Extracted padding code from rsa_encrypt to new function pkcs1_encrypt.

diff --git a/ChangeLog b/ChangeLog
index 19bd0fc7928024f325dec9c47b750c4d5decd0a0..7543e5ac6d09c0358edc6b5c752e36ac5338246e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-05-18  Niels Möller  <nisse@lysator.liu.se>
+
+       * pkcs1-encrypt.c (pkcs1_encrypt): New file and function.
+       * rsa-encrypt.c (rsa_encrypt): Use pkcs1_encrypt.
+
 2012-05-09  Niels Möller  <nisse@lysator.liu.se>
 
        * rsa-decrypt-tr.c (rsa_decrypt_tr): Added missing mpz_clear,

diff --git a/Makefile.in b/Makefile.in
index 71d92564551767c045a1a0c6996ca5ad3ef22b34..97585ebc0283c91594151bb877b46944a1c9fb2b 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -99,7 +99,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
                  bignum.c bignum-next-prime.c \
                  bignum-random.c bignum-random-prime.c \
                  sexp2bignum.c \
-                 pkcs1.c pkcs1-decrypt.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
+                 pkcs1.c pkcs1-encrypt.c pkcs1-decrypt.c \
+                 pkcs1-md5.c pkcs1-rsa-sha1.c \
                  pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
                  rsa.c rsa-sign.c rsa-verify.c \
                  rsa-md5-sign.c rsa-md5-verify.c \

diff --git a/pkcs1-encrypt.c b/pkcs1-encrypt.c
new file mode 100644 (file)
index 0000000..10f4f9a
--- /dev/null
+++ b/pkcs1-encrypt.c
@@ -0,0 +1,81 @@
+/* pkcs1-encrypt.c
+ *
+ * The RSA publickey algorithm. PKCS#1 encryption.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "pkcs1.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+int
+pkcs1_encrypt (unsigned key_size,
+              /* For padding */
+              void *random_ctx, nettle_random_func random,
+              unsigned length, const uint8_t *message,
+              mpz_t m)
+{
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+  unsigned padding;
+  unsigned i;
+
+  /* The message is encoded as a string of the same length as the
+   * modulo n, of the form
+   *
+   *   00 02 pad 00 message
+   *
+   * where padding should be at least 8 pseudorandomly generated
+   * *non-zero* octets. */
+     
+  if (length + 11 > key_size)
+    /* Message too long for this key. */
+    return 0;
+
+  /* At least 8 octets of random padding */
+  padding = key_size - length - 3;
+  assert(padding >= 8);
+  
+  TMP_ALLOC(em, key_size - 1);
+  em[0] = 2;
+
+  random(random_ctx, padding, em + 1);
+
+  /* Replace 0-octets with 1 */
+  for (i = 0; i<padding; i++)
+    if (!em[i+1])
+      em[i+1] = 1;
+
+  em[padding+1] = 0;
+  memcpy(em + padding + 2, message, length);
+
+  nettle_mpz_set_str_256_u(m, key_size - 1, em);
+  return 1;
+}

diff --git a/pkcs1.h b/pkcs1.h
index 95a6a8354d771aee0cf7413492fa5d7e9fb6e463..68de0b7d769894e818b41517be4e3de2c7e596ce 100644 (file)
--- a/pkcs1.h
+++ b/pkcs1.h
@@ -43,6 +43,7 @@ extern "C" {
 #define pkcs1_rsa_sha256_encode_digest nettle_pkcs1_rsa_sha256_encode_digest
 #define pkcs1_rsa_sha512_encode nettle_pkcs1_rsa_sha512_encode
 #define pkcs1_rsa_sha512_encode_digest nettle_pkcs1_rsa_sha512_encode_digest
+#define pkcs1_encrypt nettle_pkcs1_encrypt
 #define pkcs1_decrypt nettle_pkcs1_decrypt
 
 struct md5_ctx;
@@ -57,6 +58,13 @@ pkcs1_signature_prefix(unsigned size,
                       const uint8_t *id,
                       unsigned digest_size);
 
+int
+pkcs1_encrypt (unsigned key_size,
+              /* For padding */
+              void *random_ctx, nettle_random_func random,
+              unsigned length, const uint8_t *message,
+              mpz_t m);
+
 int
 pkcs1_decrypt (unsigned key_size,
               const mpz_t m,

diff --git a/rsa-encrypt.c b/rsa-encrypt.c
index 29523fcbd93dee2c5ebf73fb27e4cbd8d70ed126..2e1df1d8d9ce1e54d951478687b2f4238d1509e4 100644 (file)
--- a/rsa-encrypt.c
+++ b/rsa-encrypt.c
@@ -1,4 +1,4 @@
-/* rsa_encrypt.c
+/* rsa-encrypt.c
  *
  * The RSA publickey algorithm. PKCS#1 encryption.
  */
@@ -27,57 +27,23 @@
 # include "config.h"
 #endif
 
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
 #include "rsa.h"
 
-#include "bignum.h"
-#include "nettle-internal.h"
+#include "pkcs1.h"
 
 int
 rsa_encrypt(const struct rsa_public_key *key,
            /* For padding */
            void *random_ctx, nettle_random_func random,
            unsigned length, const uint8_t *message,
-           mpz_t gibbberish)
+           mpz_t gibberish)
 {
-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-  unsigned padding;
-  unsigned i;
-  
-  /* The message is encoded as a string of the same length as the
-   * modulo n, of the form
-   *
-   *   00 02 pad 00 message
-   *
-   * where padding should be at least 8 pseudorandomly generated
-   * *non-zero* octets. */
-     
-  if (length + 11 > key->size)
-    /* Message too long for this key. */
+  if (pkcs1_encrypt (key->size, random_ctx, random,
+                    length, message, gibberish))
+    {
+      mpz_powm(gibberish, gibberish, key->e, key->n);
+      return 1;
+    }
+  else
     return 0;
-
-  /* At least 8 octets of random padding */
-  padding = key->size - length - 3;
-  assert(padding >= 8);
-  
-  TMP_ALLOC(em, key->size - 1);
-  em[0] = 2;
-
-  random(random_ctx, padding, em + 1);
-
-  /* Replace 0-octets with 1 */
-  for (i = 0; i<padding; i++)
-    if (!em[i+1])
-      em[i+1] = 1;
-
-  em[padding+1] = 0;
-  memcpy(em + padding + 2, message, length);
-
-  nettle_mpz_set_str_256_u(gibbberish, key->size - 1, em);
-  mpz_powm(gibbberish, gibbberish, key->e, key->n);
-
-  return 1;  
 }