Mercurial > dropbear
comparison pkcs_1_pss_decode.c @ 143:5d99163f7e32 libtomcrypt-orig
import of libtomcrypt 0.99
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 19 Dec 2004 11:34:45 +0000 |
parents | 6362d3854bb4 |
children |
comparison
equal
deleted
inserted
replaced
15:6362d3854bb4 | 143:5d99163f7e32 |
---|---|
17 int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, | 17 int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, |
18 const unsigned char *sig, unsigned long siglen, | 18 const unsigned char *sig, unsigned long siglen, |
19 unsigned long saltlen, int hash_idx, | 19 unsigned long saltlen, int hash_idx, |
20 unsigned long modulus_bitlen, int *res) | 20 unsigned long modulus_bitlen, int *res) |
21 { | 21 { |
22 unsigned char DB[1024], mask[sizeof(DB)], salt[sizeof(DB)], hash[sizeof(DB)]; | 22 unsigned char *DB, *mask, *salt, *hash; |
23 unsigned long x, y, hLen, modulus_len; | 23 unsigned long x, y, hLen, modulus_len; |
24 int err; | 24 int err; |
25 hash_state md; | 25 hash_state md; |
26 | 26 |
27 _ARGCHK(msghash != NULL); | 27 _ARGCHK(msghash != NULL); |
36 } | 36 } |
37 | 37 |
38 hLen = hash_descriptor[hash_idx].hashsize; | 38 hLen = hash_descriptor[hash_idx].hashsize; |
39 modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); | 39 modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); |
40 | 40 |
41 /* allocate ram for DB/mask/salt/hash of size modulus_len */ | |
42 DB = XMALLOC(modulus_len); | |
43 mask = XMALLOC(modulus_len); | |
44 salt = XMALLOC(modulus_len); | |
45 hash = XMALLOC(modulus_len); | |
46 if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { | |
47 if (DB != NULL) { | |
48 XFREE(DB); | |
49 } | |
50 if (mask != NULL) { | |
51 XFREE(mask); | |
52 } | |
53 if (salt != NULL) { | |
54 XFREE(salt); | |
55 } | |
56 if (hash != NULL) { | |
57 XFREE(hash); | |
58 } | |
59 return CRYPT_MEM; | |
60 } | |
61 | |
41 /* check sizes */ | 62 /* check sizes */ |
42 if ((saltlen > sizeof(salt)) || (modulus_len > sizeof(DB)) || | 63 if ((saltlen > modulus_len) || |
43 (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { | 64 (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { |
44 return CRYPT_INVALID_ARG; | 65 err = CRYPT_INVALID_ARG; |
66 goto __ERR; | |
45 } | 67 } |
46 | 68 |
47 /* ensure the 0xBC byte */ | 69 /* ensure the 0xBC byte */ |
48 if (sig[siglen-1] != 0xBC) { | 70 if (sig[siglen-1] != 0xBC) { |
49 return CRYPT_OK; | 71 err = CRYPT_OK; |
72 goto __ERR; | |
50 } | 73 } |
51 | 74 |
52 /* copy out the DB */ | 75 /* copy out the DB */ |
53 for (x = 0; x < modulus_len - hLen - 1; x++) { | 76 for (x = 0; x < modulus_len - hLen - 1; x++) { |
54 DB[x] = sig[x]; | 77 DB[x] = sig[x]; |
59 hash[y] = sig[x++]; | 82 hash[y] = sig[x++]; |
60 } | 83 } |
61 | 84 |
62 /* check the MSB */ | 85 /* check the MSB */ |
63 if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) { | 86 if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) { |
64 return CRYPT_OK; | 87 err = CRYPT_OK; |
88 goto __ERR; | |
65 } | 89 } |
66 | 90 |
67 /* generate mask of length modulus_len - hLen - 1 from hash */ | 91 /* generate mask of length modulus_len - hLen - 1 from hash */ |
68 if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) { | 92 if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) { |
69 return err; | 93 goto __ERR; |
70 } | 94 } |
71 | 95 |
72 /* xor against DB */ | 96 /* xor against DB */ |
73 for (y = 0; y < (modulus_len - hLen - 1); y++) { | 97 for (y = 0; y < (modulus_len - hLen - 1); y++) { |
74 DB[y] ^= mask[y]; | 98 DB[y] ^= mask[y]; |
80 /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ | 104 /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ |
81 | 105 |
82 /* check for zeroes and 0x01 */ | 106 /* check for zeroes and 0x01 */ |
83 for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { | 107 for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { |
84 if (DB[x] != 0x00) { | 108 if (DB[x] != 0x00) { |
85 return CRYPT_OK; | 109 err = CRYPT_OK; |
110 goto __ERR; | |
86 } | 111 } |
87 } | 112 } |
88 | 113 |
114 /* check for the 0x01 */ | |
89 if (DB[x++] != 0x01) { | 115 if (DB[x++] != 0x01) { |
90 return CRYPT_OK; | 116 err = CRYPT_OK; |
117 goto __ERR; | |
91 } | 118 } |
92 | 119 |
93 /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ | 120 /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ |
94 hash_descriptor[hash_idx].init(&md); | 121 if ((err = hash_descriptor[hash_idx].init(&md)) != CRYPT_OK) { |
122 goto __ERR; | |
123 } | |
95 zeromem(mask, 8); | 124 zeromem(mask, 8); |
96 if ((err = hash_descriptor[hash_idx].process(&md, mask, 8)) != CRYPT_OK) { | 125 if ((err = hash_descriptor[hash_idx].process(&md, mask, 8)) != CRYPT_OK) { |
97 return err; | 126 goto __ERR; |
98 } | 127 } |
99 if ((err = hash_descriptor[hash_idx].process(&md, msghash, msghashlen)) != CRYPT_OK) { | 128 if ((err = hash_descriptor[hash_idx].process(&md, msghash, msghashlen)) != CRYPT_OK) { |
100 return err; | 129 goto __ERR; |
101 } | 130 } |
102 if ((err = hash_descriptor[hash_idx].process(&md, DB+x, saltlen)) != CRYPT_OK) { | 131 if ((err = hash_descriptor[hash_idx].process(&md, DB+x, saltlen)) != CRYPT_OK) { |
103 return err; | 132 goto __ERR; |
104 } | 133 } |
105 if ((err = hash_descriptor[hash_idx].done(&md, mask)) != CRYPT_OK) { | 134 if ((err = hash_descriptor[hash_idx].done(&md, mask)) != CRYPT_OK) { |
106 return err; | 135 goto __ERR; |
107 } | 136 } |
108 | 137 |
109 /* mask == hash means valid signature */ | 138 /* mask == hash means valid signature */ |
110 if (memcmp(mask, hash, hLen) == 0) { | 139 if (memcmp(mask, hash, hLen) == 0) { |
111 *res = 1; | 140 *res = 1; |
112 } | 141 } |
113 | 142 |
143 err = CRYPT_OK; | |
144 __ERR: | |
114 #ifdef CLEAN_STACK | 145 #ifdef CLEAN_STACK |
115 zeromem(DB, sizeof(DB)); | 146 zeromem(DB, modulus_len); |
116 zeromem(mask, sizeof(mask)); | 147 zeromem(mask, modulus_len); |
117 zeromem(salt, sizeof(salt)); | 148 zeromem(salt, modulus_len); |
118 zeromem(hash, sizeof(hash)); | 149 zeromem(hash, modulus_len); |
119 #endif | 150 #endif |
120 | 151 |
121 return CRYPT_OK; | 152 XFREE(hash); |
153 XFREE(salt); | |
154 XFREE(mask); | |
155 XFREE(DB); | |
156 | |
157 return err; | |
122 } | 158 } |
123 | 159 |
124 #endif /* PKCS_1 */ | 160 #endif /* PKCS_1 */ |