view src/pk/pkcs1/pkcs_1_v15_sa_encode.c @ 195:19e5d79b7190 libtomcrypt

Cleanup of import of LTC 1.02, still problematic for Dropbear
author Matt Johnston <matt@ucc.asn.au>
date Mon, 09 May 2005 09:33:00 +0000
parents 1c15b283127b
children
line wrap: on
line source

/* LibTomCrypt, modular cryptographic library -- Tom St Denis
 *
 * LibTomCrypt is a library that provides various cryptographic
 * algorithms in a highly modular and flexible manner.
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
 * Tom St Denis, [email protected], http://libtomcrypt.org
 */
#include "tomcrypt.h"

/** 
  @file pkcs_1_v15_sa_encode.c
  PKCS #1 v1.5 Signature Padding, Tom St Denis 
*/

#ifdef PKCS_1

/**
  Perform PKCS #1 v1.5 Signature Padding
  @param msghash         The hash you wish to incorporate in the padding
  @param msghashlen      The length of the hash
  @param hash_idx        The index of the hash used
  @param modulus_bitlen  The length of the RSA modulus that will sign this (bits)
  @param out             [out] Where to store the padded data
  @param outlen          [in/out] Max size and resulting size of the padded data
  @return CRYPT_OK if successful
*/
int pkcs_1_v15_sa_encode(const unsigned char *msghash,  unsigned long msghashlen,
                               int            hash_idx, unsigned long modulus_bitlen,
                               unsigned char *out,      unsigned long *outlen)
{
  unsigned long derlen, modulus_bytelen, x, y;
  int err;

  LTC_ARGCHK(msghash != NULL)
  LTC_ARGCHK(out     != NULL);
  LTC_ARGCHK(outlen  != NULL);

  if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
     return err;
  }

  /* hack, to detect any hash without a DER OID */
  if (hash_descriptor[hash_idx].DERlen == 0) {
     return CRYPT_INVALID_ARG; 
  }

  /* get modulus len */
  modulus_bytelen = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0);

  /* get der len ok?  Forgive my lame German accent.... */
  derlen = hash_descriptor[hash_idx].DERlen;

  /* valid sizes? */
  if (msghashlen + 3 + derlen > modulus_bytelen) {
     return CRYPT_PK_INVALID_SIZE;
  }

  if (*outlen < modulus_bytelen) {
     return CRYPT_BUFFER_OVERFLOW;
  }

  /* packet is 0x00 0x01 PS 0x00 T, where PS == 0xFF repeated modulus_bytelen - 3 - derlen - msghashlen times, T == DER || hash */
  x = 0;
  out[x++] = 0x00;
  out[x++] = 0x01;
  for (y = 0; y < (modulus_bytelen - 3 - derlen - msghashlen); y++) {
     out[x++] = 0xFF;
  }
  out[x++] = 0x00;
  for (y = 0; y < derlen; y++) {
     out[x++] = hash_descriptor[hash_idx].DER[y];
  }
  for (y = 0; y < msghashlen; y++) {
     out[x++] = msghash[y];
  }

  *outlen = modulus_bytelen;
  return CRYPT_OK;
}

#endif /* PKCS_1 */