1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
#include "tomcrypt.h"
#include "ncr-int.h"
#include <linux/slab.h>
/**
@file rsa_sign_hash.c
RSA LTC_PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange
*/
#ifdef LTC_MRSA
/**
LTC_PKCS #1 pad then sign
@param in The hash to sign
@param inlen The length of the hash to sign (octets)
@param out [out] The signature
@param outlen [in/out] The max size and resulting size of the signature
@param padding Type of padding (LTC_LTC_PKCS_1_PSS or LTC_LTC_PKCS_1_V1_5)
@param hash The desired hash
@param saltlen The length of the salt desired (octets)
@param key The private RSA key to use
@return CRYPT_OK if successful
*/
int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
int padding,
const struct algo_properties_st *hash, unsigned long saltlen,
rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x, y;
int err;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
/* valid padding? */
if ((padding != LTC_LTC_PKCS_1_V1_5) && (padding != LTC_LTC_PKCS_1_PSS)) {
return CRYPT_PK_INVALID_PADDING;
}
if (padding == LTC_LTC_PKCS_1_PSS) {
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits((&key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size((&key->N));
if (modulus_bytelen > *outlen) {
*outlen = modulus_bytelen;
return CRYPT_BUFFER_OVERFLOW;
}
if (padding == LTC_LTC_PKCS_1_PSS) {
/* PSS pad the key */
x = *outlen;
if ((err = pkcs_1_pss_encode(in, inlen, saltlen,
hash, modulus_bitlen, out, &x)) != CRYPT_OK) {
return err;
}
} else {
/* LTC_PKCS #1 v1.5 pad the hash */
unsigned char *tmpin;
ltc_asn1_list digestinfo[2], siginfo[2];
oid_st st;
/* not all hashes have OIDs... so sad */
if (hash_get_oid(hash, &st) != CRYPT_OK) {
return CRYPT_INVALID_ARG;
}
/* construct the SEQUENCE
SEQUENCE {
SEQUENCE {hashoid OID
blah NULL
}
hash OCTET STRING
}
*/
LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, st.OID, st.OIDlen);
LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen);
/* allocate memory for the encoding */
y = mp_unsigned_bin_size(&key->N);
tmpin = XMALLOC(y);
if (tmpin == NULL) {
return CRYPT_MEM;
}
if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) {
XFREE(tmpin);
return err;
}
x = *outlen;
if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_LTC_PKCS_1_EMSA,
modulus_bitlen,
out, &x)) != CRYPT_OK) {
XFREE(tmpin);
return err;
}
XFREE(tmpin);
}
/* RSA encode it */
return rsa_exptmod(out, x, out, outlen, PK_PRIVATE, key);
}
#endif /* LTC_MRSA */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_sign_hash.c,v $ */
/* $Revision: 1.11 $ */
/* $Date: 2007/05/12 14:32:35 $ */
|