1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
extern crate num;
extern crate simple_asn1;
extern crate rand;
use num::bigint::{BigInt};
use simple_asn1::{from_der, ASN1Block};
use rand::Rng;
fn find_bitstrings(asns: Vec<ASN1Block>, mut result: &mut Vec<Vec<u8>>) {
for asn in asns.iter() {
match asn {
ASN1Block::BitString(_, _, _, bytes) => result.push(bytes.to_vec()),
ASN1Block::Sequence(_, _, blocks) => find_bitstrings(blocks.to_vec(), &mut result),
_ => (),
}
}
}
pub fn encrypt(der_pubkey: &[u8], message: &[u8]) -> Result<Vec<u8>, String> {
let asns: Vec<ASN1Block> = from_der(&der_pubkey).map_err(|err| err.to_string())?;
let mut result: Vec<Vec<u8>> = vec![];
find_bitstrings(asns, &mut result);
if result.len() == 0 {
return Err("ASN.1 BitString not found in DER encoding of public key".to_string());
}
let inner_asn: Vec<ASN1Block> = from_der(&result[0]).map_err(|err| err.to_string())?;
let (n, e) =
match &inner_asn[0] {
ASN1Block::Sequence(_, _, blocks) => {
if blocks.len() != 2 {
return Err("ASN.1 sequence bad length, expected exactly two blocks in inner Sequence".to_string());
}
let n = match &blocks[0] {
ASN1Block::Integer(_, _, n) => n,
_ => return Err("ASN.1 Integer modulus not found".to_string()),
};
let e = match &blocks[1] {
ASN1Block::Integer(_, _, e) => e,
_ => return Err("ASN.1 Integer exponent not found".to_string()),
};
(n, e)
},
_ => return Err("ASN.1 Sequence not found".to_string()),
};
let k = n.bits() / 8; if message.len() > k - 11 {
return Err("PKCS#1 error: message too long".to_string());
}
let mut padding = vec![1; k - message.len() - 3];
let mut i = 0;
while i < padding.len() {
padding[i] = rand::thread_rng().gen_range(1, 255);
i += 1;
}
let mut encoded_m = vec![0x00, 0x02];
encoded_m.append(&mut padding.to_vec());
encoded_m.append(&mut vec![0x00]);
encoded_m.extend_from_slice(&message);
let m = BigInt::from_bytes_be(num::bigint::Sign::Plus, &encoded_m);
if m.sign() != num::bigint::Sign::Plus || m > n - 1 {
return Err("RSA error: message representative out of range".to_string());
}
let ciphertext_bigint = m.modpow(&e, &n);
let (_sign, ciphertext) = ciphertext_bigint.to_bytes_be();
return Ok(ciphertext);
}
#[cfg(test)]
mod tests {
use crate::encrypt;
#[test]
fn it_works() {
assert_eq!(2 + 2, 4);
assert_eq!(encrypt(&[], &[]), Err("Encountered an empty buffer decoding ASN1 block.".to_string()));
let pk = [48, 129, 159, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 129, 141, 0, 48, 129, 137, 2, 129, 129, 0, 149, 92, 126, 71, 214, 186, 100, 139, 40, 104, 65, 254, 200, 105, 71, 66, 241, 84, 172, 206, 206, 217, 49, 214, 16, 50, 6, 234, 97, 21, 170, 139, 234, 88, 220, 105, 27, 115, 56, 103, 53, 234, 84, 255, 129, 147, 41, 146, 68, 39, 120, 208, 141, 142, 39, 242, 182, 97, 4, 204, 236, 190, 104, 101, 234, 46, 71, 248, 55, 88, 213, 56, 145, 154, 142, 184, 144, 55, 105, 241, 179, 205, 174, 107, 40, 77, 46, 201, 197, 51, 20, 246, 95, 207, 227, 5, 210, 42, 107, 135, 219, 126, 207, 216, 181, 2, 130, 57, 203, 239, 232, 68, 220, 131, 211, 86, 168, 125, 193, 91, 148, 153, 109, 76, 109, 50, 2, 139, 2, 3, 1, 0, 1];
assert_eq!(encrypt(&pk, &[0; 128]), Err("PKCS#1 error: message too long".to_string()));
assert_eq!(encrypt(&pk, &[0; 128-1]), Err("PKCS#1 error: message too long".to_string()));
assert_eq!(encrypt(&pk, &[0; 128-2]), Err("PKCS#1 error: message too long".to_string()));
assert_eq!(encrypt(&pk, &[0; 128-10]), Err("PKCS#1 error: message too long".to_string()));
assert_eq!(encrypt(&pk, &[]).is_ok(), true);
assert_eq!(encrypt(&pk, &[1, 2, 3, 4]).is_ok(), true);
assert_eq!(encrypt(&pk, &[0; 128-11]).is_ok(), true);
}
}