1 // SPDX-License-Identifier: BSD-2-Clause
2 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3  *
4  * LibTomCrypt is a library that provides various cryptographic
5  * algorithms in a highly modular and flexible manner.
6  *
7  * The library is free for all purposes without any express
8  * guarantee it works.
9  */
10 #include "tomcrypt_private.h"
11 
12 /**
13   @file rsa_encrypt_key.c
14   RSA PKCS #1 encryption, Tom St Denis and Andreas Lange
15 */
16 
17 #ifdef LTC_MRSA
18 
19 /**
20     (PKCS #1 v2.0) OAEP pad then encrypt
21     @param in          The plaintext
22     @param inlen       The length of the plaintext (octets)
23     @param out         [out] The ciphertext
24     @param outlen      [in/out] The max size and resulting size of the ciphertext
25     @param lparam      The system "lparam" for the encryption
26     @param lparamlen   The length of lparam (octets)
27     @param prng        An active PRNG
28     @param prng_idx    The index of the desired prng
29     @param hash_idx    The index of the desired hash
30     @param padding     Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5)
31     @param key         The RSA key to encrypt to
32     @return CRYPT_OK if successful
33 */
rsa_encrypt_key_ex(const unsigned char * in,unsigned long inlen,unsigned char * out,unsigned long * outlen,const unsigned char * lparam,unsigned long lparamlen,prng_state * prng,int prng_idx,int hash_idx,int padding,const rsa_key * key)34 int rsa_encrypt_key_ex(const unsigned char *in,       unsigned long  inlen,
35                              unsigned char *out,      unsigned long *outlen,
36                        const unsigned char *lparam,   unsigned long  lparamlen,
37                              prng_state    *prng,     int            prng_idx,
38                              int            hash_idx, int            padding,
39                        const rsa_key       *key)
40 {
41   unsigned long modulus_bitlen, modulus_bytelen, x;
42   int           err;
43 
44   LTC_ARGCHK(in     != NULL);
45   LTC_ARGCHK(out    != NULL);
46   LTC_ARGCHK(outlen != NULL);
47   LTC_ARGCHK(key    != NULL);
48 
49   /* valid padding? */
50   if ((padding != LTC_PKCS_1_V1_5) &&
51       (padding != LTC_PKCS_1_OAEP)) {
52     return CRYPT_PK_INVALID_PADDING;
53   }
54 
55   /* valid prng? */
56   if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
57      return err;
58   }
59 
60   if (padding == LTC_PKCS_1_OAEP) {
61     /* valid hash? */
62     if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
63        return err;
64     }
65   }
66 
67   /* get modulus len in bits */
68   modulus_bitlen = mp_count_bits( (key->N));
69 
70   /* outlen must be at least the size of the modulus */
71   modulus_bytelen = mp_unsigned_bin_size( (key->N));
72   if (modulus_bytelen > *outlen) {
73      *outlen = modulus_bytelen;
74      return CRYPT_BUFFER_OVERFLOW;
75   }
76 
77   if (padding == LTC_PKCS_1_OAEP) {
78     /* OAEP pad the key */
79     x = *outlen;
80     if ((err = pkcs_1_oaep_encode(in, inlen, lparam,
81                                   lparamlen, modulus_bitlen, prng, prng_idx, hash_idx,
82                                   out, &x)) != CRYPT_OK) {
83        return err;
84     }
85   } else {
86     /* PKCS #1 v1.5 pad the key */
87     x = *outlen;
88     if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_PKCS_1_EME,
89                                   modulus_bitlen, prng, prng_idx,
90                                   out, &x)) != CRYPT_OK) {
91       return err;
92     }
93   }
94 
95   /* rsa exptmod the OAEP or PKCS #1 v1.5 pad */
96   return ltc_mp.rsa_me(out, x, out, outlen, PK_PUBLIC, key);
97 }
98 
99 #endif /* LTC_MRSA */
100 
101 /* ref:         $Format:%D$ */
102 /* git commit:  $Format:%H$ */
103 /* commit time: $Format:%ai$ */
104