diff options
| -rw-r--r-- | rsa-decrypt.c | 75 | ||||
| -rw-r--r-- | rsa-encrypt.c | 77 | ||||
| -rw-r--r-- | rsa.h | 37 |
3 files changed, 184 insertions, 5 deletions
diff --git a/rsa-decrypt.c b/rsa-decrypt.c new file mode 100644 index 00000000..a4cef7ad --- /dev/null +++ b/rsa-decrypt.c @@ -0,0 +1,75 @@ +/* rsa_decrypt.c + * + * The RSA publickey algorithm. PKCS#1 encryption. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2001 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#include "rsa.h" + +#include "bignum.h" + +#include <assert.h> +#include <stdlib.h> +#include <string.h> + +int +rsa_decrypt(struct rsa_private_key *key, + unsigned *length, uint8_t *message, + const mpz_t gibberish) +{ + uint8_t *em; + uint8_t *terminator; + unsigned padding; + unsigned message_length; + + mpz_t m; + + mpz_init(m); + rsa_compute_root(key, m, gibberish); + + em = alloca(key->size); + nettle_mpz_get_str_256(key->size, em, m); + mpz_clear(m); + + /* Check format */ + if (em[0] || em[1] != 2) + return 0; + + terminator = memchr(em + 2, 0, key->size - 2); + + if (!terminator) + return 0; + + padding = terminator - (em + 2); + if (padding < 8) + return 0; + + message_length = key->size - 3 - padding; + + if (*length < message_length) + return 0; + + memcpy(message, terminator + 1, message_length); + *length = message_length; + + return 1; +} diff --git a/rsa-encrypt.c b/rsa-encrypt.c new file mode 100644 index 00000000..162bcd9b --- /dev/null +++ b/rsa-encrypt.c @@ -0,0 +1,77 @@ +/* rsa_encrypt.c + * + * The RSA publickey algorithm. PKCS#1 encryption. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2001 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#include "rsa.h" + +#include "bignum.h" + +#include <assert.h> +#include <stdlib.h> +#include <string.h> + +int +rsa_encrypt(struct rsa_public_key *key, + /* For padding */ + void *random_ctx, nettle_random_func random, + unsigned length, const uint8_t *message, + mpz_t gibbberish) +{ + uint8_t *em; + unsigned padding; + unsigned i; + + /* The message is encoded as a string of the same length as the + * modulo n, of the form + * + * 00 02 pad 00 message + * + * where padding should be at least 8 pseudorandomly generated + * *non-zero* octets. */ + + if (length + 11 < key->size) + /* Message too long for this key. */ + return 0; + + /* At least 8 bits of random padding */ + padding = key->size - length - 3; + assert(padding >= 8); + + em = alloca(key->size - 1); + em[0] = 2; + + random(random_ctx, padding, em + 1); + + /* Replace 0-octets with 1 */ + for (i = 0; i<padding; i++) + if (!em[i+1]) + em[i+1] = 1; + + memcpy(em + 1 + padding, message, length); + + nettle_mpz_set_str_256(gibbberish, key->size - 1, em); + mpz_powm(gibbberish, gibbberish, key->e, key->n); + + return 1; +} @@ -32,6 +32,13 @@ #include "md5.h" #include "sha.h" +/* Randomness function. This typedef doesn't really belong here, but + * so far it's used only by rsa functions (encryption and key + * generation) */ +typedef void (*nettle_random_func)(void *ctx, + unsigned length, uint8_t *dst); + + /* For PKCS#1 to make sense, the size of the modulo, in octets, must * be at least 11 + the length of the DER-encoded Digest Info. * @@ -144,6 +151,31 @@ rsa_sha1_verify(struct rsa_public_key *key, struct sha1_ctx *hash, const mpz_t signature); + +/* RSA encryption, using PKCS#1 */ +/* FIXME: These functions uses the v1.5 padding. What should the v2 + * (OAEP) functions be called? */ + +/* Returns 1 on success, 0 on failure, which happens if the + * message is too long for the key. */ +int +rsa_encrypt(struct rsa_public_key *key, + /* For padding */ + void *random_ctx, nettle_random_func random, + unsigned length, const uint8_t *message, + mpz_t gibbberish); + +/* Message must point to a buffer of size *LENGTH. KEY->size is enough + * for all valid messages. On success, *LENGTH is updated to reflect + * the actual length of the message. Returns 1 on success, 0 on + * failure, which happens if decryption failed or if the message + * didn't fit. */ +int +rsa_decrypt(struct rsa_private_key *key, + unsigned *length, uint8_t *message, + const mpz_t gibberish); + + /* Compute x, the e:th root of m. Calling it with x == m is allowed. */ void rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m); @@ -151,11 +183,6 @@ rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m); /* Key generation */ -/* Randomness function. This typedef doesn't really belong here, but - * so far it's used only by the rsa key generator. */ -typedef void (*nettle_random_func)(void *ctx, - unsigned length, uint8_t *dst); - /* Progress report function. */ typedef void (*nettle_progress_func)(void *ctx, int c); |