Cryptography Reference
In-Depth Information
the input parameters already present in
EMEOAEPEnc
, it has a required parame-
ter
publickey
where a public RSA key (in the format generated by the previous
function
RSAKeyGen
, either decimal or hex) is specified and also an additional
optional parameter
messagetype
with possible values
text
,
hex
, which spec-
ifies whether the message to be encrypted is to be regarded as an even-length hex
string (a byte string) or as an ordinary text string (with default value
hex
). The output
is the ciphertext, a byte string.
> RSAESOAEPEncrypt := proc(publickey::list, message::string, seed::string,
{messagetype::identical(hex, text) := hex,
L::string := "", H::name := SHA256, hLen::posint := 32})
local pk, n, e, k, M, EM, m, c, C;
if type(publickey[1], string) then
pk := convert
∼
(publickey, decimal, hex)
else
pk := publickey
end if;
n := pk[1];
e := pk[2];
k := intlog[256](n) + 1;
M := messagetohex(message, messagetype);
if 2*k - 4*hLen + 4 < StringTools:-Length(M) then
error "message too long"
end if;
EM := EMEOAEPEnc(M, k, _params['seed'], ':-L' = L, ':-H' = H, ':-hLen' = hLen);
m := OS2IP(EM);
c := Power(m,e) mod n;
C := I2OSP(c, k)
end proc:
Next we give the RSAES-OAEP decryption function. The input parameters
are similar to those in
RSAESOAEPEncrypt
, omitting the seed and replacing
publickey
by
privatekey
(for an RSA private key in the format output by
RSAKeyGen
) and
message
by
C
(for the ciphertext as a hexadecimal byte string).
In this case,
messagetype
serves to indicate the format of the plaintext string.
> RSAESOAEPDecrypt:=proc(privatekey::list, C::string,
{messagetype::identical(hex,text) := hex,
L::string := "", H::name := 'SHA256', hLen::posint := 32})
local sk, k, c, m, EM;
if type(privatekey[1], string) then
sk := '
∼
'[convert](privatekey, decimal, hex)
else
sk := privatekey
end if;
k := intlog[256](sk[1])+1;
if StringTools:-Length(C) <> 2*k or k < 2*hLen+2 then
error "decryption error"
end if;
c := OS2IP(C);
m := chrem([Power
∼
(c,sk[5]) mod sk[3], Power
∼
(c,sk[6]) mod sk[4]],
[sk[3], sk[4]]);
EM := I2OSP(m, k);
hextomessage(EMEOAEPDec(EM, k, ':-L' = L, ':-H' = H, ':-hLen' = hLen), messagetype)
end proc:
Remark 8.5
In this implementation of RSA-OAEP there are some minor departures
from [154] that do not affect the general behavior of the scheme. For example, private
keys have a slightly different format here. Also, in [154] a size limitation on the
optional label
L
is specified. Here this restriction is not explicitly enforced because
