Mercurial > dropbear

comparison libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 #include "tomcrypt.h" 9 #include "tomcrypt.h"
12 10
13 /** 11 /**
14 @file pkcs_1_pss_encode.c 12 @file pkcs_1_pss_encode.c
15 LTC_PKCS #1 PSS Signature Padding, Tom St Denis 13 PKCS #1 PSS Signature Padding, Tom St Denis
16 */ 14 */
17 15
18 #ifdef LTC_PKCS_1 16 #ifdef LTC_PKCS_1
19 17
20 /** 18 /**
21 LTC_PKCS #1 v2.00 Signature Encoding 19 PKCS #1 v2.00 Signature Encoding
22 @param msghash The hash to encode 20 @param msghash The hash to encode
23 @param msghashlen The length of the hash (octets) 21 @param msghashlen The length of the hash (octets)
24 @param saltlen The length of the salt desired (octets) 22 @param saltlen The length of the salt desired (octets)
25 @param prng An active PRNG context 23 @param prng An active PRNG context
26 @param prng_idx The index of the PRNG desired 24 @param prng_idx The index of the PRNG desired
29 @param out [out] The destination of the encoding 27 @param out [out] The destination of the encoding
30 @param outlen [in/out] The max size and resulting size of the encoded data 28 @param outlen [in/out] The max size and resulting size of the encoded data
31 @return CRYPT_OK if successful 29 @return CRYPT_OK if successful
32 */ 30 */
33 int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, 31 int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
34 unsigned long saltlen, prng_state *prng, 32 unsigned long saltlen, prng_state *prng,
35 int prng_idx, int hash_idx, 33 int prng_idx, int hash_idx,
36 unsigned long modulus_bitlen, 34 unsigned long modulus_bitlen,
37 unsigned char *out, unsigned long *outlen) 35 unsigned char *out, unsigned long *outlen)
38 { 36 {
39 unsigned char *DB, *mask, *salt, *hash; 37 unsigned char *DB, *mask, *salt, *hash;
52 if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { 50 if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
53 return err; 51 return err;
54 } 52 }
55 53
56 hLen = hash_descriptor[hash_idx].hashsize; 54 hLen = hash_descriptor[hash_idx].hashsize;
55 modulus_bitlen--;
57 modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); 56 modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0);
58 57
59 /* check sizes */ 58 /* check sizes */
60 if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2)) { 59 if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2)) {
61 return CRYPT_PK_INVALID_SIZE; 60 return CRYPT_PK_INVALID_SIZE;
113 x = 0; 112 x = 0;
114 XMEMSET(DB + x, 0, modulus_len - saltlen - hLen - 2); 113 XMEMSET(DB + x, 0, modulus_len - saltlen - hLen - 2);
115 x += modulus_len - saltlen - hLen - 2; 114 x += modulus_len - saltlen - hLen - 2;
116 DB[x++] = 0x01; 115 DB[x++] = 0x01;
117 XMEMCPY(DB + x, salt, saltlen); 116 XMEMCPY(DB + x, salt, saltlen);
118 x += saltlen; 117 /* x += saltlen; */
119 118
120 /* generate mask of length modulus_len - hLen - 1 from hash */ 119 /* generate mask of length modulus_len - hLen - 1 from hash */
121 if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { 120 if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
122 goto LBL_ERR; 121 goto LBL_ERR;
123 } 122 }
145 144
146 /* 0xBC */ 145 /* 0xBC */
147 out[y] = 0xBC; 146 out[y] = 0xBC;
148 147
149 /* now clear the 8*modulus_len - modulus_bitlen most significant bits */ 148 /* now clear the 8*modulus_len - modulus_bitlen most significant bits */
150 out[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)); 149 out[0] &= 0xFF >> ((modulus_len<<3) - modulus_bitlen);
151 150
152 /* store output size */ 151 /* store output size */
153 *outlen = modulus_len; 152 *outlen = modulus_len;
154 err = CRYPT_OK; 153 err = CRYPT_OK;
155 LBL_ERR: 154 LBL_ERR:
156 #ifdef LTC_CLEAN_STACK 155 #ifdef LTC_CLEAN_STACK
157 zeromem(DB, modulus_len); 156 zeromem(DB, modulus_len);
158 zeromem(mask, modulus_len); 157 zeromem(mask, modulus_len);
159 zeromem(salt, modulus_len); 158 zeromem(salt, modulus_len);
160 zeromem(hash, modulus_len); 159 zeromem(hash, modulus_len);
161 #endif 160 #endif
162 161
163 XFREE(hash); 162 XFREE(hash);
164 XFREE(salt); 163 XFREE(salt);
165 XFREE(mask); 164 XFREE(mask);
168 return err; 167 return err;
169 } 168 }
170 169
171 #endif /* LTC_PKCS_1 */ 170 #endif /* LTC_PKCS_1 */
172 171
173 /* $Source$ */ 172 /* ref: $Format:%D$ */
174 /* $Revision$ */ 173 /* git commit: $Format:%H$ */
175 /* $Date$ */ 174 /* commit time: $Format:%ai$ */