Mercurial > dropbear
comparison libtomcrypt/src/pk/rsa/rsa_sign_hash.c @ 1511:5916af64acd4 fuzz
merge from main
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 17 Feb 2018 19:29:51 +0800 |
| parents | 6dba84798cd5 |
| children |
comparison
equal
deleted
inserted
replaced
| 1457:32f990cc96b1 | 1511:5916af64acd4 |
|---|---|
| 3 * LibTomCrypt is a library that provides various cryptographic | 3 * LibTomCrypt is a library that provides various cryptographic |
| 4 * algorithms in a highly modular and flexible manner. | 4 * algorithms in a highly modular and flexible manner. |
| 5 * | 5 * |
| 6 * The library is free for all purposes without any express | 6 * The library is free for all purposes without any express |
| 7 * guarantee it works. | 7 * guarantee it works. |
| 8 * | |
| 9 * Tom St Denis, [email protected], http://libtom.org | |
| 10 */ | 8 */ |
| 11 #include "tomcrypt.h" | 9 #include "tomcrypt.h" |
| 12 | 10 |
| 13 /** | 11 /** |
| 14 @file rsa_sign_hash.c | 12 @file rsa_sign_hash.c |
| 15 RSA LTC_PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange | 13 RSA PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange |
| 16 */ | 14 */ |
| 17 | 15 |
| 18 #ifdef LTC_MRSA | 16 #ifdef LTC_MRSA |
| 19 | 17 |
| 20 /** | 18 /** |
| 21 LTC_PKCS #1 pad then sign | 19 PKCS #1 pad then sign |
| 22 @param in The hash to sign | 20 @param in The hash to sign |
| 23 @param inlen The length of the hash to sign (octets) | 21 @param inlen The length of the hash to sign (octets) |
| 24 @param out [out] The signature | 22 @param out [out] The signature |
| 25 @param outlen [in/out] The max size and resulting size of the signature | 23 @param outlen [in/out] The max size and resulting size of the signature |
| 26 @param padding Type of padding (LTC_LTC_PKCS_1_PSS or LTC_LTC_PKCS_1_V1_5) | 24 @param padding Type of padding (LTC_PKCS_1_PSS, LTC_PKCS_1_V1_5 or LTC_PKCS_1_V1_5_NA1) |
| 27 @param prng An active PRNG state | 25 @param prng An active PRNG state |
| 28 @param prng_idx The index of the PRNG desired | 26 @param prng_idx The index of the PRNG desired |
| 29 @param hash_idx The index of the hash desired | 27 @param hash_idx The index of the hash desired |
| 30 @param saltlen The length of the salt desired (octets) | 28 @param saltlen The length of the salt desired (octets) |
| 31 @param key The private RSA key to use | 29 @param key The private RSA key to use |
| 45 LTC_ARGCHK(out != NULL); | 43 LTC_ARGCHK(out != NULL); |
| 46 LTC_ARGCHK(outlen != NULL); | 44 LTC_ARGCHK(outlen != NULL); |
| 47 LTC_ARGCHK(key != NULL); | 45 LTC_ARGCHK(key != NULL); |
| 48 | 46 |
| 49 /* valid padding? */ | 47 /* valid padding? */ |
| 50 if ((padding != LTC_LTC_PKCS_1_V1_5) && (padding != LTC_LTC_PKCS_1_PSS)) { | 48 if ((padding != LTC_PKCS_1_V1_5) && |
| 49 (padding != LTC_PKCS_1_PSS) && | |
| 50 (padding != LTC_PKCS_1_V1_5_NA1)) { | |
| 51 return CRYPT_PK_INVALID_PADDING; | 51 return CRYPT_PK_INVALID_PADDING; |
| 52 } | 52 } |
| 53 | 53 |
| 54 if (padding == LTC_LTC_PKCS_1_PSS) { | 54 if (padding == LTC_PKCS_1_PSS) { |
| 55 /* valid prng and hash ? */ | 55 /* valid prng ? */ |
| 56 if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { | 56 if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { |
| 57 return err; | 57 return err; |
| 58 } | 58 } |
| 59 } | |
| 60 | |
| 61 if (padding != LTC_PKCS_1_V1_5_NA1) { | |
| 62 /* valid hash ? */ | |
| 59 if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { | 63 if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { |
| 60 return err; | 64 return err; |
| 61 } | 65 } |
| 62 } | 66 } |
| 63 | 67 |
| 69 if (modulus_bytelen > *outlen) { | 73 if (modulus_bytelen > *outlen) { |
| 70 *outlen = modulus_bytelen; | 74 *outlen = modulus_bytelen; |
| 71 return CRYPT_BUFFER_OVERFLOW; | 75 return CRYPT_BUFFER_OVERFLOW; |
| 72 } | 76 } |
| 73 | 77 |
| 74 if (padding == LTC_LTC_PKCS_1_PSS) { | 78 if (padding == LTC_PKCS_1_PSS) { |
| 75 /* PSS pad the key */ | 79 /* PSS pad the key */ |
| 76 x = *outlen; | 80 x = *outlen; |
| 77 if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx, | 81 if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx, |
| 78 hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) { | 82 hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) { |
| 79 return err; | 83 return err; |
| 80 } | 84 } |
| 81 } else { | 85 } else { |
| 82 /* LTC_PKCS #1 v1.5 pad the hash */ | 86 /* PKCS #1 v1.5 pad the hash */ |
| 83 unsigned char *tmpin; | 87 unsigned char *tmpin; |
| 84 ltc_asn1_list digestinfo[2], siginfo[2]; | |
| 85 | 88 |
| 86 /* not all hashes have OIDs... so sad */ | 89 if (padding == LTC_PKCS_1_V1_5) { |
| 87 if (hash_descriptor[hash_idx].OIDlen == 0) { | 90 ltc_asn1_list digestinfo[2], siginfo[2]; |
| 88 return CRYPT_INVALID_ARG; | 91 /* not all hashes have OIDs... so sad */ |
| 89 } | 92 if (hash_descriptor[hash_idx].OIDlen == 0) { |
| 93 return CRYPT_INVALID_ARG; | |
| 94 } | |
| 90 | 95 |
| 91 /* construct the SEQUENCE | 96 /* construct the SEQUENCE |
| 92 SEQUENCE { | 97 SEQUENCE { |
| 93 SEQUENCE {hashoid OID | 98 SEQUENCE {hashoid OID |
| 94 blah NULL | 99 blah NULL |
| 95 } | 100 } |
| 96 hash OCTET STRING | 101 hash OCTET STRING |
| 102 } | |
| 103 */ | |
| 104 LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen); | |
| 105 LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); | |
| 106 LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); | |
| 107 LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen); | |
| 108 | |
| 109 /* allocate memory for the encoding */ | |
| 110 y = mp_unsigned_bin_size(key->N); | |
| 111 tmpin = XMALLOC(y); | |
| 112 if (tmpin == NULL) { | |
| 113 return CRYPT_MEM; | |
| 97 } | 114 } |
| 98 */ | |
| 99 LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen); | |
| 100 LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); | |
| 101 LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); | |
| 102 LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen); | |
| 103 | 115 |
| 104 /* allocate memory for the encoding */ | 116 if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) { |
| 105 y = mp_unsigned_bin_size(key->N); | 117 XFREE(tmpin); |
| 106 tmpin = XMALLOC(y); | 118 return err; |
| 107 if (tmpin == NULL) { | 119 } |
| 108 return CRYPT_MEM; | 120 } else { |
| 109 } | 121 /* set the pointer and data-length to the input values */ |
| 110 | 122 tmpin = (unsigned char *)in; |
| 111 if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) { | 123 y = inlen; |
| 112 XFREE(tmpin); | |
| 113 return err; | |
| 114 } | 124 } |
| 115 | 125 |
| 116 x = *outlen; | 126 x = *outlen; |
| 117 if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_LTC_PKCS_1_EMSA, | 127 err = pkcs_1_v1_5_encode(tmpin, y, LTC_PKCS_1_EMSA, modulus_bitlen, NULL, 0, out, &x); |
| 118 modulus_bitlen, NULL, 0, | 128 |
| 119 out, &x)) != CRYPT_OK) { | 129 if (padding == LTC_PKCS_1_V1_5) { |
| 120 XFREE(tmpin); | 130 XFREE(tmpin); |
| 131 } | |
| 132 | |
| 133 if (err != CRYPT_OK) { | |
| 121 return err; | 134 return err; |
| 122 } | 135 } |
| 123 XFREE(tmpin); | |
| 124 } | 136 } |
| 125 | 137 |
| 126 /* RSA encode it */ | 138 /* RSA encode it */ |
| 127 return ltc_mp.rsa_me(out, x, out, outlen, PK_PRIVATE, key); | 139 return ltc_mp.rsa_me(out, x, out, outlen, PK_PRIVATE, key); |
| 128 } | 140 } |
| 129 | 141 |
| 130 #endif /* LTC_MRSA */ | 142 #endif /* LTC_MRSA */ |
| 131 | 143 |
| 132 /* $Source$ */ | 144 /* ref: $Format:%D$ */ |
| 133 /* $Revision$ */ | 145 /* git commit: $Format:%H$ */ |
| 134 /* $Date$ */ | 146 /* commit time: $Format:%ai$ */ |