comparison libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c @ 511:582cb38e4eb5 insecure-nocrypto

propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a) to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 06 Nov 2008 13:16:55 +0000
parents 0cbe8f6dbf9e
children f849a5ca2efc
comparison
equal deleted inserted replaced
361:461c4b1fb35f 511:582cb38e4eb5
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 * 8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org 9 * Tom St Denis, [email protected], http://libtomcrypt.com
10 */ 10 */
11 #include "tomcrypt.h" 11 #include "tomcrypt.h"
12 12
13 /** 13 /**
14 @file pkcs_1_pss_decode.c 14 @file pkcs_1_pss_decode.c
80 return CRYPT_MEM; 80 return CRYPT_MEM;
81 } 81 }
82 82
83 /* ensure the 0xBC byte */ 83 /* ensure the 0xBC byte */
84 if (sig[siglen-1] != 0xBC) { 84 if (sig[siglen-1] != 0xBC) {
85 err = CRYPT_OK; 85 err = CRYPT_INVALID_PACKET;
86 goto LBL_ERR; 86 goto LBL_ERR;
87 } 87 }
88 88
89 /* copy out the DB */ 89 /* copy out the DB */
90 x = 0; 90 x = 0;
95 XMEMCPY(hash, sig + x, hLen); 95 XMEMCPY(hash, sig + x, hLen);
96 x += hLen; 96 x += hLen;
97 97
98 /* check the MSB */ 98 /* check the MSB */
99 if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) { 99 if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) {
100 err = CRYPT_OK; 100 err = CRYPT_INVALID_PACKET;
101 goto LBL_ERR; 101 goto LBL_ERR;
102 } 102 }
103 103
104 /* generate mask of length modulus_len - hLen - 1 from hash */ 104 /* generate mask of length modulus_len - hLen - 1 from hash */
105 if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) { 105 if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
106 goto LBL_ERR; 106 goto LBL_ERR;
107 } 107 }
108 108
109 /* xor against DB */ 109 /* xor against DB */
110 for (y = 0; y < (modulus_len - hLen - 1); y++) { 110 for (y = 0; y < (modulus_len - hLen - 1); y++) {
117 /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ 117 /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */
118 118
119 /* check for zeroes and 0x01 */ 119 /* check for zeroes and 0x01 */
120 for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { 120 for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) {
121 if (DB[x] != 0x00) { 121 if (DB[x] != 0x00) {
122 err = CRYPT_OK; 122 err = CRYPT_INVALID_PACKET;
123 goto LBL_ERR; 123 goto LBL_ERR;
124 } 124 }
125 } 125 }
126 126
127 /* check for the 0x01 */ 127 /* check for the 0x01 */
128 if (DB[x++] != 0x01) { 128 if (DB[x++] != 0x01) {
129 err = CRYPT_OK; 129 err = CRYPT_INVALID_PACKET;
130 goto LBL_ERR; 130 goto LBL_ERR;
131 } 131 }
132 132
133 /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ 133 /* M = (eight) 0x00 || msghash || salt, mask = H(M) */
134 if ((err = hash_descriptor[hash_idx].init(&md)) != CRYPT_OK) { 134 if ((err = hash_descriptor[hash_idx].init(&md)) != CRYPT_OK) {
147 if ((err = hash_descriptor[hash_idx].done(&md, mask)) != CRYPT_OK) { 147 if ((err = hash_descriptor[hash_idx].done(&md, mask)) != CRYPT_OK) {
148 goto LBL_ERR; 148 goto LBL_ERR;
149 } 149 }
150 150
151 /* mask == hash means valid signature */ 151 /* mask == hash means valid signature */
152 if (memcmp(mask, hash, hLen) == 0) { 152 if (XMEMCMP(mask, hash, hLen) == 0) {
153 *res = 1; 153 *res = 1;
154 } 154 }
155 155
156 err = CRYPT_OK; 156 err = CRYPT_OK;
157 LBL_ERR: 157 LBL_ERR:
171 } 171 }
172 172
173 #endif /* PKCS_1 */ 173 #endif /* PKCS_1 */
174 174
175 /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c,v $ */ 175 /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c,v $ */
176 /* $Revision: 1.4 $ */ 176 /* $Revision: 1.9 $ */
177 /* $Date: 2005/05/05 14:35:59 $ */ 177 /* $Date: 2006/11/30 02:37:21 $ */