Mercurial > dropbear

comparison pkcs_1_pss_decode.c @ 143:5d99163f7e32 libtomcrypt-orig

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
import of libtomcrypt 0.99
author Matt Johnston <matt@ucc.asn.au>
date Sun, 19 Dec 2004 11:34:45 +0000
parents 6362d3854bb4
children
comparison
equal deleted inserted replaced
15:6362d3854bb4 143:5d99163f7e32
17 int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, 17 int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
18 const unsigned char *sig, unsigned long siglen, 18 const unsigned char *sig, unsigned long siglen,
19 unsigned long saltlen, int hash_idx, 19 unsigned long saltlen, int hash_idx,
20 unsigned long modulus_bitlen, int *res) 20 unsigned long modulus_bitlen, int *res)
21 { 21 {
22 unsigned char DB[1024], mask[sizeof(DB)], salt[sizeof(DB)], hash[sizeof(DB)]; 22 unsigned char *DB, *mask, *salt, *hash;
23 unsigned long x, y, hLen, modulus_len; 23 unsigned long x, y, hLen, modulus_len;
24 int err; 24 int err;
25 hash_state md; 25 hash_state md;
26 26
27 _ARGCHK(msghash != NULL); 27 _ARGCHK(msghash != NULL);
36 } 36 }
37 37
38 hLen = hash_descriptor[hash_idx].hashsize; 38 hLen = hash_descriptor[hash_idx].hashsize;
39 modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); 39 modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0);
40 40
41 /* allocate ram for DB/mask/salt/hash of size modulus_len */
42 DB = XMALLOC(modulus_len);
43 mask = XMALLOC(modulus_len);
44 salt = XMALLOC(modulus_len);
45 hash = XMALLOC(modulus_len);
46 if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) {
47 if (DB != NULL) {
48 XFREE(DB);
49 }
50 if (mask != NULL) {
51 XFREE(mask);
52 }
53 if (salt != NULL) {
54 XFREE(salt);
55 }
56 if (hash != NULL) {
57 XFREE(hash);
58 }
59 return CRYPT_MEM;
60 }
61
41 /* check sizes */ 62 /* check sizes */
42 if ((saltlen > sizeof(salt)) || (modulus_len > sizeof(DB)) || 63 if ((saltlen > modulus_len) ||
43 (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { 64 (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) {
44 return CRYPT_INVALID_ARG; 65 err = CRYPT_INVALID_ARG;
66 goto __ERR;
45 } 67 }
46 68
47 /* ensure the 0xBC byte */ 69 /* ensure the 0xBC byte */
48 if (sig[siglen-1] != 0xBC) { 70 if (sig[siglen-1] != 0xBC) {
49 return CRYPT_OK; 71 err = CRYPT_OK;
72 goto __ERR;
50 } 73 }
51 74
52 /* copy out the DB */ 75 /* copy out the DB */
53 for (x = 0; x < modulus_len - hLen - 1; x++) { 76 for (x = 0; x < modulus_len - hLen - 1; x++) {
54 DB[x] = sig[x]; 77 DB[x] = sig[x];
59 hash[y] = sig[x++]; 82 hash[y] = sig[x++];
60 } 83 }
61 84
62 /* check the MSB */ 85 /* check the MSB */
63 if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) { 86 if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) {
64 return CRYPT_OK; 87 err = CRYPT_OK;
88 goto __ERR;
65 } 89 }
66 90
67 /* generate mask of length modulus_len - hLen - 1 from hash */ 91 /* generate mask of length modulus_len - hLen - 1 from hash */
68 if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) { 92 if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
69 return err; 93 goto __ERR;
70 } 94 }
71 95
72 /* xor against DB */ 96 /* xor against DB */
73 for (y = 0; y < (modulus_len - hLen - 1); y++) { 97 for (y = 0; y < (modulus_len - hLen - 1); y++) {
74 DB[y] ^= mask[y]; 98 DB[y] ^= mask[y];
80 /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ 104 /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */
81 105
82 /* check for zeroes and 0x01 */ 106 /* check for zeroes and 0x01 */
83 for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { 107 for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) {
84 if (DB[x] != 0x00) { 108 if (DB[x] != 0x00) {
85 return CRYPT_OK; 109 err = CRYPT_OK;
110 goto __ERR;
86 } 111 }
87 } 112 }
88 113
114 /* check for the 0x01 */
89 if (DB[x++] != 0x01) { 115 if (DB[x++] != 0x01) {
90 return CRYPT_OK; 116 err = CRYPT_OK;
117 goto __ERR;
91 } 118 }
92 119
93 /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ 120 /* M = (eight) 0x00 || msghash || salt, mask = H(M) */
94 hash_descriptor[hash_idx].init(&md); 121 if ((err = hash_descriptor[hash_idx].init(&md)) != CRYPT_OK) {
122 goto __ERR;
123 }
95 zeromem(mask, 8); 124 zeromem(mask, 8);
96 if ((err = hash_descriptor[hash_idx].process(&md, mask, 8)) != CRYPT_OK) { 125 if ((err = hash_descriptor[hash_idx].process(&md, mask, 8)) != CRYPT_OK) {
97 return err; 126 goto __ERR;
98 } 127 }
99 if ((err = hash_descriptor[hash_idx].process(&md, msghash, msghashlen)) != CRYPT_OK) { 128 if ((err = hash_descriptor[hash_idx].process(&md, msghash, msghashlen)) != CRYPT_OK) {
100 return err; 129 goto __ERR;
101 } 130 }
102 if ((err = hash_descriptor[hash_idx].process(&md, DB+x, saltlen)) != CRYPT_OK) { 131 if ((err = hash_descriptor[hash_idx].process(&md, DB+x, saltlen)) != CRYPT_OK) {
103 return err; 132 goto __ERR;
104 } 133 }
105 if ((err = hash_descriptor[hash_idx].done(&md, mask)) != CRYPT_OK) { 134 if ((err = hash_descriptor[hash_idx].done(&md, mask)) != CRYPT_OK) {
106 return err; 135 goto __ERR;
107 } 136 }
108 137
109 /* mask == hash means valid signature */ 138 /* mask == hash means valid signature */
110 if (memcmp(mask, hash, hLen) == 0) { 139 if (memcmp(mask, hash, hLen) == 0) {
111 *res = 1; 140 *res = 1;
112 } 141 }
113 142
143 err = CRYPT_OK;
144 __ERR:
114 #ifdef CLEAN_STACK 145 #ifdef CLEAN_STACK
115 zeromem(DB, sizeof(DB)); 146 zeromem(DB, modulus_len);
116 zeromem(mask, sizeof(mask)); 147 zeromem(mask, modulus_len);
117 zeromem(salt, sizeof(salt)); 148 zeromem(salt, modulus_len);
118 zeromem(hash, sizeof(hash)); 149 zeromem(hash, modulus_len);
119 #endif 150 #endif
120 151
121 return CRYPT_OK; 152 XFREE(hash);
153 XFREE(salt);
154 XFREE(mask);
155 XFREE(DB);
156
157 return err;
122 } 158 }
123 159
124 #endif /* PKCS_1 */ 160 #endif /* PKCS_1 */