--- /dev/null
+/* rsa_pkcs1v15.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "bigint.h"
+#include "rsa_basic.h"
+
+#define DEBUG 0
+
+#if DEBUG
+#include "bigint_io.h"
+#include "cli.h"
+#endif
+
+#include "random_dummy.h"
+
+uint16_t rsa_pkcs1v15_compute_padlength_B(const bigint_t* modulus, uint16_t msg_length_B){
+ return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3;
+}
+
+uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
+ uint16_t length_B, const rsa_publickey_t* key, const void* pad){
+ int16_t pad_length;
+ bigint_t x;
+ pad_length = rsa_pkcs1v15_compute_padlength_B(&key->modulus, length_B);
+ if(pad_length<8){
+#if DEBUG
+ cli_putstr("\r\nERROR: pad_length<8; pad_length: ");
+ cli_hexdump_rev(&pad_length, 2);
+#endif
+ return 2; /* message to long */
+ }
+ if(!pad){
+#if DEBUG
+ cli_putstr("\r\nauto-generating pad ...");
+#endif
+ uint16_t i;
+ uint8_t c;
+ for(i=0; i<pad_length; ++i){
+ do{
+ c = prng_get_byte();
+ }while(c==0);
+ ((uint8_t*)dest)[i+2] = c;
+ }
+ }else{
+#if DEBUG
+ cli_putstr("\r\nsupplied pad: ");
+ cli_hexdump_block(pad, pad_length, 4, 16);
+#endif
+ memcpy((uint8_t*)dest + 2, pad, pad_length);
+ }
+ ((uint8_t*)dest)[0] = 0x00;
+ ((uint8_t*)dest)[1] = 0x02;
+ ((uint8_t*)dest)[2+pad_length] = 0x00;
+ memcpy((uint8_t*)dest+3+pad_length, src, length_B);
+ x.wordv = dest;
+ x.length_W = (length_B+pad_length+3+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
+#if DEBUG
+ cli_putstr("\r\nx-data: ");
+ cli_hexdump_block(x.wordv, x.length_W * sizeof(bigint_word_t), 4, 16);
+#endif
+ bigint_adjust(&x);
+ rsa_os2ip(&x, NULL, length_B+pad_length+3);
+ rsa_enc(&x, key);
+ rsa_i2osp(NULL, &x, out_length);
+ return 0;
+}
+
+uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
+ uint16_t length_B, const rsa_privatekey_t* key, void* pad){
+ bigint_t x;
+ uint16_t m_length, pad_length=0, idx=0;
+ x.wordv = dest;
+ rsa_os2ip(&x, src, length_B);
+#if DEBUG
+ cli_putstr("\r\ncalling rsa_dec() ...");
+ cli_putstr("\r\nencoded block (src.len = 0x");
+ cli_hexdump_rev(&length_B, 2);
+ cli_putstr("):");
+ cli_hexdump_block(x.wordv, x.length_W * sizeof(bigint_word_t), 4, 16);
+#endif
+ rsa_dec(&x, key);
+#if DEBUG
+ cli_putstr("\r\nfinished rsa_dec() ...");
+#endif
+ rsa_i2osp(NULL, &x, &m_length);
+#if DEBUG
+ cli_putstr("\r\ndecoded block:");
+ cli_hexdump_block(x.wordv, m_length, 4, 16);
+#endif
+ while(((uint8_t*)x.wordv)[idx]==0 && idx<m_length){
+ ++idx;
+ }
+ if(idx>=m_length){
+ return 1;
+ }
+ if(((uint8_t*)x.wordv)[idx]!=2){
+ return 3;
+ }
+
+ ++idx;
+ while(((uint8_t*)x.wordv)[idx+pad_length]!=0 && (idx+pad_length)<m_length){
+ ++pad_length;
+ }
+ if(pad_length<8 || (idx+pad_length)>=m_length){
+ return 2;
+ }
+ *out_length = m_length - idx - pad_length - 1;
+ if(pad){
+#if DEBUG
+ cli_putstr("\r\npadding block:");
+ cli_hexdump_block(((uint8_t*)x.wordv)+idx, pad_length, 4, 16);
+ cli_putstr("\r\npad @ 0x");
+ cli_hexdump_rev(&pad, 2);
+ cli_putstr("\r\ndst @ 0x");
+ cli_hexdump_rev(&dest, 2);
+#endif
+ memcpy(pad, ((uint8_t*)x.wordv)+idx, pad_length);
+ }
+ memmove(dest, ((uint8_t*)x.wordv) + idx + pad_length + 1, m_length - idx - pad_length - 1);
+
+ return 0;
+}
+