Mercurial > dropbear

comparison libtomcrypt/src/pk/rsa/rsa_verify_hash.c @ 399:a707e6148060

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge of '5fdf69ca60d1683cdd9f4c2595134bed26394834' and '6b61c50f4cf888bea302ac8fcf5dbb573b443251'
author Matt Johnston <matt@ucc.asn.au>
date Sat, 03 Feb 2007 08:20:34 +0000
parents 0cbe8f6dbf9e
children f849a5ca2efc
comparison
equal deleted inserted replaced
394:17d097fc111c 399:a707e6148060
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.com
10 */
11 #include "tomcrypt.h"
12
13 /**
14 @file rsa_verify_hash.c
15 RSA PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange
16 */
17
18 #ifdef MRSA
19
20 /**
21 PKCS #1 de-sign then v1.5 or PSS depad
22 @param sig The signature data
23 @param siglen The length of the signature data (octets)
24 @param hash The hash of the message that was signed
25 @param hashlen The length of the hash of the message that was signed (octets)
26 @param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5)
27 @param hash_idx The index of the desired hash
28 @param saltlen The length of the salt used during signature
29 @param stat [out] The result of the signature comparison, 1==valid, 0==invalid
30 @param key The public RSA key corresponding to the key that performed the signature
31 @return CRYPT_OK on success (even if the signature is invalid)
32 */
33 int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
34 const unsigned char *hash, unsigned long hashlen,
35 int padding,
36 int hash_idx, unsigned long saltlen,
37 int *stat, rsa_key *key)
38 {
39 unsigned long modulus_bitlen, modulus_bytelen, x;
40 int err;
41 unsigned char *tmpbuf;
42
43 LTC_ARGCHK(hash != NULL);
44 LTC_ARGCHK(sig != NULL);
45 LTC_ARGCHK(stat != NULL);
46 LTC_ARGCHK(key != NULL);
47
48 /* default to invalid */
49 *stat = 0;
50
51 /* valid padding? */
52
53 if ((padding != LTC_PKCS_1_V1_5) &&
54 (padding != LTC_PKCS_1_PSS)) {
55 return CRYPT_PK_INVALID_PADDING;
56 }
57
58 if (padding == LTC_PKCS_1_PSS) {
59 /* valid hash ? */
60 if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
61 return err;
62 }
63 }
64
65 /* get modulus len in bits */
66 modulus_bitlen = mp_count_bits( (key->N));
67
68 /* outlen must be at least the size of the modulus */
69 modulus_bytelen = mp_unsigned_bin_size( (key->N));
70 if (modulus_bytelen != siglen) {
71 return CRYPT_INVALID_PACKET;
72 }
73
74 /* allocate temp buffer for decoded sig */
75 tmpbuf = XMALLOC(siglen);
76 if (tmpbuf == NULL) {
77 return CRYPT_MEM;
78 }
79
80 /* RSA decode it */
81 x = siglen;
82 if ((err = ltc_mp.rsa_me(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) {
83 XFREE(tmpbuf);
84 return err;
85 }
86
87 /* make sure the output is the right size */
88 if (x != siglen) {
89 XFREE(tmpbuf);
90 return CRYPT_INVALID_PACKET;
91 }
92
93 if (padding == LTC_PKCS_1_PSS) {
94 /* PSS decode and verify it */
95 err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat);
96 } else {
97 /* PKCS #1 v1.5 decode it */
98 unsigned char *out;
99 unsigned long outlen, loid[16];
100 int decoded;
101 ltc_asn1_list digestinfo[2], siginfo[2];
102
103 /* not all hashes have OIDs... so sad */
104 if (hash_descriptor[hash_idx].OIDlen == 0) {
105 err = CRYPT_INVALID_ARG;
106 goto bail_2;
107 }
108
109 /* allocate temp buffer for decoded hash */
110 outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3;
111 out = XMALLOC(outlen);
112 if (out == NULL) {
113 err = CRYPT_MEM;
114 goto bail_2;
115 }
116
117 if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) {
118 XFREE(out);
119 goto bail_2;
120 }
121
122 /* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */
123 /* construct the SEQUENCE
124 SEQUENCE {
125 SEQUENCE {hashoid OID
126 blah NULL
127 }
128 hash OCTET STRING
129 }
130 */
131 LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0]));
132 LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
133 LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
134 LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen);
135
136 if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) {
137 XFREE(out);
138 goto bail_2;
139 }
140
141 /* test OID */
142 if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
143 (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
144 (siginfo[1].size == hashlen) &&
145 (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {
146 *stat = 1;
147 }
148
149 #ifdef LTC_CLEAN_STACK
150 zeromem(out, outlen);
151 #endif
152 XFREE(out);
153 }
154
155 bail_2:
156 #ifdef LTC_CLEAN_STACK
157 zeromem(tmpbuf, siglen);
158 #endif
159 XFREE(tmpbuf);
160 return err;
161 }
162
163 #endif /* MRSA */
164
165 /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_verify_hash.c,v $ */
166 /* $Revision: 1.11 $ */
167 /* $Date: 2006/12/04 03:09:28 $ */