rsa-session.h 1.67 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
/* Session key definitions for the rsa-encrypt and rsa-decrypt programs.
 */

#ifndef NETTLE_EXAMPLES_RSA_SESSION_H_INCLUDED
#define NETTLE_EXAMPLES_RSA_SESSION_H_INCLUDED

#include "aes.h"
#include "cbc.h"
#include "hmac.h"

#define RSA_VERSION 1

/* Encryption program using the following file format:

     uint32_t version = 1;
     uint32_t nsize;
     uint8_t x[nsize];
     uint8_t encrypted[n];
     uint8_t hmac[SHA1_DIGEST_SIZE];

   where x is the data

     uint32_t version = 1;
     uint8_t aes_key[AES_KEY_SIZE];
     uint8_t iv[AES_BLOCK_SIZE];
     uint8_t hmac_key[SHA1_DIGEST_SIZE];

   of size (4 + AES_KEY_SIZE + AES_BLOCK_SIZE + SHA1_DIGEST_SIZE) = 72
   bytes, encrypted using rsa-pkcs1.
Niels Möller's avatar
Niels Möller committed
30 31 32 33 34 35 36 37

   The cleartext input is encrypted using aes-cbc. The final block is
   padded as

     | data | random octets | padding length |

   where the last octet is the padding length, a number between 1 and
   AES_BLOCK_SIZE (inclusive).
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
*/

struct rsa_session
{
  struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes;
  struct hmac_sha1_ctx hmac;
  struct yarrow256_ctx yarrow;
};

struct rsa_session_info
{
  /* Version followed by aes key, iv and mac key */
  uint8_t key[4 + AES_KEY_SIZE + AES_BLOCK_SIZE + SHA1_DIGEST_SIZE];
};

#define SESSION_VERSION(s) ((s)->key)
#define SESSION_AES_KEY(s) ((s)->key + 4)
#define SESSION_IV(s) ((s)->key + 4 + AES_KEY_SIZE)
#define SESSION_HMAC_KEY(s) ((s)->key + 4 + AES_KEY_SIZE + AES_BLOCK_SIZE)

void
rsa_session_set_encrypt_key(struct rsa_session *ctx,
			    const struct rsa_session_info *key);

void
rsa_session_set_decrypt_key(struct rsa_session *ctx,
			    const struct rsa_session_info *key);

#endif /* NETTLE_EXAMPLES_RSA_SESSION_H_INCLUDED */