diff --git a/ChangeLog b/ChangeLog
index 19bd0fc7928024f325dec9c47b750c4d5decd0a0..7543e5ac6d09c0358edc6b5c752e36ac5338246e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-05-18 Niels Möller <nisse@lysator.liu.se>
+
+ * pkcs1-encrypt.c (pkcs1_encrypt): New file and function.
+ * rsa-encrypt.c (rsa_encrypt): Use pkcs1_encrypt.
+
2012-05-09 Niels Möller <nisse@lysator.liu.se>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Added missing mpz_clear,
diff --git a/Makefile.in b/Makefile.in
index 71d92564551767c045a1a0c6996ca5ad3ef22b34..97585ebc0283c91594151bb877b46944a1c9fb2b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -99,7 +99,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
bignum.c bignum-next-prime.c \
bignum-random.c bignum-random-prime.c \
sexp2bignum.c \
- pkcs1.c pkcs1-decrypt.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
+ pkcs1.c pkcs1-encrypt.c pkcs1-decrypt.c \
+ pkcs1-md5.c pkcs1-rsa-sha1.c \
pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
rsa.c rsa-sign.c rsa-verify.c \
rsa-md5-sign.c rsa-md5-verify.c \
diff --git a/pkcs1-encrypt.c b/pkcs1-encrypt.c
new file mode 100644
index 0000000000000000000000000000000000000000..10f4f9a307891d4c7dac8f619e62da511735493e
--- /dev/null
+++ b/pkcs1-encrypt.c
@@ -0,0 +1,81 @@
+/* pkcs1-encrypt.c
+ *
+ * The RSA publickey algorithm. PKCS#1 encryption.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "pkcs1.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+int
+pkcs1_encrypt (unsigned key_size,
+ /* For padding */
+ void *random_ctx, nettle_random_func random,
+ unsigned length, const uint8_t *message,
+ mpz_t m)
+{
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ unsigned padding;
+ unsigned i;
+
+ /* The message is encoded as a string of the same length as the
+ * modulo n, of the form
+ *
+ * 00 02 pad 00 message
+ *
+ * where padding should be at least 8 pseudorandomly generated
+ * *non-zero* octets. */
+
+ if (length + 11 > key_size)
+ /* Message too long for this key. */
+ return 0;
+
+ /* At least 8 octets of random padding */
+ padding = key_size - length - 3;
+ assert(padding >= 8);
+
+ TMP_ALLOC(em, key_size - 1);
+ em[0] = 2;
+
+ random(random_ctx, padding, em + 1);
+
+ /* Replace 0-octets with 1 */
+ for (i = 0; i<padding; i++)
+ if (!em[i+1])
+ em[i+1] = 1;
+
+ em[padding+1] = 0;
+ memcpy(em + padding + 2, message, length);
+
+ nettle_mpz_set_str_256_u(m, key_size - 1, em);
+ return 1;
+}
diff --git a/pkcs1.h b/pkcs1.h
index 95a6a8354d771aee0cf7413492fa5d7e9fb6e463..68de0b7d769894e818b41517be4e3de2c7e596ce 100644
--- a/pkcs1.h
+++ b/pkcs1.h
@@ -43,6 +43,7 @@ extern "C" {
#define pkcs1_rsa_sha256_encode_digest nettle_pkcs1_rsa_sha256_encode_digest
#define pkcs1_rsa_sha512_encode nettle_pkcs1_rsa_sha512_encode
#define pkcs1_rsa_sha512_encode_digest nettle_pkcs1_rsa_sha512_encode_digest
+#define pkcs1_encrypt nettle_pkcs1_encrypt
#define pkcs1_decrypt nettle_pkcs1_decrypt
struct md5_ctx;
@@ -57,6 +58,13 @@ pkcs1_signature_prefix(unsigned size,
const uint8_t *id,
unsigned digest_size);
+int
+pkcs1_encrypt (unsigned key_size,
+ /* For padding */
+ void *random_ctx, nettle_random_func random,
+ unsigned length, const uint8_t *message,
+ mpz_t m);
+
int
pkcs1_decrypt (unsigned key_size,
const mpz_t m,
diff --git a/rsa-encrypt.c b/rsa-encrypt.c
index 29523fcbd93dee2c5ebf73fb27e4cbd8d70ed126..2e1df1d8d9ce1e54d951478687b2f4238d1509e4 100644
--- a/rsa-encrypt.c
+++ b/rsa-encrypt.c
@@ -1,4 +1,4 @@
-/* rsa_encrypt.c
+/* rsa-encrypt.c
*
* The RSA publickey algorithm. PKCS#1 encryption.
*/
@@ -27,57 +27,23 @@
# include "config.h"
#endif
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
#include "rsa.h"
-#include "bignum.h"
-#include "nettle-internal.h"
+#include "pkcs1.h"
int
rsa_encrypt(const struct rsa_public_key *key,
/* For padding */
void *random_ctx, nettle_random_func random,
unsigned length, const uint8_t *message,
- mpz_t gibbberish)
+ mpz_t gibberish)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
- unsigned padding;
- unsigned i;
-
- /* The message is encoded as a string of the same length as the
- * modulo n, of the form
- *
- * 00 02 pad 00 message
- *
- * where padding should be at least 8 pseudorandomly generated
- * *non-zero* octets. */
-
- if (length + 11 > key->size)
- /* Message too long for this key. */
+ if (pkcs1_encrypt (key->size, random_ctx, random,
+ length, message, gibberish))
+ {
+ mpz_powm(gibberish, gibberish, key->e, key->n);
+ return 1;
+ }
+ else
return 0;
-
- /* At least 8 octets of random padding */
- padding = key->size - length - 3;
- assert(padding >= 8);
-
- TMP_ALLOC(em, key->size - 1);
- em[0] = 2;
-
- random(random_ctx, padding, em + 1);
-
- /* Replace 0-octets with 1 */
- for (i = 0; i<padding; i++)
- if (!em[i+1])
- em[i+1] = 1;
-
- em[padding+1] = 0;
- memcpy(em + padding + 2, message, length);
-
- nettle_mpz_set_str_256_u(gibbberish, key->size - 1, em);
- mpz_powm(gibbberish, gibbberish, key->e, key->n);
-
- return 1;
}