Mercurial > dropbear

comparison libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 #include "tomcrypt.h" 9 #include "tomcrypt.h"
12 10
13 /** @file pkcs_1_v1_5_decode.c 11 /** @file pkcs_1_v1_5_decode.c
14 * 12 *
15 * LTC_PKCS #1 v1.5 Padding. (Andreas Lange) 13 * PKCS #1 v1.5 Padding. (Andreas Lange)
16 */ 14 */
17 15
18 #ifdef LTC_PKCS_1 16 #ifdef LTC_PKCS_1
19 17
20 /** @brief LTC_PKCS #1 v1.5 decode. 18 /** @brief PKCS #1 v1.5 decode.
21 * 19 *
22 * @param msg The encoded data to decode 20 * @param msg The encoded data to decode
23 * @param msglen The length of the encoded data (octets) 21 * @param msglen The length of the encoded data (octets)
24 * @param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks) 22 * @param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks)
25 * @param modulus_bitlen The bit length of the RSA modulus 23 * @param modulus_bitlen The bit length of the RSA modulus
26 * @param out [out] Destination of decoding 24 * @param out [out] Destination of decoding
27 * @param outlen [in/out] The max size and resulting size of the decoding 25 * @param outlen [in/out] The max size and resulting size of the decoding
28 * @param is_valid [out] Boolean whether the padding was valid 26 * @param is_valid [out] Boolean whether the padding was valid
29 * 27 *
30 * @return CRYPT_OK if successful (even if invalid) 28 * @return CRYPT_OK if successful
31 */ 29 */
32 int pkcs_1_v1_5_decode(const unsigned char *msg, 30 int pkcs_1_v1_5_decode(const unsigned char *msg,
33 unsigned long msglen, 31 unsigned long msglen,
34 int block_type, 32 int block_type,
35 unsigned long modulus_bitlen, 33 unsigned long modulus_bitlen,
36 unsigned char *out, 34 unsigned char *out,
37 unsigned long *outlen, 35 unsigned long *outlen,
38 int *is_valid) 36 int *is_valid)
39 { 37 {
40 unsigned long modulus_len, ps_len, i; 38 unsigned long modulus_len, ps_len, i;
41 int result; 39 int result;
49 47
50 if ((msglen > modulus_len) || (modulus_len < 11)) { 48 if ((msglen > modulus_len) || (modulus_len < 11)) {
51 return CRYPT_PK_INVALID_SIZE; 49 return CRYPT_PK_INVALID_SIZE;
52 } 50 }
53 51
52 result = CRYPT_OK;
53
54 /* separate encoded message */ 54 /* separate encoded message */
55 55
56 if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) { 56 if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) {
57 result = CRYPT_INVALID_PACKET; 57 result = CRYPT_INVALID_PACKET;
58 goto bail;
59 } 58 }
60 59
61 if (block_type == LTC_LTC_PKCS_1_EME) { 60 if (block_type == LTC_PKCS_1_EME) {
62 for (i = 2; i < modulus_len; i++) { 61 for (i = 2; i < modulus_len; i++) {
63 /* separator */ 62 /* separator */
64 if (msg[i] == 0x00) { break; } 63 if (msg[i] == 0x00) { break; }
65 } 64 }
66 ps_len = i++ - 2; 65 ps_len = i++ - 2;
67 66
68 if ((i >= modulus_len) || (ps_len < 8)) { 67 if (i >= modulus_len) {
69 /* There was no octet with hexadecimal value 0x00 to separate ps from m, 68 /* There was no octet with hexadecimal value 0x00 to separate ps from m.
70 * or the length of ps is less than 8 octets.
71 */ 69 */
72 result = CRYPT_INVALID_PACKET; 70 result = CRYPT_INVALID_PACKET;
73 goto bail;
74 } 71 }
75 } else { 72 } else {
76 for (i = 2; i < modulus_len - 1; i++) { 73 for (i = 2; i < modulus_len - 1; i++) {
77 if (msg[i] != 0xFF) { break; } 74 if (msg[i] != 0xFF) { break; }
78 } 75 }
79 76
80 /* separator check */ 77 /* separator check */
81 if (msg[i] != 0) { 78 if (msg[i] != 0) {
82 /* There was no octet with hexadecimal value 0x00 to separate ps from m. */ 79 /* There was no octet with hexadecimal value 0x00 to separate ps from m. */
83 result = CRYPT_INVALID_PACKET; 80 result = CRYPT_INVALID_PACKET;
84 goto bail;
85 } 81 }
86 82
87 ps_len = i - 2; 83 ps_len = i - 2;
88 } 84 }
89 85
90 if (*outlen < (msglen - (2 + ps_len + 1))) { 86 if (ps_len < 8)
91 *outlen = msglen - (2 + ps_len + 1); 87 {
92 result = CRYPT_BUFFER_OVERFLOW; 88 /* The length of ps is less than 8 octets.
93 goto bail; 89 */
90 result = CRYPT_INVALID_PACKET;
94 } 91 }
95 92
96 *outlen = (msglen - (2 + ps_len + 1)); 93 if (*outlen < (msglen - (2 + ps_len + 1))) {
97 XMEMCPY(out, &msg[2 + ps_len + 1], *outlen); 94 result = CRYPT_INVALID_PACKET;
95 }
98 96
99 /* valid packet */ 97 if (result == CRYPT_OK) {
100 *is_valid = 1; 98 *outlen = (msglen - (2 + ps_len + 1));
101 result = CRYPT_OK; 99 XMEMCPY(out, &msg[2 + ps_len + 1], *outlen);
102 bail: 100
101 /* valid packet */
102 *is_valid = 1;
103 }
104
103 return result; 105 return result;
104 } /* pkcs_1_v1_5_decode */ 106 } /* pkcs_1_v1_5_decode */
105 107
106 #endif /* #ifdef LTC_PKCS_1 */ 108 #endif /* #ifdef LTC_PKCS_1 */
107 109
108 /* $Source$ */ 110 /* ref: $Format:%D$ */
109 /* $Revision$ */ 111 /* git commit: $Format:%H$ */
110 /* $Date$ */ 112 /* commit time: $Format:%ai$ */