This commit was manufactured by cvs2svn to create branch

'OpenSSL_0_9_8-stable'.
2005-05-28 20:44:38 +00:00 · 2005-05-28 20:44:38 +00:00 · 5cd94f9e9d
commit 5cd94f9e9d
parent cad811fc41 429168e7ee
2 changed files with 395 additions and 0 deletions
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@ -0,0 +1,220 @@
 /* rsa_pss.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 2005.
 */
 /* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 const static unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
 int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
 			const EVP_MD *Hash, const unsigned char *EM, int sLen)
 	{
 	int i;
 	int ret = 0;
 	int hLen, maskedDBLen, emBits, emLen;
 	const unsigned char *H;
 	unsigned char *DB = NULL;
 	EVP_MD_CTX ctx;
 	unsigned char H_[EVP_MAX_MD_SIZE];
 	emBits = BN_num_bits(rsa->n) - 1;
 	emLen = (emBits + 7) >> 3;
 	hLen = EVP_MD_size(Hash);
 	if (emLen < (hLen + sLen + 2))
 		{
 		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
 		goto err;
 		}
 	if (EM[emLen - 1] != 0xbc)
 		{
 		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
 		goto err;
 		}
 	if (EM[0] & (0xFF << (emBits & 0x7)))
 		{
 		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
 		goto err;
 		}
 	maskedDBLen = emLen - hLen - 1;
 	H = EM + maskedDBLen;
 	DB = OPENSSL_malloc(maskedDBLen);
 	if (!DB)
 		{
 		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 	PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
 	for (i = 0; i < maskedDBLen; i++)
 		DB[i] ^= EM[i];
 	DB[0] &= 0xFF >> (8 - (emBits & 0x7));
 	for (i = 0; i < (emLen - hLen - sLen - 2); i++)
 		{
 		if (DB[i] != 0)	
 			{
 			RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS,
 						RSA_R_ZERO_CHECK_FAILED);
 			goto err;
 			}
 		}
 	if (DB[i] != 0x1)
 		{
 		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_ONE_CHECK_FAILED);
 		goto err;
 		}
 	EVP_MD_CTX_init(&ctx);
 	EVP_DigestInit_ex(&ctx, Hash, NULL);
 	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
 	EVP_DigestUpdate(&ctx, mHash, hLen);
 	if (sLen)
 		EVP_DigestUpdate(&ctx, DB + maskedDBLen - sLen, sLen);
 	EVP_DigestFinal(&ctx, H_, NULL);
 	EVP_MD_CTX_cleanup(&ctx);
 	if (memcmp(H_, H, hLen))
 		{
 		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
 		ret = 0;
 		}
 	else 
 		ret = 1;
 	err:
 	if (DB)
 		OPENSSL_free(DB);
 	return ret;
 	}
 int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
 			const unsigned char *mHash,
 			const EVP_MD *Hash, int sLen)
 	{
 	int i;
 	int ret = 0;
 	int hLen, maskedDBLen, emBits, emLen;
 	unsigned char *H, *salt = NULL, *p;
 	EVP_MD_CTX ctx;
 	emBits = BN_num_bits(rsa->n) - 1;
 	emLen = (emBits + 7) >> 3;
 	hLen = EVP_MD_size(Hash);
 	if (sLen < 0)
 		sLen = 0;
 	if (emLen < (hLen + sLen + 2))
 		{
 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
 		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
 		goto err;
 		}
 	if (sLen > 0)
 		{
 		salt = OPENSSL_malloc(sLen);
 		if (!salt)
 			{
 			RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
 		   		ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 		if (!RAND_bytes(salt, sLen))
 			goto err;
 		}
 	maskedDBLen = emLen - hLen - 1;
 	H = EM + maskedDBLen;
 	EVP_MD_CTX_init(&ctx);
 	EVP_DigestInit_ex(&ctx, Hash, NULL);
 	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
 	EVP_DigestUpdate(&ctx, mHash, hLen);
 	if (sLen)
 		EVP_DigestUpdate(&ctx, salt, sLen);
 	EVP_DigestFinal(&ctx, H, NULL);
 	EVP_MD_CTX_cleanup(&ctx);
 	/* Generate dbMask in place then perform XOR on it */
 	PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
 	p = EM;
 	/* Initial PS XORs with all zeroes which is a NOP so just update
 	 * pointer. Note from a test above this value is guaranteed to
 	 * be non-negative.
 	 */
 	p += emLen - sLen - hLen - 2;
 	*p++ ^= 0x1;
 	if (sLen > 0)
 		{
 		for (i = 0; i < sLen; i++)
 			*p++ ^= salt[i];
 		}
 	EM[0] &= 0xFF >> (8 - (emBits & 0x7));
 	/* H is already in place so just set final 0xbc */
 	EM[emLen - 1] = 0xbc;
 	ret = 1;
 	err:
 	if (salt)
 		OPENSSL_free(salt);
 	return ret;
 	}
--- a/crypto/rsa/rsa_x931.c
+++ b/crypto/rsa/rsa_x931.c
@ -0,0 +1,175 @@
 /* rsa_x931.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 2005.
 */
 /* ====================================================================
 * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 int RSA_padding_add_X931(unsigned char *to, int tlen,
 	     const unsigned char *from, int flen)
 	{
 	int j;
 	unsigned char *p;
 	/* Absolute minimum amount of padding is 1 header nibble, 1 padding
 	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
 	 */
 	j = tlen - flen - 2;
 	if (j < 0)
 		{
 		RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
 		return -1;
 		}
 	p=(unsigned char *)to;
 	/* If no padding start and end nibbles are in one byte */
 	if (j == 0)
 		*p++ = 0x6A;
 	else
 		{
 		*p++ = 0x6B;
 		if (j > 1)
 			{
 			memset(p, 0xBB, j - 1);
 			p += j - 1;
 			}
 		*p++ = 0xBA;
 		}
 	memcpy(p,from,(unsigned int)flen);
 	p += flen;
 	*p = 0xCC;
 	return(1);
 	}
 int RSA_padding_check_X931(unsigned char *to, int tlen,
 	     const unsigned char *from, int flen, int num)
 	{
 	int i,j;
 	const unsigned char *p;
 	p=from;
 	if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);
 		return -1;
 		}
 	j=flen-3;
 	if (*p++ == 0x6B)
 		{
 		for (i = 0; i < j; i++)
 			{
 			unsigned char c = *p++;
 			if (c == 0xBA)
 				break;
 			if (c != 0xBB)
 				{
 				RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
 					RSA_R_INVALID_PADDING);
 				return -1;
 				}
 			}
 		}
 	j -= i;
 	if (i == 0)
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
 		return -1;
 		}
 	if (p[j] != 0xCC)
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
 		return -1;
 		}
 	memcpy(to,p,(unsigned int)j);
 	return(j);
 	}
 /* Translate between X931 hash ids and NIDs */
 int RSA_X931_hash_id(int nid)
 	{
 	switch (nid)
 		{
 		case NID_sha1:
 		return 0x33;
 		case NID_sha256:
 		return 0x34;
 		case NID_sha384:
 		return 0x36;
 		case NID_sha512:
 		return 0x35;
 		}
 	return -1;
 	}