* --- @rsa_verify@ --- *
163 * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt
164 * @mp *s@ = the signature, as a multiprecision integer
165 * @const void *m@ = pointer to message to verify, or null
166 * @size_t msz@ = size of input message
167 * @dstr *d@ = pointer to output string, or null
168 * @rsa_vfrunpad *e@ = decoding procedure
169 * @void *earg@ = argument pointer for decoding procedure
171 * Returns: The length of the output string if successful (0 if no output
172 * was wanted); negative on failure.
174 * Use: Does RSA signature verification. To use a signature scheme
175 * with recovery, pass in @m == 0@ and @d != 0@: the recovered
176 * message should appear in @d@. To use a signature scheme with
177 * appendix, provide @m != 0@ and @d == 0@; the result should be
181 int rsa_verify(rsa_pubctx *rp, mp *s, const void *m, size_t msz,
182 dstr *d, rsa_vrfunpad *e, void *earg)
184 mp *p = rsa_pubop(rp, MP_NEW, s);
185 unsigned long nb = mp_bits(rp->rp->n);
186 size_t n = (nb + 7)/8;
190 /* --- Decoder protocol --- *
192 * We deal with two kinds of decoders: ones with message recovery and ones
193 * with appendix. A decoder with recovery will leave a message in the
194 * buffer and exit nonzero: we'll check that against @m@ if provided and
195 * just leave it otherwise. A decoder with appendix will inspect @m@ and
196 * return zero or @-1@ itself.
201 rc = e(p, m, msz, (octet *)d->buf + d->len, n, nb, earg);
203 if (rc != msz || memcmp(d->buf + d->len, m, msz) != 0)
215 /*----- That's all, folks -------------------------------------------------*/