Cryptography Reference
In-Depth Information
memset( padded_block, 0, modulus_length );
memcpy( padded_block + ( modulus_length - block_size ),
input, block_size );
// set block type
padded_block[ 1 ] = 0x02;
6. Technically speaking, you ought to follow this with random bytes of
padding, up to the beginning of the data. Throw security out the window
here, and just pad with sequential bytes:
for ( i = 2; i < ( modulus_length - block_size - 1 ); i++ )
{
// TODO make these random
padded_block[ i ] = i;
}
7. RSA-encrypt the padded block:
load_huge( &m, padded_block, modulus_length );
rsa_compute( &m, public_key->exponent, public_key->modulus, &c );
Notice the new function
load_huge
. This function essentially just
memcpy
's
a block into a
huge,
as shown in Listing 3-22:
Listing 3-22:
“huge.c” load_huge
/**
* Given a byte array, load it into a “huge”, aligning integers
* appropriately
*/
void load_huge( huge *h, const unsigned char *bytes, int length )
{
while ( !( *bytes ) )
{
bytes++;
length--;
}
h->size = length;
h->rep = ( unsigned char * ) malloc( length );
memcpy( h->rep, bytes, length );
}
NOTE
One interesting point to note here is that you start by skipping over
the zero bytes. This is an important compatibility point. Most SSL implemen-
tations (including OpenSSL, GnuTLS, NSS and JSSE) zero-pad positive numbers
so that they aren't interpreted as negative numbers by a two's-complement-
aware large number implementation. This one isn't, and zero-padding actually
confuses the comparison routine, so just skip them.
Search WWH ::
Custom Search