Mercurial > dropbear

comparison pkcs_1_oaep_encode.c @ 0:d7da3b1e1540 libtomcrypt

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
put back the 0.95 makefile which was inadvertently merged over
author Matt Johnston <matt@ucc.asn.au>
date Mon, 31 May 2004 18:21:40 +0000
parents
children 6362d3854bb4
comparison
equal deleted inserted replaced
-1:000000000000 0:d7da3b1e1540
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11 #include "mycrypt.h"
12
13 /* OAEP Padding for PKCS #1 -- Tom St Denis */
14
15 #ifdef PKCS_1
16
17 int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
18 const unsigned char *lparam, unsigned long lparamlen,
19 unsigned long modulus_bitlen, int hash_idx,
20 int prng_idx, prng_state *prng,
21 unsigned char *out, unsigned long *outlen)
22 {
23 unsigned char DB[1024], seed[MAXBLOCKSIZE], mask[sizeof(DB)];
24 unsigned long hLen, x, y, modulus_len;
25 int err;
26
27 _ARGCHK(msg != NULL);
28 _ARGCHK(out != NULL);
29 _ARGCHK(outlen != NULL);
30
31 /* test valid hash */
32 if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
33 return err;
34 }
35
36 /* valid prng */
37 if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
38 return err;
39 }
40
41 hLen = hash_descriptor[hash_idx].hashsize;
42 modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
43
44 /* test message size */
45 if (modulus_len >= sizeof(DB) || msglen > (modulus_len - 2*hLen - 2)) {
46 return CRYPT_PK_INVALID_SIZE;
47 }
48
49 /* get lhash */
50 // DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes
51 x = sizeof(DB);
52 if (lparam != NULL) {
53 if ((err = hash_memory(hash_idx, lparam, lparamlen, DB, &x)) != CRYPT_OK) {
54 return err;
55 }
56 } else {
57 /* can't pass hash_memory a NULL so use DB with zero length */
58 if ((err = hash_memory(hash_idx, DB, 0, DB, &x)) != CRYPT_OK) {
59 return err;
60 }
61 }
62
63 /* append PS then 0x01 (to lhash) */
64 x = hLen;
65 y = modulus_len - msglen - 2*hLen - 2;
66 while (y--) {
67 DB[x++] = 0x00;
68 }
69 DB[x++] = 0x01;
70
71 /* message */
72 y = msglen;
73 while (y--) {
74 DB[x++] = *msg++;
75 }
76
77 /* now choose a random seed */
78 if (prng_descriptor[prng_idx].read(seed, hLen, prng) != hLen) {
79 return CRYPT_ERROR_READPRNG;
80 }
81
82 /* compute MGF1 of seed (k - hlen - 1) */
83 if ((err = pkcs_1_mgf1(seed, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
84 return err;
85 }
86
87 /* xor against DB */
88 for (y = 0; y < (modulus_len - hLen - 1); y++) {
89 DB[y] ^= mask[y];
90 }
91
92 /* compute MGF1 of maskedDB (hLen) */
93 if ((err = pkcs_1_mgf1(DB, modulus_len - hLen - 1, hash_idx, mask, hLen)) != CRYPT_OK) {
94 return err;
95 }
96
97 /* XOR against seed */
98 for (y = 0; y < hLen; y++) {
99 seed[y] ^= mask[y];
100 }
101
102 /* create string of length modulus_len */
103 if (*outlen < modulus_len) {
104 return CRYPT_BUFFER_OVERFLOW;
105 }
106
107 /* start output which is 0x00 || maskedSeed || maskedDB */
108 x = 0;
109 out[x++] = 0x00;
110 for (y = 0; y < hLen; y++) {
111 out[x++] = seed[y];
112 }
113 for (y = 0; y < modulus_len - hLen - 1; y++) {
114 out[x++] = DB[y];
115 }
116 *outlen = x;
117
118 #ifdef CLEAN_STACK
119 zeromem(DB, sizeof(DB));
120 zeromem(seed, sizeof(seed));
121 zeromem(mask, sizeof(mask));
122 #endif
123
124 return CRYPT_OK;
125 }
126
127 #endif /* PKCS_1 */
128