diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-09-06 17:20:33 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-09-06 17:26:58 +0200 |
| commit | e6177630198eb1eea2def0374fae1196da0e40ec (patch) | |
| tree | 704951804609999fb6ef7a956b04921b9f84c320 /libtomcrypt | |
| parent | 943f9ab50c110133a5cd1118b5b19cb09301168f (diff) | |
| download | cryptodev-linux-e6177630198eb1eea2def0374fae1196da0e40ec.tar.gz cryptodev-linux-e6177630198eb1eea2def0374fae1196da0e40ec.tar.xz cryptodev-linux-e6177630198eb1eea2def0374fae1196da0e40ec.zip | |
Run Lindent on libtom(*)
Diffstat (limited to 'libtomcrypt')
44 files changed, 2644 insertions, 2431 deletions
diff --git a/libtomcrypt/hashes/crypt_hash_is_valid.c b/libtomcrypt/hashes/crypt_hash_is_valid.c index d01d418..59320a3 100644 --- a/libtomcrypt/hashes/crypt_hash_is_valid.c +++ b/libtomcrypt/hashes/crypt_hash_is_valid.c @@ -13,7 +13,7 @@ /** @file crypt_hash_is_valid.c Determine if hash is valid, Tom St Denis -*/ +*/ /* Test if a hash index is valid @@ -22,7 +22,7 @@ */ int hash_is_valid(const struct algo_properties_st *hash) { - return CRYPT_OK; + return CRYPT_OK; } /* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_hash_is_valid.c,v $ */ diff --git a/libtomcrypt/hashes/hash_get_oid.c b/libtomcrypt/hashes/hash_get_oid.c index 39f4372..835ffb1 100644 --- a/libtomcrypt/hashes/hash_get_oid.c +++ b/libtomcrypt/hashes/hash_get_oid.c @@ -17,60 +17,60 @@ */ static const oid_st sha1_oid = { - .OIDlen = 6, - .OID = { 1, 3, 14, 3, 2, 26 }, + .OIDlen = 6, + .OID = {1, 3, 14, 3, 2, 26}, }; static const oid_st md5_oid = { - .OIDlen = 6, - .OID = { 1, 2, 840, 113549, 2, 5, }, + .OIDlen = 6, + .OID = {1, 2, 840, 113549, 2, 5,}, }; static const oid_st sha224_oid = { - .OIDlen = 9, - .OID = { 2, 16, 840, 1, 101, 3, 4, 2, 4, }, + .OIDlen = 9, + .OID = {2, 16, 840, 1, 101, 3, 4, 2, 4,}, }; static const oid_st sha256_oid = { - .OIDlen = 9, - .OID = { 2, 16, 840, 1, 101, 3, 4, 2, 1, }, + .OIDlen = 9, + .OID = {2, 16, 840, 1, 101, 3, 4, 2, 1,}, }; static const oid_st sha384_oid = { - .OIDlen = 9, - .OID = { 2, 16, 840, 1, 101, 3, 4, 2, 2, }, + .OIDlen = 9, + .OID = {2, 16, 840, 1, 101, 3, 4, 2, 2,}, }; static const oid_st sha512_oid = { - .OIDlen = 9, - .OID = { 2, 16, 840, 1, 101, 3, 4, 2, 3, }, + .OIDlen = 9, + .OID = {2, 16, 840, 1, 101, 3, 4, 2, 3,}, }; -int hash_get_oid(const struct algo_properties_st *hash, oid_st *st) +int hash_get_oid(const struct algo_properties_st *hash, oid_st * st) { - switch (hash->algo) { - case NCR_ALG_SHA1: - memcpy(st, &sha1_oid, sizeof(*st)); - break; - case NCR_ALG_MD5: - memcpy(st, &md5_oid, sizeof(*st)); - break; - case NCR_ALG_SHA2_224: - memcpy(st, &sha224_oid, sizeof(*st)); - break; - case NCR_ALG_SHA2_256: - memcpy(st, &sha256_oid, sizeof(*st)); - break; - case NCR_ALG_SHA2_384: - memcpy(st, &sha384_oid, sizeof(*st)); - break; - case NCR_ALG_SHA2_512: - memcpy(st, &sha512_oid, sizeof(*st)); - break; - default: - return CRYPT_INVALID_ARG; - } - return CRYPT_OK; + switch (hash->algo) { + case NCR_ALG_SHA1: + memcpy(st, &sha1_oid, sizeof(*st)); + break; + case NCR_ALG_MD5: + memcpy(st, &md5_oid, sizeof(*st)); + break; + case NCR_ALG_SHA2_224: + memcpy(st, &sha224_oid, sizeof(*st)); + break; + case NCR_ALG_SHA2_256: + memcpy(st, &sha256_oid, sizeof(*st)); + break; + case NCR_ALG_SHA2_384: + memcpy(st, &sha384_oid, sizeof(*st)); + break; + case NCR_ALG_SHA2_512: + memcpy(st, &sha512_oid, sizeof(*st)); + break; + default: + return CRYPT_INVALID_ARG; + } + return CRYPT_OK; } /* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_hash_is_valid.c,v $ */ diff --git a/libtomcrypt/hashes/hash_memory.c b/libtomcrypt/hashes/hash_memory.c index c6f5188..ed1425f 100644 --- a/libtomcrypt/hashes/hash_memory.c +++ b/libtomcrypt/hashes/hash_memory.c @@ -26,41 +26,41 @@ @param outlen [in/out] Max size and resulting size of the digest @return CRYPT_OK if successful */ -int hash_memory(const struct algo_properties_st *hash, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) +int hash_memory(const struct algo_properties_st *hash, const unsigned char *in, + unsigned long inlen, unsigned char *out, unsigned long *outlen) { - int err; - struct hash_data hdata; + int err; + struct hash_data hdata; - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } - if (*outlen < hash->digest_size) { - *outlen = hash->digest_size; - return CRYPT_BUFFER_OVERFLOW; - } + if (*outlen < hash->digest_size) { + *outlen = hash->digest_size; + return CRYPT_BUFFER_OVERFLOW; + } - err = cryptodev_hash_init(&hdata, hash->kstr, NULL, 0); - if (err < 0) { - err = CRYPT_INVALID_HASH; - goto LBL_ERR; - } + err = cryptodev_hash_init(&hdata, hash->kstr, NULL, 0); + if (err < 0) { + err = CRYPT_INVALID_HASH; + goto LBL_ERR; + } - if ((err = _cryptodev_hash_update(&hdata, in, inlen)) < 0) { - err = CRYPT_ERROR; - goto LBL_ERR; - } - - err = cryptodev_hash_final(&hdata, out); - - *outlen = hash->digest_size; + if ((err = _cryptodev_hash_update(&hdata, in, inlen)) < 0) { + err = CRYPT_ERROR; + goto LBL_ERR; + } + + err = cryptodev_hash_final(&hdata, out); + + *outlen = hash->digest_size; LBL_ERR: - cryptodev_hash_deinit(&hdata); + cryptodev_hash_deinit(&hdata); - return err; + return err; } - diff --git a/libtomcrypt/hashes/hash_memory_multi.c b/libtomcrypt/hashes/hash_memory_multi.c index 7422676..d4d581e 100644 --- a/libtomcrypt/hashes/hash_memory_multi.c +++ b/libtomcrypt/hashes/hash_memory_multi.c @@ -27,58 +27,58 @@ @param inlen The length of the data to hash (octets) @param ... tuples of (data,len) pairs to hash, terminated with a (NULL,x) (x=don't care) @return CRYPT_OK if successful -*/ -int hash_memory_multi(const struct algo_properties_st *hash, unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...) +*/ +int hash_memory_multi(const struct algo_properties_st *hash, unsigned char *out, + unsigned long *outlen, const unsigned char *in, + unsigned long inlen, ...) { - struct hash_data hdata; - int err; - va_list args; - const unsigned char *curptr; - unsigned long curlen; + struct hash_data hdata; + int err; + va_list args; + const unsigned char *curptr; + unsigned long curlen; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } + if (*outlen < hash->digest_size) { + *outlen = hash->digest_size; + return CRYPT_BUFFER_OVERFLOW; + } - if (*outlen < hash->digest_size) { - *outlen = hash->digest_size; - return CRYPT_BUFFER_OVERFLOW; - } + err = cryptodev_hash_init(&hdata, hash->kstr, NULL, 0); + if (err < 0) { + err = CRYPT_INVALID_HASH; + goto LBL_ERR; + } - err = cryptodev_hash_init(&hdata, hash->kstr, NULL, 0); - if (err < 0) { - err = CRYPT_INVALID_HASH; - goto LBL_ERR; - } + va_start(args, inlen); + curptr = in; + curlen = inlen; + for (;;) { + /* process buf */ + if ((err = _cryptodev_hash_update(&hdata, curptr, curlen)) < 0) { + err = CRYPT_ERROR; + goto LBL_ERR; + } + /* step to next */ + curptr = va_arg(args, const unsigned char *); + if (curptr == NULL) { + break; + } + curlen = va_arg(args, unsigned long); + } - va_start(args, inlen); - curptr = in; - curlen = inlen; - for (;;) { - /* process buf */ - if ((err = _cryptodev_hash_update(&hdata, curptr, curlen)) < 0) { - err = CRYPT_ERROR; - goto LBL_ERR; - } - /* step to next */ - curptr = va_arg(args, const unsigned char*); - if (curptr == NULL) { - break; - } - curlen = va_arg(args, unsigned long); - } - - err = cryptodev_hash_final(&hdata, out); - - *outlen = hash->digest_size; + err = cryptodev_hash_final(&hdata, out); + + *outlen = hash->digest_size; LBL_ERR: - cryptodev_hash_deinit(&hdata); - va_end(args); - return err; + cryptodev_hash_deinit(&hdata); + va_end(args); + return err; } - diff --git a/libtomcrypt/headers/tomcrypt.h b/libtomcrypt/headers/tomcrypt.h index a9c675d..7c5f110 100644 --- a/libtomcrypt/headers/tomcrypt.h +++ b/libtomcrypt/headers/tomcrypt.h @@ -26,42 +26,42 @@ extern "C" { #define TAB_SIZE 32 /* error codes [will be expanded in future releases] */ -enum { - CRYPT_OK=0, /* Result OK */ - CRYPT_ERROR, /* Generic Error */ - CRYPT_NOP, /* Not a failure but no operation was performed */ + enum { + CRYPT_OK = 0, /* Result OK */ + CRYPT_ERROR, /* Generic Error */ + CRYPT_NOP, /* Not a failure but no operation was performed */ - CRYPT_INVALID_KEYSIZE, /* Invalid key size given */ - CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */ - CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */ + CRYPT_INVALID_KEYSIZE, /* Invalid key size given */ + CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */ + CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */ - CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */ - CRYPT_INVALID_PACKET, /* Invalid input packet given */ + CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */ + CRYPT_INVALID_PACKET, /* Invalid input packet given */ - CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */ - CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */ + CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */ + CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */ - CRYPT_INVALID_CIPHER, /* Invalid cipher specified */ - CRYPT_INVALID_HASH, /* Invalid hash specified */ - CRYPT_INVALID_PRNG, /* Invalid PRNG specified */ + CRYPT_INVALID_CIPHER, /* Invalid cipher specified */ + CRYPT_INVALID_HASH, /* Invalid hash specified */ + CRYPT_INVALID_PRNG, /* Invalid PRNG specified */ - CRYPT_MEM, /* Out of memory */ + CRYPT_MEM, /* Out of memory */ - CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */ - CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */ + CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */ + CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */ - CRYPT_INVALID_ARG, /* Generic invalid argument */ - CRYPT_FILE_NOTFOUND, /* File Not Found */ + CRYPT_INVALID_ARG, /* Generic invalid argument */ + CRYPT_FILE_NOTFOUND, /* File Not Found */ - CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */ - CRYPT_PK_INVALID_SYSTEM,/* Invalid PK system specified */ - CRYPT_PK_DUP, /* Duplicate key already in key ring */ - CRYPT_PK_NOT_FOUND, /* Key not found in keyring */ - CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */ + CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */ + CRYPT_PK_INVALID_SYSTEM, /* Invalid PK system specified */ + CRYPT_PK_DUP, /* Duplicate key already in key ring */ + CRYPT_PK_NOT_FOUND, /* Key not found in keyring */ + CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */ - CRYPT_INVALID_PRIME_SIZE,/* Invalid size of prime requested */ - CRYPT_PK_INVALID_PADDING /* Invalid padding on input */ -}; + CRYPT_INVALID_PRIME_SIZE, /* Invalid size of prime requested */ + CRYPT_PK_INVALID_PADDING /* Invalid padding on input */ + }; #include <tomcrypt_cfg.h> #include <tomcrypt_macros.h> @@ -73,12 +73,7 @@ enum { #include <tomcrypt_pkcs.h> #ifdef __cplusplus - } +} #endif - -#endif /* TOMCRYPT_H_ */ - - -/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt.h,v $ */ -/* $Revision: 1.21 $ */ -/* $Date: 2006/12/16 19:34:05 $ */ +#endif /* TOMCRYPT_H_ */ +/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt.h,v $ *//* $Revision: 1.21 $ *//* $Date: 2006/12/16 19:34:05 $ */ diff --git a/libtomcrypt/headers/tomcrypt_argchk.h b/libtomcrypt/headers/tomcrypt_argchk.h index 1ba08c7..c63b4e3 100644 --- a/libtomcrypt/headers/tomcrypt_argchk.h +++ b/libtomcrypt/headers/tomcrypt_argchk.h @@ -20,7 +20,7 @@ void crypt_argchk(char *v, char *s, int d); #elif ARGTYPE == 3 -#define LTC_ARGCHK(x) +#define LTC_ARGCHK(x) #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) #elif ARGTYPE == 4 @@ -30,7 +30,6 @@ void crypt_argchk(char *v, char *s, int d); #endif - /* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_argchk.h,v $ */ /* $Revision: 1.5 $ */ /* $Date: 2006/08/27 20:50:21 $ */ diff --git a/libtomcrypt/headers/tomcrypt_cfg.h b/libtomcrypt/headers/tomcrypt_cfg.h index 93db10e..7bcf6cc 100644 --- a/libtomcrypt/headers/tomcrypt_cfg.h +++ b/libtomcrypt/headers/tomcrypt_cfg.h @@ -11,7 +11,7 @@ #define LTC_CALL __cdecl #else #ifndef LTC_CALL - #define LTC_CALL +#define LTC_CALL #endif #endif @@ -22,29 +22,30 @@ /* certain platforms use macros for these, making the prototypes broken */ #ifndef LTC_NO_PROTOTYPES -LTC_EXPORT void LTC_CALL XQSORT(void *base, size_t nmemb, size_t size, int(*compar)(const void *, const void *)); +LTC_EXPORT void LTC_CALL XQSORT(void *base, size_t nmemb, size_t size, + int (*compar) (const void *, const void *)); /* you can change how memory allocation works ... */ -LTC_EXPORT void * LTC_CALL XMALLOC(size_t n); -LTC_EXPORT void * LTC_CALL XREALLOC(void *p, size_t n); -LTC_EXPORT void * LTC_CALL XCALLOC(size_t n, size_t s); +LTC_EXPORT void *LTC_CALL XMALLOC(size_t n); +LTC_EXPORT void *LTC_CALL XREALLOC(void *p, size_t n); +LTC_EXPORT void *LTC_CALL XCALLOC(size_t n, size_t s); LTC_EXPORT void LTC_CALL XFREE(void *p); /* change the clock function too */ LTC_EXPORT clock_t LTC_CALL XCLOCK(void); /* various other functions */ -LTC_EXPORT void * LTC_CALL XMEMCPY(void *dest, const void *src, size_t n); -LTC_EXPORT int LTC_CALL XMEMCMP(const void *s1, const void *s2, size_t n); -LTC_EXPORT void * LTC_CALL XMEMSET(void *s, int c, size_t n); +LTC_EXPORT void *LTC_CALL XMEMCPY(void *dest, const void *src, size_t n); +LTC_EXPORT int LTC_CALL XMEMCMP(const void *s1, const void *s2, size_t n); +LTC_EXPORT void *LTC_CALL XMEMSET(void *s, int c, size_t n); -LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); +LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); #endif /* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing, 4=return error */ #ifndef ARGTYPE - #define ARGTYPE 4 +#define ARGTYPE 4 #endif /* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] code @@ -56,61 +57,60 @@ LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); /* detect x86-32 machines somewhat */ #if !defined(__STRICT_ANSI__) && (defined(INTEL_CC) || (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__)))) - #define ENDIAN_LITTLE - #define ENDIAN_32BITWORD - #define LTC_FAST - #define LTC_FAST_TYPE unsigned long +#define ENDIAN_LITTLE +#define ENDIAN_32BITWORD +#define LTC_FAST +#define LTC_FAST_TYPE unsigned long #endif /* detects MIPS R5900 processors (PS2) */ #if (defined(__R5900) || defined(R5900) || defined(__R5900__)) && (defined(_mips) || defined(__mips__) || defined(mips)) - #define ENDIAN_LITTLE - #define ENDIAN_64BITWORD +#define ENDIAN_LITTLE +#define ENDIAN_64BITWORD #endif /* detect amd64 */ #if !defined(__STRICT_ANSI__) && defined(__x86_64__) - #define ENDIAN_LITTLE - #define ENDIAN_64BITWORD - #define LTC_FAST - #define LTC_FAST_TYPE unsigned long +#define ENDIAN_LITTLE +#define ENDIAN_64BITWORD +#define LTC_FAST +#define LTC_FAST_TYPE unsigned long #endif /* detect PPC32 */ #if !defined(__STRICT_ANSI__) && defined(LTC_PPC32) - #define ENDIAN_BIG - #define ENDIAN_32BITWORD - #define LTC_FAST - #define LTC_FAST_TYPE unsigned long -#endif +#define ENDIAN_BIG +#define ENDIAN_32BITWORD +#define LTC_FAST +#define LTC_FAST_TYPE unsigned long +#endif /* detect sparc and sparc64 */ #if defined(__sparc__) - #define ENDIAN_BIG - #if defined(__arch64__) - #define ENDIAN_64BITWORD - #else - #define ENDIAN_32BITWORD - #endif +#define ENDIAN_BIG +#if defined(__arch64__) +#define ENDIAN_64BITWORD +#else +#define ENDIAN_32BITWORD +#endif #endif - #ifdef LTC_NO_FAST - #ifdef LTC_FAST - #undef LTC_FAST - #endif +#ifdef LTC_FAST +#undef LTC_FAST +#endif #endif /* No asm is a quick way to disable anything "not portable" */ #ifdef LTC_NO_ASM - #undef ENDIAN_LITTLE - #undef ENDIAN_BIG - #undef ENDIAN_32BITWORD - #undef ENDIAN_64BITWORD - #undef LTC_FAST - #undef LTC_FAST_TYPE - #define LTC_NO_ROLC - #define LTC_NO_BSWAP +#undef ENDIAN_LITTLE +#undef ENDIAN_BIG +#undef ENDIAN_32BITWORD +#undef ENDIAN_64BITWORD +#undef LTC_FAST +#undef LTC_FAST_TYPE +#define LTC_NO_ROLC +#define LTC_NO_BSWAP #endif /* #define ENDIAN_LITTLE */ @@ -120,16 +120,15 @@ LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); /* #define ENDIAN_64BITWORD */ #if (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) - #error You must specify a word size as well as endianess in tomcrypt_cfg.h +#error You must specify a word size as well as endianess in tomcrypt_cfg.h #endif #if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) - #define ENDIAN_NEUTRAL +#define ENDIAN_NEUTRAL #endif #endif - /* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_cfg.h,v $ */ /* $Revision: 1.19 $ */ /* $Date: 2006/12/04 02:19:48 $ */ diff --git a/libtomcrypt/headers/tomcrypt_custom.h b/libtomcrypt/headers/tomcrypt_custom.h index 76b5744..bd5c813 100644 --- a/libtomcrypt/headers/tomcrypt_custom.h +++ b/libtomcrypt/headers/tomcrypt_custom.h @@ -5,52 +5,52 @@ /* macros for various libc functions you can change for embedded targets */ #ifndef XMALLOC - #ifdef malloc - #define LTC_NO_PROTOTYPES - #endif +#ifdef malloc +#define LTC_NO_PROTOTYPES +#endif #define XMALLOC(x) kmalloc(x, GFP_KERNEL) #endif #ifndef XREALLOC - #ifdef realloc - #define LTC_NO_PROTOTYPES - #endif +#ifdef realloc +#define LTC_NO_PROTOTYPES +#endif #define XREALLOC(x,y) krealloc(x,y,GFP_KERNEL) #endif #ifndef XCALLOC - #ifdef calloc - #define LTC_NO_PROTOTYPES - #endif +#ifdef calloc +#define LTC_NO_PROTOTYPES +#endif #define XCALLOC(x,y) kcalloc(x, y, GFP_KERNEL) #endif #ifndef XFREE - #ifdef free - #define LTC_NO_PROTOTYPES - #endif +#ifdef free +#define LTC_NO_PROTOTYPES +#endif #define XFREE kfree #endif #ifndef XMEMSET - #ifdef memset - #define LTC_NO_PROTOTYPES - #endif +#ifdef memset +#define LTC_NO_PROTOTYPES +#endif #define XMEMSET memset #endif #ifndef XMEMCPY - #ifdef memcpy - #define LTC_NO_PROTOTYPES - #endif +#ifdef memcpy +#define LTC_NO_PROTOTYPES +#endif #define XMEMCPY memcpy #endif #ifndef XMEMCMP - #ifdef memcmp - #define LTC_NO_PROTOTYPES - #endif +#ifdef memcmp +#define LTC_NO_PROTOTYPES +#endif #define XMEMCMP memcmp #endif #ifndef XSTRCMP - #ifdef strcmp - #define LTC_NO_PROTOTYPES - #endif +#ifdef strcmp +#define LTC_NO_PROTOTYPES +#endif #define XSTRCMP strcmp #endif @@ -62,54 +62,54 @@ #endif #ifndef XQSORT - #ifdef qsort - #define LTC_NO_PROTOTYPES - #endif +#ifdef qsort +#define LTC_NO_PROTOTYPES +#endif #define XQSORT(x,y,z,w) sort(x,y,z,w,NULL) #endif /* Easy button? */ #ifdef LTC_EASY - #define LTC_NO_CIPHERS - #define LTC_RIJNDAEL - #define LTC_BLOWFISH - #define LTC_DES - #define LTC_CAST5 - - #define LTC_NO_MODES - #define LTC_ECB_MODE - #define LTC_CBC_MODE - #define LTC_CTR_MODE - - #define LTC_NO_HASHES - #define LTC_SHA1 - #define LTC_SHA512 - #define LTC_SHA384 - #define LTC_SHA256 - #define LTC_SHA224 - - #define LTC_NO_MACS - #define LTC_HMAC - #define LTC_OMAC - #define LTC_CCM_MODE - - #define LTC_NO_PRNGS - #define LTC_SPRNG - #define LTC_YARROW - #define LTC_DEVRANDOM - #define TRY_URANDOM_FIRST - - #define LTC_NO_PK - #define LTC_MRSA - #define LTC_MECC -#endif +#define LTC_NO_CIPHERS +#define LTC_RIJNDAEL +#define LTC_BLOWFISH +#define LTC_DES +#define LTC_CAST5 + +#define LTC_NO_MODES +#define LTC_ECB_MODE +#define LTC_CBC_MODE +#define LTC_CTR_MODE + +#define LTC_NO_HASHES +#define LTC_SHA1 +#define LTC_SHA512 +#define LTC_SHA384 +#define LTC_SHA256 +#define LTC_SHA224 + +#define LTC_NO_MACS +#define LTC_HMAC +#define LTC_OMAC +#define LTC_CCM_MODE + +#define LTC_NO_PRNGS +#define LTC_SPRNG +#define LTC_YARROW +#define LTC_DEVRANDOM +#define TRY_URANDOM_FIRST + +#define LTC_NO_PK +#define LTC_MRSA +#define LTC_MECC +#endif /* Use small code where possible */ /* #define LTC_SMALL_CODE */ /* Enable self-test test vector checking */ #ifndef LTC_NO_TEST - #define LTC_TEST +#define LTC_TEST #endif /* clean the stack of functions which put private information on stack */ @@ -141,10 +141,10 @@ * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */ #define LTC_TWOFISH #ifndef LTC_NO_TABLES - #define LTC_TWOFISH_TABLES +#define LTC_TWOFISH_TABLES /* #define LTC_TWOFISH_ALL_TABLES */ #else - #define LTC_TWOFISH_SMALL +#define LTC_TWOFISH_SMALL #endif /* #define LTC_TWOFISH_SMALL */ /* LTC_DES includes EDE triple-LTC_DES */ @@ -161,7 +161,6 @@ #endif /* LTC_NO_CIPHERS */ - /* ---> Block Cipher Modes of Operation <--- */ #ifndef LTC_NO_MODES @@ -180,7 +179,7 @@ /* like GCM mode this will enable 16 8x128 tables [64KB] that make * seeking very fast. */ - #define LRW_TABLES +#define LRW_TABLES #endif /* XTS mode */ @@ -189,7 +188,7 @@ #endif /* LTC_NO_MODES */ /* ---> One-Way Hash Functions <--- */ -#ifndef LTC_NO_HASHES +#ifndef LTC_NO_HASHES #define LTC_CHC_HASH #define LTC_WHIRLPOOL @@ -220,14 +219,14 @@ #define LTC_PELICAN #if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL) - #error Pelican-MAC requires LTC_RIJNDAEL +#error Pelican-MAC requires LTC_RIJNDAEL #endif /* ---> Encrypt + Authenticate Modes <--- */ #define LTC_EAX_MODE #if defined(LTC_EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(LTC_OMAC)) - #error LTC_EAX_MODE requires CTR and LTC_OMAC mode +#error LTC_EAX_MODE requires CTR and LTC_OMAC mode #endif #define LTC_OCB_MODE @@ -236,7 +235,7 @@ /* Use 64KiB tables */ #ifndef LTC_NO_TABLES - #define LTC_GCM_TABLES +#define LTC_GCM_TABLES #endif /* USE SSE2? requires GCC works on x86_32 and x86_64*/ @@ -259,7 +258,7 @@ #define LTC_YARROW_AES 0 #if defined(LTC_YARROW) && !defined(LTC_CTR_MODE) - #error LTC_YARROW requires LTC_CTR_MODE chaining mode to be defined! +#error LTC_YARROW requires LTC_CTR_MODE chaining mode to be defined! #endif /* a PRNG that simply reads from an available system source */ @@ -303,7 +302,7 @@ #define LTC_MRSA /* Include Katja (a Rabin variant like RSA) */ -/* #define MKAT */ +/* #define MKAT */ /* Digital Signature Algorithm */ #define LTC_MDSA @@ -315,8 +314,8 @@ #define LTC_ECC_SHAMIR #if defined(TFM_LTC_DESC) && defined(LTC_MECC) - #define LTC_MECC_ACCEL -#endif +#define LTC_MECC_ACCEL +#endif /* do we want fixed point ECC */ /* #define LTC_MECC_FP */ @@ -342,32 +341,32 @@ #ifdef LTC_MECC /* Supported ECC Key Sizes */ #ifndef LTC_NO_CURVES - #define ECC112 - #define ECC128 - #define ECC160 - #define ECC192 - #define ECC224 - #define ECC256 - #define ECC384 - #define ECC521 +#define ECC112 +#define ECC128 +#define ECC160 +#define ECC192 +#define ECC224 +#define ECC256 +#define ECC384 +#define ECC521 #endif #endif #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(MKATJA) /* Include the MPI functionality? (required by the PK algorithms) */ - #define MPI +#define MPI #endif #ifdef LTC_MRSA - #define LTC_PKCS_1 -#endif +#define LTC_PKCS_1 +#endif -#if defined(LTC_DER) && !defined(MPI) - #error ASN.1 DER requires MPI functionality +#if defined(LTC_DER) && !defined(MPI) +#error ASN.1 DER requires MPI functionality #endif #if (defined(LTC_MDSA) || defined(LTC_MRSA) || defined(LTC_MECC) || defined(MKATJA)) && !defined(LTC_DER) - #error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled +#error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled #endif /* THREAD management */ @@ -401,8 +400,6 @@ #endif - - /* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_custom.h,v $ */ /* $Revision: 1.73 $ */ /* $Date: 2007/05/12 14:37:41 $ */ diff --git a/libtomcrypt/headers/tomcrypt_hash.h b/libtomcrypt/headers/tomcrypt_hash.h index e4e84e4..7f791f6 100644 --- a/libtomcrypt/headers/tomcrypt_hash.h +++ b/libtomcrypt/headers/tomcrypt_hash.h @@ -5,10 +5,10 @@ struct algo_properties_st; int hash_is_valid(const struct algo_properties_st *hash); int hash_memory(const struct algo_properties_st *hash, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int hash_memory_multi(const struct algo_properties_st *hash, unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); - -int hash_get_oid(const struct algo_properties_st *hash, oid_st* st); + const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen); +int hash_memory_multi(const struct algo_properties_st *hash, unsigned char *out, + unsigned long *outlen, const unsigned char *in, + unsigned long inlen, ...); +int hash_get_oid(const struct algo_properties_st *hash, oid_st * st); diff --git a/libtomcrypt/headers/tomcrypt_macros.h b/libtomcrypt/headers/tomcrypt_macros.h index 53bda9b..027dac8 100644 --- a/libtomcrypt/headers/tomcrypt_macros.h +++ b/libtomcrypt/headers/tomcrypt_macros.h @@ -1,19 +1,19 @@ /* fix for MSVC ...evil! */ #ifdef _MSC_VER - #define CONST64(n) n ## ui64 - typedef unsigned __int64 ulong64; +#define CONST64(n) n ## ui64 +typedef unsigned __int64 ulong64; #else - #define CONST64(n) n ## ULL - typedef unsigned long long ulong64; +#define CONST64(n) n ## ULL +typedef unsigned long long ulong64; #endif /* this is the "32-bit at least" data type * Re-define it to suit your platform but it must be at least 32-bits */ #if defined(__x86_64__) || (defined(__sparc__) && defined(__arch64__)) - typedef unsigned ulong32; +typedef unsigned ulong32; #else - typedef unsigned long ulong32; +typedef unsigned long ulong32; #endif /* ---- HELPER MACROS ---- */ @@ -96,7 +96,6 @@ asm __volatile__ ( \ #endif - /* x86_64 processor */ #if !defined(LTC_NO_BSWAP) && (defined(__GNUC__) && defined(__x86_64__)) @@ -129,7 +128,7 @@ asm __volatile__ ( \ #endif -#ifdef ENDIAN_32BITWORD +#ifdef ENDIAN_32BITWORD #define STORE32L(x, y) \ { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } @@ -190,7 +189,7 @@ asm __volatile__ ( \ (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \ (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } -#ifdef ENDIAN_32BITWORD +#ifdef ENDIAN_32BITWORD #define STORE32H(x, y) \ { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } @@ -230,7 +229,6 @@ asm __volatile__ ( \ #define BSWAP(x) ( ((x>>24)&0x000000FFUL) | ((x<<24)&0xFF000000UL) | \ ((x>>8)&0x0000FF00UL) | ((x<<8)&0x00FF0000UL) ) - /* 32-bit Rotates */ #if defined(_MSC_VER) @@ -246,36 +244,32 @@ asm __volatile__ ( \ static inline unsigned ROL(unsigned word, int i) { - asm ("roll %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; +asm("roll %%cl,%0":"=r"(word) +: "0"(word), "c"(i)); + return word; } static inline unsigned ROR(unsigned word, int i) { - asm ("rorl %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; +asm("rorl %%cl,%0":"=r"(word) +: "0"(word), "c"(i)); + return word; } #ifndef LTC_NO_ROLC static inline unsigned ROLc(unsigned word, const int i) { - asm ("roll %2,%0" - :"=r" (word) - :"0" (word),"I" (i)); - return word; +asm("roll %2,%0":"=r"(word) +: "0"(word), "I"(i)); + return word; } static inline unsigned RORc(unsigned word, const int i) { - asm ("rorl %2,%0" - :"=r" (word) - :"0" (word),"I" (i)); - return word; +asm("rorl %2,%0":"=r"(word) +: "0"(word), "I"(i)); + return word; } #else @@ -289,36 +283,32 @@ static inline unsigned RORc(unsigned word, const int i) static inline unsigned ROL(unsigned word, int i) { - asm ("rotlw %0,%0,%2" - :"=r" (word) - :"0" (word),"r" (i)); - return word; +asm("rotlw %0,%0,%2":"=r"(word) +: "0"(word), "r"(i)); + return word; } static inline unsigned ROR(unsigned word, int i) { - asm ("rotlw %0,%0,%2" - :"=r" (word) - :"0" (word),"r" (32-i)); - return word; +asm("rotlw %0,%0,%2":"=r"(word) +: "0"(word), "r"(32 - i)); + return word; } #ifndef LTC_NO_ROLC static inline unsigned ROLc(unsigned word, const int i) { - asm ("rotlwi %0,%0,%2" - :"=r" (word) - :"0" (word),"I" (i)); - return word; +asm("rotlwi %0,%0,%2":"=r"(word) +: "0"(word), "I"(i)); + return word; } static inline unsigned RORc(unsigned word, const int i) { - asm ("rotrwi %0,%0,%2" - :"=r" (word) - :"0" (word),"I" (i)); - return word; +asm("rotrwi %0,%0,%2":"=r"(word) +: "0"(word), "I"(i)); + return word; } #else @@ -328,7 +318,6 @@ static inline unsigned RORc(unsigned word, const int i) #endif - #else /* rotates the hard way */ @@ -339,42 +328,37 @@ static inline unsigned RORc(unsigned word, const int i) #endif - /* 64-bit Rotates */ #if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM) static inline unsigned long ROL64(unsigned long word, int i) { - asm("rolq %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; +asm("rolq %%cl,%0":"=r"(word) +: "0"(word), "c"(i)); + return word; } static inline unsigned long ROR64(unsigned long word, int i) { - asm("rorq %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; +asm("rorq %%cl,%0":"=r"(word) +: "0"(word), "c"(i)); + return word; } #ifndef LTC_NO_ROLC static inline unsigned long ROL64c(unsigned long word, const int i) { - asm("rolq %2,%0" - :"=r" (word) - :"0" (word),"J" (i)); - return word; +asm("rolq %2,%0":"=r"(word) +: "0"(word), "J"(i)); + return word; } static inline unsigned long ROR64c(unsigned long word, const int i) { - asm("rorq %2,%0" - :"=r" (word) - :"0" (word),"J" (i)); - return word; +asm("rorq %2,%0":"=r"(word) +: "0"(word), "J"(i)); + return word; } #else /* LTC_NO_ROLC */ @@ -405,19 +389,19 @@ static inline unsigned long ROR64c(unsigned long word, const int i) #endif #ifndef MAX - #define MAX(x, y) ( ((x)>(y))?(x):(y) ) +#define MAX(x, y) ( ((x)>(y))?(x):(y) ) #endif #ifndef MIN - #define MIN(x, y) ( ((x)<(y))?(x):(y) ) +#define MIN(x, y) ( ((x)<(y))?(x):(y) ) #endif /* extract a byte portably */ #ifdef _MSC_VER - #define byte(x, n) ((unsigned char)((x) >> (8 * (n)))) +#define byte(x, n) ((unsigned char)((x) >> (8 * (n)))) #else - #define byte(x, n) (((x) >> (8 * (n))) & 255) -#endif +#define byte(x, n) (((x) >> (8 * (n))) & 255) +#endif /* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_macros.h,v $ */ /* $Revision: 1.15 $ */ diff --git a/libtomcrypt/headers/tomcrypt_math.h b/libtomcrypt/headers/tomcrypt_math.h index 6c0e6c5..e997429 100644 --- a/libtomcrypt/headers/tomcrypt_math.h +++ b/libtomcrypt/headers/tomcrypt_math.h @@ -9,5 +9,4 @@ #include <tommath.h> -typedef mp_int* mp_int_t; - +typedef mp_int *mp_int_t; diff --git a/libtomcrypt/headers/tomcrypt_misc.h b/libtomcrypt/headers/tomcrypt_misc.h index f5384ca..f525387 100644 --- a/libtomcrypt/headers/tomcrypt_misc.h +++ b/libtomcrypt/headers/tomcrypt_misc.h @@ -1,10 +1,10 @@ /* ---- LTC_BASE64 Routines ---- */ #ifdef LTC_BASE64 -int base64_encode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); +int base64_encode(const unsigned char *in, unsigned long len, + unsigned char *out, unsigned long *outlen); -int base64_decode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); +int base64_decode(const unsigned char *in, unsigned long len, + unsigned char *out, unsigned long *outlen); #endif /* ---- MEM routines ---- */ diff --git a/libtomcrypt/headers/tomcrypt_pk.h b/libtomcrypt/headers/tomcrypt_pk.h index 7334880..f544e44 100644 --- a/libtomcrypt/headers/tomcrypt_pk.h +++ b/libtomcrypt/headers/tomcrypt_pk.h @@ -3,23 +3,23 @@ struct algo_properties_st; enum { - PK_PUBLIC=0, - PK_PRIVATE=1 + PK_PUBLIC = 0, + PK_PRIVATE = 1 }; enum { - PKA_RSA, - PKA_DSA + PKA_RSA, + PKA_DSA }; typedef struct Oid { - unsigned long OID[16]; + unsigned long OID[16]; /** Length of DER encoding */ - unsigned long OIDlen; + unsigned long OIDlen; } oid_st; -int pk_get_oid(int pk, oid_st *st); -int rand_prime(mp_int *N, long len); +int pk_get_oid(int pk, oid_st * st); +int rand_prime(mp_int * N, long len); /* ---- RSA ---- */ #ifdef LTC_MRSA @@ -31,32 +31,32 @@ int rand_prime(mp_int *N, long len); /** RSA LTC_PKCS style key */ typedef struct Rsa_key { /** Type of key, PK_PRIVATE or PK_PUBLIC */ - int type; + int type; /** The public exponent */ - mp_int e; + mp_int e; /** The private exponent */ - mp_int d; + mp_int d; /** The modulus */ - mp_int N; + mp_int N; /** The p factor of N */ - mp_int p; + mp_int p; /** The q factor of N */ - mp_int q; + mp_int q; /** The 1/q mod p CRT param */ - mp_int qP; + mp_int qP; /** The d mod (p - 1) CRT param */ - mp_int dP; + mp_int dP; /** The d mod (q - 1) CRT param */ - mp_int dQ; + mp_int dQ; } rsa_key; -int rsa_make_key(int size, long e, rsa_key *key); +int rsa_make_key(int size, long e, rsa_key * key); -int rsa_exptmod(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int which, - rsa_key *key); +int rsa_exptmod(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, int which, + rsa_key * key); -void rsa_free(rsa_key *key); +void rsa_free(rsa_key * key); /* These use LTC_PKCS #1 v2.0 padding */ #define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash, _key) \ @@ -72,35 +72,36 @@ void rsa_free(rsa_key *key); rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_LTC_PKCS_1_PSS, _hash_algo, _saltlen, _stat, _key) /* These can be switched between LTC_PKCS #1 v2.x and LTC_PKCS #1 v1.5 paddings */ -int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - const struct algo_properties_st *hash, int padding, rsa_key *key); - -int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - const struct algo_properties_st *hash, int padding, - int *stat, rsa_key *key); - -int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - int padding, - const struct algo_properties_st *hash, unsigned long saltlen, - rsa_key *key); - -int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int padding, - const struct algo_properties_st *hash_algo, unsigned long saltlen, - int *stat, rsa_key *key); +int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + const struct algo_properties_st *hash, int padding, + rsa_key * key); + +int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + const struct algo_properties_st *hash, int padding, + int *stat, rsa_key * key); + +int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + int padding, + const struct algo_properties_st *hash, + unsigned long saltlen, rsa_key * key); + +int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int padding, + const struct algo_properties_st *hash_algo, + unsigned long saltlen, int *stat, rsa_key * key); /* LTC_PKCS #1 import/export */ -int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key); -int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); - -#endif +int rsa_export(unsigned char *out, unsigned long *outlen, int type, + rsa_key * key); +int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key * key); +#endif #ifdef LTC_MDSA @@ -113,97 +114,95 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); /** DSA key structure */ typedef struct { /** The key type, PK_PRIVATE or PK_PUBLIC */ - int type; + int type; /** The order of the sub-group used in octets */ - int qord; + int qord; /** The generator */ - mp_int g; + mp_int g; /** The prime used to generate the sub-group */ - mp_int q; + mp_int q; /** The large prime that generats the field the contains the sub-group */ - mp_int p; + mp_int p; /** The private key */ - mp_int x; + mp_int x; /** The public key */ - mp_int y; + mp_int y; } dsa_key; -int dsa_make_key(int group_size, int modulus_size, dsa_key *key); -void dsa_free(dsa_key *key); - -int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, - mp_int_t r, mp_int_t s, - dsa_key *key); - -int dsa_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - dsa_key *key); - -int dsa_verify_hash_raw( mp_int_t r, mp_int_t s, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key); - -int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key); - -int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - int hash, dsa_key *key); - -int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - dsa_key *key); - -int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); -int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); -int dsa_verify_key(dsa_key *key, int *stat); - -int dsa_shared_secret(void *private_key, mp_int_t base, - dsa_key *public_key, - unsigned char *out, unsigned long *outlen); +int dsa_make_key(int group_size, int modulus_size, dsa_key * key); +void dsa_free(dsa_key * key); + +int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, + mp_int_t r, mp_int_t s, dsa_key * key); + +int dsa_sign_hash(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, dsa_key * key); + +int dsa_verify_hash_raw(mp_int_t r, mp_int_t s, + const unsigned char *hash, unsigned long hashlen, + int *stat, dsa_key * key); + +int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int *stat, dsa_key * key); + +int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + int hash, dsa_key * key); + +int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, dsa_key * key); + +int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key * key); +int dsa_export(unsigned char *out, unsigned long *outlen, int type, + dsa_key * key); +int dsa_verify_key(dsa_key * key, int *stat); + +int dsa_shared_secret(void *private_key, mp_int_t base, + dsa_key * public_key, + unsigned char *out, unsigned long *outlen); #endif #ifdef LTC_DER /* DER handling */ enum { - LTC_ASN1_EOL, - LTC_ASN1_BOOLEAN, - LTC_ASN1_INTEGER, - LTC_ASN1_SHORT_INTEGER, - LTC_ASN1_BIT_STRING, - LTC_ASN1_OCTET_STRING, - LTC_ASN1_NULL, - LTC_ASN1_OBJECT_IDENTIFIER, - LTC_ASN1_IA5_STRING, - LTC_ASN1_PRINTABLE_STRING, - LTC_ASN1_UTF8_STRING, - LTC_ASN1_UTCTIME, - LTC_ASN1_CHOICE, - LTC_ASN1_SEQUENCE, - LTC_ASN1_SET, - LTC_ASN1_SETOF + LTC_ASN1_EOL, + LTC_ASN1_BOOLEAN, + LTC_ASN1_INTEGER, + LTC_ASN1_SHORT_INTEGER, + LTC_ASN1_BIT_STRING, + LTC_ASN1_OCTET_STRING, + LTC_ASN1_NULL, + LTC_ASN1_OBJECT_IDENTIFIER, + LTC_ASN1_IA5_STRING, + LTC_ASN1_PRINTABLE_STRING, + LTC_ASN1_UTF8_STRING, + LTC_ASN1_UTCTIME, + LTC_ASN1_CHOICE, + LTC_ASN1_SEQUENCE, + LTC_ASN1_SET, + LTC_ASN1_SETOF }; /** A LTC ASN.1 list type */ typedef struct ltc_asn1_list_ { /** The LTC ASN.1 enumerated type identifier */ - int type; + int type; /** The data to encode or place for decoding */ - void *data; + void *data; /** The size of the input or resulting output */ - unsigned long size; + unsigned long size; /** The used flag, this is used by the CHOICE ASN.1 type to indicate which choice was made */ - int used; + int used; /** prev/next entry in the list */ - struct ltc_asn1_list_ *prev, *next, *child, *parent; + struct ltc_asn1_list_ *prev, *next, *child, *parent; } ltc_asn1_list; #define LTC_SET_ASN1(list, index, Type, Data, Size) \ @@ -217,140 +216,155 @@ typedef struct ltc_asn1_list_ { } while (0); /* SEQUENCE */ -int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int type_of); - -#define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE) +int der_encode_sequence_ex(ltc_asn1_list * list, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + int type_of); -int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, - ltc_asn1_list *list, unsigned long outlen, int ordered); +#define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE) + +int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, + ltc_asn1_list * list, unsigned long outlen, + int ordered); #define der_decode_sequence(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 1) -int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, - unsigned long *outlen); +int der_length_sequence(ltc_asn1_list * list, unsigned long inlen, + unsigned long *outlen); /* SUBJECT PUBLIC KEY INFO */ -int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, - unsigned int algorithm, void* public_key, unsigned long public_key_len, - unsigned long parameters_type, void* parameters, unsigned long parameters_len); - -int der_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, - unsigned int algorithm, void* public_key, unsigned long* public_key_len, - unsigned long parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len); +int der_encode_subject_public_key_info(unsigned char *out, + unsigned long *outlen, + unsigned int algorithm, void *public_key, + unsigned long public_key_len, + unsigned long parameters_type, + void *parameters, + unsigned long parameters_len); + +int der_decode_subject_public_key_info(const unsigned char *in, + unsigned long inlen, + unsigned int algorithm, void *public_key, + unsigned long *public_key_len, + unsigned long parameters_type, + ltc_asn1_list * parameters, + unsigned long parameters_len); /* SET */ #define der_decode_set(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 0) #define der_length_set der_length_sequence -int der_encode_set(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen); +int der_encode_set(ltc_asn1_list * list, unsigned long inlen, + unsigned char *out, unsigned long *outlen); + +int der_encode_setof(ltc_asn1_list * list, unsigned long inlen, + unsigned char *out, unsigned long *outlen); -int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - /* VA list handy helpers with triplets of <type, size, data> */ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...); -int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...); +int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, + ...); /* FLEXI DECODER handle unknown list decoder */ -int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out); -void der_free_sequence_flexi(ltc_asn1_list *list); -void der_sequence_free(ltc_asn1_list *in); +int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, + ltc_asn1_list ** out); +void der_free_sequence_flexi(ltc_asn1_list * list); +void der_sequence_free(ltc_asn1_list * in); /* BOOLEAN */ int der_length_boolean(unsigned long *outlen); -int der_encode_boolean(int in, - unsigned char *out, unsigned long *outlen); -int der_decode_boolean(const unsigned char *in, unsigned long inlen, - int *out); +int der_encode_boolean(int in, unsigned char *out, unsigned long *outlen); +int der_decode_boolean(const unsigned char *in, unsigned long inlen, int *out); /* INTEGER */ int der_encode_integer(mp_int_t num, unsigned char *out, unsigned long *outlen); -int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int_t num); +int der_decode_integer(const unsigned char *in, unsigned long inlen, + mp_int_t num); int der_length_integer(mp_int_t num, unsigned long *len); /* INTEGER -- handy for 0..2^32-1 values */ -int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsigned long *num); -int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned long *outlen); +int der_decode_short_integer(const unsigned char *in, unsigned long inlen, + unsigned long *num); +int der_encode_short_integer(unsigned long num, unsigned char *out, + unsigned long *outlen); int der_length_short_integer(unsigned long num, unsigned long *outlen); /* BIT STRING */ int der_encode_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); + unsigned char *out, unsigned long *outlen); int der_decode_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); + unsigned char *out, unsigned long *outlen); int der_length_bit_string(unsigned long nbits, unsigned long *outlen); /* OCTET STRING */ int der_encode_octet_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); + unsigned char *out, unsigned long *outlen); int der_decode_octet_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); + unsigned char *out, unsigned long *outlen); int der_length_octet_string(unsigned long noctets, unsigned long *outlen); /* OBJECT IDENTIFIER */ -int der_encode_object_identifier(unsigned long *words, unsigned long nwords, - unsigned char *out, unsigned long *outlen); -int der_decode_object_identifier(const unsigned char *in, unsigned long inlen, - unsigned long *words, unsigned long *outlen); -int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen); +int der_encode_object_identifier(unsigned long *words, unsigned long nwords, + unsigned char *out, unsigned long *outlen); +int der_decode_object_identifier(const unsigned char *in, unsigned long inlen, + unsigned long *words, unsigned long *outlen); +int der_length_object_identifier(unsigned long *words, unsigned long nwords, + unsigned long *outlen); unsigned long der_object_identifier_bits(unsigned long x); /* IA5 STRING */ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); + unsigned char *out, unsigned long *outlen); int der_decode_ia5_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); + unsigned char *out, unsigned long *outlen); +int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, + unsigned long *outlen); int der_ia5_char_encode(int c); int der_ia5_value_decode(int v); /* Printable STRING */ int der_encode_printable_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); + unsigned char *out, unsigned long *outlen); int der_decode_printable_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_length_printable_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); + unsigned char *out, unsigned long *outlen); +int der_length_printable_string(const unsigned char *octets, + unsigned long noctets, unsigned long *outlen); int der_printable_char_encode(int c); int der_printable_value_decode(int v); /* UTF-8 */ -int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); +int der_encode_utf8_string(const wchar_t * in, unsigned long inlen, + unsigned char *out, unsigned long *outlen); -int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, - wchar_t *out, unsigned long *outlen); +int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, + wchar_t * out, unsigned long *outlen); unsigned long der_utf8_charsize(const wchar_t c); -int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen); - +int der_length_utf8_string(const wchar_t * in, unsigned long noctets, + unsigned long *outlen); /* CHOICE */ -int der_decode_choice(const unsigned char *in, unsigned long *inlen, - ltc_asn1_list *list, unsigned long outlen); +int der_decode_choice(const unsigned char *in, unsigned long *inlen, + ltc_asn1_list * list, unsigned long outlen); /* UTCTime */ typedef struct { - unsigned YY, /* year */ - MM, /* month */ - DD, /* day */ - hh, /* hour */ - mm, /* minute */ - ss, /* second */ - off_dir, /* timezone offset direction 0 == +, 1 == - */ - off_hh, /* timezone offset hours */ - off_mm; /* timezone offset minutes */ + unsigned YY, /* year */ + MM, /* month */ + DD, /* day */ + hh, /* hour */ + mm, /* minute */ + ss, /* second */ + off_dir, /* timezone offset direction 0 == +, 1 == - */ + off_hh, /* timezone offset hours */ + off_mm; /* timezone offset minutes */ } ltc_utctime; -int der_encode_utctime(ltc_utctime *utctime, - unsigned char *out, unsigned long *outlen); +int der_encode_utctime(ltc_utctime * utctime, + unsigned char *out, unsigned long *outlen); int der_decode_utctime(const unsigned char *in, unsigned long *inlen, - ltc_utctime *out); - -int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen); + ltc_utctime * out); +int der_length_utctime(ltc_utctime * utctime, unsigned long *outlen); #endif diff --git a/libtomcrypt/headers/tomcrypt_pkcs.h b/libtomcrypt/headers/tomcrypt_pkcs.h index be0d7f6..f282b0f 100644 --- a/libtomcrypt/headers/tomcrypt_pkcs.h +++ b/libtomcrypt/headers/tomcrypt_pkcs.h @@ -5,63 +5,61 @@ struct algo_properties_st; -enum ltc_pkcs_1_v1_5_blocks -{ - LTC_LTC_PKCS_1_EMSA = 1, /* Block type 1 (LTC_PKCS #1 v1.5 signature padding) */ - LTC_LTC_PKCS_1_EME = 2 /* Block type 2 (LTC_PKCS #1 v1.5 encryption padding) */ +enum ltc_pkcs_1_v1_5_blocks { + LTC_LTC_PKCS_1_EMSA = 1, /* Block type 1 (LTC_PKCS #1 v1.5 signature padding) */ + LTC_LTC_PKCS_1_EME = 2 /* Block type 2 (LTC_PKCS #1 v1.5 encryption padding) */ }; -enum ltc_pkcs_1_paddings -{ - LTC_LTC_PKCS_1_V1_5 = 1, /* LTC_PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */ - LTC_LTC_PKCS_1_OAEP = 2, /* LTC_PKCS #1 v2.0 encryption padding */ - LTC_LTC_PKCS_1_PSS = 3 /* LTC_PKCS #1 v2.1 signature padding */ +enum ltc_pkcs_1_paddings { + LTC_LTC_PKCS_1_V1_5 = 1, /* LTC_PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */ + LTC_LTC_PKCS_1_OAEP = 2, /* LTC_PKCS #1 v2.0 encryption padding */ + LTC_LTC_PKCS_1_PSS = 3 /* LTC_PKCS #1 v2.1 signature padding */ }; int pkcs_1_mgf1(const struct algo_properties_st *hash, - const unsigned char *seed, unsigned long seedlen, - unsigned char *mask, unsigned long masklen); + const unsigned char *seed, unsigned long seedlen, + unsigned char *mask, unsigned long masklen); int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out); int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen); /* *** v1.5 padding */ -int pkcs_1_v1_5_encode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - unsigned char *out, - unsigned long *outlen); +int pkcs_1_v1_5_encode(const unsigned char *msg, + unsigned long msglen, + int block_type, + unsigned long modulus_bitlen, + unsigned char *out, unsigned long *outlen); -int pkcs_1_v1_5_decode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - unsigned char *out, - unsigned long *outlen, - int *is_valid); +int pkcs_1_v1_5_decode(const unsigned char *msg, + unsigned long msglen, + int block_type, + unsigned long modulus_bitlen, + unsigned char *out, + unsigned long *outlen, int *is_valid); /* *** v2.1 padding */ -int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, const struct algo_properties_st *hash, - unsigned char *out, unsigned long *outlen); +int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, + const unsigned char *lparam, unsigned long lparamlen, + unsigned long modulus_bitlen, + const struct algo_properties_st *hash, + unsigned char *out, unsigned long *outlen); -int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, const struct algo_properties_st *hash, - unsigned char *out, unsigned long *outlen, - int *res); +int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, + const unsigned char *lparam, unsigned long lparamlen, + unsigned long modulus_bitlen, + const struct algo_properties_st *hash, + unsigned char *out, unsigned long *outlen, int *res); int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, - unsigned long saltlen, const struct algo_properties_st *hash, - unsigned long modulus_bitlen, - unsigned char *out, unsigned long *outlen); + unsigned long saltlen, + const struct algo_properties_st *hash, + unsigned long modulus_bitlen, unsigned char *out, + unsigned long *outlen); int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, - const unsigned char *sig, unsigned long siglen, - unsigned long saltlen, const struct algo_properties_st *hash, - unsigned long modulus_bitlen, int *res); + const unsigned char *sig, unsigned long siglen, + unsigned long saltlen, + const struct algo_properties_st *hash, + unsigned long modulus_bitlen, int *res); #endif /* LTC_PKCS_1 */ - diff --git a/libtomcrypt/headers/tomcrypt_prng.h b/libtomcrypt/headers/tomcrypt_prng.h index 26bf711..a3fe429 100644 --- a/libtomcrypt/headers/tomcrypt_prng.h +++ b/libtomcrypt/headers/tomcrypt_prng.h @@ -1,72 +1,79 @@ /* ---- PRNG Stuff ---- */ typedef union Prng_state { - char dummy[1]; + char dummy[1]; } prng_state; /** PRNG descriptor */ extern struct ltc_prng_descriptor { /** Name of the PRNG */ - char *name; + char *name; /** size in bytes of exported state */ - int export_size; + int export_size; /** Start a PRNG state @param prng [out] The state to initialize @return CRYPT_OK if successful */ - int (*start)(prng_state *prng); + int (*start) (prng_state * prng); /** Add entropy to the PRNG @param in The entropy @param inlen Length of the entropy (octets)\ @param prng The PRNG state @return CRYPT_OK if successful */ - int (*add_entropy)(const unsigned char *in, unsigned long inlen, prng_state *prng); + int (*add_entropy) (const unsigned char *in, unsigned long inlen, + prng_state * prng); /** Ready a PRNG state to read from @param prng The PRNG state to ready @return CRYPT_OK if successful */ - int (*ready)(prng_state *prng); + int (*ready) (prng_state * prng); /** Read from the PRNG @param out [out] Where to store the data @param outlen Length of data desired (octets) @param prng The PRNG state to read from @return Number of octets read */ - unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng); + unsigned long (*read) (unsigned char *out, unsigned long outlen, + prng_state * prng); /** Terminate a PRNG state @param prng The PRNG state to terminate @return CRYPT_OK if successful */ - int (*done)(prng_state *prng); + int (*done) (prng_state * prng); /** Export a PRNG state @param out [out] The destination for the state @param outlen [in/out] The max size and resulting size of the PRNG state @param prng The PRNG to export @return CRYPT_OK if successful */ - int (*pexport)(unsigned char *out, unsigned long *outlen, prng_state *prng); + int (*pexport) (unsigned char *out, unsigned long *outlen, + prng_state * prng); /** Import a PRNG state @param in The data to import @param inlen The length of the data to import (octets) @param prng The PRNG to initialize/import @return CRYPT_OK if successful */ - int (*pimport)(const unsigned char *in, unsigned long inlen, prng_state *prng); + int (*pimport) (const unsigned char *in, unsigned long inlen, + prng_state * prng); /** Self-test the PRNG @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled */ - int (*test)(void); + int (*test) (void); } prng_descriptor[]; -int linux_start(prng_state *prng); -int linux_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); -int linux_ready(prng_state *prng); -unsigned long linux_read(unsigned char *out, unsigned long outlen, prng_state *prng); -int linux_done(prng_state *prng); -int linux_export(unsigned char *out, unsigned long *outlen, prng_state *prng); -int linux_import(const unsigned char *in, unsigned long inlen, prng_state *prng); -int linux_test(void); +int linux_start(prng_state * prng); +int linux_add_entropy(const unsigned char *in, unsigned long inlen, + prng_state * prng); +int linux_ready(prng_state * prng); +unsigned long linux_read(unsigned char *out, unsigned long outlen, + prng_state * prng); +int linux_done(prng_state * prng); +int linux_export(unsigned char *out, unsigned long *outlen, prng_state * prng); +int linux_import(const unsigned char *in, unsigned long inlen, + prng_state * prng); +int linux_test(void); extern const struct ltc_prng_descriptor linux_desc; diff --git a/libtomcrypt/math/rand_prime.c b/libtomcrypt/math/rand_prime.c index 5eff3a1..fb17bf5 100644 --- a/libtomcrypt/math/rand_prime.c +++ b/libtomcrypt/math/rand_prime.c @@ -10,70 +10,67 @@ */ #include "tomcrypt.h" - /** @file rand_prime.c Generate a random prime, Tom St Denis -*/ +*/ #define USE_BBS 1 -int rand_prime(mp_int *N, long len) +int rand_prime(mp_int * N, long len) { - int err, res, type; - unsigned char *buf; - - LTC_ARGCHK(N != NULL); - - /* get type */ - if (len < 0) { - type = USE_BBS; - len = -len; - } else { - type = 0; - } - - /* allow sizes between 2 and 512 bytes for a prime size */ - if (len < 2 || len > 512) { - return CRYPT_INVALID_PRIME_SIZE; - } - - /* allocate buffer to work with */ - buf = XCALLOC(1, len); - if (buf == NULL) { - return CRYPT_MEM; - } - - do { - /* generate value */ - get_random_bytes( buf, len); - - /* munge bits */ - buf[0] |= 0x80 | 0x40; - buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00); - - /* load value */ - if ((err = mp_read_unsigned_bin(N, buf, len)) != CRYPT_OK) { - XFREE(buf); - return err; - } - - /* test */ - if ((err = mp_prime_is_prime(N, 8, &res)) != CRYPT_OK) { - XFREE(buf); - return err; - } - } while (res == LTC_MP_NO); + int err, res, type; + unsigned char *buf; + + LTC_ARGCHK(N != NULL); + + /* get type */ + if (len < 0) { + type = USE_BBS; + len = -len; + } else { + type = 0; + } + + /* allow sizes between 2 and 512 bytes for a prime size */ + if (len < 2 || len > 512) { + return CRYPT_INVALID_PRIME_SIZE; + } + + /* allocate buffer to work with */ + buf = XCALLOC(1, len); + if (buf == NULL) { + return CRYPT_MEM; + } + + do { + /* generate value */ + get_random_bytes(buf, len); + + /* munge bits */ + buf[0] |= 0x80 | 0x40; + buf[len - 1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00); + + /* load value */ + if ((err = mp_read_unsigned_bin(N, buf, len)) != CRYPT_OK) { + XFREE(buf); + return err; + } + + /* test */ + if ((err = mp_prime_is_prime(N, 8, &res)) != CRYPT_OK) { + XFREE(buf); + return err; + } + } while (res == LTC_MP_NO); #ifdef LTC_CLEAN_STACK - zeromem(buf, len); + zeromem(buf, len); #endif - XFREE(buf); - return CRYPT_OK; + XFREE(buf); + return CRYPT_OK; } - - /* $Source: /cvs/libtom/libtomcrypt/src/math/rand_prime.c,v $ */ /* $Revision: 1.7 $ */ diff --git a/libtomcrypt/misc/crypt/crypt_argchk.c b/libtomcrypt/misc/crypt/crypt_argchk.c index 143b784..a1fe682 100644 --- a/libtomcrypt/misc/crypt/crypt_argchk.c +++ b/libtomcrypt/misc/crypt/crypt_argchk.c @@ -13,13 +13,12 @@ /** @file crypt_argchk.c Perform argument checking, Tom St Denis -*/ +*/ #if (ARGTYPE == 0) void crypt_argchk(char *v, char *s, int d) { - printk("LTC_ARGCHK '%s' failure on line %d of file %s\n", - v, d, s); + printk("LTC_ARGCHK '%s' failure on line %d of file %s\n", v, d, s); } #endif diff --git a/libtomcrypt/misc/pk_get_oid.c b/libtomcrypt/misc/pk_get_oid.c index 197d7ae..7b2803f 100644 --- a/libtomcrypt/misc/pk_get_oid.c +++ b/libtomcrypt/misc/pk_get_oid.c @@ -10,31 +10,30 @@ #include "tomcrypt.h" static const oid_st rsa_oid = { - .OIDlen = 7, - .OID = { 1, 2, 840, 113549, 1, 1, 1 }, + .OIDlen = 7, + .OID = {1, 2, 840, 113549, 1, 1, 1}, }; static const oid_st dsa_oid = { - .OIDlen = 6, - .OID = { 1, 2, 840, 10040, 4, 1 }, + .OIDlen = 6, + .OID = {1, 2, 840, 10040, 4, 1}, }; /* Returns the OID of the public key algorithm. @return CRYPT_OK if valid */ -int pk_get_oid(int pk, oid_st *st) +int pk_get_oid(int pk, oid_st * st) { - switch (pk) { - case PKA_RSA: - memcpy(st, &rsa_oid, sizeof(*st)); - break; - case PKA_DSA: - memcpy(st, &dsa_oid, sizeof(*st)); - break; - default: - return CRYPT_INVALID_ARG; - } - return CRYPT_OK; + switch (pk) { + case PKA_RSA: + memcpy(st, &rsa_oid, sizeof(*st)); + break; + case PKA_DSA: + memcpy(st, &dsa_oid, sizeof(*st)); + break; + default: + return CRYPT_INVALID_ARG; + } + return CRYPT_OK; } - diff --git a/libtomcrypt/misc/zeromem.c b/libtomcrypt/misc/zeromem.c index a4bb124..812ccc3 100644 --- a/libtomcrypt/misc/zeromem.c +++ b/libtomcrypt/misc/zeromem.c @@ -22,11 +22,11 @@ */ void zeromem(void *out, size_t outlen) { - unsigned char *mem = out; - LTC_ARGCHKVD(out != NULL); - while (outlen-- > 0) { - *mem++ = 0; - } + unsigned char *mem = out; + LTC_ARGCHKVD(out != NULL); + while (outlen-- > 0) { + *mem++ = 0; + } } /* $Source: /cvs/libtom/libtomcrypt/src/misc/zeromem.c,v $ */ diff --git a/libtomcrypt/pk/dsa/dsa_export.c b/libtomcrypt/pk/dsa/dsa_export.c index 5a2d5df..01569e7 100644 --- a/libtomcrypt/pk/dsa/dsa_export.c +++ b/libtomcrypt/pk/dsa/dsa_export.c @@ -10,7 +10,6 @@ */ #include "tomcrypt.h" - /** @file dsa_export.c DSA implementation, export key, Tom St Denis @@ -26,74 +25,78 @@ @param key The key to export @return CRYPT_OK if successful */ -int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key) +int dsa_export(unsigned char *out, unsigned long *outlen, int type, + dsa_key * key) { - unsigned long zero=0; - int err; + unsigned long zero = 0; + int err; + + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* can we store the static header? */ + if (type == PK_PRIVATE && key->type != PK_PRIVATE) { + return CRYPT_PK_TYPE_MISMATCH; + } - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); + if (type != PK_PUBLIC && type != PK_PRIVATE) { + return CRYPT_INVALID_ARG; + } - /* can we store the static header? */ - if (type == PK_PRIVATE && key->type != PK_PRIVATE) { - return CRYPT_PK_TYPE_MISMATCH; - } + /* This encoding is different from the one in original + * libtomcrypt. It uses a compatible encoding with gnutls + * and openssl + */ + if (type == PK_PRIVATE) { + return der_encode_sequence_multi(out, outlen, + LTC_ASN1_SHORT_INTEGER, 1UL, + &zero, LTC_ASN1_INTEGER, 1UL, + &key->p, LTC_ASN1_INTEGER, 1UL, + &key->q, LTC_ASN1_INTEGER, 1UL, + &key->g, LTC_ASN1_INTEGER, 1UL, + &key->y, LTC_ASN1_INTEGER, 1UL, + &key->x, LTC_ASN1_EOL, 0UL, + NULL); + } else { + unsigned long tmplen = (mp_count_bits(&key->y) / 8) + 8; + unsigned char *tmp = XMALLOC(tmplen); + ltc_asn1_list int_list[3]; - if (type != PK_PUBLIC && type != PK_PRIVATE) { - return CRYPT_INVALID_ARG; - } + if (tmp == NULL) { + return CRYPT_MEM; + } - /* This encoding is different from the one in original - * libtomcrypt. It uses a compatible encoding with gnutls - * and openssl - */ - if (type == PK_PRIVATE) { - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->g, - LTC_ASN1_INTEGER, 1UL, &key->y, - LTC_ASN1_INTEGER, 1UL, &key->x, - LTC_ASN1_EOL, 0UL, NULL); - } else { - unsigned long tmplen = (mp_count_bits(&key->y)/8)+8; - unsigned char* tmp = XMALLOC(tmplen); - ltc_asn1_list int_list[3]; - - if (tmp == NULL) { - return CRYPT_MEM; - } - - err = der_encode_integer(&key->y, tmp, &tmplen); - if (err != CRYPT_OK) { - goto error; - } + err = der_encode_integer(&key->y, tmp, &tmplen); + if (err != CRYPT_OK) { + goto error; + } - int_list[0].data = &key->p; - int_list[0].size = 1UL; - int_list[0].type = LTC_ASN1_INTEGER; - int_list[1].data = &key->q; - int_list[1].size = 1UL; - int_list[1].type = LTC_ASN1_INTEGER; - int_list[2].data = &key->g; - int_list[2].size = 1UL; - int_list[2].type = LTC_ASN1_INTEGER; + int_list[0].data = &key->p; + int_list[0].size = 1UL; + int_list[0].type = LTC_ASN1_INTEGER; + int_list[1].data = &key->q; + int_list[1].size = 1UL; + int_list[1].type = LTC_ASN1_INTEGER; + int_list[2].data = &key->g; + int_list[2].size = 1UL; + int_list[2].type = LTC_ASN1_INTEGER; + + err = der_encode_subject_public_key_info(out, outlen, + PKA_DSA, tmp, tmplen, + LTC_ASN1_SEQUENCE, + int_list, + sizeof(int_list) / + sizeof(int_list[0])); - err = der_encode_subject_public_key_info(out, outlen, - PKA_DSA, tmp, tmplen, - LTC_ASN1_SEQUENCE, int_list, sizeof(int_list)/sizeof(int_list[0])); - error: - XFREE(tmp); - return err; - } + XFREE(tmp); + return err; + } } #endif - /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_export.c,v $ */ /* $Revision: 1.10 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/dsa/dsa_free.c b/libtomcrypt/pk/dsa/dsa_free.c index 37a330d..bfefefe 100644 --- a/libtomcrypt/pk/dsa/dsa_free.c +++ b/libtomcrypt/pk/dsa/dsa_free.c @@ -21,10 +21,10 @@ Free a DSA key @param key The key to free from memory */ -void dsa_free(dsa_key *key) +void dsa_free(dsa_key * key) { - LTC_ARGCHKVD(key != NULL); - mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); + LTC_ARGCHKVD(key != NULL); + mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); } #endif diff --git a/libtomcrypt/pk/dsa/dsa_import.c b/libtomcrypt/pk/dsa/dsa_import.c index c6a1f6f..cf21e3b 100644 --- a/libtomcrypt/pk/dsa/dsa_import.c +++ b/libtomcrypt/pk/dsa/dsa_import.c @@ -10,7 +10,6 @@ */ #include "tomcrypt.h" - /** @file dsa_import.c DSA implementation, import a DSA key, Tom St Denis @@ -25,73 +24,80 @@ @param key [out] Where to store the imported key @return CRYPT_OK if successful, upon error this function will free all allocated memory */ -int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) +int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key * key) { - int err; - unsigned long zero = 0; - unsigned char* tmpbuf = NULL; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - - /* init key */ - if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != CRYPT_OK) { - return CRYPT_MEM; - } - - /* get key type */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->g, - LTC_ASN1_INTEGER, 1UL, &key->y, - LTC_ASN1_INTEGER, 1UL, &key->x, - LTC_ASN1_EOL, 0UL, NULL)) == CRYPT_OK) { - key->type = PK_PRIVATE; - } else { /* public */ - ltc_asn1_list params[3]; - unsigned long tmpbuf_len = MAX_RSA_SIZE*8; - - LTC_SET_ASN1(params, 0, LTC_ASN1_INTEGER, &key->p, 1UL); - LTC_SET_ASN1(params, 1, LTC_ASN1_INTEGER, &key->q, 1UL); - LTC_SET_ASN1(params, 2, LTC_ASN1_INTEGER, &key->g, 1UL); - - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - err = der_decode_subject_public_key_info(in, inlen, - PKA_DSA, tmpbuf, &tmpbuf_len, - LTC_ASN1_SEQUENCE, params, 3); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err=der_decode_integer(tmpbuf, tmpbuf_len, &key->y)) != CRYPT_OK) { - goto LBL_ERR; - } - - XFREE(tmpbuf); - key->type = PK_PUBLIC; - } - - key->qord = mp_unsigned_bin_size(&key->q); - - if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || - (unsigned long)key->qord >= mp_unsigned_bin_size(&key->p) || (mp_unsigned_bin_size(&key->p) - key->qord) >= LTC_MDSA_DELTA) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - return CRYPT_OK; + int err; + unsigned long zero = 0; + unsigned char *tmpbuf = NULL; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(key != NULL); + + /* init key */ + if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != + CRYPT_OK) { + return CRYPT_MEM; + } + + /* get key type */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_SHORT_INTEGER, 1UL, &zero, + LTC_ASN1_INTEGER, 1UL, &key->p, + LTC_ASN1_INTEGER, 1UL, &key->q, + LTC_ASN1_INTEGER, 1UL, &key->g, + LTC_ASN1_INTEGER, 1UL, &key->y, + LTC_ASN1_INTEGER, 1UL, &key->x, + LTC_ASN1_EOL, 0UL, + NULL)) == CRYPT_OK) { + key->type = PK_PRIVATE; + } else { /* public */ + ltc_asn1_list params[3]; + unsigned long tmpbuf_len = MAX_RSA_SIZE * 8; + + LTC_SET_ASN1(params, 0, LTC_ASN1_INTEGER, &key->p, 1UL); + LTC_SET_ASN1(params, 1, LTC_ASN1_INTEGER, &key->q, 1UL); + LTC_SET_ASN1(params, 2, LTC_ASN1_INTEGER, &key->g, 1UL); + + tmpbuf = XCALLOC(1, tmpbuf_len); + if (tmpbuf == NULL) { + err = CRYPT_MEM; + goto LBL_ERR; + } + + err = der_decode_subject_public_key_info(in, inlen, + PKA_DSA, tmpbuf, + &tmpbuf_len, + LTC_ASN1_SEQUENCE, + params, 3); + if (err != CRYPT_OK) { + goto LBL_ERR; + } + + if ((err = + der_decode_integer(tmpbuf, tmpbuf_len, + &key->y)) != CRYPT_OK) { + goto LBL_ERR; + } + + XFREE(tmpbuf); + key->type = PK_PUBLIC; + } + + key->qord = mp_unsigned_bin_size(&key->q); + + if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || + (unsigned long)key->qord >= mp_unsigned_bin_size(&key->p) + || (mp_unsigned_bin_size(&key->p) - key->qord) >= LTC_MDSA_DELTA) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + return CRYPT_OK; LBL_ERR: - XFREE(tmpbuf); - mp_clear_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); - return err; + XFREE(tmpbuf); + mp_clear_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/dsa/dsa_make_key.c b/libtomcrypt/pk/dsa/dsa_make_key.c index eab5d15..d233e22 100644 --- a/libtomcrypt/pk/dsa/dsa_make_key.c +++ b/libtomcrypt/pk/dsa/dsa_make_key.c @@ -10,7 +10,6 @@ */ #include "tomcrypt.h" - /** @file dsa_make_key.c DSA implementation, generate a DSA key, Tom St Denis @@ -25,97 +24,130 @@ @param key [out] Where to store the created key @return CRYPT_OK if successful, upon error this function will free all allocated memory */ -int dsa_make_key(int group_size, int modulus_size, dsa_key *key) +int dsa_make_key(int group_size, int modulus_size, dsa_key * key) { - mp_int tmp, tmp2; - int err, res; - unsigned char *buf; - - LTC_ARGCHK(key != NULL); - - /* check size */ - if (group_size >= LTC_MDSA_MAX_GROUP || group_size <= 15 || - group_size >= modulus_size || (modulus_size - group_size) >= LTC_MDSA_DELTA) { - return CRYPT_INVALID_ARG; - } - - /* allocate ram */ - buf = XMALLOC(LTC_MDSA_DELTA); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* init mp_ints */ - if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) { - XFREE(buf); - return err; - } - - /* make our prime q */ - if ((err = rand_prime(&key->q, group_size)) != CRYPT_OK) { goto error; } - - /* double q */ - if ((err = mp_add(&key->q, &key->q, &tmp)) != CRYPT_OK) { goto error; } - - /* now make a random string and multply it against q */ - get_random_bytes(buf+1, modulus_size - group_size); - - /* force magnitude */ - buf[0] |= 0xC0; - - /* force even */ - buf[modulus_size - group_size - 1] &= ~1; - - if ((err = mp_read_unsigned_bin(&tmp2, buf, modulus_size - group_size)) != CRYPT_OK) { goto error; } - if ((err = mp_mul(&key->q, &tmp2, &key->p)) != CRYPT_OK) { goto error; } - if ((err = mp_add_d(&key->p, 1, &key->p)) != CRYPT_OK) { goto error; } - - /* now loop until p is prime */ - for (;;) { - if ((err = mp_prime_is_prime(&key->p, 8, &res)) != CRYPT_OK) { goto error; } - if (res == LTC_MP_YES) break; - - /* add 2q to p and 2 to tmp2 */ - if ((err = mp_add(&tmp, &key->p, &key->p)) != CRYPT_OK) { goto error; } - if ((err = mp_add_d(&tmp2, 2, &tmp2)) != CRYPT_OK) { goto error; } - } - - /* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */ - mp_set(&key->g, 1); - - do { - if ((err = mp_add_d(&key->g, 1, &key->g)) != CRYPT_OK) { goto error; } - if ((err = mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != CRYPT_OK) { goto error; } - } while (mp_cmp_d(&tmp, 1) == LTC_MP_EQ); - - /* at this point tmp generates a group of order q mod p */ - mp_exch(&tmp, &key->g); - - /* so now we have our DH structure, generator g, order q, modulus p - Now we need a random exponent [mod q] and it's power g^x mod p - */ - do { - get_random_bytes(buf, group_size); - - if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != CRYPT_OK) { goto error; } - } while (mp_cmp_d(&key->x, 1) != LTC_MP_GT); - if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != CRYPT_OK) { goto error; } - - key->type = PK_PRIVATE; - key->qord = group_size; + mp_int tmp, tmp2; + int err, res; + unsigned char *buf; + + LTC_ARGCHK(key != NULL); + + /* check size */ + if (group_size >= LTC_MDSA_MAX_GROUP || group_size <= 15 || + group_size >= modulus_size + || (modulus_size - group_size) >= LTC_MDSA_DELTA) { + return CRYPT_INVALID_ARG; + } + + /* allocate ram */ + buf = XMALLOC(LTC_MDSA_DELTA); + if (buf == NULL) { + return CRYPT_MEM; + } + + /* init mp_ints */ + if ((err = + mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, + &key->y, NULL)) != CRYPT_OK) { + XFREE(buf); + return err; + } + + /* make our prime q */ + if ((err = rand_prime(&key->q, group_size)) != CRYPT_OK) { + goto error; + } + + /* double q */ + if ((err = mp_add(&key->q, &key->q, &tmp)) != CRYPT_OK) { + goto error; + } + + /* now make a random string and multply it against q */ + get_random_bytes(buf + 1, modulus_size - group_size); + + /* force magnitude */ + buf[0] |= 0xC0; + + /* force even */ + buf[modulus_size - group_size - 1] &= ~1; + + if ((err = + mp_read_unsigned_bin(&tmp2, buf, + modulus_size - group_size)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mul(&key->q, &tmp2, &key->p)) != CRYPT_OK) { + goto error; + } + if ((err = mp_add_d(&key->p, 1, &key->p)) != CRYPT_OK) { + goto error; + } + + /* now loop until p is prime */ + for (;;) { + if ((err = mp_prime_is_prime(&key->p, 8, &res)) != CRYPT_OK) { + goto error; + } + if (res == LTC_MP_YES) + break; + + /* add 2q to p and 2 to tmp2 */ + if ((err = mp_add(&tmp, &key->p, &key->p)) != CRYPT_OK) { + goto error; + } + if ((err = mp_add_d(&tmp2, 2, &tmp2)) != CRYPT_OK) { + goto error; + } + } + + /* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */ + mp_set(&key->g, 1); + + do { + if ((err = mp_add_d(&key->g, 1, &key->g)) != CRYPT_OK) { + goto error; + } + if ((err = + mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != CRYPT_OK) { + goto error; + } + } while (mp_cmp_d(&tmp, 1) == LTC_MP_EQ); + + /* at this point tmp generates a group of order q mod p */ + mp_exch(&tmp, &key->g); + + /* so now we have our DH structure, generator g, order q, modulus p + Now we need a random exponent [mod q] and it's power g^x mod p + */ + do { + get_random_bytes(buf, group_size); + + if ((err = + mp_read_unsigned_bin(&key->x, buf, + group_size)) != CRYPT_OK) { + goto error; + } + } while (mp_cmp_d(&key->x, 1) != LTC_MP_GT); + if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != CRYPT_OK) { + goto error; + } + + key->type = PK_PRIVATE; + key->qord = group_size; #ifdef LTC_CLEAN_STACK - zeromem(buf, LTC_MDSA_DELTA); + zeromem(buf, LTC_MDSA_DELTA); #endif - err = CRYPT_OK; - goto done; -error: - mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); -done: - mp_clear_multi(&tmp, &tmp2, NULL); - XFREE(buf); - return err; + err = CRYPT_OK; + goto done; +error: + mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); +done: + mp_clear_multi(&tmp, &tmp2, NULL); + XFREE(buf); + return err; } #endif diff --git a/libtomcrypt/pk/dsa/dsa_sign_hash.c b/libtomcrypt/pk/dsa/dsa_sign_hash.c index 6f4dad8..897241f 100644 --- a/libtomcrypt/pk/dsa/dsa_sign_hash.c +++ b/libtomcrypt/pk/dsa/dsa_sign_hash.c @@ -10,7 +10,6 @@ */ #include "tomcrypt.h" - /** @file dsa_sign_hash.c DSA implementation, sign a hash, Tom St Denis @@ -27,78 +26,106 @@ @param key A private DSA key @return CRYPT_OK if successful */ -int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, - mp_int_t r, mp_int_t s, - dsa_key *key) +int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, + mp_int_t r, mp_int_t s, dsa_key * key) { - mp_int k, kinv, tmp; - unsigned char *buf; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(r != NULL); - LTC_ARGCHK(s != NULL); - LTC_ARGCHK(key != NULL); - - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* check group order size */ - if (key->qord >= LTC_MDSA_MAX_GROUP) { - return CRYPT_INVALID_ARG; - } - - buf = XMALLOC(LTC_MDSA_MAX_GROUP); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* Init our temps */ - if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { goto ERRBUF; } + mp_int k, kinv, tmp; + unsigned char *buf; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(r != NULL); + LTC_ARGCHK(s != NULL); + LTC_ARGCHK(key != NULL); + + if (key->type != PK_PRIVATE) { + return CRYPT_PK_NOT_PRIVATE; + } + + /* check group order size */ + if (key->qord >= LTC_MDSA_MAX_GROUP) { + return CRYPT_INVALID_ARG; + } + + buf = XMALLOC(LTC_MDSA_MAX_GROUP); + if (buf == NULL) { + return CRYPT_MEM; + } + + /* Init our temps */ + if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { + goto ERRBUF; + } retry: - do { - /* gen random k */ - get_random_bytes(buf, key->qord); - - /* read k */ - if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != CRYPT_OK) { goto error; } - - /* k > 1 ? */ - if (mp_cmp_d(&k, 1) != LTC_MP_GT) { goto retry; } - - /* test gcd */ - if ((err = mp_gcd(&k, &key->q, &tmp)) != CRYPT_OK) { goto error; } - } while (mp_cmp_d(&tmp, 1) != LTC_MP_EQ); - - /* now find 1/k mod q */ - if ((err = mp_invmod(&k, &key->q, &kinv)) != CRYPT_OK) { goto error; } - - /* now find r = g^k mod p mod q */ - if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(r, &key->q, r)) != CRYPT_OK) { goto error; } - - if (mp_iszero(r) == LTC_MP_YES) { goto retry; } - - /* now find s = (in + xr)/k mod q */ - if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; } - if ((err = mp_mul(&key->x, r, s)) != CRYPT_OK) { goto error; } - if ((err = mp_add(s, &tmp, s)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(s, &kinv, &key->q, s)) != CRYPT_OK) { goto error; } - - if (mp_iszero(s) == LTC_MP_YES) { goto retry; } - - err = CRYPT_OK; -error: - mp_clear_multi(&k, &kinv, &tmp, NULL); + do { + /* gen random k */ + get_random_bytes(buf, key->qord); + + /* read k */ + if ((err = + mp_read_unsigned_bin(&k, buf, key->qord)) != CRYPT_OK) { + goto error; + } + + /* k > 1 ? */ + if (mp_cmp_d(&k, 1) != LTC_MP_GT) { + goto retry; + } + + /* test gcd */ + if ((err = mp_gcd(&k, &key->q, &tmp)) != CRYPT_OK) { + goto error; + } + } while (mp_cmp_d(&tmp, 1) != LTC_MP_EQ); + + /* now find 1/k mod q */ + if ((err = mp_invmod(&k, &key->q, &kinv)) != CRYPT_OK) { + goto error; + } + + /* now find r = g^k mod p mod q */ + if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mod(r, &key->q, r)) != CRYPT_OK) { + goto error; + } + + if (mp_iszero(r) == LTC_MP_YES) { + goto retry; + } + + /* now find s = (in + xr)/k mod q */ + if ((err = + mp_read_unsigned_bin(&tmp, (unsigned char *)in, + inlen)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mul(&key->x, r, s)) != CRYPT_OK) { + goto error; + } + if ((err = mp_add(s, &tmp, s)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mulmod(s, &kinv, &key->q, s)) != CRYPT_OK) { + goto error; + } + + if (mp_iszero(s) == LTC_MP_YES) { + goto retry; + } + + err = CRYPT_OK; +error: + mp_clear_multi(&k, &kinv, &tmp, NULL); ERRBUF: #ifdef LTC_CLEAN_STACK - zeromem(buf, LTC_MDSA_MAX_GROUP); + zeromem(buf, LTC_MDSA_MAX_GROUP); #endif - XFREE(buf); - return err; + XFREE(buf); + return err; } /** @@ -110,34 +137,33 @@ ERRBUF: @param key A private DSA key @return CRYPT_OK if successful */ -int dsa_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - dsa_key *key) +int dsa_sign_hash(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, dsa_key * key) { - mp_int r, s; - int err; + mp_int r, s; + int err; - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); - if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) { - return CRYPT_MEM; - } + if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) { + return CRYPT_MEM; + } - if ((err = dsa_sign_hash_raw(in, inlen, &r, &s, key)) != CRYPT_OK) { - goto error; - } + if ((err = dsa_sign_hash_raw(in, inlen, &r, &s, key)) != CRYPT_OK) { + goto error; + } - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_INTEGER, 1UL, &r, - LTC_ASN1_INTEGER, 1UL, &s, - LTC_ASN1_EOL, 0UL, NULL); + err = der_encode_sequence_multi(out, outlen, + LTC_ASN1_INTEGER, 1UL, &r, + LTC_ASN1_INTEGER, 1UL, &s, + LTC_ASN1_EOL, 0UL, NULL); error: - mp_clear_multi(&r, &s, NULL); - return err; + mp_clear_multi(&r, &s, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/dsa/dsa_verify_hash.c b/libtomcrypt/pk/dsa/dsa_verify_hash.c index 3a82d1b..0f8ec49 100644 --- a/libtomcrypt/pk/dsa/dsa_verify_hash.c +++ b/libtomcrypt/pk/dsa/dsa_verify_hash.c @@ -15,7 +15,6 @@ DSA implementation, verify a signature, Tom St Denis */ - #ifdef LTC_MDSA /** @@ -28,57 +27,77 @@ @param key The corresponding public DH key @return CRYPT_OK if successful (even if the signature is invalid) */ -int dsa_verify_hash_raw( mp_int_t r, mp_int_t s, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key) +int dsa_verify_hash_raw(mp_int_t r, mp_int_t s, + const unsigned char *hash, unsigned long hashlen, + int *stat, dsa_key * key) { - mp_int w, v, u1, u2; - int err; - - LTC_ARGCHK(r != NULL); - LTC_ARGCHK(s != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* default to invalid signature */ - *stat = 0; - - /* init our variables */ - if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) { - return err; - } - - /* neither r or s can be null or >q*/ - if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, &key->q) != LTC_MP_LT || mp_cmp(s, &key->q) != LTC_MP_LT) { - err = CRYPT_INVALID_PACKET; - goto error; - } - - /* w = 1/s mod q */ - if ((err = mp_invmod(s, &key->q, &w)) != CRYPT_OK) { goto error; } - - /* u1 = m * w mod q */ - if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != CRYPT_OK) { goto error; } - - /* u2 = r*w mod q */ - if ((err = mp_mulmod(r, &w, &key->q, &u2)) != CRYPT_OK) { goto error; } - - /* v = g^u1 * y^u2 mod p mod q */ - if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != CRYPT_OK) { goto error; } - if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(&v, &key->q, &v)) != CRYPT_OK) { goto error; } - - /* if r = v then we're set */ - if (mp_cmp(r, &v) == LTC_MP_EQ) { - *stat = 1; - } - - err = CRYPT_OK; + mp_int w, v, u1, u2; + int err; + + LTC_ARGCHK(r != NULL); + LTC_ARGCHK(s != NULL); + LTC_ARGCHK(stat != NULL); + LTC_ARGCHK(key != NULL); + + /* default to invalid signature */ + *stat = 0; + + /* init our variables */ + if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) { + return err; + } + + /* neither r or s can be null or >q */ + if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES + || mp_cmp(r, &key->q) != LTC_MP_LT + || mp_cmp(s, &key->q) != LTC_MP_LT) { + err = CRYPT_INVALID_PACKET; + goto error; + } + + /* w = 1/s mod q */ + if ((err = mp_invmod(s, &key->q, &w)) != CRYPT_OK) { + goto error; + } + + /* u1 = m * w mod q */ + if ((err = + mp_read_unsigned_bin(&u1, (unsigned char *)hash, + hashlen)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != CRYPT_OK) { + goto error; + } + + /* u2 = r*w mod q */ + if ((err = mp_mulmod(r, &w, &key->q, &u2)) != CRYPT_OK) { + goto error; + } + + /* v = g^u1 * y^u2 mod p mod q */ + if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != CRYPT_OK) { + goto error; + } + if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != CRYPT_OK) { + goto error; + } + if ((err = mp_mod(&v, &key->q, &v)) != CRYPT_OK) { + goto error; + } + + /* if r = v then we're set */ + if (mp_cmp(r, &v) == LTC_MP_EQ) { + *stat = 1; + } + + err = CRYPT_OK; error: - mp_clear_multi(&w, &v, &u1, &u2, NULL); - return err; + mp_clear_multi(&w, &v, &u1, &u2, NULL); + return err; } /** @@ -92,35 +111,35 @@ error: @return CRYPT_OK if successful (even if the signature is invalid) */ int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key) + const unsigned char *hash, unsigned long hashlen, + int *stat, dsa_key * key) { - int err; - mp_int r, s; + int err; + mp_int r, s; - if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { - return CRYPT_MEM; - } + if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { + return CRYPT_MEM; + } - /* decode the sequence */ - if ((err = der_decode_sequence_multi(sig, siglen, - LTC_ASN1_INTEGER, 1UL, &r, - LTC_ASN1_INTEGER, 1UL, &s, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } + /* decode the sequence */ + if ((err = der_decode_sequence_multi(sig, siglen, + LTC_ASN1_INTEGER, 1UL, &r, + LTC_ASN1_INTEGER, 1UL, &s, + LTC_ASN1_EOL, 0UL, + NULL)) != CRYPT_OK) { + goto LBL_ERR; + } - /* do the op */ - err = dsa_verify_hash_raw(&r, &s, hash, hashlen, stat, key); + /* do the op */ + err = dsa_verify_hash_raw(&r, &s, hash, hashlen, stat, key); LBL_ERR: - mp_clear_multi(&r, &s, NULL); - return err; + mp_clear_multi(&r, &s, NULL); + return err; } #endif - /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_hash.c,v $ */ /* $Revision: 1.15 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/dsa/dsa_verify_key.c b/libtomcrypt/pk/dsa/dsa_verify_key.c index 71635d2..cba33c5 100644 --- a/libtomcrypt/pk/dsa/dsa_verify_key.c +++ b/libtomcrypt/pk/dsa/dsa_verify_key.c @@ -23,75 +23,89 @@ @param stat [out] Result of test, 1==valid, 0==invalid @return CRYPT_OK if successful */ -int dsa_verify_key(dsa_key *key, int *stat) +int dsa_verify_key(dsa_key * key, int *stat) { - mp_int tmp, tmp2; - int res, err; + mp_int tmp, tmp2; + int res, err; - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(stat != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(stat != NULL); - /* default to an invalid key */ - *stat = 0; + /* default to an invalid key */ + *stat = 0; - /* first make sure key->q and key->p are prime */ - if ((err = mp_prime_is_prime(&key->q, 8, &res)) != CRYPT_OK) { - return err; - } - if (res == 0) { - return CRYPT_OK; - } + /* first make sure key->q and key->p are prime */ + if ((err = mp_prime_is_prime(&key->q, 8, &res)) != CRYPT_OK) { + return err; + } + if (res == 0) { + return CRYPT_OK; + } - if ((err = mp_prime_is_prime(&key->p, 8, &res)) != CRYPT_OK) { - return err; - } - if (res == 0) { - return CRYPT_OK; - } + if ((err = mp_prime_is_prime(&key->p, 8, &res)) != CRYPT_OK) { + return err; + } + if (res == 0) { + return CRYPT_OK; + } - /* now make sure that g is not -1, 0 or 1 and <p */ - if (mp_cmp_d(&key->g, 0) == LTC_MP_EQ || mp_cmp_d(&key->g, 1) == LTC_MP_EQ) { - return CRYPT_OK; - } - if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; } - if ((err = mp_sub_d(&key->p, 1, &tmp)) != CRYPT_OK) { goto error; } - if (mp_cmp(&tmp, &key->g) == LTC_MP_EQ || mp_cmp(&key->g, &key->p) != LTC_MP_LT) { - err = CRYPT_OK; - goto error; - } + /* now make sure that g is not -1, 0 or 1 and <p */ + if (mp_cmp_d(&key->g, 0) == LTC_MP_EQ + || mp_cmp_d(&key->g, 1) == LTC_MP_EQ) { + return CRYPT_OK; + } + if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { + return err; + } + if ((err = mp_sub_d(&key->p, 1, &tmp)) != CRYPT_OK) { + goto error; + } + if (mp_cmp(&tmp, &key->g) == LTC_MP_EQ + || mp_cmp(&key->g, &key->p) != LTC_MP_LT) { + err = CRYPT_OK; + goto error; + } - /* 1 < y < p-1 */ - if (!(mp_cmp_d(&key->y, 1) == LTC_MP_GT && mp_cmp(&key->y, &tmp) == LTC_MP_LT)) { - err = CRYPT_OK; - goto error; - } + /* 1 < y < p-1 */ + if (! + (mp_cmp_d(&key->y, 1) == LTC_MP_GT + && mp_cmp(&key->y, &tmp) == LTC_MP_LT)) { + err = CRYPT_OK; + goto error; + } - /* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */ - if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != CRYPT_OK) { goto error; } - if (mp_iszero(&tmp2) != LTC_MP_YES) { - err = CRYPT_OK; - goto error; - } + /* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */ + if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != CRYPT_OK) { + goto error; + } + if (mp_iszero(&tmp2) != LTC_MP_YES) { + err = CRYPT_OK; + goto error; + } - if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != CRYPT_OK) { goto error; } - if (mp_cmp_d(&tmp, 1) != LTC_MP_EQ) { - err = CRYPT_OK; - goto error; - } + if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != CRYPT_OK) { + goto error; + } + if (mp_cmp_d(&tmp, 1) != LTC_MP_EQ) { + err = CRYPT_OK; + goto error; + } - /* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */ - if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != CRYPT_OK) { goto error; } - if (mp_cmp_d(&tmp, 1) != LTC_MP_EQ) { - err = CRYPT_OK; - goto error; - } + /* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */ + if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != CRYPT_OK) { + goto error; + } + if (mp_cmp_d(&tmp, 1) != LTC_MP_EQ) { + err = CRYPT_OK; + goto error; + } - /* at this point we are out of tests ;-( */ - err = CRYPT_OK; - *stat = 1; -error: - mp_clear_multi(&tmp, &tmp2, NULL); - return err; + /* at this point we are out of tests ;-( */ + err = CRYPT_OK; + *stat = 1; +error: + mp_clear_multi(&tmp, &tmp2, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_i2osp.c b/libtomcrypt/pk/pkcs1/pkcs_1_i2osp.c index 70294a5..7881068 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_i2osp.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_i2osp.c @@ -30,22 +30,21 @@ */ int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out) { - unsigned long size; + unsigned long size; - size = mp_unsigned_bin_size(n); + size = mp_unsigned_bin_size(n); - if (size > modulus_len) { - return CRYPT_BUFFER_OVERFLOW; - } + if (size > modulus_len) { + return CRYPT_BUFFER_OVERFLOW; + } - /* store it */ - zeromem(out, modulus_len); - return mp_to_unsigned_bin(n, out+(modulus_len-size)); + /* store it */ + zeromem(out, modulus_len); + return mp_to_unsigned_bin(n, out + (modulus_len - size)); } #endif /* LTC_PKCS_1 */ - /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c,v $ */ /* $Revision: 1.7 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_mgf1.c b/libtomcrypt/pk/pkcs1/pkcs_1_mgf1.c index bfa3e7e..7becb86 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_mgf1.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_mgf1.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_mgf1.c The Mask Generation Function (MGF1) for LTC_PKCS #1, Tom St Denis @@ -29,59 +28,61 @@ @return CRYPT_OK if successful */ int pkcs_1_mgf1(const struct algo_properties_st *hash, - const unsigned char *seed, unsigned long seedlen, - unsigned char *mask, unsigned long masklen) + const unsigned char *seed, unsigned long seedlen, + unsigned char *mask, unsigned long masklen) { - unsigned long hLen, x; - ulong32 counter; - int err; - unsigned char *buf; - - LTC_ARGCHK(seed != NULL); - LTC_ARGCHK(mask != NULL); - - /* ensure valid hash */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - /* get hash output size */ - hLen = hash->digest_size; - - /* allocate memory */ - buf = XMALLOC(hLen); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* start counter */ - counter = 0; - - while (masklen > 0) { - /* handle counter */ - STORE32H(counter, buf); - ++counter; - - err = hash_memory_multi(hash, buf, &hLen, seed, seedlen, buf, (unsigned long) 4, NULL, 0); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - /* store it */ - for (x = 0; x < hLen && masklen > 0; x++, masklen--) { - *mask++ = buf[x]; - } - } - - err = CRYPT_OK; + unsigned long hLen, x; + ulong32 counter; + int err; + unsigned char *buf; + + LTC_ARGCHK(seed != NULL); + LTC_ARGCHK(mask != NULL); + + /* ensure valid hash */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + + /* get hash output size */ + hLen = hash->digest_size; + + /* allocate memory */ + buf = XMALLOC(hLen); + if (buf == NULL) { + return CRYPT_MEM; + } + + /* start counter */ + counter = 0; + + while (masklen > 0) { + /* handle counter */ + STORE32H(counter, buf); + ++counter; + + err = + hash_memory_multi(hash, buf, &hLen, seed, seedlen, buf, + (unsigned long)4, NULL, 0); + if (err != CRYPT_OK) { + goto LBL_ERR; + } + + /* store it */ + for (x = 0; x < hLen && masklen > 0; x++, masklen--) { + *mask++ = buf[x]; + } + } + + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(buf, hLen); + zeromem(buf, hLen); #endif - XFREE(buf); + XFREE(buf); - return err; + return err; } #endif /* LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_oaep_decode.c b/libtomcrypt/pk/pkcs1/pkcs_1_oaep_decode.c index 04833ff..1335170 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_oaep_decode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_oaep_decode.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_oaep_decode.c OAEP Padding for LTC_PKCS #1, Tom St Denis @@ -32,157 +31,163 @@ @param res [out] Result of decoding, 1==valid, 0==invalid @return CRYPT_OK if successful (even if invalid) */ -int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, const struct algo_properties_st *hash, - unsigned char *out, unsigned long *outlen, - int *res) +int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, + const unsigned char *lparam, unsigned long lparamlen, + unsigned long modulus_bitlen, + const struct algo_properties_st *hash, + unsigned char *out, unsigned long *outlen, int *res) { - unsigned char *DB, *seed, *mask; - unsigned long hLen, x, y, modulus_len; - int err; - - LTC_ARGCHK(msg != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(res != NULL); - - /* default to invalid packet */ - *res = 0; - - /* test valid hash */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - hLen = hash->digest_size; - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test hash/message size */ - if ((2*hLen >= (modulus_len - 2)) || (msglen != modulus_len)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - seed = XMALLOC(hLen); - if (DB == NULL || mask == NULL || seed == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (seed != NULL) { - XFREE(seed); - } - return CRYPT_MEM; - } - - /* ok so it's now in the form - - 0x00 || maskedseed || maskedDB - - 1 || hLen || modulus_len - hLen - 1 - - */ - - /* must have leading 0x00 byte */ - if (msg[0] != 0x00) { - err = CRYPT_OK; - goto LBL_ERR; - } - - /* now read the masked seed */ - x = 1; - XMEMCPY(seed, msg + x, hLen); - x += hLen; - - /* now read the masked DB */ - XMEMCPY(DB, msg + x, modulus_len - hLen - 1); - x += modulus_len - hLen - 1; - - /* compute MGF1 of maskedDB (hLen) */ - if ((err = pkcs_1_mgf1(hash, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* XOR against seed */ - for (y = 0; y < hLen; y++) { - seed[y] ^= mask[y]; - } - - /* compute MGF1 of seed (k - hlen - 1) */ - if ((err = pkcs_1_mgf1(hash, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* now DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ - - /* compute lhash and store it in seed [reuse temps!] */ - x = modulus_len; - if (lparam != NULL) { - if ((err = hash_memory(hash, lparam, lparamlen, seed, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } else { - /* can't pass hash_memory a NULL so use DB with zero length */ - if ((err = hash_memory(hash, DB, 0, seed, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* compare the lhash'es */ - if (XMEMCMP(seed, DB, hLen) != 0) { - err = CRYPT_OK; - goto LBL_ERR; - } - - /* now zeroes before a 0x01 */ - for (x = hLen; x < (modulus_len - hLen - 1) && DB[x] == 0x00; x++) { - /* step... */ - } - - /* error out if wasn't 0x01 */ - if (x == (modulus_len - hLen - 1) || DB[x] != 0x01) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* rest is the message (and skip 0x01) */ - if ((modulus_len - hLen - 1 - ++x) > *outlen) { - *outlen = modulus_len - hLen - 1 - x; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* copy message */ - *outlen = modulus_len - hLen - 1 - x; - XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x); - x += modulus_len - hLen - 1; - - /* valid packet */ - *res = 1; - - err = CRYPT_OK; + unsigned char *DB, *seed, *mask; + unsigned long hLen, x, y, modulus_len; + int err; + + LTC_ARGCHK(msg != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(res != NULL); + + /* default to invalid packet */ + *res = 0; + + /* test valid hash */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + + hLen = hash->digest_size; + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* test hash/message size */ + if ((2 * hLen >= (modulus_len - 2)) || (msglen != modulus_len)) { + return CRYPT_PK_INVALID_SIZE; + } + + /* allocate ram for DB/mask/salt of size modulus_len */ + DB = XMALLOC(modulus_len); + mask = XMALLOC(modulus_len); + seed = XMALLOC(hLen); + if (DB == NULL || mask == NULL || seed == NULL) { + if (DB != NULL) { + XFREE(DB); + } + if (mask != NULL) { + XFREE(mask); + } + if (seed != NULL) { + XFREE(seed); + } + return CRYPT_MEM; + } + + /* ok so it's now in the form + + 0x00 || maskedseed || maskedDB + + 1 || hLen || modulus_len - hLen - 1 + + */ + + /* must have leading 0x00 byte */ + if (msg[0] != 0x00) { + err = CRYPT_OK; + goto LBL_ERR; + } + + /* now read the masked seed */ + x = 1; + XMEMCPY(seed, msg + x, hLen); + x += hLen; + + /* now read the masked DB */ + XMEMCPY(DB, msg + x, modulus_len - hLen - 1); + x += modulus_len - hLen - 1; + + /* compute MGF1 of maskedDB (hLen) */ + if ((err = + pkcs_1_mgf1(hash, DB, modulus_len - hLen - 1, mask, + hLen)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* XOR against seed */ + for (y = 0; y < hLen; y++) { + seed[y] ^= mask[y]; + } + + /* compute MGF1 of seed (k - hlen - 1) */ + if ((err = + pkcs_1_mgf1(hash, seed, hLen, mask, + modulus_len - hLen - 1)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* xor against DB */ + for (y = 0; y < (modulus_len - hLen - 1); y++) { + DB[y] ^= mask[y]; + } + + /* now DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ + + /* compute lhash and store it in seed [reuse temps!] */ + x = modulus_len; + if (lparam != NULL) { + if ((err = + hash_memory(hash, lparam, lparamlen, seed, + &x)) != CRYPT_OK) { + goto LBL_ERR; + } + } else { + /* can't pass hash_memory a NULL so use DB with zero length */ + if ((err = hash_memory(hash, DB, 0, seed, &x)) != CRYPT_OK) { + goto LBL_ERR; + } + } + + /* compare the lhash'es */ + if (XMEMCMP(seed, DB, hLen) != 0) { + err = CRYPT_OK; + goto LBL_ERR; + } + + /* now zeroes before a 0x01 */ + for (x = hLen; x < (modulus_len - hLen - 1) && DB[x] == 0x00; x++) { + /* step... */ + } + + /* error out if wasn't 0x01 */ + if (x == (modulus_len - hLen - 1) || DB[x] != 0x01) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + /* rest is the message (and skip 0x01) */ + if ((modulus_len - hLen - 1 - ++x) > *outlen) { + *outlen = modulus_len - hLen - 1 - x; + err = CRYPT_BUFFER_OVERFLOW; + goto LBL_ERR; + } + + /* copy message */ + *outlen = modulus_len - hLen - 1 - x; + XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x); + x += modulus_len - hLen - 1; + + /* valid packet */ + *res = 1; + + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(seed, hLen); - zeromem(mask, modulus_len); + zeromem(DB, modulus_len); + zeromem(seed, hLen); + zeromem(mask, modulus_len); #endif - XFREE(seed); - XFREE(mask); - XFREE(DB); + XFREE(seed); + XFREE(mask); + XFREE(DB); - return err; + return err; } #endif /* LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_oaep_encode.c b/libtomcrypt/pk/pkcs1/pkcs_1_oaep_encode.c index ab75f73..9d07ead 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_oaep_encode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_oaep_encode.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_oaep_encode.c OAEP Padding for LTC_PKCS #1, Tom St Denis @@ -31,134 +30,141 @@ @param outlen [in/out] The max size and resulting size of the encoded data @return CRYPT_OK if successful */ -int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, const struct algo_properties_st *hash, - unsigned char *out, unsigned long *outlen) +int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, + const unsigned char *lparam, unsigned long lparamlen, + unsigned long modulus_bitlen, + const struct algo_properties_st *hash, + unsigned char *out, unsigned long *outlen) { - unsigned char *DB, *seed, *mask; - unsigned long hLen, x, y, modulus_len; - int err; - - LTC_ARGCHK(msg != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* test valid hash */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - hLen = hash->digest_size; - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test message size */ - if ((2*hLen >= (modulus_len - 2)) || (msglen > (modulus_len - 2*hLen - 2))) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - seed = XMALLOC(hLen); - if (DB == NULL || mask == NULL || seed == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (seed != NULL) { - XFREE(seed); - } - return CRYPT_MEM; - } - - /* get lhash */ - /* DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ - x = modulus_len; - if (lparam != NULL) { - if ((err = hash_memory(hash, lparam, lparamlen, DB, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } else { - /* can't pass hash_memory a NULL so use DB with zero length */ - if ((err = hash_memory(hash, DB, 0, DB, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* append PS then 0x01 (to lhash) */ - x = hLen; - y = modulus_len - msglen - 2*hLen - 2; - XMEMSET(DB+x, 0, y); - x += y; - - /* 0x01 byte */ - DB[x++] = 0x01; - - /* message (length = msglen) */ - XMEMCPY(DB+x, msg, msglen); - x += msglen; - - /* now choose a random seed */ - get_random_bytes(seed, hLen); - - /* compute MGF1 of seed (k - hlen - 1) */ - if ((err = pkcs_1_mgf1(hash, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* compute MGF1 of maskedDB (hLen) */ - if ((err = pkcs_1_mgf1(hash, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* XOR against seed */ - for (y = 0; y < hLen; y++) { - seed[y] ^= mask[y]; - } - - /* create string of length modulus_len */ - if (*outlen < modulus_len) { - *outlen = modulus_len; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* start output which is 0x00 || maskedSeed || maskedDB */ - x = 0; - out[x++] = 0x00; - XMEMCPY(out+x, seed, hLen); - x += hLen; - XMEMCPY(out+x, DB, modulus_len - hLen - 1); - x += modulus_len - hLen - 1; - - *outlen = x; - - err = CRYPT_OK; + unsigned char *DB, *seed, *mask; + unsigned long hLen, x, y, modulus_len; + int err; + + LTC_ARGCHK(msg != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + + /* test valid hash */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + + hLen = hash->digest_size; + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* test message size */ + if ((2 * hLen >= (modulus_len - 2)) + || (msglen > (modulus_len - 2 * hLen - 2))) { + return CRYPT_PK_INVALID_SIZE; + } + + /* allocate ram for DB/mask/salt of size modulus_len */ + DB = XMALLOC(modulus_len); + mask = XMALLOC(modulus_len); + seed = XMALLOC(hLen); + if (DB == NULL || mask == NULL || seed == NULL) { + if (DB != NULL) { + XFREE(DB); + } + if (mask != NULL) { + XFREE(mask); + } + if (seed != NULL) { + XFREE(seed); + } + return CRYPT_MEM; + } + + /* get lhash */ + /* DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ + x = modulus_len; + if (lparam != NULL) { + if ((err = + hash_memory(hash, lparam, lparamlen, DB, + &x)) != CRYPT_OK) { + goto LBL_ERR; + } + } else { + /* can't pass hash_memory a NULL so use DB with zero length */ + if ((err = hash_memory(hash, DB, 0, DB, &x)) != CRYPT_OK) { + goto LBL_ERR; + } + } + + /* append PS then 0x01 (to lhash) */ + x = hLen; + y = modulus_len - msglen - 2 * hLen - 2; + XMEMSET(DB + x, 0, y); + x += y; + + /* 0x01 byte */ + DB[x++] = 0x01; + + /* message (length = msglen) */ + XMEMCPY(DB + x, msg, msglen); + x += msglen; + + /* now choose a random seed */ + get_random_bytes(seed, hLen); + + /* compute MGF1 of seed (k - hlen - 1) */ + if ((err = + pkcs_1_mgf1(hash, seed, hLen, mask, + modulus_len - hLen - 1)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* xor against DB */ + for (y = 0; y < (modulus_len - hLen - 1); y++) { + DB[y] ^= mask[y]; + } + + /* compute MGF1 of maskedDB (hLen) */ + if ((err = + pkcs_1_mgf1(hash, DB, modulus_len - hLen - 1, mask, + hLen)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* XOR against seed */ + for (y = 0; y < hLen; y++) { + seed[y] ^= mask[y]; + } + + /* create string of length modulus_len */ + if (*outlen < modulus_len) { + *outlen = modulus_len; + err = CRYPT_BUFFER_OVERFLOW; + goto LBL_ERR; + } + + /* start output which is 0x00 || maskedSeed || maskedDB */ + x = 0; + out[x++] = 0x00; + XMEMCPY(out + x, seed, hLen); + x += hLen; + XMEMCPY(out + x, DB, modulus_len - hLen - 1); + x += modulus_len - hLen - 1; + + *outlen = x; + + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(seed, hLen); - zeromem(mask, modulus_len); + zeromem(DB, modulus_len); + zeromem(seed, hLen); + zeromem(mask, modulus_len); #endif - XFREE(seed); - XFREE(mask); - XFREE(DB); + XFREE(seed); + XFREE(mask); + XFREE(DB); - return err; + return err; } #endif /* LTC_PKCS_1 */ - /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c,v $ */ /* $Revision: 1.9 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_os2ip.c b/libtomcrypt/pk/pkcs1/pkcs_1_os2ip.c index 513abb6..87fda40 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_os2ip.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_os2ip.c @@ -25,12 +25,11 @@ */ int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen) { - return mp_read_unsigned_bin(n, in, inlen); + return mp_read_unsigned_bin(n, in, inlen); } #endif /* LTC_PKCS_1 */ - /* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c,v $ */ /* $Revision: 1.7 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c b/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c index 789d12d..2a2b980 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_pss_decode.c LTC_PKCS #1 PSS Signature Padding, Tom St Denis @@ -32,133 +31,140 @@ @return CRYPT_OK if successful (even if the comparison failed) */ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, - const unsigned char *sig, unsigned long siglen, - unsigned long saltlen, const struct algo_properties_st *hash_algo, - unsigned long modulus_bitlen, int *res) + const unsigned char *sig, unsigned long siglen, + unsigned long saltlen, + const struct algo_properties_st *hash_algo, + unsigned long modulus_bitlen, int *res) { - unsigned char *DB, *mask, *salt, *hash; - unsigned long x, y, hLen, modulus_len; - int err; - - LTC_ARGCHK(msghash != NULL); - LTC_ARGCHK(res != NULL); - - /* default to invalid */ - *res = 0; - - /* ensure hash is valid */ - if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { - return err; - } - - hLen = hash_algo->digest_size; - modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); - - /* check sizes */ - if ((saltlen > modulus_len) || - (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt/hash of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - salt = XMALLOC(modulus_len); - hash = XMALLOC(modulus_len); - if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (salt != NULL) { - XFREE(salt); - } - if (hash != NULL) { - XFREE(hash); - } - return CRYPT_MEM; - } - - /* ensure the 0xBC byte */ - if (sig[siglen-1] != 0xBC) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* copy out the DB */ - x = 0; - XMEMCPY(DB, sig + x, modulus_len - hLen - 1); - x += modulus_len - hLen - 1; - - /* copy out the hash */ - XMEMCPY(hash, sig + x, hLen); - x += hLen; - - /* check the MSB */ - if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* generate mask of length modulus_len - hLen - 1 from hash */ - if ((err = pkcs_1_mgf1(hash_algo, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* now clear the first byte [make sure smaller than modulus] */ - DB[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)); - - /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ - - /* check for zeroes and 0x01 */ - for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { - if (DB[x] != 0x00) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - } - - /* check for the 0x01 */ - if (DB[x++] != 0x01) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - zeromem(mask, 8); - - /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ - err = hash_memory_multi(hash_algo, mask, &hLen, mask, (unsigned long)8, msghash, (unsigned long)msghashlen, DB+x, (unsigned long)saltlen, NULL, 0); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - /* mask == hash means valid signature */ - if (XMEMCMP(mask, hash, hLen) == 0) { - *res = 1; - } - - err = CRYPT_OK; + unsigned char *DB, *mask, *salt, *hash; + unsigned long x, y, hLen, modulus_len; + int err; + + LTC_ARGCHK(msghash != NULL); + LTC_ARGCHK(res != NULL); + + /* default to invalid */ + *res = 0; + + /* ensure hash is valid */ + if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { + return err; + } + + hLen = hash_algo->digest_size; + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* check sizes */ + if ((saltlen > modulus_len) || + (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { + return CRYPT_PK_INVALID_SIZE; + } + + /* allocate ram for DB/mask/salt/hash of size modulus_len */ + DB = XMALLOC(modulus_len); + mask = XMALLOC(modulus_len); + salt = XMALLOC(modulus_len); + hash = XMALLOC(modulus_len); + if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { + if (DB != NULL) { + XFREE(DB); + } + if (mask != NULL) { + XFREE(mask); + } + if (salt != NULL) { + XFREE(salt); + } + if (hash != NULL) { + XFREE(hash); + } + return CRYPT_MEM; + } + + /* ensure the 0xBC byte */ + if (sig[siglen - 1] != 0xBC) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + /* copy out the DB */ + x = 0; + XMEMCPY(DB, sig + x, modulus_len - hLen - 1); + x += modulus_len - hLen - 1; + + /* copy out the hash */ + XMEMCPY(hash, sig + x, hLen); + x += hLen; + + /* check the MSB */ + if ((sig[0] & ~(0xFF >> ((modulus_len << 3) - (modulus_bitlen - 1)))) != + 0) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + /* generate mask of length modulus_len - hLen - 1 from hash */ + if ((err = + pkcs_1_mgf1(hash_algo, hash, hLen, mask, + modulus_len - hLen - 1)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* xor against DB */ + for (y = 0; y < (modulus_len - hLen - 1); y++) { + DB[y] ^= mask[y]; + } + + /* now clear the first byte [make sure smaller than modulus] */ + DB[0] &= 0xFF >> ((modulus_len << 3) - (modulus_bitlen - 1)); + + /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ + + /* check for zeroes and 0x01 */ + for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { + if (DB[x] != 0x00) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + } + + /* check for the 0x01 */ + if (DB[x++] != 0x01) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + zeromem(mask, 8); + + /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ + err = + hash_memory_multi(hash_algo, mask, &hLen, mask, (unsigned long)8, + msghash, (unsigned long)msghashlen, DB + x, + (unsigned long)saltlen, NULL, 0); + if (err != CRYPT_OK) { + goto LBL_ERR; + } + + /* mask == hash means valid signature */ + if (XMEMCMP(mask, hash, hLen) == 0) { + *res = 1; + } + + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(mask, modulus_len); - zeromem(salt, modulus_len); - zeromem(hash, modulus_len); + zeromem(DB, modulus_len); + zeromem(mask, modulus_len); + zeromem(salt, modulus_len); + zeromem(hash, modulus_len); #endif - XFREE(hash); - XFREE(salt); - XFREE(mask); - XFREE(DB); + XFREE(hash); + XFREE(salt); + XFREE(mask); + XFREE(DB); - return err; + return err; } #endif /* LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c b/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c index d3ce3d9..a2c6928 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include <ncr-int.h> - /** @file pkcs_1_pss_encode.c LTC_PKCS #1 PSS Signature Padding, Tom St Denis @@ -31,123 +30,128 @@ @return CRYPT_OK if successful */ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, - unsigned long saltlen, const struct algo_properties_st *hash_algo, - unsigned long modulus_bitlen, - unsigned char *out, unsigned long *outlen) + unsigned long saltlen, + const struct algo_properties_st *hash_algo, + unsigned long modulus_bitlen, unsigned char *out, + unsigned long *outlen) { - unsigned char *DB, *mask, *salt, *hash; - unsigned long x, y, hLen, modulus_len; - int err; - - LTC_ARGCHK(msghash != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* ensure hash and PRNG are valid */ - if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { - return err; - } - - hLen = hash_algo->digest_size; - modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); - - /* check sizes */ - if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt/hash of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - salt = XMALLOC(modulus_len); - hash = XMALLOC(modulus_len); - if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (salt != NULL) { - XFREE(salt); - } - if (hash != NULL) { - XFREE(hash); - } - return CRYPT_MEM; - } - - - /* generate random salt */ - if (saltlen > 0) { - get_random_bytes(salt, saltlen); - } - - zeromem(DB, 8); - - /* M = (eight) 0x00 || msghash || salt, hash = H(M) */ - err = hash_memory_multi(hash_algo, hash, &hLen, DB, (unsigned long)8, msghash, (unsigned long)msghashlen, salt, (unsigned long)saltlen, NULL, 0); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - /* generate DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ - x = 0; - XMEMSET(DB + x, 0, modulus_len - saltlen - hLen - 2); - x += modulus_len - saltlen - hLen - 2; - DB[x++] = 0x01; - XMEMCPY(DB + x, salt, saltlen); - x += saltlen; - - /* generate mask of length modulus_len - hLen - 1 from hash */ - if ((err = pkcs_1_mgf1(hash_algo, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* output is DB || hash || 0xBC */ - if (*outlen < modulus_len) { - *outlen = modulus_len; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* DB len = modulus_len - hLen - 1 */ - y = 0; - XMEMCPY(out + y, DB, modulus_len - hLen - 1); - y += modulus_len - hLen - 1; - - /* hash */ - XMEMCPY(out + y, hash, hLen); - y += hLen; - - /* 0xBC */ - out[y] = 0xBC; - - /* now clear the 8*modulus_len - modulus_bitlen most significant bits */ - out[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)); - - /* store output size */ - *outlen = modulus_len; - err = CRYPT_OK; + unsigned char *DB, *mask, *salt, *hash; + unsigned long x, y, hLen, modulus_len; + int err; + + LTC_ARGCHK(msghash != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + + /* ensure hash and PRNG are valid */ + if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { + return err; + } + + hLen = hash_algo->digest_size; + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* check sizes */ + if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2)) { + return CRYPT_PK_INVALID_SIZE; + } + + /* allocate ram for DB/mask/salt/hash of size modulus_len */ + DB = XMALLOC(modulus_len); + mask = XMALLOC(modulus_len); + salt = XMALLOC(modulus_len); + hash = XMALLOC(modulus_len); + if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { + if (DB != NULL) { + XFREE(DB); + } + if (mask != NULL) { + XFREE(mask); + } + if (salt != NULL) { + XFREE(salt); + } + if (hash != NULL) { + XFREE(hash); + } + return CRYPT_MEM; + } + + /* generate random salt */ + if (saltlen > 0) { + get_random_bytes(salt, saltlen); + } + + zeromem(DB, 8); + + /* M = (eight) 0x00 || msghash || salt, hash = H(M) */ + err = + hash_memory_multi(hash_algo, hash, &hLen, DB, (unsigned long)8, + msghash, (unsigned long)msghashlen, salt, + (unsigned long)saltlen, NULL, 0); + if (err != CRYPT_OK) { + goto LBL_ERR; + } + + /* generate DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ + x = 0; + XMEMSET(DB + x, 0, modulus_len - saltlen - hLen - 2); + x += modulus_len - saltlen - hLen - 2; + DB[x++] = 0x01; + XMEMCPY(DB + x, salt, saltlen); + x += saltlen; + + /* generate mask of length modulus_len - hLen - 1 from hash */ + if ((err = + pkcs_1_mgf1(hash_algo, hash, hLen, mask, + modulus_len - hLen - 1)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* xor against DB */ + for (y = 0; y < (modulus_len - hLen - 1); y++) { + DB[y] ^= mask[y]; + } + + /* output is DB || hash || 0xBC */ + if (*outlen < modulus_len) { + *outlen = modulus_len; + err = CRYPT_BUFFER_OVERFLOW; + goto LBL_ERR; + } + + /* DB len = modulus_len - hLen - 1 */ + y = 0; + XMEMCPY(out + y, DB, modulus_len - hLen - 1); + y += modulus_len - hLen - 1; + + /* hash */ + XMEMCPY(out + y, hash, hLen); + y += hLen; + + /* 0xBC */ + out[y] = 0xBC; + + /* now clear the 8*modulus_len - modulus_bitlen most significant bits */ + out[0] &= 0xFF >> ((modulus_len << 3) - (modulus_bitlen - 1)); + + /* store output size */ + *outlen = modulus_len; + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(mask, modulus_len); - zeromem(salt, modulus_len); - zeromem(hash, modulus_len); + zeromem(DB, modulus_len); + zeromem(mask, modulus_len); + zeromem(salt, modulus_len); + zeromem(hash, modulus_len); #endif - XFREE(hash); - XFREE(salt); - XFREE(mask); - XFREE(DB); + XFREE(hash); + XFREE(salt); + XFREE(mask); + XFREE(DB); - return err; + return err; } #endif /* LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_decode.c b/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_decode.c index 1bb08e3..29c4d7b 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_decode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_decode.c @@ -29,79 +29,81 @@ * * @return CRYPT_OK if successful (even if invalid) */ -int pkcs_1_v1_5_decode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - unsigned char *out, - unsigned long *outlen, - int *is_valid) +int pkcs_1_v1_5_decode(const unsigned char *msg, + unsigned long msglen, + int block_type, + unsigned long modulus_bitlen, + unsigned char *out, unsigned long *outlen, int *is_valid) { - unsigned long modulus_len, ps_len, i; - int result; - - /* default to invalid packet */ - *is_valid = 0; - - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test message size */ - - if ((msglen > modulus_len) || (modulus_len < 11)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* separate encoded message */ - - if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) { - result = CRYPT_INVALID_PACKET; - goto bail; - } - - if (block_type == LTC_LTC_PKCS_1_EME) { - for (i = 2; i < modulus_len; i++) { - /* separator */ - if (msg[i] == 0x00) { break; } - } - ps_len = i++ - 2; - - if ((i >= modulus_len) || (ps_len < 8)) { - /* There was no octet with hexadecimal value 0x00 to separate ps from m, - * or the length of ps is less than 8 octets. - */ - result = CRYPT_INVALID_PACKET; - goto bail; - } - } else { - for (i = 2; i < modulus_len - 1; i++) { - if (msg[i] != 0xFF) { break; } - } - - /* separator check */ - if (msg[i] != 0) { - /* There was no octet with hexadecimal value 0x00 to separate ps from m. */ - result = CRYPT_INVALID_PACKET; - goto bail; - } - - ps_len = i - 2; - } - - if (*outlen < (msglen - (2 + ps_len + 1))) { - *outlen = msglen - (2 + ps_len + 1); - result = CRYPT_BUFFER_OVERFLOW; - goto bail; - } - - *outlen = (msglen - (2 + ps_len + 1)); - XMEMCPY(out, &msg[2 + ps_len + 1], *outlen); - - /* valid packet */ - *is_valid = 1; - result = CRYPT_OK; + unsigned long modulus_len, ps_len, i; + int result; + + /* default to invalid packet */ + *is_valid = 0; + + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + + /* test message size */ + + if ((msglen > modulus_len) || (modulus_len < 11)) { + return CRYPT_PK_INVALID_SIZE; + } + + /* separate encoded message */ + + if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) { + result = CRYPT_INVALID_PACKET; + goto bail; + } + + if (block_type == LTC_LTC_PKCS_1_EME) { + for (i = 2; i < modulus_len; i++) { + /* separator */ + if (msg[i] == 0x00) { + break; + } + } + ps_len = i++ - 2; + + if ((i >= modulus_len) || (ps_len < 8)) { + /* There was no octet with hexadecimal value 0x00 to separate ps from m, + * or the length of ps is less than 8 octets. + */ + result = CRYPT_INVALID_PACKET; + goto bail; + } + } else { + for (i = 2; i < modulus_len - 1; i++) { + if (msg[i] != 0xFF) { + break; + } + } + + /* separator check */ + if (msg[i] != 0) { + /* There was no octet with hexadecimal value 0x00 to separate ps from m. */ + result = CRYPT_INVALID_PACKET; + goto bail; + } + + ps_len = i - 2; + } + + if (*outlen < (msglen - (2 + ps_len + 1))) { + *outlen = msglen - (2 + ps_len + 1); + result = CRYPT_BUFFER_OVERFLOW; + goto bail; + } + + *outlen = (msglen - (2 + ps_len + 1)); + XMEMCPY(out, &msg[2 + ps_len + 1], *outlen); + + /* valid packet */ + *is_valid = 1; + result = CRYPT_OK; bail: - return result; -} /* pkcs_1_v1_5_decode */ + return result; +} /* pkcs_1_v1_5_decode */ #endif /* #ifdef LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_encode.c b/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_encode.c index 048fe69..0261b7b 100644 --- a/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_encode.c +++ b/libtomcrypt/pk/pkcs1/pkcs_1_v1_5_encode.c @@ -28,65 +28,64 @@ * * \return CRYPT_OK if successful */ -int pkcs_1_v1_5_encode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - unsigned char *out, - unsigned long *outlen) +int pkcs_1_v1_5_encode(const unsigned char *msg, + unsigned long msglen, + int block_type, + unsigned long modulus_bitlen, + unsigned char *out, unsigned long *outlen) { - unsigned long modulus_len, ps_len, i; - unsigned char *ps; - int result; + unsigned long modulus_len, ps_len, i; + unsigned char *ps; + int result; - /* valid block_type? */ - if ((block_type != LTC_LTC_PKCS_1_EMSA) && - (block_type != LTC_LTC_PKCS_1_EME)) { - return CRYPT_PK_INVALID_PADDING; - } + /* valid block_type? */ + if ((block_type != LTC_LTC_PKCS_1_EMSA) && + (block_type != LTC_LTC_PKCS_1_EME)) { + return CRYPT_PK_INVALID_PADDING; + } - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - /* test message size */ - if ((msglen + 11) > modulus_len) { - return CRYPT_PK_INVALID_SIZE; - } + /* test message size */ + if ((msglen + 11) > modulus_len) { + return CRYPT_PK_INVALID_SIZE; + } - if (*outlen < modulus_len) { - *outlen = modulus_len; - result = CRYPT_BUFFER_OVERFLOW; - goto bail; - } + if (*outlen < modulus_len) { + *outlen = modulus_len; + result = CRYPT_BUFFER_OVERFLOW; + goto bail; + } - /* generate an octets string PS */ - ps = &out[2]; - ps_len = modulus_len - msglen - 3; + /* generate an octets string PS */ + ps = &out[2]; + ps_len = modulus_len - msglen - 3; - if (block_type == LTC_LTC_PKCS_1_EME) { - /* now choose a random ps */ - get_random_bytes(ps, ps_len); + if (block_type == LTC_LTC_PKCS_1_EME) { + /* now choose a random ps */ + get_random_bytes(ps, ps_len); - /* transform zero bytes (if any) to non-zero random bytes */ - for (i = 0; i < ps_len; i++) { - while (ps[i] == 0) { - get_random_bytes(&ps[i], 1); - } - } - } else { - XMEMSET(ps, 0xFF, ps_len); - } + /* transform zero bytes (if any) to non-zero random bytes */ + for (i = 0; i < ps_len; i++) { + while (ps[i] == 0) { + get_random_bytes(&ps[i], 1); + } + } + } else { + XMEMSET(ps, 0xFF, ps_len); + } - /* create string of length modulus_len */ - out[0] = 0x00; - out[1] = (unsigned char)block_type; /* block_type 1 or 2 */ - out[2 + ps_len] = 0x00; - XMEMCPY(&out[2 + ps_len + 1], msg, msglen); - *outlen = modulus_len; + /* create string of length modulus_len */ + out[0] = 0x00; + out[1] = (unsigned char)block_type; /* block_type 1 or 2 */ + out[2 + ps_len] = 0x00; + XMEMCPY(&out[2 + ps_len + 1], msg, msglen); + *outlen = modulus_len; - result = CRYPT_OK; + result = CRYPT_OK; bail: - return result; -} /* pkcs_1_v1_5_encode */ + return result; +} /* pkcs_1_v1_5_encode */ #endif /* #ifdef LTC_PKCS_1 */ diff --git a/libtomcrypt/pk/rsa/rsa_decrypt_key.c b/libtomcrypt/pk/rsa/rsa_decrypt_key.c index 813a765..36573be 100644 --- a/libtomcrypt/pk/rsa/rsa_decrypt_key.c +++ b/libtomcrypt/pk/rsa/rsa_decrypt_key.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include "ncr-int.h" - /** @file rsa_decrypt_key.c RSA LTC_PKCS #1 Decryption, Tom St Denis and Andreas Lange @@ -33,71 +32,75 @@ @param key The corresponding private RSA key @return CRYPT_OK if succcessul (even if invalid) */ -int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - const struct algo_properties_st *hash, int padding, - int *stat, rsa_key *key) +int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + const struct algo_properties_st *hash, int padding, + int *stat, rsa_key * key) { - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; - unsigned char *tmp; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(stat != NULL); - - /* default to invalid */ - *stat = 0; - - /* valid padding? */ - - if ((padding != LTC_LTC_PKCS_1_V1_5) && - (padding != LTC_LTC_PKCS_1_OAEP)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (padding == LTC_LTC_PKCS_1_OAEP) { - /* valid hash ? */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits( (&key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size( (&key->N)); - if (modulus_bytelen != inlen) { - return CRYPT_INVALID_PACKET; - } - - /* allocate ram */ - tmp = XMALLOC(inlen); - if (tmp == NULL) { - return CRYPT_MEM; - } - - /* rsa decode the packet */ - x = inlen; - if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) { - XFREE(tmp); - return err; - } - - if (padding == LTC_LTC_PKCS_1_OAEP) { - /* now OAEP decode the packet */ - err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash, - out, outlen, stat); - } else { - /* now LTC_PKCS #1 v1.5 depad the packet */ - err = pkcs_1_v1_5_decode(tmp, x, LTC_LTC_PKCS_1_EME, modulus_bitlen, out, outlen, stat); - } - - XFREE(tmp); - return err; + unsigned long modulus_bitlen, modulus_bytelen, x; + int err; + unsigned char *tmp; + + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(stat != NULL); + + /* default to invalid */ + *stat = 0; + + /* valid padding? */ + + if ((padding != LTC_LTC_PKCS_1_V1_5) && + (padding != LTC_LTC_PKCS_1_OAEP)) { + return CRYPT_PK_INVALID_PADDING; + } + + if (padding == LTC_LTC_PKCS_1_OAEP) { + /* valid hash ? */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + } + + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((&key->N)); + + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size((&key->N)); + if (modulus_bytelen != inlen) { + return CRYPT_INVALID_PACKET; + } + + /* allocate ram */ + tmp = XMALLOC(inlen); + if (tmp == NULL) { + return CRYPT_MEM; + } + + /* rsa decode the packet */ + x = inlen; + if ((err = + rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) { + XFREE(tmp); + return err; + } + + if (padding == LTC_LTC_PKCS_1_OAEP) { + /* now OAEP decode the packet */ + err = + pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, + modulus_bitlen, hash, out, outlen, stat); + } else { + /* now LTC_PKCS #1 v1.5 depad the packet */ + err = + pkcs_1_v1_5_decode(tmp, x, LTC_LTC_PKCS_1_EME, + modulus_bitlen, out, outlen, stat); + } + + XFREE(tmp); + return err; } #endif /* LTC_MRSA */ diff --git a/libtomcrypt/pk/rsa/rsa_encrypt_key.c b/libtomcrypt/pk/rsa/rsa_encrypt_key.c index 8d3f2db..9367015 100644 --- a/libtomcrypt/pk/rsa/rsa_encrypt_key.c +++ b/libtomcrypt/pk/rsa/rsa_encrypt_key.c @@ -31,62 +31,63 @@ @param key The RSA key to encrypt to @return CRYPT_OK if successful */ -int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - const struct algo_properties_st *hash, int padding, rsa_key *key) +int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + const unsigned char *lparam, unsigned long lparamlen, + const struct algo_properties_st *hash, int padding, + rsa_key * key) { - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; + unsigned long modulus_bitlen, modulus_bytelen, x; + int err; - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); - /* valid padding? */ - if ((padding != LTC_LTC_PKCS_1_V1_5) && - (padding != LTC_LTC_PKCS_1_OAEP)) { - return CRYPT_PK_INVALID_PADDING; - } + /* valid padding? */ + if ((padding != LTC_LTC_PKCS_1_V1_5) && + (padding != LTC_LTC_PKCS_1_OAEP)) { + return CRYPT_PK_INVALID_PADDING; + } - if (padding == LTC_LTC_PKCS_1_OAEP) { - /* valid hash? */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - } + if (padding == LTC_LTC_PKCS_1_OAEP) { + /* valid hash? */ + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + } - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits( (&key->N)); + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((&key->N)); - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size( (&key->N)); - if (modulus_bytelen > *outlen) { - *outlen = modulus_bytelen; - return CRYPT_BUFFER_OVERFLOW; - } + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size((&key->N)); + if (modulus_bytelen > *outlen) { + *outlen = modulus_bytelen; + return CRYPT_BUFFER_OVERFLOW; + } - if (padding == LTC_LTC_PKCS_1_OAEP) { - /* OAEP pad the key */ - x = *outlen; - if ((err = pkcs_1_oaep_encode(in, inlen, lparam, - lparamlen, modulus_bitlen, hash, - out, &x)) != CRYPT_OK) { - return err; - } - } else { - /* LTC_PKCS #1 v1.5 pad the key */ - x = *outlen; - if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_LTC_PKCS_1_EME, - modulus_bitlen, - out, &x)) != CRYPT_OK) { - return err; - } - } + if (padding == LTC_LTC_PKCS_1_OAEP) { + /* OAEP pad the key */ + x = *outlen; + if ((err = pkcs_1_oaep_encode(in, inlen, lparam, + lparamlen, modulus_bitlen, hash, + out, &x)) != CRYPT_OK) { + return err; + } + } else { + /* LTC_PKCS #1 v1.5 pad the key */ + x = *outlen; + if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_LTC_PKCS_1_EME, + modulus_bitlen, + out, &x)) != CRYPT_OK) { + return err; + } + } - /* rsa exptmod the OAEP or LTC_PKCS #1 v1.5 pad */ - return rsa_exptmod(out, x, out, outlen, PK_PUBLIC, key); + /* rsa exptmod the OAEP or LTC_PKCS #1 v1.5 pad */ + return rsa_exptmod(out, x, out, outlen, PK_PUBLIC, key); } #endif /* LTC_MRSA */ diff --git a/libtomcrypt/pk/rsa/rsa_export.c b/libtomcrypt/pk/rsa/rsa_export.c index 21f859c..483af19 100644 --- a/libtomcrypt/pk/rsa/rsa_export.c +++ b/libtomcrypt/pk/rsa/rsa_export.c @@ -14,7 +14,7 @@ /** @file rsa_export.c Export RSA LTC_PKCS keys, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -25,59 +25,64 @@ @param type The type of exported key (PK_PRIVATE or PK_PUBLIC) @param key The RSA key to export @return CRYPT_OK if successful -*/ -int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key) +*/ +int rsa_export(unsigned char *out, unsigned long *outlen, int type, + rsa_key * key) { - unsigned long zero=0; - int err; - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); + unsigned long zero = 0; + int err; + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); - /* type valid? */ - if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) { - return CRYPT_PK_INVALID_TYPE; - } + /* type valid? */ + if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) { + return CRYPT_PK_INVALID_TYPE; + } - if (type == PK_PRIVATE) { - /* private key */ - /* output is - Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p - */ - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_INTEGER, 1UL, &key->d, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->dP, - LTC_ASN1_INTEGER, 1UL, &key->dQ, - LTC_ASN1_INTEGER, 1UL, &key->qP, - LTC_ASN1_EOL, 0UL, NULL); - } else { - unsigned long tmplen = (mp_count_bits(&key->N)/8)*2+8; - unsigned char* tmp = XMALLOC(tmplen); - - if (tmp == NULL) { - return CRYPT_MEM; - } + if (type == PK_PRIVATE) { + /* private key */ + /* output is + Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p + */ + return der_encode_sequence_multi(out, outlen, + LTC_ASN1_SHORT_INTEGER, 1UL, + &zero, LTC_ASN1_INTEGER, 1UL, + &key->N, LTC_ASN1_INTEGER, 1UL, + &key->e, LTC_ASN1_INTEGER, 1UL, + &key->d, LTC_ASN1_INTEGER, 1UL, + &key->p, LTC_ASN1_INTEGER, 1UL, + &key->q, LTC_ASN1_INTEGER, 1UL, + &key->dP, LTC_ASN1_INTEGER, + 1UL, &key->dQ, + LTC_ASN1_INTEGER, 1UL, + &key->qP, LTC_ASN1_EOL, 0UL, + NULL); + } else { + unsigned long tmplen = (mp_count_bits(&key->N) / 8) * 2 + 8; + unsigned char *tmp = XMALLOC(tmplen); - err = der_encode_sequence_multi(tmp, &tmplen, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_EOL, 0UL, NULL); - if (err != CRYPT_OK) { - goto error; - } + if (tmp == NULL) { + return CRYPT_MEM; + } + + err = der_encode_sequence_multi(tmp, &tmplen, + LTC_ASN1_INTEGER, 1UL, &key->N, + LTC_ASN1_INTEGER, 1UL, &key->e, + LTC_ASN1_EOL, 0UL, NULL); + if (err != CRYPT_OK) { + goto error; + } + + err = der_encode_subject_public_key_info(out, outlen, + PKA_RSA, tmp, tmplen, + LTC_ASN1_NULL, NULL, + 0); - err = der_encode_subject_public_key_info(out, outlen, - PKA_RSA, tmp, tmplen, LTC_ASN1_NULL, NULL, 0); - error: - XFREE(tmp); - return err; - } + XFREE(tmp); + return err; + } } #endif /* LTC_MRSA */ diff --git a/libtomcrypt/pk/rsa/rsa_exptmod.c b/libtomcrypt/pk/rsa/rsa_exptmod.c index 35ebfe3..b137f9c 100644 --- a/libtomcrypt/pk/rsa/rsa_exptmod.c +++ b/libtomcrypt/pk/rsa/rsa_exptmod.c @@ -15,7 +15,7 @@ /** @file rsa_exptmod.c RSA LTC_PKCS exptmod, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -28,116 +28,145 @@ @param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC @param key The RSA key to use @return CRYPT_OK if successful -*/ -int rsa_exptmod(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int which, - rsa_key *key) +*/ +int rsa_exptmod(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, int which, + rsa_key * key) { - mp_int tmp, tmpa, tmpb, rnd, rndi /* inverse of rnd */; - unsigned long x; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* is the key of the right type for the operation? */ - if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* must be a private or public operation */ - if (which != PK_PRIVATE && which != PK_PUBLIC) { - return CRYPT_PK_INVALID_TYPE; - } - - /* init and copy into tmp */ - if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL)) != CRYPT_OK) - { return err; } - if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) - { goto error; } - - /* sanity check on the input */ - if (mp_cmp(&key->N, &tmp) == LTC_MP_LT) { - err = CRYPT_PK_INVALID_SIZE; - goto error; - } - - /* are we using the private exponent and is the key optimized? */ - if (which == PK_PRIVATE) { - /* do blinding */ - err = mp_rand(&rnd, mp_count_bits(&key->N)); - if (err != CRYPT_OK) { - goto error; - } - - /* rndi = 1/rnd mod N */ - err = mp_invmod( &rnd, &key->N, &rndi); - if (err != CRYPT_OK) { - goto error; - } - - /* rnd = rnd^e */ - err = mp_exptmod( &rnd, &key->e, &key->N, &rnd); - if (err != CRYPT_OK) { - goto error; - } - - /* tmp = tmp*rnd mod N */ - err = mp_mulmod( &tmp, &rnd, &key->N, &tmp); - if (err != CRYPT_OK) { - goto error; - } - - /* tmpa = tmp^dP mod p */ - if ((err = mp_exptmod(&tmp, &key->dP, &key->p, &tmpa)) != CRYPT_OK) { goto error; } - - /* tmpb = tmp^dQ mod q */ - if ((err = mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb)) != CRYPT_OK) { goto error; } - - /* tmp = (tmpa - tmpb) * qInv (mod p) */ - if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != CRYPT_OK) { goto error; } - - /* tmp = tmpb + q * tmp */ - if ((err = mp_mul(&tmp, &key->q, &tmp)) != CRYPT_OK) { goto error; } - if ((err = mp_add(&tmp, &tmpb, &tmp)) != CRYPT_OK) { goto error; } - - /* unblind */ - err = mp_mulmod( &tmp, &rndi, &key->N, &tmp); - if (err != CRYPT_OK) { - goto error; - } - } else { - /* exptmod it */ - if ((err = mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != CRYPT_OK) { goto error; } - } - - /* read it back */ - x = (unsigned long)mp_unsigned_bin_size(&key->N); - if (x > *outlen) { - *outlen = x; - err = CRYPT_BUFFER_OVERFLOW; - goto error; - } - - /* this should never happen ... */ - if (mp_unsigned_bin_size(&tmp) > mp_unsigned_bin_size(&key->N)) { - err = CRYPT_ERROR; - goto error; - } - *outlen = x; - - /* convert it */ - zeromem(out, x); - if ((err = mp_to_unsigned_bin(&tmp, out+(x-mp_unsigned_bin_size(&tmp)))) != CRYPT_OK) { goto error; } - - /* clean up and return */ - err = CRYPT_OK; + mp_int tmp, tmpa, tmpb, rnd, rndi /* inverse of rnd */ ; + unsigned long x; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* is the key of the right type for the operation? */ + if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) { + return CRYPT_PK_NOT_PRIVATE; + } + + /* must be a private or public operation */ + if (which != PK_PRIVATE && which != PK_PUBLIC) { + return CRYPT_PK_INVALID_TYPE; + } + + /* init and copy into tmp */ + if ((err = + mp_init_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, + NULL)) != CRYPT_OK) { + return err; + } + if ((err = + mp_read_unsigned_bin(&tmp, (unsigned char *)in, + (int)inlen)) != CRYPT_OK) { + goto error; + } + + /* sanity check on the input */ + if (mp_cmp(&key->N, &tmp) == LTC_MP_LT) { + err = CRYPT_PK_INVALID_SIZE; + goto error; + } + + /* are we using the private exponent and is the key optimized? */ + if (which == PK_PRIVATE) { + /* do blinding */ + err = mp_rand(&rnd, mp_count_bits(&key->N)); + if (err != CRYPT_OK) { + goto error; + } + + /* rndi = 1/rnd mod N */ + err = mp_invmod(&rnd, &key->N, &rndi); + if (err != CRYPT_OK) { + goto error; + } + + /* rnd = rnd^e */ + err = mp_exptmod(&rnd, &key->e, &key->N, &rnd); + if (err != CRYPT_OK) { + goto error; + } + + /* tmp = tmp*rnd mod N */ + err = mp_mulmod(&tmp, &rnd, &key->N, &tmp); + if (err != CRYPT_OK) { + goto error; + } + + /* tmpa = tmp^dP mod p */ + if ((err = + mp_exptmod(&tmp, &key->dP, &key->p, &tmpa)) != CRYPT_OK) { + goto error; + } + + /* tmpb = tmp^dQ mod q */ + if ((err = + mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb)) != CRYPT_OK) { + goto error; + } + + /* tmp = (tmpa - tmpb) * qInv (mod p) */ + if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != CRYPT_OK) { + goto error; + } + if ((err = + mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != CRYPT_OK) { + goto error; + } + + /* tmp = tmpb + q * tmp */ + if ((err = mp_mul(&tmp, &key->q, &tmp)) != CRYPT_OK) { + goto error; + } + if ((err = mp_add(&tmp, &tmpb, &tmp)) != CRYPT_OK) { + goto error; + } + + /* unblind */ + err = mp_mulmod(&tmp, &rndi, &key->N, &tmp); + if (err != CRYPT_OK) { + goto error; + } + } else { + /* exptmod it */ + if ((err = + mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != CRYPT_OK) { + goto error; + } + } + + /* read it back */ + x = (unsigned long)mp_unsigned_bin_size(&key->N); + if (x > *outlen) { + *outlen = x; + err = CRYPT_BUFFER_OVERFLOW; + goto error; + } + + /* this should never happen ... */ + if (mp_unsigned_bin_size(&tmp) > mp_unsigned_bin_size(&key->N)) { + err = CRYPT_ERROR; + goto error; + } + *outlen = x; + + /* convert it */ + zeromem(out, x); + if ((err = + mp_to_unsigned_bin(&tmp, + out + (x - mp_unsigned_bin_size(&tmp)))) != + CRYPT_OK) { + goto error; + } + + /* clean up and return */ + err = CRYPT_OK; error: - mp_clear_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL); - return err; + mp_clear_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/rsa/rsa_free.c b/libtomcrypt/pk/rsa/rsa_free.c index d38b266..c4c347f 100644 --- a/libtomcrypt/pk/rsa/rsa_free.c +++ b/libtomcrypt/pk/rsa/rsa_free.c @@ -13,7 +13,7 @@ /** @file rsa_free.c Free an RSA key, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -21,10 +21,11 @@ Free an RSA key from memory @param key The RSA key to free */ -void rsa_free(rsa_key *key) +void rsa_free(rsa_key * key) { - LTC_ARGCHKVD(key != NULL); - mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); + LTC_ARGCHKVD(key != NULL); + mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, + &key->p, &key->q, NULL); } #endif diff --git a/libtomcrypt/pk/rsa/rsa_import.c b/libtomcrypt/pk/rsa/rsa_import.c index 87cb103..de8a103 100644 --- a/libtomcrypt/pk/rsa/rsa_import.c +++ b/libtomcrypt/pk/rsa/rsa_import.c @@ -10,11 +10,10 @@ */ #include "tomcrypt.h" - /** @file rsa_import.c Import a LTC_PKCS RSA key, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -25,104 +24,113 @@ @param key [out] Destination for newly imported key @return CRYPT_OK if successful, upon error allocated memory is freed */ -int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) +int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key * key) { - int err; - mp_int zero; - unsigned char *tmpbuf=NULL; - unsigned long tmpbuf_len; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - - /* init key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, - &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { - return err; - } - - /* see if the OpenSSL DER format RSA public key will work */ - tmpbuf_len = MAX_RSA_SIZE * 8; - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - err = der_decode_subject_public_key_info(in, inlen, - PKA_RSA, tmpbuf, &tmpbuf_len, - LTC_ASN1_NULL, NULL, 0); - - if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ - - /* now it should be SEQUENCE { INTEGER, INTEGER } */ - if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - - XFREE(tmpbuf); - - key->type = PK_PUBLIC; - return CRYPT_OK; - } - - XFREE(tmpbuf); - - /* not SSL public key, try to match against LTC_PKCS #1 standards */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (mp_cmp_d(&key->N, 0) == LTC_MP_EQ) { - if ((err = mp_init(&zero)) != CRYPT_OK) { - goto LBL_ERR; - } - /* it's a private key */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_INTEGER, 1UL, &key->d, - LTC_ASN1_INTEGER, 1UL, &key->p, - LTC_ASN1_INTEGER, 1UL, &key->q, - LTC_ASN1_INTEGER, 1UL, &key->dP, - LTC_ASN1_INTEGER, 1UL, &key->dQ, - LTC_ASN1_INTEGER, 1UL, &key->qP, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - mp_clear(&zero); - goto LBL_ERR; - } - mp_clear(&zero); - key->type = PK_PRIVATE; - } else if (mp_cmp_d(&key->N, 1) == LTC_MP_EQ) { - /* we don't support multi-prime RSA */ - err = CRYPT_PK_INVALID_TYPE; - goto LBL_ERR; - } else { - /* it's a public key and we lack e */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, &key->N, - LTC_ASN1_INTEGER, 1UL, &key->e, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - key->type = PK_PUBLIC; - } - return CRYPT_OK; + int err; + mp_int zero; + unsigned char *tmpbuf = NULL; + unsigned long tmpbuf_len; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(key != NULL); + + /* init key */ + if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, + &key->dP, &key->qP, &key->p, &key->q, + NULL)) != CRYPT_OK) { + return err; + } + + /* see if the OpenSSL DER format RSA public key will work */ + tmpbuf_len = MAX_RSA_SIZE * 8; + tmpbuf = XCALLOC(1, tmpbuf_len); + if (tmpbuf == NULL) { + err = CRYPT_MEM; + goto LBL_ERR; + } + + err = der_decode_subject_public_key_info(in, inlen, + PKA_RSA, tmpbuf, &tmpbuf_len, + LTC_ASN1_NULL, NULL, 0); + + if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ + + /* now it should be SEQUENCE { INTEGER, INTEGER } */ + if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, + LTC_ASN1_INTEGER, 1UL, + &key->N, LTC_ASN1_INTEGER, + 1UL, &key->e, LTC_ASN1_EOL, + 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + XFREE(tmpbuf); + + key->type = PK_PUBLIC; + return CRYPT_OK; + } + + XFREE(tmpbuf); + + /* not SSL public key, try to match against LTC_PKCS #1 standards */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, &key->N, + LTC_ASN1_EOL, 0UL, + NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + if (mp_cmp_d(&key->N, 0) == LTC_MP_EQ) { + if ((err = mp_init(&zero)) != CRYPT_OK) { + goto LBL_ERR; + } + /* it's a private key */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, + &zero, LTC_ASN1_INTEGER, + 1UL, &key->N, + LTC_ASN1_INTEGER, 1UL, + &key->e, LTC_ASN1_INTEGER, + 1UL, &key->d, + LTC_ASN1_INTEGER, 1UL, + &key->p, LTC_ASN1_INTEGER, + 1UL, &key->q, + LTC_ASN1_INTEGER, 1UL, + &key->dP, LTC_ASN1_INTEGER, + 1UL, &key->dQ, + LTC_ASN1_INTEGER, 1UL, + &key->qP, LTC_ASN1_EOL, + 0UL, NULL)) != CRYPT_OK) { + mp_clear(&zero); + goto LBL_ERR; + } + mp_clear(&zero); + key->type = PK_PRIVATE; + } else if (mp_cmp_d(&key->N, 1) == LTC_MP_EQ) { + /* we don't support multi-prime RSA */ + err = CRYPT_PK_INVALID_TYPE; + goto LBL_ERR; + } else { + /* it's a public key and we lack e */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, + &key->N, LTC_ASN1_INTEGER, + 1UL, &key->e, LTC_ASN1_EOL, + 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + key->type = PK_PUBLIC; + } + return CRYPT_OK; LBL_ERR: - XFREE(tmpbuf); - mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); - return err; + XFREE(tmpbuf); + mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, + &key->p, &key->q, NULL); + return err; } #endif /* LTC_MRSA */ - /* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_import.c,v $ */ /* $Revision: 1.23 $ */ /* $Date: 2007/05/12 14:32:35 $ */ diff --git a/libtomcrypt/pk/rsa/rsa_make_key.c b/libtomcrypt/pk/rsa/rsa_make_key.c index 6718f09..204f9c5 100644 --- a/libtomcrypt/pk/rsa/rsa_make_key.c +++ b/libtomcrypt/pk/rsa/rsa_make_key.c @@ -13,7 +13,7 @@ /** @file rsa_make_key.c RSA key generation, Tom St Denis -*/ +*/ #ifdef LTC_MRSA @@ -24,78 +24,124 @@ @param key [out] Destination of a newly created private key pair @return CRYPT_OK if successful, upon error all allocated ram is freed */ -int rsa_make_key(int size, long e, rsa_key *key) +int rsa_make_key(int size, long e, rsa_key * key) { - mp_int p, q, tmp1, tmp2, tmp3; - int err; - - LTC_ARGCHK(key != NULL); - - if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) { - return CRYPT_INVALID_KEYSIZE; - } - - if ((e < 3) || ((e & 1) == 0)) { - return CRYPT_INVALID_ARG; - } - - if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) { - return err; - } - - /* make primes p and q (optimization provided by Wayne Scott) */ - if ((err = mp_set_int(&tmp3, e)) != CRYPT_OK) { goto cleanup; } /* tmp3 = e */ - - /* make prime "p" */ - do { - if ((err = rand_prime( &p, size/2)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub_d( &p, 1, &tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = p-1 */ - if ((err = mp_gcd( &tmp1, &tmp3, &tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(p-1, e) */ - } while (mp_cmp_d( &tmp2, 1) != 0); /* while e divides p-1 */ - - /* make prime "q" */ - do { - if ((err = rand_prime( &q, size/2)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub_d( &q, 1, &tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = q-1 */ - if ((err = mp_gcd( &tmp1, &tmp3, &tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(q-1, e) */ - } while (mp_cmp_d( &tmp2, 1) != 0); /* while e divides q-1 */ - - /* tmp1 = lcm(p-1, q-1) */ - if ((err = mp_sub_d( &p, 1, &tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = p-1 */ - /* tmp1 = q-1 (previous do/while loop) */ - if ((err = mp_lcm( &tmp1, &tmp2, &tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = lcm(p-1, q-1) */ - - /* make key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { - goto cleanup; - } - - if ((err = mp_set_int( &key->e, e)) != CRYPT_OK) { goto errkey; } /* key->e = e */ - if ((err = mp_invmod( &key->e, &tmp1, &key->d)) != CRYPT_OK) { goto errkey; } /* key->d = 1/e mod lcm(p-1,q-1) */ - if ((err = mp_mul( &p, &q, &key->N)) != CRYPT_OK) { goto errkey; } /* key->N = pq */ - - /* optimize for CRT now */ - /* find d mod q-1 and d mod p-1 */ - if ((err = mp_sub_d( &p, 1, &tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */ - if ((err = mp_sub_d( &q, 1, &tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */ - if ((err = mp_mod( &key->d, &tmp1, &key->dP)) != CRYPT_OK) { goto errkey; } /* dP = d mod p-1 */ - if ((err = mp_mod( &key->d, &tmp2, &key->dQ)) != CRYPT_OK) { goto errkey; } /* dQ = d mod q-1 */ - if ((err = mp_invmod( &q, &p, &key->qP)) != CRYPT_OK) { goto errkey; } /* qP = 1/q mod p */ - - if ((err = mp_copy( &p, &key->p)) != CRYPT_OK) { goto errkey; } - if ((err = mp_copy( &q, &key->q)) != CRYPT_OK) { goto errkey; } - - /* set key type (in this case it's CRT optimized) */ - key->type = PK_PRIVATE; - - /* return ok and free temps */ - err = CRYPT_OK; - goto cleanup; + mp_int p, q, tmp1, tmp2, tmp3; + int err; + + LTC_ARGCHK(key != NULL); + + if ((size < (MIN_RSA_SIZE / 8)) || (size > (MAX_RSA_SIZE / 8))) { + return CRYPT_INVALID_KEYSIZE; + } + + if ((e < 3) || ((e & 1) == 0)) { + return CRYPT_INVALID_ARG; + } + + if ((err = + mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) { + return err; + } + + /* make primes p and q (optimization provided by Wayne Scott) */ + if ((err = mp_set_int(&tmp3, e)) != CRYPT_OK) { + goto cleanup; + } + + /* tmp3 = e */ + /* make prime "p" */ + do { + if ((err = rand_prime(&p, size / 2)) != CRYPT_OK) { + goto cleanup; + } + if ((err = mp_sub_d(&p, 1, &tmp1)) != CRYPT_OK) { + goto cleanup; + } /* tmp1 = p-1 */ + if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != CRYPT_OK) { + goto cleanup; + } /* tmp2 = gcd(p-1, e) */ + } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides p-1 */ + + /* make prime "q" */ + do { + if ((err = rand_prime(&q, size / 2)) != CRYPT_OK) { + goto cleanup; + } + if ((err = mp_sub_d(&q, 1, &tmp1)) != CRYPT_OK) { + goto cleanup; + } /* tmp1 = q-1 */ + if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != CRYPT_OK) { + goto cleanup; + } /* tmp2 = gcd(q-1, e) */ + } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides q-1 */ + + /* tmp1 = lcm(p-1, q-1) */ + if ((err = mp_sub_d(&p, 1, &tmp2)) != CRYPT_OK) { + goto cleanup; + } + /* tmp2 = p-1 */ + /* tmp1 = q-1 (previous do/while loop) */ + if ((err = mp_lcm(&tmp1, &tmp2, &tmp1)) != CRYPT_OK) { + goto cleanup; + } + + /* tmp1 = lcm(p-1, q-1) */ + /* make key */ + if ((err = + mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, + &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = mp_set_int(&key->e, e)) != CRYPT_OK) { + goto errkey; + } /* key->e = e */ + if ((err = mp_invmod(&key->e, &tmp1, &key->d)) != CRYPT_OK) { + goto errkey; + } /* key->d = 1/e mod lcm(p-1,q-1) */ + if ((err = mp_mul(&p, &q, &key->N)) != CRYPT_OK) { + goto errkey; + } + + /* key->N = pq */ + /* optimize for CRT now */ + /* find d mod q-1 and d mod p-1 */ + if ((err = mp_sub_d(&p, 1, &tmp1)) != CRYPT_OK) { + goto errkey; + } /* tmp1 = q-1 */ + if ((err = mp_sub_d(&q, 1, &tmp2)) != CRYPT_OK) { + goto errkey; + } /* tmp2 = p-1 */ + if ((err = mp_mod(&key->d, &tmp1, &key->dP)) != CRYPT_OK) { + goto errkey; + } /* dP = d mod p-1 */ + if ((err = mp_mod(&key->d, &tmp2, &key->dQ)) != CRYPT_OK) { + goto errkey; + } /* dQ = d mod q-1 */ + if ((err = mp_invmod(&q, &p, &key->qP)) != CRYPT_OK) { + goto errkey; + } + /* qP = 1/q mod p */ + if ((err = mp_copy(&p, &key->p)) != CRYPT_OK) { + goto errkey; + } + if ((err = mp_copy(&q, &key->q)) != CRYPT_OK) { + goto errkey; + } + + /* set key type (in this case it's CRT optimized) */ + key->type = PK_PRIVATE; + + /* return ok and free temps */ + err = CRYPT_OK; + goto cleanup; errkey: - mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); + mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->qP, + &key->p, &key->q, NULL); cleanup: - mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL); - return err; + mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL); + return err; } #endif diff --git a/libtomcrypt/pk/rsa/rsa_sign_hash.c b/libtomcrypt/pk/rsa/rsa_sign_hash.c index faf13d2..a0c993d 100644 --- a/libtomcrypt/pk/rsa/rsa_sign_hash.c +++ b/libtomcrypt/pk/rsa/rsa_sign_hash.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include "ncr-int.h" - /** @file rsa_sign_hash.c RSA LTC_PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange @@ -31,96 +30,99 @@ @param key The private RSA key to use @return CRYPT_OK if successful */ -int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - int padding, - const struct algo_properties_st *hash, unsigned long saltlen, - rsa_key *key) +int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + int padding, + const struct algo_properties_st *hash, + unsigned long saltlen, rsa_key * key) { - unsigned long modulus_bitlen, modulus_bytelen, x, y; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* valid padding? */ - if ((padding != LTC_LTC_PKCS_1_V1_5) && (padding != LTC_LTC_PKCS_1_PSS)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (padding == LTC_LTC_PKCS_1_PSS) { - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits((&key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size((&key->N)); - if (modulus_bytelen > *outlen) { - *outlen = modulus_bytelen; - return CRYPT_BUFFER_OVERFLOW; - } - - if (padding == LTC_LTC_PKCS_1_PSS) { - /* PSS pad the key */ - x = *outlen; - if ((err = pkcs_1_pss_encode(in, inlen, saltlen, - hash, modulus_bitlen, out, &x)) != CRYPT_OK) { - return err; - } - } else { - /* LTC_PKCS #1 v1.5 pad the hash */ - unsigned char *tmpin; - ltc_asn1_list digestinfo[2], siginfo[2]; - oid_st st; - - /* not all hashes have OIDs... so sad */ - if (hash_get_oid(hash, &st) != CRYPT_OK) { - return CRYPT_INVALID_ARG; - } - - /* construct the SEQUENCE - SEQUENCE { - SEQUENCE {hashoid OID - blah NULL - } - hash OCTET STRING - } - */ - LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, st.OID, st.OIDlen); - LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); - LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); - LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen); - - /* allocate memory for the encoding */ - y = mp_unsigned_bin_size(&key->N); - tmpin = XMALLOC(y); - if (tmpin == NULL) { - return CRYPT_MEM; - } - - if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) { - XFREE(tmpin); - return err; - } - - x = *outlen; - if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_LTC_PKCS_1_EMSA, - modulus_bitlen, - out, &x)) != CRYPT_OK) { - XFREE(tmpin); - return err; - } - XFREE(tmpin); - } - - /* RSA encode it */ - return rsa_exptmod(out, x, out, outlen, PK_PRIVATE, key); + unsigned long modulus_bitlen, modulus_bytelen, x, y; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + + /* valid padding? */ + if ((padding != LTC_LTC_PKCS_1_V1_5) && (padding != LTC_LTC_PKCS_1_PSS)) { + return CRYPT_PK_INVALID_PADDING; + } + + if (padding == LTC_LTC_PKCS_1_PSS) { + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; + } + } + + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((&key->N)); + + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size((&key->N)); + if (modulus_bytelen > *outlen) { + *outlen = modulus_bytelen; + return CRYPT_BUFFER_OVERFLOW; + } + + if (padding == LTC_LTC_PKCS_1_PSS) { + /* PSS pad the key */ + x = *outlen; + if ((err = pkcs_1_pss_encode(in, inlen, saltlen, + hash, modulus_bitlen, out, + &x)) != CRYPT_OK) { + return err; + } + } else { + /* LTC_PKCS #1 v1.5 pad the hash */ + unsigned char *tmpin; + ltc_asn1_list digestinfo[2], siginfo[2]; + oid_st st; + + /* not all hashes have OIDs... so sad */ + if (hash_get_oid(hash, &st) != CRYPT_OK) { + return CRYPT_INVALID_ARG; + } + + /* construct the SEQUENCE + SEQUENCE { + SEQUENCE {hashoid OID + blah NULL + } + hash OCTET STRING + } + */ + LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, st.OID, + st.OIDlen); + LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); + LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); + LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen); + + /* allocate memory for the encoding */ + y = mp_unsigned_bin_size(&key->N); + tmpin = XMALLOC(y); + if (tmpin == NULL) { + return CRYPT_MEM; + } + + if ((err = + der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) { + XFREE(tmpin); + return err; + } + + x = *outlen; + if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_LTC_PKCS_1_EMSA, + modulus_bitlen, + out, &x)) != CRYPT_OK) { + XFREE(tmpin); + return err; + } + XFREE(tmpin); + } + + /* RSA encode it */ + return rsa_exptmod(out, x, out, outlen, PK_PRIVATE, key); } #endif /* LTC_MRSA */ diff --git a/libtomcrypt/pk/rsa/rsa_verify_hash.c b/libtomcrypt/pk/rsa/rsa_verify_hash.c index 803b7cd..cb250cc 100644 --- a/libtomcrypt/pk/rsa/rsa_verify_hash.c +++ b/libtomcrypt/pk/rsa/rsa_verify_hash.c @@ -11,7 +11,6 @@ #include "tomcrypt.h" #include "ncr-int.h" - /** @file rsa_verify_hash.c RSA LTC_PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange @@ -32,135 +31,146 @@ @param key The public RSA key corresponding to the key that performed the signature @return CRYPT_OK on success (even if the signature is invalid) */ -int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int padding, - const struct algo_properties_st *hash_algo, unsigned long saltlen, - int *stat, rsa_key *key) +int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int padding, + const struct algo_properties_st *hash_algo, + unsigned long saltlen, int *stat, rsa_key * key) { - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; - unsigned char *tmpbuf; - - LTC_ARGCHK(hash != NULL); - LTC_ARGCHK(sig != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* default to invalid */ - *stat = 0; - - /* valid padding? */ - - if ((padding != LTC_LTC_PKCS_1_V1_5) && - (padding != LTC_LTC_PKCS_1_PSS)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (padding == LTC_LTC_PKCS_1_PSS) { - /* valid hash ? */ - if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits( (&key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size( (&key->N)); - if (modulus_bytelen != siglen) { - return CRYPT_INVALID_PACKET; - } - - /* allocate temp buffer for decoded sig */ - tmpbuf = XMALLOC(siglen); - if (tmpbuf == NULL) { - return CRYPT_MEM; - } - - /* RSA decode it */ - x = siglen; - if ((err = rsa_exptmod(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) { - XFREE(tmpbuf); - return err; - } - - /* make sure the output is the right size */ - if (x != siglen) { - XFREE(tmpbuf); - return CRYPT_INVALID_PACKET; - } - - if (padding == LTC_LTC_PKCS_1_PSS) { - /* PSS decode and verify it */ - err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_algo, modulus_bitlen, stat); - } else { - /* LTC_PKCS #1 v1.5 decode it */ - unsigned char *out; - unsigned long outlen, loid[16]; - int decoded; - ltc_asn1_list digestinfo[2], siginfo[2]; - oid_st st; - - /* not all hashes have OIDs... so sad */ - if (hash_get_oid(hash_algo, &st) != CRYPT_OK) { - err = CRYPT_INVALID_ARG; - goto bail_2; - } - - /* allocate temp buffer for decoded hash */ - outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3; - out = XMALLOC(outlen); - if (out == NULL) { - err = CRYPT_MEM; - goto bail_2; - } - - if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) { - XFREE(out); - goto bail_2; - } - - /* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */ - /* construct the SEQUENCE - SEQUENCE { - SEQUENCE {hashoid OID - blah NULL - } - hash OCTET STRING - } - */ - LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0])); - LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); - LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); - LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen); - - if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) { - XFREE(out); - goto bail_2; - } - - /* test OID */ - if ((digestinfo[0].size == st.OIDlen) && - (XMEMCMP(digestinfo[0].data, st.OID, sizeof(unsigned long) * st.OIDlen) == 0) && - (siginfo[1].size == hashlen) && - (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) { - *stat = 1; - } - + unsigned long modulus_bitlen, modulus_bytelen, x; + int err; + unsigned char *tmpbuf; + + LTC_ARGCHK(hash != NULL); + LTC_ARGCHK(sig != NULL); + LTC_ARGCHK(stat != NULL); + LTC_ARGCHK(key != NULL); + + /* default to invalid */ + *stat = 0; + + /* valid padding? */ + + if ((padding != LTC_LTC_PKCS_1_V1_5) && (padding != LTC_LTC_PKCS_1_PSS)) { + return CRYPT_PK_INVALID_PADDING; + } + + if (padding == LTC_LTC_PKCS_1_PSS) { + /* valid hash ? */ + if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) { + return err; + } + } + + /* get modulus len in bits */ + modulus_bitlen = mp_count_bits((&key->N)); + + /* outlen must be at least the size of the modulus */ + modulus_bytelen = mp_unsigned_bin_size((&key->N)); + if (modulus_bytelen != siglen) { + return CRYPT_INVALID_PACKET; + } + + /* allocate temp buffer for decoded sig */ + tmpbuf = XMALLOC(siglen); + if (tmpbuf == NULL) { + return CRYPT_MEM; + } + + /* RSA decode it */ + x = siglen; + if ((err = + rsa_exptmod(sig, siglen, tmpbuf, &x, PK_PUBLIC, + key)) != CRYPT_OK) { + XFREE(tmpbuf); + return err; + } + + /* make sure the output is the right size */ + if (x != siglen) { + XFREE(tmpbuf); + return CRYPT_INVALID_PACKET; + } + + if (padding == LTC_LTC_PKCS_1_PSS) { + /* PSS decode and verify it */ + err = + pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, + hash_algo, modulus_bitlen, stat); + } else { + /* LTC_PKCS #1 v1.5 decode it */ + unsigned char *out; + unsigned long outlen, loid[16]; + int decoded; + ltc_asn1_list digestinfo[2], siginfo[2]; + oid_st st; + + /* not all hashes have OIDs... so sad */ + if (hash_get_oid(hash_algo, &st) != CRYPT_OK) { + err = CRYPT_INVALID_ARG; + goto bail_2; + } + + /* allocate temp buffer for decoded hash */ + outlen = + ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3; + out = XMALLOC(outlen); + if (out == NULL) { + err = CRYPT_MEM; + goto bail_2; + } + + if ((err = + pkcs_1_v1_5_decode(tmpbuf, x, LTC_LTC_PKCS_1_EMSA, + modulus_bitlen, out, &outlen, + &decoded)) != CRYPT_OK) { + XFREE(out); + goto bail_2; + } + + /* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */ + /* construct the SEQUENCE + SEQUENCE { + SEQUENCE {hashoid OID + blah NULL + } + hash OCTET STRING + } + */ + LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, + sizeof(loid) / sizeof(loid[0])); + LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); + LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); + LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen); + + if ((err = + der_decode_sequence(out, outlen, siginfo, + 2)) != CRYPT_OK) { + XFREE(out); + goto bail_2; + } + + /* test OID */ + if ((digestinfo[0].size == st.OIDlen) && + (XMEMCMP + (digestinfo[0].data, st.OID, + sizeof(unsigned long) * st.OIDlen) == 0) + && (siginfo[1].size == hashlen) + && (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) { + *stat = 1; + } #ifdef LTC_CLEAN_STACK - zeromem(out, outlen); + zeromem(out, outlen); #endif - XFREE(out); - } + XFREE(out); + } bail_2: #ifdef LTC_CLEAN_STACK - zeromem(tmpbuf, siglen); + zeromem(tmpbuf, siglen); #endif - XFREE(tmpbuf); - return err; + XFREE(tmpbuf); + return err; } #endif /* LTC_MRSA */ |