summaryrefslogtreecommitdiffstats
path: root/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c
diff options
context:
space:
mode:
Diffstat (limited to 'libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c')
-rw-r--r--libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c250
1 files changed, 128 insertions, 122 deletions
diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c b/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c
index 789d12d..2a2b980 100644
--- a/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c
+++ b/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c
@@ -11,7 +11,6 @@
#include "tomcrypt.h"
#include <ncr-int.h>
-
/**
@file pkcs_1_pss_decode.c
LTC_PKCS #1 PSS Signature Padding, Tom St Denis
@@ -32,133 +31,140 @@
@return CRYPT_OK if successful (even if the comparison failed)
*/
int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
- const unsigned char *sig, unsigned long siglen,
- unsigned long saltlen, const struct algo_properties_st *hash_algo,
- unsigned long modulus_bitlen, int *res)
+ const unsigned char *sig, unsigned long siglen,
+ unsigned long saltlen,
+ const struct algo_properties_st *hash_algo,
+ unsigned long modulus_bitlen, int *res)
{
- unsigned char *DB, *mask, *salt, *hash;
- unsigned long x, y, hLen, modulus_len;
- int err;
-
- LTC_ARGCHK(msghash != NULL);
- LTC_ARGCHK(res != NULL);
-
- /* default to invalid */
- *res = 0;
-
- /* ensure hash is valid */
- if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) {
- return err;
- }
-
- hLen = hash_algo->digest_size;
- modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0);
-
- /* check sizes */
- if ((saltlen > modulus_len) ||
- (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) {
- return CRYPT_PK_INVALID_SIZE;
- }
-
- /* allocate ram for DB/mask/salt/hash of size modulus_len */
- DB = XMALLOC(modulus_len);
- mask = XMALLOC(modulus_len);
- salt = XMALLOC(modulus_len);
- hash = XMALLOC(modulus_len);
- if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) {
- if (DB != NULL) {
- XFREE(DB);
- }
- if (mask != NULL) {
- XFREE(mask);
- }
- if (salt != NULL) {
- XFREE(salt);
- }
- if (hash != NULL) {
- XFREE(hash);
- }
- return CRYPT_MEM;
- }
-
- /* ensure the 0xBC byte */
- if (sig[siglen-1] != 0xBC) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- }
-
- /* copy out the DB */
- x = 0;
- XMEMCPY(DB, sig + x, modulus_len - hLen - 1);
- x += modulus_len - hLen - 1;
-
- /* copy out the hash */
- XMEMCPY(hash, sig + x, hLen);
- x += hLen;
-
- /* check the MSB */
- if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- }
-
- /* generate mask of length modulus_len - hLen - 1 from hash */
- if ((err = pkcs_1_mgf1(hash_algo, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* xor against DB */
- for (y = 0; y < (modulus_len - hLen - 1); y++) {
- DB[y] ^= mask[y];
- }
-
- /* now clear the first byte [make sure smaller than modulus] */
- DB[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen-1));
-
- /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */
-
- /* check for zeroes and 0x01 */
- for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) {
- if (DB[x] != 0x00) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- }
- }
-
- /* check for the 0x01 */
- if (DB[x++] != 0x01) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- }
-
- zeromem(mask, 8);
-
- /* M = (eight) 0x00 || msghash || salt, mask = H(M) */
- err = hash_memory_multi(hash_algo, mask, &hLen, mask, (unsigned long)8, msghash, (unsigned long)msghashlen, DB+x, (unsigned long)saltlen, NULL, 0);
- if (err != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* mask == hash means valid signature */
- if (XMEMCMP(mask, hash, hLen) == 0) {
- *res = 1;
- }
-
- err = CRYPT_OK;
+ unsigned char *DB, *mask, *salt, *hash;
+ unsigned long x, y, hLen, modulus_len;
+ int err;
+
+ LTC_ARGCHK(msghash != NULL);
+ LTC_ARGCHK(res != NULL);
+
+ /* default to invalid */
+ *res = 0;
+
+ /* ensure hash is valid */
+ if ((err = hash_is_valid(hash_algo)) != CRYPT_OK) {
+ return err;
+ }
+
+ hLen = hash_algo->digest_size;
+ modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
+
+ /* check sizes */
+ if ((saltlen > modulus_len) ||
+ (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) {
+ return CRYPT_PK_INVALID_SIZE;
+ }
+
+ /* allocate ram for DB/mask/salt/hash of size modulus_len */
+ DB = XMALLOC(modulus_len);
+ mask = XMALLOC(modulus_len);
+ salt = XMALLOC(modulus_len);
+ hash = XMALLOC(modulus_len);
+ if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) {
+ if (DB != NULL) {
+ XFREE(DB);
+ }
+ if (mask != NULL) {
+ XFREE(mask);
+ }
+ if (salt != NULL) {
+ XFREE(salt);
+ }
+ if (hash != NULL) {
+ XFREE(hash);
+ }
+ return CRYPT_MEM;
+ }
+
+ /* ensure the 0xBC byte */
+ if (sig[siglen - 1] != 0xBC) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+
+ /* copy out the DB */
+ x = 0;
+ XMEMCPY(DB, sig + x, modulus_len - hLen - 1);
+ x += modulus_len - hLen - 1;
+
+ /* copy out the hash */
+ XMEMCPY(hash, sig + x, hLen);
+ x += hLen;
+
+ /* check the MSB */
+ if ((sig[0] & ~(0xFF >> ((modulus_len << 3) - (modulus_bitlen - 1)))) !=
+ 0) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+
+ /* generate mask of length modulus_len - hLen - 1 from hash */
+ if ((err =
+ pkcs_1_mgf1(hash_algo, hash, hLen, mask,
+ modulus_len - hLen - 1)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* xor against DB */
+ for (y = 0; y < (modulus_len - hLen - 1); y++) {
+ DB[y] ^= mask[y];
+ }
+
+ /* now clear the first byte [make sure smaller than modulus] */
+ DB[0] &= 0xFF >> ((modulus_len << 3) - (modulus_bitlen - 1));
+
+ /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */
+
+ /* check for zeroes and 0x01 */
+ for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) {
+ if (DB[x] != 0x00) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+ }
+
+ /* check for the 0x01 */
+ if (DB[x++] != 0x01) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+
+ zeromem(mask, 8);
+
+ /* M = (eight) 0x00 || msghash || salt, mask = H(M) */
+ err =
+ hash_memory_multi(hash_algo, mask, &hLen, mask, (unsigned long)8,
+ msghash, (unsigned long)msghashlen, DB + x,
+ (unsigned long)saltlen, NULL, 0);
+ if (err != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* mask == hash means valid signature */
+ if (XMEMCMP(mask, hash, hLen) == 0) {
+ *res = 1;
+ }
+
+ err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
- zeromem(DB, modulus_len);
- zeromem(mask, modulus_len);
- zeromem(salt, modulus_len);
- zeromem(hash, modulus_len);
+ zeromem(DB, modulus_len);
+ zeromem(mask, modulus_len);
+ zeromem(salt, modulus_len);
+ zeromem(hash, modulus_len);
#endif
- XFREE(hash);
- XFREE(salt);
- XFREE(mask);
- XFREE(DB);
+ XFREE(hash);
+ XFREE(salt);
+ XFREE(mask);
+ XFREE(DB);
- return err;
+ return err;
}
#endif /* LTC_PKCS_1 */
generated by cgit (git 2.34.1) at 2024-05-06 04:40:58 +0000