diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-09-06 17:20:33 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-09-06 17:26:58 +0200 |
| commit | e6177630198eb1eea2def0374fae1196da0e40ec (patch) | |
| tree | 704951804609999fb6ef7a956b04921b9f84c320 /libtomcrypt/pk | |
| parent | 943f9ab50c110133a5cd1118b5b19cb09301168f (diff) | |
| download | cryptodev-linux-e6177630198eb1eea2def0374fae1196da0e40ec.tar.gz cryptodev-linux-e6177630198eb1eea2def0374fae1196da0e40ec.tar.xz cryptodev-linux-e6177630198eb1eea2def0374fae1196da0e40ec.zip | |
Run Lindent on libtom(*)
Diffstat (limited to 'libtomcrypt/pk')
25 files changed, 1980 insertions, 1754 deletions
diff --git a/libtomcrypt/pk/dsa/dsa_export.c b/libtomcrypt/pk/dsa/dsa_export.c index 5a2d5df..01569e7 100644 --- a/libtomcrypt/pk/dsa/dsa_export.c +++ b/libtomcrypt/pk/dsa/dsa_export.c @@ -10,7 +10,6 @@ */ #include "tomcrypt.h" - /** @file dsa_export.c DSA implementation, export key, Tom St Denis @@ -26,74 +25,78 @@ @param key The key to export @return CRYPT_OK if successful */ -int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key) +int dsa_export(unsigned char *out, unsigned long *outlen, int type, + dsa_key * key) { - unsigned long zero=0; - int err; + unsigned long zero = 0; + int err; + + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* can we store the static header? */ + if (type == PK_PRIVATE && key->type != PK_PRIVATE) { + return CRYPT_PK_TYPE_MISMATCH; + } - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); + if (type != PK_PUBLIC && type != PK_PRIVATE) { + return CRYPT_INVALID_ARG; + } - /* can we store the static header? */ - if (type == PK_PRIVATE && key->type != PK_PRIVATE) { - return CRYPT_PK_TYPE_MISMATCH; - } + /* This encoding is different from the one in original + * libtomcrypt. It uses a compatible encoding with gnutls + * and openssl + */ + if (type == PK_PRIVATE) { + return der_encode_sequence_multi(out, outlen, + LTC_ASN1_SHORT_INTEGER, 1UL, + &zero, LTC_ASN1_INTEGER, 1UL, + &key->p, LTC_ASN1_INTEGER, 1UL, + &key->q, LTC_ASN1_INTEGER, 1UL, + &key->g, LTC_ASN1_INTEGER, 1UL, + &key->y, LTC_ASN1_INTEGER, 1UL, + &key->x, LTC_ASN1_EOL, 0UL, + NULL); + } else { + unsigned long tmplen = (mp_count_bits(&key->y) / 8) + 8; + unsigned char *tmp = XMALLOC(tmplen); + ltc_asn1_list int_list[3]; - if (type != PK_PUBLIC && type != PK_PRIVATE) { - return CRYPT_INVALID_ARG; - } + if (tmp == NULL) { + return CRYPT_MEM; + } - /* This encoding is different from the one in original - * libtomcrypt. It uses a compatible encoding with gnutls - * and openssl - */ - if (type == PK_PRIVATE) { - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->g, - LTC_ASN1_INTEGER, 1UL, &key->y, - LTC_ASN1_INTEGER, 1UL, &key->x, - LTC_ASN1_EOL, 0UL, NULL); - } else { - unsigned long tmplen = (mp_count_bits(&key->y)/8)+8; - unsigned char* tmp = XMALLOC(tmplen); - ltc_asn1_list int_list[3]; - - if (tmp == NULL) { - return CRYPT_MEM; - } - - err = der_encode_integer(&key->y, tmp, &tmplen); - if (err != CRYPT_OK) { - goto error; - } + err = der_encode_integer(&key->y, tmp, &tmplen); + if (err != CRYPT_OK) { + goto error; + } - int_list[0].data = &key->p; - int_list[0].size = 1UL; - int_list[0].type = LTC_ASN1_INTEGER; - int_list[1].data = &key->q; - int_list[1].size = 1UL; - int_list[1].type = LTC_ASN1_INTEGER; - int_list[2].data = &key->g; - int_list[2].size = 1UL; - int_list[2].type = LTC_ASN1_INTEGER; + int_list[0].data = &key->p; + int_list[0].size = 1UL; + int_list[0].type = LTC_ASN1_INTEGER; + int_list[1].data = &key->q; + int_list[1].size = 1UL; + int_list[1].type = LTC_ASN1_INTEGER; + int_list[2].data = &key->g; + int_list[2].size = 1UL; + int_list[2].type = LTC_ASN1_INTEGER; + + err = der_encode_subject_public_key_info(out, outlen, + PKA_DSA, tmp, tmplen, + LTC_ASN1_SEQUENCE, + int_list, + sizeof(int_list) / + sizeof(int_list[0])); - err = der_encode_subject_public_key_info(out, outlen, - PKA_DSA, tmp, tmplen, - LTC_ASN1_SEQUENCE, int_list, sizeof(int_list)/sizeof(int_list[0])); - error: - XFREE(tmp); - return err; - } + XFREE(tmp); + return err; + } } #endif - /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_export.c,v $ */ /* $Revision: 1.10 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/dsa/dsa_free.c b/libtomcrypt/pk/dsa/dsa_free.c index 37a330d..bfefefe 100644 --- a/libtomcrypt/pk/dsa/dsa_free.c +++ b/libtomcrypt/pk/dsa/dsa_free.c @@ -21,10 +21,10 @@ Free a DSA key @param key The key to free from memory */ -void dsa_free(dsa_key *key) +void dsa_free(dsa_key * key) { - LTC_ARGCHKVD(key != NULL); - mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); + LTC_ARGCHKVD(key != NULL); + mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); } #endif diff --git a/libtomcrypt/pk/dsa/dsa_import.c b/libtomcrypt/pk/dsa/dsa_import.c index c6a1f6f..cf21e3b 100644 --- a/libtomcrypt/pk/dsa/dsa_import.c +++ b/libtomcrypt/pk/dsa/dsa_import.c @@ -10,7 +10,6 @@ */ #include "tomcrypt.h" - /** @file dsa_import.c DSA implementation, import a DSA key, Tom St Denis @@ -25,73 +24,80 @@ @param key [out] Where to store the imported key @return CRYPT_OK if successful, upon error this function will free all allocated memory */ -int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) +int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key * key) { - int err; - unsigned long zero = 0; - unsigned char* tmpbuf = NULL; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - - /* init key */ - if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != CRYPT_OK) { - return CRYPT_MEM; - } - - /* get key type */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->g, - LTC_ASN1_INTEGER, 1UL, &key->y, - LTC_ASN1_INTEGER, 1UL, &key->x, - LTC_ASN1_EOL, 0UL, NULL)) == CRYPT_OK) { - key->type = PK_PRIVATE; - } else { /* public */ - ltc_asn1_list params[3]; - unsigned long tmpbuf_len = MAX_RSA_SIZE*8; - - LTC_SET_ASN1(params, 0, LTC_ASN1_INTEGER, &key->p, 1UL); - LTC_SET_ASN1(params, 1, LTC_ASN1_INTEGER, &key->q, 1UL); - LTC_SET_ASN1(params, 2, LTC_ASN1_INTEGER, &key->g, 1UL); - - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - err = der_decode_subject_public_key_info(in, inlen, - PKA_DSA, tmpbuf, &tmpbuf_len, - LTC_ASN1_SEQUENCE, params, 3); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err=der_decode_integer(tmpbuf, tmpbuf_len, &key->y)) != CRYPT_OK) { - goto LBL_ERR; - } - - XFREE(tmpbuf); - key->type = PK_PUBLIC; - } - - key->qord = mp_unsigned_bin_size(&key->q); - - if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || - (unsigned long)key->qord >= mp_unsigned_bin_size(&key->p) || (mp_unsigned_bin_size(&key->p) - key->qord) >= LTC_MDSA_DELTA) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - return CRYPT_OK; + int err; + unsigned long zero = 0; + unsigned char *tmpbuf = NULL; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(key != NULL); + + /* init key */ + if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != + CRYPT_OK) { + return CRYPT_MEM; + } + + /* get key type */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_SHORT_INTEGER, 1UL, &zero, + LTC_ASN1_INTEGER, 1UL, &key->p, + LTC_ASN1_INTEGER, 1UL, &key->q, + LTC_ASN1_INTEGER, 1UL, &key->g, + LTC_ASN1_INTEGER, 1UL, &key->y, + LTC_ASN1_INTEGER, 1UL, &key->x, + LTC_ASN1_EOL, 0UL, + NULL)) == CRYPT_OK) { + key->type = PK_PRIVATE; + } else { /* public */ + ltc_asn1_list params[3]; + unsigned long tmpbuf_len = MAX_RSA_SIZE * 8; + + LTC_SET_ASN1(params, 0, LTC_ASN1_INTEGER, &key->p, 1UL); + LTC_SET_ASN1(params, 1, LTC_ASN1_INTEGER, &key->q, 1UL); + LTC_SET_ASN1(params, 2, LTC_ASN1_INTEGER, &key->g, 1UL); + + tmpbuf = XCALLOC(1, tmpbuf_len); + if (tmpbuf == NULL) { + err = CRYPT_MEM; + goto LBL_ERR; + } + + err = der_decode_subject_public_key_info(in, inlen, + PKA_DSA, tmpbuf, + &tmpbuf_len, + LTC_ASN1_SEQUENCE, + params, 3); + if (err != CRYPT_OK) { + goto LBL_ERR; + } + + if ((err = + der_decode_integer(tmpbuf, tmpbuf_len, + &key->y)) != CRYPT_OK) { + goto LBL_ERR; + } + + XFREE(tmpbuf); + key->type = PK_PUBLIC; + } + + key->qord = mp_unsigned_bin_size(&key->q); + + if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || + (unsigned long)key->qord >= mp_unsigned_bin_size(&key->p) + || (mp_unsigned_bin_size(&key->p) - key->qord) >= LTC_MDSA_DELTA) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + return CRYPT_OK; LBL_ERR: - XFREE(tmpbuf); - mp_clear_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); - return err; + XFREE(tmpbuf); + mp_clear_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/dsa/dsa_make_key.c b/libtomcrypt/pk/dsa/dsa_make_key.c index eab5d15..d233e22 100644 --- a/libtomcrypt/pk/dsa/dsa_make_key.c +++ b/libtomcrypt/pk/dsa/dsa_make_key.c @@ -10,7 +10,6 @@ */ #include "tomcrypt.h" - /** @file dsa_make_key.c DSA implementation, generate a DSA key, Tom St Denis @@ -25,97 +24,130 @@ @param key [out] Where to store the created key @return CRYPT_OK if successful, upon error this function will free all allocated memory */ -int dsa_make_key(int group_size, int modulus_size, dsa_key *key) +int dsa_make_key(int group_size, int modulus_size, dsa_key * key) { - mp_int tmp, tmp2; - int err, res; - unsigned char *buf; - - LTC_ARGCHK(key != NULL); - - /* check size */ - if (group_size >= LTC_MDSA_MAX_GROUP || group_size <= 15 || - group_size >= modulus_size || (modulus_size - group_size) >= LTC_MDSA_DELTA) { - return CRYPT_INVALID_ARG; - } - - /* allocate ram */ - buf = XMALLOC(LTC_MDSA_DELTA); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* init mp_ints */ - if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) { - XFREE(buf); - return err; - } - - /* make our prime q */ - if ((err = rand_prime(&key->q, group_size)) != CRYPT_OK) { goto error; } - - /* double q */ - if ((err = mp_add(&key->q, &key->q, &tmp)) != CRYPT_OK) { goto error; } - - /* now make a random string and multply it against q */ - get_random_bytes(buf+1, modulus_size - group_size); - - /* force magnitude */ - buf[0] |= 0xC0; - - /* force even */ - buf[modulus_size - group_size - 1] &= ~1; - - if ((err = mp_read_unsigned_bin(&tmp2, buf, modulus_size - group_size)) != CRYPT_OK) { goto error; } - if ((err = mp_mul(&key->q, &tmp2, &key->p)) != CRYPT_OK) { goto error; } - if ((err = mp_add_d(&key->p, 1, &key->p)) != CRYPT_OK) { goto error; } - - /* now loop until p is prime */ - for (;;) { - if ((err = mp_prime_is_prime(&key->p, 8, &res)) != CRYPT_OK) { goto error; } - if (res == LTC_MP_YES) break; - - /* add 2q to p and 2 to tmp2 */ - if ((err = mp_add(&tmp, &key->p, &key->p)) != CRYPT_OK) { goto error; } - if ((err = mp_add_d(&tmp2, 2, &tmp2)) != CRYPT_OK) { goto error; } - } - - /* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */ - mp_set(&key->g, 1); - - do { - if ((err = mp_add_d(&key->g, 1, &key->g)) != CRYPT_OK) { goto error; } - if ((err = mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != CRYPT_OK) { goto error; } - } while (mp_cmp_d(&tmp, 1) == LTC_MP_EQ); - - /* at this point tmp generates a group of order q mod p */ - mp_exch(&tmp, &key->g); - - /* so now we have our DH structure, generator g, order q, modulus p - Now we need a random exponent [mod q] and it's power g^x mod p - */ - do { - get_random_bytes(buf, group_size); - - if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != CRYPT_OK) { goto error; } - } while (mp_cmp_d(&key->x, 1) != LTC_MP_GT); - if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != CRYPT_OK) { goto error; } - - key->type = PK_PRIVATE; - key->qord = group_size; + mp_int tmp, tmp2; + int err, res; + unsigned char *buf; + + LTC_ARGCHK(key != NULL); + + /* check size */ + if (group_size >= LTC_MDSA_MAX_GROUP || group_size <= 15 || + group_size >= modulus_size + || (modulus_size - group_size) >= LTC_MDSA_DELTA) { + return CRYPT_INVALID_ARG; + } + + /* allocate ram */ + buf = XMALLOC(LTC_MDSA_DELTA); + if (buf == NULL) { + return CRYPT_MEM; + } + + /* init mp_ints */ + if ((err = + mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, + &key->y, NULL)) != CRYPT_OK) { + XFREE(buf); + return err; + } + + /* make our prime q */ + if ((err = rand_prime(&key->q, group_size)) != CRYPT_OK) { + goto error; + } + + /* double q */ + if ((err = mp_add(&key->q, &key->q, &tmp)) != CRYPT_OK) { + goto error; + } + + /* now make a random string and multply it against q */ + get_random_bytes(buf + 1, modulus_size - group_size); + + /* force magnitude */ + buf[0] |= 0xC0; + + /* force even */ + buf[modulus_size - group_size - 1] &= ~1; + + if ((err = + mp_read_unsigned_bin(&tmp2, buf, + modulus_size - group_size)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mul(&key->q, &tmp2, &key->p)) != CRYPT_OK) { + goto error; + } + if ((err = mp_add_d(&key->p, 1, &key->p)) != CRYPT_OK) { + goto error; + } + + /* now loop until p is prime */ + for (;;) { + if ((err = mp_prime_is_prime(&key->p, 8, &res)) != CRYPT_OK) { + goto error; + } + if (res == LTC_MP_YES) + break; + + /* add 2q to p and 2 to tmp2 */ + if ((err = mp_add(&tmp, &key->p, &key->p)) != CRYPT_OK) { + goto error; + } + if ((err = mp_add_d(&tmp2, 2, &tmp2)) != CRYPT_OK) { + goto error; + } + } + + /* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */ + mp_set(&key->g, 1); + + do { + if ((err = mp_add_d(&key->g, 1, &key->g)) != CRYPT_OK) { + goto error; + } + if ((err = + mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != CRYPT_OK) { + goto error; + } + } while (mp_cmp_d(&tmp, 1) == LTC_MP_EQ); + + /* at this point tmp generates a group of order q mod p */ + mp_exch(&tmp, &key->g); + + /* so now we have our DH structure, generator g, order q, modulus p + Now we need a random exponent [mod q] and it's power g^x mod p + */ + do { + get_random_bytes(buf, group_size); + + if ((err = + mp_read_unsigned_bin(&key->x, buf, + group_size)) != CRYPT_OK) { + goto error; + } + } while (mp_cmp_d(&key->x, 1) != LTC_MP_GT); + if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != CRYPT_OK) { + goto error; + } + + key->type = PK_PRIVATE; + key->qord = group_size; #ifdef LTC_CLEAN_STACK - zeromem(buf, LTC_MDSA_DELTA); + zeromem(buf, LTC_MDSA_DELTA); #endif - err = CRYPT_OK; - goto done; -error: - mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); -done: - mp_clear_multi(&tmp, &tmp2, NULL); - XFREE(buf); - return err; + err = CRYPT_OK; + goto done; +error: + mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); +done: + mp_clear_multi(&tmp, &tmp2, NULL); + XFREE(buf); + return err; } #endif diff --git a/libtomcrypt/pk/dsa/dsa_sign_hash.c b/libtomcrypt/pk/dsa/dsa_sign_hash.c index 6f4dad8..897241f 100644 --- a/libtomcrypt/pk/dsa/dsa_sign_hash.c +++ b/libtomcrypt/pk/dsa/dsa_sign_hash.c @@ -10,7 +10,6 @@ */ #include "tomcrypt.h" - /** @file dsa_sign_hash.c DSA implementation, sign a hash, Tom St Denis @@ -27,78 +26,106 @@ @param key A private DSA key @return CRYPT_OK if successful */ -int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, - mp_int_t r, mp_int_t s, - dsa_key *key) +int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, + mp_int_t r, mp_int_t s, dsa_key * key) { - mp_int k, kinv, tmp; - unsigned char *buf; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(r != NULL); - LTC_ARGCHK(s != NULL); - LTC_ARGCHK(key != NULL); - - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* check group order size */ - if (key->qord >= LTC_MDSA_MAX_GROUP) { - return CRYPT_INVALID_ARG; - } - - buf = XMALLOC(LTC_MDSA_MAX_GROUP); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* Init our temps */ - if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { goto ERRBUF; } + mp_int k, kinv, tmp; + unsigned char *buf; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(r != NULL); + LTC_ARGCHK(s != NULL); + LTC_ARGCHK(key != NULL); + + if (key->type != PK_PRIVATE) { + return CRYPT_PK_NOT_PRIVATE; + } + + /* check group order size */ + if (key->qord >= LTC_MDSA_MAX_GROUP) { + return CRYPT_INVALID_ARG; + } + + buf = XMALLOC(LTC_MDSA_MAX_GROUP); + if (buf == NULL) { + return CRYPT_MEM; + } + + /* Init our temps */ + if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { + goto ERRBUF; + } retry: - do { - /* gen random k */ - get_random_bytes(buf, key->qord); - - /* read k */ - if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != CRYPT_OK) { goto error; } - - /* k > 1 ? */ - if (mp_cmp_d(&k, 1) != LTC_MP_GT) { goto retry; } - - /* test gcd */ - if ((err = mp_gcd(&k, &key->q, &tmp)) != CRYPT_OK) { goto error; } - } while (mp_cmp_d(&tmp, 1) != LTC_MP_EQ); - - /* now find 1/k mod q */ - if ((err = mp_invmod(&k, &key->q, &kinv)) != CRYPT_OK) { goto error; } - - /* now find r = g^k mod p mod q */ - if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(r, &key->q, r)) != CRYPT_OK) { goto error; } - - if (mp_iszero(r) == LTC_MP_YES) { goto retry; } - - /* now find s = (in + xr)/k mod q */ - if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; } - if ((err = mp_mul(&key->x, r, s)) != CRYPT_OK) { goto error; } - if ((err = mp_add(s, &tmp, s)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(s, &kinv, &key->q, s)) != CRYPT_OK) { goto error; } - - if (mp_iszero(s) == LTC_MP_YES) { goto retry; } - - err = CRYPT_OK; -error: - mp_clear_multi(&k, &kinv, &tmp, NULL); + do { + /* gen random k */ + get_random_bytes(buf, key->qord); + + /* read k */ + if ((err = + mp_read_unsigned_bin(&k, buf, key->qord)) != CRYPT_OK) { + goto error; + } + + /* k > 1 ? */ + if (mp_cmp_d(&k, 1) != LTC_MP_GT) { + goto retry; + } + + /* test gcd */ + if ((err = mp_gcd(&k, &key->q, &tmp)) != CRYPT_OK) { + goto error; + } + } while (mp_cmp_d(&tmp, 1) != LTC_MP_EQ); + + /* now find 1/k mod q */ + if ((err = mp_invmod(&k, &key->q, &kinv)) != CRYPT_OK) { + goto error; + } + + /* now find r = g^k mod p mod q */ + if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mod(r, &key->q, r)) != CRYPT_OK) { + goto error; + } + + if (mp_iszero(r) == LTC_MP_YES) { + goto retry; + } + + /* now find s = (in + xr)/k mod q */ + if ((err = + mp_read_unsigned_bin(&tmp, (unsigned char *)in, + inlen)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mul(&key->x, r, s)) != CRYPT_OK) { + goto error; + } + if ((err = mp_add(s, &tmp, s)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mulmod(s, &kinv, &key->q, s)) != CRYPT_OK) { + goto error; + } + + if (mp_iszero(s) == LTC_MP_YES) { + goto retry; + } + + err = CRYPT_OK; +error: + mp_clear_multi(&k, &kinv, &tmp, NULL); ERRBUF: #ifdef LTC_CLEAN_STACK - zeromem(buf, LTC_MDSA_MAX_GROUP); + zeromem(buf, LTC_MDSA_MAX_GROUP); #endif - XFREE(buf); - return err; + XFREE(buf); + return err; } /** @@ -110,34 +137,33 @@ ERRBUF: @param key A private DSA key @return CRYPT_OK if successful */ -int dsa_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - dsa_key *key) +int dsa_sign_hash(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, dsa_key * key) { - mp_int r, s; - int err; + mp_int r, s; + int err; - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); - if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) { - return CRYPT_MEM; - } + if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) { + return CRYPT_MEM; + } - if ((err = dsa_sign_hash_raw(in, inlen, &r, &s, key)) != CRYPT_OK) { - goto error; - } + if ((err = dsa_sign_hash_raw(in, inlen, &r, &s, key)) != CRYPT_OK) { + goto error; + } - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_INTEGER, 1UL, &r, - LTC_ASN1_INTEGER, 1UL, &s, - LTC_ASN1_EOL, 0UL, NULL); + err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_INTEGER, 1UL, &r, + LTC_ASN1_INTEGER, 1UL, &s, + LTC_ASN1_EOL, 0UL, NULL); error: - mp_clear_multi(&r, &s, NULL); - return err; + mp_clear_multi(&r, &s, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/dsa/dsa_verify_hash.c b/libtomcrypt/pk/dsa/dsa_verify_hash.c index 3a82d1b..0f8ec49 100644 --- a/libtomcrypt/pk/dsa/dsa_verify_hash.c +++ b/libtomcrypt/pk/dsa/dsa_verify_hash.c @@ -15,7 +15,6 @@ DSA implementation, verify a signature, Tom St Denis */ - #ifdef LTC_MDSA /** @@ -28,57 +27,77 @@ @param key The corresponding public DH key @return CRYPT_OK if successful (even if the signature is invalid) */ -int dsa_verify_hash_raw( mp_int_t r, mp_int_t s, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key) +int dsa_verify_hash_raw(mp_int_t r, mp_int_t s, + const unsigned char *hash, unsigned long hashlen, + int *stat, dsa_key * key) { - mp_int w, v, u1, u2; - int err; - - LTC_ARGCHK(r != NULL); - LTC_ARGCHK(s != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* default to invalid signature */ - *stat = 0; - - /* init our variables */ - if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) { - return err; - } - - /* neither r or s can be null or >q*/ - if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, &key->q) != LTC_MP_LT || mp_cmp(s, &key->q) != LTC_MP_LT) { - err = CRYPT_INVALID_PACKET; - goto error; - } - - /* w = 1/s mod q */ - if ((err = mp_invmod(s, &key->q, &w)) != CRYPT_OK) { goto error; } - - /* u1 = m * w mod q */ - if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != CRYPT_OK) { goto error; } - - /* u2 = r*w mod q */ - if ((err = mp_mulmod(r, &w, &key->q, &u2)) != CRYPT_OK) { goto error; } - - /* v = g^u1 * y^u2 mod p mod q */ - if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != CRYPT_OK) { goto error; } - if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(&v, &key->q, &v)) != CRYPT_OK) { goto error; } - - /* if r = v then we're set */ - if (mp_cmp(r, &v) == LTC_MP_EQ) { - *stat = 1; - } - - err = CRYPT_OK; + mp_int w, v, u1, u2; + int err; + + LTC_ARGCHK(r != NULL); + LTC_ARGCHK(s != NULL); + LTC_ARGCHK(stat != NULL); + LTC_ARGCHK(key != NULL); + + /* default to invalid signature */ + *stat = 0; + + /* init our variables */ + if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) { + return err; + } + + /* neither r or s can be null or >q */ + if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES + || mp_cmp(r, &key->q) != LTC_MP_LT + || mp_cmp(s, &key->q) != LTC_MP_LT) { + err = CRYPT_INVALID_PACKET; + goto error; + } + + /* w = 1/s mod q */ + if ((err = mp_invmod(s, &key->q, &w)) != CRYPT_OK) { + goto error; + } + + /* u1 = m * w mod q */ + if ((err = + mp_read_unsigned_bin(&u1, (unsigned char *)hash, + hashlen)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != CRYPT_OK) { + goto error; + } + + /* u2 = r*w mod q */ + if ((err = mp_mulmod(r, &w, &key->q, &u2)) != CRYPT_OK) { + goto error; + } + + /* v = g^u1 * y^u2 mod p mod q */ + if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != CRYPT_OK) { + goto error; + } + if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mod(&v, &key->q, &v)) != CRYPT_OK) { + goto error; + } + + /* if r = v then we're set */ + if (mp_cmp(r, &v) == LTC_MP_EQ) { + *stat = 1; + } + + err = CRYPT_OK; error: - mp_clear_multi(&w, &v, &u1, &u2, NULL); - return err; + mp_clear_multi(&w, &v, &u1, &u2, NULL); + return err; } /** @@ -92,35 +111,35 @@ error: @return CRYPT_OK if successful (even if the signature is invalid) */ int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key) + const unsigned char *hash, unsigned long hashlen, + int *stat, dsa_key * key) { - int err; - mp_int r, s; + int err; + mp_int r, s; - if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { - return CRYPT_MEM; - } + if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { + return CRYPT_MEM; + } - /* decode the sequence */ - if ((err = der_decode_sequence_multi(sig, siglen, - LTC_ASN1_INTEGER, 1UL, &r, - LTC_ASN1_INTEGER, 1UL, &s, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } + /* decode the sequence */ + if ((err = der_decode_sequence_multi(sig, siglen, + LTC_ASN1_INTEGER, 1UL, &r, + LTC_ASN1_INTEGER, 1UL, &s, + LTC_ASN1_EOL, 0UL, + NULL)) != CRYPT_OK) { + goto LBL_ERR; + } - /* do the op */ - err = dsa_verify_hash_raw(&r, &s, hash, hashlen, stat, key); + /* do the op */ + err = dsa_verify_hash_raw(&r, &s, hash, hashlen, stat, key); LBL_ERR: - mp_clear_multi(&r, &s, NULL); - return err; + mp_clear_multi(&r, &s, NULL); + return err; } #endif - /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_hash.c,v $ */ /* $Revision: 1.15 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/dsa/dsa_verify_key.c b/libtomcrypt/pk/dsa/dsa_verify_key.c index 71635d2..cba33c5 100644 --- a/libtomcrypt/pk/dsa/dsa_verify_key.c +++ b/libtomcrypt/pk/dsa/dsa_verify_key.c @@ -23,75 +23,89 @@ @param stat [out] Result of test, 1==valid, 0==invalid @return CRYPT_OK if successful */ -int dsa_verify_key(dsa_key *key, int *stat) +int dsa_verify_key(dsa_key * key, int *stat) { - mp_int tmp, tmp2; - int res, err; + mp_int tmp, tmp2; + int res, err; - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(stat != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(stat != NULL); - /* default to an invalid key */ - *stat = 0; + /* default to an invalid key */ + *stat = 0; - /* first make sure key->q and key->p are prime */ - if ((err = mp_prime_is_prime(&key->q, 8, &res)) != CRYPT_OK) { - return err; - } - if (res == 0) { - return CRYPT_OK; - } + /* first make sure key->q and key->p are prime */ + if ((err = mp_prime_is_prime(&key->q, 8, &res)) != CRYPT_OK) { + return err; + } + if (res == 0) { + return CRYPT_OK; + } - if ((err = mp_prime_is_prime(&key->p, 8, &res)) != CRYPT_OK) { - return err; - } - if (res == 0) { - return CRYPT_OK; - } + if ((err = mp_prime_is_prime(&key->p, 8, &res)) != CRYPT_OK) { + return err; + } + if (res == 0) { + return CRYPT_OK; + } - /* now make sure that g is not -1, 0 or 1 and <p */ - if (mp_cmp_d(&key->g, 0) == LTC_MP_EQ || mp_cmp_d(&key->g, 1) == LTC_MP_EQ) { - return CRYPT_OK; - } - if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; } - if ((err = mp_sub_d(&key->p, 1, &tmp)) != CRYPT_OK) { goto error; } - if (mp_cmp(&tmp, &key->g) == LTC_MP_EQ || mp_cmp(&key->g, &key->p) != LTC_MP_LT) { - err = CRYPT_OK; - goto error; - } + /* now make sure that g is not -1, 0 or 1 and <p */ + if (mp_cmp_d(&key->g, 0) == LTC_MP_EQ + || mp_cmp_d(&key->g, 1) == LTC_MP_EQ) { + return CRYPT_OK; + } + if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { + return err; + } + if ((err = mp_sub_d(&key->p, 1, &tmp)) != CRYPT_OK) { + goto error; + } + if (mp_cmp(&tmp, &key->g) == LTC_MP_EQ + || mp_cmp(&key->g, &key->p) != LTC_MP_LT) { + err = CRYPT_OK; + goto error; + } - /* 1 < y < p-1 */ - if (!(mp_cmp_d(&key->y, 1) == LTC_MP_GT && mp_cmp(&key->y, &tmp) == LTC_MP_LT)) { - err = CRYPT_OK; - goto error; - } + /* 1 < y < p-1 */ + if (! + (mp_cmp_d(&key->y, 1) == LTC_MP_GT + && mp_cmp(&key->y, &tmp) == LTC_MP_LT)) { + err = CRYPT_OK; + goto error; + } - /* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */ - if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != CRYPT_OK) { goto error; } - if (mp_iszero(&tmp2) != LTC_MP_YES) { - err = CRYPT_OK; - goto error; - } + /* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */ + if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != CRYPT_OK) { + goto error; + } + if (mp_iszero(&tmp2) != LTC_MP_YES) { + err = CRYPT_OK; + goto error; + } - if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != CRYPT_OK) { goto error; } - if (mp_cmp_d(&tmp, 1) != LTC_MP_EQ) { - err = CRYPT_OK; - goto error; - } + if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != CRYPT_OK) { + goto error; + } + if (mp_cmp_d(&tmp, 1) != LTC_MP_EQ) { + err = CRYPT_OK; + goto error; + } - /* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */ - if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != CRYPT_OK) { goto error; } - if (mp_cmp_d(&tmp, 1) != LTC_MP_EQ) { - err = CRYPT_OK; - goto error; - } + /* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */ + if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != CRYPT_OK) { + goto error; + } + if (mp_cmp_d(&tmp, 1) != LTC_MP_EQ) { + err = CRYPT_OK; + goto error; + } - /* at this point we are out of tests ;-( */ - err = CRYPT_OK; - *stat = 1; -error: - mp_clear_multi(&tmp, &tmp2, NULL); - return err; + /* at this point we are out of tests ;-( */ + err = CRYPT_OK; + *stat = 1; +error: + mp_clear_multi(&tmp, &tmp2, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_i2osp.c b/libtomcrypt/pk/pkcs1/pkcs_1_i2osp.c index 70294a5..7881068 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_i2osp.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_i2osp.c @@ -30,22 +30,21 @@ */ int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out) { - unsigned long size; + unsigned long size; - size = mp_unsigned_bin_size(n); + size = mp_unsigned_bin_size(n); - if (size > modulus_len) { - return CRYPT_BUFFER_OVERFLOW; - } + if (size > modulus_len) { + return CRYPT_BUFFER_OVERFLOW; + } - /* store it */ - zeromem(out, modulus_len); - return mp_to_unsigned_bin(n, out+(modulus_len-size)); + /* store it */ + zeromem(out, modulus_len); + return mp_to_unsigned_bin(n, out + (modulus_len - size)); } #endif /* LTC_PKCS_1 */ - /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c,v $ */ /* $Revision: 1.7 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_mgf1.c b/libtomcrypt/pk/pkcs1/pkcs_1_mgf1.c index bfa3e7e..7becb86 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_mgf1.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_mgf1.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_mgf1.c The Mask Generation Function (MGF1) for LTC_PKCS #1, Tom St Denis @@ -29,59 +28,61 @@ @return CRYPT_OK if successful */ int pkcs_1_mgf1(const struct algo_properties_st *hash, - const unsigned char *seed, unsigned long seedlen, - unsigned char *mask, unsigned long masklen) + const unsigned char *seed, unsigned long seedlen, + unsigned char *mask, unsigned long masklen) { - unsigned long hLen, x; - ulong32 counter; - int err; - unsigned char *buf; - - LTC_ARGCHK(seed != NULL); - LTC_ARGCHK(mask != NULL); - - /* ensure valid hash */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - /* get hash output size */ - hLen = hash->digest_size; - - /* allocate memory */ - buf = XMALLOC(hLen); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* start counter */ - counter = 0; - - while (masklen > 0) { - /* handle counter */ - STORE32H(counter, buf); - ++counter; - - err = hash_memory_multi(hash, buf, &hLen, seed, seedlen, buf, (unsigned long) 4, NULL, 0); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - /* store it */ - for (x = 0; x < hLen && masklen > 0; x++, masklen--) { - *mask++ = buf[x]; - } - } - - err = CRYPT_OK; + unsigned long hLen, x; + ulong32 counter; + int err; + unsigned char *buf; + + LTC_ARGCHK(seed != NULL); + LTC_ARGCHK(mask != NULL); + + /* ensure valid hash */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + + /* get hash output size */ + hLen = hash->digest_size; + + /* allocate memory */ + buf = XMALLOC(hLen); + if (buf == NULL) { + return CRYPT_MEM; + } + + /* start counter */ + counter = 0; + + while (masklen > 0) { + /* handle counter */ + STORE32H(counter, buf); + ++counter; + + err = + hash_memory_multi(hash, buf, &hLen, seed, seedlen, buf, + (unsigned long)4, NULL, 0); + if (err != CRYPT_OK) { + goto LBL_ERR; + } + + /* store it */ + for (x = 0; x < hLen && masklen > 0; x++, masklen--) { + *mask++ = buf[x]; + } + } + + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(buf, hLen); + zeromem(buf, hLen); #endif - XFREE(buf); + XFREE(buf); - return err; + return err; } #endif /* LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_oaep_decode.c b/libtomcrypt/pk/pkcs1/pkcs_1_oaep_decode.c index 04833ff..1335170 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_oaep_decode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_oaep_decode.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_oaep_decode.c OAEP Padding for LTC_PKCS #1, Tom St Denis @@ -32,157 +31,163 @@ @param res [out] Result of decoding, 1==valid, 0==invalid @return CRYPT_OK if successful (even if invalid) */ -int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, const struct algo_properties_st *hash, - unsigned char *out, unsigned long *outlen, - int *res) +int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, + const unsigned char *lparam, unsigned long lparamlen, + unsigned long modulus_bitlen, + const struct algo_properties_st *hash, + unsigned char *out, unsigned long *outlen, int *res) { - unsigned char *DB, *seed, *mask; - unsigned long hLen, x, y, modulus_len; - int err; - - LTC_ARGCHK(msg != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(res != NULL); - - /* default to invalid packet */ - *res = 0; - - /* test valid hash */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - hLen = hash->digest_size; - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test hash/message size */ - if ((2*hLen >= (modulus_len - 2)) || (msglen != modulus_len)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - seed = XMALLOC(hLen); - if (DB == NULL || mask == NULL || seed == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (seed != NULL) { - XFREE(seed); - } - return CRYPT_MEM; - } - - /* ok so it's now in the form - - 0x00 || maskedseed || maskedDB - - 1 || hLen || modulus_len - hLen - 1 - - */ - - /* must have leading 0x00 byte */ - if (msg[0] != 0x00) { - err = CRYPT_OK; - goto LBL_ERR; - } - - /* now read the masked seed */ - x = 1; - XMEMCPY(seed, msg + x, hLen); - x += hLen; - - /* now read the masked DB */ - XMEMCPY(DB, msg + x, modulus_len - hLen - 1); - x += modulus_len - hLen - 1; - - /* compute MGF1 of maskedDB (hLen) */ - if ((err = pkcs_1_mgf1(hash, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* XOR against seed */ - for (y = 0; y < hLen; y++) { - seed[y] ^= mask[y]; - } - - /* compute MGF1 of seed (k - hlen - 1) */ - if ((err = pkcs_1_mgf1(hash, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* now DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ - - /* compute lhash and store it in seed [reuse temps!] */ - x = modulus_len; - if (lparam != NULL) { - if ((err = hash_memory(hash, lparam, lparamlen, seed, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } else { - /* can't pass hash_memory a NULL so use DB with zero length */ - if ((err = hash_memory(hash, DB, 0, seed, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* compare the lhash'es */ - if (XMEMCMP(seed, DB, hLen) != 0) { - err = CRYPT_OK; - goto LBL_ERR; - } - - /* now zeroes before a 0x01 */ - for (x = hLen; x < (modulus_len - hLen - 1) && DB[x] == 0x00; x++) { - /* step... */ - } - - /* error out if wasn't 0x01 */ - if (x == (modulus_len - hLen - 1) || DB[x] != 0x01) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* rest is the message (and skip 0x01) */ - if ((modulus_len - hLen - 1 - ++x) > *outlen) { - *outlen = modulus_len - hLen - 1 - x; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* copy message */ - *outlen = modulus_len - hLen - 1 - x; - XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x); - x += modulus_len - hLen - 1; - - /* valid packet */ - *res = 1; - - err = CRYPT_OK; + unsigned char *DB, *seed, *mask; + unsigned long hLen, x, y, modulus_len; + int err; + + LTC_ARGCHK(msg != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(res != NULL); + + /* default to invalid packet */ + *res = 0; + + /* test valid hash */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + + hLen = hash->digest_size; + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* test hash/message size */ + if ((2 * hLen >= (modulus_len - 2)) || (msglen != modulus_len)) { + return CRYPT_PK_INVALID_SIZE; + } + + /* allocate ram for DB/mask/salt of size modulus_len */ + DB = XMALLOC(modulus_len); + mask = XMALLOC(modulus_len); + seed = XMALLOC(hLen); + if (DB == NULL || mask == NULL || seed == NULL) { + if (DB != NULL) { + XFREE(DB); + } + if (mask != NULL) { + XFREE(mask); + } + if (seed != NULL) { + XFREE(seed); + } + return CRYPT_MEM; + } + + /* ok so it's now in the form + + 0x00 || maskedseed || maskedDB + + 1 || hLen || modulus_len - hLen - 1 + + */ + + /* must have leading 0x00 byte */ + if (msg[0] != 0x00) { + err = CRYPT_OK; + goto LBL_ERR; + } + + /* now read the masked seed */ + x = 1; + XMEMCPY(seed, msg + x, hLen); + x += hLen; + + /* now read the masked DB */ + XMEMCPY(DB, msg + x, modulus_len - hLen - 1); + x += modulus_len - hLen - 1; + + /* compute MGF1 of maskedDB (hLen) */ + if ((err = + pkcs_1_mgf1(hash, DB, modulus_len - hLen - 1, mask, + hLen)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* XOR against seed */ + for (y = 0; y < hLen; y++) { + seed[y] ^= mask[y]; + } + + /* compute MGF1 of seed (k - hlen - 1) */ + if ((err = + pkcs_1_mgf1(hash, seed, hLen, mask, + modulus_len - hLen - 1)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* xor against DB */ + for (y = 0; y < (modulus_len - hLen - 1); y++) { + DB[y] ^= mask[y]; + } + + /* now DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ + + /* compute lhash and store it in seed [reuse temps!] */ + x = modulus_len; + if (lparam != NULL) { + if ((err = + hash_memory(hash, lparam, lparamlen, seed, + &x)) != CRYPT_OK) { + goto LBL_ERR; + } + } else { + /* can't pass hash_memory a NULL so use DB with zero length */ + if ((err = hash_memory(hash, DB, 0, seed, &x)) != CRYPT_OK) { + goto LBL_ERR; + } + } + + /* compare the lhash'es */ + if (XMEMCMP(seed, DB, hLen) != 0) { + err = CRYPT_OK; + goto LBL_ERR; + } + + /* now zeroes before a 0x01 */ + for (x = hLen; x < (modulus_len - hLen - 1) && DB[x] == 0x00; x++) { + /* step... */ + } + + /* error out if wasn't 0x01 */ + if (x == (modulus_len - hLen - 1) || DB[x] != 0x01) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + /* rest is the message (and skip 0x01) */ + if ((modulus_len - hLen - 1 - ++x) > *outlen) { + *outlen = modulus_len - hLen - 1 - x; + err = CRYPT_BUFFER_OVERFLOW; + goto LBL_ERR; + } + + /* copy message */ + *outlen = modulus_len - hLen - 1 - x; + XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x); + x += modulus_len - hLen - 1; + + /* valid packet */ + *res = 1; + + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(seed, hLen); - zeromem(mask, modulus_len); + zeromem(DB, modulus_len); + zeromem(seed, hLen); + zeromem(mask, modulus_len); #endif - XFREE(seed); - XFREE(mask); - XFREE(DB); + XFREE(seed); + XFREE(mask); + XFREE(DB); - return err; + return err; } #endif /* LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_oaep_encode.c b/libtomcrypt/pk/pkcs1/pkcs_1_oaep_encode.c index ab75f73..9d07ead 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_oaep_encode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_oaep_encode.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_oaep_encode.c OAEP Padding for LTC_PKCS #1, Tom St Denis @@ -31,134 +30,141 @@ @param outlen [in/out] The max size and resulting size of the encoded data @return CRYPT_OK if successful */ -int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, const struct algo_properties_st *hash, - unsigned char *out, unsigned long *outlen) +int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, + const unsigned char *lparam, unsigned long lparamlen, + unsigned long modulus_bitlen, + const struct algo_properties_st *hash, + unsigned char *out, unsigned long *outlen) { - unsigned char *DB, *seed, *mask; - unsigned long hLen, x, y, modulus_len; - int err; - - LTC_ARGCHK(msg != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* test valid hash */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - hLen = hash->digest_size; - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test message size */ - if ((2*hLen >= (modulus_len - 2)) || (msglen > (modulus_len - 2*hLen - 2))) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - seed = XMALLOC(hLen); - if (DB == NULL || mask == NULL || seed == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (seed != NULL) { - XFREE(seed); - } - return CRYPT_MEM; - } - - /* get lhash */ - /* DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ - x = modulus_len; - if (lparam != NULL) { - if ((err = hash_memory(hash, lparam, lparamlen, DB, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } else { - /* can't pass hash_memory a NULL so use DB with zero length */ - if ((err = hash_memory(hash, DB, 0, DB, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* append PS then 0x01 (to lhash) */ - x = hLen; - y = modulus_len - msglen - 2*hLen - 2; - XMEMSET(DB+x, 0, y); - x += y; - - /* 0x01 byte */ - DB[x++] = 0x01; - - /* message (length = msglen) */ - XMEMCPY(DB+x, msg, msglen); - x += msglen; - - /* now choose a random seed */ - get_random_bytes(seed, hLen); - - /* compute MGF1 of seed (k - hlen - 1) */ - if ((err = pkcs_1_mgf1(hash, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* compute MGF1 of maskedDB (hLen) */ - if ((err = pkcs_1_mgf1(hash, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* XOR against seed */ - for (y = 0; y < hLen; y++) { - seed[y] ^= mask[y]; - } - - /* create string of length modulus_len */ - if (*outlen < modulus_len) { - *outlen = modulus_len; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* start output which is 0x00 || maskedSeed || maskedDB */ - x = 0; - out[x++] = 0x00; - XMEMCPY(out+x, seed, hLen); - x += hLen; - XMEMCPY(out+x, DB, modulus_len - hLen - 1); - x += modulus_len - hLen - 1; - - *outlen = x; - - err = CRYPT_OK; + unsigned char *DB, *seed, *mask; + unsigned long hLen, x, y, modulus_len; + int err; + + LTC_ARGCHK(msg != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + + /* test valid hash */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + + hLen = hash->digest_size; + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* test message size */ + if ((2 * hLen >= (modulus_len - 2)) + || (msglen > (modulus_len - 2 * hLen - 2))) { + return CRYPT_PK_INVALID_SIZE; + } + + /* allocate ram for DB/mask/salt of size modulus_len */ + DB = XMALLOC(modulus_len); + mask = XMALLOC(modulus_len); + seed = XMALLOC(hLen); + if (DB == NULL || mask == NULL || seed == NULL) { + if (DB != NULL) { + XFREE(DB); + } + if (mask != NULL) { + XFREE(mask); + } + if (seed != NULL) { + XFREE(seed); + } + return CRYPT_MEM; + } + + /* get lhash */ + /* DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ + x = modulus_len; + if (lparam != NULL) { + if ((err = + hash_memory(hash, lparam, lparamlen, DB, + &x)) != CRYPT_OK) { + goto LBL_ERR; + } + } else { + /* can't pass hash_memory a NULL so use DB with zero length */ + if ((err = hash_memory(hash, DB, 0, DB, &x)) != CRYPT_OK) { + goto LBL_ERR; + } + } + + /* append PS then 0x01 (to lhash) */ + x = hLen; + y = modulus_len - msglen - 2 * hLen - 2; + XMEMSET(DB + x, 0, y); + x += y; + + /* 0x01 byte */ + DB[x++] = 0x01; + + /* message (length = msglen) */ + XMEMCPY(DB + x, msg, msglen); + x += msglen; + + /* now choose a random seed */ + get_random_bytes(seed, hLen); + + /* compute MGF1 of seed (k - hlen - 1) */ + if ((err = + pkcs_1_mgf1(hash, seed, hLen, mask, + modulus_len - hLen - 1)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* xor against DB */ + for (y = 0; y < (modulus_len - hLen - 1); y++) { + DB[y] ^= mask[y]; + } + + /* compute MGF1 of maskedDB (hLen) */ + if ((err = + pkcs_1_mgf1(hash, DB, modulus_len - hLen - 1, mask, + hLen)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* XOR against seed */ + for (y = 0; y < hLen; y++) { + seed[y] ^= mask[y]; + } + + /* create string of length modulus_len */ + if (*outlen < modulus_len) { + *outlen = modulus_len; + err = CRYPT_BUFFER_OVERFLOW; + goto LBL_ERR; + } + + /* start output which is 0x00 || maskedSeed || maskedDB */ + x = 0; + out[x++] = 0x00; + XMEMCPY(out + x, seed, hLen); + x += hLen; + XMEMCPY(out + x, DB, modulus_len - hLen - 1); + x += modulus_len - hLen - 1; + + *outlen = x; + + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(seed, hLen); - zeromem(mask, modulus_len); + zeromem(DB, modulus_len); + zeromem(seed, hLen); + zeromem(mask, modulus_len); #endif - XFREE(seed); - XFREE(mask); - XFREE(DB); + XFREE(seed); + XFREE(mask); + XFREE(DB); - return err; + return err; } #endif /* LTC_PKCS_1 */ - /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c,v $ */ /* $Revision: 1.9 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_os2ip.c b/libtomcrypt/pk/pkcs1/pkcs_1_os2ip.c index 513abb6..87fda40 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_os2ip.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_os2ip.c @@ -25,12 +25,11 @@ */ int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen) { - return mp_read_unsigned_bin(n, in, inlen); + return mp_read_unsigned_bin(n, in, inlen); } #endif /* LTC_PKCS_1 */ - /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c,v $ */ /* $Revision: 1.7 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c b/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c index 789d12d..2a2b980 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_pss_decode.c LTC_PKCS #1 PSS Signature Padding, Tom St Denis @@ -32,133 +31,140 @@ @return CRYPT_OK if successful (even if the comparison failed) */ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, - const unsigned char *sig, unsigned long siglen, - unsigned long saltlen, const struct algo_properties_st *hash_algo, - unsigned long modulus_bitlen, int *res) + const unsigned char *sig, unsigned long siglen, + unsigned long saltlen, + const struct algo_properties_st *hash_algo, + unsigned long modulus_bitlen, int *res) { - unsigned char *DB, *mask, *salt, *hash; - unsigned long x, y, hLen, modulus_len; - int err; - - LTC_ARGCHK(msghash != NULL); - LTC_ARGCHK(res != NULL); - - /* default to invalid */ - *res = 0; - - /* ensure hash is valid */ - if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { - return err; - } - - hLen = hash_algo->digest_size; - modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); - - /* check sizes */ - if ((saltlen > modulus_len) || - (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt/hash of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - salt = XMALLOC(modulus_len); - hash = XMALLOC(modulus_len); - if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (salt != NULL) { - XFREE(salt); - } - if (hash != NULL) { - XFREE(hash); - } - return CRYPT_MEM; - } - - /* ensure the 0xBC byte */ - if (sig[siglen-1] != 0xBC) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* copy out the DB */ - x = 0; - XMEMCPY(DB, sig + x, modulus_len - hLen - 1); - x += modulus_len - hLen - 1; - - /* copy out the hash */ - XMEMCPY(hash, sig + x, hLen); - x += hLen; - - /* check the MSB */ - if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* generate mask of length modulus_len - hLen - 1 from hash */ - if ((err = pkcs_1_mgf1(hash_algo, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* now clear the first byte [make sure smaller than modulus] */ - DB[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)); - - /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ - - /* check for zeroes and 0x01 */ - for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { - if (DB[x] != 0x00) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - } - - /* check for the 0x01 */ - if (DB[x++] != 0x01) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - zeromem(mask, 8); - - /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ - err = hash_memory_multi(hash_algo, mask, &hLen, mask, (unsigned long)8, msghash, (unsigned long)msghashlen, DB+x, (unsigned long)saltlen, NULL, 0); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - /* mask == hash means valid signature */ - if (XMEMCMP(mask, hash, hLen) == 0) { - *res = 1; - } - - err = CRYPT_OK; + unsigned char *DB, *mask, *salt, *hash; + unsigned long x, y, hLen, modulus_len; + int err; + + LTC_ARGCHK(msghash != NULL); + LTC_ARGCHK(res != NULL); + + /* default to invalid */ + *res = 0; + + /* ensure hash is valid */ + if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { + return err; + } + + hLen = hash_algo->digest_size; + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* check sizes */ + if ((saltlen > modulus_len) || + (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { + return CRYPT_PK_INVALID_SIZE; + } + + /* allocate ram for DB/mask/salt/hash of size modulus_len */ + DB = XMALLOC(modulus_len); + mask = XMALLOC(modulus_len); + salt = XMALLOC(modulus_len); + hash = XMALLOC(modulus_len); + if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { + if (DB != NULL) { + XFREE(DB); + } + if (mask != NULL) { + XFREE(mask); + } + if (salt != NULL) { + XFREE(salt); + } + if (hash != NULL) { + XFREE(hash); + } + return CRYPT_MEM; + } + + /* ensure the 0xBC byte */ + if (sig[siglen - 1] != 0xBC) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + /* copy out the DB */ + x = 0; + XMEMCPY(DB, sig + x, modulus_len - hLen - 1); + x += modulus_len - hLen - 1; + + /* copy out the hash */ + XMEMCPY(hash, sig + x, hLen); + x += hLen; + + /* check the MSB */ + if ((sig[0] & ~(0xFF >> ((modulus_len << 3) - (modulus_bitlen - 1)))) != + 0) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + /* generate mask of length modulus_len - hLen - 1 from hash */ + if ((err = + pkcs_1_mgf1(hash_algo, hash, hLen, mask, + modulus_len - hLen - 1)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* xor against DB */ + for (y = 0; y < (modulus_len - hLen - 1); y++) { + DB[y] ^= mask[y]; + } + + /* now clear the first byte [make sure smaller than modulus] */ + DB[0] &= 0xFF >> ((modulus_len << 3) - (modulus_bitlen - 1)); + + /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ + + /* check for zeroes and 0x01 */ + for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { + if (DB[x] != 0x00) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + } + + /* check for the 0x01 */ + if (DB[x++] != 0x01) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + zeromem(mask, 8); + + /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ + err = + hash_memory_multi(hash_algo, mask, &hLen, mask, (unsigned long)8, + msghash, (unsigned long)msghashlen, DB + x, + (unsigned long)saltlen, NULL, 0); + if (err != CRYPT_OK) { + goto LBL_ERR; + } + + /* mask == hash means valid signature */ + if (XMEMCMP(mask, hash, hLen) == 0) { + *res = 1; + } + + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(mask, modulus_len); - zeromem(salt, modulus_len); - zeromem(hash, modulus_len); + zeromem(DB, modulus_len); + zeromem(mask, modulus_len); + zeromem(salt, modulus_len); + zeromem(hash, modulus_len); #endif - XFREE(hash); - XFREE(salt); - XFREE(mask); - XFREE(DB); + XFREE(hash); + XFREE(salt); + XFREE(mask); + XFREE(DB); - return err; + return err; } #endif /* LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c b/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c index d3ce3d9..a2c6928 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_pss_encode.c LTC_PKCS #1 PSS Signature Padding, Tom St Denis @@ -31,123 +30,128 @@ @return CRYPT_OK if successful */ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, - unsigned long saltlen, const struct algo_properties_st *hash_algo, - unsigned long modulus_bitlen, - unsigned char *out, unsigned long *outlen) + unsigned long saltlen, + const struct algo_properties_st *hash_algo, + unsigned long modulus_bitlen, unsigned char *out, + unsigned long *outlen) { - unsigned char *DB, *mask, *salt, *hash; - unsigned long x, y, hLen, modulus_len; - int err; - - LTC_ARGCHK(msghash != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* ensure hash and PRNG are valid */ - if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { - return err; - } - - hLen = hash_algo->digest_size; - modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); - - /* check sizes */ - if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt/hash of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - salt = XMALLOC(modulus_len); - hash = XMALLOC(modulus_len); - if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (salt != NULL) { - XFREE(salt); - } - if (hash != NULL) { - XFREE(hash); - } - return CRYPT_MEM; - } - - - /* generate random salt */ - if (saltlen > 0) { - get_random_bytes(salt, saltlen); - } - - zeromem(DB, 8); - - /* M = (eight) 0x00 || msghash || salt, hash = H(M) */ - err = hash_memory_multi(hash_algo, hash, &hLen, DB, (unsigned long)8, msghash, (unsigned long)msghashlen, salt, (unsigned long)saltlen, NULL, 0); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - /* generate DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ - x = 0; - XMEMSET(DB + x, 0, modulus_len - saltlen - hLen - 2); - x += modulus_len - saltlen - hLen - 2; - DB[x++] = 0x01; - XMEMCPY(DB + x, salt, saltlen); - x += saltlen; - - /* generate mask of length modulus_len - hLen - 1 from hash */ - if ((err = pkcs_1_mgf1(hash_algo, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* output is DB || hash || 0xBC */ - if (*outlen < modulus_len) { - *outlen = modulus_len; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* DB len = modulus_len - hLen - 1 */ - y = 0; - XMEMCPY(out + y, DB, modulus_len - hLen - 1); - y += modulus_len - hLen - 1; - - /* hash */ - XMEMCPY(out + y, hash, hLen); - y += hLen; - - /* 0xBC */ - out[y] = 0xBC; - - /* now clear the 8*modulus_len - modulus_bitlen most significant bits */ - out[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)); - - /* store output size */ - *outlen = modulus_len; - err = CRYPT_OK; + unsigned char *DB, *mask, *salt, *hash; + unsigned long x, y, hLen, modulus_len; + int err; + + LTC_ARGCHK(msghash != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + + /* ensure hash and PRNG are valid */ + if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { + return err; + } + + hLen = hash_algo->digest_size; + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* check sizes */ + if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2)) { + return CRYPT_PK_INVALID_SIZE; + } + + /* allocate ram for DB/mask/salt/hash of size modulus_len */ + DB = XMALLOC(modulus_len); + mask = XMALLOC(modulus_len); + salt = XMALLOC(modulus_len); + hash = XMALLOC(modulus_len); + if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { + if (DB != NULL) { + XFREE(DB); + } + if (mask != NULL) { + XFREE(mask); + } + if (salt != NULL) { + XFREE(salt); + } + if (hash != NULL) { + XFREE(hash); + } + return CRYPT_MEM; + } + + /* generate random salt */ + if (saltlen > 0) { + get_random_bytes(salt, saltlen); + } + + zeromem(DB, 8); + + /* M = (eight) 0x00 || msghash || salt, hash = H(M) */ + err = + hash_memory_multi(hash_algo, hash, &hLen, DB, (unsigned long)8, + msghash, (unsigned long)msghashlen, salt, + (unsigned long)saltlen, NULL, 0); + if (err != CRYPT_OK) { + goto LBL_ERR; + } + + /* generate DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ + x = 0; + XMEMSET(DB + x, 0, modulus_len - saltlen - hLen - 2); + x += modulus_len - saltlen - hLen - 2; + DB[x++] = 0x01; + XMEMCPY(DB + x, salt, saltlen); + x += saltlen; + + /* generate mask of length modulus_len - hLen - 1 from hash */ + if ((err = + pkcs_1_mgf1(hash_algo, hash, hLen, mask, + modulus_len - hLen - 1)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* xor against DB */ + for (y = 0; y < (modulus_len - hLen - 1); y++) { + DB[y] ^= mask[y]; + } + + /* output is DB || hash || 0xBC */ + if (*outlen < modulus_len) { + *outlen = modulus_len; + err = CRYPT_BUFFER_OVERFLOW; + goto LBL_ERR; + } + + /* DB len = modulus_len - hLen - 1 */ + y = 0; + XMEMCPY(out + y, DB, modulus_len - hLen - 1); + y += modulus_len - hLen - 1; + + /* hash */ + XMEMCPY(out + y, hash, hLen); + y += hLen; + + /* 0xBC */ + out[y] = 0xBC; + + /* now clear the 8*modulus_len - modulus_bitlen most significant bits */ + out[0] &= 0xFF >> ((modulus_len << 3) - (modulus_bitlen - 1)); + + /* store output size */ + *outlen = modulus_len; + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(mask, modulus_len); - zeromem(salt, modulus_len); - zeromem(hash, modulus_len); + zeromem(DB, modulus_len); + zeromem(mask, modulus_len); + zeromem(salt, modulus_len); + zeromem(hash, modulus_len); #endif - XFREE(hash); - XFREE(salt); - XFREE(mask); - XFREE(DB); + XFREE(hash); + XFREE(salt); + XFREE(mask); + XFREE(DB); - return err; + return err; } #endif /* LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_decode.c b/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_decode.c index 1bb08e3..29c4d7b 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_decode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_decode.c @@ -29,79 +29,81 @@ * * @return CRYPT_OK if successful (even if invalid) */ -int pkcs_1_v1_5_decode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - unsigned char *out, - unsigned long *outlen, - int *is_valid) +int pkcs_1_v1_5_decode(const unsigned char *msg, + unsigned long msglen, + int block_type, + unsigned long modulus_bitlen, + unsigned char *out, unsigned long *outlen, int *is_valid) { - unsigned long modulus_len, ps_len, i; - int result; - - /* default to invalid packet */ - *is_valid = 0; - - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test message size */ - - if ((msglen > modulus_len) || (modulus_len < 11)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* separate encoded message */ - - if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) { - result = CRYPT_INVALID_PACKET; - goto bail; - } - - if (block_type == LTC_LTC_PKCS_1_EME) { - for (i = 2; i < modulus_len; i++) { - /* separator */ - if (msg[i] == 0x00) { break; } - } - ps_len = i++ - 2; - - if ((i >= modulus_len) || (ps_len < 8)) { - /* There was no octet with hexadecimal value 0x00 to separate ps from m, - * or the length of ps is less than 8 octets. - */ - result = CRYPT_INVALID_PACKET; - goto bail; - } - } else { - for (i = 2; i < modulus_len - 1; i++) { - if (msg[i] != 0xFF) { break; } - } - - /* separator check */ - if (msg[i] != 0) { - /* There was no octet with hexadecimal value 0x00 to separate ps from m. */ - result = CRYPT_INVALID_PACKET; - goto bail; - } - - ps_len = i - 2; - } - - if (*outlen < (msglen - (2 + ps_len + 1))) { - *outlen = msglen - (2 + ps_len + 1); - result = CRYPT_BUFFER_OVERFLOW; - goto bail; - } - - *outlen = (msglen - (2 + ps_len + 1)); - XMEMCPY(out, &msg[2 + ps_len + 1], *outlen); - - /* valid packet */ - *is_valid = 1; - result = CRYPT_OK; + unsigned long modulus_len, ps_len, i; + int result; + + /* default to invalid packet */ + *is_valid = 0; + + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* test message size */ + + if ((msglen > modulus_len) || (modulus_len < 11)) { + return CRYPT_PK_INVALID_SIZE; + } + + /* separate encoded message */ + + if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) { + result = CRYPT_INVALID_PACKET; + goto bail; + } + + if (block_type == LTC_LTC_PKCS_1_EME) { + for (i = 2; i < modulus_len; i++) { + /* separator */ + if (msg[i] == 0x00) { + break; + } + } + ps_len = i++ - 2; + + if ((i >= modulus_len) || (ps_len < 8)) { + /* There was no octet with hexadecimal value 0x00 to separate ps from m, + * or the length of ps is less than 8 octets. + */ + result = CRYPT_INVALID_PACKET; + goto bail; + } + } else { + for (i = 2; i < modulus_len - 1; i++) { + if (msg[i] != 0xFF) { + break; + } + } + + /* separator check */ + if (msg[i] != 0) { + /* There was no octet with hexadecimal value 0x00 to separate ps from m. */ + result = CRYPT_INVALID_PACKET; + goto bail; + } + + ps_len = i - 2; + } + + if (*outlen < (msglen - (2 + ps_len + 1))) { + *outlen = msglen - (2 + ps_len + 1); + result = CRYPT_BUFFER_OVERFLOW; + goto bail; + } + + *outlen = (msglen - (2 + ps_len + 1)); + XMEMCPY(out, &msg[2 + ps_len + 1], *outlen); + + /* valid packet */ + *is_valid = 1; + result = CRYPT_OK; bail: - return result; -} /* pkcs_1_v1_5_decode */ + return result; +} /* pkcs_1_v1_5_decode */ #endif /* #ifdef LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_encode.c b/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_encode.c index 048fe69..0261b7b 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_encode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_encode.c @@ -28,65 +28,64 @@ * * \return CRYPT_OK if successful */ -int pkcs_1_v1_5_encode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - unsigned char *out, - unsigned long *outlen) +int pkcs_1_v1_5_encode(const unsigned char *msg, + unsigned long msglen, + int block_type, + unsigned long modulus_bitlen, + unsigned char *out, unsigned long *outlen) { - unsigned long modulus_len, ps_len, i; - unsigned char *ps; - int result; + unsigned long modulus_len, ps_len, i; + unsigned char *ps; + int result; - /* valid block_type? */ - if ((block_type != LTC_LTC_PKCS_1_EMSA) && - (block_type != LTC_LTC_PKCS_1_EME)) { - return CRYPT_PK_INVALID_PADDING; - } + /* valid block_type? */ + if ((block_type != LTC_LTC_PKCS_1_EMSA) && + (block_type != LTC_LTC_PKCS_1_EME)) { + return CRYPT_PK_INVALID_PADDING; + } - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - /* test message size */ - if ((msglen + 11) > modulus_len) { - return CRYPT_PK_INVALID_SIZE; - } + /* test message size */ + if ((msglen + 11) > modulus_len) { + return CRYPT_PK_INVALID_SIZE; + } - if (*outlen < modulus_len) { - *outlen = modulus_len; - result = CRYPT_BUFFER_OVERFLOW; - goto bail; - } + if (*outlen < modulus_len) { + *outlen = modulus_len; + result = CRYPT_BUFFER_OVERFLOW; + goto bail; + } - /* generate an octets string PS */ - ps = &out[2]; - ps_len = modulus_len - msglen - 3; + /* generate an octets string PS */ + ps = &out[2]; + ps_len = modulus_len - msglen - 3; - if (block_type == LTC_LTC_PKCS_1_EME) { - /* now choose a random ps */ - get_random_bytes(ps, ps_len); + if (block_type == LTC_LTC_PKCS_1_EME) { + /* now choose a random ps */ + get_random_bytes(ps, ps_len); - /* transform zero bytes (if any) to non-zero random bytes */ - for (i = 0; i < ps_len; i++) { - while (ps[i] == 0) { - get_random_bytes(&ps[i], 1); - } - } - } else { - XMEMSET(ps, 0xFF, ps_len); - } + /* transform zero bytes (if any) to non-zero random bytes */ + for (i = 0; i < ps_len; i++) { + while (ps[i] == 0) { + get_random_bytes(&ps[i], 1); + } + } + } else { + XMEMSET(ps, 0xFF, ps_len); + } - /* create string of length modulus_len */ - out[0] = 0x00; - out[1] = (unsigned char)block_type; /* block_type 1 or 2 */ - out[2 + ps_len] = 0x00; - XMEMCPY(&out[2 + ps_len + 1], msg, msglen); - *outlen = modulus_len; + /* create string of length modulus_len */ + out[0] = 0x00; + out[1] = (unsigned char)block_type; /* block_type 1 or 2 */ + out[2 + ps_len] = 0x00; + XMEMCPY(&out[2 + ps_len + 1], msg, msglen); + *outlen = modulus_len; - result = CRYPT_OK; + result = CRYPT_OK; bail: - return result; -} /* pkcs_1_v1_5_encode */ + return result; +} /* pkcs_1_v1_5_encode */ #endif /* #ifdef LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/rsa/rsa_decrypt_key.c b/libtomcrypt/pk/rsa/rsa_decrypt_key.c index 813a765..36573be 100644 --- a/libtomcrypt/pk/rsa/rsa_decrypt_key.c +++ b/libtomcrypt/pk/rsa/rsa_decrypt_key.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include "ncr-int.h" - /** @file rsa_decrypt_key.c RSA LTC_PKCS #1 Decryption, Tom St Denis and Andreas Lange @@ -33,71 +32,75 @@ @param key The corresponding private RSA key @return CRYPT_OK if succcessul (even if invalid) */ -int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - const struct algo_properties_st *hash, int padding, - int *stat, rsa_key *key) +int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + const struct algo_properties_st *hash, int padding, + int *stat, rsa_key * key) { - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; - unsigned char *tmp; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(stat != NULL); - - /* default to invalid */ - *stat = 0; - - /* valid padding? */ - - if ((padding != LTC_LTC_PKCS_1_V1_5) && - (padding != LTC_LTC_PKCS_1_OAEP)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (padding == LTC_LTC_PKCS_1_OAEP) { - /* valid hash ? */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits( (&key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size( (&key->N)); - if (modulus_bytelen != inlen) { - return CRYPT_INVALID_PACKET; - } - - /* allocate ram */ - tmp = XMALLOC(inlen); - if (tmp == NULL) { - return CRYPT_MEM; - } - - /* rsa decode the packet */ - x = inlen; - if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) { - XFREE(tmp); - return err; - } - - if (padding == LTC_LTC_PKCS_1_OAEP) { - /* now OAEP decode the packet */ - err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash, - out, outlen, stat); - } else { - /* now LTC_PKCS #1 v1.5 depad the packet */ - err = pkcs_1_v1_5_decode(tmp, x, LTC_LTC_PKCS_1_EME, modulus_bitlen, out, outlen, stat); - } - - XFREE(tmp); - return err; + unsigned long modulus_bitlen, modulus_bytelen, x; + int err; + unsigned char *tmp; + + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(stat != NULL); + + /* default to invalid */ + *stat = 0; + + /* valid padding? */ + + if ((padding != LTC_LTC_PKCS_1_V1_5) && + (padding != LTC_LTC_PKCS_1_OAEP)) { + return CRYPT_PK_INVALID_PADDING; + } + + if (padding == LTC_LTC_PKCS_1_OAEP) { + /* valid hash ? */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + } + + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((&key->N)); + + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size((&key->N)); + if (modulus_bytelen != inlen) { + return CRYPT_INVALID_PACKET; + } + + /* allocate ram */ + tmp = XMALLOC(inlen); + if (tmp == NULL) { + return CRYPT_MEM; + } + + /* rsa decode the packet */ + x = inlen; + if ((err = + rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) { + XFREE(tmp); + return err; + } + + if (padding == LTC_LTC_PKCS_1_OAEP) { + /* now OAEP decode the packet */ + err = + pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, + modulus_bitlen, hash, out, outlen, stat); + } else { + /* now LTC_PKCS #1 v1.5 depad the packet */ + err = + pkcs_1_v1_5_decode(tmp, x, LTC_LTC_PKCS_1_EME, + modulus_bitlen, out, outlen, stat); + } + + XFREE(tmp); + return err; } #endif /* LTC_MRSA */ diff --git a/libtomcrypt/pk/rsa/rsa_encrypt_key.c b/libtomcrypt/pk/rsa/rsa_encrypt_key.c index 8d3f2db..9367015 100644 --- a/libtomcrypt/pk/rsa/rsa_encrypt_key.c +++ b/libtomcrypt/pk/rsa/rsa_encrypt_key.c @@ -31,62 +31,63 @@ @param key The RSA key to encrypt to @return CRYPT_OK if successful */ -int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - const struct algo_properties_st *hash, int padding, rsa_key *key) +int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + const struct algo_properties_st *hash, int padding, + rsa_key * key) { - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; + unsigned long modulus_bitlen, modulus_bytelen, x; + int err; - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); - /* valid padding? */ - if ((padding != LTC_LTC_PKCS_1_V1_5) && - (padding != LTC_LTC_PKCS_1_OAEP)) { - return CRYPT_PK_INVALID_PADDING; - } + /* valid padding? */ + if ((padding != LTC_LTC_PKCS_1_V1_5) && + (padding != LTC_LTC_PKCS_1_OAEP)) { + return CRYPT_PK_INVALID_PADDING; + } - if (padding == LTC_LTC_PKCS_1_OAEP) { - /* valid hash? */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - } + if (padding == LTC_LTC_PKCS_1_OAEP) { + /* valid hash? */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + } - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits( (&key->N)); + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((&key->N)); - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size( (&key->N)); - if (modulus_bytelen > *outlen) { - *outlen = modulus_bytelen; - return CRYPT_BUFFER_OVERFLOW; - } + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size((&key->N)); + if (modulus_bytelen > *outlen) { + *outlen = modulus_bytelen; + return CRYPT_BUFFER_OVERFLOW; + } - if (padding == LTC_LTC_PKCS_1_OAEP) { - /* OAEP pad the key */ - x = *outlen; - if ((err = pkcs_1_oaep_encode(in, inlen, lparam, - lparamlen, modulus_bitlen, hash, - out, &x)) != CRYPT_OK) { - return err; - } - } else { - /* LTC_PKCS #1 v1.5 pad the key */ - x = *outlen; - if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_LTC_PKCS_1_EME, - modulus_bitlen, - out, &x)) != CRYPT_OK) { - return err; - } - } + if (padding == LTC_LTC_PKCS_1_OAEP) { + /* OAEP pad the key */ + x = *outlen; + if ((err = pkcs_1_oaep_encode(in, inlen, lparam, + lparamlen, modulus_bitlen, hash, + out, &x)) != CRYPT_OK) { + return err; + } + } else { + /* LTC_PKCS #1 v1.5 pad the key */ + x = *outlen; + if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_LTC_PKCS_1_EME, + modulus_bitlen, + out, &x)) != CRYPT_OK) { + return err; + } + } - /* rsa exptmod the OAEP or LTC_PKCS #1 v1.5 pad */ - return rsa_exptmod(out, x, out, outlen, PK_PUBLIC, key); + /* rsa exptmod the OAEP or LTC_PKCS #1 v1.5 pad */ + return rsa_exptmod(out, x, out, outlen, PK_PUBLIC, key); } #endif /* LTC_MRSA */ diff --git a/libtomcrypt/pk/rsa/rsa_export.c b/libtomcrypt/pk/rsa/rsa_export.c index 21f859c..483af19 100644 --- a/libtomcrypt/pk/rsa/rsa_export.c +++ b/libtomcrypt/pk/rsa/rsa_export.c @@ -14,7 +14,7 @@ /** @file rsa_export.c Export RSA LTC_PKCS keys, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -25,59 +25,64 @@ @param type The type of exported key (PK_PRIVATE or PK_PUBLIC) @param key The RSA key to export @return CRYPT_OK if successful -*/ -int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key) +*/ +int rsa_export(unsigned char *out, unsigned long *outlen, int type, + rsa_key * key) { - unsigned long zero=0; - int err; - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); + unsigned long zero = 0; + int err; + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); - /* type valid? */ - if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) { - return CRYPT_PK_INVALID_TYPE; - } + /* type valid? */ + if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) { + return CRYPT_PK_INVALID_TYPE; + } - if (type == PK_PRIVATE) { - /* private key */ - /* output is - Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p - */ - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_INTEGER, 1UL, &key->d, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->dP, - LTC_ASN1_INTEGER, 1UL, &key->dQ, - LTC_ASN1_INTEGER, 1UL, &key->qP, - LTC_ASN1_EOL, 0UL, NULL); - } else { - unsigned long tmplen = (mp_count_bits(&key->N)/8)*2+8; - unsigned char* tmp = XMALLOC(tmplen); - - if (tmp == NULL) { - return CRYPT_MEM; - } + if (type == PK_PRIVATE) { + /* private key */ + /* output is + Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p + */ + return der_encode_sequence_multi(out, outlen, + LTC_ASN1_SHORT_INTEGER, 1UL, + &zero, LTC_ASN1_INTEGER, 1UL, + &key->N, LTC_ASN1_INTEGER, 1UL, + &key->e, LTC_ASN1_INTEGER, 1UL, + &key->d, LTC_ASN1_INTEGER, 1UL, + &key->p, LTC_ASN1_INTEGER, 1UL, + &key->q, LTC_ASN1_INTEGER, 1UL, + &key->dP, LTC_ASN1_INTEGER, + 1UL, &key->dQ, + LTC_ASN1_INTEGER, 1UL, + &key->qP, LTC_ASN1_EOL, 0UL, + NULL); + } else { + unsigned long tmplen = (mp_count_bits(&key->N) / 8) * 2 + 8; + unsigned char *tmp = XMALLOC(tmplen); - err = der_encode_sequence_multi(tmp, &tmplen, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_EOL, 0UL, NULL); - if (err != CRYPT_OK) { - goto error; - } + if (tmp == NULL) { + return CRYPT_MEM; + } + + err = der_encode_sequence_multi(tmp, &tmplen, + LTC_ASN1_INTEGER, 1UL, &key->N, + LTC_ASN1_INTEGER, 1UL, &key->e, + LTC_ASN1_EOL, 0UL, NULL); + if (err != CRYPT_OK) { + goto error; + } + + err = der_encode_subject_public_key_info(out, outlen, + PKA_RSA, tmp, tmplen, + LTC_ASN1_NULL, NULL, + 0); - err = der_encode_subject_public_key_info(out, outlen, - PKA_RSA, tmp, tmplen, LTC_ASN1_NULL, NULL, 0); - error: - XFREE(tmp); - return err; - } + XFREE(tmp); + return err; + } } #endif /* LTC_MRSA */ diff --git a/libtomcrypt/pk/rsa/rsa_exptmod.c b/libtomcrypt/pk/rsa/rsa_exptmod.c index 35ebfe3..b137f9c 100644 --- a/libtomcrypt/pk/rsa/rsa_exptmod.c +++ b/libtomcrypt/pk/rsa/rsa_exptmod.c @@ -15,7 +15,7 @@ /** @file rsa_exptmod.c RSA LTC_PKCS exptmod, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -28,116 +28,145 @@ @param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC @param key The RSA key to use @return CRYPT_OK if successful -*/ -int rsa_exptmod(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int which, - rsa_key *key) +*/ +int rsa_exptmod(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, int which, + rsa_key * key) { - mp_int tmp, tmpa, tmpb, rnd, rndi /* inverse of rnd */; - unsigned long x; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* is the key of the right type for the operation? */ - if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* must be a private or public operation */ - if (which != PK_PRIVATE && which != PK_PUBLIC) { - return CRYPT_PK_INVALID_TYPE; - } - - /* init and copy into tmp */ - if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL)) != CRYPT_OK) - { return err; } - if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) - { goto error; } - - /* sanity check on the input */ - if (mp_cmp(&key->N, &tmp) == LTC_MP_LT) { - err = CRYPT_PK_INVALID_SIZE; - goto error; - } - - /* are we using the private exponent and is the key optimized? */ - if (which == PK_PRIVATE) { - /* do blinding */ - err = mp_rand(&rnd, mp_count_bits(&key->N)); - if (err != CRYPT_OK) { - goto error; - } - - /* rndi = 1/rnd mod N */ - err = mp_invmod( &rnd, &key->N, &rndi); - if (err != CRYPT_OK) { - goto error; - } - - /* rnd = rnd^e */ - err = mp_exptmod( &rnd, &key->e, &key->N, &rnd); - if (err != CRYPT_OK) { - goto error; - } - - /* tmp = tmp*rnd mod N */ - err = mp_mulmod( &tmp, &rnd, &key->N, &tmp); - if (err != CRYPT_OK) { - goto error; - } - - /* tmpa = tmp^dP mod p */ - if ((err = mp_exptmod(&tmp, &key->dP, &key->p, &tmpa)) != CRYPT_OK) { goto error; } - - /* tmpb = tmp^dQ mod q */ - if ((err = mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb)) != CRYPT_OK) { goto error; } - - /* tmp = (tmpa - tmpb) * qInv (mod p) */ - if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != CRYPT_OK) { goto error; } - - /* tmp = tmpb + q * tmp */ - if ((err = mp_mul(&tmp, &key->q, &tmp)) != CRYPT_OK) { goto error; } - if ((err = mp_add(&tmp, &tmpb, &tmp)) != CRYPT_OK) { goto error; } - - /* unblind */ - err = mp_mulmod( &tmp, &rndi, &key->N, &tmp); - if (err != CRYPT_OK) { - goto error; - } - } else { - /* exptmod it */ - if ((err = mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != CRYPT_OK) { goto error; } - } - - /* read it back */ - x = (unsigned long)mp_unsigned_bin_size(&key->N); - if (x > *outlen) { - *outlen = x; - err = CRYPT_BUFFER_OVERFLOW; - goto error; - } - - /* this should never happen ... */ - if (mp_unsigned_bin_size(&tmp) > mp_unsigned_bin_size(&key->N)) { - err = CRYPT_ERROR; - goto error; - } - *outlen = x; - - /* convert it */ - zeromem(out, x); - if ((err = mp_to_unsigned_bin(&tmp, out+(x-mp_unsigned_bin_size(&tmp)))) != CRYPT_OK) { goto error; } - - /* clean up and return */ - err = CRYPT_OK; + mp_int tmp, tmpa, tmpb, rnd, rndi /* inverse of rnd */ ; + unsigned long x; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* is the key of the right type for the operation? */ + if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) { + return CRYPT_PK_NOT_PRIVATE; + } + + /* must be a private or public operation */ + if (which != PK_PRIVATE && which != PK_PUBLIC) { + return CRYPT_PK_INVALID_TYPE; + } + + /* init and copy into tmp */ + if ((err = + mp_init_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, + NULL)) != CRYPT_OK) { + return err; + } + if ((err = + mp_read_unsigned_bin(&tmp, (unsigned char *)in, + (int)inlen)) != CRYPT_OK) { + goto error; + } + + /* sanity check on the input */ + if (mp_cmp(&key->N, &tmp) == LTC_MP_LT) { + err = CRYPT_PK_INVALID_SIZE; + goto error; + } + + /* are we using the private exponent and is the key optimized? */ + if (which == PK_PRIVATE) { + /* do blinding */ + err = mp_rand(&rnd, mp_count_bits(&key->N)); + if (err != CRYPT_OK) { + goto error; + } + + /* rndi = 1/rnd mod N */ + err = mp_invmod(&rnd, &key->N, &rndi); + if (err != CRYPT_OK) { + goto error; + } + + /* rnd = rnd^e */ + err = mp_exptmod(&rnd, &key->e, &key->N, &rnd); + if (err != CRYPT_OK) { + goto error; + } + + /* tmp = tmp*rnd mod N */ + err = mp_mulmod(&tmp, &rnd, &key->N, &tmp); + if (err != CRYPT_OK) { + goto error; + } + + /* tmpa = tmp^dP mod p */ + if ((err = + mp_exptmod(&tmp, &key->dP, &key->p, &tmpa)) != CRYPT_OK) { + goto error; + } + + /* tmpb = tmp^dQ mod q */ + if ((err = + mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb)) != CRYPT_OK) { + goto error; + } + + /* tmp = (tmpa - tmpb) * qInv (mod p) */ + if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != CRYPT_OK) { + goto error; + } + if ((err = + mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != CRYPT_OK) { + goto error; + } + + /* tmp = tmpb + q * tmp */ + if ((err = mp_mul(&tmp, &key->q, &tmp)) != CRYPT_OK) { + goto error; + } + if ((err = mp_add(&tmp, &tmpb, &tmp)) != CRYPT_OK) { + goto error; + } + + /* unblind */ + err = mp_mulmod(&tmp, &rndi, &key->N, &tmp); + if (err != CRYPT_OK) { + goto error; + } + } else { + /* exptmod it */ + if ((err = + mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != CRYPT_OK) { + goto error; + } + } + + /* read it back */ + x = (unsigned long)mp_unsigned_bin_size(&key->N); + if (x > *outlen) { + *outlen = x; + err = CRYPT_BUFFER_OVERFLOW; + goto error; + } + + /* this should never happen ... */ + if (mp_unsigned_bin_size(&tmp) > mp_unsigned_bin_size(&key->N)) { + err = CRYPT_ERROR; + goto error; + } + *outlen = x; + + /* convert it */ + zeromem(out, x); + if ((err = + mp_to_unsigned_bin(&tmp, + out + (x - mp_unsigned_bin_size(&tmp)))) != + CRYPT_OK) { + goto error; + } + + /* clean up and return */ + err = CRYPT_OK; error: - mp_clear_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL); - return err; + mp_clear_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/rsa/rsa_free.c b/libtomcrypt/pk/rsa/rsa_free.c index d38b266..c4c347f 100644 --- a/libtomcrypt/pk/rsa/rsa_free.c +++ b/libtomcrypt/pk/rsa/rsa_free.c @@ -13,7 +13,7 @@ /** @file rsa_free.c Free an RSA key, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -21,10 +21,11 @@ Free an RSA key from memory @param key The RSA key to free */ -void rsa_free(rsa_key *key) +void rsa_free(rsa_key * key) { - LTC_ARGCHKVD(key != NULL); - mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); + LTC_ARGCHKVD(key != NULL); + mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, + &key->p, &key->q, NULL); } #endif diff --git a/libtomcrypt/pk/rsa/rsa_import.c b/libtomcrypt/pk/rsa/rsa_import.c index 87cb103..de8a103 100644 --- a/libtomcrypt/pk/rsa/rsa_import.c +++ b/libtomcrypt/pk/rsa/rsa_import.c @@ -10,11 +10,10 @@ */ #include "tomcrypt.h" - /** @file rsa_import.c Import a LTC_PKCS RSA key, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -25,104 +24,113 @@ @param key [out] Destination for newly imported key @return CRYPT_OK if successful, upon error allocated memory is freed */ -int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) +int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key * key) { - int err; - mp_int zero; - unsigned char *tmpbuf=NULL; - unsigned long tmpbuf_len; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - - /* init key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, - &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { - return err; - } - - /* see if the OpenSSL DER format RSA public key will work */ - tmpbuf_len = MAX_RSA_SIZE * 8; - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - err = der_decode_subject_public_key_info(in, inlen, - PKA_RSA, tmpbuf, &tmpbuf_len, - LTC_ASN1_NULL, NULL, 0); - - if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ - - /* now it should be SEQUENCE { INTEGER, INTEGER } */ - if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - - XFREE(tmpbuf); - - key->type = PK_PUBLIC; - return CRYPT_OK; - } - - XFREE(tmpbuf); - - /* not SSL public key, try to match against LTC_PKCS #1 standards */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (mp_cmp_d(&key->N, 0) == LTC_MP_EQ) { - if ((err = mp_init(&zero)) != CRYPT_OK) { - goto LBL_ERR; - } - /* it's a private key */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_INTEGER, 1UL, &key->d, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->dP, - LTC_ASN1_INTEGER, 1UL, &key->dQ, - LTC_ASN1_INTEGER, 1UL, &key->qP, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - mp_clear(&zero); - goto LBL_ERR; - } - mp_clear(&zero); - key->type = PK_PRIVATE; - } else if (mp_cmp_d(&key->N, 1) == LTC_MP_EQ) { - /* we don't support multi-prime RSA */ - err = CRYPT_PK_INVALID_TYPE; - goto LBL_ERR; - } else { - /* it's a public key and we lack e */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - key->type = PK_PUBLIC; - } - return CRYPT_OK; + int err; + mp_int zero; + unsigned char *tmpbuf = NULL; + unsigned long tmpbuf_len; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(key != NULL); + + /* init key */ + if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, + &key->dP, &key->qP, &key->p, &key->q, + NULL)) != CRYPT_OK) { + return err; + } + + /* see if the OpenSSL DER format RSA public key will work */ + tmpbuf_len = MAX_RSA_SIZE * 8; + tmpbuf = XCALLOC(1, tmpbuf_len); + if (tmpbuf == NULL) { + err = CRYPT_MEM; + goto LBL_ERR; + } + + err = der_decode_subject_public_key_info(in, inlen, + PKA_RSA, tmpbuf, &tmpbuf_len, + LTC_ASN1_NULL, NULL, 0); + + if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ + + /* now it should be SEQUENCE { INTEGER, INTEGER } */ + if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, + LTC_ASN1_INTEGER, 1UL, + &key->N, LTC_ASN1_INTEGER, + 1UL, &key->e, LTC_ASN1_EOL, + 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + XFREE(tmpbuf); + + key->type = PK_PUBLIC; + return CRYPT_OK; + } + + XFREE(tmpbuf); + + /* not SSL public key, try to match against LTC_PKCS #1 standards */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, &key->N, + LTC_ASN1_EOL, 0UL, + NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + if (mp_cmp_d(&key->N, 0) == LTC_MP_EQ) { + if ((err = mp_init(&zero)) != CRYPT_OK) { + goto LBL_ERR; + } + /* it's a private key */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, + &zero, LTC_ASN1_INTEGER, + 1UL, &key->N, + LTC_ASN1_INTEGER, 1UL, + &key->e, LTC_ASN1_INTEGER, + 1UL, &key->d, + LTC_ASN1_INTEGER, 1UL, + &key->p, LTC_ASN1_INTEGER, + 1UL, &key->q, + LTC_ASN1_INTEGER, 1UL, + &key->dP, LTC_ASN1_INTEGER, + 1UL, &key->dQ, + LTC_ASN1_INTEGER, 1UL, + &key->qP, LTC_ASN1_EOL, + 0UL, NULL)) != CRYPT_OK) { + mp_clear(&zero); + goto LBL_ERR; + } + mp_clear(&zero); + key->type = PK_PRIVATE; + } else if (mp_cmp_d(&key->N, 1) == LTC_MP_EQ) { + /* we don't support multi-prime RSA */ + err = CRYPT_PK_INVALID_TYPE; + goto LBL_ERR; + } else { + /* it's a public key and we lack e */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, + &key->N, LTC_ASN1_INTEGER, + 1UL, &key->e, LTC_ASN1_EOL, + 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + key->type = PK_PUBLIC; + } + return CRYPT_OK; LBL_ERR: - XFREE(tmpbuf); - mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); - return err; + XFREE(tmpbuf); + mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, + &key->p, &key->q, NULL); + return err; } #endif /* LTC_MRSA */ - /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_import.c,v $ */ /* $Revision: 1.23 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/rsa/rsa_make_key.c b/libtomcrypt/pk/rsa/rsa_make_key.c index 6718f09..204f9c5 100644 --- a/libtomcrypt/pk/rsa/rsa_make_key.c +++ b/libtomcrypt/pk/rsa/rsa_make_key.c @@ -13,7 +13,7 @@ /** @file rsa_make_key.c RSA key generation, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -24,78 +24,124 @@ @param key [out] Destination of a newly created private key pair @return CRYPT_OK if successful, upon error all allocated ram is freed */ -int rsa_make_key(int size, long e, rsa_key *key) +int rsa_make_key(int size, long e, rsa_key * key) { - mp_int p, q, tmp1, tmp2, tmp3; - int err; - - LTC_ARGCHK(key != NULL); - - if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) { - return CRYPT_INVALID_KEYSIZE; - } - - if ((e < 3) || ((e & 1) == 0)) { - return CRYPT_INVALID_ARG; - } - - if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) { - return err; - } - - /* make primes p and q (optimization provided by Wayne Scott) */ - if ((err = mp_set_int(&tmp3, e)) != CRYPT_OK) { goto cleanup; } /* tmp3 = e */ - - /* make prime "p" */ - do { - if ((err = rand_prime( &p, size/2)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub_d( &p, 1, &tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = p-1 */ - if ((err = mp_gcd( &tmp1, &tmp3, &tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(p-1, e) */ - } while (mp_cmp_d( &tmp2, 1) != 0); /* while e divides p-1 */ - - /* make prime "q" */ - do { - if ((err = rand_prime( &q, size/2)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub_d( &q, 1, &tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = q-1 */ - if ((err = mp_gcd( &tmp1, &tmp3, &tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(q-1, e) */ - } while (mp_cmp_d( &tmp2, 1) != 0); /* while e divides q-1 */ - - /* tmp1 = lcm(p-1, q-1) */ - if ((err = mp_sub_d( &p, 1, &tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = p-1 */ - /* tmp1 = q-1 (previous do/while loop) */ - if ((err = mp_lcm( &tmp1, &tmp2, &tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = lcm(p-1, q-1) */ - - /* make key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { - goto cleanup; - } - - if ((err = mp_set_int( &key->e, e)) != CRYPT_OK) { goto errkey; } /* key->e = e */ - if ((err = mp_invmod( &key->e, &tmp1, &key->d)) != CRYPT_OK) { goto errkey; } /* key->d = 1/e mod lcm(p-1,q-1) */ - if ((err = mp_mul( &p, &q, &key->N)) != CRYPT_OK) { goto errkey; } /* key->N = pq */ - - /* optimize for CRT now */ - /* find d mod q-1 and d mod p-1 */ - if ((err = mp_sub_d( &p, 1, &tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */ - if ((err = mp_sub_d( &q, 1, &tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */ - if ((err = mp_mod( &key->d, &tmp1, &key->dP)) != CRYPT_OK) { goto errkey; } /* dP = d mod p-1 */ - if ((err = mp_mod( &key->d, &tmp2, &key->dQ)) != CRYPT_OK) { goto errkey; } /* dQ = d mod q-1 */ - if ((err = mp_invmod( &q, &p, &key->qP)) != CRYPT_OK) { goto errkey; } /* qP = 1/q mod p */ - - if ((err = mp_copy( &p, &key->p)) != CRYPT_OK) { goto errkey; } - if ((err = mp_copy( &q, &key->q)) != CRYPT_OK) { goto errkey; } - - /* set key type (in this case it's CRT optimized) */ - key->type = PK_PRIVATE; - - /* return ok and free temps */ - err = CRYPT_OK; - goto cleanup; + mp_int p, q, tmp1, tmp2, tmp3; + int err; + + LTC_ARGCHK(key != NULL); + + if ((size < (MIN_RSA_SIZE / 8)) || (size > (MAX_RSA_SIZE / 8))) { + return CRYPT_INVALID_KEYSIZE; + } + + if ((e < 3) || ((e & 1) == 0)) { + return CRYPT_INVALID_ARG; + } + + if ((err = + mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) { + return err; + } + + /* make primes p and q (optimization provided by Wayne Scott) */ + if ((err = mp_set_int(&tmp3, e)) != CRYPT_OK) { + goto cleanup; + } + + /* tmp3 = e */ + /* make prime "p" */ + do { + if ((err = rand_prime(&p, size / 2)) != CRYPT_OK) { + goto cleanup; + } + if ((err = mp_sub_d(&p, 1, &tmp1)) != CRYPT_OK) { + goto cleanup; + } /* tmp1 = p-1 */ + if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != CRYPT_OK) { + goto cleanup; + } /* tmp2 = gcd(p-1, e) */ + } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides p-1 */ + + /* make prime "q" */ + do { + if ((err = rand_prime(&q, size / 2)) != CRYPT_OK) { + goto cleanup; + } + if ((err = mp_sub_d(&q, 1, &tmp1)) != CRYPT_OK) { + goto cleanup; + } /* tmp1 = q-1 */ + if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != CRYPT_OK) { + goto cleanup; + } /* tmp2 = gcd(q-1, e) */ + } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides q-1 */ + + /* tmp1 = lcm(p-1, q-1) */ + if ((err = mp_sub_d(&p, 1, &tmp2)) != CRYPT_OK) { + goto cleanup; + } + /* tmp2 = p-1 */ + /* tmp1 = q-1 (previous do/while loop) */ + if ((err = mp_lcm(&tmp1, &tmp2, &tmp1)) != CRYPT_OK) { + goto cleanup; + } + + /* tmp1 = lcm(p-1, q-1) */ + /* make key */ + if ((err = + mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, + &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = mp_set_int(&key->e, e)) != CRYPT_OK) { + goto errkey; + } /* key->e = e */ + if ((err = mp_invmod(&key->e, &tmp1, &key->d)) != CRYPT_OK) { + goto errkey; + } /* key->d = 1/e mod lcm(p-1,q-1) */ + if ((err = mp_mul(&p, &q, &key->N)) != CRYPT_OK) { + goto errkey; + } + + /* key->N = pq */ + /* optimize for CRT now */ + /* find d mod q-1 and d mod p-1 */ + if ((err = mp_sub_d(&p, 1, &tmp1)) != CRYPT_OK) { + goto errkey; + } /* tmp1 = q-1 */ + if ((err = mp_sub_d(&q, 1, &tmp2)) != CRYPT_OK) { + goto errkey; + } /* tmp2 = p-1 */ + if ((err = mp_mod(&key->d, &tmp1, &key->dP)) != CRYPT_OK) { + goto errkey; + } /* dP = d mod p-1 */ + if ((err = mp_mod(&key->d, &tmp2, &key->dQ)) != CRYPT_OK) { + goto errkey; + } /* dQ = d mod q-1 */ + if ((err = mp_invmod(&q, &p, &key->qP)) != CRYPT_OK) { + goto errkey; + } + /* qP = 1/q mod p */ + if ((err = mp_copy(&p, &key->p)) != CRYPT_OK) { + goto errkey; + } + if ((err = mp_copy(&q, &key->q)) != CRYPT_OK) { + goto errkey; + } + + /* set key type (in this case it's CRT optimized) */ + key->type = PK_PRIVATE; + + /* return ok and free temps */ + err = CRYPT_OK; + goto cleanup; errkey: - mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); + mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, + &key->p, &key->q, NULL); cleanup: - mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL); - return err; + mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/rsa/rsa_sign_hash.c b/libtomcrypt/pk/rsa/rsa_sign_hash.c index faf13d2..a0c993d 100644 --- a/libtomcrypt/pk/rsa/rsa_sign_hash.c +++ b/libtomcrypt/pk/rsa/rsa_sign_hash.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include "ncr-int.h" - /** @file rsa_sign_hash.c RSA LTC_PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange @@ -31,96 +30,99 @@ @param key The private RSA key to use @return CRYPT_OK if successful */ -int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - int padding, - const struct algo_properties_st *hash, unsigned long saltlen, - rsa_key *key) +int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + int padding, + const struct algo_properties_st *hash, + unsigned long saltlen, rsa_key * key) { - unsigned long modulus_bitlen, modulus_bytelen, x, y; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* valid padding? */ - if ((padding != LTC_LTC_PKCS_1_V1_5) && (padding != LTC_LTC_PKCS_1_PSS)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (padding == LTC_LTC_PKCS_1_PSS) { - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits((&key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size((&key->N)); - if (modulus_bytelen > *outlen) { - *outlen = modulus_bytelen; - return CRYPT_BUFFER_OVERFLOW; - } - - if (padding == LTC_LTC_PKCS_1_PSS) { - /* PSS pad the key */ - x = *outlen; - if ((err = pkcs_1_pss_encode(in, inlen, saltlen, - hash, modulus_bitlen, out, &x)) != CRYPT_OK) { - return err; - } - } else { - /* LTC_PKCS #1 v1.5 pad the hash */ - unsigned char *tmpin; - ltc_asn1_list digestinfo[2], siginfo[2]; - oid_st st; - - /* not all hashes have OIDs... so sad */ - if (hash_get_oid(hash, &st) != CRYPT_OK) { - return CRYPT_INVALID_ARG; - } - - /* construct the SEQUENCE - SEQUENCE { - SEQUENCE {hashoid OID - blah NULL - } - hash OCTET STRING - } - */ - LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, st.OID, st.OIDlen); - LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); - LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); - LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen); - - /* allocate memory for the encoding */ - y = mp_unsigned_bin_size(&key->N); - tmpin = XMALLOC(y); - if (tmpin == NULL) { - return CRYPT_MEM; - } - - if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) { - XFREE(tmpin); - return err; - } - - x = *outlen; - if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_LTC_PKCS_1_EMSA, - modulus_bitlen, - out, &x)) != CRYPT_OK) { - XFREE(tmpin); - return err; - } - XFREE(tmpin); - } - - /* RSA encode it */ - return rsa_exptmod(out, x, out, outlen, PK_PRIVATE, key); + unsigned long modulus_bitlen, modulus_bytelen, x, y; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* valid padding? */ + if ((padding != LTC_LTC_PKCS_1_V1_5) && (padding != LTC_LTC_PKCS_1_PSS)) { + return CRYPT_PK_INVALID_PADDING; + } + + if (padding == LTC_LTC_PKCS_1_PSS) { + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + } + + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((&key->N)); + + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size((&key->N)); + if (modulus_bytelen > *outlen) { + *outlen = modulus_bytelen; + return CRYPT_BUFFER_OVERFLOW; + } + + if (padding == LTC_LTC_PKCS_1_PSS) { + /* PSS pad the key */ + x = *outlen; + if ((err = pkcs_1_pss_encode(in, inlen, saltlen, + hash, modulus_bitlen, out, + &x)) != CRYPT_OK) { + return err; + } + } else { + /* LTC_PKCS #1 v1.5 pad the hash */ + unsigned char *tmpin; + ltc_asn1_list digestinfo[2], siginfo[2]; + oid_st st; + + /* not all hashes have OIDs... so sad */ + if (hash_get_oid(hash, &st) != CRYPT_OK) { + return CRYPT_INVALID_ARG; + } + + /* construct the SEQUENCE + SEQUENCE { + SEQUENCE {hashoid OID + blah NULL + } + hash OCTET STRING + } + */ + LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, st.OID, + st.OIDlen); + LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); + LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); + LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen); + + /* allocate memory for the encoding */ + y = mp_unsigned_bin_size(&key->N); + tmpin = XMALLOC(y); + if (tmpin == NULL) { + return CRYPT_MEM; + } + + if ((err = + der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) { + XFREE(tmpin); + return err; + } + + x = *outlen; + if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_LTC_PKCS_1_EMSA, + modulus_bitlen, + out, &x)) != CRYPT_OK) { + XFREE(tmpin); + return err; + } + XFREE(tmpin); + } + + /* RSA encode it */ + return rsa_exptmod(out, x, out, outlen, PK_PRIVATE, key); } #endif /* LTC_MRSA */ diff --git a/libtomcrypt/pk/rsa/rsa_verify_hash.c b/libtomcrypt/pk/rsa/rsa_verify_hash.c index 803b7cd..cb250cc 100644 --- a/libtomcrypt/pk/rsa/rsa_verify_hash.c +++ b/libtomcrypt/pk/rsa/rsa_verify_hash.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include "ncr-int.h" - /** @file rsa_verify_hash.c RSA LTC_PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange @@ -32,135 +31,146 @@ @param key The public RSA key corresponding to the key that performed the signature @return CRYPT_OK on success (even if the signature is invalid) */ -int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int padding, - const struct algo_properties_st *hash_algo, unsigned long saltlen, - int *stat, rsa_key *key) +int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int padding, + const struct algo_properties_st *hash_algo, + unsigned long saltlen, int *stat, rsa_key * key) { - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; - unsigned char *tmpbuf; - - LTC_ARGCHK(hash != NULL); - LTC_ARGCHK(sig != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* default to invalid */ - *stat = 0; - - /* valid padding? */ - - if ((padding != LTC_LTC_PKCS_1_V1_5) && - (padding != LTC_LTC_PKCS_1_PSS)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (padding == LTC_LTC_PKCS_1_PSS) { - /* valid hash ? */ - if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits( (&key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size( (&key->N)); - if (modulus_bytelen != siglen) { - return CRYPT_INVALID_PACKET; - } - - /* allocate temp buffer for decoded sig */ - tmpbuf = XMALLOC(siglen); - if (tmpbuf == NULL) { - return CRYPT_MEM; - } - - /* RSA decode it */ - x = siglen; - if ((err = rsa_exptmod(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) { - XFREE(tmpbuf); - return err; - } - - /* make sure the output is the right size */ - if (x != siglen) { - XFREE(tmpbuf); - return CRYPT_INVALID_PACKET; - } - - if (padding == LTC_LTC_PKCS_1_PSS) { - /* PSS decode and verify it */ - err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_algo, modulus_bitlen, stat); - } else { - /* LTC_PKCS #1 v1.5 decode it */ - unsigned char *out; - unsigned long outlen, loid[16]; - int decoded; - ltc_asn1_list digestinfo[2], siginfo[2]; - oid_st st; - - /* not all hashes have OIDs... so sad */ - if (hash_get_oid(hash_algo, &st) != CRYPT_OK) { - err = CRYPT_INVALID_ARG; - goto bail_2; - } - - /* allocate temp buffer for decoded hash */ - outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3; - out = XMALLOC(outlen); - if (out == NULL) { - err = CRYPT_MEM; - goto bail_2; - } - - if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) { - XFREE(out); - goto bail_2; - } - - /* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */ - /* construct the SEQUENCE - SEQUENCE { - SEQUENCE {hashoid OID - blah NULL - } - hash OCTET STRING - } - */ - LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0])); - LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); - LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); - LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen); - - if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) { - XFREE(out); - goto bail_2; - } - - /* test OID */ - if ((digestinfo[0].size == st.OIDlen) && - (XMEMCMP(digestinfo[0].data, st.OID, sizeof(unsigned long) * st.OIDlen) == 0) && - (siginfo[1].size == hashlen) && - (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) { - *stat = 1; - } - + unsigned long modulus_bitlen, modulus_bytelen, x; + int err; + unsigned char *tmpbuf; + + LTC_ARGCHK(hash != NULL); + LTC_ARGCHK(sig != NULL); + LTC_ARGCHK(stat != NULL); + LTC_ARGCHK(key != NULL); + + /* default to invalid */ + *stat = 0; + + /* valid padding? */ + + if ((padding != LTC_LTC_PKCS_1_V1_5) && (padding != LTC_LTC_PKCS_1_PSS)) { + return CRYPT_PK_INVALID_PADDING; + } + + if (padding == LTC_LTC_PKCS_1_PSS) { + /* valid hash ? */ + if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { + return err; + } + } + + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((&key->N)); + + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size((&key->N)); + if (modulus_bytelen != siglen) { + return CRYPT_INVALID_PACKET; + } + + /* allocate temp buffer for decoded sig */ + tmpbuf = XMALLOC(siglen); + if (tmpbuf == NULL) { + return CRYPT_MEM; + } + + /* RSA decode it */ + x = siglen; + if ((err = + rsa_exptmod(sig, siglen, tmpbuf, &x, PK_PUBLIC, + key)) != CRYPT_OK) { + XFREE(tmpbuf); + return err; + } + + /* make sure the output is the right size */ + if (x != siglen) { + XFREE(tmpbuf); + return CRYPT_INVALID_PACKET; + } + + if (padding == LTC_LTC_PKCS_1_PSS) { + /* PSS decode and verify it */ + err = + pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, + hash_algo, modulus_bitlen, stat); + } else { + /* LTC_PKCS #1 v1.5 decode it */ + unsigned char *out; + unsigned long outlen, loid[16]; + int decoded; + ltc_asn1_list digestinfo[2], siginfo[2]; + oid_st st; + + /* not all hashes have OIDs... so sad */ + if (hash_get_oid(hash_algo, &st) != CRYPT_OK) { + err = CRYPT_INVALID_ARG; + goto bail_2; + } + + /* allocate temp buffer for decoded hash */ + outlen = + ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3; + out = XMALLOC(outlen); + if (out == NULL) { + err = CRYPT_MEM; + goto bail_2; + } + + if ((err = + pkcs_1_v1_5_decode(tmpbuf, x, LTC_LTC_PKCS_1_EMSA, + modulus_bitlen, out, &outlen, + &decoded)) != CRYPT_OK) { + XFREE(out); + goto bail_2; + } + + /* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */ + /* construct the SEQUENCE + SEQUENCE { + SEQUENCE {hashoid OID + blah NULL + } + hash OCTET STRING + } + */ + LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, + sizeof(loid) / sizeof(loid[0])); + LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); + LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); + LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen); + + if ((err = + der_decode_sequence(out, outlen, siginfo, + 2)) != CRYPT_OK) { + XFREE(out); + goto bail_2; + } + + /* test OID */ + if ((digestinfo[0].size == st.OIDlen) && + (XMEMCMP + (digestinfo[0].data, st.OID, + sizeof(unsigned long) * st.OIDlen) == 0) + && (siginfo[1].size == hashlen) + && (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) { + *stat = 1; + } #ifdef LTC_CLEAN_STACK - zeromem(out, outlen); + zeromem(out, outlen); #endif - XFREE(out); - } + XFREE(out); + } bail_2: #ifdef LTC_CLEAN_STACK - zeromem(tmpbuf, siglen); + zeromem(tmpbuf, siglen); #endif - XFREE(tmpbuf); - return err; + XFREE(tmpbuf); + return err; } #endif /* LTC_MRSA */ |