v

-
+ ED6FC57F63DEF71E7C286F1E9115264412611AD19E925CB0EDE29C3BDA6CD40F6F63CCE6CDC9ECC2C7F55E555292D7EBA058FBCF4C9A49AF24CAB43B8345F253
eucrypt/smg_keccak/smg_oaep.ads
(0 . 0)(1 . 90)
254 -- Implementation of TMSR's OAEP with Keccak as hash function
255 --
256 -- S.MG, 2018
257 
258 with SMG_Keccak; use SMG_Keccak; -- Keccak is used as hash function
259 with Interfaces; use Interfaces; -- for Unsigned_8 type and bit-level ops
260 with Interfaces.C; use Interfaces.C; -- for interop with C
261 
262 package SMG_OAEP is
263   pragma Pure( SMG_OAEP ); -- stateless, no side effects -> can cache calls
264 
265   -- fixed length of OAEP block in bits and in octets
266   OAEP_LENGTH_BITS   : constant := 4096;
267   OAEP_LENGTH_OCTETS : constant := 512;
268   OAEP_HALF_OCTETS   : constant := OAEP_LENGTH_OCTETS / 2;
269 
270   -- subtypes used by the OAEP encrypt/decrypt
271   subtype OAEP_Block is String( 1 .. OAEP_LENGTH_OCTETS );
272   subtype OAEP_HALF is String( 1 .. OAEP_HALF_OCTETS );
273 
274   -- padding & formatting of maximum 1960 bits of the given String 
275   -- uses TMSR's OAEP schema:
276   -- 1.format M00 as: [random octet][sz1][sz2]"TMSR-RSA"[random]*Message
277   --    where sz1 and sz2 store the length of the message in bits
278   --    the random octets before message are padding to make OAEP_LENGTH_OCTETS
279   -- 2. R = OAEP_HALF_OCTETS random bits
280   -- 3. X = M00 xor hash(R)
281   -- 4. Y = R xor hash(X)
282   -- 5. Result is X || Y 
283   -- NB: the Entropy parameter should be random octets from which this method 
284   -- will use as many as required for the OAEP encryption of given Msg
285   -- NB: at MOST OAEP_LENGTH_OCTETS - 11 octets of Msg! (Msg at most 1960 bits)
286   procedure OAEP_Encrypt( Msg     : in String;
287                           Entropy : in OAEP_Block;
288                           Output  : out OAEP_Block);
289 
290   -- This is the opposite of OAEP_Encrypt above.
291   -- @param Encr - an OAEP block previously obtained from OAEP_Encrypt
292   -- @param Len - this will hold the length of the obtained message (in bits!)
293   -- @param Output - the first Len octets of this are the recovered message
294   -- @param Success - set to TRUE if message was recovered, false otherwise
295   -- NB: when Success is FALSE, both Len and Output have undefined values
296   procedure OAEP_Decrypt( Encr    : in OAEP_Block;
297                           Len     : out Natural;
298                           Output  : out OAEP_HALF;
299                           Success : out Boolean);
300 
301   -- helper method, xor on strings
302   -- NB: only Output'Length bits will be considered from S1 and S2
303   -- NB: caller is responsible for S1 and S2 being long enough!
304   procedure XOR_Strings( S1: in String; S2: in String; Output: out String );
305 
306   -- gnat-specific methods for bit-level operations
307 	function Shift_Right( Value  : Unsigned_8; 
308                         Amount : Natural ) 
309                         return Unsigned_8;
310   pragma Import(Intrinsic, Shift_Right); 
311 
312 	function Shift_Left( Value  : Unsigned_8; 
313                         Amount : Natural ) 
314                         return Unsigned_8;
315   pragma Import(Intrinsic, Shift_Left); 
316 
317   -- conversions between bitstream and string
318   -- NB: caller has to ensure correct size of output parameter! no checks here.
319   procedure ToString( B: in Bitstream; S: out String );
320   procedure ToBitstream( S: in String; B: out Bitstream );
321 
322   -- public wrapper for Sponge to use String for input/output
323   procedure HashKeccak( Input     : in String;
324                         Output    : out String;
325                         Block_Len : in Keccak_Rate := Default_Bitrate);
326 
327   -- wrapper for calling from C
328   -- @param Input the input string, as array of characters (C style)
329   -- @param LenIn the length of the input string (as number of BITS)
330   -- @param LenOut the desired number of bits to be returned as output
331   -- @param Block_Len the bitrate used by the Keccak sponge (number of BITS)
332   -- @return an array of characters with first LenOut bits set to Keccak output
333 
334   -- NB: caller HAS TO provide the length of the Input (parameter LenIn)
335   -- NB: caller HAS TO provide the length of the Output (parameter LenOut)
336   function Hash( Input     : Interfaces.C.Char_Array;
337                  LenIn     : Interfaces.C.size_t;
338                  LenOut    : Interfaces.C.size_t;
339                  Block_Len : Interfaces.C.int := Default_Bitrate)
340                  return Interfaces.C.Char_Array;
341   pragma Export( C, Hash, "hash" );
342 
343 end SMG_OAEP;