mirror of
https://github.com/SerenityOS/serenity
synced 2024-07-22 02:26:11 +00:00
LibCrypto: Add OAEP
This commit is contained in:
parent
3f1019b089
commit
0e53b87261
|
@ -11,6 +11,7 @@ set(TEST_SOURCES
|
|||
TestHash.cpp
|
||||
TestHMAC.cpp
|
||||
TestMGF.cpp
|
||||
TestOAEP.cpp
|
||||
TestPBKDF2.cpp
|
||||
TestPoly1305.cpp
|
||||
TestRSA.cpp
|
||||
|
|
60
Tests/LibCrypto/TestOAEP.cpp
Normal file
60
Tests/LibCrypto/TestOAEP.cpp
Normal file
|
@ -0,0 +1,60 @@
|
|||
/*
|
||||
* Copyright (c) 2024, stelar7 <dudedbz@gmail.com>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
#include <LibCrypto/Hash/MGF.h>
|
||||
#include <LibCrypto/Hash/SHA1.h>
|
||||
#include <LibCrypto/Hash/SHA2.h>
|
||||
#include <LibCrypto/Padding/OAEP.h>
|
||||
#include <LibTest/TestCase.h>
|
||||
|
||||
// https://www.inf.pucrs.br/~calazans/graduate/TPVLSI_I/RSA-oaep_spec.pdf
|
||||
TEST_CASE(test_oaep)
|
||||
{
|
||||
u8 message_raw[16] {
|
||||
0xd4, 0x36, 0xe9, 0x95, 0x69, 0xfd, 0x32, 0xa7, 0xc8, 0xa0, 0x5b, 0xbc, 0x90, 0xd3, 0x2c, 0x49
|
||||
};
|
||||
auto message = ReadonlyBytes { message_raw, 16 };
|
||||
|
||||
u8 params_raw[0] {};
|
||||
auto params = ReadonlyBytes { params_raw, 0 };
|
||||
|
||||
u8 expected_raw[127] {
|
||||
0xeb, 0x7a, 0x19, 0xac, 0xe9, 0xe3, 0x00, 0x63,
|
||||
0x50, 0xe3, 0x29, 0x50, 0x4b, 0x45, 0xe2, 0xca,
|
||||
0x82, 0x31, 0x0b, 0x26, 0xdc, 0xd8, 0x7d, 0x5c,
|
||||
0x68, 0xf1, 0xee, 0xa8, 0xf5, 0x52, 0x67, 0xc3,
|
||||
0x1b, 0x2e, 0x8b, 0xb4, 0x25, 0x1f, 0x84, 0xd7,
|
||||
0xe0, 0xb2, 0xc0, 0x46, 0x26, 0xf5, 0xaf, 0xf9,
|
||||
0x3e, 0xdc, 0xfb, 0x25, 0xc9, 0xc2, 0xb3, 0xff,
|
||||
0x8a, 0xe1, 0x0e, 0x83, 0x9a, 0x2d, 0xdb, 0x4c,
|
||||
0xdc, 0xfe, 0x4f, 0xf4, 0x77, 0x28, 0xb4, 0xa1,
|
||||
0xb7, 0xc1, 0x36, 0x2b, 0xaa, 0xd2, 0x9a, 0xb4,
|
||||
0x8d, 0x28, 0x69, 0xd5, 0x02, 0x41, 0x21, 0x43,
|
||||
0x58, 0x11, 0x59, 0x1b, 0xe3, 0x92, 0xf9, 0x82,
|
||||
0xfb, 0x3e, 0x87, 0xd0, 0x95, 0xae, 0xb4, 0x04,
|
||||
0x48, 0xdb, 0x97, 0x2f, 0x3a, 0xc1, 0x4f, 0x7b,
|
||||
0xc2, 0x75, 0x19, 0x52, 0x81, 0xce, 0x32, 0xd2,
|
||||
0xf1, 0xb7, 0x6d, 0x4d, 0x35, 0x3e, 0x2d
|
||||
};
|
||||
auto expected = ReadonlyBytes { expected_raw, 127 };
|
||||
|
||||
u8 seed_data[20] {
|
||||
0xaa, 0xfd, 0x12, 0xf6, 0x59, 0xca, 0xe6, 0x34,
|
||||
0x89, 0xb4, 0x79, 0xe5, 0x07, 0x6d, 0xde, 0xc2,
|
||||
0xf0, 0x6c, 0xb5, 0x8f
|
||||
};
|
||||
|
||||
auto maybe_result = Crypto::Padding::OAEP::encode<Crypto::Hash::SHA1, Crypto::Hash::MGF>(
|
||||
message,
|
||||
params,
|
||||
127,
|
||||
[&](auto buffer) {
|
||||
memcpy(buffer.data(), seed_data, 20);
|
||||
});
|
||||
auto result = maybe_result.release_value();
|
||||
|
||||
EXPECT_EQ(expected, result);
|
||||
}
|
78
Userland/Libraries/LibCrypto/Padding/OAEP.h
Normal file
78
Userland/Libraries/LibCrypto/Padding/OAEP.h
Normal file
|
@ -0,0 +1,78 @@
|
|||
/*
|
||||
* Copyright (c) 2024, stelar7 <dudedbz@gmail.com>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <AK/ByteBuffer.h>
|
||||
#include <AK/ByteReader.h>
|
||||
#include <AK/Endian.h>
|
||||
#include <AK/Function.h>
|
||||
#include <AK/Random.h>
|
||||
#include <LibCrypto/BigInt/UnsignedBigInteger.h>
|
||||
|
||||
namespace Crypto::Padding {
|
||||
|
||||
// https://datatracker.ietf.org/doc/html/rfc2437#section-9.1.1
|
||||
class OAEP {
|
||||
public:
|
||||
// https://datatracker.ietf.org/doc/html/rfc2437#section-9.1.1.1
|
||||
template<typename HashFunction, typename MaskGenerationFunction>
|
||||
static ErrorOr<ByteBuffer> encode(ReadonlyBytes message, ReadonlyBytes parameters, size_t length, Function<void(Bytes)> seed_function = fill_with_random)
|
||||
{
|
||||
// FIXME: 1. If the length of P is greater than the input limitation for the
|
||||
// hash function (2^61-1 octets for SHA-1) then output "parameter string
|
||||
// too long" and stop.
|
||||
|
||||
// 2. If ||M|| > emLen - 2hLen - 1 then output "message too long" and stop.
|
||||
auto h_len = HashFunction::digest_size();
|
||||
auto max_message_size = length - (2 * h_len) - 1;
|
||||
if (message.size() > max_message_size)
|
||||
return Error::from_string_view("message too long"sv);
|
||||
|
||||
// 3. Generate an octet string PS consisting of emLen-||M||-2hLen-1 zero octets. The length of PS may be 0.
|
||||
auto padding_size = length - message.size() - (2 * h_len) - 1;
|
||||
auto ps = TRY(ByteBuffer::create_zeroed(padding_size));
|
||||
|
||||
// 4. Let pHash = Hash(P), an octet string of length hLen.
|
||||
HashFunction hash;
|
||||
hash.update(parameters);
|
||||
auto digest = hash.digest();
|
||||
auto p_hash = digest.bytes();
|
||||
|
||||
// 5. Concatenate pHash, PS, the message M, and other padding to form a data block DB as: DB = pHash || PS || 01 || M
|
||||
auto db = TRY(ByteBuffer::create_uninitialized(0));
|
||||
TRY(db.try_append(p_hash));
|
||||
TRY(db.try_append(ps.bytes()));
|
||||
TRY(db.try_append(0x01));
|
||||
TRY(db.try_append(message));
|
||||
|
||||
// 6. Generate a random octet string seed of length hLen.
|
||||
auto seed = TRY(ByteBuffer::create_uninitialized(h_len));
|
||||
seed_function(seed);
|
||||
|
||||
// 7. Let dbMask = MGF(seed, emLen-hLen).
|
||||
auto db_mask = TRY(MaskGenerationFunction::template mgf1<HashFunction>(seed, length - h_len));
|
||||
|
||||
// 8. Let maskedDB = DB \xor dbMask.
|
||||
auto masked_db = TRY(ByteBuffer::xor_buffers(db, db_mask));
|
||||
|
||||
// 9. Let seedMask = MGF(maskedDB, hLen).
|
||||
auto seed_mask = TRY(MaskGenerationFunction::template mgf1<HashFunction>(masked_db, h_len));
|
||||
|
||||
// 10. Let maskedSeed = seed \xor seedMask.
|
||||
auto masked_seed = TRY(ByteBuffer::xor_buffers(seed, seed_mask));
|
||||
|
||||
// 11. Let EM = maskedSeed || maskedDB.
|
||||
auto em = TRY(ByteBuffer::create_uninitialized(0));
|
||||
TRY(em.try_append(masked_seed));
|
||||
TRY(em.try_append(masked_db));
|
||||
|
||||
// 12. Output EM.
|
||||
return em;
|
||||
}
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in a new issue