Extracted padding code from rsa_encrypt to new function pkcs1_encrypt.

6a0bed19 · Niels Möller · 4d73f83e · 6a0bed19 · 6a0bed19 · 6a0bed19
Commit 6a0bed19 authored May 18, 2012 by Niels Möller
--- a/ChangeLog
+++ b/ChangeLog
+2012-05-18  Niels Möller  <nisse@lysator.liu.se>
+
+	* pkcs1-encrypt.c (pkcs1_encrypt): New file and function.
+	* rsa-encrypt.c (rsa_encrypt): Use pkcs1_encrypt.
+
 2012-05-09  Niels Möller  <nisse@lysator.liu.se>

 	* rsa-decrypt-tr.c (rsa_decrypt_tr): Added missing mpz_clear,

--- a/Makefile.in
+++ b/Makefile.in
@@ -99,7 +99,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
 		  bignum.c bignum-next-prime.c \
 		  bignum-random.c bignum-random-prime.c \
 		  sexp2bignum.c \
-		  pkcs1.c pkcs1-decrypt.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
+		  pkcs1.c pkcs1-encrypt.c pkcs1-decrypt.c \
+		  pkcs1-md5.c pkcs1-rsa-sha1.c \
 		  pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
 		  rsa.c rsa-sign.c rsa-verify.c \
 		  rsa-md5-sign.c rsa-md5-verify.c \

--- a/pkcs1-encrypt.c
+++ b/pkcs1-encrypt.c
+/* pkcs1-encrypt.c
+ *
+ * The RSA publickey algorithm. PKCS#1 encryption.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "pkcs1.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+int
+pkcs1_encrypt (unsigned key_size,
+	       /* For padding */
+	       void *random_ctx, nettle_random_func random,
+	       unsigned length, const uint8_t *message,
+	       mpz_t m)
+{
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+  unsigned padding;
+  unsigned i;
+
+  /* The message is encoded as a string of the same length as the
+   * modulo n, of the form
+   *
+   *   00 02 pad 00 message
+   *
+   * where padding should be at least 8 pseudorandomly generated
+   * *non-zero* octets. */
+     
+  if (length + 11 > key_size)
+    /* Message too long for this key. */
+    return 0;
+
+  /* At least 8 octets of random padding */
+  padding = key_size - length - 3;
+  assert(padding >= 8);
+  
+  TMP_ALLOC(em, key_size - 1);
+  em[0] = 2;
+
+  random(random_ctx, padding, em + 1);
+
+  /* Replace 0-octets with 1 */
+  for (i = 0; i<padding; i++)
+    if (!em[i+1])
+      em[i+1] = 1;
+
+  em[padding+1] = 0;
+  memcpy(em + padding + 2, message, length);
+
+  nettle_mpz_set_str_256_u(m, key_size - 1, em);
+  return 1;
+}
--- a/pkcs1.h
+++ b/pkcs1.h
@@ -43,6 +43,7 @@ extern "C" {
 #define pkcs1_rsa_sha256_encode_digest nettle_pkcs1_rsa_sha256_encode_digest
 #define pkcs1_rsa_sha512_encode nettle_pkcs1_rsa_sha512_encode
 #define pkcs1_rsa_sha512_encode_digest nettle_pkcs1_rsa_sha512_encode_digest
+#define pkcs1_encrypt nettle_pkcs1_encrypt
 #define pkcs1_decrypt nettle_pkcs1_decrypt

 struct md5_ctx;
@@ -57,6 +58,13 @@ pkcs1_signature_prefix(unsigned size,
 		       const uint8_t *id,
 		       unsigned digest_size);

+int
+pkcs1_encrypt (unsigned key_size,
+	       /* For padding */
+	       void *random_ctx, nettle_random_func random,
+	       unsigned length, const uint8_t *message,
+	       mpz_t m);
+
 int
 pkcs1_decrypt (unsigned key_size,
 	       const mpz_t m,

--- a/rsa-encrypt.c
+++ b/rsa-encrypt.c
-/* rsa_encrypt.c
+/* rsa-encrypt.c
 *
 * The RSA publickey algorithm. PKCS#1 encryption.
 */
@@ -27,57 +27,23 @@
 # include "config.h"
 #endif

-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
 #include "rsa.h"

-#include "bignum.h"
-#include "nettle-internal.h"
+#include "pkcs1.h"

 int
 rsa_encrypt(const struct rsa_public_key *key,
 	    /* For padding */
 	    void *random_ctx, nettle_random_func random,
 	    unsigned length, const uint8_t *message,
-	    mpz_t gibbberish)
+	    mpz_t gibberish)
 {
-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-  unsigned padding;
-  unsigned i;
-  
-  /* The message is encoded as a string of the same length as the
-   * modulo n, of the form
-   *
-   *   00 02 pad 00 message
-   *
-   * where padding should be at least 8 pseudorandomly generated
-   * *non-zero* octets. */
-     
-  if (length + 11 > key->size)
-    /* Message too long for this key. */
+  if (pkcs1_encrypt (key->size, random_ctx, random,
+		     length, message, gibberish))
+    {
+      mpz_powm(gibberish, gibberish, key->e, key->n);
+      return 1;
+    }
+  else
    return 0;
-
-  /* At least 8 octets of random padding */
-  padding = key->size - length - 3;
-  assert(padding >= 8);
-  
-  TMP_ALLOC(em, key->size - 1);
-  em[0] = 2;
-
-  random(random_ctx, padding, em + 1);
-
-  /* Replace 0-octets with 1 */
-  for (i = 0; i<padding; i++)
-    if (!em[i+1])
-      em[i+1] = 1;
-
-  em[padding+1] = 0;
-  memcpy(em + padding + 2, message, length);
-
-  nettle_mpz_set_str_256_u(gibbberish, key->size - 1, em);
-  mpz_powm(gibbberish, gibbberish, key->e, key->n);
-
-  return 1;  
 }